summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortedu <>2014-04-18 02:45:27 +0000
committertedu <>2014-04-18 02:45:27 +0000
commitdbc03fd46219ddbb888e67c7976cc4843a6b22a2 (patch)
tree47121840eb251d84222bc1e5763fd4ab0af1d3e3 /src
parent783824f84bd9375a5269221219c9c48b229901ac (diff)
downloadopenbsd-dbc03fd46219ddbb888e67c7976cc4843a6b22a2.tar.gz
openbsd-dbc03fd46219ddbb888e67c7976cc4843a6b22a2.tar.bz2
openbsd-dbc03fd46219ddbb888e67c7976cc4843a6b22a2.zip
KaboomNF
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/src/apps/app_rand.c28
-rw-r--r--src/lib/libssl/src/apps/apps.c513
-rw-r--r--src/lib/libssl/src/apps/asn1pars.c57
-rw-r--r--src/lib/libssl/src/apps/ca.c535
-rw-r--r--src/lib/libssl/src/apps/ciphers.c28
-rw-r--r--src/lib/libssl/src/apps/cms.c369
-rw-r--r--src/lib/libssl/src/apps/crl.c55
-rw-r--r--src/lib/libssl/src/apps/crl2p7.c48
-rw-r--r--src/lib/libssl/src/apps/dgst.c81
-rw-r--r--src/lib/libssl/src/apps/dh.c35
-rw-r--r--src/lib/libssl/src/apps/dhparam.c45
-rw-r--r--src/lib/libssl/src/apps/dsa.c33
-rw-r--r--src/lib/libssl/src/apps/dsaparam.c32
-rw-r--r--src/lib/libssl/src/apps/ec.c56
-rw-r--r--src/lib/libssl/src/apps/ecparam.c549
-rw-r--r--src/lib/libssl/src/apps/enc.c873
-rw-r--r--src/lib/libssl/src/apps/engine.c545
-rw-r--r--src/lib/libssl/src/apps/errstr.c7
-rw-r--r--src/lib/libssl/src/apps/gendh.c38
-rw-r--r--src/lib/libssl/src/apps/gendsa.c24
-rw-r--r--src/lib/libssl/src/apps/genpkey.c38
-rw-r--r--src/lib/libssl/src/apps/genrsa.c57
-rw-r--r--src/lib/libssl/src/apps/nseq.c72
-rw-r--r--src/lib/libssl/src/apps/ocsp.c1269
-rw-r--r--src/lib/libssl/src/apps/openssl.c627
-rw-r--r--src/lib/libssl/src/apps/passwd.c324
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c1315
-rw-r--r--src/lib/libssl/src/apps/pkcs7.c314
-rw-r--r--src/lib/libssl/src/apps/pkcs8.c317
-rw-r--r--src/lib/libssl/src/apps/pkey.c206
-rw-r--r--src/lib/libssl/src/apps/pkeyparam.c110
-rw-r--r--src/lib/libssl/src/apps/pkeyutl.c418
-rw-r--r--src/lib/libssl/src/apps/prime.c155
-rw-r--r--src/lib/libssl/src/apps/rand.c103
-rw-r--r--src/lib/libssl/src/apps/req.c1945
-rw-r--r--src/lib/libssl/src/apps/rsa.c425
-rw-r--r--src/lib/libssl/src/apps/rsautl.c185
-rw-r--r--src/lib/libssl/src/apps/s_cb.c98
-rw-r--r--src/lib/libssl/src/apps/s_client.c2199
-rw-r--r--src/lib/libssl/src/apps/s_server.c3015
-rw-r--r--src/lib/libssl/src/apps/s_socket.c62
-rw-r--r--src/lib/libssl/src/apps/s_time.c559
-rw-r--r--src/lib/libssl/src/apps/sess_id.c338
-rw-r--r--src/lib/libssl/src/apps/smime.c688
-rw-r--r--src/lib/libssl/src/apps/speed.c3154
-rw-r--r--src/lib/libssl/src/apps/spkac.c218
-rw-r--r--src/lib/libssl/src/apps/srp.c779
-rw-r--r--src/lib/libssl/src/apps/ts.c1028
-rw-r--r--src/lib/libssl/src/apps/verify.c351
-rw-r--r--src/lib/libssl/src/apps/version.c132
-rw-r--r--src/lib/libssl/src/apps/x509.c1597
51 files changed, 12180 insertions, 13869 deletions
diff --git a/src/lib/libssl/src/apps/app_rand.c b/src/lib/libssl/src/apps/app_rand.c
index 0dbec7d595..0d5b77e1bd 100644
--- a/src/lib/libssl/src/apps/app_rand.c
+++ b/src/lib/libssl/src/apps/app_rand.c
@@ -120,7 +120,7 @@ static int seeded = 0;
120static int egdsocket = 0; 120static int egdsocket = 0;
121 121
122int 122int
123app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) 123app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn)
124{ 124{
125 int consider_randfile = (file == NULL); 125 int consider_randfile = (file == NULL);
126 char buffer[200]; 126 char buffer[200];
@@ -129,8 +129,10 @@ app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
129 if (file == NULL) 129 if (file == NULL)
130 file = RAND_file_name(buffer, sizeof buffer); 130 file = RAND_file_name(buffer, sizeof buffer);
131 else if (RAND_egd(file) > 0) { 131 else if (RAND_egd(file) > 0) {
132 /* we try if the given filename is an EGD socket. 132 /*
133 if it is, we don't write anything back to the file. */ 133 * we try if the given filename is an EGD socket. if it is,
134 * we don't write anything back to the file.
135 */
134 egdsocket = 1; 136 egdsocket = 1;
135 return 1; 137 return 1;
136 } 138 }
@@ -140,8 +142,9 @@ app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
140 BIO_printf(bio_e, "unable to load 'random state'\n"); 142 BIO_printf(bio_e, "unable to load 'random state'\n");
141 BIO_printf(bio_e, "This means that the random number generator has not been seeded\n"); 143 BIO_printf(bio_e, "This means that the random number generator has not been seeded\n");
142 BIO_printf(bio_e, "with much random data.\n"); 144 BIO_printf(bio_e, "with much random data.\n");
143 if (consider_randfile) /* explanation does not apply when a file is explicitly named */ 145 if (consider_randfile) { /* explanation does not
144 { 146 * apply when a file is
147 * explicitly named */
145 BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n"); 148 BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n");
146 BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n"); 149 BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n");
147 } 150 }
@@ -165,8 +168,8 @@ app_RAND_load_files(char *name)
165 last = 0; 168 last = 0;
166 for (p = name; 169 for (p = name;
167 ((*p != '\0') && (*p != ':')); p++); 170 ((*p != '\0') && (*p != ':')); p++);
168 if (*p == '\0') 171 if (*p == '\0')
169 last = 1; 172 last = 1;
170 *p = '\0'; 173 *p = '\0';
171 n = name; 174 n = name;
172 name = p + 1; 175 name = p + 1;
@@ -187,15 +190,16 @@ app_RAND_load_files(char *name)
187} 190}
188 191
189int 192int
190app_RAND_write_file(const char *file, BIO *bio_e) 193app_RAND_write_file(const char *file, BIO * bio_e)
191{ 194{
192 char buffer[200]; 195 char buffer[200];
193 196
194 if (egdsocket || !seeded) 197 if (egdsocket || !seeded)
195 /* If we did not manage to read the seed file, 198 /*
196 * we should not write a low-entropy seed file back -- 199 * If we did not manage to read the seed file, we should not
197 * it would suppress a crucial warning the next time 200 * write a low-entropy seed file back -- it would suppress a
198 * we want to use it. */ 201 * crucial warning the next time we want to use it.
202 */
199 return 0; 203 return 0;
200 204
201 if (file == NULL) 205 if (file == NULL)
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 7a8618f9bf..c0130d4cbc 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -146,12 +146,13 @@ typedef struct {
146 146
147static UI_METHOD *ui_method = NULL; 147static UI_METHOD *ui_method = NULL;
148 148
149static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); 149static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl);
150static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); 150static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl);
151 151
152#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 152#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
153/* Looks like this stuff is worth moving into separate function */ 153/* Looks like this stuff is worth moving into separate function */
154static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file, 154static EVP_PKEY *
155load_netscape_key(BIO * err, BIO * key, const char *file,
155 const char *key_descrip, int format); 156 const char *key_descrip, int format);
156#endif 157#endif
157 158
@@ -173,7 +174,7 @@ str2fmt(char *s)
173 else if ((*s == 'M') || (*s == 'm')) 174 else if ((*s == 'M') || (*s == 'm'))
174 return (FORMAT_MSBLOB); 175 return (FORMAT_MSBLOB);
175 else if ((*s == '1') || 176 else if ((*s == '1') ||
176 (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) || 177 (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) ||
177 (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0)) 178 (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
178 return (FORMAT_PKCS12); 179 return (FORMAT_PKCS12);
179 else if ((*s == 'E') || (*s == 'e')) 180 else if ((*s == 'E') || (*s == 'e'))
@@ -201,7 +202,7 @@ program_name(char *in, char *out, int size)
201} 202}
202 203
203int 204int
204chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) 205chopup_args(ARGS * arg, char *buf, int *argc, char **argv[])
205{ 206{
206 int num, i; 207 int num, i;
207 char *p; 208 char *p;
@@ -212,7 +213,7 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
212 i = 0; 213 i = 0;
213 if (arg->count == 0) { 214 if (arg->count == 0) {
214 arg->count = 20; 215 arg->count = 20;
215 arg->data = (char **)malloc(sizeof(char *)*arg->count); 216 arg->data = (char **) malloc(sizeof(char *) * arg->count);
216 } 217 }
217 for (i = 0; i < arg->count; i++) 218 for (i = 0; i < arg->count; i++)
218 arg->data[i] = NULL; 219 arg->data[i] = NULL;
@@ -232,8 +233,8 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
232 if (num >= arg->count) { 233 if (num >= arg->count) {
233 char **tmp_p; 234 char **tmp_p;
234 int tlen = arg->count + 20; 235 int tlen = arg->count + 20;
235 tmp_p = (char **)realloc(arg->data, 236 tmp_p = (char **) realloc(arg->data,
236 sizeof(char *)*tlen); 237 sizeof(char *) * tlen);
237 if (tmp_p == NULL) 238 if (tmp_p == NULL)
238 return 0; 239 return 0;
239 arg->data = tmp_p; 240 arg->data = tmp_p;
@@ -245,16 +246,16 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
245 arg->data[num++] = p; 246 arg->data[num++] = p;
246 247
247 /* now look for the end of this */ 248 /* now look for the end of this */
248 if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */ 249 if ((*p == '\'') || (*p == '\"')) { /* scan for closing
249 { 250 * quote */
250 i= *(p++); 251 i = *(p++);
251 arg->data[num - 1]++; /* jump over quote */ 252 arg->data[num - 1]++; /* jump over quote */
252 while (*p && (*p != i)) 253 while (*p && (*p != i))
253 p++; 254 p++;
254 *p = '\0'; 255 *p = '\0';
255 } else { 256 } else {
256 while (*p && ((*p != ' ') && 257 while (*p && ((*p != ' ') &&
257 (*p != '\t') && (*p != '\n'))) 258 (*p != '\t') && (*p != '\n')))
258 p++; 259 p++;
259 260
260 if (*p == '\0') 261 if (*p == '\0')
@@ -278,7 +279,8 @@ app_init(long mesgwin)
278#endif 279#endif
279 280
280 281
281int dump_cert_text (BIO *out, X509 *x) 282int
283dump_cert_text(BIO * out, X509 * x)
282{ 284{
283 char *p; 285 char *p;
284 286
@@ -297,22 +299,22 @@ int dump_cert_text (BIO *out, X509 *x)
297} 299}
298 300
299static int 301static int
300ui_open(UI *ui) 302ui_open(UI * ui)
301{ 303{
302 return UI_method_get_opener(UI_OpenSSL())(ui); 304 return UI_method_get_opener(UI_OpenSSL()) (ui);
303} 305}
304 306
305static int 307static int
306ui_read(UI *ui, UI_STRING *uis) 308ui_read(UI * ui, UI_STRING * uis)
307{ 309{
308 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && 310 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
309 UI_get0_user_data(ui)) { 311 UI_get0_user_data(ui)) {
310 switch (UI_get_string_type(uis)) { 312 switch (UI_get_string_type(uis)) {
311 case UIT_PROMPT: 313 case UIT_PROMPT:
312 case UIT_VERIFY: 314 case UIT_VERIFY:
313 { 315 {
314 const char *password = 316 const char *password =
315 ((PW_CB_DATA *)UI_get0_user_data(ui))->password; 317 ((PW_CB_DATA *) UI_get0_user_data(ui))->password;
316 if (password && password[0] != '\0') { 318 if (password && password[0] != '\0') {
317 UI_set_result(ui, uis, password); 319 UI_set_result(ui, uis, password);
318 return 1; 320 return 1;
@@ -322,20 +324,20 @@ ui_read(UI *ui, UI_STRING *uis)
322 break; 324 break;
323 } 325 }
324 } 326 }
325 return UI_method_get_reader(UI_OpenSSL())(ui, uis); 327 return UI_method_get_reader(UI_OpenSSL()) (ui, uis);
326} 328}
327 329
328static int 330static int
329ui_write(UI *ui, UI_STRING *uis) 331ui_write(UI * ui, UI_STRING * uis)
330{ 332{
331 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && 333 if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
332 UI_get0_user_data(ui)) { 334 UI_get0_user_data(ui)) {
333 switch (UI_get_string_type(uis)) { 335 switch (UI_get_string_type(uis)) {
334 case UIT_PROMPT: 336 case UIT_PROMPT:
335 case UIT_VERIFY: 337 case UIT_VERIFY:
336 { 338 {
337 const char *password = 339 const char *password =
338 ((PW_CB_DATA *)UI_get0_user_data(ui))->password; 340 ((PW_CB_DATA *) UI_get0_user_data(ui))->password;
339 if (password && password[0] != '\0') 341 if (password && password[0] != '\0')
340 return 1; 342 return 1;
341 } 343 }
@@ -343,13 +345,13 @@ ui_write(UI *ui, UI_STRING *uis)
343 break; 345 break;
344 } 346 }
345 } 347 }
346 return UI_method_get_writer(UI_OpenSSL())(ui, uis); 348 return UI_method_get_writer(UI_OpenSSL()) (ui, uis);
347} 349}
348 350
349static int 351static int
350ui_close(UI *ui) 352ui_close(UI * ui)
351{ 353{
352 return UI_method_get_closer(UI_OpenSSL())(ui); 354 return UI_method_get_closer(UI_OpenSSL()) (ui);
353} 355}
354 356
355int 357int
@@ -374,13 +376,13 @@ destroy_ui_method(void)
374 376
375int 377int
376password_callback(char *buf, int bufsiz, int verify, 378password_callback(char *buf, int bufsiz, int verify,
377 PW_CB_DATA *cb_tmp) 379 PW_CB_DATA * cb_tmp)
378{ 380{
379 UI *ui = NULL; 381 UI *ui = NULL;
380 int res = 0; 382 int res = 0;
381 const char *prompt_info = NULL; 383 const char *prompt_info = NULL;
382 const char *password = NULL; 384 const char *password = NULL;
383 PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; 385 PW_CB_DATA *cb_data = (PW_CB_DATA *) cb_tmp;
384 386
385 if (cb_data) { 387 if (cb_data) {
386 if (cb_data->password) 388 if (cb_data->password)
@@ -388,7 +390,6 @@ password_callback(char *buf, int bufsiz, int verify,
388 if (cb_data->prompt_info) 390 if (cb_data->prompt_info)
389 prompt_info = cb_data->prompt_info; 391 prompt_info = cb_data->prompt_info;
390 } 392 }
391
392 if (password) { 393 if (password) {
393 res = strlen(password); 394 res = strlen(password);
394 if (res > bufsiz) 395 if (res > bufsiz)
@@ -396,7 +397,6 @@ password_callback(char *buf, int bufsiz, int verify,
396 memcpy(buf, password, res); 397 memcpy(buf, password, res);
397 return res; 398 return res;
398 } 399 }
399
400 ui = UI_new_method(ui_method); 400 ui = UI_new_method(ui_method);
401 if (ui) { 401 if (ui) {
402 int ok = 0; 402 int ok = 0;
@@ -414,7 +414,7 @@ password_callback(char *buf, int bufsiz, int verify,
414 ok = UI_add_input_string(ui, prompt, ui_flags, buf, 414 ok = UI_add_input_string(ui, prompt, ui_flags, buf,
415 PW_MIN_LENGTH, bufsiz - 1); 415 PW_MIN_LENGTH, bufsiz - 1);
416 if (ok >= 0 && verify) { 416 if (ok >= 0 && verify) {
417 buff = (char *)malloc(bufsiz); 417 buff = (char *) malloc(bufsiz);
418 ok = UI_add_verify_string(ui, prompt, ui_flags, buff, 418 ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
419 PW_MIN_LENGTH, bufsiz - 1, buf); 419 PW_MIN_LENGTH, bufsiz - 1, buf);
420 } 420 }
@@ -425,21 +425,20 @@ password_callback(char *buf, int bufsiz, int verify,
425 UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); 425 UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
426 426
427 if (buff) { 427 if (buff) {
428 OPENSSL_cleanse(buff, (unsigned int)bufsiz); 428 OPENSSL_cleanse(buff, (unsigned int) bufsiz);
429 free(buff); 429 free(buff);
430 } 430 }
431
432 if (ok >= 0) 431 if (ok >= 0)
433 res = strlen(buf); 432 res = strlen(buf);
434 if (ok == -1) { 433 if (ok == -1) {
435 BIO_printf(bio_err, "User interface error\n"); 434 BIO_printf(bio_err, "User interface error\n");
436 ERR_print_errors(bio_err); 435 ERR_print_errors(bio_err);
437 OPENSSL_cleanse(buf, (unsigned int)bufsiz); 436 OPENSSL_cleanse(buf, (unsigned int) bufsiz);
438 res = 0; 437 res = 0;
439 } 438 }
440 if (ok == -2) { 439 if (ok == -2) {
441 BIO_printf(bio_err, "aborted!\n"); 440 BIO_printf(bio_err, "aborted!\n");
442 OPENSSL_cleanse(buf, (unsigned int)bufsiz); 441 OPENSSL_cleanse(buf, (unsigned int) bufsiz);
443 res = 0; 442 res = 0;
444 } 443 }
445 UI_free(ui); 444 UI_free(ui);
@@ -448,10 +447,10 @@ password_callback(char *buf, int bufsiz, int verify,
448 return res; 447 return res;
449} 448}
450 449
451static char *app_get_pass(BIO *err, char *arg, int keepbio); 450static char *app_get_pass(BIO * err, char *arg, int keepbio);
452 451
453int 452int
454app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) 453app_passwd(BIO * err, char *arg1, char *arg2, char **pass1, char **pass2)
455{ 454{
456 int same; 455 int same;
457 if (!arg2 || !arg1 || strcmp(arg1, arg2)) 456 if (!arg2 || !arg1 || strcmp(arg1, arg2))
@@ -474,7 +473,7 @@ app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
474} 473}
475 474
476static char * 475static char *
477app_get_pass(BIO *err, char *arg, int keepbio) 476app_get_pass(BIO * err, char *arg, int keepbio)
478{ 477{
479 char *tmp, tpass[APP_PASS_LEN]; 478 char *tmp, tpass[APP_PASS_LEN];
480 static BIO *pwdbio = NULL; 479 static BIO *pwdbio = NULL;
@@ -496,14 +495,14 @@ app_get_pass(BIO *err, char *arg, int keepbio)
496 BIO_printf(err, "Can't open file %s\n", arg + 5); 495 BIO_printf(err, "Can't open file %s\n", arg + 5);
497 return NULL; 496 return NULL;
498 } 497 }
499 /* 498 /*
500 * Under _WIN32, which covers even Win64 and CE, file 499 * Under _WIN32, which covers even Win64 and CE, file
501 * descriptors referenced by BIO_s_fd are not inherited 500 * descriptors referenced by BIO_s_fd are not inherited
502 * by child process and therefore below is not an option. 501 * by child process and therefore below is not an option.
503 * It could have been an option if bss_fd.c was operating 502 * It could have been an option if bss_fd.c was operating
504 * on real Windows descriptors, such as those obtained 503 * on real Windows descriptors, such as those obtained
505 * with CreateFile. 504 * with CreateFile.
506 */ 505 */
507 } else if (!strncmp(arg, "fd:", 3)) { 506 } else if (!strncmp(arg, "fd:", 3)) {
508 BIO *btmp; 507 BIO *btmp;
509 i = atoi(arg + 3); 508 i = atoi(arg + 3);
@@ -513,7 +512,10 @@ app_get_pass(BIO *err, char *arg, int keepbio)
513 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3); 512 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
514 return NULL; 513 return NULL;
515 } 514 }
516 /* Can't do BIO_gets on an fd BIO so add a buffering BIO */ 515 /*
516 * Can't do BIO_gets on an fd BIO so add a buffering
517 * BIO
518 */
517 btmp = BIO_new(BIO_f_buffer()); 519 btmp = BIO_new(BIO_f_buffer());
518 pwdbio = BIO_push(btmp, pwdbio); 520 pwdbio = BIO_push(btmp, pwdbio);
519 } else if (!strcmp(arg, "stdin")) { 521 } else if (!strcmp(arg, "stdin")) {
@@ -543,10 +545,10 @@ app_get_pass(BIO *err, char *arg, int keepbio)
543} 545}
544 546
545int 547int
546add_oid_section(BIO *err, CONF *conf) 548add_oid_section(BIO * err, CONF * conf)
547{ 549{
548 char *p; 550 char *p;
549 STACK_OF(CONF_VALUE) *sktmp; 551 STACK_OF(CONF_VALUE) * sktmp;
550 CONF_VALUE *cnf; 552 CONF_VALUE *cnf;
551 int i; 553 int i;
552 if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) { 554 if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
@@ -569,8 +571,8 @@ add_oid_section(BIO *err, CONF *conf)
569} 571}
570 572
571static int 573static int
572load_pkcs12(BIO *err, BIO *in, const char *desc, pem_password_cb *pem_cb, 574load_pkcs12(BIO * err, BIO * in, const char *desc, pem_password_cb * pem_cb,
573 void *cb_data, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) 575 void *cb_data, EVP_PKEY ** pkey, X509 ** cert, STACK_OF(X509) ** ca)
574{ 576{
575 const char *pass; 577 const char *pass;
576 char tpass[PEM_BUFSIZE]; 578 char tpass[PEM_BUFSIZE];
@@ -586,7 +588,7 @@ load_pkcs12(BIO *err, BIO *in, const char *desc, pem_password_cb *pem_cb,
586 pass = ""; 588 pass = "";
587 else { 589 else {
588 if (!pem_cb) 590 if (!pem_cb)
589 pem_cb = (pem_password_cb *)password_callback; 591 pem_cb = (pem_password_cb *) password_callback;
590 len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); 592 len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
591 if (len < 0) { 593 if (len < 0) {
592 BIO_printf(err, "Passpharse callback error for %s\n", 594 BIO_printf(err, "Passpharse callback error for %s\n",
@@ -610,7 +612,7 @@ die:
610} 612}
611 613
612X509 * 614X509 *
613load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, 615load_cert(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
614 const char *cert_descrip) 616 const char *cert_descrip)
615{ 617{
616 X509 *x = NULL; 618 X509 *x = NULL;
@@ -620,12 +622,11 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
620 ERR_print_errors(err); 622 ERR_print_errors(err);
621 goto end; 623 goto end;
622 } 624 }
623
624 if (file == NULL) { 625 if (file == NULL) {
625#ifdef _IONBF 626#ifdef _IONBF
626# ifndef OPENSSL_NO_SETVBUF_IONBF 627#ifndef OPENSSL_NO_SETVBUF_IONBF
627 setvbuf(stdin, NULL, _IONBF, 0); 628 setvbuf(stdin, NULL, _IONBF, 0);
628# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 629#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
629#endif 630#endif
630 BIO_set_fp(cert, stdin, BIO_NOCLOSE); 631 BIO_set_fp(cert, stdin, BIO_NOCLOSE);
631 } else { 632 } else {
@@ -645,8 +646,8 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
645 if (nx == NULL) 646 if (nx == NULL)
646 goto end; 647 goto end;
647 648
648 if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, 649 if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
649 nx->header->length) != 0)) { 650 nx->header->length) != 0)) {
650 NETSCAPE_X509_free(nx); 651 NETSCAPE_X509_free(nx);
651 BIO_printf(err, "Error reading header on certificate\n"); 652 BIO_printf(err, "Error reading header on certificate\n");
652 goto end; 653 goto end;
@@ -656,10 +657,10 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
656 NETSCAPE_X509_free(nx); 657 NETSCAPE_X509_free(nx);
657 } else if (format == FORMAT_PEM) 658 } else if (format == FORMAT_PEM)
658 x = PEM_read_bio_X509_AUX(cert, NULL, 659 x = PEM_read_bio_X509_AUX(cert, NULL,
659 (pem_password_cb *)password_callback, NULL); 660 (pem_password_cb *) password_callback, NULL);
660 else if (format == FORMAT_PKCS12) { 661 else if (format == FORMAT_PKCS12) {
661 if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, 662 if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL,
662 NULL, &x, NULL)) 663 NULL, &x, NULL))
663 goto end; 664 goto end;
664 } else { 665 } else {
665 BIO_printf(err, "bad input format specified for %s\n", 666 BIO_printf(err, "bad input format specified for %s\n",
@@ -677,8 +678,8 @@ end:
677} 678}
678 679
679EVP_PKEY * 680EVP_PKEY *
680load_key(BIO *err, const char *file, int format, int maybe_stdin, 681load_key(BIO * err, const char *file, int format, int maybe_stdin,
681 const char *pass, ENGINE *e, const char *key_descrip) 682 const char *pass, ENGINE * e, const char *key_descrip)
682{ 683{
683 BIO *key = NULL; 684 BIO *key = NULL;
684 EVP_PKEY *pkey = NULL; 685 EVP_PKEY *pkey = NULL;
@@ -713,9 +714,9 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin,
713 } 714 }
714 if (file == NULL && maybe_stdin) { 715 if (file == NULL && maybe_stdin) {
715#ifdef _IONBF 716#ifdef _IONBF
716# ifndef OPENSSL_NO_SETVBUF_IONBF 717#ifndef OPENSSL_NO_SETVBUF_IONBF
717 setvbuf(stdin, NULL, _IONBF, 0); 718 setvbuf(stdin, NULL, _IONBF, 0);
718# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 719#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
719#endif 720#endif
720 BIO_set_fp(key, stdin, BIO_NOCLOSE); 721 BIO_set_fp(key, stdin, BIO_NOCLOSE);
721 } else if (BIO_read_filename(key, file) <= 0) { 722 } else if (BIO_read_filename(key, file) <= 0) {
@@ -728,7 +729,7 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin,
728 pkey = d2i_PrivateKey_bio(key, NULL); 729 pkey = d2i_PrivateKey_bio(key, NULL);
729 } else if (format == FORMAT_PEM) { 730 } else if (format == FORMAT_PEM) {
730 pkey = PEM_read_bio_PrivateKey(key, NULL, 731 pkey = PEM_read_bio_PrivateKey(key, NULL,
731 (pem_password_cb *)password_callback, &cb_data); 732 (pem_password_cb *) password_callback, &cb_data);
732 } 733 }
733#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 734#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
734 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) 735 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
@@ -736,15 +737,15 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin,
736#endif 737#endif
737 else if (format == FORMAT_PKCS12) { 738 else if (format == FORMAT_PKCS12) {
738 if (!load_pkcs12(err, key, key_descrip, 739 if (!load_pkcs12(err, key, key_descrip,
739 (pem_password_cb *)password_callback, &cb_data, 740 (pem_password_cb *) password_callback, &cb_data,
740 &pkey, NULL, NULL)) 741 &pkey, NULL, NULL))
741 goto end; 742 goto end;
742 } 743 }
743#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) 744#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
744 else if (format == FORMAT_MSBLOB) 745 else if (format == FORMAT_MSBLOB)
745 pkey = b2i_PrivateKey_bio(key); 746 pkey = b2i_PrivateKey_bio(key);
746 else if (format == FORMAT_PVK) 747 else if (format == FORMAT_PVK)
747 pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback, 748 pkey = b2i_PVK_bio(key, (pem_password_cb *) password_callback,
748 &cb_data); 749 &cb_data);
749#endif 750#endif
750 else { 751 else {
@@ -762,8 +763,8 @@ end:
762} 763}
763 764
764EVP_PKEY * 765EVP_PKEY *
765load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, 766load_pubkey(BIO * err, const char *file, int format, int maybe_stdin,
766 const char *pass, ENGINE *e, const char *key_descrip) 767 const char *pass, ENGINE * e, const char *key_descrip)
767{ 768{
768 BIO *key = NULL; 769 BIO *key = NULL;
769 EVP_PKEY *pkey = NULL; 770 EVP_PKEY *pkey = NULL;
@@ -793,9 +794,9 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
793 } 794 }
794 if (file == NULL && maybe_stdin) { 795 if (file == NULL && maybe_stdin) {
795#ifdef _IONBF 796#ifdef _IONBF
796# ifndef OPENSSL_NO_SETVBUF_IONBF 797#ifndef OPENSSL_NO_SETVBUF_IONBF
797 setvbuf(stdin, NULL, _IONBF, 0); 798 setvbuf(stdin, NULL, _IONBF, 0);
798# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 799#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
799#endif 800#endif
800 BIO_set_fp(key, stdin, BIO_NOCLOSE); 801 BIO_set_fp(key, stdin, BIO_NOCLOSE);
801 } else if (BIO_read_filename(key, file) <= 0) { 802 } else if (BIO_read_filename(key, file) <= 0) {
@@ -821,7 +822,7 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
821 } else if (format == FORMAT_PEMRSA) { 822 } else if (format == FORMAT_PEMRSA) {
822 RSA *rsa; 823 RSA *rsa;
823 rsa = PEM_read_bio_RSAPublicKey(key, NULL, 824 rsa = PEM_read_bio_RSAPublicKey(key, NULL,
824 (pem_password_cb *)password_callback, &cb_data); 825 (pem_password_cb *) password_callback, &cb_data);
825 if (rsa) { 826 if (rsa) {
826 pkey = EVP_PKEY_new(); 827 pkey = EVP_PKEY_new();
827 if (pkey) 828 if (pkey)
@@ -833,7 +834,7 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
833#endif 834#endif
834 else if (format == FORMAT_PEM) { 835 else if (format == FORMAT_PEM) {
835 pkey = PEM_read_bio_PUBKEY(key, NULL, 836 pkey = PEM_read_bio_PUBKEY(key, NULL,
836 (pem_password_cb *)password_callback, &cb_data); 837 (pem_password_cb *) password_callback, &cb_data);
837 } 838 }
838#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 839#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
839 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) 840 else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
@@ -857,12 +858,12 @@ end:
857 858
858#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) 859#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
859static EVP_PKEY * 860static EVP_PKEY *
860load_netscape_key(BIO *err, BIO *key, const char *file, 861load_netscape_key(BIO * err, BIO * key, const char *file,
861 const char *key_descrip, int format) 862 const char *key_descrip, int format)
862{ 863{
863 EVP_PKEY *pkey; 864 EVP_PKEY *pkey;
864 BUF_MEM *buf; 865 BUF_MEM *buf;
865 RSA *rsa; 866 RSA *rsa;
866 const unsigned char *p; 867 const unsigned char *p;
867 int size, i; 868 int size, i;
868 869
@@ -872,9 +873,9 @@ load_netscape_key(BIO *err, BIO *key, const char *file,
872 if (buf == NULL || pkey == NULL) 873 if (buf == NULL || pkey == NULL)
873 goto error; 874 goto error;
874 for (;;) { 875 for (;;) {
875 if (!BUF_MEM_grow_clean(buf, size + 1024*10)) 876 if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
876 goto error; 877 goto error;
877 i = BIO_read(key, &(buf->data[size]), 1024*10); 878 i = BIO_read(key, &(buf->data[size]), 1024 * 10);
878 size += i; 879 size += i;
879 if (i == 0) 880 if (i == 0)
880 break; 881 break;
@@ -884,8 +885,8 @@ load_netscape_key(BIO *err, BIO *key, const char *file,
884 goto error; 885 goto error;
885 } 886 }
886 } 887 }
887 p = (unsigned char *)buf->data; 888 p = (unsigned char *) buf->data;
888 rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 889 rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL,
889 (format == FORMAT_IISSGC ? 1 : 0)); 890 (format == FORMAT_IISSGC ? 1 : 0));
890 if (rsa == NULL) 891 if (rsa == NULL)
891 goto error; 892 goto error;
@@ -897,16 +898,16 @@ error:
897 EVP_PKEY_free(pkey); 898 EVP_PKEY_free(pkey);
898 return NULL; 899 return NULL;
899} 900}
900#endif /* ndef OPENSSL_NO_RC4 */ 901#endif /* ndef OPENSSL_NO_RC4 */
901 902
902static int 903static int
903load_certs_crls(BIO *err, const char *file, int format, const char *pass, 904load_certs_crls(BIO * err, const char *file, int format, const char *pass,
904 ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, 905 ENGINE * e, const char *desc, STACK_OF(X509) ** pcerts,
905 STACK_OF(X509_CRL) **pcrls) 906 STACK_OF(X509_CRL) ** pcrls)
906{ 907{
907 int i; 908 int i;
908 BIO *bio; 909 BIO *bio;
909 STACK_OF(X509_INFO) *xis = NULL; 910 STACK_OF(X509_INFO) * xis = NULL;
910 X509_INFO *xi; 911 X509_INFO *xi;
911 PW_CB_DATA cb_data; 912 PW_CB_DATA cb_data;
912 int rv = 0; 913 int rv = 0;
@@ -918,7 +919,6 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass,
918 BIO_printf(err, "bad input format specified for %s\n", desc); 919 BIO_printf(err, "bad input format specified for %s\n", desc);
919 return 0; 920 return 0;
920 } 921 }
921
922 if (file == NULL) 922 if (file == NULL)
923 bio = BIO_new_fp(stdin, BIO_NOCLOSE); 923 bio = BIO_new_fp(stdin, BIO_NOCLOSE);
924 else 924 else
@@ -930,9 +930,8 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass,
930 ERR_print_errors(err); 930 ERR_print_errors(err);
931 return 0; 931 return 0;
932 } 932 }
933
934 xis = PEM_X509_INFO_read_bio(bio, NULL, 933 xis = PEM_X509_INFO_read_bio(bio, NULL,
935 (pem_password_cb *)password_callback, &cb_data); 934 (pem_password_cb *) password_callback, &cb_data);
936 935
937 BIO_free(bio); 936 BIO_free(bio);
938 937
@@ -941,15 +940,13 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass,
941 if (!*pcerts) 940 if (!*pcerts)
942 goto end; 941 goto end;
943 } 942 }
944
945 if (pcrls) { 943 if (pcrls) {
946 *pcrls = sk_X509_CRL_new_null(); 944 *pcrls = sk_X509_CRL_new_null();
947 if (!*pcrls) 945 if (!*pcrls)
948 goto end; 946 goto end;
949 } 947 }
950
951 for (i = 0; i < sk_X509_INFO_num(xis); i++) { 948 for (i = 0; i < sk_X509_INFO_num(xis); i++) {
952 xi = sk_X509_INFO_value (xis, i); 949 xi = sk_X509_INFO_value(xis, i);
953 if (xi->x509 && pcerts) { 950 if (xi->x509 && pcerts) {
954 if (!sk_X509_push(*pcerts, xi->x509)) 951 if (!sk_X509_push(*pcerts, xi->x509))
955 goto end; 952 goto end;
@@ -989,20 +986,20 @@ end:
989} 986}
990 987
991STACK_OF(X509) * 988STACK_OF(X509) *
992load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, 989load_certs(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
993 const char *desc) 990 const char *desc)
994{ 991{
995 STACK_OF(X509) *certs; 992 STACK_OF(X509) * certs;
996 if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL)) 993 if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
997 return NULL; 994 return NULL;
998 return certs; 995 return certs;
999} 996}
1000 997
1001STACK_OF(X509_CRL) * 998STACK_OF(X509_CRL) *
1002load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e, 999load_crls(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
1003 const char *desc) 1000 const char *desc)
1004{ 1001{
1005 STACK_OF(X509_CRL) *crls; 1002 STACK_OF(X509_CRL) * crls;
1006 if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls)) 1003 if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
1007 return NULL; 1004 return NULL;
1008 return crls; 1005 return crls;
@@ -1025,25 +1022,25 @@ int
1025set_cert_ex(unsigned long *flags, const char *arg) 1022set_cert_ex(unsigned long *flags, const char *arg)
1026{ 1023{
1027 static const NAME_EX_TBL cert_tbl[] = { 1024 static const NAME_EX_TBL cert_tbl[] = {
1028 { "compatible", X509_FLAG_COMPAT, 0xffffffffl}, 1025 {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
1029 { "ca_default", X509_FLAG_CA, 0xffffffffl}, 1026 {"ca_default", X509_FLAG_CA, 0xffffffffl},
1030 { "no_header", X509_FLAG_NO_HEADER, 0}, 1027 {"no_header", X509_FLAG_NO_HEADER, 0},
1031 { "no_version", X509_FLAG_NO_VERSION, 0}, 1028 {"no_version", X509_FLAG_NO_VERSION, 0},
1032 { "no_serial", X509_FLAG_NO_SERIAL, 0}, 1029 {"no_serial", X509_FLAG_NO_SERIAL, 0},
1033 { "no_signame", X509_FLAG_NO_SIGNAME, 0}, 1030 {"no_signame", X509_FLAG_NO_SIGNAME, 0},
1034 { "no_validity", X509_FLAG_NO_VALIDITY, 0}, 1031 {"no_validity", X509_FLAG_NO_VALIDITY, 0},
1035 { "no_subject", X509_FLAG_NO_SUBJECT, 0}, 1032 {"no_subject", X509_FLAG_NO_SUBJECT, 0},
1036 { "no_issuer", X509_FLAG_NO_ISSUER, 0}, 1033 {"no_issuer", X509_FLAG_NO_ISSUER, 0},
1037 { "no_pubkey", X509_FLAG_NO_PUBKEY, 0}, 1034 {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1038 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, 1035 {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1039 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, 1036 {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1040 { "no_aux", X509_FLAG_NO_AUX, 0}, 1037 {"no_aux", X509_FLAG_NO_AUX, 0},
1041 { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, 1038 {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1042 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, 1039 {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1043 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, 1040 {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1044 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, 1041 {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1045 { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, 1042 {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1046 { NULL, 0, 0} 1043 {NULL, 0, 0}
1047 }; 1044 };
1048 return set_multi_opts(flags, arg, cert_tbl); 1045 return set_multi_opts(flags, arg, cert_tbl);
1049} 1046}
@@ -1052,34 +1049,34 @@ int
1052set_name_ex(unsigned long *flags, const char *arg) 1049set_name_ex(unsigned long *flags, const char *arg)
1053{ 1050{
1054 static const NAME_EX_TBL ex_tbl[] = { 1051 static const NAME_EX_TBL ex_tbl[] = {
1055 { "esc_2253", ASN1_STRFLGS_ESC_2253, 0}, 1052 {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1056 { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, 1053 {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1057 { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, 1054 {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1058 { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, 1055 {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1059 { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, 1056 {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1060 { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, 1057 {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1061 { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, 1058 {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1062 { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, 1059 {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1063 { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, 1060 {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1064 { "dump_der", ASN1_STRFLGS_DUMP_DER, 0}, 1061 {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1065 { "compat", XN_FLAG_COMPAT, 0xffffffffL}, 1062 {"compat", XN_FLAG_COMPAT, 0xffffffffL},
1066 { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, 1063 {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1067 { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, 1064 {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1068 { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, 1065 {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1069 { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, 1066 {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1070 { "dn_rev", XN_FLAG_DN_REV, 0}, 1067 {"dn_rev", XN_FLAG_DN_REV, 0},
1071 { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, 1068 {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1072 { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, 1069 {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1073 { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, 1070 {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1074 { "align", XN_FLAG_FN_ALIGN, 0}, 1071 {"align", XN_FLAG_FN_ALIGN, 0},
1075 { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, 1072 {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1076 { "space_eq", XN_FLAG_SPC_EQ, 0}, 1073 {"space_eq", XN_FLAG_SPC_EQ, 0},
1077 { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, 1074 {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1078 { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, 1075 {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1079 { "oneline", XN_FLAG_ONELINE, 0xffffffffL}, 1076 {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
1080 { "multiline", XN_FLAG_MULTILINE, 0xffffffffL}, 1077 {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1081 { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, 1078 {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1082 { NULL, 0, 0} 1079 {NULL, 0, 0}
1083 }; 1080 };
1084 return set_multi_opts(flags, arg, ex_tbl); 1081 return set_multi_opts(flags, arg, ex_tbl);
1085} 1082}
@@ -1099,9 +1096,9 @@ set_ext_copy(int *copy_type, const char *arg)
1099} 1096}
1100 1097
1101int 1098int
1102copy_extensions(X509 *x, X509_REQ *req, int copy_type) 1099copy_extensions(X509 * x, X509_REQ * req, int copy_type)
1103{ 1100{
1104 STACK_OF(X509_EXTENSION) *exts = NULL; 1101 STACK_OF(X509_EXTENSION) * exts = NULL;
1105 X509_EXTENSION *ext, *tmpext; 1102 X509_EXTENSION *ext, *tmpext;
1106 ASN1_OBJECT *obj; 1103 ASN1_OBJECT *obj;
1107 int i, idx, ret = 0; 1104 int i, idx, ret = 0;
@@ -1139,9 +1136,9 @@ end:
1139} 1136}
1140 1137
1141static int 1138static int
1142set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) 1139set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl)
1143{ 1140{
1144 STACK_OF(CONF_VALUE) *vals; 1141 STACK_OF(CONF_VALUE) * vals;
1145 CONF_VALUE *val; 1142 CONF_VALUE *val;
1146 int i, ret = 1; 1143 int i, ret = 1;
1147 if (!arg) 1144 if (!arg)
@@ -1157,7 +1154,7 @@ set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1157} 1154}
1158 1155
1159static int 1156static int
1160set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) 1157set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl)
1161{ 1158{
1162 char c; 1159 char c;
1163 const NAME_EX_TBL *ptbl; 1160 const NAME_EX_TBL *ptbl;
@@ -1169,7 +1166,8 @@ set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1169 } else if (c == '+') { 1166 } else if (c == '+') {
1170 c = 1; 1167 c = 1;
1171 arg++; 1168 arg++;
1172 } else c = 1; 1169 } else
1170 c = 1;
1173 1171
1174 for (ptbl = in_tbl; ptbl->name; ptbl++) { 1172 for (ptbl = in_tbl; ptbl->name; ptbl++) {
1175 if (!strcasecmp(arg, ptbl->name)) { 1173 if (!strcasecmp(arg, ptbl->name)) {
@@ -1185,7 +1183,7 @@ set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1185} 1183}
1186 1184
1187void 1185void
1188print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) 1186print_name(BIO * out, const char *title, X509_NAME * nm, unsigned long lflags)
1189{ 1187{
1190 char *buf; 1188 char *buf;
1191 char mline = 0; 1189 char mline = 0;
@@ -1211,7 +1209,7 @@ print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
1211} 1209}
1212 1210
1213X509_STORE * 1211X509_STORE *
1214setup_verify(BIO *bp, char *CAfile, char *CApath) 1212setup_verify(BIO * bp, char *CAfile, char *CApath)
1215{ 1213{
1216 X509_STORE *store; 1214 X509_STORE *store;
1217 X509_LOOKUP *lookup; 1215 X509_LOOKUP *lookup;
@@ -1250,7 +1248,7 @@ end:
1250#ifndef OPENSSL_NO_ENGINE 1248#ifndef OPENSSL_NO_ENGINE
1251/* Try to load an engine in a shareable library */ 1249/* Try to load an engine in a shareable library */
1252static ENGINE * 1250static ENGINE *
1253try_load_engine(BIO *err, const char *engine, int debug) 1251try_load_engine(BIO * err, const char *engine, int debug)
1254{ 1252{
1255 ENGINE *e = ENGINE_by_id("dynamic"); 1253 ENGINE *e = ENGINE_by_id("dynamic");
1256 if (e) { 1254 if (e) {
@@ -1264,7 +1262,7 @@ try_load_engine(BIO *err, const char *engine, int debug)
1264} 1262}
1265 1263
1266ENGINE * 1264ENGINE *
1267setup_engine(BIO *err, const char *engine, int debug) 1265setup_engine(BIO * err, const char *engine, int debug)
1268{ 1266{
1269 ENGINE *e = NULL; 1267 ENGINE *e = NULL;
1270 1268
@@ -1291,7 +1289,6 @@ setup_engine(BIO *err, const char *engine, int debug)
1291 ENGINE_free(e); 1289 ENGINE_free(e);
1292 return NULL; 1290 return NULL;
1293 } 1291 }
1294
1295 BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e)); 1292 BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
1296 1293
1297 /* Free our "structural" reference. */ 1294 /* Free our "structural" reference. */
@@ -1302,7 +1299,7 @@ setup_engine(BIO *err, const char *engine, int debug)
1302#endif 1299#endif
1303 1300
1304int 1301int
1305load_config(BIO *err, CONF *cnf) 1302load_config(BIO * err, CONF * cnf)
1306{ 1303{
1307 static int load_config_called = 0; 1304 static int load_config_called = 0;
1308 if (load_config_called) 1305 if (load_config_called)
@@ -1340,7 +1337,7 @@ make_config_name()
1340} 1337}
1341 1338
1342static unsigned long 1339static unsigned long
1343index_serial_hash(const OPENSSL_CSTRING *a) 1340index_serial_hash(const OPENSSL_CSTRING * a)
1344{ 1341{
1345 const char *n; 1342 const char *n;
1346 1343
@@ -1351,14 +1348,12 @@ index_serial_hash(const OPENSSL_CSTRING *a)
1351} 1348}
1352 1349
1353static int 1350static int
1354index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) 1351index_serial_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b)
1355{ 1352{
1356 const char *aa, *bb; 1353 const char *aa, *bb;
1357 1354
1358 for (aa = a[DB_serial]; *aa == '0'; aa++) 1355 for (aa = a[DB_serial]; *aa == '0'; aa++);
1359 ; 1356 for (bb = b[DB_serial]; *bb == '0'; bb++);
1360 for (bb = b[DB_serial]; *bb == '0'; bb++)
1361 ;
1362 return (strcmp(aa, bb)); 1357 return (strcmp(aa, bb));
1363} 1358}
1364 1359
@@ -1369,27 +1364,27 @@ index_name_qual(char **a)
1369} 1364}
1370 1365
1371static unsigned long 1366static unsigned long
1372index_name_hash(const OPENSSL_CSTRING *a) 1367index_name_hash(const OPENSSL_CSTRING * a)
1373{ 1368{
1374 return (lh_strhash(a[DB_name])); 1369 return (lh_strhash(a[DB_name]));
1375} 1370}
1376 1371
1377int 1372int
1378index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) 1373index_name_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b)
1379{ 1374{
1380 return (strcmp(a[DB_name], b[DB_name])); 1375 return (strcmp(a[DB_name], b[DB_name]));
1381} 1376}
1382 1377
1383static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) 1378static
1384static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) 1379IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1385static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) 1380 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1386static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) 1381 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1387 1382 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1388#undef BSIZE 1383#undef BSIZE
1389#define BSIZE 256 1384#define BSIZE 256
1390 1385
1391BIGNUM * 1386 BIGNUM *
1392load_serial(char *serialfile, int create, ASN1_INTEGER **retai) 1387 load_serial(char *serialfile, int create, ASN1_INTEGER ** retai)
1393{ 1388{
1394 BIO *in = NULL; 1389 BIO *in = NULL;
1395 BIGNUM *ret = NULL; 1390 BIGNUM *ret = NULL;
@@ -1404,7 +1399,6 @@ load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1404 ERR_print_errors(bio_err); 1399 ERR_print_errors(bio_err);
1405 goto err; 1400 goto err;
1406 } 1401 }
1407
1408 if (BIO_read_filename(in, serialfile) <= 0) { 1402 if (BIO_read_filename(in, serialfile) <= 0) {
1409 if (!create) { 1403 if (!create) {
1410 perror(serialfile); 1404 perror(serialfile);
@@ -1440,8 +1434,8 @@ err:
1440} 1434}
1441 1435
1442int 1436int
1443save_serial(char *serialfile, char *suffix, BIGNUM *serial, 1437save_serial(char *serialfile, char *suffix, BIGNUM * serial,
1444 ASN1_INTEGER **retai) 1438 ASN1_INTEGER ** retai)
1445{ 1439{
1446 char buf[1][BSIZE]; 1440 char buf[1][BSIZE];
1447 BIO *out = NULL; 1441 BIO *out = NULL;
@@ -1457,7 +1451,6 @@ save_serial(char *serialfile, char *suffix, BIGNUM *serial,
1457 BIO_printf(bio_err, "file name too long\n"); 1451 BIO_printf(bio_err, "file name too long\n");
1458 goto err; 1452 goto err;
1459 } 1453 }
1460
1461 if (suffix == NULL) 1454 if (suffix == NULL)
1462 BUF_strlcpy(buf[0], serialfile, BSIZE); 1455 BUF_strlcpy(buf[0], serialfile, BSIZE);
1463 else 1456 else
@@ -1474,7 +1467,6 @@ save_serial(char *serialfile, char *suffix, BIGNUM *serial,
1474 perror(serialfile); 1467 perror(serialfile);
1475 goto err; 1468 goto err;
1476 } 1469 }
1477
1478 if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) { 1470 if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
1479 BIO_printf(bio_err, "error converting serial to ASN.1 format\n"); 1471 BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
1480 goto err; 1472 goto err;
@@ -1508,7 +1500,6 @@ rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1508 BIO_printf(bio_err, "file name too long\n"); 1500 BIO_printf(bio_err, "file name too long\n");
1509 goto err; 1501 goto err;
1510 } 1502 }
1511
1512 (void) snprintf(buf[0], sizeof buf[0], "%s.%s", 1503 (void) snprintf(buf[0], sizeof buf[0], "%s.%s",
1513 serialfile, new_suffix); 1504 serialfile, new_suffix);
1514 (void) snprintf(buf[1], sizeof buf[1], "%s.%s", 1505 (void) snprintf(buf[1], sizeof buf[1], "%s.%s",
@@ -1521,7 +1512,7 @@ rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1521#ifdef ENOTDIR 1512#ifdef ENOTDIR
1522 && errno != ENOTDIR 1513 && errno != ENOTDIR
1523#endif 1514#endif
1524 ) { 1515 ) {
1525 BIO_printf(bio_err, 1516 BIO_printf(bio_err,
1526 "unable to rename %s to %s\n", 1517 "unable to rename %s to %s\n",
1527 serialfile, buf[1]); 1518 serialfile, buf[1]);
@@ -1546,7 +1537,7 @@ err:
1546} 1537}
1547 1538
1548int 1539int
1549rand_serial(BIGNUM *b, ASN1_INTEGER *ai) 1540rand_serial(BIGNUM * b, ASN1_INTEGER * ai)
1550{ 1541{
1551 BIGNUM *btmp; 1542 BIGNUM *btmp;
1552 int ret = 0; 1543 int ret = 0;
@@ -1573,7 +1564,7 @@ error:
1573} 1564}
1574 1565
1575CA_DB * 1566CA_DB *
1576load_index(char *dbfile, DB_ATTR *db_attr) 1567load_index(char *dbfile, DB_ATTR * db_attr)
1577{ 1568{
1578 CA_DB *retdb = NULL; 1569 CA_DB *retdb = NULL;
1579 TXT_DB *tmpdb = NULL; 1570 TXT_DB *tmpdb = NULL;
@@ -1599,20 +1590,18 @@ load_index(char *dbfile, DB_ATTR *db_attr)
1599 if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { 1590 if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
1600 if (errorline > 0) { 1591 if (errorline > 0) {
1601 BIO_printf(bio_err, 1592 BIO_printf(bio_err,
1602 "error on line %ld of db attribute file '%s'\n" 1593 "error on line %ld of db attribute file '%s'\n"
1603 , errorline, buf[0]); 1594 ,errorline, buf[0]);
1604 goto err; 1595 goto err;
1605 } else { 1596 } else {
1606 NCONF_free(dbattr_conf); 1597 NCONF_free(dbattr_conf);
1607 dbattr_conf = NULL; 1598 dbattr_conf = NULL;
1608 } 1599 }
1609 } 1600 }
1610
1611 if ((retdb = malloc(sizeof(CA_DB))) == NULL) { 1601 if ((retdb = malloc(sizeof(CA_DB))) == NULL) {
1612 fprintf(stderr, "Out of memory\n"); 1602 fprintf(stderr, "Out of memory\n");
1613 goto err; 1603 goto err;
1614 } 1604 }
1615
1616 retdb->db = tmpdb; 1605 retdb->db = tmpdb;
1617 tmpdb = NULL; 1606 tmpdb = NULL;
1618 if (db_attr) 1607 if (db_attr)
@@ -1630,7 +1619,6 @@ load_index(char *dbfile, DB_ATTR *db_attr)
1630 retdb->attributes.unique_subject = parse_yesno(p, 1); 1619 retdb->attributes.unique_subject = parse_yesno(p, 1);
1631 } 1620 }
1632 } 1621 }
1633
1634err: 1622err:
1635 if (dbattr_conf) 1623 if (dbattr_conf)
1636 NCONF_free(dbattr_conf); 1624 NCONF_free(dbattr_conf);
@@ -1642,20 +1630,19 @@ err:
1642} 1630}
1643 1631
1644int 1632int
1645index_index(CA_DB *db) 1633index_index(CA_DB * db)
1646{ 1634{
1647 if (!TXT_DB_create_index(db->db, DB_serial, NULL, 1635 if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1648 LHASH_HASH_FN(index_serial), 1636 LHASH_HASH_FN(index_serial),
1649 LHASH_COMP_FN(index_serial))) { 1637 LHASH_COMP_FN(index_serial))) {
1650 BIO_printf(bio_err, 1638 BIO_printf(bio_err,
1651 "error creating serial number index:(%ld,%ld,%ld)\n", 1639 "error creating serial number index:(%ld,%ld,%ld)\n",
1652 db->db->error, db->db->arg1, db->db->arg2); 1640 db->db->error, db->db->arg1, db->db->arg2);
1653 return 0; 1641 return 0;
1654 } 1642 }
1655
1656 if (db->attributes.unique_subject && 1643 if (db->attributes.unique_subject &&
1657 !TXT_DB_create_index(db->db, DB_name, index_name_qual, 1644 !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1658 LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) { 1645 LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) {
1659 BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n", 1646 BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
1660 db->db->error, db->db->arg1, db->db->arg2); 1647 db->db->error, db->db->arg1, db->db->arg2);
1661 return 0; 1648 return 0;
@@ -1664,7 +1651,7 @@ index_index(CA_DB *db)
1664} 1651}
1665 1652
1666int 1653int
1667save_index(const char *dbfile, const char *suffix, CA_DB *db) 1654save_index(const char *dbfile, const char *suffix, CA_DB * db)
1668{ 1655{
1669 char buf[3][BSIZE]; 1656 char buf[3][BSIZE];
1670 BIO *out = BIO_new(BIO_s_file()); 1657 BIO *out = BIO_new(BIO_s_file());
@@ -1674,13 +1661,11 @@ save_index(const char *dbfile, const char *suffix, CA_DB *db)
1674 ERR_print_errors(bio_err); 1661 ERR_print_errors(bio_err);
1675 goto err; 1662 goto err;
1676 } 1663 }
1677
1678 j = strlen(dbfile) + strlen(suffix); 1664 j = strlen(dbfile) + strlen(suffix);
1679 if (j + 6 >= BSIZE) { 1665 if (j + 6 >= BSIZE) {
1680 BIO_printf(bio_err, "file name too long\n"); 1666 BIO_printf(bio_err, "file name too long\n");
1681 goto err; 1667 goto err;
1682 } 1668 }
1683
1684 (void) snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); 1669 (void) snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1685 (void) snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); 1670 (void) snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1686 (void) snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); 1671 (void) snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
@@ -1730,7 +1715,6 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1730 BIO_printf(bio_err, "file name too long\n"); 1715 BIO_printf(bio_err, "file name too long\n");
1731 goto err; 1716 goto err;
1732 } 1717 }
1733
1734 (void) snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); 1718 (void) snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
1735 (void) snprintf(buf[2], sizeof buf[2], "%s.attr.%s", 1719 (void) snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
1736 dbfile, new_suffix); 1720 dbfile, new_suffix);
@@ -1748,7 +1732,7 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1748#ifdef ENOTDIR 1732#ifdef ENOTDIR
1749 && errno != ENOTDIR 1733 && errno != ENOTDIR
1750#endif 1734#endif
1751 ) { 1735 ) {
1752 BIO_printf(bio_err, 1736 BIO_printf(bio_err,
1753 "unable to rename %s to %s\n", 1737 "unable to rename %s to %s\n",
1754 dbfile, buf[1]); 1738 dbfile, buf[1]);
@@ -1775,7 +1759,7 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1775#ifdef ENOTDIR 1759#ifdef ENOTDIR
1776 && errno != ENOTDIR 1760 && errno != ENOTDIR
1777#endif 1761#endif
1778 ) { 1762 ) {
1779 BIO_printf(bio_err, 1763 BIO_printf(bio_err,
1780 "unable to rename %s to %s\n", 1764 "unable to rename %s to %s\n",
1781 buf[4], buf[3]); 1765 buf[4], buf[3]);
@@ -1805,7 +1789,7 @@ err:
1805} 1789}
1806 1790
1807void 1791void
1808free_index(CA_DB *db) 1792free_index(CA_DB * db)
1809{ 1793{
1810 if (db) { 1794 if (db) {
1811 if (db->db) 1795 if (db->db)
@@ -1820,18 +1804,18 @@ parse_yesno(const char *str, int def)
1820 int ret = def; 1804 int ret = def;
1821 if (str) { 1805 if (str) {
1822 switch (*str) { 1806 switch (*str) {
1823 case 'f': /* false */ 1807 case 'f': /* false */
1824 case 'F': /* FALSE */ 1808 case 'F': /* FALSE */
1825 case 'n': /* no */ 1809 case 'n': /* no */
1826 case 'N': /* NO */ 1810 case 'N': /* NO */
1827 case '0': /* 0 */ 1811 case '0': /* 0 */
1828 ret = 0; 1812 ret = 0;
1829 break; 1813 break;
1830 case 't': /* true */ 1814 case 't': /* true */
1831 case 'T': /* TRUE */ 1815 case 'T': /* TRUE */
1832 case 'y': /* yes */ 1816 case 'y': /* yes */
1833 case 'Y': /* YES */ 1817 case 'Y': /* YES */
1834 case '1': /* 1 */ 1818 case '1': /* 1 */
1835 ret = 1; 1819 ret = 1;
1836 break; 1820 break;
1837 default: 1821 default:
@@ -1849,12 +1833,15 @@ parse_yesno(const char *str, int def)
1849X509_NAME * 1833X509_NAME *
1850parse_name(char *subject, long chtype, int multirdn) 1834parse_name(char *subject, long chtype, int multirdn)
1851{ 1835{
1852 size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ 1836 size_t buflen = strlen(subject) + 1; /* to copy the types and
1837 * values into. due to
1838 * escaping, the copy can
1839 * only become shorter */
1853 char *buf = malloc(buflen); 1840 char *buf = malloc(buflen);
1854 size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ 1841 size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
1855 char **ne_types = malloc(max_ne * sizeof (char *)); 1842 char **ne_types = malloc(max_ne * sizeof(char *));
1856 char **ne_values = malloc(max_ne * sizeof (char *)); 1843 char **ne_values = malloc(max_ne * sizeof(char *));
1857 int *mval = malloc (max_ne * sizeof (int)); 1844 int *mval = malloc(max_ne * sizeof(int));
1858 1845
1859 char *sp = subject, *bp = buf; 1846 char *sp = subject, *bp = buf;
1860 int i, ne_num = 0; 1847 int i, ne_num = 0;
@@ -1866,12 +1853,11 @@ parse_name(char *subject, long chtype, int multirdn)
1866 BIO_printf(bio_err, "malloc error\n"); 1853 BIO_printf(bio_err, "malloc error\n");
1867 goto error; 1854 goto error;
1868 } 1855 }
1869
1870 if (*subject != '/') { 1856 if (*subject != '/') {
1871 BIO_printf(bio_err, "Subject does not start with '/'.\n"); 1857 BIO_printf(bio_err, "Subject does not start with '/'.\n");
1872 goto error; 1858 goto error;
1873 } 1859 }
1874 sp++; /* skip leading / */ 1860 sp++; /* skip leading / */
1875 1861
1876 /* no multivalued RDN by default */ 1862 /* no multivalued RDN by default */
1877 mval[ne_num] = 0; 1863 mval[ne_num] = 0;
@@ -1880,8 +1866,8 @@ parse_name(char *subject, long chtype, int multirdn)
1880 /* collect type */ 1866 /* collect type */
1881 ne_types[ne_num] = bp; 1867 ne_types[ne_num] = bp;
1882 while (*sp) { 1868 while (*sp) {
1883 if (*sp == '\\') /* is there anything to escape in the type...? */ 1869 if (*sp == '\\') { /* is there anything to
1884 { 1870 * escape in the type...? */
1885 if (*++sp) 1871 if (*++sp)
1886 *bp++ = *sp++; 1872 *bp++ = *sp++;
1887 else { 1873 else {
@@ -1933,13 +1919,11 @@ parse_name(char *subject, long chtype, int multirdn)
1933 BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); 1919 BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
1934 continue; 1920 continue;
1935 } 1921 }
1936
1937 if (!*ne_values[i]) { 1922 if (!*ne_values[i]) {
1938 BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); 1923 BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
1939 continue; 1924 continue;
1940 } 1925 }
1941 1926 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *) ne_values[i], -1, -1, mval[i]))
1942 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1, -1, mval[i]))
1943 goto error; 1927 goto error;
1944 } 1928 }
1945 1929
@@ -1964,7 +1948,7 @@ error:
1964 1948
1965int 1949int
1966args_verify(char ***pargs, int *pargc, 1950args_verify(char ***pargs, int *pargc,
1967 int *badarg, BIO *err, X509_VERIFY_PARAM **pm) 1951 int *badarg, BIO * err, X509_VERIFY_PARAM ** pm)
1968{ 1952{
1969 ASN1_OBJECT *otmp = NULL; 1953 ASN1_OBJECT *otmp = NULL;
1970 unsigned long flags = 0; 1954 unsigned long flags = 0;
@@ -2016,8 +2000,10 @@ args_verify(char ***pargs, int *pargc,
2016 *badarg = 1; 2000 *badarg = 1;
2017 else { 2001 else {
2018 long timestamp; 2002 long timestamp;
2019 /* interpret the -attime argument as seconds since 2003 /*
2020 * Epoch */ 2004 * interpret the -attime argument as seconds since
2005 * Epoch
2006 */
2021 if (sscanf(argn, "%li", &timestamp) != 1) { 2007 if (sscanf(argn, "%li", &timestamp) != 1) {
2022 BIO_printf(bio_err, 2008 BIO_printf(bio_err,
2023 "Error parsing timestamp %s\n", 2009 "Error parsing timestamp %s\n",
@@ -2033,9 +2019,9 @@ args_verify(char ***pargs, int *pargc,
2033 else if (!strcmp(arg, "-issuer_checks")) 2019 else if (!strcmp(arg, "-issuer_checks"))
2034 flags |= X509_V_FLAG_CB_ISSUER_CHECK; 2020 flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2035 else if (!strcmp(arg, "-crl_check")) 2021 else if (!strcmp(arg, "-crl_check"))
2036 flags |= X509_V_FLAG_CRL_CHECK; 2022 flags |= X509_V_FLAG_CRL_CHECK;
2037 else if (!strcmp(arg, "-crl_check_all")) 2023 else if (!strcmp(arg, "-crl_check_all"))
2038 flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; 2024 flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
2039 else if (!strcmp(arg, "-policy_check")) 2025 else if (!strcmp(arg, "-policy_check"))
2040 flags |= X509_V_FLAG_POLICY_CHECK; 2026 flags |= X509_V_FLAG_POLICY_CHECK;
2041 else if (!strcmp(arg, "-explicit_policy")) 2027 else if (!strcmp(arg, "-explicit_policy"))
@@ -2063,12 +2049,10 @@ args_verify(char ***pargs, int *pargc,
2063 *pm = NULL; 2049 *pm = NULL;
2064 goto end; 2050 goto end;
2065 } 2051 }
2066
2067 if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) { 2052 if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
2068 *badarg = 1; 2053 *badarg = 1;
2069 goto end; 2054 goto end;
2070 } 2055 }
2071
2072 if (otmp) 2056 if (otmp)
2073 X509_VERIFY_PARAM_add0_policy(*pm, otmp); 2057 X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2074 if (flags) 2058 if (flags)
@@ -2097,7 +2081,7 @@ end:
2097 */ 2081 */
2098 2082
2099int 2083int
2100bio_to_mem(unsigned char **out, int maxlen, BIO *in) 2084bio_to_mem(unsigned char **out, int maxlen, BIO * in)
2101{ 2085{
2102 BIO *mem; 2086 BIO *mem;
2103 int len, ret; 2087 int len, ret;
@@ -2122,14 +2106,14 @@ bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2122 if (maxlen == 0) 2106 if (maxlen == 0)
2123 break; 2107 break;
2124 } 2108 }
2125 ret = BIO_get_mem_data(mem, (char **)out); 2109 ret = BIO_get_mem_data(mem, (char **) out);
2126 BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); 2110 BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2127 BIO_free(mem); 2111 BIO_free(mem);
2128 return ret; 2112 return ret;
2129} 2113}
2130 2114
2131int 2115int
2132pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) 2116pkey_ctrl_string(EVP_PKEY_CTX * ctx, char *value)
2133{ 2117{
2134 int rv; 2118 int rv;
2135 char *stmp, *vtmp = NULL; 2119 char *stmp, *vtmp = NULL;
@@ -2147,7 +2131,7 @@ pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2147} 2131}
2148 2132
2149static void 2133static void
2150nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes) 2134nodes_print(BIO * out, const char *name, STACK_OF(X509_POLICY_NODE) * nodes)
2151{ 2135{
2152 X509_POLICY_NODE *node; 2136 X509_POLICY_NODE *node;
2153 int i; 2137 int i;
@@ -2163,7 +2147,7 @@ nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
2163} 2147}
2164 2148
2165void 2149void
2166policies_print(BIO *out, X509_STORE_CTX *ctx) 2150policies_print(BIO * out, X509_STORE_CTX * ctx)
2167{ 2151{
2168 X509_POLICY_TREE *tree; 2152 X509_POLICY_TREE *tree;
2169 int explicit_policy; 2153 int explicit_policy;
@@ -2203,7 +2187,7 @@ jpake_init(const char *us, const char *them,
2203 q = BN_new(); 2187 q = BN_new();
2204 BN_rshift1(q, p); 2188 BN_rshift1(q, p);
2205 2189
2206 BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret); 2190 BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
2207 2191
2208 ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); 2192 ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
2209 BN_free(bnsecret); 2193 BN_free(bnsecret);
@@ -2215,7 +2199,7 @@ jpake_init(const char *us, const char *them,
2215} 2199}
2216 2200
2217static void 2201static void
2218jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) 2202jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
2219{ 2203{
2220 BN_print(conn, p->gx); 2204 BN_print(conn, p->gx);
2221 BIO_puts(conn, "\n"); 2205 BIO_puts(conn, "\n");
@@ -2226,7 +2210,7 @@ jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
2226} 2210}
2227 2211
2228static void 2212static void
2229jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) 2213jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
2230{ 2214{
2231 JPAKE_STEP1 s1; 2215 JPAKE_STEP1 s1;
2232 2216
@@ -2234,48 +2218,48 @@ jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
2234 JPAKE_STEP1_generate(&s1, ctx); 2218 JPAKE_STEP1_generate(&s1, ctx);
2235 jpake_send_part(bconn, &s1.p1); 2219 jpake_send_part(bconn, &s1.p1);
2236 jpake_send_part(bconn, &s1.p2); 2220 jpake_send_part(bconn, &s1.p2);
2237 (void)BIO_flush(bconn); 2221 (void) BIO_flush(bconn);
2238 JPAKE_STEP1_release(&s1); 2222 JPAKE_STEP1_release(&s1);
2239} 2223}
2240 2224
2241static void 2225static void
2242jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx) 2226jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
2243{ 2227{
2244 JPAKE_STEP2 s2; 2228 JPAKE_STEP2 s2;
2245 2229
2246 JPAKE_STEP2_init(&s2); 2230 JPAKE_STEP2_init(&s2);
2247 JPAKE_STEP2_generate(&s2, ctx); 2231 JPAKE_STEP2_generate(&s2, ctx);
2248 jpake_send_part(bconn, &s2); 2232 jpake_send_part(bconn, &s2);
2249 (void)BIO_flush(bconn); 2233 (void) BIO_flush(bconn);
2250 JPAKE_STEP2_release(&s2); 2234 JPAKE_STEP2_release(&s2);
2251} 2235}
2252 2236
2253static void 2237static void
2254jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) 2238jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
2255{ 2239{
2256 JPAKE_STEP3A s3a; 2240 JPAKE_STEP3A s3a;
2257 2241
2258 JPAKE_STEP3A_init(&s3a); 2242 JPAKE_STEP3A_init(&s3a);
2259 JPAKE_STEP3A_generate(&s3a, ctx); 2243 JPAKE_STEP3A_generate(&s3a, ctx);
2260 BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); 2244 BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2261 (void)BIO_flush(bconn); 2245 (void) BIO_flush(bconn);
2262 JPAKE_STEP3A_release(&s3a); 2246 JPAKE_STEP3A_release(&s3a);
2263} 2247}
2264 2248
2265static void 2249static void
2266jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) 2250jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
2267{ 2251{
2268 JPAKE_STEP3B s3b; 2252 JPAKE_STEP3B s3b;
2269 2253
2270 JPAKE_STEP3B_init(&s3b); 2254 JPAKE_STEP3B_init(&s3b);
2271 JPAKE_STEP3B_generate(&s3b, ctx); 2255 JPAKE_STEP3B_generate(&s3b, ctx);
2272 BIO_write(bconn, s3b.hk, sizeof s3b.hk); 2256 BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2273 (void)BIO_flush(bconn); 2257 (void) BIO_flush(bconn);
2274 JPAKE_STEP3B_release(&s3b); 2258 JPAKE_STEP3B_release(&s3b);
2275} 2259}
2276 2260
2277static void 2261static void
2278readbn(BIGNUM **bn, BIO *bconn) 2262readbn(BIGNUM ** bn, BIO * bconn)
2279{ 2263{
2280 char buf[10240]; 2264 char buf[10240];
2281 int l; 2265 int l;
@@ -2288,7 +2272,7 @@ readbn(BIGNUM **bn, BIO *bconn)
2288} 2272}
2289 2273
2290static void 2274static void
2291jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) 2275jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
2292{ 2276{
2293 readbn(&p->gx, bconn); 2277 readbn(&p->gx, bconn);
2294 readbn(&p->zkpx.gr, bconn); 2278 readbn(&p->zkpx.gr, bconn);
@@ -2296,7 +2280,7 @@ jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
2296} 2280}
2297 2281
2298static void 2282static void
2299jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) 2283jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
2300{ 2284{
2301 JPAKE_STEP1 s1; 2285 JPAKE_STEP1 s1;
2302 2286
@@ -2311,7 +2295,7 @@ jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
2311} 2295}
2312 2296
2313static void 2297static void
2314jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) 2298jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
2315{ 2299{
2316 JPAKE_STEP2 s2; 2300 JPAKE_STEP2 s2;
2317 2301
@@ -2325,7 +2309,7 @@ jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
2325} 2309}
2326 2310
2327static void 2311static void
2328jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) 2312jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
2329{ 2313{
2330 JPAKE_STEP3A s3a; 2314 JPAKE_STEP3A s3a;
2331 int l; 2315 int l;
@@ -2341,7 +2325,7 @@ jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
2341} 2325}
2342 2326
2343static void 2327static void
2344jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) 2328jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
2345{ 2329{
2346 JPAKE_STEP3B s3b; 2330 JPAKE_STEP3B s3b;
2347 int l; 2331 int l;
@@ -2357,7 +2341,7 @@ jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
2357} 2341}
2358 2342
2359void 2343void
2360jpake_client_auth(BIO *out, BIO *conn, const char *secret) 2344jpake_client_auth(BIO * out, BIO * conn, const char *secret)
2361{ 2345{
2362 JPAKE_CTX *ctx; 2346 JPAKE_CTX *ctx;
2363 BIO *bconn; 2347 BIO *bconn;
@@ -2387,7 +2371,7 @@ jpake_client_auth(BIO *out, BIO *conn, const char *secret)
2387} 2371}
2388 2372
2389void 2373void
2390jpake_server_auth(BIO *out, BIO *conn, const char *secret) 2374jpake_server_auth(BIO * out, BIO * conn, const char *secret)
2391{ 2375{
2392 JPAKE_CTX *ctx; 2376 JPAKE_CTX *ctx;
2393 BIO *bconn; 2377 BIO *bconn;
@@ -2457,7 +2441,8 @@ next_protos_parse(unsigned short *outlen, const char *in)
2457 *outlen = len + 1; 2441 *outlen = len + 1;
2458 return out; 2442 return out;
2459} 2443}
2460#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ 2444#endif /* !OPENSSL_NO_TLSEXT &&
2445 * !OPENSSL_NO_NEXTPROTONEG */
2461 2446
2462/* 2447/*
2463 * Platform-specific sections 2448 * Platform-specific sections
@@ -2470,10 +2455,10 @@ next_protos_parse(unsigned short *outlen, const char *in)
2470double 2455double
2471app_tminterval(int stop, int usertime) 2456app_tminterval(int stop, int usertime)
2472{ 2457{
2473 double ret = 0; 2458 double ret = 0;
2474 struct tms rus; 2459 struct tms rus;
2475 clock_t now = times(&rus); 2460 clock_t now = times(&rus);
2476 static clock_t tmstart; 2461 static clock_t tmstart;
2477 2462
2478 if (usertime) 2463 if (usertime)
2479 now = rus.tms_utime; 2464 now = rus.tms_utime;
@@ -2482,7 +2467,7 @@ app_tminterval(int stop, int usertime)
2482 tmstart = now; 2467 tmstart = now;
2483 else { 2468 else {
2484 long int tck = sysconf(_SC_CLK_TCK); 2469 long int tck = sysconf(_SC_CLK_TCK);
2485 ret = (now - tmstart)/(double)tck; 2470 ret = (now - tmstart) / (double) tck;
2486 } 2471 }
2487 2472
2488 return (ret); 2473 return (ret);
@@ -2495,9 +2480,9 @@ app_tminterval(int stop, int usertime)
2495double 2480double
2496app_tminterval(int stop, int usertime) 2481app_tminterval(int stop, int usertime)
2497{ 2482{
2498 double ret = 0; 2483 double ret = 0;
2499 struct rusage rus; 2484 struct rusage rus;
2500 struct timeval now; 2485 struct timeval now;
2501 static struct timeval tmstart; 2486 static struct timeval tmstart;
2502 2487
2503 if (usertime) 2488 if (usertime)
@@ -2518,11 +2503,11 @@ app_tminterval(int stop, int usertime)
2518/* app_isdir section */ 2503/* app_isdir section */
2519#include <sys/stat.h> 2504#include <sys/stat.h>
2520#ifndef S_ISDIR 2505#ifndef S_ISDIR
2521# if defined(_S_IFMT) && defined(_S_IFDIR) 2506#if defined(_S_IFMT) && defined(_S_IFDIR)
2522# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) 2507#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
2523# else 2508#else
2524# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) 2509#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
2525# endif 2510#endif
2526#endif 2511#endif
2527 2512
2528int 2513int
@@ -2536,7 +2521,7 @@ app_isdir(const char *name)
2536 else 2521 else
2537 return -1; 2522 return -1;
2538#else 2523#else
2539 return -1; 2524 return -1;
2540#endif 2525#endif
2541} 2526}
2542 2527
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index 95fc88d644..f11f1676f0 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -82,7 +82,7 @@
82 82
83int MAIN(int, char **); 83int MAIN(int, char **);
84 84
85static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); 85static int do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf);
86 86
87int 87int
88MAIN(int argc, char **argv) 88MAIN(int argc, char **argv)
@@ -97,7 +97,7 @@ MAIN(int argc, char **argv)
97 unsigned char *tmpbuf; 97 unsigned char *tmpbuf;
98 const unsigned char *ctmpbuf; 98 const unsigned char *ctmpbuf;
99 BUF_MEM *buf = NULL; 99 BUF_MEM *buf = NULL;
100 STACK_OF(OPENSSL_STRING) *osk = NULL; 100 STACK_OF(OPENSSL_STRING) * osk = NULL;
101 ASN1_TYPE *at = NULL; 101 ASN1_TYPE *at = NULL;
102 102
103 informat = FORMAT_PEM; 103 informat = FORMAT_PEM;
@@ -106,7 +106,7 @@ MAIN(int argc, char **argv)
106 106
107 if (bio_err == NULL) 107 if (bio_err == NULL)
108 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 108 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
109 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 109 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
110 110
111 if (!load_config(bio_err, NULL)) 111 if (!load_config(bio_err, NULL))
112 goto end; 112 goto end;
@@ -126,19 +126,19 @@ MAIN(int argc, char **argv)
126 } else if (strcmp(*argv, "-in") == 0) { 126 } else if (strcmp(*argv, "-in") == 0) {
127 if (--argc < 1) 127 if (--argc < 1)
128 goto bad; 128 goto bad;
129 infile= *(++argv); 129 infile = *(++argv);
130 } else if (strcmp(*argv, "-out") == 0) { 130 } else if (strcmp(*argv, "-out") == 0) {
131 if (--argc < 1) 131 if (--argc < 1)
132 goto bad; 132 goto bad;
133 derfile= *(++argv); 133 derfile = *(++argv);
134 } else if (strcmp(*argv, "-i") == 0) { 134 } else if (strcmp(*argv, "-i") == 0) {
135 indent = 1; 135 indent = 1;
136 } else 136 } else if (strcmp(*argv, "-noout") == 0)
137 if (strcmp(*argv, "-noout") == 0) noout = 1; 137 noout = 1;
138 else if (strcmp(*argv, "-oid") == 0) { 138 else if (strcmp(*argv, "-oid") == 0) {
139 if (--argc < 1) 139 if (--argc < 1)
140 goto bad; 140 goto bad;
141 oidfile= *(++argv); 141 oidfile = *(++argv);
142 } else if (strcmp(*argv, "-offset") == 0) { 142 } else if (strcmp(*argv, "-offset") == 0) {
143 if (--argc < 1) 143 if (--argc < 1)
144 goto bad; 144 goto bad;
@@ -164,11 +164,11 @@ MAIN(int argc, char **argv)
164 } else if (strcmp(*argv, "-genstr") == 0) { 164 } else if (strcmp(*argv, "-genstr") == 0) {
165 if (--argc < 1) 165 if (--argc < 1)
166 goto bad; 166 goto bad;
167 genstr= *(++argv); 167 genstr = *(++argv);
168 } else if (strcmp(*argv, "-genconf") == 0) { 168 } else if (strcmp(*argv, "-genconf") == 0) {
169 if (--argc < 1) 169 if (--argc < 1)
170 goto bad; 170 goto bad;
171 genconf= *(++argv); 171 genconf = *(++argv);
172 } else { 172 } else {
173 BIO_printf(bio_err, "unknown option %s\n", *argv); 173 BIO_printf(bio_err, "unknown option %s\n", *argv);
174 badops = 1; 174 badops = 1;
@@ -199,7 +199,6 @@ bad:
199 BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n"); 199 BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n");
200 goto end; 200 goto end;
201 } 201 }
202
203 ERR_load_crypto_strings(); 202 ERR_load_crypto_strings();
204 203
205 in = BIO_new(BIO_s_file()); 204 in = BIO_new(BIO_s_file());
@@ -208,7 +207,7 @@ bad:
208 ERR_print_errors(bio_err); 207 ERR_print_errors(bio_err);
209 goto end; 208 goto end;
210 } 209 }
211 BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT); 210 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
212 211
213 if (oidfile != NULL) { 212 if (oidfile != NULL) {
214 if (BIO_read_filename(in, oidfile) <= 0) { 213 if (BIO_read_filename(in, oidfile) <= 0) {
@@ -218,7 +217,6 @@ bad:
218 } 217 }
219 OBJ_create_objects(in); 218 OBJ_create_objects(in);
220 } 219 }
221
222 if (infile == NULL) 220 if (infile == NULL)
223 BIO_set_fp(in, stdin, BIO_NOCLOSE); 221 BIO_set_fp(in, stdin, BIO_NOCLOSE);
224 else { 222 else {
@@ -235,11 +233,10 @@ bad:
235 goto end; 233 goto end;
236 } 234 }
237 } 235 }
238
239 if ((buf = BUF_MEM_new()) == NULL) 236 if ((buf = BUF_MEM_new()) == NULL)
240 goto end; 237 goto end;
241 if (!BUF_MEM_grow(buf, BUFSIZ * 8)) 238 if (!BUF_MEM_grow(buf, BUFSIZ * 8))
242 goto end; /* Pre-allocate :-) */ 239 goto end; /* Pre-allocate :-) */
243 240
244 if (genstr || genconf) { 241 if (genstr || genconf) {
245 num = do_generate(bio_err, genstr, genconf, buf); 242 num = do_generate(bio_err, genstr, genconf, buf);
@@ -259,10 +256,9 @@ bad:
259 in = b64; 256 in = b64;
260 b64 = tmp; 257 b64 = tmp;
261 } 258 }
262
263 num = 0; 259 num = 0;
264 for (;;) { 260 for (;;) {
265 if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) 261 if (!BUF_MEM_grow(buf, (int) num + BUFSIZ))
266 goto end; 262 goto end;
267 i = BIO_read(in, &(buf->data[num]), BUFSIZ); 263 i = BIO_read(in, &(buf->data[num]), BUFSIZ);
268 if (i <= 0) 264 if (i <= 0)
@@ -275,7 +271,7 @@ bad:
275 /* If any structs to parse go through in sequence */ 271 /* If any structs to parse go through in sequence */
276 272
277 if (sk_OPENSSL_STRING_num(osk)) { 273 if (sk_OPENSSL_STRING_num(osk)) {
278 tmpbuf = (unsigned char *)str; 274 tmpbuf = (unsigned char *) str;
279 tmplen = num; 275 tmplen = num;
280 for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { 276 for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
281 ASN1_TYPE *atmp; 277 ASN1_TYPE *atmp;
@@ -310,28 +306,26 @@ bad:
310 tmpbuf = at->value.asn1_string->data; 306 tmpbuf = at->value.asn1_string->data;
311 tmplen = at->value.asn1_string->length; 307 tmplen = at->value.asn1_string->length;
312 } 308 }
313 str = (char *)tmpbuf; 309 str = (char *) tmpbuf;
314 num = tmplen; 310 num = tmplen;
315 } 311 }
316
317 if (offset >= num) { 312 if (offset >= num) {
318 BIO_printf(bio_err, "Error: offset too large\n"); 313 BIO_printf(bio_err, "Error: offset too large\n");
319 goto end; 314 goto end;
320 } 315 }
321
322 num -= offset; 316 num -= offset;
323 317
324 if ((length == 0) || ((long)length > num)) 318 if ((length == 0) || ((long) length > num))
325 length = (unsigned int)num; 319 length = (unsigned int) num;
326 if (derout) { 320 if (derout) {
327 if (BIO_write(derout, str + offset, length) != (int)length) { 321 if (BIO_write(derout, str + offset, length) != (int) length) {
328 BIO_printf(bio_err, "Error writing output\n"); 322 BIO_printf(bio_err, "Error writing output\n");
329 ERR_print_errors(bio_err); 323 ERR_print_errors(bio_err);
330 goto end; 324 goto end;
331 } 325 }
332 } 326 }
333 if (!noout && 327 if (!noout &&
334 !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length, 328 !ASN1_parse_dump(out, (unsigned char *) &(str[offset]), length,
335 indent, dump)) { 329 indent, dump)) {
336 ERR_print_errors(bio_err); 330 ERR_print_errors(bio_err);
337 goto end; 331 goto end;
@@ -355,11 +349,11 @@ end:
355 sk_OPENSSL_STRING_free(osk); 349 sk_OPENSSL_STRING_free(osk);
356 OBJ_cleanup(); 350 OBJ_cleanup();
357 apps_shutdown(); 351 apps_shutdown();
358 return(ret); 352 return (ret);
359} 353}
360 354
361static int 355static int
362do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) 356do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf)
363{ 357{
364 CONF *cnf = NULL; 358 CONF *cnf = NULL;
365 int len; 359 int len;
@@ -378,7 +372,6 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
378 goto err; 372 goto err;
379 } 373 }
380 } 374 }
381
382 atyp = ASN1_generate_nconf(genstr, cnf); 375 atyp = ASN1_generate_nconf(genstr, cnf);
383 NCONF_free(cnf); 376 NCONF_free(cnf);
384 cnf = NULL; 377 cnf = NULL;
@@ -394,14 +387,14 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
394 if (!BUF_MEM_grow(buf, len)) 387 if (!BUF_MEM_grow(buf, len))
395 goto err; 388 goto err;
396 389
397 p = (unsigned char *)buf->data; 390 p = (unsigned char *) buf->data;
398 391
399 i2d_ASN1_TYPE(atyp, &p); 392 i2d_ASN1_TYPE(atyp, &p);
400 393
401 ASN1_TYPE_free(atyp); 394 ASN1_TYPE_free(atyp);
402 return len; 395 return len;
403 396
404 conferr: 397conferr:
405 398
406 if (errline > 0) 399 if (errline > 0)
407 BIO_printf(bio, "Error on line %ld of config file '%s'\n", 400 BIO_printf(bio, "Error on line %ld of config file '%s'\n",
@@ -409,7 +402,7 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
409 else 402 else
410 BIO_printf(bio, "Error loading config file '%s'\n", genconf); 403 BIO_printf(bio, "Error loading config file '%s'\n", genconf);
411 404
412 err: 405err:
413 NCONF_free(cnf); 406 NCONF_free(cnf);
414 ASN1_TYPE_free(atyp); 407 ASN1_TYPE_free(atyp);
415 408
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 0bef50be76..6396249673 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -77,16 +77,16 @@
77#include <openssl/pem.h> 77#include <openssl/pem.h>
78 78
79#ifndef W_OK 79#ifndef W_OK
80# include <sys/file.h> 80#include <sys/file.h>
81#endif 81#endif
82 82
83#include "apps.h" 83#include "apps.h"
84 84
85#ifndef W_OK 85#ifndef W_OK
86# define F_OK 0 86#define F_OK 0
87# define X_OK 1 87#define X_OK 1
88# define W_OK 2 88#define W_OK 2
89# define R_OK 4 89#define R_OK 4
90#endif 90#endif
91 91
92#undef PROG 92#undef PROG
@@ -189,53 +189,56 @@ extern int EF_ALIGNMENT;
189#endif 189#endif
190 190
191static void lookup_fail(const char *name, const char *tag); 191static void lookup_fail(const char *name, const char *tag);
192static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 192static int
193 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 193certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
194 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 194 const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
195 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
195 unsigned long chtype, int multirdn, int email_dn, char *startdate, 196 unsigned long chtype, int multirdn, int email_dn, char *startdate,
196 char *enddate, long days, int batch, char *ext_sect, CONF *conf, 197 char *enddate, long days, int batch, char *ext_sect, CONF * conf,
197 int verbose, unsigned long certopt, unsigned long nameopt, 198 int verbose, unsigned long certopt, unsigned long nameopt,
198 int default_op, int ext_copy, int selfsign); 199 int default_op, int ext_copy, int selfsign);
199static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 200 static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
200 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 201 const EVP_MD * dgst,
201 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 202 STACK_OF(OPENSSL_STRING) * sigopts,
203 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
202 unsigned long chtype, int multirdn, int email_dn, char *startdate, 204 unsigned long chtype, int multirdn, int email_dn, char *startdate,
203 char *enddate, long days, int batch, char *ext_sect, CONF *conf, 205 char *enddate, long days, int batch, char *ext_sect, CONF * conf,
204 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 206 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
205 int ext_copy, ENGINE *e); 207 int ext_copy, ENGINE * e);
206static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 208 static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
207 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 209 const EVP_MD * dgst,
208 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 210 STACK_OF(OPENSSL_STRING) * sigopts,
211 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
209 unsigned long chtype, int multirdn, int email_dn, char *startdate, 212 unsigned long chtype, int multirdn, int email_dn, char *startdate,
210 char *enddate, long days, char *ext_sect, CONF *conf, int verbose, 213 char *enddate, long days, char *ext_sect, CONF * conf, int verbose,
211 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); 214 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);
212static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); 215 static void write_new_certificate(BIO * bp, X509 * x, int output_der, int notext);
213static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 216 static int do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
214 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, 217 STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, CA_DB * db,
215 BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, 218 BIGNUM * serial, char *subj, unsigned long chtype, int multirdn,
216 int email_dn, char *startdate, char *enddate, long days, int batch, 219 int email_dn, char *startdate, char *enddate, long days, int batch,
217 int verbose, X509_REQ *req, char *ext_sect, CONF *conf, 220 int verbose, X509_REQ * req, char *ext_sect, CONF * conf,
218 unsigned long certopt, unsigned long nameopt, int default_op, 221 unsigned long certopt, unsigned long nameopt, int default_op,
219 int ext_copy, int selfsign); 222 int ext_copy, int selfsign);
220static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); 223 static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval);
221static int get_certificate_status(const char *ser_status, CA_DB *db); 224 static int get_certificate_status(const char *ser_status, CA_DB * db);
222static int do_updatedb(CA_DB *db); 225 static int do_updatedb(CA_DB * db);
223static int check_time_format(const char *str); 226 static int check_time_format(const char *str);
224char *make_revocation_str(int rev_type, char *rev_arg); 227 char *make_revocation_str(int rev_type, char *rev_arg);
225int make_revoked(X509_REVOKED *rev, const char *str); 228 int make_revoked(X509_REVOKED * rev, const char *str);
226int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); 229 int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str);
227static CONF *conf = NULL; 230 static CONF *conf = NULL;
228static CONF *extconf = NULL; 231 static CONF *extconf = NULL;
229static char *section = NULL; 232 static char *section = NULL;
230 233
231static int preserve = 0; 234 static int preserve = 0;
232static int msie_hack = 0; 235 static int msie_hack = 0;
233 236
234 237
235int MAIN(int, char **); 238 int MAIN(int, char **);
236 239
237int 240 int
238MAIN(int argc, char **argv) 241 MAIN(int argc, char **argv)
239{ 242{
240 ENGINE *e = NULL; 243 ENGINE *e = NULL;
241 char *key = NULL, *passargin = NULL; 244 char *key = NULL, *passargin = NULL;
@@ -302,12 +305,12 @@ MAIN(int argc, char **argv)
302 ASN1_INTEGER *tmpser; 305 ASN1_INTEGER *tmpser;
303 char *f; 306 char *f;
304 const char *p; 307 const char *p;
305 char * const *pp; 308 char *const * pp;
306 int i, j; 309 int i, j;
307 const EVP_MD *dgst = NULL; 310 const EVP_MD *dgst = NULL;
308 STACK_OF(CONF_VALUE) *attribs = NULL; 311 STACK_OF(CONF_VALUE) * attribs = NULL;
309 STACK_OF(X509) *cert_sk = NULL; 312 STACK_OF(X509) * cert_sk = NULL;
310 STACK_OF(OPENSSL_STRING) *sigopts = NULL; 313 STACK_OF(OPENSSL_STRING) * sigopts = NULL;
311#undef BSIZE 314#undef BSIZE
312#define BSIZE 256 315#define BSIZE 256
313 char buf[3][BSIZE]; 316 char buf[3][BSIZE];
@@ -334,7 +337,7 @@ MAIN(int argc, char **argv)
334 msie_hack = 0; 337 msie_hack = 0;
335 if (bio_err == NULL) 338 if (bio_err == NULL)
336 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 339 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
337 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 340 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
338 341
339 argc--; 342 argc--;
340 argv++; 343 argv++;
@@ -344,15 +347,15 @@ MAIN(int argc, char **argv)
344 else if (strcmp(*argv, "-config") == 0) { 347 else if (strcmp(*argv, "-config") == 0) {
345 if (--argc < 1) 348 if (--argc < 1)
346 goto bad; 349 goto bad;
347 configfile= *(++argv); 350 configfile = *(++argv);
348 } else if (strcmp(*argv, "-name") == 0) { 351 } else if (strcmp(*argv, "-name") == 0) {
349 if (--argc < 1) 352 if (--argc < 1)
350 goto bad; 353 goto bad;
351 section= *(++argv); 354 section = *(++argv);
352 } else if (strcmp(*argv, "-subj") == 0) { 355 } else if (strcmp(*argv, "-subj") == 0) {
353 if (--argc < 1) 356 if (--argc < 1)
354 goto bad; 357 goto bad;
355 subj= *(++argv); 358 subj = *(++argv);
356 /* preserve=1; */ 359 /* preserve=1; */
357 } else if (strcmp(*argv, "-utf8") == 0) 360 } else if (strcmp(*argv, "-utf8") == 0)
358 chtype = MBSTRING_UTF8; 361 chtype = MBSTRING_UTF8;
@@ -363,11 +366,11 @@ MAIN(int argc, char **argv)
363 else if (strcmp(*argv, "-startdate") == 0) { 366 else if (strcmp(*argv, "-startdate") == 0) {
364 if (--argc < 1) 367 if (--argc < 1)
365 goto bad; 368 goto bad;
366 startdate= *(++argv); 369 startdate = *(++argv);
367 } else if (strcmp(*argv, "-enddate") == 0) { 370 } else if (strcmp(*argv, "-enddate") == 0) {
368 if (--argc < 1) 371 if (--argc < 1)
369 goto bad; 372 goto bad;
370 enddate= *(++argv); 373 enddate = *(++argv);
371 } else if (strcmp(*argv, "-days") == 0) { 374 } else if (strcmp(*argv, "-days") == 0) {
372 if (--argc < 1) 375 if (--argc < 1)
373 goto bad; 376 goto bad;
@@ -375,47 +378,46 @@ MAIN(int argc, char **argv)
375 } else if (strcmp(*argv, "-md") == 0) { 378 } else if (strcmp(*argv, "-md") == 0) {
376 if (--argc < 1) 379 if (--argc < 1)
377 goto bad; 380 goto bad;
378 md= *(++argv); 381 md = *(++argv);
379 } else if (strcmp(*argv, "-policy") == 0) { 382 } else if (strcmp(*argv, "-policy") == 0) {
380 if (--argc < 1) 383 if (--argc < 1)
381 goto bad; 384 goto bad;
382 policy= *(++argv); 385 policy = *(++argv);
383 } else if (strcmp(*argv, "-keyfile") == 0) { 386 } else if (strcmp(*argv, "-keyfile") == 0) {
384 if (--argc < 1) 387 if (--argc < 1)
385 goto bad; 388 goto bad;
386 keyfile= *(++argv); 389 keyfile = *(++argv);
387 } 390 } else if (strcmp(*argv, "-keyform") == 0) {
388 else if (strcmp(*argv, "-keyform") == 0) {
389 if (--argc < 1) 391 if (--argc < 1)
390 goto bad; 392 goto bad;
391 keyform = str2fmt(*(++argv)); 393 keyform = str2fmt(*(++argv));
392 } else if (strcmp(*argv, "-passin") == 0) { 394 } else if (strcmp(*argv, "-passin") == 0) {
393 if (--argc < 1) 395 if (--argc < 1)
394 goto bad; 396 goto bad;
395 passargin= *(++argv); 397 passargin = *(++argv);
396 } else if (strcmp(*argv, "-key") == 0) { 398 } else if (strcmp(*argv, "-key") == 0) {
397 if (--argc < 1) 399 if (--argc < 1)
398 goto bad; 400 goto bad;
399 key= *(++argv); 401 key = *(++argv);
400 } else if (strcmp(*argv, "-cert") == 0) { 402 } else if (strcmp(*argv, "-cert") == 0) {
401 if (--argc < 1) 403 if (--argc < 1)
402 goto bad; 404 goto bad;
403 certfile= *(++argv); 405 certfile = *(++argv);
404 } else if (strcmp(*argv, "-selfsign") == 0) 406 } else if (strcmp(*argv, "-selfsign") == 0)
405 selfsign = 1; 407 selfsign = 1;
406 else if (strcmp(*argv, "-in") == 0) { 408 else if (strcmp(*argv, "-in") == 0) {
407 if (--argc < 1) 409 if (--argc < 1)
408 goto bad; 410 goto bad;
409 infile= *(++argv); 411 infile = *(++argv);
410 req = 1; 412 req = 1;
411 } else if (strcmp(*argv, "-out") == 0) { 413 } else if (strcmp(*argv, "-out") == 0) {
412 if (--argc < 1) 414 if (--argc < 1)
413 goto bad; 415 goto bad;
414 outfile= *(++argv); 416 outfile = *(++argv);
415 } else if (strcmp(*argv, "-outdir") == 0) { 417 } else if (strcmp(*argv, "-outdir") == 0) {
416 if (--argc < 1) 418 if (--argc < 1)
417 goto bad; 419 goto bad;
418 outdir= *(++argv); 420 outdir = *(++argv);
419 } else if (strcmp(*argv, "-sigopt") == 0) { 421 } else if (strcmp(*argv, "-sigopt") == 0) {
420 if (--argc < 1) 422 if (--argc < 1)
421 goto bad; 423 goto bad;
@@ -465,26 +467,26 @@ MAIN(int argc, char **argv)
465 } else if (strcmp(*argv, "-revoke") == 0) { 467 } else if (strcmp(*argv, "-revoke") == 0) {
466 if (--argc < 1) 468 if (--argc < 1)
467 goto bad; 469 goto bad;
468 infile= *(++argv); 470 infile = *(++argv);
469 dorevoke = 1; 471 dorevoke = 1;
470 } else if (strcmp(*argv, "-extensions") == 0) { 472 } else if (strcmp(*argv, "-extensions") == 0) {
471 if (--argc < 1) 473 if (--argc < 1)
472 goto bad; 474 goto bad;
473 extensions= *(++argv); 475 extensions = *(++argv);
474 } else if (strcmp(*argv, "-extfile") == 0) { 476 } else if (strcmp(*argv, "-extfile") == 0) {
475 if (--argc < 1) 477 if (--argc < 1)
476 goto bad; 478 goto bad;
477 extfile= *(++argv); 479 extfile = *(++argv);
478 } else if (strcmp(*argv, "-status") == 0) { 480 } else if (strcmp(*argv, "-status") == 0) {
479 if (--argc < 1) 481 if (--argc < 1)
480 goto bad; 482 goto bad;
481 ser_status= *(++argv); 483 ser_status = *(++argv);
482 } else if (strcmp(*argv, "-updatedb") == 0) { 484 } else if (strcmp(*argv, "-updatedb") == 0) {
483 doupdatedb = 1; 485 doupdatedb = 1;
484 } else if (strcmp(*argv, "-crlexts") == 0) { 486 } else if (strcmp(*argv, "-crlexts") == 0) {
485 if (--argc < 1) 487 if (--argc < 1)
486 goto bad; 488 goto bad;
487 crl_ext= *(++argv); 489 crl_ext = *(++argv);
488 } else if (strcmp(*argv, "-crl_reason") == 0) { 490 } else if (strcmp(*argv, "-crl_reason") == 0) {
489 if (--argc < 1) 491 if (--argc < 1)
490 goto bad; 492 goto bad;
@@ -510,11 +512,11 @@ MAIN(int argc, char **argv)
510 else if (strcmp(*argv, "-engine") == 0) { 512 else if (strcmp(*argv, "-engine") == 0) {
511 if (--argc < 1) 513 if (--argc < 1)
512 goto bad; 514 goto bad;
513 engine= *(++argv); 515 engine = *(++argv);
514 } 516 }
515#endif 517#endif
516 else { 518 else {
517bad: 519 bad:
518 BIO_printf(bio_err, "unknown option %s\n", *argv); 520 BIO_printf(bio_err, "unknown option %s\n", *argv);
519 badops = 1; 521 badops = 1;
520 break; 522 break;
@@ -530,7 +532,6 @@ bad:
530 BIO_printf(bio_err, "%s", *pp2); 532 BIO_printf(bio_err, "%s", *pp2);
531 goto err; 533 goto err;
532 } 534 }
533
534 ERR_load_crypto_strings(); 535 ERR_load_crypto_strings();
535 536
536 /*****************************************************************/ 537 /*****************************************************************/
@@ -550,7 +551,6 @@ bad:
550 BUF_strlcat(tofree, CONFIG_FILE, len); 551 BUF_strlcat(tofree, CONFIG_FILE, len);
551 configfile = tofree; 552 configfile = tofree;
552 } 553 }
553
554 BIO_printf(bio_err, "Using configuration from %s\n", configfile); 554 BIO_printf(bio_err, "Using configuration from %s\n", configfile);
555 conf = NCONF_new(NULL); 555 conf = NCONF_new(NULL);
556 if (NCONF_load(conf, configfile, &errorline) <= 0) { 556 if (NCONF_load(conf, configfile, &errorline) <= 0) {
@@ -559,14 +559,13 @@ bad:
559 configfile); 559 configfile);
560 else 560 else
561 BIO_printf(bio_err, "error on line %ld of config file '%s'\n" 561 BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
562 , errorline, configfile); 562 ,errorline, configfile);
563 goto err; 563 goto err;
564 } 564 }
565 if (tofree) { 565 if (tofree) {
566 free(tofree); 566 free(tofree);
567 tofree = NULL; 567 tofree = NULL;
568 } 568 }
569
570 if (!load_config(bio_err, conf)) 569 if (!load_config(bio_err, conf))
571 goto err; 570 goto err;
572 571
@@ -582,7 +581,6 @@ bad:
582 goto err; 581 goto err;
583 } 582 }
584 } 583 }
585
586 if (conf != NULL) { 584 if (conf != NULL) {
587 p = NCONF_get_string(conf, NULL, "oid_file"); 585 p = NCONF_get_string(conf, NULL, "oid_file");
588 if (p == NULL) 586 if (p == NULL)
@@ -607,7 +605,6 @@ bad:
607 goto err; 605 goto err;
608 } 606 }
609 } 607 }
610
611 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 608 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
612 if (randfile == NULL) 609 if (randfile == NULL)
613 ERR_clear_error(); 610 ERR_clear_error();
@@ -621,15 +618,13 @@ bad:
621 BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); 618 BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
622 goto err; 619 goto err;
623 } 620 }
624 621 if (chtype != MBSTRING_UTF8) {
625 if (chtype != MBSTRING_UTF8){
626 f = NCONF_get_string(conf, section, UTF8_IN); 622 f = NCONF_get_string(conf, section, UTF8_IN);
627 if (!f) 623 if (!f)
628 ERR_clear_error(); 624 ERR_clear_error();
629 else if (!strcmp(f, "yes")) 625 else if (!strcmp(f, "yes"))
630 chtype = MBSTRING_UTF8; 626 chtype = MBSTRING_UTF8;
631 } 627 }
632
633 db_attr.unique_subject = 1; 628 db_attr.unique_subject = 1;
634 p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); 629 p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
635 if (p) { 630 if (p) {
@@ -656,7 +651,6 @@ bad:
656 ERR_print_errors(bio_err); 651 ERR_print_errors(bio_err);
657 goto err; 652 goto err;
658 } 653 }
659
660 /*****************************************************************/ 654 /*****************************************************************/
661 /* report status of cert with serial number given on command line */ 655 /* report status of cert with serial number given on command line */
662 if (ser_status) { 656 if (ser_status) {
@@ -676,12 +670,11 @@ bad:
676 ser_status); 670 ser_status);
677 goto err; 671 goto err;
678 } 672 }
679
680 /*****************************************************************/ 673 /*****************************************************************/
681 /* we definitely need a private key, so let's get it */ 674 /* we definitely need a private key, so let's get it */
682 675
683 if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf, 676 if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
684 section, ENV_PRIVATE_KEY)) == NULL)) { 677 section, ENV_PRIVATE_KEY)) == NULL)) {
685 lookup_fail(section, ENV_PRIVATE_KEY); 678 lookup_fail(section, ENV_PRIVATE_KEY);
686 goto err; 679 goto err;
687 } 680 }
@@ -699,13 +692,12 @@ bad:
699 /* load_key() has already printed an appropriate message */ 692 /* load_key() has already printed an appropriate message */
700 goto err; 693 goto err;
701 } 694 }
702
703 /*****************************************************************/ 695 /*****************************************************************/
704 /* we need a certificate */ 696 /* we need a certificate */
705 if (!selfsign || spkac_file || ss_cert_file || gencrl) { 697 if (!selfsign || spkac_file || ss_cert_file || gencrl) {
706 if ((certfile == NULL) && 698 if ((certfile == NULL) &&
707 ((certfile = NCONF_get_string(conf, 699 ((certfile = NCONF_get_string(conf,
708 section, ENV_CERTIFICATE)) == NULL)) { 700 section, ENV_CERTIFICATE)) == NULL)) {
709 lookup_fail(section, ENV_CERTIFICATE); 701 lookup_fail(section, ENV_CERTIFICATE);
710 goto err; 702 goto err;
711 } 703 }
@@ -770,34 +762,32 @@ bad:
770 if ((outdir == NULL) && (req)) { 762 if ((outdir == NULL) && (req)) {
771 763
772 if ((outdir = NCONF_get_string(conf, section, 764 if ((outdir = NCONF_get_string(conf, section,
773 ENV_NEW_CERTS_DIR)) == NULL) { 765 ENV_NEW_CERTS_DIR)) == NULL) {
774 BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n"); 766 BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n");
775 goto err; 767 goto err;
776 } 768 }
777 /* outdir is a directory spec, but access() for VMS demands a 769 /*
778 filename. In any case, stat(), below, will catch the problem 770 * outdir is a directory spec, but access() for VMS demands a
779 if outdir is not a directory spec, and the fopen() or open() 771 * filename. In any case, stat(), below, will catch the
780 will catch an error if there is no write access. 772 * problem if outdir is not a directory spec, and the fopen()
781 773 * or open() will catch an error if there is no write access.
782 Presumably, this problem could also be solved by using the DEC 774 *
783 C routines to convert the directory syntax to Unixly, and give 775 * Presumably, this problem could also be solved by using the
784 that to access(). However, time's too short to do that just 776 * DEC C routines to convert the directory syntax to Unixly,
785 now. 777 * and give that to access(). However, time's too short to
786 */ 778 * do that just now.
787 if (access(outdir, R_OK|W_OK|X_OK) != 0) 779 */
788 { 780 if (access(outdir, R_OK | W_OK | X_OK) != 0) {
789 BIO_printf(bio_err, "I am unable to access the %s directory\n", outdir); 781 BIO_printf(bio_err, "I am unable to access the %s directory\n", outdir);
790 perror(outdir); 782 perror(outdir);
791 goto err; 783 goto err;
792 } 784 }
793
794 if (app_isdir(outdir) <= 0) { 785 if (app_isdir(outdir) <= 0) {
795 BIO_printf(bio_err, "%s need to be a directory\n", outdir); 786 BIO_printf(bio_err, "%s need to be a directory\n", outdir);
796 perror(outdir); 787 perror(outdir);
797 goto err; 788 goto err;
798 } 789 }
799 } 790 }
800
801 /*****************************************************************/ 791 /*****************************************************************/
802 /* we need to load the database file */ 792 /* we need to load the database file */
803 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { 793 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
@@ -813,16 +803,16 @@ bad:
813 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 803 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
814 if ((pp[DB_type][0] != DB_TYPE_REV) && 804 if ((pp[DB_type][0] != DB_TYPE_REV) &&
815 (pp[DB_rev_date][0] != '\0')) { 805 (pp[DB_rev_date][0] != '\0')) {
816 BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i+1); 806 BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i + 1);
817 goto err; 807 goto err;
818 } 808 }
819 if ((pp[DB_type][0] == DB_TYPE_REV) && 809 if ((pp[DB_type][0] == DB_TYPE_REV) &&
820 !make_revoked(NULL, pp[DB_rev_date])) { 810 !make_revoked(NULL, pp[DB_rev_date])) {
821 BIO_printf(bio_err, " in entry %d\n", i+1); 811 BIO_printf(bio_err, " in entry %d\n", i + 1);
822 goto err; 812 goto err;
823 } 813 }
824 if (!check_time_format((char *)pp[DB_exp_date])) { 814 if (!check_time_format((char *) pp[DB_exp_date])) {
825 BIO_printf(bio_err, "entry %d: invalid expiry date\n", i+1); 815 BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
826 goto err; 816 goto err;
827 } 817 }
828 p = pp[DB_serial]; 818 p = pp[DB_serial];
@@ -831,28 +821,27 @@ bad:
831 p++; 821 p++;
832 j--; 822 j--;
833 } 823 }
834 if ((j&1) || (j < 2)) { 824 if ((j & 1) || (j < 2)) {
835 BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i+1, j); 825 BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i + 1, j);
836 goto err; 826 goto err;
837 } 827 }
838 while (*p) { 828 while (*p) {
839 if (!( ((*p >= '0') && (*p <= '9')) || 829 if (!(((*p >= '0') && (*p <= '9')) ||
840 ((*p >= 'A') && (*p <= 'F')) || 830 ((*p >= 'A') && (*p <= 'F')) ||
841 ((*p >= 'a') && (*p <= 'f'))) ) { 831 ((*p >= 'a') && (*p <= 'f')))) {
842 BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i+1, (long)(p-pp[DB_serial]), *p); 832 BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i + 1, (long) (p - pp[DB_serial]), *p);
843 goto err; 833 goto err;
844 } 834 }
845 p++; 835 p++;
846 } 836 }
847 } 837 }
848 if (verbose) { 838 if (verbose) {
849 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ 839 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */
850 TXT_DB_write(out, db->db); 840 TXT_DB_write(out, db->db);
851 BIO_printf(bio_err, "%d entries loaded from the database\n", 841 BIO_printf(bio_err, "%d entries loaded from the database\n",
852 sk_OPENSSL_PSTRING_num(db->db->data)); 842 sk_OPENSSL_PSTRING_num(db->db->data));
853 BIO_printf(bio_err, "generating index\n"); 843 BIO_printf(bio_err, "generating index\n");
854 } 844 }
855
856 if (!index_index(db)) 845 if (!index_index(db))
857 goto err; 846 goto err;
858 847
@@ -868,7 +857,8 @@ bad:
868 BIO_printf(bio_err, "Malloc failure\n"); 857 BIO_printf(bio_err, "Malloc failure\n");
869 goto err; 858 goto err;
870 } else if (i == 0) { 859 } else if (i == 0) {
871 if (verbose) BIO_printf(bio_err, 860 if (verbose)
861 BIO_printf(bio_err,
872 "No entries found to mark expired\n"); 862 "No entries found to mark expired\n");
873 } else { 863 } else {
874 if (!save_index(dbfile, "new", db)) 864 if (!save_index(dbfile, "new", db))
@@ -877,11 +867,11 @@ bad:
877 if (!rotate_index(dbfile, "new", "old")) 867 if (!rotate_index(dbfile, "new", "old"))
878 goto err; 868 goto err;
879 869
880 if (verbose) BIO_printf(bio_err, 870 if (verbose)
871 BIO_printf(bio_err,
881 "Done. %d entries marked as expired\n", i); 872 "Done. %d entries marked as expired\n", i);
882 } 873 }
883 } 874 }
884
885 /*****************************************************************/ 875 /*****************************************************************/
886 /* Read extentions config file */ 876 /* Read extentions config file */
887 if (extfile) { 877 if (extfile) {
@@ -892,11 +882,10 @@ bad:
892 extfile); 882 extfile);
893 else 883 else
894 BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", 884 BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
895 errorline, extfile); 885 errorline, extfile);
896 ret = 1; 886 ret = 1;
897 goto err; 887 goto err;
898 } 888 }
899
900 if (verbose) 889 if (verbose)
901 BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); 890 BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
902 891
@@ -904,7 +893,6 @@ bad:
904 if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) 893 if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
905 extensions = "default"; 894 extensions = "default";
906 } 895 }
907
908 /*****************************************************************/ 896 /*****************************************************************/
909 if (req || gencrl) { 897 if (req || gencrl) {
910 if (outfile != NULL) { 898 if (outfile != NULL) {
@@ -913,33 +901,29 @@ bad:
913 goto err; 901 goto err;
914 } 902 }
915 } else { 903 } else {
916 BIO_set_fp(Sout, stdout, BIO_NOCLOSE|BIO_FP_TEXT); 904 BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
917 } 905 }
918 } 906 }
919
920 if ((md == NULL) && ((md = NCONF_get_string(conf, 907 if ((md == NULL) && ((md = NCONF_get_string(conf,
921 section, ENV_DEFAULT_MD)) == NULL)) { 908 section, ENV_DEFAULT_MD)) == NULL)) {
922 lookup_fail(section, ENV_DEFAULT_MD); 909 lookup_fail(section, ENV_DEFAULT_MD);
923 goto err; 910 goto err;
924 } 911 }
925
926 if (!strcmp(md, "default")) { 912 if (!strcmp(md, "default")) {
927 int def_nid; 913 int def_nid;
928 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { 914 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
929 BIO_puts(bio_err, "no default digest\n"); 915 BIO_puts(bio_err, "no default digest\n");
930 goto err; 916 goto err;
931 } 917 }
932 md = (char *)OBJ_nid2sn(def_nid); 918 md = (char *) OBJ_nid2sn(def_nid);
933 } 919 }
934
935 if ((dgst = EVP_get_digestbyname(md)) == NULL) { 920 if ((dgst = EVP_get_digestbyname(md)) == NULL) {
936 BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); 921 BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
937 goto err; 922 goto err;
938 } 923 }
939
940 if (req) { 924 if (req) {
941 if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf, 925 if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
942 section, ENV_DEFAULT_EMAIL_DN)) != NULL )) { 926 section, ENV_DEFAULT_EMAIL_DN)) != NULL)) {
943 if (strcmp(tmp_email_dn, "no") == 0) 927 if (strcmp(tmp_email_dn, "no") == 0)
944 email_dn = 0; 928 email_dn = 0;
945 } 929 }
@@ -947,7 +931,7 @@ bad:
947 BIO_printf(bio_err, "message digest is %s\n", 931 BIO_printf(bio_err, "message digest is %s\n",
948 OBJ_nid2ln(dgst->type)); 932 OBJ_nid2ln(dgst->type));
949 if ((policy == NULL) && ((policy = NCONF_get_string(conf, 933 if ((policy == NULL) && ((policy = NCONF_get_string(conf,
950 section, ENV_POLICY)) == NULL)) { 934 section, ENV_POLICY)) == NULL)) {
951 lookup_fail(section, ENV_POLICY); 935 lookup_fail(section, ENV_POLICY);
952 goto err; 936 goto err;
953 } 937 }
@@ -955,14 +939,15 @@ bad:
955 BIO_printf(bio_err, "policy is %s\n", policy); 939 BIO_printf(bio_err, "policy is %s\n", policy);
956 940
957 if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL)) 941 if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
958 == NULL) { 942 == NULL) {
959 lookup_fail(section, ENV_SERIAL); 943 lookup_fail(section, ENV_SERIAL);
960 goto err; 944 goto err;
961 } 945 }
962
963 if (!extconf) { 946 if (!extconf) {
964 /* no '-extfile' option, so we look for extensions 947 /*
965 * in the main configuration file */ 948 * no '-extfile' option, so we look for extensions in
949 * the main configuration file
950 */
966 if (!extensions) { 951 if (!extensions) {
967 extensions = NCONF_get_string(conf, section, 952 extensions = NCONF_get_string(conf, section,
968 ENV_EXTENSIONS); 953 ENV_EXTENSIONS);
@@ -975,7 +960,7 @@ bad:
975 X509V3_set_ctx_test(&ctx); 960 X509V3_set_ctx_test(&ctx);
976 X509V3_set_nconf(&ctx, conf); 961 X509V3_set_nconf(&ctx, conf);
977 if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, 962 if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
978 NULL)) { 963 NULL)) {
979 BIO_printf(bio_err, 964 BIO_printf(bio_err,
980 "Error Loading extension section %s\n", 965 "Error Loading extension section %s\n",
981 extensions); 966 extensions);
@@ -984,7 +969,6 @@ bad:
984 } 969 }
985 } 970 }
986 } 971 }
987
988 if (startdate == NULL) { 972 if (startdate == NULL) {
989 startdate = NCONF_get_string(conf, section, 973 startdate = NCONF_get_string(conf, section,
990 ENV_DEFAULT_STARTDATE); 974 ENV_DEFAULT_STARTDATE);
@@ -996,7 +980,7 @@ bad:
996 goto err; 980 goto err;
997 } 981 }
998 if (startdate == NULL) 982 if (startdate == NULL)
999 startdate="today"; 983 startdate = "today";
1000 984
1001 if (enddate == NULL) { 985 if (enddate == NULL) {
1002 enddate = NCONF_get_string(conf, section, 986 enddate = NCONF_get_string(conf, section,
@@ -1008,7 +992,6 @@ bad:
1008 BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); 992 BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
1009 goto err; 993 goto err;
1010 } 994 }
1011
1012 if (days == 0) { 995 if (days == 0) {
1013 if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) 996 if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
1014 days = 0; 997 days = 0;
@@ -1017,7 +1000,6 @@ bad:
1017 BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); 1000 BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
1018 goto err; 1001 goto err;
1019 } 1002 }
1020
1021 if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { 1003 if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
1022 BIO_printf(bio_err, "error while loading serial number\n"); 1004 BIO_printf(bio_err, "error while loading serial number\n");
1023 goto err; 1005 goto err;
@@ -1032,12 +1014,10 @@ bad:
1032 free(f); 1014 free(f);
1033 } 1015 }
1034 } 1016 }
1035
1036 if ((attribs = NCONF_get_section(conf, policy)) == NULL) { 1017 if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
1037 BIO_printf(bio_err, "unable to find 'section' for %s\n", policy); 1018 BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
1038 goto err; 1019 goto err;
1039 } 1020 }
1040
1041 if ((cert_sk = sk_X509_new_null()) == NULL) { 1021 if ((cert_sk = sk_X509_new_null()) == NULL) {
1042 BIO_printf(bio_err, "Memory allocation failure\n"); 1022 BIO_printf(bio_err, "Memory allocation failure\n");
1043 goto err; 1023 goto err;
@@ -1123,14 +1103,15 @@ bad:
1123 } 1103 }
1124 } 1104 }
1125 } 1105 }
1126 /* we have a stack of newly certified certificates 1106 /*
1127 * and a data base and serial number that need 1107 * we have a stack of newly certified certificates and a data
1128 * updating */ 1108 * base and serial number that need updating
1109 */
1129 1110
1130 if (sk_X509_num(cert_sk) > 0) { 1111 if (sk_X509_num(cert_sk) > 0) {
1131 if (!batch) { 1112 if (!batch) {
1132 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total); 1113 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
1133 (void)BIO_flush(bio_err); 1114 (void) BIO_flush(bio_err);
1134 buf[0][0] = '\0'; 1115 buf[0][0] = '\0';
1135 if (!fgets(buf[0], 10, stdin)) { 1116 if (!fgets(buf[0], 10, stdin)) {
1136 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); 1117 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
@@ -1143,7 +1124,6 @@ bad:
1143 goto err; 1124 goto err;
1144 } 1125 }
1145 } 1126 }
1146
1147 BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); 1127 BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk));
1148 1128
1149 if (!save_serial(serialfile, "new", serial, NULL)) 1129 if (!save_serial(serialfile, "new", serial, NULL))
@@ -1152,7 +1132,6 @@ bad:
1152 if (!save_index(dbfile, "new", db)) 1132 if (!save_index(dbfile, "new", db))
1153 goto err; 1133 goto err;
1154 } 1134 }
1155
1156 if (verbose) 1135 if (verbose)
1157 BIO_printf(bio_err, "writing new certificates\n"); 1136 BIO_printf(bio_err, "writing new certificates\n");
1158 for (i = 0; i < sk_X509_num(cert_sk); i++) { 1137 for (i = 0; i < sk_X509_num(cert_sk); i++) {
@@ -1162,25 +1141,24 @@ bad:
1162 x = sk_X509_value(cert_sk, i); 1141 x = sk_X509_value(cert_sk, i);
1163 1142
1164 j = x->cert_info->serialNumber->length; 1143 j = x->cert_info->serialNumber->length;
1165 p = (const char *)x->cert_info->serialNumber->data; 1144 p = (const char *) x->cert_info->serialNumber->data;
1166 1145
1167 if (strlen(outdir) >= (size_t)(j ? BSIZE - j*2 - 6 : BSIZE - 8)) { 1146 if (strlen(outdir) >= (size_t) (j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
1168 BIO_printf(bio_err, "certificate file name too long\n"); 1147 BIO_printf(bio_err, "certificate file name too long\n");
1169 goto err; 1148 goto err;
1170 } 1149 }
1171
1172 strlcpy(buf[2], outdir, sizeof(buf[2])); 1150 strlcpy(buf[2], outdir, sizeof(buf[2]));
1173 1151
1174 BUF_strlcat(buf[2], "/", sizeof(buf[2])); 1152 BUF_strlcat(buf[2], "/", sizeof(buf[2]));
1175 1153
1176 n = (char *)&(buf[2][strlen(buf[2])]); 1154 n = (char *) &(buf[2][strlen(buf[2])]);
1177 if (j > 0) { 1155 if (j > 0) {
1178 for (k = 0; k < j; k++) { 1156 for (k = 0; k < j; k++) {
1179 if (n >= &(buf[2][sizeof(buf[2])])) 1157 if (n >= &(buf[2][sizeof(buf[2])]))
1180 break; 1158 break;
1181 (void) snprintf(n, 1159 (void) snprintf(n,
1182 &buf[2][0] + sizeof(buf[2]) - n, 1160 &buf[2][0] + sizeof(buf[2]) - n,
1183 "%02X", (unsigned char)*(p++)); 1161 "%02X", (unsigned char) *(p++));
1184 n += 2; 1162 n += 2;
1185 } 1163 }
1186 } else { 1164 } else {
@@ -1214,7 +1192,6 @@ bad:
1214 BIO_printf(bio_err, "Data Base Updated\n"); 1192 BIO_printf(bio_err, "Data Base Updated\n");
1215 } 1193 }
1216 } 1194 }
1217
1218 /*****************************************************************/ 1195 /*****************************************************************/
1219 if (gencrl) { 1196 if (gencrl) {
1220 int crl_v2 = 0; 1197 int crl_v2 = 0;
@@ -1236,20 +1213,18 @@ bad:
1236 goto err; 1213 goto err;
1237 } 1214 }
1238 } 1215 }
1239
1240 if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) 1216 if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
1241 != NULL) 1217 != NULL)
1242 if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) { 1218 if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
1243 BIO_printf(bio_err, "error while loading CRL number\n"); 1219 BIO_printf(bio_err, "error while loading CRL number\n");
1244 goto err; 1220 goto err;
1245 } 1221 }
1246
1247 if (!crldays && !crlhours && !crlsec) { 1222 if (!crldays && !crlhours && !crlsec) {
1248 if (!NCONF_get_number(conf, section, 1223 if (!NCONF_get_number(conf, section,
1249 ENV_DEFAULT_CRL_DAYS, &crldays)) 1224 ENV_DEFAULT_CRL_DAYS, &crldays))
1250 crldays = 0; 1225 crldays = 0;
1251 if (!NCONF_get_number(conf, section, 1226 if (!NCONF_get_number(conf, section,
1252 ENV_DEFAULT_CRL_HOURS, &crlhours)) 1227 ENV_DEFAULT_CRL_HOURS, &crlhours))
1253 crlhours = 0; 1228 crlhours = 0;
1254 ERR_clear_error(); 1229 ERR_clear_error();
1255 } 1230 }
@@ -1257,7 +1232,6 @@ bad:
1257 BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n"); 1232 BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n");
1258 goto err; 1233 goto err;
1259 } 1234 }
1260
1261 if (verbose) 1235 if (verbose)
1262 BIO_printf(bio_err, "making CRL\n"); 1236 BIO_printf(bio_err, "making CRL\n");
1263 if ((crl = X509_CRL_new()) == NULL) 1237 if ((crl = X509_CRL_new()) == NULL)
@@ -1270,8 +1244,8 @@ bad:
1270 goto err; 1244 goto err;
1271 X509_gmtime_adj(tmptm, 0); 1245 X509_gmtime_adj(tmptm, 0);
1272 X509_CRL_set_lastUpdate(crl, tmptm); 1246 X509_CRL_set_lastUpdate(crl, tmptm);
1273 if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, 1247 if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
1274 NULL)) { 1248 NULL)) {
1275 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1249 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1276 goto err; 1250 goto err;
1277 } 1251 }
@@ -1302,8 +1276,9 @@ bad:
1302 } 1276 }
1303 } 1277 }
1304 1278
1305 /* sort the data so it will be written in serial 1279 /*
1306 * number order */ 1280 * sort the data so it will be written in serial number order
1281 */
1307 X509_CRL_sort(crl); 1282 X509_CRL_sort(crl);
1308 1283
1309 /* we now have a CRL */ 1284 /* we now have a CRL */
@@ -1319,7 +1294,8 @@ bad:
1319 1294
1320 if (crl_ext) 1295 if (crl_ext)
1321 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1296 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1322 crl_ext, crl)) goto err; 1297 crl_ext, crl))
1298 goto err;
1323 if (crlnumberfile != NULL) { 1299 if (crlnumberfile != NULL) {
1324 tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); 1300 tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
1325 if (!tmpser) 1301 if (!tmpser)
@@ -1333,11 +1309,10 @@ bad:
1333 } 1309 }
1334 if (crl_ext || crl_v2) { 1310 if (crl_ext || crl_v2) {
1335 if (!X509_CRL_set_version(crl, 1)) 1311 if (!X509_CRL_set_version(crl, 1))
1336 goto err; /* version 2 CRL */ 1312 goto err; /* version 2 CRL */
1337 } 1313 }
1338 1314 if (crlnumberfile != NULL) /* we have a CRL number that
1339 1315 * need updating */
1340 if (crlnumberfile != NULL) /* we have a CRL number that need updating */
1341 if (!save_serial(crlnumberfile, "new", crlnumber, NULL)) 1316 if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
1342 goto err; 1317 goto err;
1343 1318
@@ -1345,7 +1320,6 @@ bad:
1345 BN_free(crlnumber); 1320 BN_free(crlnumber);
1346 crlnumber = NULL; 1321 crlnumber = NULL;
1347 } 1322 }
1348
1349 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts)) 1323 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
1350 goto err; 1324 goto err;
1351 1325
@@ -1412,7 +1386,7 @@ err:
1412 NCONF_free(extconf); 1386 NCONF_free(extconf);
1413 OBJ_cleanup(); 1387 OBJ_cleanup();
1414 apps_shutdown(); 1388 apps_shutdown();
1415 return(ret); 1389 return (ret);
1416} 1390}
1417 1391
1418static void 1392static void
@@ -1422,11 +1396,11 @@ lookup_fail(const char *name, const char *tag)
1422} 1396}
1423 1397
1424static int 1398static int
1425certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1399certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
1426 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1400 const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
1427 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 1401 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
1428 unsigned long chtype, int multirdn, int email_dn, char *startdate, 1402 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1429 char *enddate, long days, int batch, char *ext_sect, CONF *lconf, 1403 char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
1430 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 1404 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1431 int ext_copy, int selfsign) 1405 int ext_copy, int selfsign)
1432{ 1406{
@@ -1488,13 +1462,13 @@ err:
1488} 1462}
1489 1463
1490static int 1464static int
1491certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1465certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
1492 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1466 const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
1493 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 1467 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
1494 unsigned long chtype, int multirdn, int email_dn, char *startdate, 1468 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1495 char *enddate, long days, int batch, char *ext_sect, CONF *lconf, 1469 char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
1496 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 1470 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1497 int ext_copy, ENGINE *e) 1471 int ext_copy, ENGINE * e)
1498{ 1472{
1499 X509 *req = NULL; 1473 X509 *req = NULL;
1500 X509_REQ *rreq = NULL; 1474 X509_REQ *rreq = NULL;
@@ -1542,11 +1516,11 @@ err:
1542} 1516}
1543 1517
1544static int 1518static int
1545do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 1519do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
1546 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, 1520 STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy,
1547 CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, 1521 CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn,
1548 int email_dn, char *startdate, char *enddate, long days, int batch, 1522 int email_dn, char *startdate, char *enddate, long days, int batch,
1549 int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, 1523 int verbose, X509_REQ * req, char *ext_sect, CONF * lconf,
1550 unsigned long certopt, unsigned long nameopt, int default_op, 1524 unsigned long certopt, unsigned long nameopt, int default_op,
1551 int ext_copy, int selfsign) 1525 int ext_copy, int selfsign)
1552{ 1526{
@@ -1572,7 +1546,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1572 BIO_printf(bio_err, "malloc error\n"); 1546 BIO_printf(bio_err, "malloc error\n");
1573 return (0); 1547 return (0);
1574 } 1548 }
1575
1576 for (i = 0; i < DB_NUMBER; i++) 1549 for (i = 0; i < DB_NUMBER; i++)
1577 row[i] = NULL; 1550 row[i] = NULL;
1578 1551
@@ -1587,7 +1560,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1587 req->req_info->enc.modified = 1; 1560 req->req_info->enc.modified = 1;
1588 X509_NAME_free(n); 1561 X509_NAME_free(n);
1589 } 1562 }
1590
1591 if (default_op) 1563 if (default_op)
1592 BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n"); 1564 BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
1593 1565
@@ -1612,7 +1584,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1612 (str->type == V_ASN1_PRINTABLESTRING)) 1584 (str->type == V_ASN1_PRINTABLESTRING))
1613 str->type = V_ASN1_IA5STRING; 1585 str->type = V_ASN1_IA5STRING;
1614 } 1586 }
1615
1616 /* If no EMAIL is wanted in the subject */ 1587 /* If no EMAIL is wanted in the subject */
1617 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) 1588 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
1618 continue; 1589 continue;
@@ -1626,14 +1597,13 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1626 if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) { 1597 if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) {
1627 j = ASN1_PRINTABLE_type(str->data, str->length); 1598 j = ASN1_PRINTABLE_type(str->data, str->length);
1628 if (((j == V_ASN1_T61STRING) && 1599 if (((j == V_ASN1_T61STRING) &&
1629 (str->type != V_ASN1_T61STRING)) || 1600 (str->type != V_ASN1_T61STRING)) ||
1630 ((j == V_ASN1_IA5STRING) && 1601 ((j == V_ASN1_IA5STRING) &&
1631 (str->type == V_ASN1_PRINTABLESTRING))) { 1602 (str->type == V_ASN1_PRINTABLESTRING))) {
1632 BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n"); 1603 BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n");
1633 goto err; 1604 goto err;
1634 } 1605 }
1635 } 1606 }
1636
1637 if (default_op) 1607 if (default_op)
1638 old_entry_print(bio_err, obj, str); 1608 old_entry_print(bio_err, obj, str);
1639 } 1609 }
@@ -1643,7 +1613,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1643 BIO_printf(bio_err, "Memory allocation failure\n"); 1613 BIO_printf(bio_err, "Memory allocation failure\n");
1644 goto err; 1614 goto err;
1645 } 1615 }
1646
1647 /* take a copy of the issuer name before we mess with it. */ 1616 /* take a copy of the issuer name before we mess with it. */
1648 if (selfsign) 1617 if (selfsign)
1649 CAname = X509_NAME_dup(name); 1618 CAname = X509_NAME_dup(name);
@@ -1654,7 +1623,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1654 str = str2 = NULL; 1623 str = str2 = NULL;
1655 1624
1656 for (i = 0; i < sk_CONF_VALUE_num(policy); i++) { 1625 for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
1657 cv=sk_CONF_VALUE_value(policy,i); /* get the object id */ 1626 cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
1658 if ((j = OBJ_txt2nid(cv->name)) == NID_undef) { 1627 if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
1659 BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name); 1628 BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name);
1660 goto err; 1629 goto err;
@@ -1692,10 +1661,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1692 BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name); 1661 BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name);
1693 goto err; 1662 goto err;
1694 } 1663 }
1695
1696 last2 = -1; 1664 last2 = -1;
1697 1665
1698again2: 1666 again2:
1699 j = X509_NAME_get_index_by_OBJ(CAname, obj, last2); 1667 j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
1700 if ((j < 0) && (last2 == -1)) { 1668 if ((j < 0) && (last2 == -1)) {
1701 BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name); 1669 BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name);
@@ -1710,7 +1678,7 @@ again2:
1710 goto again2; 1678 goto again2;
1711 } 1679 }
1712 if (j < 0) { 1680 if (j < 0) {
1713 BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL)?"NULL":(char *)str2->data), ((str == NULL)?"NULL":(char *)str->data)); 1681 BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL) ? "NULL" : (char *) str2->data), ((str == NULL) ? "NULL" : (char *) str->data));
1714 goto err; 1682 goto err;
1715 } 1683 }
1716 } else { 1684 } else {
@@ -1738,18 +1706,21 @@ again2:
1738 if (subject == NULL) 1706 if (subject == NULL)
1739 goto err; 1707 goto err;
1740 } 1708 }
1741
1742 if (verbose) 1709 if (verbose)
1743 BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n"); 1710 BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n");
1744 1711
1745 /* Build the correct Subject if no e-mail is wanted in the subject */ 1712 /* Build the correct Subject if no e-mail is wanted in the subject */
1746 /* and add it later on because of the method extensions are added (altName) */ 1713 /*
1714 * and add it later on because of the method extensions are added
1715 * (altName)
1716 */
1747 1717
1748 if (email_dn) 1718 if (email_dn)
1749 dn_subject = subject; 1719 dn_subject = subject;
1750 else { 1720 else {
1751 X509_NAME_ENTRY *tmpne; 1721 X509_NAME_ENTRY *tmpne;
1752 /* Its best to dup the subject DN and then delete any email 1722 /*
1723 * Its best to dup the subject DN and then delete any email
1753 * addresses because this retains its structure. 1724 * addresses because this retains its structure.
1754 */ 1725 */
1755 if (!(dn_subject = X509_NAME_dup(subject))) { 1726 if (!(dn_subject = X509_NAME_dup(subject))) {
@@ -1772,7 +1743,6 @@ again2:
1772 BIO_printf(bio_err, "Memory allocation failure\n"); 1743 BIO_printf(bio_err, "Memory allocation failure\n");
1773 goto err; 1744 goto err;
1774 } 1745 }
1775
1776 if (db->attributes.unique_subject) { 1746 if (db->attributes.unique_subject) {
1777 OPENSSL_STRING *crow = row; 1747 OPENSSL_STRING *crow = row;
1778 1748
@@ -1791,35 +1761,43 @@ again2:
1791 BIO_printf(bio_err, " check the database/serial_file for corruption\n"); 1761 BIO_printf(bio_err, " check the database/serial_file for corruption\n");
1792 } 1762 }
1793 } 1763 }
1794
1795 if (rrow != NULL) { 1764 if (rrow != NULL) {
1796 BIO_printf(bio_err, 1765 BIO_printf(bio_err,
1797 "The matching entry has the following details\n"); 1766 "The matching entry has the following details\n");
1798 if (rrow[DB_type][0] == 'E') 1767 if (rrow[DB_type][0] == 'E')
1799 p="Expired"; 1768 p = "Expired";
1800 else if (rrow[DB_type][0] == 'R') 1769 else if (rrow[DB_type][0] == 'R')
1801 p="Revoked"; 1770 p = "Revoked";
1802 else if (rrow[DB_type][0] == 'V') 1771 else if (rrow[DB_type][0] == 'V')
1803 p="Valid"; 1772 p = "Valid";
1804 else 1773 else
1805 p="\ninvalid type, Data base error\n"; 1774 p = "\ninvalid type, Data base error\n";
1806 BIO_printf(bio_err, "Type :%s\n", p); 1775 BIO_printf(bio_err, "Type :%s\n", p);
1807 if (rrow[DB_type][0] == 'R') { 1776 if (rrow[DB_type][0] == 'R') {
1808 p = rrow[DB_exp_date]; if (p == NULL) p="undef"; 1777 p = rrow[DB_exp_date];
1778 if (p == NULL)
1779 p = "undef";
1809 BIO_printf(bio_err, "Was revoked on:%s\n", p); 1780 BIO_printf(bio_err, "Was revoked on:%s\n", p);
1810 } 1781 }
1811 p = rrow[DB_exp_date]; if (p == NULL) p="undef"; 1782 p = rrow[DB_exp_date];
1783 if (p == NULL)
1784 p = "undef";
1812 BIO_printf(bio_err, "Expires on :%s\n", p); 1785 BIO_printf(bio_err, "Expires on :%s\n", p);
1813 p = rrow[DB_serial]; if (p == NULL) p="undef"; 1786 p = rrow[DB_serial];
1787 if (p == NULL)
1788 p = "undef";
1814 BIO_printf(bio_err, "Serial Number :%s\n", p); 1789 BIO_printf(bio_err, "Serial Number :%s\n", p);
1815 p = rrow[DB_file]; if (p == NULL) p="undef"; 1790 p = rrow[DB_file];
1791 if (p == NULL)
1792 p = "undef";
1816 BIO_printf(bio_err, "File name :%s\n", p); 1793 BIO_printf(bio_err, "File name :%s\n", p);
1817 p = rrow[DB_name]; if (p == NULL) p="undef"; 1794 p = rrow[DB_name];
1795 if (p == NULL)
1796 p = "undef";
1818 BIO_printf(bio_err, "Subject Name :%s\n", p); 1797 BIO_printf(bio_err, "Subject Name :%s\n", p);
1819 ok= -1; /* This is now a 'bad' error. */ 1798 ok = -1; /* This is now a 'bad' error. */
1820 goto err; 1799 goto err;
1821 } 1800 }
1822
1823 /* We are now totally happy, lets make and sign the certificate */ 1801 /* We are now totally happy, lets make and sign the certificate */
1824 if (verbose) 1802 if (verbose)
1825 BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n"); 1803 BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n");
@@ -1869,10 +1847,12 @@ again2:
1869 if (ci->version == NULL) 1847 if (ci->version == NULL)
1870 if ((ci->version = ASN1_INTEGER_new()) == NULL) 1848 if ((ci->version = ASN1_INTEGER_new()) == NULL)
1871 goto err; 1849 goto err;
1872 ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ 1850 ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
1873 1851
1874 /* Free the current entries if any, there should not 1852 /*
1875 * be any I believe */ 1853 * Free the current entries if any, there should not be any I
1854 * believe
1855 */
1876 if (ci->extensions != NULL) 1856 if (ci->extensions != NULL)
1877 sk_X509_EXTENSION_pop_free(ci->extensions, 1857 sk_X509_EXTENSION_pop_free(ci->extensions,
1878 X509_EXTENSION_free); 1858 X509_EXTENSION_free);
@@ -1914,12 +1894,10 @@ again2:
1914 ERR_print_errors(bio_err); 1894 ERR_print_errors(bio_err);
1915 goto err; 1895 goto err;
1916 } 1896 }
1917
1918 if (verbose) 1897 if (verbose)
1919 BIO_printf(bio_err, "Successfully added extensions from config\n"); 1898 BIO_printf(bio_err, "Successfully added extensions from config\n");
1920 } 1899 }
1921 } 1900 }
1922
1923 /* Copy extensions from request (if any) */ 1901 /* Copy extensions from request (if any) */
1924 1902
1925 if (!copy_extensions(ret, req, ext_copy)) { 1903 if (!copy_extensions(ret, req, ext_copy)) {
@@ -1927,20 +1905,20 @@ again2:
1927 ERR_print_errors(bio_err); 1905 ERR_print_errors(bio_err);
1928 goto err; 1906 goto err;
1929 } 1907 }
1930
1931 /* Set the right value for the noemailDN option */ 1908 /* Set the right value for the noemailDN option */
1932 if (email_dn == 0 ) { 1909 if (email_dn == 0) {
1933 if (!X509_set_subject_name(ret, dn_subject)) 1910 if (!X509_set_subject_name(ret, dn_subject))
1934 goto err; 1911 goto err;
1935 } 1912 }
1936
1937 if (!default_op) { 1913 if (!default_op) {
1938 BIO_printf(bio_err, "Certificate Details:\n"); 1914 BIO_printf(bio_err, "Certificate Details:\n");
1939 /* Never print signature details because signature not present */ 1915 /*
1916 * Never print signature details because signature not
1917 * present
1918 */
1940 certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; 1919 certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
1941 X509_print_ex(bio_err, ret, nameopt, certopt); 1920 X509_print_ex(bio_err, ret, nameopt, certopt);
1942 } 1921 }
1943
1944 BIO_printf(bio_err, "Certificate is to be certified until "); 1922 BIO_printf(bio_err, "Certificate is to be certified until ");
1945 ASN1_TIME_print(bio_err, X509_get_notAfter(ret)); 1923 ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
1946 if (days) 1924 if (days)
@@ -1950,7 +1928,7 @@ again2:
1950 if (!batch) { 1928 if (!batch) {
1951 1929
1952 BIO_printf(bio_err, "Sign the certificate? [y/n]:"); 1930 BIO_printf(bio_err, "Sign the certificate? [y/n]:");
1953 (void)BIO_flush(bio_err); 1931 (void) BIO_flush(bio_err);
1954 buf[0] = '\0'; 1932 buf[0] = '\0';
1955 if (!fgets(buf, sizeof(buf) - 1, stdin)) { 1933 if (!fgets(buf, sizeof(buf) - 1, stdin)) {
1956 BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); 1934 BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
@@ -1963,7 +1941,6 @@ again2:
1963 goto err; 1941 goto err;
1964 } 1942 }
1965 } 1943 }
1966
1967 pktmp = X509_get_pubkey(ret); 1944 pktmp = X509_get_pubkey(ret);
1968 if (EVP_PKEY_missing_parameters(pktmp) && 1945 if (EVP_PKEY_missing_parameters(pktmp) &&
1969 !EVP_PKEY_missing_parameters(pkey)) 1946 !EVP_PKEY_missing_parameters(pkey))
@@ -1974,17 +1951,17 @@ again2:
1974 goto err; 1951 goto err;
1975 1952
1976 /* We now just add it to the database */ 1953 /* We now just add it to the database */
1977 row[DB_type] = (char *)malloc(2); 1954 row[DB_type] = (char *) malloc(2);
1978 1955
1979 tm = X509_get_notAfter(ret); 1956 tm = X509_get_notAfter(ret);
1980 row[DB_exp_date] = (char *)malloc(tm->length + 1); 1957 row[DB_exp_date] = (char *) malloc(tm->length + 1);
1981 memcpy(row[DB_exp_date], tm->data, tm->length); 1958 memcpy(row[DB_exp_date], tm->data, tm->length);
1982 row[DB_exp_date][tm->length] = '\0'; 1959 row[DB_exp_date][tm->length] = '\0';
1983 1960
1984 row[DB_rev_date] = NULL; 1961 row[DB_rev_date] = NULL;
1985 1962
1986 /* row[DB_serial] done already */ 1963 /* row[DB_serial] done already */
1987 row[DB_file] = (char *)malloc(8); 1964 row[DB_file] = (char *) malloc(8);
1988 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); 1965 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
1989 1966
1990 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 1967 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
@@ -1996,11 +1973,10 @@ again2:
1996 row[DB_type][0] = 'V'; 1973 row[DB_type][0] = 'V';
1997 row[DB_type][1] = '\0'; 1974 row[DB_type][1] = '\0';
1998 1975
1999 if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) { 1976 if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
2000 BIO_printf(bio_err, "Memory allocation failure\n"); 1977 BIO_printf(bio_err, "Memory allocation failure\n");
2001 goto err; 1978 goto err;
2002 } 1979 }
2003
2004 for (i = 0; i < DB_NUMBER; i++) { 1980 for (i = 0; i < DB_NUMBER; i++) {
2005 irow[i] = row[i]; 1981 irow[i] = row[i];
2006 row[i] = NULL; 1982 row[i] = NULL;
@@ -2036,10 +2012,10 @@ err:
2036} 2012}
2037 2013
2038static void 2014static void
2039write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) 2015write_new_certificate(BIO * bp, X509 * x, int output_der, int notext)
2040{ 2016{
2041 if (output_der) { 2017 if (output_der) {
2042 (void)i2d_X509_bio(bp, x); 2018 (void) i2d_X509_bio(bp, x);
2043 return; 2019 return;
2044 } 2020 }
2045#if 0 2021#if 0
@@ -2060,15 +2036,15 @@ write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
2060} 2036}
2061 2037
2062static int 2038static int
2063certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 2039certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
2064 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 2040 const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
2065 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, 2041 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
2066 unsigned long chtype, int multirdn, int email_dn, char *startdate, 2042 unsigned long chtype, int multirdn, int email_dn, char *startdate,
2067 char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, 2043 char *enddate, long days, char *ext_sect, CONF * lconf, int verbose,
2068 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) 2044 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy)
2069{ 2045{
2070 STACK_OF(CONF_VALUE) *sk = NULL; 2046 STACK_OF(CONF_VALUE) * sk = NULL;
2071 LHASH_OF(CONF_VALUE) *parms = NULL; 2047 LHASH_OF(CONF_VALUE) * parms = NULL;
2072 X509_REQ *req = NULL; 2048 X509_REQ *req = NULL;
2073 CONF_VALUE *cv = NULL; 2049 CONF_VALUE *cv = NULL;
2074 NETSCAPE_SPKI *spki = NULL; 2050 NETSCAPE_SPKI *spki = NULL;
@@ -2092,14 +2068,12 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2092 ERR_print_errors(bio_err); 2068 ERR_print_errors(bio_err);
2093 goto err; 2069 goto err;
2094 } 2070 }
2095
2096 sk = CONF_get_section(parms, "default"); 2071 sk = CONF_get_section(parms, "default");
2097 if (sk_CONF_VALUE_num(sk) == 0) { 2072 if (sk_CONF_VALUE_num(sk) == 0) {
2098 BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); 2073 BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
2099 CONF_free(parms); 2074 CONF_free(parms);
2100 goto err; 2075 goto err;
2101 } 2076 }
2102
2103 /* 2077 /*
2104 * Now create a dummy X509 request structure. We don't actually 2078 * Now create a dummy X509 request structure. We don't actually
2105 * have an X509 request, but we have many of the components 2079 * have an X509 request, but we have many of the components
@@ -2112,21 +2086,21 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2112 ERR_print_errors(bio_err); 2086 ERR_print_errors(bio_err);
2113 goto err; 2087 goto err;
2114 } 2088 }
2115
2116 /* 2089 /*
2117 * Build up the subject name set. 2090 * Build up the subject name set.
2118 */ 2091 */
2119 ri = req->req_info; 2092 ri = req->req_info;
2120 n = ri->subject; 2093 n = ri->subject;
2121 2094
2122 for (i = 0; ; i++) { 2095 for (i = 0;; i++) {
2123 if (sk_CONF_VALUE_num(sk) <= i) 2096 if (sk_CONF_VALUE_num(sk) <= i)
2124 break; 2097 break;
2125 2098
2126 cv = sk_CONF_VALUE_value(sk, i); 2099 cv = sk_CONF_VALUE_value(sk, i);
2127 type = cv->name; 2100 type = cv->name;
2128 /* Skip past any leading X. X: X, etc to allow for 2101 /*
2129 * multiple instances 2102 * Skip past any leading X. X: X, etc to allow for multiple
2103 * instances
2130 */ 2104 */
2131 for (buf = cv->name; *buf; buf++) { 2105 for (buf = cv->name; *buf; buf++) {
2132 if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { 2106 if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
@@ -2149,9 +2123,8 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2149 } 2123 }
2150 continue; 2124 continue;
2151 } 2125 }
2152
2153 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, 2126 if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
2154 (unsigned char *)buf, -1, -1, 0)) 2127 (unsigned char *) buf, -1, -1, 0))
2155 goto err; 2128 goto err;
2156 } 2129 }
2157 if (spki == NULL) { 2130 if (spki == NULL) {
@@ -2159,7 +2132,6 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2159 infile); 2132 infile);
2160 goto err; 2133 goto err;
2161 } 2134 }
2162
2163 /* 2135 /*
2164 * Now extract the key from the SPKI structure. 2136 * Now extract the key from the SPKI structure.
2165 */ 2137 */
@@ -2170,7 +2142,6 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2170 BIO_printf(bio_err, "error unpacking SPKAC public key\n"); 2142 BIO_printf(bio_err, "error unpacking SPKAC public key\n");
2171 goto err; 2143 goto err;
2172 } 2144 }
2173
2174 j = NETSCAPE_SPKI_verify(spki, pktmp); 2145 j = NETSCAPE_SPKI_verify(spki, pktmp);
2175 if (j <= 0) { 2146 if (j <= 0) {
2176 BIO_printf(bio_err, "signature verification failed on SPKAC public key\n"); 2147 BIO_printf(bio_err, "signature verification failed on SPKAC public key\n");
@@ -2203,7 +2174,7 @@ check_time_format(const char *str)
2203} 2174}
2204 2175
2205static int 2176static int
2206do_revoke(X509 *x509, CA_DB *db, int type, char *value) 2177do_revoke(X509 * x509, CA_DB * db, int type, char *value)
2207{ 2178{
2208 ASN1_UTCTIME *tm = NULL; 2179 ASN1_UTCTIME *tm = NULL;
2209 char *row[DB_NUMBER], **rrow, **irow; 2180 char *row[DB_NUMBER], **rrow, **irow;
@@ -2226,25 +2197,26 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2226 BIO_printf(bio_err, "Memory allocation failure\n"); 2197 BIO_printf(bio_err, "Memory allocation failure\n");
2227 goto err; 2198 goto err;
2228 } 2199 }
2229 /* We have to lookup by serial number because name lookup 2200 /*
2230 * skips revoked certs 2201 * We have to lookup by serial number because name lookup skips
2231 */ 2202 * revoked certs
2203 */
2232 rrow = TXT_DB_get_by_index(db->db, DB_serial, row); 2204 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
2233 if (rrow == NULL) { 2205 if (rrow == NULL) {
2234 BIO_printf(bio_err, "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); 2206 BIO_printf(bio_err, "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
2235 2207
2236 /* We now just add it to the database */ 2208 /* We now just add it to the database */
2237 row[DB_type] = (char *)malloc(2); 2209 row[DB_type] = (char *) malloc(2);
2238 2210
2239 tm = X509_get_notAfter(x509); 2211 tm = X509_get_notAfter(x509);
2240 row[DB_exp_date] = (char *)malloc(tm->length + 1); 2212 row[DB_exp_date] = (char *) malloc(tm->length + 1);
2241 memcpy(row[DB_exp_date], tm->data, tm->length); 2213 memcpy(row[DB_exp_date], tm->data, tm->length);
2242 row[DB_exp_date][tm->length] = '\0'; 2214 row[DB_exp_date][tm->length] = '\0';
2243 2215
2244 row[DB_rev_date] = NULL; 2216 row[DB_rev_date] = NULL;
2245 2217
2246 /* row[DB_serial] done already */ 2218 /* row[DB_serial] done already */
2247 row[DB_file] = (char *)malloc(8); 2219 row[DB_file] = (char *) malloc(8);
2248 2220
2249 /* row[DB_name] done already */ 2221 /* row[DB_name] done already */
2250 2222
@@ -2257,11 +2229,10 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2257 row[DB_type][0] = 'V'; 2229 row[DB_type][0] = 'V';
2258 row[DB_type][1] = '\0'; 2230 row[DB_type][1] = '\0';
2259 2231
2260 if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) { 2232 if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
2261 BIO_printf(bio_err, "Memory allocation failure\n"); 2233 BIO_printf(bio_err, "Memory allocation failure\n");
2262 goto err; 2234 goto err;
2263 } 2235 }
2264
2265 for (i = 0; i < DB_NUMBER; i++) { 2236 for (i = 0; i < DB_NUMBER; i++) {
2266 irow[i] = row[i]; 2237 irow[i] = row[i];
2267 row[i] = NULL; 2238 row[i] = NULL;
@@ -2273,7 +2244,6 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2273 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); 2244 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
2274 goto err; 2245 goto err;
2275 } 2246 }
2276
2277 /* Revoke Certificate */ 2247 /* Revoke Certificate */
2278 ok = do_revoke(x509, db, type, value); 2248 ok = do_revoke(x509, db, type, value);
2279 2249
@@ -2283,7 +2253,7 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2283 BIO_printf(bio_err, "ERROR:name does not match %s\n", 2253 BIO_printf(bio_err, "ERROR:name does not match %s\n",
2284 row[DB_name]); 2254 row[DB_name]);
2285 goto err; 2255 goto err;
2286 } else if (rrow[DB_type][0]=='R') { 2256 } else if (rrow[DB_type][0] == 'R') {
2287 BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n", 2257 BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
2288 row[DB_serial]); 2258 row[DB_serial]);
2289 goto err; 2259 goto err;
@@ -2308,7 +2278,7 @@ err:
2308} 2278}
2309 2279
2310static int 2280static int
2311get_certificate_status(const char *serial, CA_DB *db) 2281get_certificate_status(const char *serial, CA_DB * db)
2312{ 2282{
2313 char *row[DB_NUMBER], **rrow; 2283 char *row[DB_NUMBER], **rrow;
2314 int ok = -1, i; 2284 int ok = -1, i;
@@ -2323,13 +2293,12 @@ get_certificate_status(const char *serial, CA_DB *db)
2323 BIO_printf(bio_err, "Malloc failure\n"); 2293 BIO_printf(bio_err, "Malloc failure\n");
2324 goto err; 2294 goto err;
2325 } 2295 }
2326
2327 if (strlen(serial) % 2) { 2296 if (strlen(serial) % 2) {
2328 /* Set the first char to 0 */; 2297 /* Set the first char to 0 */ ;
2329 row[DB_serial][0]='0'; 2298 row[DB_serial][0] = '0';
2330 2299
2331 /* Copy String from serial to row[DB_serial] */ 2300 /* Copy String from serial to row[DB_serial] */
2332 memcpy(row[DB_serial]+1, serial, strlen(serial)); 2301 memcpy(row[DB_serial] + 1, serial, strlen(serial));
2333 row[DB_serial][strlen(serial) + 1] = '\0'; 2302 row[DB_serial][strlen(serial) + 1] = '\0';
2334 } else { 2303 } else {
2335 /* Copy String from serial to row[DB_serial] */ 2304 /* Copy String from serial to row[DB_serial] */
@@ -2339,7 +2308,7 @@ get_certificate_status(const char *serial, CA_DB *db)
2339 2308
2340 /* Make it Upper Case */ 2309 /* Make it Upper Case */
2341 for (i = 0; row[DB_serial][i] != '\0'; i++) 2310 for (i = 0; row[DB_serial][i] != '\0'; i++)
2342 row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); 2311 row[DB_serial][i] = toupper((unsigned char) row[DB_serial][i]);
2343 2312
2344 2313
2345 ok = 1; 2314 ok = 1;
@@ -2351,19 +2320,19 @@ get_certificate_status(const char *serial, CA_DB *db)
2351 row[DB_serial]); 2320 row[DB_serial]);
2352 ok = -1; 2321 ok = -1;
2353 goto err; 2322 goto err;
2354 } else if (rrow[DB_type][0]=='V') { 2323 } else if (rrow[DB_type][0] == 'V') {
2355 BIO_printf(bio_err, "%s=Valid (%c)\n", 2324 BIO_printf(bio_err, "%s=Valid (%c)\n",
2356 row[DB_serial], rrow[DB_type][0]); 2325 row[DB_serial], rrow[DB_type][0]);
2357 goto err; 2326 goto err;
2358 } else if (rrow[DB_type][0]=='R') { 2327 } else if (rrow[DB_type][0] == 'R') {
2359 BIO_printf(bio_err, "%s=Revoked (%c)\n", 2328 BIO_printf(bio_err, "%s=Revoked (%c)\n",
2360 row[DB_serial], rrow[DB_type][0]); 2329 row[DB_serial], rrow[DB_type][0]);
2361 goto err; 2330 goto err;
2362 } else if (rrow[DB_type][0]=='E') { 2331 } else if (rrow[DB_type][0] == 'E') {
2363 BIO_printf(bio_err, "%s=Expired (%c)\n", 2332 BIO_printf(bio_err, "%s=Expired (%c)\n",
2364 row[DB_serial], rrow[DB_type][0]); 2333 row[DB_serial], rrow[DB_type][0]);
2365 goto err; 2334 goto err;
2366 } else if (rrow[DB_type][0]=='S') { 2335 } else if (rrow[DB_type][0] == 'S') {
2367 BIO_printf(bio_err, "%s=Suspended (%c)\n", 2336 BIO_printf(bio_err, "%s=Suspended (%c)\n",
2368 row[DB_serial], rrow[DB_type][0]); 2337 row[DB_serial], rrow[DB_type][0]);
2369 goto err; 2338 goto err;
@@ -2380,11 +2349,12 @@ err:
2380 return (ok); 2349 return (ok);
2381} 2350}
2382 2351
2383static int do_updatedb (CA_DB *db) 2352static int
2353do_updatedb(CA_DB * db)
2384{ 2354{
2385 ASN1_UTCTIME *a_tm = NULL; 2355 ASN1_UTCTIME *a_tm = NULL;
2386 int i, cnt = 0; 2356 int i, cnt = 0;
2387 int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ 2357 int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
2388 char **rrow, *a_tm_s; 2358 char **rrow, *a_tm_s;
2389 2359
2390 a_tm = ASN1_UTCTIME_new(); 2360 a_tm = ASN1_UTCTIME_new();
@@ -2396,7 +2366,6 @@ static int do_updatedb (CA_DB *db)
2396 cnt = -1; 2366 cnt = -1;
2397 goto err; 2367 goto err;
2398 } 2368 }
2399
2400 memcpy(a_tm_s, a_tm->data, a_tm->length); 2369 memcpy(a_tm_s, a_tm->data, a_tm->length);
2401 a_tm_s[a_tm->length] = '\0'; 2370 a_tm_s[a_tm->length] = '\0';
2402 2371
@@ -2433,7 +2402,6 @@ static int do_updatedb (CA_DB *db)
2433 BIO_printf(bio_err, "%s=Expired\n", 2402 BIO_printf(bio_err, "%s=Expired\n",
2434 rrow[DB_serial]); 2403 rrow[DB_serial]);
2435 } 2404 }
2436
2437 } 2405 }
2438 } 2406 }
2439 2407
@@ -2505,7 +2473,6 @@ make_revocation_str(int rev_type, char *rev_arg)
2505 BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); 2473 BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
2506 return NULL; 2474 return NULL;
2507 } 2475 }
2508
2509 reason = "holdInstruction"; 2476 reason = "holdInstruction";
2510 other = rev_arg; 2477 other = rev_arg;
2511 break; 2478 break;
@@ -2532,17 +2499,19 @@ make_revocation_str(int rev_type, char *rev_arg)
2532 2499
2533 i = revtm->length + 1; 2500 i = revtm->length + 1;
2534 2501
2535 if (reason) i += strlen(reason) 2502 if (reason)
2536 + 1; 2503 i += strlen(reason)
2537 if (other) i += strlen(other) 2504 + 1;
2538 + 1; 2505 if (other)
2506 i += strlen(other)
2507 + 1;
2539 2508
2540 str = malloc(i); 2509 str = malloc(i);
2541 2510
2542 if (!str) 2511 if (!str)
2543 return NULL; 2512 return NULL;
2544 2513
2545 BUF_strlcpy(str, (char *)revtm->data, i); 2514 BUF_strlcpy(str, (char *) revtm->data, i);
2546 if (reason) { 2515 if (reason) {
2547 BUF_strlcat(str, ",", i); 2516 BUF_strlcat(str, ",", i);
2548 BUF_strlcat(str, reason, i); 2517 BUF_strlcat(str, reason, i);
@@ -2563,7 +2532,7 @@ make_revocation_str(int rev_type, char *rev_arg)
2563 */ 2532 */
2564 2533
2565int 2534int
2566make_revoked(X509_REVOKED *rev, const char *str) 2535make_revoked(X509_REVOKED * rev, const char *str)
2567{ 2536{
2568 char *tmp = NULL; 2537 char *tmp = NULL;
2569 int reason_code = -1; 2538 int reason_code = -1;
@@ -2589,7 +2558,6 @@ make_revoked(X509_REVOKED *rev, const char *str)
2589 if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) 2558 if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
2590 goto err; 2559 goto err;
2591 } 2560 }
2592
2593 if (rev && comp_time) { 2561 if (rev && comp_time) {
2594 if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) 2562 if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
2595 goto err; 2563 goto err;
@@ -2598,7 +2566,6 @@ make_revoked(X509_REVOKED *rev, const char *str)
2598 if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) 2566 if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
2599 goto err; 2567 goto err;
2600 } 2568 }
2601
2602 if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) 2569 if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
2603 ret = 2; 2570 ret = 2;
2604 else 2571 else
@@ -2617,7 +2584,7 @@ err:
2617} 2584}
2618 2585
2619int 2586int
2620old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) 2587old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str)
2621{ 2588{
2622 char buf[25], *pbuf, *p; 2589 char buf[25], *pbuf, *p;
2623 int j; 2590 int j;
@@ -2640,16 +2607,16 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
2640 else 2607 else
2641 BIO_printf(bp, "ASN.1 %2d:'", str->type); 2608 BIO_printf(bp, "ASN.1 %2d:'", str->type);
2642 2609
2643 p = (char *)str->data; 2610 p = (char *) str->data;
2644 for (j = str->length; j > 0; j--) { 2611 for (j = str->length; j > 0; j--) {
2645 if ((*p >= ' ') && (*p <= '~')) 2612 if ((*p >= ' ') && (*p <= '~'))
2646 BIO_printf(bp, "%c", *p); 2613 BIO_printf(bp, "%c", *p);
2647 else if (*p & 0x80) 2614 else if (*p & 0x80)
2648 BIO_printf(bp, "\\0x%02X", *p); 2615 BIO_printf(bp, "\\0x%02X", *p);
2649 else if ((unsigned char)*p == 0xf7) 2616 else if ((unsigned char) *p == 0xf7)
2650 BIO_printf(bp, "^?"); 2617 BIO_printf(bp, "^?");
2651 else 2618 else
2652 BIO_printf(bp, "^%c", *p+'@'); 2619 BIO_printf(bp, "^%c", *p + '@');
2653 p++; 2620 p++;
2654 } 2621 }
2655 BIO_printf(bp, "'\n"); 2622 BIO_printf(bp, "'\n");
@@ -2657,8 +2624,8 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
2657} 2624}
2658 2625
2659int 2626int
2660unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, 2627unpack_revinfo(ASN1_TIME ** prevtm, int *preason, ASN1_OBJECT ** phold,
2661 ASN1_GENERALIZEDTIME **pinvtm, const char *str) 2628 ASN1_GENERALIZEDTIME ** pinvtm, const char *str)
2662{ 2629{
2663 char *tmp = NULL; 2630 char *tmp = NULL;
2664 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; 2631 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
@@ -2683,7 +2650,6 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
2683 arg_str = p + 1; 2650 arg_str = p + 1;
2684 } 2651 }
2685 } 2652 }
2686
2687 if (prevtm) { 2653 if (prevtm) {
2688 *prevtm = ASN1_UTCTIME_new(); 2654 *prevtm = ASN1_UTCTIME_new();
2689 if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { 2655 if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
@@ -2702,11 +2668,9 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
2702 BIO_printf(bio_err, "invalid reason code %s\n", reason_str); 2668 BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
2703 goto err; 2669 goto err;
2704 } 2670 }
2705
2706 if (reason_code == 7) 2671 if (reason_code == 7)
2707 reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; 2672 reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
2708 else if (reason_code == 8) /* Hold instruction */ 2673 else if (reason_code == 8) { /* Hold instruction */
2709 {
2710 if (!arg_str) { 2674 if (!arg_str) {
2711 BIO_printf(bio_err, "missing hold instruction\n"); 2675 BIO_printf(bio_err, "missing hold instruction\n");
2712 goto err; 2676 goto err;
@@ -2736,7 +2700,6 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
2736 reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; 2700 reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
2737 } 2701 }
2738 } 2702 }
2739
2740 if (preason) 2703 if (preason)
2741 *preason = reason_code; 2704 *preason = reason_code;
2742 if (pinvtm) 2705 if (pinvtm)
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c
index 1586dc5383..8e6427582c 100644
--- a/src/lib/libssl/src/apps/ciphers.c
+++ b/src/lib/libssl/src/apps/ciphers.c
@@ -93,7 +93,7 @@ MAIN(int argc, char **argv)
93 SSL *ssl = NULL; 93 SSL *ssl = NULL;
94 char *ciphers = NULL; 94 char *ciphers = NULL;
95 const SSL_METHOD *meth = NULL; 95 const SSL_METHOD *meth = NULL;
96 STACK_OF(SSL_CIPHER) *sk; 96 STACK_OF(SSL_CIPHER) * sk;
97 char buf[512]; 97 char buf[512];
98 BIO *STDout = NULL; 98 BIO *STDout = NULL;
99 99
@@ -123,7 +123,7 @@ MAIN(int argc, char **argv)
123 badops = 1; 123 badops = 1;
124 break; 124 break;
125 } else { 125 } else {
126 ciphers= *argv; 126 ciphers = *argv;
127 } 127 }
128 argc--; 128 argc--;
129 argv++; 129 argv++;
@@ -134,7 +134,6 @@ MAIN(int argc, char **argv)
134 BIO_printf(bio_err, "%s", *pp); 134 BIO_printf(bio_err, "%s", *pp);
135 goto end; 135 goto end;
136 } 136 }
137
138 OpenSSL_add_ssl_algorithms(); 137 OpenSSL_add_ssl_algorithms();
139 138
140 ctx = SSL_CTX_new(meth); 139 ctx = SSL_CTX_new(meth);
@@ -152,7 +151,7 @@ MAIN(int argc, char **argv)
152 151
153 152
154 if (!verbose) { 153 if (!verbose) {
155 for (i = 0; ; i++) { 154 for (i = 0;; i++) {
156 p = SSL_get_cipher_list(ssl, i); 155 p = SSL_get_cipher_list(ssl, i);
157 if (p == NULL) 156 if (p == NULL)
158 break; 157 break;
@@ -161,9 +160,7 @@ MAIN(int argc, char **argv)
161 BIO_printf(STDout, "%s", p); 160 BIO_printf(STDout, "%s", p);
162 } 161 }
163 BIO_printf(STDout, "\n"); 162 BIO_printf(STDout, "\n");
164 } 163 } else { /* verbose */
165 else /* verbose */
166 {
167 sk = SSL_get_ciphers(ssl); 164 sk = SSL_get_ciphers(ssl);
168 165
169 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 166 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
@@ -173,19 +170,18 @@ MAIN(int argc, char **argv)
173 170
174 if (Verbose) { 171 if (Verbose) {
175 unsigned long id = SSL_CIPHER_get_id(c); 172 unsigned long id = SSL_CIPHER_get_id(c);
176 int id0 = (int)(id >> 24); 173 int id0 = (int) (id >> 24);
177 int id1 = (int)((id >> 16) & 0xffL); 174 int id1 = (int) ((id >> 16) & 0xffL);
178 int id2 = (int)((id >> 8) & 0xffL); 175 int id2 = (int) ((id >> 8) & 0xffL);
179 int id3 = (int)(id & 0xffL); 176 int id3 = (int) (id & 0xffL);
180 177
181 if ((id & 0xff000000L) == 0x02000000L) 178 if ((id & 0xff000000L) == 0x02000000L)
182 BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ 179 BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
183 else if ((id & 0xff000000L) == 0x03000000L) 180 else if ((id & 0xff000000L) == 0x03000000L)
184 BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ 181 BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
185 else 182 else
186 BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ 183 BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
187 } 184 }
188
189 BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); 185 BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
190 } 186 }
191 } 187 }
@@ -204,5 +200,5 @@ end:
204 if (STDout != NULL) 200 if (STDout != NULL)
205 BIO_free_all(STDout); 201 BIO_free_all(STDout);
206 apps_shutdown(); 202 apps_shutdown();
207 return(ret); 203 return (ret);
208} 204}
diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c
index eda3ccbdf0..7948e4c09f 100644
--- a/src/lib/libssl/src/apps/cms.c
+++ b/src/lib/libssl/src/apps/cms.c
@@ -68,13 +68,13 @@
68 68
69#undef PROG 69#undef PROG
70#define PROG cms_main 70#define PROG cms_main
71static int save_certs(char *signerfile, STACK_OF(X509) *signers); 71static int save_certs(char *signerfile, STACK_OF(X509) * signers);
72static int cms_cb(int ok, X509_STORE_CTX *ctx); 72static int cms_cb(int ok, X509_STORE_CTX * ctx);
73static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); 73static void receipt_request_print(BIO * out, CMS_ContentInfo * cms);
74static CMS_ReceiptRequest * 74static CMS_ReceiptRequest *
75make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 75make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to,
76 int rr_allorfirst, 76 int rr_allorfirst,
77 STACK_OF(OPENSSL_STRING) *rr_from); 77 STACK_OF(OPENSSL_STRING) * rr_from);
78 78
79#define SMIME_OP 0x10 79#define SMIME_OP 0x10
80#define SMIME_IP 0x20 80#define SMIME_IP 0x20
@@ -96,12 +96,12 @@ make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
96#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) 96#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
97#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) 97#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
98 98
99int verify_err = 0; 99 int verify_err = 0;
100 100
101int MAIN(int, char **); 101 int MAIN(int, char **);
102 102
103int 103 int
104MAIN(int argc, char **argv) 104 MAIN(int argc, char **argv)
105{ 105{
106 ENGINE *e = NULL; 106 ENGINE *e = NULL;
107 int operation = 0; 107 int operation = 0;
@@ -110,7 +110,7 @@ MAIN(int argc, char **argv)
110 const char *inmode = "r", *outmode = "w"; 110 const char *inmode = "r", *outmode = "w";
111 char *infile = NULL, *outfile = NULL, *rctfile = NULL; 111 char *infile = NULL, *outfile = NULL, *rctfile = NULL;
112 char *signerfile = NULL, *recipfile = NULL; 112 char *signerfile = NULL, *recipfile = NULL;
113 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 113 STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
114 char *certfile = NULL, *keyfile = NULL, *contfile = NULL; 114 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
115 char *certsoutfile = NULL; 115 char *certsoutfile = NULL;
116 const EVP_CIPHER *cipher = NULL; 116 const EVP_CIPHER *cipher = NULL;
@@ -118,13 +118,13 @@ MAIN(int argc, char **argv)
118 X509_STORE *store = NULL; 118 X509_STORE *store = NULL;
119 X509 *cert = NULL, *recip = NULL, *signer = NULL; 119 X509 *cert = NULL, *recip = NULL, *signer = NULL;
120 EVP_PKEY *key = NULL; 120 EVP_PKEY *key = NULL;
121 STACK_OF(X509) *encerts = NULL, *other = NULL; 121 STACK_OF(X509) * encerts = NULL, *other = NULL;
122 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; 122 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
123 int badarg = 0; 123 int badarg = 0;
124 int flags = CMS_DETACHED, noout = 0, print = 0; 124 int flags = CMS_DETACHED, noout = 0, print = 0;
125 int verify_retcode = 0; 125 int verify_retcode = 0;
126 int rr_print = 0, rr_allorfirst = -1; 126 int rr_print = 0, rr_allorfirst = -1;
127 STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; 127 STACK_OF(OPENSSL_STRING) * rr_to = NULL, *rr_from = NULL;
128 CMS_ReceiptRequest *rr = NULL; 128 CMS_ReceiptRequest *rr = NULL;
129 char *to = NULL, *from = NULL, *subject = NULL; 129 char *to = NULL, *from = NULL, *subject = NULL;
130 char *CAfile = NULL, *CApath = NULL; 130 char *CAfile = NULL, *CApath = NULL;
@@ -152,26 +152,25 @@ MAIN(int argc, char **argv)
152 152
153 if (bio_err == NULL) { 153 if (bio_err == NULL) {
154 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 154 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
155 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 155 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
156 } 156 }
157
158 if (!load_config(bio_err, NULL)) 157 if (!load_config(bio_err, NULL))
159 goto end; 158 goto end;
160 159
161 while (!badarg && *args && *args[0] == '-') { 160 while (!badarg && *args && *args[0] == '-') {
162 if (!strcmp (*args, "-encrypt")) 161 if (!strcmp(*args, "-encrypt"))
163 operation = SMIME_ENCRYPT; 162 operation = SMIME_ENCRYPT;
164 else if (!strcmp (*args, "-decrypt")) 163 else if (!strcmp(*args, "-decrypt"))
165 operation = SMIME_DECRYPT; 164 operation = SMIME_DECRYPT;
166 else if (!strcmp (*args, "-sign")) 165 else if (!strcmp(*args, "-sign"))
167 operation = SMIME_SIGN; 166 operation = SMIME_SIGN;
168 else if (!strcmp (*args, "-sign_receipt")) 167 else if (!strcmp(*args, "-sign_receipt"))
169 operation = SMIME_SIGN_RECEIPT; 168 operation = SMIME_SIGN_RECEIPT;
170 else if (!strcmp (*args, "-resign")) 169 else if (!strcmp(*args, "-resign"))
171 operation = SMIME_RESIGN; 170 operation = SMIME_RESIGN;
172 else if (!strcmp (*args, "-verify")) 171 else if (!strcmp(*args, "-verify"))
173 operation = SMIME_VERIFY; 172 operation = SMIME_VERIFY;
174 else if (!strcmp (*args, "-verify_retcode")) 173 else if (!strcmp(*args, "-verify_retcode"))
175 verify_retcode = 1; 174 verify_retcode = 1;
176 else if (!strcmp(*args, "-verify_receipt")) { 175 else if (!strcmp(*args, "-verify_receipt")) {
177 operation = SMIME_VERIFY_RECEIPT; 176 operation = SMIME_VERIFY_RECEIPT;
@@ -179,40 +178,40 @@ MAIN(int argc, char **argv)
179 goto argerr; 178 goto argerr;
180 args++; 179 args++;
181 rctfile = *args; 180 rctfile = *args;
182 } else if (!strcmp (*args, "-cmsout")) 181 } else if (!strcmp(*args, "-cmsout"))
183 operation = SMIME_CMSOUT; 182 operation = SMIME_CMSOUT;
184 else if (!strcmp (*args, "-data_out")) 183 else if (!strcmp(*args, "-data_out"))
185 operation = SMIME_DATAOUT; 184 operation = SMIME_DATAOUT;
186 else if (!strcmp (*args, "-data_create")) 185 else if (!strcmp(*args, "-data_create"))
187 operation = SMIME_DATA_CREATE; 186 operation = SMIME_DATA_CREATE;
188 else if (!strcmp (*args, "-digest_verify")) 187 else if (!strcmp(*args, "-digest_verify"))
189 operation = SMIME_DIGEST_VERIFY; 188 operation = SMIME_DIGEST_VERIFY;
190 else if (!strcmp (*args, "-digest_create")) 189 else if (!strcmp(*args, "-digest_create"))
191 operation = SMIME_DIGEST_CREATE; 190 operation = SMIME_DIGEST_CREATE;
192 else if (!strcmp (*args, "-compress")) 191 else if (!strcmp(*args, "-compress"))
193 operation = SMIME_COMPRESS; 192 operation = SMIME_COMPRESS;
194 else if (!strcmp (*args, "-uncompress")) 193 else if (!strcmp(*args, "-uncompress"))
195 operation = SMIME_UNCOMPRESS; 194 operation = SMIME_UNCOMPRESS;
196 else if (!strcmp (*args, "-EncryptedData_decrypt")) 195 else if (!strcmp(*args, "-EncryptedData_decrypt"))
197 operation = SMIME_ENCRYPTED_DECRYPT; 196 operation = SMIME_ENCRYPTED_DECRYPT;
198 else if (!strcmp (*args, "-EncryptedData_encrypt")) 197 else if (!strcmp(*args, "-EncryptedData_encrypt"))
199 operation = SMIME_ENCRYPTED_ENCRYPT; 198 operation = SMIME_ENCRYPTED_ENCRYPT;
200#ifndef OPENSSL_NO_DES 199#ifndef OPENSSL_NO_DES
201 else if (!strcmp (*args, "-des3")) 200 else if (!strcmp(*args, "-des3"))
202 cipher = EVP_des_ede3_cbc(); 201 cipher = EVP_des_ede3_cbc();
203 else if (!strcmp (*args, "-des")) 202 else if (!strcmp(*args, "-des"))
204 cipher = EVP_des_cbc(); 203 cipher = EVP_des_cbc();
205#endif 204#endif
206#ifndef OPENSSL_NO_SEED 205#ifndef OPENSSL_NO_SEED
207 else if (!strcmp (*args, "-seed")) 206 else if (!strcmp(*args, "-seed"))
208 cipher = EVP_seed_cbc(); 207 cipher = EVP_seed_cbc();
209#endif 208#endif
210#ifndef OPENSSL_NO_RC2 209#ifndef OPENSSL_NO_RC2
211 else if (!strcmp (*args, "-rc2-40")) 210 else if (!strcmp(*args, "-rc2-40"))
212 cipher = EVP_rc2_40_cbc(); 211 cipher = EVP_rc2_40_cbc();
213 else if (!strcmp (*args, "-rc2-128")) 212 else if (!strcmp(*args, "-rc2-128"))
214 cipher = EVP_rc2_cbc(); 213 cipher = EVP_rc2_cbc();
215 else if (!strcmp (*args, "-rc2-64")) 214 else if (!strcmp(*args, "-rc2-64"))
216 cipher = EVP_rc2_64_cbc(); 215 cipher = EVP_rc2_64_cbc();
217#endif 216#endif
218#ifndef OPENSSL_NO_AES 217#ifndef OPENSSL_NO_AES
@@ -231,50 +230,50 @@ MAIN(int argc, char **argv)
231 else if (!strcmp(*args, "-camellia256")) 230 else if (!strcmp(*args, "-camellia256"))
232 cipher = EVP_camellia_256_cbc(); 231 cipher = EVP_camellia_256_cbc();
233#endif 232#endif
234 else if (!strcmp (*args, "-debug_decrypt")) 233 else if (!strcmp(*args, "-debug_decrypt"))
235 flags |= CMS_DEBUG_DECRYPT; 234 flags |= CMS_DEBUG_DECRYPT;
236 else if (!strcmp (*args, "-text")) 235 else if (!strcmp(*args, "-text"))
237 flags |= CMS_TEXT; 236 flags |= CMS_TEXT;
238 else if (!strcmp (*args, "-nointern")) 237 else if (!strcmp(*args, "-nointern"))
239 flags |= CMS_NOINTERN; 238 flags |= CMS_NOINTERN;
240 else if (!strcmp (*args, "-noverify") || 239 else if (!strcmp(*args, "-noverify") ||
241 !strcmp (*args, "-no_signer_cert_verify")) 240 !strcmp(*args, "-no_signer_cert_verify"))
242 flags |= CMS_NO_SIGNER_CERT_VERIFY; 241 flags |= CMS_NO_SIGNER_CERT_VERIFY;
243 else if (!strcmp (*args, "-nocerts")) 242 else if (!strcmp(*args, "-nocerts"))
244 flags |= CMS_NOCERTS; 243 flags |= CMS_NOCERTS;
245 else if (!strcmp (*args, "-noattr")) 244 else if (!strcmp(*args, "-noattr"))
246 flags |= CMS_NOATTR; 245 flags |= CMS_NOATTR;
247 else if (!strcmp (*args, "-nodetach")) 246 else if (!strcmp(*args, "-nodetach"))
248 flags &= ~CMS_DETACHED; 247 flags &= ~CMS_DETACHED;
249 else if (!strcmp (*args, "-nosmimecap")) 248 else if (!strcmp(*args, "-nosmimecap"))
250 flags |= CMS_NOSMIMECAP; 249 flags |= CMS_NOSMIMECAP;
251 else if (!strcmp (*args, "-binary")) 250 else if (!strcmp(*args, "-binary"))
252 flags |= CMS_BINARY; 251 flags |= CMS_BINARY;
253 else if (!strcmp (*args, "-keyid")) 252 else if (!strcmp(*args, "-keyid"))
254 flags |= CMS_USE_KEYID; 253 flags |= CMS_USE_KEYID;
255 else if (!strcmp (*args, "-nosigs")) 254 else if (!strcmp(*args, "-nosigs"))
256 flags |= CMS_NOSIGS; 255 flags |= CMS_NOSIGS;
257 else if (!strcmp (*args, "-no_content_verify")) 256 else if (!strcmp(*args, "-no_content_verify"))
258 flags |= CMS_NO_CONTENT_VERIFY; 257 flags |= CMS_NO_CONTENT_VERIFY;
259 else if (!strcmp (*args, "-no_attr_verify")) 258 else if (!strcmp(*args, "-no_attr_verify"))
260 flags |= CMS_NO_ATTR_VERIFY; 259 flags |= CMS_NO_ATTR_VERIFY;
261 else if (!strcmp (*args, "-stream")) 260 else if (!strcmp(*args, "-stream"))
262 flags |= CMS_STREAM; 261 flags |= CMS_STREAM;
263 else if (!strcmp (*args, "-indef")) 262 else if (!strcmp(*args, "-indef"))
264 flags |= CMS_STREAM; 263 flags |= CMS_STREAM;
265 else if (!strcmp (*args, "-noindef")) 264 else if (!strcmp(*args, "-noindef"))
266 flags &= ~CMS_STREAM; 265 flags &= ~CMS_STREAM;
267 else if (!strcmp (*args, "-nooldmime")) 266 else if (!strcmp(*args, "-nooldmime"))
268 flags |= CMS_NOOLDMIMETYPE; 267 flags |= CMS_NOOLDMIMETYPE;
269 else if (!strcmp (*args, "-crlfeol")) 268 else if (!strcmp(*args, "-crlfeol"))
270 flags |= CMS_CRLFEOL; 269 flags |= CMS_CRLFEOL;
271 else if (!strcmp (*args, "-noout")) 270 else if (!strcmp(*args, "-noout"))
272 noout = 1; 271 noout = 1;
273 else if (!strcmp (*args, "-receipt_request_print")) 272 else if (!strcmp(*args, "-receipt_request_print"))
274 rr_print = 1; 273 rr_print = 1;
275 else if (!strcmp (*args, "-receipt_request_all")) 274 else if (!strcmp(*args, "-receipt_request_all"))
276 rr_allorfirst = 0; 275 rr_allorfirst = 0;
277 else if (!strcmp (*args, "-receipt_request_first")) 276 else if (!strcmp(*args, "-receipt_request_first"))
278 rr_allorfirst = 1; 277 rr_allorfirst = 1;
279 else if (!strcmp(*args, "-receipt_request_from")) { 278 else if (!strcmp(*args, "-receipt_request_from")) {
280 if (!args[1]) 279 if (!args[1])
@@ -283,20 +282,17 @@ MAIN(int argc, char **argv)
283 if (!rr_from) 282 if (!rr_from)
284 rr_from = sk_OPENSSL_STRING_new_null(); 283 rr_from = sk_OPENSSL_STRING_new_null();
285 sk_OPENSSL_STRING_push(rr_from, *args); 284 sk_OPENSSL_STRING_push(rr_from, *args);
286 } 285 } else if (!strcmp(*args, "-receipt_request_to")) {
287 else if (!strcmp(*args, "-receipt_request_to")) {
288 if (!args[1]) 286 if (!args[1])
289 goto argerr; 287 goto argerr;
290 args++; 288 args++;
291 if (!rr_to) 289 if (!rr_to)
292 rr_to = sk_OPENSSL_STRING_new_null(); 290 rr_to = sk_OPENSSL_STRING_new_null();
293 sk_OPENSSL_STRING_push(rr_to, *args); 291 sk_OPENSSL_STRING_push(rr_to, *args);
294 } 292 } else if (!strcmp(*args, "-print")) {
295 else if (!strcmp (*args, "-print")) {
296 noout = 1; 293 noout = 1;
297 print = 1; 294 print = 1;
298 } 295 } else if (!strcmp(*args, "-secretkey")) {
299 else if (!strcmp(*args, "-secretkey")) {
300 long ltmp; 296 long ltmp;
301 if (!args[1]) 297 if (!args[1])
302 goto argerr; 298 goto argerr;
@@ -306,9 +302,8 @@ MAIN(int argc, char **argv)
306 BIO_printf(bio_err, "Invalid key %s\n", *args); 302 BIO_printf(bio_err, "Invalid key %s\n", *args);
307 goto argerr; 303 goto argerr;
308 } 304 }
309 secret_keylen = (size_t)ltmp; 305 secret_keylen = (size_t) ltmp;
310 } 306 } else if (!strcmp(*args, "-secretkeyid")) {
311 else if (!strcmp(*args, "-secretkeyid")) {
312 long ltmp; 307 long ltmp;
313 if (!args[1]) 308 if (!args[1])
314 goto argerr; 309 goto argerr;
@@ -318,13 +313,12 @@ MAIN(int argc, char **argv)
318 BIO_printf(bio_err, "Invalid id %s\n", *args); 313 BIO_printf(bio_err, "Invalid id %s\n", *args);
319 goto argerr; 314 goto argerr;
320 } 315 }
321 secret_keyidlen = (size_t)ltmp; 316 secret_keyidlen = (size_t) ltmp;
322 } 317 } else if (!strcmp(*args, "-pwri_password")) {
323 else if (!strcmp(*args, "-pwri_password")) {
324 if (!args[1]) 318 if (!args[1])
325 goto argerr; 319 goto argerr;
326 args++; 320 args++;
327 pwri_pass = (unsigned char *)*args; 321 pwri_pass = (unsigned char *) *args;
328 } else if (!strcmp(*args, "-econtent_type")) { 322 } else if (!strcmp(*args, "-econtent_type")) {
329 if (!args[1]) 323 if (!args[1])
330 goto argerr; 324 goto argerr;
@@ -352,23 +346,19 @@ MAIN(int argc, char **argv)
352 if (!args[1]) 346 if (!args[1])
353 goto argerr; 347 goto argerr;
354 passargin = *++args; 348 passargin = *++args;
355 } 349 } else if (!strcmp(*args, "-to")) {
356 else if (!strcmp (*args, "-to")) {
357 if (!args[1]) 350 if (!args[1])
358 goto argerr; 351 goto argerr;
359 to = *++args; 352 to = *++args;
360 } 353 } else if (!strcmp(*args, "-from")) {
361 else if (!strcmp (*args, "-from")) {
362 if (!args[1]) 354 if (!args[1])
363 goto argerr; 355 goto argerr;
364 from = *++args; 356 from = *++args;
365 } 357 } else if (!strcmp(*args, "-subject")) {
366 else if (!strcmp (*args, "-subject")) {
367 if (!args[1]) 358 if (!args[1])
368 goto argerr; 359 goto argerr;
369 subject = *++args; 360 subject = *++args;
370 } 361 } else if (!strcmp(*args, "-signer")) {
371 else if (!strcmp (*args, "-signer")) {
372 if (!args[1]) 362 if (!args[1])
373 goto argerr; 363 goto argerr;
374 /* If previous -signer argument add signer to list */ 364 /* If previous -signer argument add signer to list */
@@ -385,15 +375,15 @@ MAIN(int argc, char **argv)
385 keyfile = NULL; 375 keyfile = NULL;
386 } 376 }
387 signerfile = *++args; 377 signerfile = *++args;
388 } else if (!strcmp (*args, "-recip")) { 378 } else if (!strcmp(*args, "-recip")) {
389 if (!args[1]) 379 if (!args[1])
390 goto argerr; 380 goto argerr;
391 recipfile = *++args; 381 recipfile = *++args;
392 } else if (!strcmp (*args, "-certsout")) { 382 } else if (!strcmp(*args, "-certsout")) {
393 if (!args[1]) 383 if (!args[1])
394 goto argerr; 384 goto argerr;
395 certsoutfile = *++args; 385 certsoutfile = *++args;
396 } else if (!strcmp (*args, "-md")) { 386 } else if (!strcmp(*args, "-md")) {
397 if (!args[1]) 387 if (!args[1])
398 goto argerr; 388 goto argerr;
399 sign_md = EVP_get_digestbyname(*++args); 389 sign_md = EVP_get_digestbyname(*++args);
@@ -402,7 +392,7 @@ MAIN(int argc, char **argv)
402 *args); 392 *args);
403 goto argerr; 393 goto argerr;
404 } 394 }
405 } else if (!strcmp (*args, "-inkey")) { 395 } else if (!strcmp(*args, "-inkey")) {
406 if (!args[1]) 396 if (!args[1])
407 goto argerr; 397 goto argerr;
408 /* If previous -inkey arument add signer to list */ 398 /* If previous -inkey arument add signer to list */
@@ -420,43 +410,43 @@ MAIN(int argc, char **argv)
420 sk_OPENSSL_STRING_push(skkeys, keyfile); 410 sk_OPENSSL_STRING_push(skkeys, keyfile);
421 } 411 }
422 keyfile = *++args; 412 keyfile = *++args;
423 } else if (!strcmp (*args, "-keyform")) { 413 } else if (!strcmp(*args, "-keyform")) {
424 if (!args[1]) 414 if (!args[1])
425 goto argerr; 415 goto argerr;
426 keyform = str2fmt(*++args); 416 keyform = str2fmt(*++args);
427 } else if (!strcmp (*args, "-rctform")) { 417 } else if (!strcmp(*args, "-rctform")) {
428 if (!args[1]) 418 if (!args[1])
429 goto argerr; 419 goto argerr;
430 rctformat = str2fmt(*++args); 420 rctformat = str2fmt(*++args);
431 } else if (!strcmp (*args, "-certfile")) { 421 } else if (!strcmp(*args, "-certfile")) {
432 if (!args[1]) 422 if (!args[1])
433 goto argerr; 423 goto argerr;
434 certfile = *++args; 424 certfile = *++args;
435 } else if (!strcmp (*args, "-CAfile")) { 425 } else if (!strcmp(*args, "-CAfile")) {
436 if (!args[1]) 426 if (!args[1])
437 goto argerr; 427 goto argerr;
438 CAfile = *++args; 428 CAfile = *++args;
439 } else if (!strcmp (*args, "-CApath")) { 429 } else if (!strcmp(*args, "-CApath")) {
440 if (!args[1]) 430 if (!args[1])
441 goto argerr; 431 goto argerr;
442 CApath = *++args; 432 CApath = *++args;
443 } else if (!strcmp (*args, "-in")) { 433 } else if (!strcmp(*args, "-in")) {
444 if (!args[1]) 434 if (!args[1])
445 goto argerr; 435 goto argerr;
446 infile = *++args; 436 infile = *++args;
447 } else if (!strcmp (*args, "-inform")) { 437 } else if (!strcmp(*args, "-inform")) {
448 if (!args[1]) 438 if (!args[1])
449 goto argerr; 439 goto argerr;
450 informat = str2fmt(*++args); 440 informat = str2fmt(*++args);
451 } else if (!strcmp (*args, "-outform")) { 441 } else if (!strcmp(*args, "-outform")) {
452 if (!args[1]) 442 if (!args[1])
453 goto argerr; 443 goto argerr;
454 outformat = str2fmt(*++args); 444 outformat = str2fmt(*++args);
455 } else if (!strcmp (*args, "-out")) { 445 } else if (!strcmp(*args, "-out")) {
456 if (!args[1]) 446 if (!args[1])
457 goto argerr; 447 goto argerr;
458 outfile = *++args; 448 outfile = *++args;
459 } else if (!strcmp (*args, "-content")) { 449 } else if (!strcmp(*args, "-content")) {
460 if (!args[1]) 450 if (!args[1])
461 goto argerr; 451 goto argerr;
462 contfile = *++args; 452 contfile = *++args;
@@ -471,8 +461,7 @@ MAIN(int argc, char **argv)
471 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 461 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
472 goto argerr; 462 goto argerr;
473 } 463 }
474 464 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
475 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
476 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 465 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
477 goto argerr; 466 goto argerr;
478 } 467 }
@@ -480,7 +469,6 @@ MAIN(int argc, char **argv)
480 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 469 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
481 goto argerr; 470 goto argerr;
482 } 471 }
483
484 if (operation & SMIME_SIGNERS) { 472 if (operation & SMIME_SIGNERS) {
485 if (keyfile && !signerfile) { 473 if (keyfile && !signerfile) {
486 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 474 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
@@ -519,72 +507,71 @@ MAIN(int argc, char **argv)
519 badarg = 1; 507 badarg = 1;
520 508
521 if (badarg) { 509 if (badarg) {
522 argerr: 510argerr:
523 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); 511 BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
524 BIO_printf (bio_err, "where options are\n"); 512 BIO_printf(bio_err, "where options are\n");
525 BIO_printf (bio_err, "-encrypt encrypt message\n"); 513 BIO_printf(bio_err, "-encrypt encrypt message\n");
526 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); 514 BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
527 BIO_printf (bio_err, "-sign sign message\n"); 515 BIO_printf(bio_err, "-sign sign message\n");
528 BIO_printf (bio_err, "-verify verify signed message\n"); 516 BIO_printf(bio_err, "-verify verify signed message\n");
529 BIO_printf (bio_err, "-cmsout output CMS structure\n"); 517 BIO_printf(bio_err, "-cmsout output CMS structure\n");
530#ifndef OPENSSL_NO_DES 518#ifndef OPENSSL_NO_DES
531 BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); 519 BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
532 BIO_printf (bio_err, "-des encrypt with DES\n"); 520 BIO_printf(bio_err, "-des encrypt with DES\n");
533#endif 521#endif
534#ifndef OPENSSL_NO_SEED 522#ifndef OPENSSL_NO_SEED
535 BIO_printf (bio_err, "-seed encrypt with SEED\n"); 523 BIO_printf(bio_err, "-seed encrypt with SEED\n");
536#endif 524#endif
537#ifndef OPENSSL_NO_RC2 525#ifndef OPENSSL_NO_RC2
538 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); 526 BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
539 BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); 527 BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
540 BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); 528 BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
541#endif 529#endif
542#ifndef OPENSSL_NO_AES 530#ifndef OPENSSL_NO_AES
543 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 531 BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
544 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 532 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
545#endif 533#endif
546#ifndef OPENSSL_NO_CAMELLIA 534#ifndef OPENSSL_NO_CAMELLIA
547 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); 535 BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
548 BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); 536 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
549#endif 537#endif
550 BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); 538 BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
551 BIO_printf (bio_err, "-nosigs don't verify message signature\n"); 539 BIO_printf(bio_err, "-nosigs don't verify message signature\n");
552 BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); 540 BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
553 BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); 541 BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
554 BIO_printf (bio_err, "-nodetach use opaque signing\n"); 542 BIO_printf(bio_err, "-nodetach use opaque signing\n");
555 BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); 543 BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
556 BIO_printf (bio_err, "-binary don't translate message to text\n"); 544 BIO_printf(bio_err, "-binary don't translate message to text\n");
557 BIO_printf (bio_err, "-certfile file other certificates file\n"); 545 BIO_printf(bio_err, "-certfile file other certificates file\n");
558 BIO_printf (bio_err, "-certsout file certificate output file\n"); 546 BIO_printf(bio_err, "-certsout file certificate output file\n");
559 BIO_printf (bio_err, "-signer file signer certificate file\n"); 547 BIO_printf(bio_err, "-signer file signer certificate file\n");
560 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 548 BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
561 BIO_printf (bio_err, "-keyid use subject key identifier\n"); 549 BIO_printf(bio_err, "-keyid use subject key identifier\n");
562 BIO_printf (bio_err, "-in file input file\n"); 550 BIO_printf(bio_err, "-in file input file\n");
563 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 551 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
564 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 552 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
565 BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 553 BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
566 BIO_printf (bio_err, "-out file output file\n"); 554 BIO_printf(bio_err, "-out file output file\n");
567 BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 555 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
568 BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); 556 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
569 BIO_printf (bio_err, "-to addr to address\n"); 557 BIO_printf(bio_err, "-to addr to address\n");
570 BIO_printf (bio_err, "-from ad from address\n"); 558 BIO_printf(bio_err, "-from ad from address\n");
571 BIO_printf (bio_err, "-subject s subject\n"); 559 BIO_printf(bio_err, "-subject s subject\n");
572 BIO_printf (bio_err, "-text include or delete text MIME headers\n"); 560 BIO_printf(bio_err, "-text include or delete text MIME headers\n");
573 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 561 BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
574 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 562 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
575 BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 563 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
576 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 564 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
577#ifndef OPENSSL_NO_ENGINE 565#ifndef OPENSSL_NO_ENGINE
578 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 566 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
579#endif 567#endif
580 BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); 568 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
581 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 569 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
582 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 570 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
583 BIO_printf(bio_err, " the random number generator\n"); 571 BIO_printf(bio_err, " the random number generator\n");
584 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 572 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
585 goto end; 573 goto end;
586 } 574 }
587
588#ifndef OPENSSL_NO_ENGINE 575#ifndef OPENSSL_NO_ENGINE
589 e = setup_engine(bio_err, engine, 0); 576 e = setup_engine(bio_err, engine, 0);
590#endif 577#endif
@@ -593,14 +580,12 @@ MAIN(int argc, char **argv)
593 BIO_printf(bio_err, "Error getting password\n"); 580 BIO_printf(bio_err, "Error getting password\n");
594 goto end; 581 goto end;
595 } 582 }
596
597 if (need_rand) { 583 if (need_rand) {
598 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 584 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
599 if (inrand != NULL) 585 if (inrand != NULL)
600 BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 586 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
601 app_RAND_load_files(inrand)); 587 app_RAND_load_files(inrand));
602 } 588 }
603
604 ret = 2; 589 ret = 2;
605 590
606 if (!(operation & SMIME_SIGNERS)) 591 if (!(operation & SMIME_SIGNERS))
@@ -631,12 +616,10 @@ MAIN(int argc, char **argv)
631 goto end; 616 goto end;
632#endif 617#endif
633 } 618 }
634
635 if (secret_key && !secret_keyid) { 619 if (secret_key && !secret_keyid) {
636 BIO_printf(bio_err, "No secret key id\n"); 620 BIO_printf(bio_err, "No secret key id\n");
637 goto end; 621 goto end;
638 } 622 }
639
640 if (*args) 623 if (*args)
641 encerts = sk_X509_new_null(); 624 encerts = sk_X509_new_null();
642 while (*args) { 625 while (*args) {
@@ -648,31 +631,27 @@ MAIN(int argc, char **argv)
648 args++; 631 args++;
649 } 632 }
650 } 633 }
651
652 if (certfile) { 634 if (certfile) {
653 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, 635 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
654 e, "certificate file"))) { 636 e, "certificate file"))) {
655 ERR_print_errors(bio_err); 637 ERR_print_errors(bio_err);
656 goto end; 638 goto end;
657 } 639 }
658 } 640 }
659
660 if (recipfile && (operation == SMIME_DECRYPT)) { 641 if (recipfile && (operation == SMIME_DECRYPT)) {
661 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, 642 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
662 e, "recipient certificate file"))) { 643 e, "recipient certificate file"))) {
663 ERR_print_errors(bio_err); 644 ERR_print_errors(bio_err);
664 goto end; 645 goto end;
665 } 646 }
666 } 647 }
667
668 if (operation == SMIME_SIGN_RECEIPT) { 648 if (operation == SMIME_SIGN_RECEIPT) {
669 if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, 649 if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
670 e, "receipt signer certificate file"))) { 650 e, "receipt signer certificate file"))) {
671 ERR_print_errors(bio_err); 651 ERR_print_errors(bio_err);
672 goto end; 652 goto end;
673 } 653 }
674 } 654 }
675
676 if (operation == SMIME_DECRYPT) { 655 if (operation == SMIME_DECRYPT) {
677 if (!keyfile) 656 if (!keyfile)
678 keyfile = recipfile; 657 keyfile = recipfile;
@@ -688,10 +667,9 @@ MAIN(int argc, char **argv)
688 if (!key) 667 if (!key)
689 goto end; 668 goto end;
690 } 669 }
691
692 if (infile) { 670 if (infile) {
693 if (!(in = BIO_new_file(infile, inmode))) { 671 if (!(in = BIO_new_file(infile, inmode))) {
694 BIO_printf (bio_err, 672 BIO_printf(bio_err,
695 "Can't open input file %s\n", infile); 673 "Can't open input file %s\n", infile);
696 goto end; 674 goto end;
697 } 675 }
@@ -722,7 +700,7 @@ MAIN(int argc, char **argv)
722 } 700 }
723 } 701 }
724 if (certsoutfile) { 702 if (certsoutfile) {
725 STACK_OF(X509) *allcerts; 703 STACK_OF(X509) * allcerts;
726 allcerts = CMS_get1_certs(cms); 704 allcerts = CMS_get1_certs(cms);
727 if (!save_certs(certsoutfile, allcerts)) { 705 if (!save_certs(certsoutfile, allcerts)) {
728 BIO_printf(bio_err, 706 BIO_printf(bio_err,
@@ -734,15 +712,13 @@ MAIN(int argc, char **argv)
734 sk_X509_pop_free(allcerts, X509_free); 712 sk_X509_pop_free(allcerts, X509_free);
735 } 713 }
736 } 714 }
737
738 if (rctfile) { 715 if (rctfile) {
739 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; 716 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
740 if (!(rctin = BIO_new_file(rctfile, rctmode))) { 717 if (!(rctin = BIO_new_file(rctfile, rctmode))) {
741 BIO_printf (bio_err, 718 BIO_printf(bio_err,
742 "Can't open receipt file %s\n", rctfile); 719 "Can't open receipt file %s\n", rctfile);
743 goto end; 720 goto end;
744 } 721 }
745
746 if (rctformat == FORMAT_SMIME) 722 if (rctformat == FORMAT_SMIME)
747 rcms = SMIME_read_CMS(rctin, NULL); 723 rcms = SMIME_read_CMS(rctin, NULL);
748 else if (rctformat == FORMAT_PEM) 724 else if (rctformat == FORMAT_PEM)
@@ -759,10 +735,9 @@ MAIN(int argc, char **argv)
759 goto end; 735 goto end;
760 } 736 }
761 } 737 }
762
763 if (outfile) { 738 if (outfile) {
764 if (!(out = BIO_new_file(outfile, outmode))) { 739 if (!(out = BIO_new_file(outfile, outmode))) {
765 BIO_printf (bio_err, 740 BIO_printf(bio_err,
766 "Can't open output file %s\n", outfile); 741 "Can't open output file %s\n", outfile);
767 goto end; 742 goto end;
768 } 743 }
@@ -777,8 +752,6 @@ MAIN(int argc, char **argv)
777 if (vpm) 752 if (vpm)
778 X509_STORE_set1_param(store, vpm); 753 X509_STORE_set1_param(store, vpm);
779 } 754 }
780
781
782 ret = 3; 755 ret = 3;
783 756
784 if (operation == SMIME_DATA_CREATE) { 757 if (operation == SMIME_DATA_CREATE) {
@@ -794,20 +767,20 @@ MAIN(int argc, char **argv)
794 goto end; 767 goto end;
795 if (secret_key) { 768 if (secret_key) {
796 if (!CMS_add0_recipient_key(cms, NID_undef, 769 if (!CMS_add0_recipient_key(cms, NID_undef,
797 secret_key, secret_keylen, 770 secret_key, secret_keylen,
798 secret_keyid, secret_keyidlen, 771 secret_keyid, secret_keyidlen,
799 NULL, NULL, NULL)) 772 NULL, NULL, NULL))
800 goto end; 773 goto end;
801 /* NULL these because call absorbs them */ 774 /* NULL these because call absorbs them */
802 secret_key = NULL; 775 secret_key = NULL;
803 secret_keyid = NULL; 776 secret_keyid = NULL;
804 } 777 }
805 if (pwri_pass) { 778 if (pwri_pass) {
806 pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); 779 pwri_tmp = (unsigned char *) BUF_strdup((char *) pwri_pass);
807 if (!pwri_tmp) 780 if (!pwri_tmp)
808 goto end; 781 goto end;
809 if (!CMS_add0_recipient_password(cms, 782 if (!CMS_add0_recipient_password(cms,
810 -1, NID_undef, NID_undef, 783 -1, NID_undef, NID_undef,
811 pwri_tmp, -1, NULL)) 784 pwri_tmp, -1, NULL))
812 goto end; 785 goto end;
813 pwri_tmp = NULL; 786 pwri_tmp = NULL;
@@ -823,7 +796,7 @@ MAIN(int argc, char **argv)
823 796
824 } else if (operation == SMIME_SIGN_RECEIPT) { 797 } else if (operation == SMIME_SIGN_RECEIPT) {
825 CMS_ContentInfo *srcms = NULL; 798 CMS_ContentInfo *srcms = NULL;
826 STACK_OF(CMS_SignerInfo) *sis; 799 STACK_OF(CMS_SignerInfo) * sis;
827 CMS_SignerInfo *si; 800 CMS_SignerInfo *si;
828 sis = CMS_get0_SignerInfos(cms); 801 sis = CMS_get0_SignerInfos(cms);
829 if (!sis) 802 if (!sis)
@@ -836,8 +809,9 @@ MAIN(int argc, char **argv)
836 cms = srcms; 809 cms = srcms;
837 } else if (operation & SMIME_SIGNERS) { 810 } else if (operation & SMIME_SIGNERS) {
838 int i; 811 int i;
839 /* If detached data content we enable streaming if 812 /*
840 * S/MIME output format. 813 * If detached data content we enable streaming if S/MIME
814 * output format.
841 */ 815 */
842 if (operation == SMIME_SIGN) { 816 if (operation == SMIME_SIGN) {
843 817
@@ -891,12 +865,10 @@ MAIN(int argc, char **argv)
891 goto end; 865 goto end;
892 } 866 }
893 } 867 }
894
895 if (!cms) { 868 if (!cms) {
896 BIO_printf(bio_err, "Error creating CMS structure\n"); 869 BIO_printf(bio_err, "Error creating CMS structure\n");
897 goto end; 870 goto end;
898 } 871 }
899
900 ret = 4; 872 ret = 4;
901 if (operation == SMIME_DECRYPT) { 873 if (operation == SMIME_DECRYPT) {
902 if (flags & CMS_DEBUG_DECRYPT) 874 if (flags & CMS_DEBUG_DECRYPT)
@@ -904,14 +876,13 @@ MAIN(int argc, char **argv)
904 876
905 if (secret_key) { 877 if (secret_key) {
906 if (!CMS_decrypt_set1_key(cms, 878 if (!CMS_decrypt_set1_key(cms,
907 secret_key, secret_keylen, 879 secret_key, secret_keylen,
908 secret_keyid, secret_keyidlen)) { 880 secret_keyid, secret_keyidlen)) {
909 BIO_puts(bio_err, 881 BIO_puts(bio_err,
910 "Error decrypting CMS using secret key\n"); 882 "Error decrypting CMS using secret key\n");
911 goto end; 883 goto end;
912 } 884 }
913 } 885 }
914
915 if (key) { 886 if (key) {
916 if (!CMS_decrypt_set1_pkey(cms, key, recip)) { 887 if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
917 BIO_puts(bio_err, 888 BIO_puts(bio_err,
@@ -919,7 +890,6 @@ MAIN(int argc, char **argv)
919 goto end; 890 goto end;
920 } 891 }
921 } 892 }
922
923 if (pwri_pass) { 893 if (pwri_pass) {
924 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { 894 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
925 BIO_puts(bio_err, 895 BIO_puts(bio_err,
@@ -927,7 +897,6 @@ MAIN(int argc, char **argv)
927 goto end; 897 goto end;
928 } 898 }
929 } 899 }
930
931 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { 900 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
932 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 901 BIO_printf(bio_err, "Error decrypting CMS structure\n");
933 goto end; 902 goto end;
@@ -947,7 +916,7 @@ MAIN(int argc, char **argv)
947 } 916 }
948 } else if (operation == SMIME_ENCRYPTED_DECRYPT) { 917 } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
949 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, 918 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
950 indata, out, flags)) 919 indata, out, flags))
951 goto end; 920 goto end;
952 } else if (operation == SMIME_VERIFY) { 921 } else if (operation == SMIME_VERIFY) {
953 if (CMS_verify(cms, other, store, indata, out, flags) > 0) 922 if (CMS_verify(cms, other, store, indata, out, flags) > 0)
@@ -959,7 +928,7 @@ MAIN(int argc, char **argv)
959 goto end; 928 goto end;
960 } 929 }
961 if (signerfile) { 930 if (signerfile) {
962 STACK_OF(X509) *signers; 931 STACK_OF(X509) * signers;
963 signers = CMS_get0_signers(cms); 932 signers = CMS_get0_signers(cms);
964 if (!save_certs(signerfile, signers)) { 933 if (!save_certs(signerfile, signers)) {
965 BIO_printf(bio_err, 934 BIO_printf(bio_err,
@@ -1053,7 +1022,7 @@ end:
1053} 1022}
1054 1023
1055static int 1024static int
1056save_certs(char *signerfile, STACK_OF(X509) *signers) 1025save_certs(char *signerfile, STACK_OF(X509) * signers)
1057{ 1026{
1058 int i; 1027 int i;
1059 BIO *tmp; 1028 BIO *tmp;
@@ -1072,7 +1041,7 @@ save_certs(char *signerfile, STACK_OF(X509) *signers)
1072/* Minimal callback just to output policy info (if any) */ 1041/* Minimal callback just to output policy info (if any) */
1073 1042
1074static int 1043static int
1075cms_cb(int ok, X509_STORE_CTX *ctx) 1044cms_cb(int ok, X509_STORE_CTX * ctx)
1076{ 1045{
1077 int error; 1046 int error;
1078 1047
@@ -1090,9 +1059,9 @@ cms_cb(int ok, X509_STORE_CTX *ctx)
1090} 1059}
1091 1060
1092static void 1061static void
1093gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) 1062gnames_stack_print(BIO * out, STACK_OF(GENERAL_NAMES) * gns)
1094{ 1063{
1095 STACK_OF(GENERAL_NAME) *gens; 1064 STACK_OF(GENERAL_NAME) * gens;
1096 GENERAL_NAME *gen; 1065 GENERAL_NAME *gen;
1097 int i, j; 1066 int i, j;
1098 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { 1067 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
@@ -1108,13 +1077,13 @@ gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1108} 1077}
1109 1078
1110static void 1079static void
1111receipt_request_print(BIO *out, CMS_ContentInfo *cms) 1080receipt_request_print(BIO * out, CMS_ContentInfo * cms)
1112{ 1081{
1113 STACK_OF(CMS_SignerInfo) *sis; 1082 STACK_OF(CMS_SignerInfo) * sis;
1114 CMS_SignerInfo *si; 1083 CMS_SignerInfo *si;
1115 CMS_ReceiptRequest *rr; 1084 CMS_ReceiptRequest *rr;
1116 int allorfirst; 1085 int allorfirst;
1117 STACK_OF(GENERAL_NAMES) *rto, *rlist; 1086 STACK_OF(GENERAL_NAMES) * rto, *rlist;
1118 ASN1_STRING *scid; 1087 ASN1_STRING *scid;
1119 int i, rv; 1088 int i, rv;
1120 sis = CMS_get0_SignerInfos(cms); 1089 sis = CMS_get0_SignerInfos(cms);
@@ -1134,7 +1103,7 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1134 &rlist, &rto); 1103 &rlist, &rto);
1135 BIO_puts(out, " Signed Content ID:\n"); 1104 BIO_puts(out, " Signed Content ID:\n");
1136 idlen = ASN1_STRING_length(scid); 1105 idlen = ASN1_STRING_length(scid);
1137 id = (char *)ASN1_STRING_data(scid); 1106 id = (char *) ASN1_STRING_data(scid);
1138 BIO_dump_indent(out, id, idlen, 4); 1107 BIO_dump_indent(out, id, idlen, 4);
1139 BIO_puts(out, " Receipts From"); 1108 BIO_puts(out, " Receipts From");
1140 if (rlist) { 1109 if (rlist) {
@@ -1155,10 +1124,10 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1155} 1124}
1156 1125
1157static 1126static
1158STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) 1127STACK_OF(GENERAL_NAMES) * make_names_stack(STACK_OF(OPENSSL_STRING) * ns)
1159{ 1128{
1160 int i; 1129 int i;
1161 STACK_OF(GENERAL_NAMES) *ret; 1130 STACK_OF(GENERAL_NAMES) * ret;
1162 GENERAL_NAMES *gens = NULL; 1131 GENERAL_NAMES *gens = NULL;
1163 GENERAL_NAME *gen = NULL; 1132 GENERAL_NAME *gen = NULL;
1164 ret = sk_GENERAL_NAMES_new_null(); 1133 ret = sk_GENERAL_NAMES_new_null();
@@ -1194,10 +1163,10 @@ err:
1194 1163
1195 1164
1196static CMS_ReceiptRequest * 1165static CMS_ReceiptRequest *
1197make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, 1166make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst,
1198 STACK_OF(OPENSSL_STRING) *rr_from) 1167 STACK_OF(OPENSSL_STRING) * rr_from)
1199{ 1168{
1200 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; 1169 STACK_OF(GENERAL_NAMES) * rct_to, *rct_from;
1201 CMS_ReceiptRequest *rr; 1170 CMS_ReceiptRequest *rr;
1202 rct_to = make_names_stack(rr_to); 1171 rct_to = make_names_stack(rr_to);
1203 if (!rct_to) 1172 if (!rct_to)
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c
index c89b8818a8..a4a4d7d296 100644
--- a/src/lib/libssl/src/apps/crl.c
+++ b/src/lib/libssl/src/apps/crl.c
@@ -111,7 +111,8 @@ MAIN(int argc, char **argv)
111 BIO *out = NULL; 111 BIO *out = NULL;
112 int informat, outformat; 112 int informat, outformat;
113 char *infile = NULL, *outfile = NULL; 113 char *infile = NULL, *outfile = NULL;
114 int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0; 114 int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0,
115 text = 0;
115#ifndef OPENSSL_NO_MD5 116#ifndef OPENSSL_NO_MD5
116 int hash_old = 0; 117 int hash_old = 0;
117#endif 118#endif
@@ -129,16 +130,15 @@ MAIN(int argc, char **argv)
129 130
130 if (bio_err == NULL) 131 if (bio_err == NULL)
131 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 132 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
132 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 133 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
133 134
134 if (!load_config(bio_err, NULL)) 135 if (!load_config(bio_err, NULL))
135 goto end; 136 goto end;
136 137
137 if (bio_out == NULL) 138 if (bio_out == NULL)
138 if ((bio_out = BIO_new(BIO_s_file())) != NULL) { 139 if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
139 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); 140 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
140 } 141 }
141
142 informat = FORMAT_PEM; 142 informat = FORMAT_PEM;
143 outformat = FORMAT_PEM; 143 outformat = FORMAT_PEM;
144 144
@@ -150,7 +150,9 @@ MAIN(int argc, char **argv)
150 if (strcmp(*argv, "-p") == 0) { 150 if (strcmp(*argv, "-p") == 0) {
151 if (--argc < 1) 151 if (--argc < 1)
152 goto bad; 152 goto bad;
153 if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ 153 if (!args_from_file(++argv, Nargc, Nargv)) {
154 goto end;
155 } */
154 } 156 }
155#endif 157#endif
156 if (strcmp(*argv, "-inform") == 0) { 158 if (strcmp(*argv, "-inform") == 0) {
@@ -164,11 +166,11 @@ MAIN(int argc, char **argv)
164 } else if (strcmp(*argv, "-in") == 0) { 166 } else if (strcmp(*argv, "-in") == 0) {
165 if (--argc < 1) 167 if (--argc < 1)
166 goto bad; 168 goto bad;
167 infile= *(++argv); 169 infile = *(++argv);
168 } else if (strcmp(*argv, "-out") == 0) { 170 } else if (strcmp(*argv, "-out") == 0) {
169 if (--argc < 1) 171 if (--argc < 1)
170 goto bad; 172 goto bad;
171 outfile= *(++argv); 173 outfile = *(++argv);
172 } else if (strcmp(*argv, "-CApath") == 0) { 174 } else if (strcmp(*argv, "-CApath") == 0) {
173 if (--argc < 1) 175 if (--argc < 1)
174 goto bad; 176 goto bad;
@@ -184,10 +186,10 @@ MAIN(int argc, char **argv)
184 else if (strcmp(*argv, "-text") == 0) 186 else if (strcmp(*argv, "-text") == 0)
185 text = 1; 187 text = 1;
186 else if (strcmp(*argv, "-hash") == 0) 188 else if (strcmp(*argv, "-hash") == 0)
187 hash= ++num; 189 hash = ++num;
188#ifndef OPENSSL_NO_MD5 190#ifndef OPENSSL_NO_MD5
189 else if (strcmp(*argv, "-hash_old") == 0) 191 else if (strcmp(*argv, "-hash_old") == 0)
190 hash_old= ++num; 192 hash_old = ++num;
191#endif 193#endif
192 else if (strcmp(*argv, "-nameopt") == 0) { 194 else if (strcmp(*argv, "-nameopt") == 0) {
193 if (--argc < 1) 195 if (--argc < 1)
@@ -195,17 +197,17 @@ MAIN(int argc, char **argv)
195 if (!set_name_ex(&nmflag, *(++argv))) 197 if (!set_name_ex(&nmflag, *(++argv)))
196 goto bad; 198 goto bad;
197 } else if (strcmp(*argv, "-issuer") == 0) 199 } else if (strcmp(*argv, "-issuer") == 0)
198 issuer= ++num; 200 issuer = ++num;
199 else if (strcmp(*argv, "-lastupdate") == 0) 201 else if (strcmp(*argv, "-lastupdate") == 0)
200 lastupdate= ++num; 202 lastupdate = ++num;
201 else if (strcmp(*argv, "-nextupdate") == 0) 203 else if (strcmp(*argv, "-nextupdate") == 0)
202 nextupdate= ++num; 204 nextupdate = ++num;
203 else if (strcmp(*argv, "-noout") == 0) 205 else if (strcmp(*argv, "-noout") == 0)
204 noout= ++num; 206 noout = ++num;
205 else if (strcmp(*argv, "-fingerprint") == 0) 207 else if (strcmp(*argv, "-fingerprint") == 0)
206 fingerprint= ++num; 208 fingerprint = ++num;
207 else if (strcmp(*argv, "-crlnumber") == 0) 209 else if (strcmp(*argv, "-crlnumber") == 0)
208 crlnumber= ++num; 210 crlnumber = ++num;
209 else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { 211 else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
210 /* ok */ 212 /* ok */
211 digest = md_alg; 213 digest = md_alg;
@@ -224,13 +226,11 @@ bad:
224 BIO_printf(bio_err, "%s", *pp); 226 BIO_printf(bio_err, "%s", *pp);
225 goto end; 227 goto end;
226 } 228 }
227
228 ERR_load_crypto_strings(); 229 ERR_load_crypto_strings();
229 x = load_crl(infile, informat); 230 x = load_crl(infile, informat);
230 if (x == NULL) { 231 if (x == NULL) {
231 goto end; 232 goto end;
232 } 233 }
233
234 if (do_ver) { 234 if (do_ver) {
235 store = X509_STORE_new(); 235 store = X509_STORE_new();
236 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); 236 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
@@ -251,7 +251,6 @@ bad:
251 "Error initialising X509 store\n"); 251 "Error initialising X509 store\n");
252 goto end; 252 goto end;
253 } 253 }
254
255 i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 254 i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
256 X509_CRL_get_issuer(x), &xobj); 255 X509_CRL_get_issuer(x), &xobj);
257 if (i <= 0) { 256 if (i <= 0) {
@@ -275,7 +274,6 @@ bad:
275 else 274 else
276 BIO_printf(bio_err, "verify OK\n"); 275 BIO_printf(bio_err, "verify OK\n");
277 } 276 }
278
279 if (num) { 277 if (num) {
280 for (i = 1; i <= num; i++) { 278 for (i = 1; i <= num; i++) {
281 if (issuer == i) { 279 if (issuer == i) {
@@ -300,8 +298,8 @@ bad:
300#ifndef OPENSSL_NO_MD5 298#ifndef OPENSSL_NO_MD5
301 if (hash_old == i) { 299 if (hash_old == i) {
302 BIO_printf(bio_out, "%08lx\n", 300 BIO_printf(bio_out, "%08lx\n",
303 X509_NAME_hash_old( 301 X509_NAME_hash_old(
304 X509_CRL_get_issuer(x))); 302 X509_CRL_get_issuer(x)));
305 } 303 }
306#endif 304#endif
307 if (lastupdate == i) { 305 if (lastupdate == i) {
@@ -330,20 +328,18 @@ bad:
330 } 328 }
331 BIO_printf(bio_out, "%s Fingerprint=", 329 BIO_printf(bio_out, "%s Fingerprint=",
332 OBJ_nid2sn(EVP_MD_type(digest))); 330 OBJ_nid2sn(EVP_MD_type(digest)));
333 for (j = 0; j < (int)n; j++) { 331 for (j = 0; j < (int) n; j++) {
334 BIO_printf(bio_out, "%02X%c", md[j], 332 BIO_printf(bio_out, "%02X%c", md[j],
335 (j + 1 == (int)n) ? '\n' : ':'); 333 (j + 1 == (int) n) ? '\n' : ':');
336 } 334 }
337 } 335 }
338 } 336 }
339 } 337 }
340
341 out = BIO_new(BIO_s_file()); 338 out = BIO_new(BIO_s_file());
342 if (out == NULL) { 339 if (out == NULL) {
343 ERR_print_errors(bio_err); 340 ERR_print_errors(bio_err);
344 goto end; 341 goto end;
345 } 342 }
346
347 if (outfile == NULL) { 343 if (outfile == NULL) {
348 BIO_set_fp(out, stdout, BIO_NOCLOSE); 344 BIO_set_fp(out, stdout, BIO_NOCLOSE);
349 } else { 345 } else {
@@ -360,9 +356,8 @@ bad:
360 ret = 0; 356 ret = 0;
361 goto end; 357 goto end;
362 } 358 }
363
364 if (outformat == FORMAT_ASN1) 359 if (outformat == FORMAT_ASN1)
365 i = (int)i2d_X509_CRL_bio(out, x); 360 i = (int) i2d_X509_CRL_bio(out, x);
366 else if (outformat == FORMAT_PEM) 361 else if (outformat == FORMAT_PEM)
367 i = PEM_write_bio_X509_CRL(out, x); 362 i = PEM_write_bio_X509_CRL(out, x);
368 else { 363 else {
@@ -385,7 +380,7 @@ end:
385 X509_STORE_free(store); 380 X509_STORE_free(store);
386 } 381 }
387 apps_shutdown(); 382 apps_shutdown();
388 return(ret); 383 return (ret);
389} 384}
390 385
391static X509_CRL * 386static X509_CRL *
@@ -399,7 +394,6 @@ load_crl(char *infile, int format)
399 ERR_print_errors(bio_err); 394 ERR_print_errors(bio_err);
400 goto end; 395 goto end;
401 } 396 }
402
403 if (infile == NULL) 397 if (infile == NULL)
404 BIO_set_fp(in, stdin, BIO_NOCLOSE); 398 BIO_set_fp(in, stdin, BIO_NOCLOSE);
405 else { 399 else {
@@ -421,7 +415,6 @@ load_crl(char *infile, int format)
421 ERR_print_errors(bio_err); 415 ERR_print_errors(bio_err);
422 goto end; 416 goto end;
423 } 417 }
424
425end: 418end:
426 BIO_free(in); 419 BIO_free(in);
427 return (x); 420 return (x);
diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c
index ce782742c4..b98260d172 100644
--- a/src/lib/libssl/src/apps/crl2p7.c
+++ b/src/lib/libssl/src/apps/crl2p7.c
@@ -71,7 +71,7 @@
71#include <openssl/pem.h> 71#include <openssl/pem.h>
72#include <openssl/objects.h> 72#include <openssl/objects.h>
73 73
74static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); 74static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile);
75#undef PROG 75#undef PROG
76#define PROG crl2pkcs7_main 76#define PROG crl2pkcs7_main
77 77
@@ -93,16 +93,16 @@ MAIN(int argc, char **argv)
93 PKCS7 *p7 = NULL; 93 PKCS7 *p7 = NULL;
94 PKCS7_SIGNED *p7s = NULL; 94 PKCS7_SIGNED *p7s = NULL;
95 X509_CRL *crl = NULL; 95 X509_CRL *crl = NULL;
96 STACK_OF(OPENSSL_STRING) *certflst = NULL; 96 STACK_OF(OPENSSL_STRING) * certflst = NULL;
97 STACK_OF(X509_CRL) *crl_stack = NULL; 97 STACK_OF(X509_CRL) * crl_stack = NULL;
98 STACK_OF(X509) *cert_stack = NULL; 98 STACK_OF(X509) * cert_stack = NULL;
99 int ret = 1, nocrl = 0; 99 int ret = 1, nocrl = 0;
100 100
101 apps_startup(); 101 apps_startup();
102 102
103 if (bio_err == NULL) 103 if (bio_err == NULL)
104 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 104 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
105 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 105 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
106 106
107 infile = NULL; 107 infile = NULL;
108 outfile = NULL; 108 outfile = NULL;
@@ -124,18 +124,19 @@ MAIN(int argc, char **argv)
124 } else if (strcmp(*argv, "-in") == 0) { 124 } else if (strcmp(*argv, "-in") == 0) {
125 if (--argc < 1) 125 if (--argc < 1)
126 goto bad; 126 goto bad;
127 infile= *(++argv); 127 infile = *(++argv);
128 } else if (strcmp(*argv, "-nocrl") == 0) { 128 } else if (strcmp(*argv, "-nocrl") == 0) {
129 nocrl = 1; 129 nocrl = 1;
130 } else if (strcmp(*argv, "-out") == 0) { 130 } else if (strcmp(*argv, "-out") == 0) {
131 if (--argc < 1) 131 if (--argc < 1)
132 goto bad; 132 goto bad;
133 outfile= *(++argv); 133 outfile = *(++argv);
134 } else if (strcmp(*argv, "-certfile") == 0) { 134 } else if (strcmp(*argv, "-certfile") == 0) {
135 if (--argc < 1) 135 if (--argc < 1)
136 goto bad; 136 goto bad;
137 if (!certflst) certflst = sk_OPENSSL_STRING_new_null(); 137 if (!certflst)
138 sk_OPENSSL_STRING_push(certflst, *(++argv)); 138 certflst = sk_OPENSSL_STRING_new_null();
139 sk_OPENSSL_STRING_push(certflst, *(++argv));
139 } else { 140 } else {
140 BIO_printf(bio_err, "unknown option %s\n", *argv); 141 BIO_printf(bio_err, "unknown option %s\n", *argv);
141 badops = 1; 142 badops = 1;
@@ -159,7 +160,6 @@ bad:
159 ret = 1; 160 ret = 1;
160 goto end; 161 goto end;
161 } 162 }
162
163 ERR_load_crypto_strings(); 163 ERR_load_crypto_strings();
164 164
165 in = BIO_new(BIO_s_file()); 165 in = BIO_new(BIO_s_file());
@@ -168,7 +168,6 @@ bad:
168 ERR_print_errors(bio_err); 168 ERR_print_errors(bio_err);
169 goto end; 169 goto end;
170 } 170 }
171
172 if (!nocrl) { 171 if (!nocrl) {
173 if (infile == NULL) 172 if (infile == NULL)
174 BIO_set_fp(in, stdin, BIO_NOCLOSE); 173 BIO_set_fp(in, stdin, BIO_NOCLOSE);
@@ -193,7 +192,6 @@ bad:
193 goto end; 192 goto end;
194 } 193 }
195 } 194 }
196
197 if ((p7 = PKCS7_new()) == NULL) 195 if ((p7 = PKCS7_new()) == NULL)
198 goto end; 196 goto end;
199 if ((p7s = PKCS7_SIGNED_new()) == NULL) 197 if ((p7s = PKCS7_SIGNED_new()) == NULL)
@@ -209,21 +207,21 @@ bad:
209 p7s->crl = crl_stack; 207 p7s->crl = crl_stack;
210 if (crl != NULL) { 208 if (crl != NULL) {
211 sk_X509_CRL_push(crl_stack, crl); 209 sk_X509_CRL_push(crl_stack, crl);
212 crl=NULL; /* now part of p7 for freeing */ 210 crl = NULL; /* now part of p7 for freeing */
213 } 211 }
214
215 if ((cert_stack = sk_X509_new_null()) == NULL) 212 if ((cert_stack = sk_X509_new_null()) == NULL)
216 goto end; 213 goto end;
217 p7s->cert = cert_stack; 214 p7s->cert = cert_stack;
218 215
219 if (certflst) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { 216 if (certflst)
220 certfile = sk_OPENSSL_STRING_value(certflst, i); 217 for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
221 if (add_certs_from_file(cert_stack, certfile) < 0) { 218 certfile = sk_OPENSSL_STRING_value(certflst, i);
222 BIO_printf(bio_err, "error loading certificates\n"); 219 if (add_certs_from_file(cert_stack, certfile) < 0) {
223 ERR_print_errors(bio_err); 220 BIO_printf(bio_err, "error loading certificates\n");
224 goto end; 221 ERR_print_errors(bio_err);
222 goto end;
223 }
225 } 224 }
226 }
227 225
228 sk_OPENSSL_STRING_free(certflst); 226 sk_OPENSSL_STRING_free(certflst);
229 227
@@ -262,7 +260,7 @@ end:
262 X509_CRL_free(crl); 260 X509_CRL_free(crl);
263 261
264 apps_shutdown(); 262 apps_shutdown();
265 return(ret); 263 return (ret);
266} 264}
267 265
268/* 266/*
@@ -276,12 +274,12 @@ end:
276 *---------------------------------------------------------------------- 274 *----------------------------------------------------------------------
277 */ 275 */
278static int 276static int
279add_certs_from_file(STACK_OF(X509) *stack, char *certfile) 277add_certs_from_file(STACK_OF(X509) * stack, char *certfile)
280{ 278{
281 BIO *in = NULL; 279 BIO *in = NULL;
282 int count = 0; 280 int count = 0;
283 int ret = -1; 281 int ret = -1;
284 STACK_OF(X509_INFO) *sk = NULL; 282 STACK_OF(X509_INFO) * sk = NULL;
285 X509_INFO *xi; 283 X509_INFO *xi;
286 284
287 in = BIO_new(BIO_s_file()); 285 in = BIO_new(BIO_s_file());
@@ -289,14 +287,12 @@ add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
289 BIO_printf(bio_err, "error opening the file, %s\n", certfile); 287 BIO_printf(bio_err, "error opening the file, %s\n", certfile);
290 goto end; 288 goto end;
291 } 289 }
292
293 /* This loads from a file, a stack of x509/crl/pkey sets */ 290 /* This loads from a file, a stack of x509/crl/pkey sets */
294 sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); 291 sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
295 if (sk == NULL) { 292 if (sk == NULL) {
296 BIO_printf(bio_err, "error reading the file, %s\n", certfile); 293 BIO_printf(bio_err, "error reading the file, %s\n", certfile);
297 goto end; 294 goto end;
298 } 295 }
299
300 /* scan over it and pull out the CRL's */ 296 /* scan over it and pull out the CRL's */
301 while (sk_X509_INFO_num(sk)) { 297 while (sk_X509_INFO_num(sk)) {
302 xi = sk_X509_INFO_shift(sk); 298 xi = sk_X509_INFO_shift(sk);
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 08641f1c5c..a68e3ce562 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -75,13 +75,13 @@
75#define PROG dgst_main 75#define PROG dgst_main
76 76
77int 77int
78do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, 78do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
79 EVP_PKEY *key, unsigned char *sigin, int siglen, 79 EVP_PKEY * key, unsigned char *sigin, int siglen,
80 const char *sig_name, const char *md_name, 80 const char *sig_name, const char *md_name,
81 const char *file, BIO *bmd); 81 const char *file, BIO * bmd);
82 82
83static void 83static void
84list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) 84list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg)
85{ 85{
86 const char *mname; 86 const char *mname;
87 /* Skip aliases */ 87 /* Skip aliases */
@@ -130,17 +130,17 @@ MAIN(int argc, char **argv)
130 char *hmac_key = NULL; 130 char *hmac_key = NULL;
131 char *mac_name = NULL; 131 char *mac_name = NULL;
132 int non_fips_allow = 0; 132 int non_fips_allow = 0;
133 STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; 133 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
134 134
135 apps_startup(); 135 apps_startup();
136 136
137 if ((buf = (unsigned char *)malloc(BUFSIZE)) == NULL) { 137 if ((buf = (unsigned char *) malloc(BUFSIZE)) == NULL) {
138 BIO_printf(bio_err, "out of memory\n"); 138 BIO_printf(bio_err, "out of memory\n");
139 goto end; 139 goto end;
140 } 140 }
141 if (bio_err == NULL) 141 if (bio_err == NULL)
142 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 142 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
143 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 143 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
144 144
145 if (!load_config(bio_err, NULL)) 145 if (!load_config(bio_err, NULL))
146 goto end; 146 goto end;
@@ -162,34 +162,34 @@ MAIN(int argc, char **argv)
162 else if (strcmp(*argv, "-rand") == 0) { 162 else if (strcmp(*argv, "-rand") == 0) {
163 if (--argc < 1) 163 if (--argc < 1)
164 break; 164 break;
165 randfile=*(++argv); 165 randfile = *(++argv);
166 } else if (strcmp(*argv, "-out") == 0) { 166 } else if (strcmp(*argv, "-out") == 0) {
167 if (--argc < 1) 167 if (--argc < 1)
168 break; 168 break;
169 outfile=*(++argv); 169 outfile = *(++argv);
170 } else if (strcmp(*argv, "-sign") == 0) { 170 } else if (strcmp(*argv, "-sign") == 0) {
171 if (--argc < 1) 171 if (--argc < 1)
172 break; 172 break;
173 keyfile=*(++argv); 173 keyfile = *(++argv);
174 } else if (!strcmp(*argv, "-passin")) { 174 } else if (!strcmp(*argv, "-passin")) {
175 if (--argc < 1) 175 if (--argc < 1)
176 break; 176 break;
177 passargin=*++argv; 177 passargin = *++argv;
178 } else if (strcmp(*argv, "-verify") == 0) { 178 } else if (strcmp(*argv, "-verify") == 0) {
179 if (--argc < 1) 179 if (--argc < 1)
180 break; 180 break;
181 keyfile=*(++argv); 181 keyfile = *(++argv);
182 want_pub = 1; 182 want_pub = 1;
183 do_verify = 1; 183 do_verify = 1;
184 } else if (strcmp(*argv, "-prverify") == 0) { 184 } else if (strcmp(*argv, "-prverify") == 0) {
185 if (--argc < 1) 185 if (--argc < 1)
186 break; 186 break;
187 keyfile=*(++argv); 187 keyfile = *(++argv);
188 do_verify = 1; 188 do_verify = 1;
189 } else if (strcmp(*argv, "-signature") == 0) { 189 } else if (strcmp(*argv, "-signature") == 0) {
190 if (--argc < 1) 190 if (--argc < 1)
191 break; 191 break;
192 sigfile=*(++argv); 192 sigfile = *(++argv);
193 } else if (strcmp(*argv, "-keyform") == 0) { 193 } else if (strcmp(*argv, "-keyform") == 0) {
194 if (--argc < 1) 194 if (--argc < 1)
195 break; 195 break;
@@ -199,7 +199,7 @@ MAIN(int argc, char **argv)
199 else if (strcmp(*argv, "-engine") == 0) { 199 else if (strcmp(*argv, "-engine") == 0) {
200 if (--argc < 1) 200 if (--argc < 1)
201 break; 201 break;
202 engine= *(++argv); 202 engine = *(++argv);
203 e = setup_engine(bio_err, engine, 0); 203 e = setup_engine(bio_err, engine, 0);
204 } 204 }
205#endif 205#endif
@@ -216,11 +216,11 @@ MAIN(int argc, char **argv)
216 else if (!strcmp(*argv, "-hmac")) { 216 else if (!strcmp(*argv, "-hmac")) {
217 if (--argc < 1) 217 if (--argc < 1)
218 break; 218 break;
219 hmac_key=*++argv; 219 hmac_key = *++argv;
220 } else if (!strcmp(*argv, "-mac")) { 220 } else if (!strcmp(*argv, "-mac")) {
221 if (--argc < 1) 221 if (--argc < 1)
222 break; 222 break;
223 mac_name=*++argv; 223 mac_name = *++argv;
224 } else if (strcmp(*argv, "-sigopt") == 0) { 224 } else if (strcmp(*argv, "-sigopt") == 0) {
225 if (--argc < 1) 225 if (--argc < 1)
226 break; 226 break;
@@ -248,9 +248,7 @@ MAIN(int argc, char **argv)
248 BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); 248 BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
249 goto end; 249 goto end;
250 } 250 }
251 251 if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
252 if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
253 {
254 BIO_printf(bio_err, "unknown option '%s'\n", *argv); 252 BIO_printf(bio_err, "unknown option '%s'\n", *argv);
255 BIO_printf(bio_err, "options are\n"); 253 BIO_printf(bio_err, "options are\n");
256 BIO_printf(bio_err, "-c to output the digest with separating colons\n"); 254 BIO_printf(bio_err, "-c to output the digest with separating colons\n");
@@ -275,32 +273,27 @@ MAIN(int argc, char **argv)
275 EVP_MD_do_all_sorted(list_md_fn, bio_err); 273 EVP_MD_do_all_sorted(list_md_fn, bio_err);
276 goto end; 274 goto end;
277 } 275 }
278
279 in = BIO_new(BIO_s_file()); 276 in = BIO_new(BIO_s_file());
280 bmd = BIO_new(BIO_f_md()); 277 bmd = BIO_new(BIO_f_md());
281 if (debug) { 278 if (debug) {
282 BIO_set_callback(in, BIO_debug_callback); 279 BIO_set_callback(in, BIO_debug_callback);
283 /* needed for windows 3.1 */ 280 /* needed for windows 3.1 */
284 BIO_set_callback_arg(in, (char *)bio_err); 281 BIO_set_callback_arg(in, (char *) bio_err);
285 } 282 }
286
287 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 283 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
288 BIO_printf(bio_err, "Error getting password\n"); 284 BIO_printf(bio_err, "Error getting password\n");
289 goto end; 285 goto end;
290 } 286 }
291
292 if ((in == NULL) || (bmd == NULL)) { 287 if ((in == NULL) || (bmd == NULL)) {
293 ERR_print_errors(bio_err); 288 ERR_print_errors(bio_err);
294 goto end; 289 goto end;
295 } 290 }
296
297 if (out_bin == -1) { 291 if (out_bin == -1) {
298 if (keyfile) 292 if (keyfile)
299 out_bin = 1; 293 out_bin = 1;
300 else 294 else
301 out_bin = 0; 295 out_bin = 0;
302 } 296 }
303
304 if (randfile) 297 if (randfile)
305 app_RAND_load_file(randfile, bio_err, 0); 298 app_RAND_load_file(randfile, bio_err, 0);
306 299
@@ -323,7 +316,6 @@ MAIN(int argc, char **argv)
323 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); 316 BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
324 goto end; 317 goto end;
325 } 318 }
326
327 if (keyfile) { 319 if (keyfile) {
328 if (want_pub) 320 if (want_pub)
329 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, 321 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
@@ -332,12 +324,13 @@ MAIN(int argc, char **argv)
332 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, 324 sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
333 e, "key file"); 325 e, "key file");
334 if (!sigkey) { 326 if (!sigkey) {
335 /* load_[pub]key() has already printed an appropriate 327 /*
336 message */ 328 * load_[pub]key() has already printed an appropriate
329 * message
330 */
337 goto end; 331 goto end;
338 } 332 }
339 } 333 }
340
341 if (mac_name) { 334 if (mac_name) {
342 EVP_PKEY_CTX *mac_ctx = NULL; 335 EVP_PKEY_CTX *mac_ctx = NULL;
343 int r = 0; 336 int r = 0;
@@ -368,20 +361,17 @@ mac_end:
368 if (r == 0) 361 if (r == 0)
369 goto end; 362 goto end;
370 } 363 }
371
372 if (non_fips_allow) { 364 if (non_fips_allow) {
373 EVP_MD_CTX *md_ctx; 365 EVP_MD_CTX *md_ctx;
374 BIO_get_md_ctx(bmd, &md_ctx); 366 BIO_get_md_ctx(bmd, &md_ctx);
375 EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 367 EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
376 } 368 }
377
378 if (hmac_key) { 369 if (hmac_key) {
379 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, 370 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
380 (unsigned char *)hmac_key, -1); 371 (unsigned char *) hmac_key, -1);
381 if (!sigkey) 372 if (!sigkey)
382 goto end; 373 goto end;
383 } 374 }
384
385 if (sigkey) { 375 if (sigkey) {
386 EVP_MD_CTX *mctx = NULL; 376 EVP_MD_CTX *mctx = NULL;
387 EVP_PKEY_CTX *pctx = NULL; 377 EVP_PKEY_CTX *pctx = NULL;
@@ -452,7 +442,6 @@ mac_end:
452 BIO_get_md_ctx(bmd, &tctx); 442 BIO_get_md_ctx(bmd, &tctx);
453 md = EVP_MD_CTX_md(tctx); 443 md = EVP_MD_CTX_md(tctx);
454 } 444 }
455
456 if (argc == 0) { 445 if (argc == 0) {
457 BIO_set_fp(in, stdin, BIO_NOCLOSE); 446 BIO_set_fp(in, stdin, BIO_NOCLOSE);
458 err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, 447 err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
@@ -483,7 +472,7 @@ mac_end:
483 } 472 }
484 if (r) 473 if (r)
485 err = r; 474 err = r;
486 (void)BIO_reset(bmd); 475 (void) BIO_reset(bmd);
487 } 476 }
488 } 477 }
489 478
@@ -507,20 +496,20 @@ end:
507 if (bmd != NULL) 496 if (bmd != NULL)
508 BIO_free(bmd); 497 BIO_free(bmd);
509 apps_shutdown(); 498 apps_shutdown();
510 return(err); 499 return (err);
511} 500}
512 501
513int 502int
514do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, 503do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
515 EVP_PKEY *key, unsigned char *sigin, int siglen, 504 EVP_PKEY * key, unsigned char *sigin, int siglen,
516 const char *sig_name, const char *md_name, 505 const char *sig_name, const char *md_name,
517 const char *file, BIO *bmd) 506 const char *file, BIO * bmd)
518{ 507{
519 size_t len; 508 size_t len;
520 int i; 509 int i;
521 510
522 for (;;) { 511 for (;;) {
523 i = BIO_read(bp, (char *)buf, BUFSIZE); 512 i = BIO_read(bp, (char *) buf, BUFSIZE);
524 if (i < 0) { 513 if (i < 0) {
525 BIO_printf(bio_err, "Read Error in %s\n", file); 514 BIO_printf(bio_err, "Read Error in %s\n", file);
526 ERR_print_errors(bio_err); 515 ERR_print_errors(bio_err);
@@ -532,7 +521,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
532 if (sigin) { 521 if (sigin) {
533 EVP_MD_CTX *ctx; 522 EVP_MD_CTX *ctx;
534 BIO_get_md_ctx(bp, &ctx); 523 BIO_get_md_ctx(bp, &ctx);
535 i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); 524 i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int) siglen);
536 if (i > 0) 525 if (i > 0)
537 BIO_printf(out, "Verified OK\n"); 526 BIO_printf(out, "Verified OK\n");
538 else if (i == 0) { 527 else if (i == 0) {
@@ -555,8 +544,8 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
555 return 1; 544 return 1;
556 } 545 }
557 } else { 546 } else {
558 len = BIO_gets(bp, (char *)buf, BUFSIZE); 547 len = BIO_gets(bp, (char *) buf, BUFSIZE);
559 if ((int)len < 0) { 548 if ((int) len < 0) {
560 ERR_print_errors(bio_err); 549 ERR_print_errors(bio_err);
561 return 1; 550 return 1;
562 } 551 }
@@ -565,7 +554,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
565 if (binout) 554 if (binout)
566 BIO_write(out, buf, len); 555 BIO_write(out, buf, len);
567 else if (sep == 2) { 556 else if (sep == 2) {
568 for (i = 0; i < (int)len; i++) 557 for (i = 0; i < (int) len; i++)
569 BIO_printf(out, "%02x", buf[i]); 558 BIO_printf(out, "%02x", buf[i]);
570 BIO_printf(out, " *%s\n", file); 559 BIO_printf(out, " *%s\n", file);
571 } else { 560 } else {
@@ -575,7 +564,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
575 BIO_printf(out, "%s(%s)= ", md_name, file); 564 BIO_printf(out, "%s(%s)= ", md_name, file);
576 else 565 else
577 BIO_printf(out, "(%s)= ", file); 566 BIO_printf(out, "(%s)= ", file);
578 for (i = 0; i < (int)len; i++) { 567 for (i = 0; i < (int) len; i++) {
579 if (sep && (i != 0)) 568 if (sep && (i != 0))
580 BIO_printf(out, ":"); 569 BIO_printf(out, ":");
581 BIO_printf(out, "%02x", buf[i]); 570 BIO_printf(out, "%02x", buf[i]);
diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c
index 109a6c0d40..1fc536d909 100644
--- a/src/lib/libssl/src/apps/dh.c
+++ b/src/lib/libssl/src/apps/dh.c
@@ -57,7 +57,7 @@
57 * [including the GNU Public Licence.] 57 * [including the GNU Public Licence.]
58 */ 58 */
59 59
60#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ 60#include <openssl/opensslconf.h>/* for OPENSSL_NO_DH */
61#ifndef OPENSSL_NO_DH 61#ifndef OPENSSL_NO_DH
62#include <stdio.h> 62#include <stdio.h>
63#include <stdlib.h> 63#include <stdlib.h>
@@ -102,7 +102,7 @@ MAIN(int argc, char **argv)
102 102
103 if (bio_err == NULL) 103 if (bio_err == NULL)
104 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 104 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
105 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 105 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
106 106
107 if (!load_config(bio_err, NULL)) 107 if (!load_config(bio_err, NULL))
108 goto end; 108 goto end;
@@ -123,27 +123,24 @@ MAIN(int argc, char **argv)
123 if (--argc < 1) 123 if (--argc < 1)
124 goto bad; 124 goto bad;
125 informat = str2fmt(*(++argv)); 125 informat = str2fmt(*(++argv));
126 } 126 } else if (strcmp(*argv, "-outform") == 0) {
127 else if (strcmp(*argv, "-outform") == 0) {
128 if (--argc < 1) 127 if (--argc < 1)
129 goto bad; 128 goto bad;
130 outformat = str2fmt(*(++argv)); 129 outformat = str2fmt(*(++argv));
131 } 130 } else if (strcmp(*argv, "-in") == 0) {
132 else if (strcmp(*argv, "-in") == 0) {
133 if (--argc < 1) 131 if (--argc < 1)
134 goto bad; 132 goto bad;
135 infile= *(++argv); 133 infile = *(++argv);
136 } 134 } else if (strcmp(*argv, "-out") == 0) {
137 else if (strcmp(*argv, "-out") == 0) {
138 if (--argc < 1) 135 if (--argc < 1)
139 goto bad; 136 goto bad;
140 outfile= *(++argv); 137 outfile = *(++argv);
141 } 138 }
142#ifndef OPENSSL_NO_ENGINE 139#ifndef OPENSSL_NO_ENGINE
143 else if (strcmp(*argv, "-engine") == 0) { 140 else if (strcmp(*argv, "-engine") == 0) {
144 if (--argc < 1) 141 if (--argc < 1)
145 goto bad; 142 goto bad;
146 engine= *(++argv); 143 engine = *(++argv);
147 } 144 }
148#endif 145#endif
149 else if (strcmp(*argv, "-check") == 0) 146 else if (strcmp(*argv, "-check") == 0)
@@ -180,7 +177,6 @@ bad:
180#endif 177#endif
181 goto end; 178 goto end;
182 } 179 }
183
184 ERR_load_crypto_strings(); 180 ERR_load_crypto_strings();
185 181
186#ifndef OPENSSL_NO_ENGINE 182#ifndef OPENSSL_NO_ENGINE
@@ -193,7 +189,6 @@ bad:
193 ERR_print_errors(bio_err); 189 ERR_print_errors(bio_err);
194 goto end; 190 goto end;
195 } 191 }
196
197 if (infile == NULL) 192 if (infile == NULL)
198 BIO_set_fp(in, stdin, BIO_NOCLOSE); 193 BIO_set_fp(in, stdin, BIO_NOCLOSE);
199 else { 194 else {
@@ -224,7 +219,6 @@ bad:
224 ERR_print_errors(bio_err); 219 ERR_print_errors(bio_err);
225 goto end; 220 goto end;
226 } 221 }
227
228 if (text) { 222 if (text) {
229 DHparams_print(out, dh); 223 DHparams_print(out, dh);
230#ifdef undef 224#ifdef undef
@@ -237,7 +231,6 @@ bad:
237 printf("recommended private length=%ld\n", dh->length); 231 printf("recommended private length=%ld\n", dh->length);
238#endif 232#endif
239 } 233 }
240
241 if (check) { 234 if (check) {
242 if (!DH_check(dh, &i)) { 235 if (!DH_check(dh, &i)) {
243 ERR_print_errors(bio_err); 236 ERR_print_errors(bio_err);
@@ -254,14 +247,13 @@ bad:
254 if (i == 0) 247 if (i == 0)
255 printf("DH parameters appear to be ok.\n"); 248 printf("DH parameters appear to be ok.\n");
256 } 249 }
257
258 if (C) { 250 if (C) {
259 unsigned char *data; 251 unsigned char *data;
260 int len, l, bits; 252 int len, l, bits;
261 253
262 len = BN_num_bytes(dh->p); 254 len = BN_num_bytes(dh->p);
263 bits = BN_num_bits(dh->p); 255 bits = BN_num_bits(dh->p);
264 data = (unsigned char *)malloc(len); 256 data = (unsigned char *) malloc(len);
265 if (data == NULL) { 257 if (data == NULL) {
266 perror("malloc"); 258 perror("malloc");
267 goto end; 259 goto end;
@@ -296,7 +288,6 @@ bad:
296 printf("\treturn(dh);\n\t}\n"); 288 printf("\treturn(dh);\n\t}\n");
297 free(data); 289 free(data);
298 } 290 }
299
300 if (!noout) { 291 if (!noout) {
301 if (outformat == FORMAT_ASN1) 292 if (outformat == FORMAT_ASN1)
302 i = i2d_DHparams_bio(out, dh); 293 i = i2d_DHparams_bio(out, dh);
@@ -322,12 +313,12 @@ end:
322 if (dh != NULL) 313 if (dh != NULL)
323 DH_free(dh); 314 DH_free(dh);
324 apps_shutdown(); 315 apps_shutdown();
325 return(ret); 316 return (ret);
326} 317}
327#else /* !OPENSSL_NO_DH */ 318#else /* !OPENSSL_NO_DH */
328 319
329# if PEDANTIC 320#if PEDANTIC
330static void *dummy = &dummy; 321static void *dummy = &dummy;
331# endif 322#endif
332 323
333#endif 324#endif
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c
index c86d5ef040..8585f8f419 100644
--- a/src/lib/libssl/src/apps/dhparam.c
+++ b/src/lib/libssl/src/apps/dhparam.c
@@ -109,7 +109,7 @@
109 * 109 *
110 */ 110 */
111 111
112#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ 112#include <openssl/opensslconf.h>/* for OPENSSL_NO_DH */
113#ifndef OPENSSL_NO_DH 113#ifndef OPENSSL_NO_DH
114#include <stdio.h> 114#include <stdio.h>
115#include <stdlib.h> 115#include <stdlib.h>
@@ -143,7 +143,7 @@
143 * -C 143 * -C
144 */ 144 */
145 145
146static int dh_cb(int p, int n, BN_GENCB *cb); 146static int dh_cb(int p, int n, BN_GENCB * cb);
147 147
148int MAIN(int, char **); 148int MAIN(int, char **);
149 149
@@ -168,7 +168,7 @@ MAIN(int argc, char **argv)
168 168
169 if (bio_err == NULL) 169 if (bio_err == NULL)
170 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 170 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
171 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 171 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
172 172
173 if (!load_config(bio_err, NULL)) 173 if (!load_config(bio_err, NULL))
174 goto end; 174 goto end;
@@ -193,17 +193,17 @@ MAIN(int argc, char **argv)
193 } else if (strcmp(*argv, "-in") == 0) { 193 } else if (strcmp(*argv, "-in") == 0) {
194 if (--argc < 1) 194 if (--argc < 1)
195 goto bad; 195 goto bad;
196 infile= *(++argv); 196 infile = *(++argv);
197 } else if (strcmp(*argv, "-out") == 0) { 197 } else if (strcmp(*argv, "-out") == 0) {
198 if (--argc < 1) 198 if (--argc < 1)
199 goto bad; 199 goto bad;
200 outfile= *(++argv); 200 outfile = *(++argv);
201 } 201 }
202#ifndef OPENSSL_NO_ENGINE 202#ifndef OPENSSL_NO_ENGINE
203 else if (strcmp(*argv, "-engine") == 0) { 203 else if (strcmp(*argv, "-engine") == 0) {
204 if (--argc < 1) 204 if (--argc < 1)
205 goto bad; 205 goto bad;
206 engine= *(++argv); 206 engine = *(++argv);
207 } 207 }
208#endif 208#endif
209 else if (strcmp(*argv, "-check") == 0) 209 else if (strcmp(*argv, "-check") == 0)
@@ -225,9 +225,8 @@ MAIN(int argc, char **argv)
225 else if (strcmp(*argv, "-rand") == 0) { 225 else if (strcmp(*argv, "-rand") == 0) {
226 if (--argc < 1) 226 if (--argc < 1)
227 goto bad; 227 goto bad;
228 inrand= *(++argv); 228 inrand = *(++argv);
229 } 229 } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
230 else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
231 goto bad; 230 goto bad;
232 argv++; 231 argv++;
233 argc--; 232 argc--;
@@ -259,7 +258,6 @@ bad:
259 BIO_printf(bio_err, " -noout no output\n"); 258 BIO_printf(bio_err, " -noout no output\n");
260 goto end; 259 goto end;
261 } 260 }
262
263 ERR_load_crypto_strings(); 261 ERR_load_crypto_strings();
264 262
265#ifndef OPENSSL_NO_ENGINE 263#ifndef OPENSSL_NO_ENGINE
@@ -300,13 +298,12 @@ bad:
300 298
301 BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); 299 BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
302 if (!dsa || !DSA_generate_parameters_ex(dsa, num, 300 if (!dsa || !DSA_generate_parameters_ex(dsa, num,
303 NULL, 0, NULL, NULL, &cb)) { 301 NULL, 0, NULL, NULL, &cb)) {
304 if (dsa) 302 if (dsa)
305 DSA_free(dsa); 303 DSA_free(dsa);
306 ERR_print_errors(bio_err); 304 ERR_print_errors(bio_err);
307 goto end; 305 goto end;
308 } 306 }
309
310 dh = DSA_dup_DH(dsa); 307 dh = DSA_dup_DH(dsa);
311 DSA_free(dsa); 308 DSA_free(dsa);
312 if (dh == NULL) { 309 if (dh == NULL) {
@@ -346,14 +343,13 @@ bad:
346 BIO_printf(bio_err, "bad input format specified\n"); 343 BIO_printf(bio_err, "bad input format specified\n");
347 goto end; 344 goto end;
348 } 345 }
349
350#ifndef OPENSSL_NO_DSA 346#ifndef OPENSSL_NO_DSA
351 if (dsaparam) { 347 if (dsaparam) {
352 DSA *dsa; 348 DSA *dsa;
353 349
354 if (informat == FORMAT_ASN1) 350 if (informat == FORMAT_ASN1)
355 dsa = d2i_DSAparams_bio(in, NULL); 351 dsa = d2i_DSAparams_bio(in, NULL);
356 else /* informat == FORMAT_PEM */ 352 else /* informat == FORMAT_PEM */
357 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); 353 dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
358 354
359 if (dsa == NULL) { 355 if (dsa == NULL) {
@@ -361,7 +357,6 @@ bad:
361 ERR_print_errors(bio_err); 357 ERR_print_errors(bio_err);
362 goto end; 358 goto end;
363 } 359 }
364
365 dh = DSA_dup_DH(dsa); 360 dh = DSA_dup_DH(dsa);
366 DSA_free(dsa); 361 DSA_free(dsa);
367 if (dh == NULL) { 362 if (dh == NULL) {
@@ -373,7 +368,7 @@ bad:
373 { 368 {
374 if (informat == FORMAT_ASN1) 369 if (informat == FORMAT_ASN1)
375 dh = d2i_DHparams_bio(in, NULL); 370 dh = d2i_DHparams_bio(in, NULL);
376 else /* informat == FORMAT_PEM */ 371 else /* informat == FORMAT_PEM */
377 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); 372 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
378 373
379 if (dh == NULL) { 374 if (dh == NULL) {
@@ -404,7 +399,6 @@ bad:
404 if (text) { 399 if (text) {
405 DHparams_print(out, dh); 400 DHparams_print(out, dh);
406 } 401 }
407
408 if (check) { 402 if (check) {
409 if (!DH_check(dh, &i)) { 403 if (!DH_check(dh, &i)) {
410 ERR_print_errors(bio_err); 404 ERR_print_errors(bio_err);
@@ -427,7 +421,7 @@ bad:
427 421
428 len = BN_num_bytes(dh->p); 422 len = BN_num_bytes(dh->p);
429 bits = BN_num_bits(dh->p); 423 bits = BN_num_bits(dh->p);
430 data = (unsigned char *)malloc(len); 424 data = (unsigned char *) malloc(len);
431 if (data == NULL) { 425 if (data == NULL) {
432 perror("malloc"); 426 perror("malloc");
433 goto end; 427 goto end;
@@ -468,13 +462,12 @@ bad:
468 printf("\treturn(dh);\n\t}\n"); 462 printf("\treturn(dh);\n\t}\n");
469 free(data); 463 free(data);
470 } 464 }
471
472 if (!noout) { 465 if (!noout) {
473 if (outformat == FORMAT_ASN1) 466 if (outformat == FORMAT_ASN1)
474 i = i2d_DHparams_bio(out, dh); 467 i = i2d_DHparams_bio(out, dh);
475 else if (outformat == FORMAT_PEM) 468 else if (outformat == FORMAT_PEM)
476 i = PEM_write_bio_DHparams(out, dh); 469 i = PEM_write_bio_DHparams(out, dh);
477 else { 470 else {
478 BIO_printf(bio_err, "bad output format specified for outfile\n"); 471 BIO_printf(bio_err, "bad output format specified for outfile\n");
479 goto end; 472 goto end;
480 } 473 }
@@ -494,12 +487,12 @@ end:
494 if (dh != NULL) 487 if (dh != NULL)
495 DH_free(dh); 488 DH_free(dh);
496 apps_shutdown(); 489 apps_shutdown();
497 return(ret); 490 return (ret);
498} 491}
499 492
500/* dh_cb is identical to dsa_cb in apps/dsaparam.c */ 493/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
501static int 494static int
502dh_cb(int p, int n, BN_GENCB *cb) 495dh_cb(int p, int n, BN_GENCB * cb)
503{ 496{
504 char c = '*'; 497 char c = '*';
505 498
@@ -512,17 +505,17 @@ dh_cb(int p, int n, BN_GENCB *cb)
512 if (p == 3) 505 if (p == 3)
513 c = '\n'; 506 c = '\n';
514 BIO_write(cb->arg, &c, 1); 507 BIO_write(cb->arg, &c, 1);
515 (void)BIO_flush(cb->arg); 508 (void) BIO_flush(cb->arg);
516#ifdef LINT 509#ifdef LINT
517 p = n; 510 p = n;
518#endif 511#endif
519 return 1; 512 return 1;
520} 513}
521 514
522#else /* !OPENSSL_NO_DH */ 515#else /* !OPENSSL_NO_DH */
523 516
524# if PEDANTIC 517#if PEDANTIC
525static void *dummy = &dummy; 518static void *dummy = &dummy;
526# endif 519#endif
527 520
528#endif 521#endif
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c
index 37b9a3ffb0..a4132de0ea 100644
--- a/src/lib/libssl/src/apps/dsa.c
+++ b/src/lib/libssl/src/apps/dsa.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ 59#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
60#ifndef OPENSSL_NO_DSA 60#ifndef OPENSSL_NO_DSA
61#include <stdio.h> 61#include <stdio.h>
62#include <stdlib.h> 62#include <stdlib.h>
@@ -119,7 +119,7 @@ MAIN(int argc, char **argv)
119 119
120 if (bio_err == NULL) 120 if (bio_err == NULL)
121 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 121 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
122 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 122 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
123 123
124 if (!load_config(bio_err, NULL)) 124 if (!load_config(bio_err, NULL))
125 goto end; 125 goto end;
@@ -147,26 +147,25 @@ MAIN(int argc, char **argv)
147 } else if (strcmp(*argv, "-in") == 0) { 147 } else if (strcmp(*argv, "-in") == 0) {
148 if (--argc < 1) 148 if (--argc < 1)
149 goto bad; 149 goto bad;
150 infile= *(++argv); 150 infile = *(++argv);
151 } 151 } else if (strcmp(*argv, "-out") == 0) {
152 else if (strcmp(*argv, "-out") == 0) {
153 if (--argc < 1) 152 if (--argc < 1)
154 goto bad; 153 goto bad;
155 outfile= *(++argv); 154 outfile = *(++argv);
156 } else if (strcmp(*argv, "-passin") == 0) { 155 } else if (strcmp(*argv, "-passin") == 0) {
157 if (--argc < 1) 156 if (--argc < 1)
158 goto bad; 157 goto bad;
159 passargin= *(++argv); 158 passargin = *(++argv);
160 } else if (strcmp(*argv, "-passout") == 0) { 159 } else if (strcmp(*argv, "-passout") == 0) {
161 if (--argc < 1) 160 if (--argc < 1)
162 goto bad; 161 goto bad;
163 passargout= *(++argv); 162 passargout = *(++argv);
164 } 163 }
165#ifndef OPENSSL_NO_ENGINE 164#ifndef OPENSSL_NO_ENGINE
166 else if (strcmp(*argv, "-engine") == 0) { 165 else if (strcmp(*argv, "-engine") == 0) {
167 if (--argc < 1) 166 if (--argc < 1)
168 goto bad; 167 goto bad;
169 engine= *(++argv); 168 engine = *(++argv);
170 } 169 }
171#endif 170#endif
172 else if (strcmp(*argv, "-pvk-strong") == 0) 171 else if (strcmp(*argv, "-pvk-strong") == 0)
@@ -228,7 +227,6 @@ bad:
228 BIO_printf(bio_err, " -modulus print the DSA public value\n"); 227 BIO_printf(bio_err, " -modulus print the DSA public value\n");
229 goto end; 228 goto end;
230 } 229 }
231
232 ERR_load_crypto_strings(); 230 ERR_load_crypto_strings();
233 231
234#ifndef OPENSSL_NO_ENGINE 232#ifndef OPENSSL_NO_ENGINE
@@ -239,14 +237,12 @@ bad:
239 BIO_printf(bio_err, "Error getting passwords\n"); 237 BIO_printf(bio_err, "Error getting passwords\n");
240 goto end; 238 goto end;
241 } 239 }
242
243 in = BIO_new(BIO_s_file()); 240 in = BIO_new(BIO_s_file());
244 out = BIO_new(BIO_s_file()); 241 out = BIO_new(BIO_s_file());
245 if ((in == NULL) || (out == NULL)) { 242 if ((in == NULL) || (out == NULL)) {
246 ERR_print_errors(bio_err); 243 ERR_print_errors(bio_err);
247 goto end; 244 goto end;
248 } 245 }
249
250 if (infile == NULL) 246 if (infile == NULL)
251 BIO_set_fp(in, stdin, BIO_NOCLOSE); 247 BIO_set_fp(in, stdin, BIO_NOCLOSE);
252 else { 248 else {
@@ -259,7 +255,7 @@ bad:
259 BIO_printf(bio_err, "read DSA key\n"); 255 BIO_printf(bio_err, "read DSA key\n");
260 256
261 { 257 {
262 EVP_PKEY *pkey; 258 EVP_PKEY *pkey;
263 259
264 if (pubin) 260 if (pubin)
265 pkey = load_pubkey(bio_err, infile, informat, 1, 261 pkey = load_pubkey(bio_err, infile, informat, 1,
@@ -278,7 +274,6 @@ bad:
278 ERR_print_errors(bio_err); 274 ERR_print_errors(bio_err);
279 goto end; 275 goto end;
280 } 276 }
281
282 if (outfile == NULL) { 277 if (outfile == NULL) {
283 BIO_set_fp(out, stdout, BIO_NOCLOSE); 278 BIO_set_fp(out, stdout, BIO_NOCLOSE);
284 } else { 279 } else {
@@ -295,13 +290,11 @@ bad:
295 goto end; 290 goto end;
296 } 291 }
297 } 292 }
298
299 if (modulus) { 293 if (modulus) {
300 fprintf(stdout, "Public Key="); 294 fprintf(stdout, "Public Key=");
301 BN_print(out, dsa->pub_key); 295 BN_print(out, dsa->pub_key);
302 fprintf(stdout, "\n"); 296 fprintf(stdout, "\n");
303 } 297 }
304
305 if (noout) 298 if (noout)
306 goto end; 299 goto end;
307 BIO_printf(bio_err, "writing DSA key\n"); 300 BIO_printf(bio_err, "writing DSA key\n");
@@ -350,12 +343,12 @@ end:
350 if (passout) 343 if (passout)
351 free(passout); 344 free(passout);
352 apps_shutdown(); 345 apps_shutdown();
353 return(ret); 346 return (ret);
354} 347}
355#else /* !OPENSSL_NO_DSA */ 348#else /* !OPENSSL_NO_DSA */
356 349
357# if PEDANTIC 350#if PEDANTIC
358static void *dummy = &dummy; 351static void *dummy = &dummy;
359# endif 352#endif
360 353
361#endif 354#endif
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index 1efa02fbcf..e2ae9bec19 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ 59#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
60/* Until the key-gen callbacks are modified to use newer prototypes, we allow 60/* Until the key-gen callbacks are modified to use newer prototypes, we allow
61 * deprecated functions for openssl-internal code */ 61 * deprecated functions for openssl-internal code */
62#ifdef OPENSSL_NO_DEPRECATED 62#ifdef OPENSSL_NO_DEPRECATED
@@ -106,7 +106,7 @@ timebomb_sigalarm(int foo)
106 106
107#endif 107#endif
108 108
109static int dsa_cb(int p, int n, BN_GENCB *cb); 109static int dsa_cb(int p, int n, BN_GENCB * cb);
110 110
111int MAIN(int, char **); 111int MAIN(int, char **);
112 112
@@ -131,7 +131,7 @@ MAIN(int argc, char **argv)
131 131
132 if (bio_err == NULL) 132 if (bio_err == NULL)
133 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 133 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
134 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 134 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
135 135
136 if (!load_config(bio_err, NULL)) 136 if (!load_config(bio_err, NULL))
137 goto end; 137 goto end;
@@ -156,11 +156,11 @@ MAIN(int argc, char **argv)
156 } else if (strcmp(*argv, "-in") == 0) { 156 } else if (strcmp(*argv, "-in") == 0) {
157 if (--argc < 1) 157 if (--argc < 1)
158 goto bad; 158 goto bad;
159 infile= *(++argv); 159 infile = *(++argv);
160 } else if (strcmp(*argv, "-out") == 0) { 160 } else if (strcmp(*argv, "-out") == 0) {
161 if (--argc < 1) 161 if (--argc < 1)
162 goto bad; 162 goto bad;
163 outfile= *(++argv); 163 outfile = *(++argv);
164 } 164 }
165#ifndef OPENSSL_NO_ENGINE 165#ifndef OPENSSL_NO_ENGINE
166 else if (strcmp(*argv, "-engine") == 0) { 166 else if (strcmp(*argv, "-engine") == 0) {
@@ -186,7 +186,7 @@ MAIN(int argc, char **argv)
186 } else if (strcmp(*argv, "-rand") == 0) { 186 } else if (strcmp(*argv, "-rand") == 0) {
187 if (--argc < 1) 187 if (--argc < 1)
188 goto bad; 188 goto bad;
189 inrand= *(++argv); 189 inrand = *(++argv);
190 need_rand = 1; 190 need_rand = 1;
191 } else if (strcmp(*argv, "-noout") == 0) 191 } else if (strcmp(*argv, "-noout") == 0)
192 noout = 1; 192 noout = 1;
@@ -225,7 +225,6 @@ bad:
225 BIO_printf(bio_err, " number number of bits to use for generating private key\n"); 225 BIO_printf(bio_err, " number number of bits to use for generating private key\n");
226 goto end; 226 goto end;
227 } 227 }
228
229 ERR_load_crypto_strings(); 228 ERR_load_crypto_strings();
230 229
231 in = BIO_new(BIO_s_file()); 230 in = BIO_new(BIO_s_file());
@@ -234,7 +233,6 @@ bad:
234 ERR_print_errors(bio_err); 233 ERR_print_errors(bio_err);
235 goto end; 234 goto end;
236 } 235 }
237
238 if (infile == NULL) 236 if (infile == NULL)
239 BIO_set_fp(in, stdin, BIO_NOCLOSE); 237 BIO_set_fp(in, stdin, BIO_NOCLOSE);
240 else { 238 else {
@@ -262,7 +260,6 @@ bad:
262 BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 260 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
263 app_RAND_load_files(inrand)); 261 app_RAND_load_files(inrand));
264 } 262 }
265
266 if (numbits > 0) { 263 if (numbits > 0) {
267 BN_GENCB cb; 264 BN_GENCB cb;
268 BN_GENCB_set(&cb, dsa_cb, bio_err); 265 BN_GENCB_set(&cb, dsa_cb, bio_err);
@@ -314,18 +311,16 @@ bad:
314 ERR_print_errors(bio_err); 311 ERR_print_errors(bio_err);
315 goto end; 312 goto end;
316 } 313 }
317
318 if (text) { 314 if (text) {
319 DSAparams_print(out, dsa); 315 DSAparams_print(out, dsa);
320 } 316 }
321
322 if (C) { 317 if (C) {
323 unsigned char *data; 318 unsigned char *data;
324 int l, len, bits_p; 319 int l, len, bits_p;
325 320
326 len = BN_num_bytes(dsa->p); 321 len = BN_num_bytes(dsa->p);
327 bits_p = BN_num_bits(dsa->p); 322 bits_p = BN_num_bits(dsa->p);
328 data = (unsigned char *)malloc(len + 20); 323 data = (unsigned char *) malloc(len + 20);
329 if (data == NULL) { 324 if (data == NULL) {
330 perror("malloc"); 325 perror("malloc");
331 goto end; 326 goto end;
@@ -370,7 +365,6 @@ bad:
370 printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); 365 printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
371 printf("\treturn(dsa);\n\t}\n"); 366 printf("\treturn(dsa);\n\t}\n");
372 } 367 }
373
374 if (!noout) { 368 if (!noout) {
375 if (outformat == FORMAT_ASN1) 369 if (outformat == FORMAT_ASN1)
376 i = i2d_DSAparams_bio(out, dsa); 370 i = i2d_DSAparams_bio(out, dsa);
@@ -420,11 +414,11 @@ end:
420 if (dsa != NULL) 414 if (dsa != NULL)
421 DSA_free(dsa); 415 DSA_free(dsa);
422 apps_shutdown(); 416 apps_shutdown();
423 return(ret); 417 return (ret);
424} 418}
425 419
426static int 420static int
427dsa_cb(int p, int n, BN_GENCB *cb) 421dsa_cb(int p, int n, BN_GENCB * cb)
428{ 422{
429 char c = '*'; 423 char c = '*';
430 424
@@ -437,7 +431,7 @@ dsa_cb(int p, int n, BN_GENCB *cb)
437 if (p == 3) 431 if (p == 3)
438 c = '\n'; 432 c = '\n';
439 BIO_write(cb->arg, &c, 1); 433 BIO_write(cb->arg, &c, 1);
440 (void)BIO_flush(cb->arg); 434 (void) BIO_flush(cb->arg);
441#ifdef LINT 435#ifdef LINT
442 p = n; 436 p = n;
443#endif 437#endif
@@ -447,10 +441,10 @@ dsa_cb(int p, int n, BN_GENCB *cb)
447#endif 441#endif
448 return 1; 442 return 1;
449} 443}
450#else /* !OPENSSL_NO_DSA */ 444#else /* !OPENSSL_NO_DSA */
451 445
452# if PEDANTIC 446#if PEDANTIC
453static void *dummy = &dummy; 447static void *dummy = &dummy;
454# endif 448#endif
455 449
456#endif 450#endif
diff --git a/src/lib/libssl/src/apps/ec.c b/src/lib/libssl/src/apps/ec.c
index 8575ba9682..2d5525d508 100644
--- a/src/lib/libssl/src/apps/ec.c
+++ b/src/lib/libssl/src/apps/ec.c
@@ -86,27 +86,27 @@ int MAIN(int, char **);
86int 86int
87MAIN(int argc, char **argv) 87MAIN(int argc, char **argv)
88{ 88{
89 int ret = 1; 89 int ret = 1;
90 EC_KEY *eckey = NULL; 90 EC_KEY *eckey = NULL;
91 const EC_GROUP *group; 91 const EC_GROUP *group;
92 int i, badops = 0; 92 int i, badops = 0;
93 const EVP_CIPHER *enc = NULL; 93 const EVP_CIPHER *enc = NULL;
94 BIO *in = NULL, *out = NULL; 94 BIO *in = NULL, *out = NULL;
95 int informat, outformat, text = 0, noout = 0; 95 int informat, outformat, text = 0, noout = 0;
96 int pubin = 0, pubout = 0, param_out = 0; 96 int pubin = 0, pubout = 0, param_out = 0;
97 char *infile, *outfile, *prog, *engine; 97 char *infile, *outfile, *prog, *engine;
98 char *passargin = NULL, *passargout = NULL; 98 char *passargin = NULL, *passargout = NULL;
99 char *passin = NULL, *passout = NULL; 99 char *passin = NULL, *passout = NULL;
100 point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 100 point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
101 int new_form = 0; 101 int new_form = 0;
102 int asn1_flag = OPENSSL_EC_NAMED_CURVE; 102 int asn1_flag = OPENSSL_EC_NAMED_CURVE;
103 int new_asn1_flag = 0; 103 int new_asn1_flag = 0;
104 104
105 apps_startup(); 105 apps_startup();
106 106
107 if (bio_err == NULL) 107 if (bio_err == NULL)
108 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 108 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
109 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 109 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
110 110
111 if (!load_config(bio_err, NULL)) 111 if (!load_config(bio_err, NULL))
112 goto end; 112 goto end;
@@ -132,23 +132,23 @@ MAIN(int argc, char **argv)
132 } else if (strcmp(*argv, "-in") == 0) { 132 } else if (strcmp(*argv, "-in") == 0) {
133 if (--argc < 1) 133 if (--argc < 1)
134 goto bad; 134 goto bad;
135 infile= *(++argv); 135 infile = *(++argv);
136 } else if (strcmp(*argv, "-out") == 0) { 136 } else if (strcmp(*argv, "-out") == 0) {
137 if (--argc < 1) 137 if (--argc < 1)
138 goto bad; 138 goto bad;
139 outfile= *(++argv); 139 outfile = *(++argv);
140 } else if (strcmp(*argv, "-passin") == 0) { 140 } else if (strcmp(*argv, "-passin") == 0) {
141 if (--argc < 1) 141 if (--argc < 1)
142 goto bad; 142 goto bad;
143 passargin= *(++argv); 143 passargin = *(++argv);
144 } else if (strcmp(*argv, "-passout") == 0) { 144 } else if (strcmp(*argv, "-passout") == 0) {
145 if (--argc < 1) 145 if (--argc < 1)
146 goto bad; 146 goto bad;
147 passargout= *(++argv); 147 passargout = *(++argv);
148 } else if (strcmp(*argv, "-engine") == 0) { 148 } else if (strcmp(*argv, "-engine") == 0) {
149 if (--argc < 1) 149 if (--argc < 1)
150 goto bad; 150 goto bad;
151 engine= *(++argv); 151 engine = *(++argv);
152 } else if (strcmp(*argv, "-noout") == 0) 152 } else if (strcmp(*argv, "-noout") == 0)
153 noout = 1; 153 noout = 1;
154 else if (strcmp(*argv, "-text") == 0) 154 else if (strcmp(*argv, "-text") == 0)
@@ -209,8 +209,8 @@ bad:
209 BIO_printf(bio_err, " -engine e use engine e, " 209 BIO_printf(bio_err, " -engine e use engine e, "
210 "possibly a hardware device.\n"); 210 "possibly a hardware device.\n");
211 BIO_printf(bio_err, " -des encrypt PEM output, " 211 BIO_printf(bio_err, " -des encrypt PEM output, "
212 "instead of 'des' every other \n" 212 "instead of 'des' every other \n"
213 " cipher " 213 " cipher "
214 "supported by OpenSSL can be used\n"); 214 "supported by OpenSSL can be used\n");
215 BIO_printf(bio_err, " -text print the key\n"); 215 BIO_printf(bio_err, " -text print the key\n");
216 BIO_printf(bio_err, " -noout don't print key out\n"); 216 BIO_printf(bio_err, " -noout don't print key out\n");
@@ -234,7 +234,6 @@ bad:
234 "explicit\n"); 234 "explicit\n");
235 goto end; 235 goto end;
236 } 236 }
237
238 ERR_load_crypto_strings(); 237 ERR_load_crypto_strings();
239 238
240#ifndef OPENSSL_NO_ENGINE 239#ifndef OPENSSL_NO_ENGINE
@@ -245,14 +244,12 @@ bad:
245 BIO_printf(bio_err, "Error getting passwords\n"); 244 BIO_printf(bio_err, "Error getting passwords\n");
246 goto end; 245 goto end;
247 } 246 }
248
249 in = BIO_new(BIO_s_file()); 247 in = BIO_new(BIO_s_file());
250 out = BIO_new(BIO_s_file()); 248 out = BIO_new(BIO_s_file());
251 if ((in == NULL) || (out == NULL)) { 249 if ((in == NULL) || (out == NULL)) {
252 ERR_print_errors(bio_err); 250 ERR_print_errors(bio_err);
253 goto end; 251 goto end;
254 } 252 }
255
256 if (infile == NULL) 253 if (infile == NULL)
257 BIO_set_fp(in, stdin, BIO_NOCLOSE); 254 BIO_set_fp(in, stdin, BIO_NOCLOSE);
258 else { 255 else {
@@ -284,7 +281,6 @@ bad:
284 ERR_print_errors(bio_err); 281 ERR_print_errors(bio_err);
285 goto end; 282 goto end;
286 } 283 }
287
288 if (outfile == NULL) { 284 if (outfile == NULL) {
289 BIO_set_fp(out, stdout, BIO_NOCLOSE); 285 BIO_set_fp(out, stdout, BIO_NOCLOSE);
290 } else { 286 } else {
@@ -308,12 +304,10 @@ bad:
308 ERR_print_errors(bio_err); 304 ERR_print_errors(bio_err);
309 goto end; 305 goto end;
310 } 306 }
311
312 if (noout) { 307 if (noout) {
313 ret = 0; 308 ret = 0;
314 goto end; 309 goto end;
315 } 310 }
316
317 BIO_printf(bio_err, "writing EC key\n"); 311 BIO_printf(bio_err, "writing EC key\n");
318 if (outformat == FORMAT_ASN1) { 312 if (outformat == FORMAT_ASN1) {
319 if (param_out) 313 if (param_out)
@@ -329,7 +323,7 @@ bad:
329 i = PEM_write_bio_EC_PUBKEY(out, eckey); 323 i = PEM_write_bio_EC_PUBKEY(out, eckey);
330 else 324 else
331 i = PEM_write_bio_ECPrivateKey(out, eckey, enc, 325 i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
332 NULL, 0, NULL, passout); 326 NULL, 0, NULL, passout);
333 } else { 327 } else {
334 BIO_printf(bio_err, "bad output format specified for " 328 BIO_printf(bio_err, "bad output format specified for "
335 "outfile\n"); 329 "outfile\n");
@@ -353,12 +347,12 @@ end:
353 if (passout) 347 if (passout)
354 free(passout); 348 free(passout);
355 apps_shutdown(); 349 apps_shutdown();
356 return(ret); 350 return (ret);
357} 351}
358#else /* !OPENSSL_NO_EC */ 352#else /* !OPENSSL_NO_EC */
359 353
360# if PEDANTIC 354#if PEDANTIC
361static void *dummy = &dummy; 355static void *dummy = &dummy;
362# endif 356#endif
363 357
364#endif 358#endif
diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c
index 1e7020ca7a..e4b7790f18 100644
--- a/src/lib/libssl/src/apps/ecparam.c
+++ b/src/lib/libssl/src/apps/ecparam.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,13 +58,13 @@
58/* ==================================================================== 58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * 60 *
61 * Portions of the attached software ("Contribution") are developed by 61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 * 63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source 64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above. 65 * license provided above.
66 * 66 *
67 * The elliptic curve binary polynomial software is originally written by 67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 * 69 *
70 */ 70 */
@@ -97,7 +97,7 @@
97 * -C - print a 'C' function creating the parameters 97 * -C - print a 'C' function creating the parameters
98 * -name arg - use the ec parameters with 'short name' name 98 * -name arg - use the ec parameters with 'short name' name
99 * -list_curves - prints a list of all currently available curve 'short names' 99 * -list_curves - prints a list of all currently available curve 'short names'
100 * -conv_form arg - specifies the point conversion form 100 * -conv_form arg - specifies the point conversion form
101 * - possible values: compressed 101 * - possible values: compressed
102 * uncompressed (default) 102 * uncompressed (default)
103 * hybrid 103 * hybrid
@@ -112,82 +112,75 @@
112 */ 112 */
113 113
114 114
115static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); 115static int ecparam_print_var(BIO *, BIGNUM *, const char *, int, unsigned char *);
116 116
117int MAIN(int, char **); 117int MAIN(int, char **);
118 118
119int MAIN(int argc, char **argv) 119int
120 { 120MAIN(int argc, char **argv)
121{
121 EC_GROUP *group = NULL; 122 EC_GROUP *group = NULL;
122 point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 123 point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
123 int new_form = 0; 124 int new_form = 0;
124 int asn1_flag = OPENSSL_EC_NAMED_CURVE; 125 int asn1_flag = OPENSSL_EC_NAMED_CURVE;
125 int new_asn1_flag = 0; 126 int new_asn1_flag = 0;
126 char *curve_name = NULL, *inrand = NULL; 127 char *curve_name = NULL, *inrand = NULL;
127 int list_curves = 0, no_seed = 0, check = 0, 128 int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0,
128 badops = 0, text = 0, i, need_rand = 0, genkey = 0; 129 i, need_rand = 0, genkey = 0;
129 char *infile = NULL, *outfile = NULL, *prog; 130 char *infile = NULL, *outfile = NULL, *prog;
130 BIO *in = NULL, *out = NULL; 131 BIO *in = NULL, *out = NULL;
131 int informat, outformat, noout = 0, C = 0, ret = 1; 132 int informat, outformat, noout = 0, C = 0, ret = 1;
132 char *engine = NULL; 133 char *engine = NULL;
133 134
134 BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, 135 BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, *ec_gen = NULL,
135 *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; 136 *ec_order = NULL, *ec_cofactor = NULL;
136 unsigned char *buffer = NULL; 137 unsigned char *buffer = NULL;
137 138
138 apps_startup(); 139 apps_startup();
139 140
140 if (bio_err == NULL) 141 if (bio_err == NULL)
141 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 142 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
142 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 143 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
143 144
144 if (!load_config(bio_err, NULL)) 145 if (!load_config(bio_err, NULL))
145 goto end; 146 goto end;
146 147
147 informat=FORMAT_PEM; 148 informat = FORMAT_PEM;
148 outformat=FORMAT_PEM; 149 outformat = FORMAT_PEM;
149 150
150 prog=argv[0]; 151 prog = argv[0];
151 argc--; 152 argc--;
152 argv++; 153 argv++;
153 while (argc >= 1) 154 while (argc >= 1) {
154 { 155 if (strcmp(*argv, "-inform") == 0) {
155 if (strcmp(*argv,"-inform") == 0) 156 if (--argc < 1)
156 { 157 goto bad;
157 if (--argc < 1) goto bad; 158 informat = str2fmt(*(++argv));
158 informat=str2fmt(*(++argv)); 159 } else if (strcmp(*argv, "-outform") == 0) {
159 } 160 if (--argc < 1)
160 else if (strcmp(*argv,"-outform") == 0) 161 goto bad;
161 { 162 outformat = str2fmt(*(++argv));
162 if (--argc < 1) goto bad; 163 } else if (strcmp(*argv, "-in") == 0) {
163 outformat=str2fmt(*(++argv)); 164 if (--argc < 1)
164 } 165 goto bad;
165 else if (strcmp(*argv,"-in") == 0) 166 infile = *(++argv);
166 { 167 } else if (strcmp(*argv, "-out") == 0) {
167 if (--argc < 1) goto bad; 168 if (--argc < 1)
168 infile= *(++argv); 169 goto bad;
169 } 170 outfile = *(++argv);
170 else if (strcmp(*argv,"-out") == 0) 171 } else if (strcmp(*argv, "-text") == 0)
171 {
172 if (--argc < 1) goto bad;
173 outfile= *(++argv);
174 }
175 else if (strcmp(*argv,"-text") == 0)
176 text = 1; 172 text = 1;
177 else if (strcmp(*argv,"-C") == 0) 173 else if (strcmp(*argv, "-C") == 0)
178 C = 1; 174 C = 1;
179 else if (strcmp(*argv,"-check") == 0) 175 else if (strcmp(*argv, "-check") == 0)
180 check = 1; 176 check = 1;
181 else if (strcmp (*argv, "-name") == 0) 177 else if (strcmp(*argv, "-name") == 0) {
182 {
183 if (--argc < 1) 178 if (--argc < 1)
184 goto bad; 179 goto bad;
185 curve_name = *(++argv); 180 curve_name = *(++argv);
186 } 181 } else if (strcmp(*argv, "-list_curves") == 0)
187 else if (strcmp(*argv, "-list_curves") == 0)
188 list_curves = 1; 182 list_curves = 1;
189 else if (strcmp(*argv, "-conv_form") == 0) 183 else if (strcmp(*argv, "-conv_form") == 0) {
190 {
191 if (--argc < 1) 184 if (--argc < 1)
192 goto bad; 185 goto bad;
193 ++argv; 186 ++argv;
@@ -200,9 +193,7 @@ int MAIN(int argc, char **argv)
200 form = POINT_CONVERSION_HYBRID; 193 form = POINT_CONVERSION_HYBRID;
201 else 194 else
202 goto bad; 195 goto bad;
203 } 196 } else if (strcmp(*argv, "-param_enc") == 0) {
204 else if (strcmp(*argv, "-param_enc") == 0)
205 {
206 if (--argc < 1) 197 if (--argc < 1)
207 goto bad; 198 goto bad;
208 ++argv; 199 ++argv;
@@ -213,153 +204,132 @@ int MAIN(int argc, char **argv)
213 asn1_flag = 0; 204 asn1_flag = 0;
214 else 205 else
215 goto bad; 206 goto bad;
216 } 207 } else if (strcmp(*argv, "-no_seed") == 0)
217 else if (strcmp(*argv, "-no_seed") == 0)
218 no_seed = 1; 208 no_seed = 1;
219 else if (strcmp(*argv, "-noout") == 0) 209 else if (strcmp(*argv, "-noout") == 0)
220 noout=1; 210 noout = 1;
221 else if (strcmp(*argv,"-genkey") == 0) 211 else if (strcmp(*argv, "-genkey") == 0) {
222 { 212 genkey = 1;
223 genkey=1; 213 need_rand = 1;
224 need_rand=1; 214 } else if (strcmp(*argv, "-rand") == 0) {
225 } 215 if (--argc < 1)
226 else if (strcmp(*argv, "-rand") == 0) 216 goto bad;
227 { 217 inrand = *(++argv);
228 if (--argc < 1) goto bad; 218 need_rand = 1;
229 inrand= *(++argv); 219 } else if (strcmp(*argv, "-engine") == 0) {
230 need_rand=1; 220 if (--argc < 1)
231 } 221 goto bad;
232 else if(strcmp(*argv, "-engine") == 0)
233 {
234 if (--argc < 1) goto bad;
235 engine = *(++argv); 222 engine = *(++argv);
236 } 223 } else {
237 else 224 BIO_printf(bio_err, "unknown option %s\n", *argv);
238 { 225 badops = 1;
239 BIO_printf(bio_err,"unknown option %s\n",*argv);
240 badops=1;
241 break; 226 break;
242 } 227 }
243 argc--; 228 argc--;
244 argv++; 229 argv++;
245 } 230 }
246 231
247 if (badops) 232 if (badops) {
248 {
249bad: 233bad:
250 BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog); 234 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
251 BIO_printf(bio_err, "where options are\n"); 235 BIO_printf(bio_err, "where options are\n");
252 BIO_printf(bio_err, " -inform arg input format - " 236 BIO_printf(bio_err, " -inform arg input format - "
253 "default PEM (DER or PEM)\n"); 237 "default PEM (DER or PEM)\n");
254 BIO_printf(bio_err, " -outform arg output format - " 238 BIO_printf(bio_err, " -outform arg output format - "
255 "default PEM\n"); 239 "default PEM\n");
256 BIO_printf(bio_err, " -in arg input file - " 240 BIO_printf(bio_err, " -in arg input file - "
257 "default stdin\n"); 241 "default stdin\n");
258 BIO_printf(bio_err, " -out arg output file - " 242 BIO_printf(bio_err, " -out arg output file - "
259 "default stdout\n"); 243 "default stdout\n");
260 BIO_printf(bio_err, " -noout do not print the " 244 BIO_printf(bio_err, " -noout do not print the "
261 "ec parameter\n"); 245 "ec parameter\n");
262 BIO_printf(bio_err, " -text print the ec " 246 BIO_printf(bio_err, " -text print the ec "
263 "parameters in text form\n"); 247 "parameters in text form\n");
264 BIO_printf(bio_err, " -check validate the ec " 248 BIO_printf(bio_err, " -check validate the ec "
265 "parameters\n"); 249 "parameters\n");
266 BIO_printf(bio_err, " -C print a 'C' " 250 BIO_printf(bio_err, " -C print a 'C' "
267 "function creating the parameters\n"); 251 "function creating the parameters\n");
268 BIO_printf(bio_err, " -name arg use the " 252 BIO_printf(bio_err, " -name arg use the "
269 "ec parameters with 'short name' name\n"); 253 "ec parameters with 'short name' name\n");
270 BIO_printf(bio_err, " -list_curves prints a list of " 254 BIO_printf(bio_err, " -list_curves prints a list of "
271 "all currently available curve 'short names'\n"); 255 "all currently available curve 'short names'\n");
272 BIO_printf(bio_err, " -conv_form arg specifies the " 256 BIO_printf(bio_err, " -conv_form arg specifies the "
273 "point conversion form \n"); 257 "point conversion form \n");
274 BIO_printf(bio_err, " possible values:" 258 BIO_printf(bio_err, " possible values:"
275 " compressed\n"); 259 " compressed\n");
276 BIO_printf(bio_err, " " 260 BIO_printf(bio_err, " "
277 " uncompressed (default)\n"); 261 " uncompressed (default)\n");
278 BIO_printf(bio_err, " " 262 BIO_printf(bio_err, " "
279 " hybrid\n"); 263 " hybrid\n");
280 BIO_printf(bio_err, " -param_enc arg specifies the way" 264 BIO_printf(bio_err, " -param_enc arg specifies the way"
281 " the ec parameters are encoded\n"); 265 " the ec parameters are encoded\n");
282 BIO_printf(bio_err, " in the asn1 der " 266 BIO_printf(bio_err, " in the asn1 der "
283 "encoding\n"); 267 "encoding\n");
284 BIO_printf(bio_err, " possible values:" 268 BIO_printf(bio_err, " possible values:"
285 " named_curve (default)\n"); 269 " named_curve (default)\n");
286 BIO_printf(bio_err, " " 270 BIO_printf(bio_err, " "
287 " explicit\n"); 271 " explicit\n");
288 BIO_printf(bio_err, " -no_seed if 'explicit'" 272 BIO_printf(bio_err, " -no_seed if 'explicit'"
289 " parameters are chosen do not" 273 " parameters are chosen do not"
290 " use the seed\n"); 274 " use the seed\n");
291 BIO_printf(bio_err, " -genkey generate ec" 275 BIO_printf(bio_err, " -genkey generate ec"
292 " key\n"); 276 " key\n");
293 BIO_printf(bio_err, " -rand file files to use for" 277 BIO_printf(bio_err, " -rand file files to use for"
294 " random number input\n"); 278 " random number input\n");
295 BIO_printf(bio_err, " -engine e use engine e, " 279 BIO_printf(bio_err, " -engine e use engine e, "
296 "possibly a hardware device\n"); 280 "possibly a hardware device\n");
297 goto end; 281 goto end;
298 } 282 }
299
300 ERR_load_crypto_strings(); 283 ERR_load_crypto_strings();
301 284
302 in=BIO_new(BIO_s_file()); 285 in = BIO_new(BIO_s_file());
303 out=BIO_new(BIO_s_file()); 286 out = BIO_new(BIO_s_file());
304 if ((in == NULL) || (out == NULL)) 287 if ((in == NULL) || (out == NULL)) {
305 {
306 ERR_print_errors(bio_err); 288 ERR_print_errors(bio_err);
307 goto end; 289 goto end;
308 } 290 }
309
310 if (infile == NULL) 291 if (infile == NULL)
311 BIO_set_fp(in,stdin,BIO_NOCLOSE); 292 BIO_set_fp(in, stdin, BIO_NOCLOSE);
312 else 293 else {
313 { 294 if (BIO_read_filename(in, infile) <= 0) {
314 if (BIO_read_filename(in,infile) <= 0)
315 {
316 perror(infile); 295 perror(infile);
317 goto end; 296 goto end;
318 }
319 }
320 if (outfile == NULL)
321 {
322 BIO_set_fp(out,stdout,BIO_NOCLOSE);
323 } 297 }
324 else 298 }
325 { 299 if (outfile == NULL) {
326 if (BIO_write_filename(out,outfile) <= 0) 300 BIO_set_fp(out, stdout, BIO_NOCLOSE);
327 { 301 } else {
302 if (BIO_write_filename(out, outfile) <= 0) {
328 perror(outfile); 303 perror(outfile);
329 goto end; 304 goto end;
330 }
331 } 305 }
306 }
332 307
333#ifndef OPENSSL_NO_ENGINE 308#ifndef OPENSSL_NO_ENGINE
334 setup_engine(bio_err, engine, 0); 309 setup_engine(bio_err, engine, 0);
335#endif 310#endif
336 311
337 if (list_curves) 312 if (list_curves) {
338 {
339 EC_builtin_curve *curves = NULL; 313 EC_builtin_curve *curves = NULL;
340 size_t crv_len = 0; 314 size_t crv_len = 0;
341 size_t n = 0; 315 size_t n = 0;
342 316
343 crv_len = EC_get_builtin_curves(NULL, 0); 317 crv_len = EC_get_builtin_curves(NULL, 0);
344 318
345 curves = malloc((int)(sizeof(EC_builtin_curve) * crv_len)); 319 curves = malloc((int) (sizeof(EC_builtin_curve) * crv_len));
346 320
347 if (curves == NULL) 321 if (curves == NULL)
348 goto end; 322 goto end;
349 323
350 if (!EC_get_builtin_curves(curves, crv_len)) 324 if (!EC_get_builtin_curves(curves, crv_len)) {
351 {
352 free(curves); 325 free(curves);
353 goto end; 326 goto end;
354 } 327 }
355 328 for (n = 0; n < crv_len; n++) {
356
357 for (n = 0; n < crv_len; n++)
358 {
359 const char *comment; 329 const char *comment;
360 const char *sname; 330 const char *sname;
361 comment = curves[n].comment; 331 comment = curves[n].comment;
362 sname = OBJ_nid2sn(curves[n].nid); 332 sname = OBJ_nid2sn(curves[n].nid);
363 if (comment == NULL) 333 if (comment == NULL)
364 comment = "CURVE DESCRIPTION NOT AVAILABLE"; 334 comment = "CURVE DESCRIPTION NOT AVAILABLE";
365 if (sname == NULL) 335 if (sname == NULL)
@@ -367,142 +337,112 @@ bad:
367 337
368 BIO_printf(out, " %-10s: ", sname); 338 BIO_printf(out, " %-10s: ", sname);
369 BIO_printf(out, "%s\n", comment); 339 BIO_printf(out, "%s\n", comment);
370 } 340 }
371 341
372 free(curves); 342 free(curves);
373 ret = 0; 343 ret = 0;
374 goto end; 344 goto end;
375 } 345 }
376 346 if (curve_name != NULL) {
377 if (curve_name != NULL)
378 {
379 int nid; 347 int nid;
380 348
381 /* workaround for the SECG curve names secp192r1 349 /*
382 * and secp256r1 (which are the same as the curves 350 * workaround for the SECG curve names secp192r1 and
383 * prime192v1 and prime256v1 defined in X9.62) 351 * secp256r1 (which are the same as the curves prime192v1 and
352 * prime256v1 defined in X9.62)
384 */ 353 */
385 if (!strcmp(curve_name, "secp192r1")) 354 if (!strcmp(curve_name, "secp192r1")) {
386 {
387 BIO_printf(bio_err, "using curve name prime192v1 " 355 BIO_printf(bio_err, "using curve name prime192v1 "
388 "instead of secp192r1\n"); 356 "instead of secp192r1\n");
389 nid = NID_X9_62_prime192v1; 357 nid = NID_X9_62_prime192v1;
390 } 358 } else if (!strcmp(curve_name, "secp256r1")) {
391 else if (!strcmp(curve_name, "secp256r1"))
392 {
393 BIO_printf(bio_err, "using curve name prime256v1 " 359 BIO_printf(bio_err, "using curve name prime256v1 "
394 "instead of secp256r1\n"); 360 "instead of secp256r1\n");
395 nid = NID_X9_62_prime256v1; 361 nid = NID_X9_62_prime256v1;
396 } 362 } else
397 else
398 nid = OBJ_sn2nid(curve_name); 363 nid = OBJ_sn2nid(curve_name);
399
400 if (nid == 0)
401 {
402 BIO_printf(bio_err, "unknown curve name (%s)\n",
403 curve_name);
404 goto end;
405 }
406 364
365 if (nid == 0) {
366 BIO_printf(bio_err, "unknown curve name (%s)\n",
367 curve_name);
368 goto end;
369 }
407 group = EC_GROUP_new_by_curve_name(nid); 370 group = EC_GROUP_new_by_curve_name(nid);
408 if (group == NULL) 371 if (group == NULL) {
409 { 372 BIO_printf(bio_err, "unable to create curve (%s)\n",
410 BIO_printf(bio_err, "unable to create curve (%s)\n", 373 curve_name);
411 curve_name);
412 goto end; 374 goto end;
413 } 375 }
414 EC_GROUP_set_asn1_flag(group, asn1_flag); 376 EC_GROUP_set_asn1_flag(group, asn1_flag);
415 EC_GROUP_set_point_conversion_form(group, form); 377 EC_GROUP_set_point_conversion_form(group, form);
416 } 378 } else if (informat == FORMAT_ASN1) {
417 else if (informat == FORMAT_ASN1)
418 {
419 group = d2i_ECPKParameters_bio(in, NULL); 379 group = d2i_ECPKParameters_bio(in, NULL);
420 } 380 } else if (informat == FORMAT_PEM) {
421 else if (informat == FORMAT_PEM) 381 group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
422 { 382 } else {
423 group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
424 }
425 else
426 {
427 BIO_printf(bio_err, "bad input format specified\n"); 383 BIO_printf(bio_err, "bad input format specified\n");
428 goto end; 384 goto end;
429 } 385 }
430 386
431 if (group == NULL) 387 if (group == NULL) {
432 { 388 BIO_printf(bio_err,
433 BIO_printf(bio_err, 389 "unable to load elliptic curve parameters\n");
434 "unable to load elliptic curve parameters\n");
435 ERR_print_errors(bio_err); 390 ERR_print_errors(bio_err);
436 goto end; 391 goto end;
437 } 392 }
438
439 if (new_form) 393 if (new_form)
440 EC_GROUP_set_point_conversion_form(group, form); 394 EC_GROUP_set_point_conversion_form(group, form);
441 395
442 if (new_asn1_flag) 396 if (new_asn1_flag)
443 EC_GROUP_set_asn1_flag(group, asn1_flag); 397 EC_GROUP_set_asn1_flag(group, asn1_flag);
444 398
445 if (no_seed) 399 if (no_seed) {
446 {
447 EC_GROUP_set_seed(group, NULL, 0); 400 EC_GROUP_set_seed(group, NULL, 0);
448 } 401 }
449 402 if (text) {
450 if (text)
451 {
452 if (!ECPKParameters_print(out, group, 0)) 403 if (!ECPKParameters_print(out, group, 0))
453 goto end; 404 goto end;
454 } 405 }
455 406 if (check) {
456 if (check)
457 {
458 if (group == NULL) 407 if (group == NULL)
459 BIO_printf(bio_err, "no elliptic curve parameters\n"); 408 BIO_printf(bio_err, "no elliptic curve parameters\n");
460 BIO_printf(bio_err, "checking elliptic curve parameters: "); 409 BIO_printf(bio_err, "checking elliptic curve parameters: ");
461 if (!EC_GROUP_check(group, NULL)) 410 if (!EC_GROUP_check(group, NULL)) {
462 {
463 BIO_printf(bio_err, "failed\n"); 411 BIO_printf(bio_err, "failed\n");
464 ERR_print_errors(bio_err); 412 ERR_print_errors(bio_err);
465 } 413 } else
466 else
467 BIO_printf(bio_err, "ok\n"); 414 BIO_printf(bio_err, "ok\n");
468
469 }
470 415
471 if (C) 416 }
472 { 417 if (C) {
473 size_t buf_len = 0, tmp_len = 0; 418 size_t buf_len = 0, tmp_len = 0;
474 const EC_POINT *point; 419 const EC_POINT *point;
475 int is_prime, len = 0; 420 int is_prime, len = 0;
476 const EC_METHOD *meth = EC_GROUP_method_of(group); 421 const EC_METHOD *meth = EC_GROUP_method_of(group);
477 422
478 if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || 423 if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
479 (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || 424 (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
480 (ec_order = BN_new()) == NULL || 425 (ec_order = BN_new()) == NULL ||
481 (ec_cofactor = BN_new()) == NULL ) 426 (ec_cofactor = BN_new()) == NULL) {
482 {
483 perror("malloc"); 427 perror("malloc");
484 goto end; 428 goto end;
485 } 429 }
486 430 is_prime = (EC_METHOD_get_field_type(meth) ==
487 is_prime = (EC_METHOD_get_field_type(meth) == 431 NID_X9_62_prime_field);
488 NID_X9_62_prime_field);
489 432
490 if (is_prime) 433 if (is_prime) {
491 {
492 if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, 434 if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
493 ec_b, NULL)) 435 ec_b, NULL))
494 goto end; 436 goto end;
495 } 437 } else {
496 else
497 {
498 /* TODO */ 438 /* TODO */
499 goto end; 439 goto end;
500 } 440 }
501 441
502 if ((point = EC_GROUP_get0_generator(group)) == NULL) 442 if ((point = EC_GROUP_get0_generator(group)) == NULL)
503 goto end; 443 goto end;
504 if (!EC_POINT_point2bn(group, point, 444 if (!EC_POINT_point2bn(group, point,
505 EC_GROUP_get_point_conversion_form(group), ec_gen, 445 EC_GROUP_get_point_conversion_form(group), ec_gen,
506 NULL)) 446 NULL))
507 goto end; 447 goto end;
508 if (!EC_GROUP_get_order(group, ec_order, NULL)) 448 if (!EC_GROUP_get_order(group, ec_order, NULL))
@@ -510,40 +450,38 @@ bad:
510 if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) 450 if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
511 goto end; 451 goto end;
512 452
513 if (!ec_p || !ec_a || !ec_b || !ec_gen || 453 if (!ec_p || !ec_a || !ec_b || !ec_gen ||
514 !ec_order || !ec_cofactor) 454 !ec_order || !ec_cofactor)
515 goto end; 455 goto end;
516 456
517 len = BN_num_bits(ec_order); 457 len = BN_num_bits(ec_order);
518 458
519 if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) 459 if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len)
520 buf_len = tmp_len; 460 buf_len = tmp_len;
521 if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) 461 if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len)
522 buf_len = tmp_len; 462 buf_len = tmp_len;
523 if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) 463 if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len)
524 buf_len = tmp_len; 464 buf_len = tmp_len;
525 if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) 465 if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len)
526 buf_len = tmp_len; 466 buf_len = tmp_len;
527 if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) 467 if ((tmp_len = (size_t) BN_num_bytes(ec_order)) > buf_len)
528 buf_len = tmp_len; 468 buf_len = tmp_len;
529 if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) 469 if ((tmp_len = (size_t) BN_num_bytes(ec_cofactor)) > buf_len)
530 buf_len = tmp_len; 470 buf_len = tmp_len;
531 471
532 buffer = (unsigned char *)malloc(buf_len); 472 buffer = (unsigned char *) malloc(buf_len);
533 473
534 if (buffer == NULL) 474 if (buffer == NULL) {
535 {
536 perror("malloc"); 475 perror("malloc");
537 goto end; 476 goto end;
538 } 477 }
539
540 ecparam_print_var(out, ec_p, "ec_p", len, buffer); 478 ecparam_print_var(out, ec_p, "ec_p", len, buffer);
541 ecparam_print_var(out, ec_a, "ec_a", len, buffer); 479 ecparam_print_var(out, ec_a, "ec_a", len, buffer);
542 ecparam_print_var(out, ec_b, "ec_b", len, buffer); 480 ecparam_print_var(out, ec_b, "ec_b", len, buffer);
543 ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); 481 ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
544 ecparam_print_var(out, ec_order, "ec_order", len, buffer); 482 ecparam_print_var(out, ec_order, "ec_order", len, buffer);
545 ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 483 ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
546 buffer); 484 buffer);
547 485
548 BIO_printf(out, "\n\n"); 486 BIO_printf(out, "\n\n");
549 487
@@ -552,42 +490,39 @@ bad:
552 BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); 490 BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
553 BIO_printf(out, "\tEC_POINT *point = NULL;\n"); 491 BIO_printf(out, "\tEC_POINT *point = NULL;\n");
554 BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " 492 BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
555 "*tmp_3 = NULL;\n\n"); 493 "*tmp_3 = NULL;\n\n");
556 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " 494 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
557 "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" 495 "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
558 "goto err;\n", len, len); 496 "goto err;\n", len, len);
559 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " 497 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
560 "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" 498 "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
561 "goto err;\n", len, len); 499 "goto err;\n", len, len);
562 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " 500 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
563 "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" 501 "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
564 "goto err;\n", len, len); 502 "goto err;\n", len, len);
565 if (is_prime) 503 if (is_prime) {
566 {
567 BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" 504 BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
568 "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" 505 "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
569 "\n\t\tgoto err;\n\n"); 506 "\n\t\tgoto err;\n\n");
570 } 507 } else {
571 else
572 {
573 /* TODO */ 508 /* TODO */
574 goto end; 509 goto end;
575 } 510 }
576 BIO_printf(out, "\t/* build generator */\n"); 511 BIO_printf(out, "\t/* build generator */\n");
577 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " 512 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
578 "sizeof(ec_gen_%d), tmp_1)) == NULL)" 513 "sizeof(ec_gen_%d), tmp_1)) == NULL)"
579 "\n\t\tgoto err;\n", len, len); 514 "\n\t\tgoto err;\n", len, len);
580 BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " 515 BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
581 "NULL, NULL);\n"); 516 "NULL, NULL);\n");
582 BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); 517 BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
583 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " 518 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
584 "sizeof(ec_order_%d), tmp_2)) == NULL)" 519 "sizeof(ec_order_%d), tmp_2)) == NULL)"
585 "\n\t\tgoto err;\n", len, len); 520 "\n\t\tgoto err;\n", len, len);
586 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " 521 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
587 "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" 522 "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
588 "\n\t\tgoto err;\n", len, len); 523 "\n\t\tgoto err;\n", len, len);
589 BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," 524 BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
590 " tmp_2, tmp_3))\n\t\tgoto err;\n"); 525 " tmp_2, tmp_3))\n\t\tgoto err;\n");
591 BIO_printf(out, "\n\tok=1;\n"); 526 BIO_printf(out, "\n\tok=1;\n");
592 BIO_printf(out, "err:\n"); 527 BIO_printf(out, "err:\n");
593 BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); 528 BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
@@ -601,38 +536,30 @@ bad:
601 BIO_printf(out, "\t\t}\n"); 536 BIO_printf(out, "\t\t}\n");
602 BIO_printf(out, "\treturn(group);\n\t}\n"); 537 BIO_printf(out, "\treturn(group);\n\t}\n");
603 } 538 }
604 539 if (!noout) {
605 if (!noout)
606 {
607 if (outformat == FORMAT_ASN1) 540 if (outformat == FORMAT_ASN1)
608 i = i2d_ECPKParameters_bio(out, group); 541 i = i2d_ECPKParameters_bio(out, group);
609 else if (outformat == FORMAT_PEM) 542 else if (outformat == FORMAT_PEM)
610 i = PEM_write_bio_ECPKParameters(out, group); 543 i = PEM_write_bio_ECPKParameters(out, group);
611 else 544 else {
612 { 545 BIO_printf(bio_err, "bad output format specified for"
613 BIO_printf(bio_err,"bad output format specified for" 546 " outfile\n");
614 " outfile\n");
615 goto end; 547 goto end;
616 } 548 }
617 if (!i) 549 if (!i) {
618 {
619 BIO_printf(bio_err, "unable to write elliptic " 550 BIO_printf(bio_err, "unable to write elliptic "
620 "curve parameters\n"); 551 "curve parameters\n");
621 ERR_print_errors(bio_err); 552 ERR_print_errors(bio_err);
622 goto end; 553 goto end;
623 }
624 } 554 }
625 555 }
626 if (need_rand) 556 if (need_rand) {
627 {
628 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 557 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
629 if (inrand != NULL) 558 if (inrand != NULL)
630 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 559 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
631 app_RAND_load_files(inrand)); 560 app_RAND_load_files(inrand));
632 } 561 }
633 562 if (genkey) {
634 if (genkey)
635 {
636 EC_KEY *eckey = EC_KEY_new(); 563 EC_KEY *eckey = EC_KEY_new();
637 564
638 if (eckey == NULL) 565 if (eckey == NULL)
@@ -642,31 +569,28 @@ bad:
642 569
643 if (EC_KEY_set_group(eckey, group) == 0) 570 if (EC_KEY_set_group(eckey, group) == 0)
644 goto end; 571 goto end;
645 572
646 if (!EC_KEY_generate_key(eckey)) 573 if (!EC_KEY_generate_key(eckey)) {
647 {
648 EC_KEY_free(eckey); 574 EC_KEY_free(eckey);
649 goto end; 575 goto end;
650 } 576 }
651 if (outformat == FORMAT_ASN1) 577 if (outformat == FORMAT_ASN1)
652 i = i2d_ECPrivateKey_bio(out, eckey); 578 i = i2d_ECPrivateKey_bio(out, eckey);
653 else if (outformat == FORMAT_PEM) 579 else if (outformat == FORMAT_PEM)
654 i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, 580 i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
655 NULL, 0, NULL, NULL); 581 NULL, 0, NULL, NULL);
656 else 582 else {
657 {
658 BIO_printf(bio_err, "bad output format specified " 583 BIO_printf(bio_err, "bad output format specified "
659 "for outfile\n"); 584 "for outfile\n");
660 EC_KEY_free(eckey); 585 EC_KEY_free(eckey);
661 goto end; 586 goto end;
662 }
663 EC_KEY_free(eckey);
664 } 587 }
665 588 EC_KEY_free(eckey);
589 }
666 if (need_rand) 590 if (need_rand)
667 app_RAND_write_file(NULL, bio_err); 591 app_RAND_write_file(NULL, bio_err);
668 592
669 ret=0; 593 ret = 0;
670end: 594end:
671 if (ec_p) 595 if (ec_p)
672 BN_free(ec_p); 596 BN_free(ec_p);
@@ -689,37 +613,36 @@ end:
689 if (group != NULL) 613 if (group != NULL)
690 EC_GROUP_free(group); 614 EC_GROUP_free(group);
691 apps_shutdown(); 615 apps_shutdown();
692 return(ret); 616 return (ret);
693} 617}
694 618
695static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, 619static int
696 int len, unsigned char *buffer) 620ecparam_print_var(BIO * out, BIGNUM * in, const char *var,
697 { 621 int len, unsigned char *buffer)
622{
698 BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); 623 BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
699 if (BN_is_zero(in)) 624 if (BN_is_zero(in))
700 BIO_printf(out, "\n\t0x00"); 625 BIO_printf(out, "\n\t0x00");
701 else 626 else {
702 {
703 int i, l; 627 int i, l;
704 628
705 l = BN_bn2bin(in, buffer); 629 l = BN_bn2bin(in, buffer);
706 for (i=0; i<l-1; i++) 630 for (i = 0; i < l - 1; i++) {
707 { 631 if ((i % 12) == 0)
708 if ((i%12) == 0)
709 BIO_printf(out, "\n\t"); 632 BIO_printf(out, "\n\t");
710 BIO_printf(out, "0x%02X,", buffer[i]); 633 BIO_printf(out, "0x%02X,", buffer[i]);
711 } 634 }
712 if ((i%12) == 0) 635 if ((i % 12) == 0)
713 BIO_printf(out, "\n\t"); 636 BIO_printf(out, "\n\t");
714 BIO_printf(out, "0x%02X", buffer[i]); 637 BIO_printf(out, "0x%02X", buffer[i]);
715 } 638 }
716 BIO_printf(out, "\n\t};\n\n"); 639 BIO_printf(out, "\n\t};\n\n");
717 return 1; 640 return 1;
718 } 641}
719#else /* !OPENSSL_NO_EC */ 642#else /* !OPENSSL_NO_EC */
720 643
721# if PEDANTIC 644#if PEDANTIC
722static void *dummy=&dummy; 645static void *dummy = &dummy;
723# endif 646#endif
724 647
725#endif 648#endif
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 11768dbe3a..ce54c39e3f 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -70,7 +70,7 @@
70#include <openssl/comp.h> 70#include <openssl/comp.h>
71#include <ctype.h> 71#include <ctype.h>
72 72
73int set_hex(char *in,unsigned char *out,int size); 73int set_hex(char *in, unsigned char *out, int size);
74#undef SIZE 74#undef SIZE
75#undef BSIZE 75#undef BSIZE
76#undef PROG 76#undef PROG
@@ -79,509 +79,463 @@ int set_hex(char *in,unsigned char *out,int size);
79#define BSIZE (8*1024) 79#define BSIZE (8*1024)
80#define PROG enc_main 80#define PROG enc_main
81 81
82static void show_ciphers(const OBJ_NAME *name,void *bio_) 82static void
83 { 83show_ciphers(const OBJ_NAME * name, void *bio_)
84 BIO *bio=bio_; 84{
85 BIO *bio = bio_;
85 static int n; 86 static int n;
86 87
87 if(!islower((unsigned char)*name->name)) 88 if (!islower((unsigned char) *name->name))
88 return; 89 return;
89 90
90 BIO_printf(bio,"-%-25s",name->name); 91 BIO_printf(bio, "-%-25s", name->name);
91 if(++n == 3) 92 if (++n == 3) {
92 { 93 BIO_printf(bio, "\n");
93 BIO_printf(bio,"\n"); 94 n = 0;
94 n=0; 95 } else
95 } 96 BIO_printf(bio, " ");
96 else 97}
97 BIO_printf(bio," ");
98 }
99 98
100int MAIN(int, char **); 99int MAIN(int, char **);
101 100
102int MAIN(int argc, char **argv) 101int
103 { 102MAIN(int argc, char **argv)
104 static const char magic[]="Salted__"; 103{
105 char mbuf[sizeof magic-1]; 104 static const char magic[] = "Salted__";
106 char *strbuf=NULL; 105 char mbuf[sizeof magic - 1];
107 unsigned char *buff=NULL,*bufsize=NULL; 106 char *strbuf = NULL;
108 int bsize=BSIZE,verbose=0; 107 unsigned char *buff = NULL, *bufsize = NULL;
109 int ret=1,inl; 108 int bsize = BSIZE, verbose = 0;
109 int ret = 1, inl;
110 int nopad = 0; 110 int nopad = 0;
111 unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; 111 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
112 unsigned char salt[PKCS5_SALT_LEN]; 112 unsigned char salt[PKCS5_SALT_LEN];
113 char *str=NULL, *passarg = NULL, *pass = NULL; 113 char *str = NULL, *passarg = NULL, *pass = NULL;
114 char *hkey=NULL,*hiv=NULL,*hsalt = NULL; 114 char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
115 char *md=NULL; 115 char *md = NULL;
116 int enc=1,printkey=0,i,base64=0; 116 int enc = 1, printkey = 0, i, base64 = 0;
117#ifdef ZLIB 117#ifdef ZLIB
118 int do_zlib=0; 118 int do_zlib = 0;
119 BIO *bzl = NULL; 119 BIO *bzl = NULL;
120#endif 120#endif
121 int debug=0,olb64=0,nosalt=0; 121 int debug = 0, olb64 = 0, nosalt = 0;
122 const EVP_CIPHER *cipher=NULL,*c; 122 const EVP_CIPHER *cipher = NULL, *c;
123 EVP_CIPHER_CTX *ctx = NULL; 123 EVP_CIPHER_CTX *ctx = NULL;
124 char *inf=NULL,*outf=NULL; 124 char *inf = NULL, *outf = NULL;
125 BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; 125 BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL,
126 *wbio = NULL;
126#define PROG_NAME_SIZE 39 127#define PROG_NAME_SIZE 39
127 char pname[PROG_NAME_SIZE+1]; 128 char pname[PROG_NAME_SIZE + 1];
128#ifndef OPENSSL_NO_ENGINE 129#ifndef OPENSSL_NO_ENGINE
129 char *engine = NULL; 130 char *engine = NULL;
130#endif 131#endif
131 const EVP_MD *dgst=NULL; 132 const EVP_MD *dgst = NULL;
132 int non_fips_allow = 0; 133 int non_fips_allow = 0;
133 134
134 apps_startup(); 135 apps_startup();
135 136
136 if (bio_err == NULL) 137 if (bio_err == NULL)
137 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 138 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
138 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 139 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
139 140
140 if (!load_config(bio_err, NULL)) 141 if (!load_config(bio_err, NULL))
141 goto end; 142 goto end;
142 143
143 /* first check the program name */ 144 /* first check the program name */
144 program_name(argv[0],pname,sizeof pname); 145 program_name(argv[0], pname, sizeof pname);
145 if (strcmp(pname,"base64") == 0) 146 if (strcmp(pname, "base64") == 0)
146 base64=1; 147 base64 = 1;
147#ifdef ZLIB 148#ifdef ZLIB
148 if (strcmp(pname,"zlib") == 0) 149 if (strcmp(pname, "zlib") == 0)
149 do_zlib=1; 150 do_zlib = 1;
150#endif 151#endif
151 152
152 cipher=EVP_get_cipherbyname(pname); 153 cipher = EVP_get_cipherbyname(pname);
153#ifdef ZLIB 154#ifdef ZLIB
154 if (!do_zlib && !base64 && (cipher == NULL) 155 if (!do_zlib && !base64 && (cipher == NULL)
155 && (strcmp(pname,"enc") != 0)) 156 && (strcmp(pname, "enc") != 0))
156#else 157#else
157 if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) 158 if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
158#endif 159#endif
159 { 160 {
160 BIO_printf(bio_err,"%s is an unknown cipher\n",pname); 161 BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
161 goto bad; 162 goto bad;
162 } 163 }
163
164 argc--; 164 argc--;
165 argv++; 165 argv++;
166 while (argc >= 1) 166 while (argc >= 1) {
167 { 167 if (strcmp(*argv, "-e") == 0)
168 if (strcmp(*argv,"-e") == 0) 168 enc = 1;
169 enc=1; 169 else if (strcmp(*argv, "-in") == 0) {
170 else if (strcmp(*argv,"-in") == 0) 170 if (--argc < 1)
171 { 171 goto bad;
172 if (--argc < 1) goto bad; 172 inf = *(++argv);
173 inf= *(++argv); 173 } else if (strcmp(*argv, "-out") == 0) {
174 } 174 if (--argc < 1)
175 else if (strcmp(*argv,"-out") == 0) 175 goto bad;
176 { 176 outf = *(++argv);
177 if (--argc < 1) goto bad; 177 } else if (strcmp(*argv, "-pass") == 0) {
178 outf= *(++argv); 178 if (--argc < 1)
179 } 179 goto bad;
180 else if (strcmp(*argv,"-pass") == 0) 180 passarg = *(++argv);
181 { 181 }
182 if (--argc < 1) goto bad;
183 passarg= *(++argv);
184 }
185#ifndef OPENSSL_NO_ENGINE 182#ifndef OPENSSL_NO_ENGINE
186 else if (strcmp(*argv,"-engine") == 0) 183 else if (strcmp(*argv, "-engine") == 0) {
187 { 184 if (--argc < 1)
188 if (--argc < 1) goto bad; 185 goto bad;
189 engine= *(++argv); 186 engine = *(++argv);
190 } 187 }
191#endif 188#endif
192 else if (strcmp(*argv,"-d") == 0) 189 else if (strcmp(*argv, "-d") == 0)
193 enc=0; 190 enc = 0;
194 else if (strcmp(*argv,"-p") == 0) 191 else if (strcmp(*argv, "-p") == 0)
195 printkey=1; 192 printkey = 1;
196 else if (strcmp(*argv,"-v") == 0) 193 else if (strcmp(*argv, "-v") == 0)
197 verbose=1; 194 verbose = 1;
198 else if (strcmp(*argv,"-nopad") == 0) 195 else if (strcmp(*argv, "-nopad") == 0)
199 nopad=1; 196 nopad = 1;
200 else if (strcmp(*argv,"-salt") == 0) 197 else if (strcmp(*argv, "-salt") == 0)
201 nosalt=0; 198 nosalt = 0;
202 else if (strcmp(*argv,"-nosalt") == 0) 199 else if (strcmp(*argv, "-nosalt") == 0)
203 nosalt=1; 200 nosalt = 1;
204 else if (strcmp(*argv,"-debug") == 0) 201 else if (strcmp(*argv, "-debug") == 0)
205 debug=1; 202 debug = 1;
206 else if (strcmp(*argv,"-P") == 0) 203 else if (strcmp(*argv, "-P") == 0)
207 printkey=2; 204 printkey = 2;
208 else if (strcmp(*argv,"-A") == 0) 205 else if (strcmp(*argv, "-A") == 0)
209 olb64=1; 206 olb64 = 1;
210 else if (strcmp(*argv,"-a") == 0) 207 else if (strcmp(*argv, "-a") == 0)
211 base64=1; 208 base64 = 1;
212 else if (strcmp(*argv,"-base64") == 0) 209 else if (strcmp(*argv, "-base64") == 0)
213 base64=1; 210 base64 = 1;
214#ifdef ZLIB 211#ifdef ZLIB
215 else if (strcmp(*argv,"-z") == 0) 212 else if (strcmp(*argv, "-z") == 0)
216 do_zlib=1; 213 do_zlib = 1;
217#endif 214#endif
218 else if (strcmp(*argv,"-bufsize") == 0) 215 else if (strcmp(*argv, "-bufsize") == 0) {
219 { 216 if (--argc < 1)
220 if (--argc < 1) goto bad; 217 goto bad;
221 bufsize=(unsigned char *)*(++argv); 218 bufsize = (unsigned char *) *(++argv);
222 } 219 } else if (strcmp(*argv, "-k") == 0) {
223 else if (strcmp(*argv,"-k") == 0) 220 if (--argc < 1)
224 { 221 goto bad;
225 if (--argc < 1) goto bad; 222 str = *(++argv);
226 str= *(++argv); 223 } else if (strcmp(*argv, "-kfile") == 0) {
227 }
228 else if (strcmp(*argv,"-kfile") == 0)
229 {
230 static char buf[128]; 224 static char buf[128];
231 FILE *infile; 225 FILE *infile;
232 char *file; 226 char *file;
233 227
234 if (--argc < 1) goto bad; 228 if (--argc < 1)
235 file= *(++argv);
236 infile=fopen(file,"r");
237 if (infile == NULL)
238 {
239 BIO_printf(bio_err,"unable to read key from '%s'\n",
240 file);
241 goto bad; 229 goto bad;
242 } 230 file = *(++argv);
243 buf[0]='\0'; 231 infile = fopen(file, "r");
244 if (!fgets(buf,sizeof buf,infile)) 232 if (infile == NULL) {
245 { 233 BIO_printf(bio_err, "unable to read key from '%s'\n",
246 BIO_printf(bio_err,"unable to read key from '%s'\n", 234 file);
247 file);
248 goto bad; 235 goto bad;
249 } 236 }
237 buf[0] = '\0';
238 if (!fgets(buf, sizeof buf, infile)) {
239 BIO_printf(bio_err, "unable to read key from '%s'\n",
240 file);
241 goto bad;
242 }
250 fclose(infile); 243 fclose(infile);
251 i=strlen(buf); 244 i = strlen(buf);
252 if ((i > 0) && 245 if ((i > 0) &&
253 ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) 246 ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
254 buf[--i]='\0'; 247 buf[--i] = '\0';
255 if ((i > 0) && 248 if ((i > 0) &&
256 ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) 249 ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
257 buf[--i]='\0'; 250 buf[--i] = '\0';
258 if (i < 1) 251 if (i < 1) {
259 { 252 BIO_printf(bio_err, "zero length password\n");
260 BIO_printf(bio_err,"zero length password\n");
261 goto bad; 253 goto bad;
262 }
263 str=buf;
264 }
265 else if (strcmp(*argv,"-K") == 0)
266 {
267 if (--argc < 1) goto bad;
268 hkey= *(++argv);
269 }
270 else if (strcmp(*argv,"-S") == 0)
271 {
272 if (--argc < 1) goto bad;
273 hsalt= *(++argv);
274 } 254 }
275 else if (strcmp(*argv,"-iv") == 0) 255 str = buf;
276 { 256 } else if (strcmp(*argv, "-K") == 0) {
277 if (--argc < 1) goto bad; 257 if (--argc < 1)
278 hiv= *(++argv); 258 goto bad;
279 } 259 hkey = *(++argv);
280 else if (strcmp(*argv,"-md") == 0) 260 } else if (strcmp(*argv, "-S") == 0) {
281 { 261 if (--argc < 1)
282 if (--argc < 1) goto bad; 262 goto bad;
283 md= *(++argv); 263 hsalt = *(++argv);
284 } 264 } else if (strcmp(*argv, "-iv") == 0) {
285 else if (strcmp(*argv,"-non-fips-allow") == 0) 265 if (--argc < 1)
266 goto bad;
267 hiv = *(++argv);
268 } else if (strcmp(*argv, "-md") == 0) {
269 if (--argc < 1)
270 goto bad;
271 md = *(++argv);
272 } else if (strcmp(*argv, "-non-fips-allow") == 0)
286 non_fips_allow = 1; 273 non_fips_allow = 1;
287 else if ((argv[0][0] == '-') && 274 else if ((argv[0][0] == '-') &&
288 ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) 275 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
289 { 276 cipher = c;
290 cipher=c; 277 } else if (strcmp(*argv, "-none") == 0)
291 } 278 cipher = NULL;
292 else if (strcmp(*argv,"-none") == 0) 279 else {
293 cipher=NULL; 280 BIO_printf(bio_err, "unknown option '%s'\n", *argv);
294 else 281 bad:
295 { 282 BIO_printf(bio_err, "options are\n");
296 BIO_printf(bio_err,"unknown option '%s'\n",*argv); 283 BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
297bad: 284 BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
298 BIO_printf(bio_err,"options are\n"); 285 BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
299 BIO_printf(bio_err,"%-14s input file\n","-in <file>"); 286 BIO_printf(bio_err, "%-14s encrypt\n", "-e");
300 BIO_printf(bio_err,"%-14s output file\n","-out <file>"); 287 BIO_printf(bio_err, "%-14s decrypt\n", "-d");
301 BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>"); 288 BIO_printf(bio_err, "%-14s base64 encode/decode, depending on encryption flag\n", "-a/-base64");
302 BIO_printf(bio_err,"%-14s encrypt\n","-e"); 289 BIO_printf(bio_err, "%-14s passphrase is the next argument\n", "-k");
303 BIO_printf(bio_err,"%-14s decrypt\n","-d"); 290 BIO_printf(bio_err, "%-14s passphrase is the first line of the file argument\n", "-kfile");
304 BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); 291 BIO_printf(bio_err, "%-14s the next argument is the md to use to create a key\n", "-md");
305 BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); 292 BIO_printf(bio_err, "%-14s from a passphrase. One of md2, md5, sha or sha1\n", "");
306 BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); 293 BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", "-S");
307 BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); 294 BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n", "-K/-iv");
308 BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); 295 BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n", "-[pP]");
309 BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); 296 BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
310 BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); 297 BIO_printf(bio_err, "%-14s disable standard block padding\n", "-nopad");
311 BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
312 BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
313 BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
314#ifndef OPENSSL_NO_ENGINE 298#ifndef OPENSSL_NO_ENGINE
315 BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); 299 BIO_printf(bio_err, "%-14s use engine e, possibly a hardware device.\n", "-engine e");
316#endif 300#endif
317 301
318 BIO_printf(bio_err,"Cipher Types\n"); 302 BIO_printf(bio_err, "Cipher Types\n");
319 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, 303 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
320 show_ciphers, 304 show_ciphers,
321 bio_err); 305 bio_err);
322 BIO_printf(bio_err,"\n"); 306 BIO_printf(bio_err, "\n");
323 307
324 goto end; 308 goto end;
325 } 309 }
326 argc--; 310 argc--;
327 argv++; 311 argv++;
328 } 312 }
329 313
330#ifndef OPENSSL_NO_ENGINE 314#ifndef OPENSSL_NO_ENGINE
331 setup_engine(bio_err, engine, 0); 315 setup_engine(bio_err, engine, 0);
332#endif 316#endif
333 317
334 if (md && (dgst=EVP_get_digestbyname(md)) == NULL) 318 if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
335 { 319 BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
336 BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
337 goto end; 320 goto end;
338 } 321 }
339 322 if (dgst == NULL) {
340 if (dgst == NULL)
341 {
342 dgst = EVP_md5(); 323 dgst = EVP_md5();
343 } 324 }
344 325 if (bufsize != NULL) {
345 if (bufsize != NULL)
346 {
347 unsigned long n; 326 unsigned long n;
348 327
349 for (n=0; *bufsize; bufsize++) 328 for (n = 0; *bufsize; bufsize++) {
350 { 329 i = *bufsize;
351 i= *bufsize;
352 if ((i <= '9') && (i >= '0')) 330 if ((i <= '9') && (i >= '0'))
353 n=n*10+i-'0'; 331 n = n * 10 + i - '0';
354 else if (i == 'k') 332 else if (i == 'k') {
355 { 333 n *= 1024;
356 n*=1024;
357 bufsize++; 334 bufsize++;
358 break; 335 break;
359 }
360 } 336 }
361 if (*bufsize != '\0') 337 }
362 { 338 if (*bufsize != '\0') {
363 BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); 339 BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
364 goto end; 340 goto end;
365 }
366
367 /* It must be large enough for a base64 encoded line */
368 if (base64 && n < 80) n=80;
369
370 bsize=(int)n;
371 if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
372 } 341 }
342 /* It must be large enough for a base64 encoded line */
343 if (base64 && n < 80)
344 n = 80;
373 345
374 strbuf=malloc(SIZE); 346 bsize = (int) n;
375 buff=(unsigned char *)malloc(EVP_ENCODE_LENGTH(bsize)); 347 if (verbose)
376 if ((buff == NULL) || (strbuf == NULL)) 348 BIO_printf(bio_err, "bufsize=%d\n", bsize);
377 { 349 }
378 BIO_printf(bio_err,"malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); 350 strbuf = malloc(SIZE);
351 buff = (unsigned char *) malloc(EVP_ENCODE_LENGTH(bsize));
352 if ((buff == NULL) || (strbuf == NULL)) {
353 BIO_printf(bio_err, "malloc failure %ld\n", (long) EVP_ENCODE_LENGTH(bsize));
379 goto end; 354 goto end;
380 } 355 }
381 356 in = BIO_new(BIO_s_file());
382 in=BIO_new(BIO_s_file()); 357 out = BIO_new(BIO_s_file());
383 out=BIO_new(BIO_s_file()); 358 if ((in == NULL) || (out == NULL)) {
384 if ((in == NULL) || (out == NULL))
385 {
386 ERR_print_errors(bio_err); 359 ERR_print_errors(bio_err);
387 goto end; 360 goto end;
388 } 361 }
389 if (debug) 362 if (debug) {
390 { 363 BIO_set_callback(in, BIO_debug_callback);
391 BIO_set_callback(in,BIO_debug_callback); 364 BIO_set_callback(out, BIO_debug_callback);
392 BIO_set_callback(out,BIO_debug_callback); 365 BIO_set_callback_arg(in, (char *) bio_err);
393 BIO_set_callback_arg(in,(char *)bio_err); 366 BIO_set_callback_arg(out, (char *) bio_err);
394 BIO_set_callback_arg(out,(char *)bio_err); 367 }
395 } 368 if (inf == NULL) {
396
397 if (inf == NULL)
398 {
399#ifndef OPENSSL_NO_SETVBUF_IONBF 369#ifndef OPENSSL_NO_SETVBUF_IONBF
400 if (bufsize != NULL) 370 if (bufsize != NULL)
401 setvbuf(stdin, (char *)NULL, _IONBF, 0); 371 setvbuf(stdin, (char *) NULL, _IONBF, 0);
402#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 372#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
403 BIO_set_fp(in,stdin,BIO_NOCLOSE); 373 BIO_set_fp(in, stdin, BIO_NOCLOSE);
404 } 374 } else {
405 else 375 if (BIO_read_filename(in, inf) <= 0) {
406 {
407 if (BIO_read_filename(in,inf) <= 0)
408 {
409 perror(inf); 376 perror(inf);
410 goto end; 377 goto end;
411 }
412 } 378 }
379 }
413 380
414 if(!str && passarg) { 381 if (!str && passarg) {
415 if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 382 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
416 BIO_printf(bio_err, "Error getting password\n"); 383 BIO_printf(bio_err, "Error getting password\n");
417 goto end; 384 goto end;
418 } 385 }
419 str = pass; 386 str = pass;
420 } 387 }
421 388 if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
422 if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) 389 for (;;) {
423 {
424 for (;;)
425 {
426 char buf[200]; 390 char buf[200];
427 391
428 (void) snprintf(buf,sizeof buf,"enter %s %s password:", 392 (void) snprintf(buf, sizeof buf, "enter %s %s password:",
429 OBJ_nid2ln(EVP_CIPHER_nid(cipher)), 393 OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
430 (enc)?"encryption":"decryption"); 394 (enc) ? "encryption" : "decryption");
431 strbuf[0]='\0'; 395 strbuf[0] = '\0';
432 i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); 396 i = EVP_read_pw_string((char *) strbuf, SIZE, buf, enc);
433 if (i == 0) 397 if (i == 0) {
434 { 398 if (strbuf[0] == '\0') {
435 if (strbuf[0] == '\0') 399 ret = 1;
436 {
437 ret=1;
438 goto end; 400 goto end;
439 }
440 str=strbuf;
441 break;
442 } 401 }
443 if (i < 0) 402 str = strbuf;
444 { 403 break;
445 BIO_printf(bio_err,"bad password read\n"); 404 }
405 if (i < 0) {
406 BIO_printf(bio_err, "bad password read\n");
446 goto end; 407 goto end;
447 }
448 } 408 }
449 } 409 }
450 410 }
451 411 if (outf == NULL) {
452 if (outf == NULL) 412 BIO_set_fp(out, stdout, BIO_NOCLOSE);
453 {
454 BIO_set_fp(out,stdout,BIO_NOCLOSE);
455#ifndef OPENSSL_NO_SETVBUF_IONBF 413#ifndef OPENSSL_NO_SETVBUF_IONBF
456 if (bufsize != NULL) 414 if (bufsize != NULL)
457 setvbuf(stdout, (char *)NULL, _IONBF, 0); 415 setvbuf(stdout, (char *) NULL, _IONBF, 0);
458#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 416#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
459 } 417 } else {
460 else 418 if (BIO_write_filename(out, outf) <= 0) {
461 {
462 if (BIO_write_filename(out,outf) <= 0)
463 {
464 perror(outf); 419 perror(outf);
465 goto end; 420 goto end;
466 }
467 } 421 }
422 }
468 423
469 rbio=in; 424 rbio = in;
470 wbio=out; 425 wbio = out;
471 426
472#ifdef ZLIB 427#ifdef ZLIB
473 428
474 if (do_zlib) 429 if (do_zlib) {
475 { 430 if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
476 if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
477 goto end; 431 goto end;
478 if (enc) 432 if (enc)
479 wbio=BIO_push(bzl,wbio); 433 wbio = BIO_push(bzl, wbio);
480 else 434 else
481 rbio=BIO_push(bzl,rbio); 435 rbio = BIO_push(bzl, rbio);
482 } 436 }
483#endif 437#endif
484 438
485 if (base64) 439 if (base64) {
486 { 440 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
487 if ((b64=BIO_new(BIO_f_base64())) == NULL)
488 goto end; 441 goto end;
489 if (debug) 442 if (debug) {
490 { 443 BIO_set_callback(b64, BIO_debug_callback);
491 BIO_set_callback(b64,BIO_debug_callback); 444 BIO_set_callback_arg(b64, (char *) bio_err);
492 BIO_set_callback_arg(b64,(char *)bio_err); 445 }
493 }
494 if (olb64) 446 if (olb64)
495 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); 447 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
496 if (enc) 448 if (enc)
497 wbio=BIO_push(b64,wbio); 449 wbio = BIO_push(b64, wbio);
498 else 450 else
499 rbio=BIO_push(b64,rbio); 451 rbio = BIO_push(b64, rbio);
500 } 452 }
501 453 if (cipher != NULL) {
502 if (cipher != NULL) 454 /*
503 { 455 * Note that str is NULL if a key was passed on the command
504 /* Note that str is NULL if a key was passed on the command
505 * line, so we get no salt in that case. Is this a bug? 456 * line, so we get no salt in that case. Is this a bug?
506 */ 457 */
507 if (str != NULL) 458 if (str != NULL) {
508 { 459 /*
509 /* Salt handling: if encrypting generate a salt and 460 * Salt handling: if encrypting generate a salt and
510 * write to output BIO. If decrypting read salt from 461 * write to output BIO. If decrypting read salt from
511 * input BIO. 462 * input BIO.
512 */ 463 */
513 unsigned char *sptr; 464 unsigned char *sptr;
514 if(nosalt) sptr = NULL; 465 if (nosalt)
466 sptr = NULL;
515 else { 467 else {
516 if(enc) { 468 if (enc) {
517 if(hsalt) { 469 if (hsalt) {
518 if(!set_hex(hsalt,salt,sizeof salt)) { 470 if (!set_hex(hsalt, salt, sizeof salt)) {
519 BIO_printf(bio_err, 471 BIO_printf(bio_err,
520 "invalid hex salt value\n"); 472 "invalid hex salt value\n");
521 goto end; 473 goto end;
522 } 474 }
523 } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) 475 } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
524 goto end; 476 goto end;
525 /* If -P option then don't bother writing */ 477 /*
526 if((printkey != 2) 478 * If -P option then don't bother
527 && (BIO_write(wbio,magic, 479 * writing
528 sizeof magic-1) != sizeof magic-1 480 */
529 || BIO_write(wbio, 481 if ((printkey != 2)
530 (char *)salt, 482 && (BIO_write(wbio, magic,
531 sizeof salt) != sizeof salt)) { 483 sizeof magic - 1) != sizeof magic - 1
532 BIO_printf(bio_err,"error writing output file\n"); 484 || BIO_write(wbio,
485 (char *) salt,
486 sizeof salt) != sizeof salt)) {
487 BIO_printf(bio_err, "error writing output file\n");
533 goto end; 488 goto end;
534 } 489 }
535 } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf 490 } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
536 || BIO_read(rbio, 491 || BIO_read(rbio,
537 (unsigned char *)salt, 492 (unsigned char *) salt,
538 sizeof salt) != sizeof salt) { 493 sizeof salt) != sizeof salt) {
539 BIO_printf(bio_err,"error reading input file\n"); 494 BIO_printf(bio_err, "error reading input file\n");
495 goto end;
496 } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
497 BIO_printf(bio_err, "bad magic number\n");
540 goto end; 498 goto end;
541 } else if(memcmp(mbuf,magic,sizeof magic-1)) {
542 BIO_printf(bio_err,"bad magic number\n");
543 goto end;
544 } 499 }
545
546 sptr = salt; 500 sptr = salt;
547 } 501 }
548 502
549 EVP_BytesToKey(cipher,dgst,sptr, 503 EVP_BytesToKey(cipher, dgst, sptr,
550 (unsigned char *)str, 504 (unsigned char *) str,
551 strlen(str),1,key,iv); 505 strlen(str), 1, key, iv);
552 /* zero the complete buffer or the string 506 /*
553 * passed from the command line 507 * zero the complete buffer or the string passed from
554 * bug picked up by 508 * the command line bug picked up by Larry J. Hughes
555 * Larry J. Hughes Jr. <hughes@indiana.edu> */ 509 * Jr. <hughes@indiana.edu>
510 */
556 if (str == strbuf) 511 if (str == strbuf)
557 OPENSSL_cleanse(str,SIZE); 512 OPENSSL_cleanse(str, SIZE);
558 else 513 else
559 OPENSSL_cleanse(str,strlen(str)); 514 OPENSSL_cleanse(str, strlen(str));
560 } 515 }
561 if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) 516 if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
562 { 517 BIO_printf(bio_err, "invalid hex iv value\n");
563 BIO_printf(bio_err,"invalid hex iv value\n");
564 goto end; 518 goto end;
565 } 519 }
566 if ((hiv == NULL) && (str == NULL) 520 if ((hiv == NULL) && (str == NULL)
567 && EVP_CIPHER_iv_length(cipher) != 0) 521 && EVP_CIPHER_iv_length(cipher) != 0) {
568 { 522 /*
569 /* No IV was explicitly set and no IV was generated 523 * No IV was explicitly set and no IV was generated
570 * during EVP_BytesToKey. Hence the IV is undefined, 524 * during EVP_BytesToKey. Hence the IV is undefined,
571 * making correct decryption impossible. */ 525 * making correct decryption impossible.
526 */
572 BIO_printf(bio_err, "iv undefined\n"); 527 BIO_printf(bio_err, "iv undefined\n");
573 goto end; 528 goto end;
574 } 529 }
575 if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) 530 if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
576 { 531 BIO_printf(bio_err, "invalid hex key value\n");
577 BIO_printf(bio_err,"invalid hex key value\n");
578 goto end; 532 goto end;
579 } 533 }
580 534 if ((benc = BIO_new(BIO_f_cipher())) == NULL)
581 if ((benc=BIO_new(BIO_f_cipher())) == NULL)
582 goto end; 535 goto end;
583 536
584 /* Since we may be changing parameters work on the encryption 537 /*
538 * Since we may be changing parameters work on the encryption
585 * context rather than calling BIO_set_cipher(). 539 * context rather than calling BIO_set_cipher().
586 */ 540 */
587 541
@@ -589,138 +543,129 @@ bad:
589 543
590 if (non_fips_allow) 544 if (non_fips_allow)
591 EVP_CIPHER_CTX_set_flags(ctx, 545 EVP_CIPHER_CTX_set_flags(ctx,
592 EVP_CIPH_FLAG_NON_FIPS_ALLOW); 546 EVP_CIPH_FLAG_NON_FIPS_ALLOW);
593 547
594 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 548 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
595 {
596 BIO_printf(bio_err, "Error setting cipher %s\n", 549 BIO_printf(bio_err, "Error setting cipher %s\n",
597 EVP_CIPHER_name(cipher)); 550 EVP_CIPHER_name(cipher));
598 ERR_print_errors(bio_err); 551 ERR_print_errors(bio_err);
599 goto end; 552 goto end;
600 } 553 }
601
602 if (nopad) 554 if (nopad)
603 EVP_CIPHER_CTX_set_padding(ctx, 0); 555 EVP_CIPHER_CTX_set_padding(ctx, 0);
604 556
605 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 557 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
606 {
607 BIO_printf(bio_err, "Error setting cipher %s\n", 558 BIO_printf(bio_err, "Error setting cipher %s\n",
608 EVP_CIPHER_name(cipher)); 559 EVP_CIPHER_name(cipher));
609 ERR_print_errors(bio_err); 560 ERR_print_errors(bio_err);
610 goto end; 561 goto end;
611 } 562 }
612 563 if (debug) {
613 if (debug) 564 BIO_set_callback(benc, BIO_debug_callback);
614 { 565 BIO_set_callback_arg(benc, (char *) bio_err);
615 BIO_set_callback(benc,BIO_debug_callback); 566 }
616 BIO_set_callback_arg(benc,(char *)bio_err); 567 if (printkey) {
617 } 568 if (!nosalt) {
618
619 if (printkey)
620 {
621 if (!nosalt)
622 {
623 printf("salt="); 569 printf("salt=");
624 for (i=0; i<(int)sizeof(salt); i++) 570 for (i = 0; i < (int) sizeof(salt); i++)
625 printf("%02X",salt[i]); 571 printf("%02X", salt[i]);
626 printf("\n"); 572 printf("\n");
627 } 573 }
628 if (cipher->key_len > 0) 574 if (cipher->key_len > 0) {
629 {
630 printf("key="); 575 printf("key=");
631 for (i=0; i<cipher->key_len; i++) 576 for (i = 0; i < cipher->key_len; i++)
632 printf("%02X",key[i]); 577 printf("%02X", key[i]);
633 printf("\n"); 578 printf("\n");
634 } 579 }
635 if (cipher->iv_len > 0) 580 if (cipher->iv_len > 0) {
636 {
637 printf("iv ="); 581 printf("iv =");
638 for (i=0; i<cipher->iv_len; i++) 582 for (i = 0; i < cipher->iv_len; i++)
639 printf("%02X",iv[i]); 583 printf("%02X", iv[i]);
640 printf("\n"); 584 printf("\n");
641 } 585 }
642 if (printkey == 2) 586 if (printkey == 2) {
643 { 587 ret = 0;
644 ret=0;
645 goto end; 588 goto end;
646 }
647 } 589 }
648 } 590 }
649 591 }
650 /* Only encrypt/decrypt as we write the file */ 592 /* Only encrypt/decrypt as we write the file */
651 if (benc != NULL) 593 if (benc != NULL)
652 wbio=BIO_push(benc,wbio); 594 wbio = BIO_push(benc, wbio);
653 595
654 for (;;) 596 for (;;) {
655 { 597 inl = BIO_read(rbio, (char *) buff, bsize);
656 inl=BIO_read(rbio,(char *)buff,bsize); 598 if (inl <= 0)
657 if (inl <= 0) break; 599 break;
658 if (BIO_write(wbio,(char *)buff,inl) != inl) 600 if (BIO_write(wbio, (char *) buff, inl) != inl) {
659 { 601 BIO_printf(bio_err, "error writing output file\n");
660 BIO_printf(bio_err,"error writing output file\n");
661 goto end; 602 goto end;
662 }
663 } 603 }
664 if (!BIO_flush(wbio)) 604 }
665 { 605 if (!BIO_flush(wbio)) {
666 BIO_printf(bio_err,"bad decrypt\n"); 606 BIO_printf(bio_err, "bad decrypt\n");
667 goto end; 607 goto end;
668 } 608 }
669 609 ret = 0;
670 ret=0; 610 if (verbose) {
671 if (verbose) 611 BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
672 { 612 BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
673 BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); 613 }
674 BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
675 }
676end: 614end:
677 ERR_print_errors(bio_err); 615 ERR_print_errors(bio_err);
678 if (strbuf != NULL) free(strbuf); 616 if (strbuf != NULL)
679 if (buff != NULL) free(buff); 617 free(strbuf);
680 if (in != NULL) BIO_free(in); 618 if (buff != NULL)
681 if (out != NULL) BIO_free_all(out); 619 free(buff);
682 if (benc != NULL) BIO_free(benc); 620 if (in != NULL)
683 if (b64 != NULL) BIO_free(b64); 621 BIO_free(in);
622 if (out != NULL)
623 BIO_free_all(out);
624 if (benc != NULL)
625 BIO_free(benc);
626 if (b64 != NULL)
627 BIO_free(b64);
684#ifdef ZLIB 628#ifdef ZLIB
685 if (bzl != NULL) BIO_free(bzl); 629 if (bzl != NULL)
630 BIO_free(bzl);
686#endif 631#endif
687 if(pass) free(pass); 632 if (pass)
633 free(pass);
688 apps_shutdown(); 634 apps_shutdown();
689 return(ret); 635 return (ret);
690 } 636}
691 637
692int set_hex(char *in, unsigned char *out, int size) 638int
693 { 639set_hex(char *in, unsigned char *out, int size)
694 int i,n; 640{
641 int i, n;
695 unsigned char j; 642 unsigned char j;
696 643
697 n=strlen(in); 644 n = strlen(in);
698 if (n > (size*2)) 645 if (n > (size * 2)) {
699 { 646 BIO_printf(bio_err, "hex string is too long\n");
700 BIO_printf(bio_err,"hex string is too long\n"); 647 return (0);
701 return(0); 648 }
702 } 649 memset(out, 0, size);
703 memset(out,0,size); 650 for (i = 0; i < n; i++) {
704 for (i=0; i<n; i++) 651 j = (unsigned char) *in;
705 { 652 *(in++) = '\0';
706 j=(unsigned char)*in; 653 if (j == 0)
707 *(in++)='\0'; 654 break;
708 if (j == 0) break;
709 if ((j >= '0') && (j <= '9')) 655 if ((j >= '0') && (j <= '9'))
710 j-='0'; 656 j -= '0';
711 else if ((j >= 'A') && (j <= 'F')) 657 else if ((j >= 'A') && (j <= 'F'))
712 j=j-'A'+10; 658 j = j - 'A' + 10;
713 else if ((j >= 'a') && (j <= 'f')) 659 else if ((j >= 'a') && (j <= 'f'))
714 j=j-'a'+10; 660 j = j - 'a' + 10;
715 else 661 else {
716 { 662 BIO_printf(bio_err, "non-hex digit\n");
717 BIO_printf(bio_err,"non-hex digit\n"); 663 return (0);
718 return(0);
719 }
720 if (i&1)
721 out[i/2]|=j;
722 else
723 out[i/2]=(j<<4);
724 } 664 }
725 return(1); 665 if (i & 1)
666 out[i / 2] |= j;
667 else
668 out[i / 2] = (j << 4);
726 } 669 }
670 return (1);
671}
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index b9f3121b9f..5cfd3e7677 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -72,53 +72,51 @@
72#undef PROG 72#undef PROG
73#define PROG engine_main 73#define PROG engine_main
74 74
75static const char *engine_usage[]={ 75static const char *engine_usage[] = {
76"usage: engine opts [engine ...]\n", 76 "usage: engine opts [engine ...]\n",
77" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", 77 " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
78" -vv will additionally display each command's description\n", 78 " -vv will additionally display each command's description\n",
79" -vvv will also add the input flags for each command\n", 79 " -vvv will also add the input flags for each command\n",
80" -vvvv will also show internal input flags\n", 80 " -vvvv will also show internal input flags\n",
81" -c - for each engine, also list the capabilities\n", 81 " -c - for each engine, also list the capabilities\n",
82" -t[t] - for each engine, check that they are really available\n", 82 " -t[t] - for each engine, check that they are really available\n",
83" -tt will display error trace for unavailable engines\n", 83 " -tt will display error trace for unavailable engines\n",
84" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", 84 " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
85" to load it (if -t is used)\n", 85 " to load it (if -t is used)\n",
86" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", 86 " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
87" (only used if -t is also provided)\n", 87 " (only used if -t is also provided)\n",
88" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", 88 " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
89" line, or all supported ENGINEs if none are specified.\n", 89 " line, or all supported ENGINEs if none are specified.\n",
90" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", 90 " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
91" argument \"/lib/libdriver.so\".\n", 91 " argument \"/lib/libdriver.so\".\n",
92NULL 92 NULL
93}; 93};
94 94
95static void identity(char *ptr) 95static void
96 { 96identity(char *ptr)
97{
97 return; 98 return;
98 } 99}
99 100
100static int append_buf(char **buf, const char *s, int *size, int step) 101static int
101 { 102append_buf(char **buf, const char *s, int *size, int step)
103{
102 int l = strlen(s); 104 int l = strlen(s);
103 105
104 if (*buf == NULL) 106 if (*buf == NULL) {
105 {
106 *size = step; 107 *size = step;
107 *buf = malloc(*size); 108 *buf = malloc(*size);
108 if (*buf == NULL) 109 if (*buf == NULL)
109 return 0; 110 return 0;
110 **buf = '\0'; 111 **buf = '\0';
111 } 112 }
112
113 if (**buf != '\0') 113 if (**buf != '\0')
114 l += 2; /* ", " */ 114 l += 2; /* ", " */
115 115
116 if (strlen(*buf) + strlen(s) >= (unsigned int)*size) 116 if (strlen(*buf) + strlen(s) >= (unsigned int) *size) {
117 {
118 *size += step; 117 *size += step;
119 *buf = realloc(*buf, *size); 118 *buf = realloc(*buf, *size);
120 } 119 }
121
122 if (*buf == NULL) 120 if (*buf == NULL)
123 return 0; 121 return 0;
124 122
@@ -127,72 +125,70 @@ static int append_buf(char **buf, const char *s, int *size, int step)
127 BUF_strlcat(*buf, s, *size); 125 BUF_strlcat(*buf, s, *size);
128 126
129 return 1; 127 return 1;
130 } 128}
131 129
132static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) 130static int
133 { 131util_flags(BIO * bio_out, unsigned int flags, const char *indent)
132{
134 int started = 0, err = 0; 133 int started = 0, err = 0;
135 /* Indent before displaying input flags */ 134 /* Indent before displaying input flags */
136 BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); 135 BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
137 if(flags == 0) 136 if (flags == 0) {
138 {
139 BIO_printf(bio_out, "<no flags>\n"); 137 BIO_printf(bio_out, "<no flags>\n");
140 return 1; 138 return 1;
141 } 139 }
142 /* If the object is internal, mark it in a way that shows instead of 140 /*
143 * having it part of all the other flags, even if it really is. */ 141 * If the object is internal, mark it in a way that shows instead of
144 if(flags & ENGINE_CMD_FLAG_INTERNAL) 142 * having it part of all the other flags, even if it really is.
145 { 143 */
144 if (flags & ENGINE_CMD_FLAG_INTERNAL) {
146 BIO_printf(bio_out, "[Internal] "); 145 BIO_printf(bio_out, "[Internal] ");
147 } 146 }
148 147 if (flags & ENGINE_CMD_FLAG_NUMERIC) {
149 if(flags & ENGINE_CMD_FLAG_NUMERIC)
150 {
151 BIO_printf(bio_out, "NUMERIC"); 148 BIO_printf(bio_out, "NUMERIC");
152 started = 1; 149 started = 1;
153 } 150 }
154 /* Now we check that no combinations of the mutually exclusive NUMERIC, 151 /*
155 * STRING, and NO_INPUT flags have been used. Future flags that can be 152 * Now we check that no combinations of the mutually exclusive
156 * OR'd together with these would need to added after these to preserve 153 * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags
157 * the testing logic. */ 154 * that can be OR'd together with these would need to added after
158 if(flags & ENGINE_CMD_FLAG_STRING) 155 * these to preserve the testing logic.
159 { 156 */
160 if(started) 157 if (flags & ENGINE_CMD_FLAG_STRING) {
161 { 158 if (started) {
162 BIO_printf(bio_out, "|"); 159 BIO_printf(bio_out, "|");
163 err = 1; 160 err = 1;
164 } 161 }
165 BIO_printf(bio_out, "STRING"); 162 BIO_printf(bio_out, "STRING");
166 started = 1; 163 started = 1;
167 } 164 }
168 if(flags & ENGINE_CMD_FLAG_NO_INPUT) 165 if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
169 { 166 if (started) {
170 if(started)
171 {
172 BIO_printf(bio_out, "|"); 167 BIO_printf(bio_out, "|");
173 err = 1; 168 err = 1;
174 } 169 }
175 BIO_printf(bio_out, "NO_INPUT"); 170 BIO_printf(bio_out, "NO_INPUT");
176 started = 1; 171 started = 1;
177 } 172 }
178 /* Check for unknown flags */ 173 /* Check for unknown flags */
179 flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & 174 flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
180 ~ENGINE_CMD_FLAG_STRING & 175 ~ENGINE_CMD_FLAG_STRING &
181 ~ENGINE_CMD_FLAG_NO_INPUT & 176 ~ENGINE_CMD_FLAG_NO_INPUT &
182 ~ENGINE_CMD_FLAG_INTERNAL; 177 ~ENGINE_CMD_FLAG_INTERNAL;
183 if(flags) 178 if (flags) {
184 { 179 if (started)
185 if(started) BIO_printf(bio_out, "|"); 180 BIO_printf(bio_out, "|");
186 BIO_printf(bio_out, "<0x%04X>", flags); 181 BIO_printf(bio_out, "<0x%04X>", flags);
187 } 182 }
188 if(err) 183 if (err)
189 BIO_printf(bio_out, " <illegal flags!>"); 184 BIO_printf(bio_out, " <illegal flags!>");
190 BIO_printf(bio_out, "\n"); 185 BIO_printf(bio_out, "\n");
191 return 1; 186 return 1;
192 } 187}
193 188
194static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) 189static int
195 { 190util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent)
191{
196 static const int line_wrap = 78; 192 static const int line_wrap = 78;
197 int num; 193 int num;
198 int ret = 0; 194 int ret = 0;
@@ -200,344 +196,321 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
200 char *desc = NULL; 196 char *desc = NULL;
201 int flags; 197 int flags;
202 int xpos = 0; 198 int xpos = 0;
203 STACK_OF(OPENSSL_STRING) *cmds = NULL; 199 STACK_OF(OPENSSL_STRING) * cmds = NULL;
204 if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || 200 if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
205 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 201 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
206 0, NULL, NULL)) <= 0)) 202 0, NULL, NULL)) <= 0)) {
207 {
208#if 0 203#if 0
209 BIO_printf(bio_out, "%s<no control commands>\n", indent); 204 BIO_printf(bio_out, "%s<no control commands>\n", indent);
210#endif 205#endif
211 return 1; 206 return 1;
212 } 207 }
213
214 cmds = sk_OPENSSL_STRING_new_null(); 208 cmds = sk_OPENSSL_STRING_new_null();
215 209
216 if(!cmds) 210 if (!cmds)
217 goto err; 211 goto err;
218 do { 212 do {
219 int len; 213 int len;
220 /* Get the command input flags */ 214 /* Get the command input flags */
221 if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, 215 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
222 NULL, NULL)) < 0) 216 NULL, NULL)) < 0)
223 goto err; 217 goto err;
224 if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) 218 if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
225 { 219 /* Get the command name */
226 /* Get the command name */ 220 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
227 if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, 221 NULL, NULL)) <= 0)
228 NULL, NULL)) <= 0) 222 goto err;
229 goto err; 223 if ((name = malloc(len + 1)) == NULL)
230 if((name = malloc(len + 1)) == NULL) 224 goto err;
231 goto err; 225 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
232 if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, 226 NULL) <= 0)
233 NULL) <= 0) 227 goto err;
234 goto err; 228 /* Get the command description */
235 /* Get the command description */ 229 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
236 if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, 230 NULL, NULL)) < 0)
237 NULL, NULL)) < 0) 231 goto err;
238 goto err; 232 if (len > 0) {
239 if(len > 0) 233 if ((desc = malloc(len + 1)) == NULL)
240 { 234 goto err;
241 if((desc = malloc(len + 1)) == NULL) 235 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
242 goto err; 236 NULL) <= 0)
243 if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, 237 goto err;
244 NULL) <= 0) 238 }
245 goto err; 239 /* Now decide on the output */
246 } 240 if (xpos == 0)
247 /* Now decide on the output */ 241 /* Do an indent */
248 if(xpos == 0) 242 xpos = BIO_puts(bio_out, indent);
249 /* Do an indent */ 243 else
250 xpos = BIO_puts(bio_out, indent); 244 /* Otherwise prepend a ", " */
251 else 245 xpos += BIO_printf(bio_out, ", ");
252 /* Otherwise prepend a ", " */ 246 if (verbose == 1) {
253 xpos += BIO_printf(bio_out, ", "); 247 /* We're just listing names, comma-delimited */
254 if(verbose == 1) 248 if ((xpos > (int) strlen(indent)) &&
255 { 249 (xpos + (int) strlen(name) > line_wrap)) {
256 /* We're just listing names, comma-delimited */ 250 BIO_printf(bio_out, "\n");
257 if((xpos > (int)strlen(indent)) && 251 xpos = BIO_puts(bio_out, indent);
258 (xpos + (int)strlen(name) > line_wrap)) 252 }
259 { 253 xpos += BIO_printf(bio_out, "%s", name);
260 BIO_printf(bio_out, "\n"); 254 } else {
261 xpos = BIO_puts(bio_out, indent); 255 /* We're listing names plus descriptions */
262 } 256 BIO_printf(bio_out, "%s: %s\n", name,
263 xpos += BIO_printf(bio_out, "%s", name); 257 (desc == NULL) ? "<no description>" : desc);
264 } 258 /* ... and sometimes input flags */
265 else 259 if ((verbose >= 3) && !util_flags(bio_out, flags,
266 { 260 indent))
267 /* We're listing names plus descriptions */ 261 goto err;
268 BIO_printf(bio_out, "%s: %s\n", name, 262 xpos = 0;
269 (desc == NULL) ? "<no description>" : desc); 263 }
270 /* ... and sometimes input flags */ 264 }
271 if((verbose >= 3) && !util_flags(bio_out, flags, 265 free(name);
272 indent)) 266 name = NULL;
273 goto err; 267 if (desc) {
274 xpos = 0; 268 free(desc);
275 } 269 desc = NULL;
276 } 270 }
277 free(name); name = NULL;
278 if(desc) { free(desc); desc = NULL; }
279 /* Move to the next command */ 271 /* Move to the next command */
280 num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, 272 num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
281 num, NULL, NULL); 273 num, NULL, NULL);
282 } while(num > 0); 274 } while (num > 0);
283 if(xpos > 0) 275 if (xpos > 0)
284 BIO_printf(bio_out, "\n"); 276 BIO_printf(bio_out, "\n");
285 ret = 1; 277 ret = 1;
286err: 278err:
287 if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); 279 if (cmds)
288 if(name) free(name); 280 sk_OPENSSL_STRING_pop_free(cmds, identity);
289 if(desc) free(desc); 281 if (name)
282 free(name);
283 if (desc)
284 free(desc);
290 return ret; 285 return ret;
291 } 286}
292 287
293static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, 288static void
294 BIO *bio_out, const char *indent) 289util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds,
295 { 290 BIO * bio_out, const char *indent)
291{
296 int loop, res, num = sk_OPENSSL_STRING_num(cmds); 292 int loop, res, num = sk_OPENSSL_STRING_num(cmds);
297 293
298 if(num < 0) 294 if (num < 0) {
299 {
300 BIO_printf(bio_out, "[Error]: internal stack error\n"); 295 BIO_printf(bio_out, "[Error]: internal stack error\n");
301 return; 296 return;
302 } 297 }
303 for(loop = 0; loop < num; loop++) 298 for (loop = 0; loop < num; loop++) {
304 {
305 char buf[256]; 299 char buf[256];
306 const char *cmd, *arg; 300 const char *cmd, *arg;
307 cmd = sk_OPENSSL_STRING_value(cmds, loop); 301 cmd = sk_OPENSSL_STRING_value(cmds, loop);
308 res = 1; /* assume success */ 302 res = 1; /* assume success */
309 /* Check if this command has no ":arg" */ 303 /* Check if this command has no ":arg" */
310 if((arg = strstr(cmd, ":")) == NULL) 304 if ((arg = strstr(cmd, ":")) == NULL) {
311 { 305 if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
312 if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
313 res = 0; 306 res = 0;
314 } 307 } else {
315 else 308 if ((int) (arg - cmd) > 254) {
316 { 309 BIO_printf(bio_out, "[Error]: command name too long\n");
317 if((int)(arg - cmd) > 254)
318 {
319 BIO_printf(bio_out,"[Error]: command name too long\n");
320 return; 310 return;
321 } 311 }
322 memcpy(buf, cmd, (int)(arg - cmd)); 312 memcpy(buf, cmd, (int) (arg - cmd));
323 buf[arg-cmd] = '\0'; 313 buf[arg - cmd] = '\0';
324 arg++; /* Move past the ":" */ 314 arg++; /* Move past the ":" */
325 /* Call the command with the argument */ 315 /* Call the command with the argument */
326 if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) 316 if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
327 res = 0; 317 res = 0;
328 } 318 }
329 if(res) 319 if (res)
330 BIO_printf(bio_out, "[Success]: %s\n", cmd); 320 BIO_printf(bio_out, "[Success]: %s\n", cmd);
331 else 321 else {
332 {
333 BIO_printf(bio_out, "[Failure]: %s\n", cmd); 322 BIO_printf(bio_out, "[Failure]: %s\n", cmd);
334 ERR_print_errors(bio_out); 323 ERR_print_errors(bio_out);
335 }
336 } 324 }
337 } 325 }
326}
338 327
339int MAIN(int, char **); 328int MAIN(int, char **);
340 329
341int MAIN(int argc, char **argv) 330int
342 { 331MAIN(int argc, char **argv)
343 int ret=1,i; 332{
333 int ret = 1, i;
344 const char **pp; 334 const char **pp;
345 int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; 335 int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
346 ENGINE *e; 336 ENGINE *e;
347 STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); 337 STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null();
348 STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); 338 STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null();
349 STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); 339 STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null();
350 int badops=1; 340 int badops = 1;
351 BIO *bio_out=NULL; 341 BIO *bio_out = NULL;
352 const char *indent = " "; 342 const char *indent = " ";
353 343
354 apps_startup(); 344 apps_startup();
355 SSL_load_error_strings(); 345 SSL_load_error_strings();
356 346
357 if (bio_err == NULL) 347 if (bio_err == NULL)
358 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 348 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
359 349
360 if (!load_config(bio_err, NULL)) 350 if (!load_config(bio_err, NULL))
361 goto end; 351 goto end;
362 bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); 352 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
363 353
364 argc--; 354 argc--;
365 argv++; 355 argv++;
366 while (argc >= 1) 356 while (argc >= 1) {
367 { 357 if (strncmp(*argv, "-v", 2) == 0) {
368 if (strncmp(*argv,"-v",2) == 0) 358 if (strspn(*argv + 1, "v") < strlen(*argv + 1))
369 {
370 if(strspn(*argv + 1, "v") < strlen(*argv + 1))
371 goto skip_arg_loop; 359 goto skip_arg_loop;
372 if((verbose=strlen(*argv + 1)) > 4) 360 if ((verbose = strlen(*argv + 1)) > 4)
373 goto skip_arg_loop; 361 goto skip_arg_loop;
374 } 362 } else if (strcmp(*argv, "-c") == 0)
375 else if (strcmp(*argv,"-c") == 0) 363 list_cap = 1;
376 list_cap=1; 364 else if (strncmp(*argv, "-t", 2) == 0) {
377 else if (strncmp(*argv,"-t",2) == 0) 365 test_avail = 1;
378 { 366 if (strspn(*argv + 1, "t") < strlen(*argv + 1))
379 test_avail=1;
380 if(strspn(*argv + 1, "t") < strlen(*argv + 1))
381 goto skip_arg_loop; 367 goto skip_arg_loop;
382 if((test_avail_noise = strlen(*argv + 1) - 1) > 1) 368 if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
383 goto skip_arg_loop; 369 goto skip_arg_loop;
384 } 370 } else if (strcmp(*argv, "-pre") == 0) {
385 else if (strcmp(*argv,"-pre") == 0) 371 argc--;
386 { 372 argv++;
387 argc--; argv++;
388 if (argc == 0) 373 if (argc == 0)
389 goto skip_arg_loop; 374 goto skip_arg_loop;
390 sk_OPENSSL_STRING_push(pre_cmds,*argv); 375 sk_OPENSSL_STRING_push(pre_cmds, *argv);
391 } 376 } else if (strcmp(*argv, "-post") == 0) {
392 else if (strcmp(*argv,"-post") == 0) 377 argc--;
393 { 378 argv++;
394 argc--; argv++;
395 if (argc == 0) 379 if (argc == 0)
396 goto skip_arg_loop; 380 goto skip_arg_loop;
397 sk_OPENSSL_STRING_push(post_cmds,*argv); 381 sk_OPENSSL_STRING_push(post_cmds, *argv);
398 } 382 } else if ((strncmp(*argv, "-h", 2) == 0) ||
399 else if ((strncmp(*argv,"-h",2) == 0) || 383 (strcmp(*argv, "-?") == 0))
400 (strcmp(*argv,"-?") == 0))
401 goto skip_arg_loop; 384 goto skip_arg_loop;
402 else 385 else
403 sk_OPENSSL_STRING_push(engines,*argv); 386 sk_OPENSSL_STRING_push(engines, *argv);
404 argc--; 387 argc--;
405 argv++; 388 argv++;
406 } 389 }
407 /* Looks like everything went OK */ 390 /* Looks like everything went OK */
408 badops = 0; 391 badops = 0;
409skip_arg_loop: 392skip_arg_loop:
410 393
411 if (badops) 394 if (badops) {
412 { 395 for (pp = engine_usage; (*pp != NULL); pp++)
413 for (pp=engine_usage; (*pp != NULL); pp++) 396 BIO_printf(bio_err, "%s", *pp);
414 BIO_printf(bio_err,"%s",*pp);
415 goto end; 397 goto end;
398 }
399 if (sk_OPENSSL_STRING_num(engines) == 0) {
400 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
401 sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e));
416 } 402 }
417 403 }
418 if (sk_OPENSSL_STRING_num(engines) == 0) 404 for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
419 { 405 const char *id = sk_OPENSSL_STRING_value(engines, i);
420 for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) 406 if ((e = ENGINE_by_id(id)) != NULL) {
421 {
422 sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
423 }
424 }
425
426 for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
427 {
428 const char *id = sk_OPENSSL_STRING_value(engines,i);
429 if ((e = ENGINE_by_id(id)) != NULL)
430 {
431 const char *name = ENGINE_get_name(e); 407 const char *name = ENGINE_get_name(e);
432 /* Do "id" first, then "name". Easier to auto-parse. */ 408 /* Do "id" first, then "name". Easier to auto-parse. */
433 BIO_printf(bio_out, "(%s) %s\n", id, name); 409 BIO_printf(bio_out, "(%s) %s\n", id, name);
434 util_do_cmds(e, pre_cmds, bio_out, indent); 410 util_do_cmds(e, pre_cmds, bio_out, indent);
435 if (strcmp(ENGINE_get_id(e), id) != 0) 411 if (strcmp(ENGINE_get_id(e), id) != 0) {
436 {
437 BIO_printf(bio_out, "Loaded: (%s) %s\n", 412 BIO_printf(bio_out, "Loaded: (%s) %s\n",
438 ENGINE_get_id(e), ENGINE_get_name(e)); 413 ENGINE_get_id(e), ENGINE_get_name(e));
439 } 414 }
440 if (list_cap) 415 if (list_cap) {
441 {
442 int cap_size = 256; 416 int cap_size = 256;
443 char *cap_buf = NULL; 417 char *cap_buf = NULL;
444 int k,n; 418 int k, n;
445 const int *nids; 419 const int *nids;
446 ENGINE_CIPHERS_PTR fn_c; 420 ENGINE_CIPHERS_PTR fn_c;
447 ENGINE_DIGESTS_PTR fn_d; 421 ENGINE_DIGESTS_PTR fn_d;
448 ENGINE_PKEY_METHS_PTR fn_pk; 422 ENGINE_PKEY_METHS_PTR fn_pk;
449 423
450 if (ENGINE_get_RSA(e) != NULL 424 if (ENGINE_get_RSA(e) != NULL
451 && !append_buf(&cap_buf, "RSA", 425 && !append_buf(&cap_buf, "RSA",
452 &cap_size, 256)) 426 &cap_size, 256))
453 goto end; 427 goto end;
454 if (ENGINE_get_DSA(e) != NULL 428 if (ENGINE_get_DSA(e) != NULL
455 && !append_buf(&cap_buf, "DSA", 429 && !append_buf(&cap_buf, "DSA",
456 &cap_size, 256)) 430 &cap_size, 256))
457 goto end; 431 goto end;
458 if (ENGINE_get_DH(e) != NULL 432 if (ENGINE_get_DH(e) != NULL
459 && !append_buf(&cap_buf, "DH", 433 && !append_buf(&cap_buf, "DH",
460 &cap_size, 256)) 434 &cap_size, 256))
461 goto end; 435 goto end;
462 if (ENGINE_get_RAND(e) != NULL 436 if (ENGINE_get_RAND(e) != NULL
463 && !append_buf(&cap_buf, "RAND", 437 && !append_buf(&cap_buf, "RAND",
464 &cap_size, 256)) 438 &cap_size, 256))
465 goto end; 439 goto end;
466 440
467 fn_c = ENGINE_get_ciphers(e); 441 fn_c = ENGINE_get_ciphers(e);
468 if(!fn_c) goto skip_ciphers; 442 if (!fn_c)
443 goto skip_ciphers;
469 n = fn_c(e, NULL, &nids, 0); 444 n = fn_c(e, NULL, &nids, 0);
470 for(k=0 ; k < n ; ++k) 445 for (k = 0; k < n; ++k)
471 if(!append_buf(&cap_buf, 446 if (!append_buf(&cap_buf,
472 OBJ_nid2sn(nids[k]), 447 OBJ_nid2sn(nids[k]),
473 &cap_size, 256)) 448 &cap_size, 256))
474 goto end; 449 goto end;
475 450
476skip_ciphers: 451 skip_ciphers:
477 fn_d = ENGINE_get_digests(e); 452 fn_d = ENGINE_get_digests(e);
478 if(!fn_d) goto skip_digests; 453 if (!fn_d)
454 goto skip_digests;
479 n = fn_d(e, NULL, &nids, 0); 455 n = fn_d(e, NULL, &nids, 0);
480 for(k=0 ; k < n ; ++k) 456 for (k = 0; k < n; ++k)
481 if(!append_buf(&cap_buf, 457 if (!append_buf(&cap_buf,
482 OBJ_nid2sn(nids[k]), 458 OBJ_nid2sn(nids[k]),
483 &cap_size, 256)) 459 &cap_size, 256))
484 goto end; 460 goto end;
485 461
486skip_digests: 462 skip_digests:
487 fn_pk = ENGINE_get_pkey_meths(e); 463 fn_pk = ENGINE_get_pkey_meths(e);
488 if(!fn_pk) goto skip_pmeths; 464 if (!fn_pk)
465 goto skip_pmeths;
489 n = fn_pk(e, NULL, &nids, 0); 466 n = fn_pk(e, NULL, &nids, 0);
490 for(k=0 ; k < n ; ++k) 467 for (k = 0; k < n; ++k)
491 if(!append_buf(&cap_buf, 468 if (!append_buf(&cap_buf,
492 OBJ_nid2sn(nids[k]), 469 OBJ_nid2sn(nids[k]),
493 &cap_size, 256)) 470 &cap_size, 256))
494 goto end; 471 goto end;
495skip_pmeths: 472 skip_pmeths:
496 if (cap_buf && (*cap_buf != '\0')) 473 if (cap_buf && (*cap_buf != '\0'))
497 BIO_printf(bio_out, " [%s]\n", cap_buf); 474 BIO_printf(bio_out, " [%s]\n", cap_buf);
498 475
499 free(cap_buf); 476 free(cap_buf);
500 } 477 }
501 if(test_avail) 478 if (test_avail) {
502 {
503 BIO_printf(bio_out, "%s", indent); 479 BIO_printf(bio_out, "%s", indent);
504 if (ENGINE_init(e)) 480 if (ENGINE_init(e)) {
505 {
506 BIO_printf(bio_out, "[ available ]\n"); 481 BIO_printf(bio_out, "[ available ]\n");
507 util_do_cmds(e, post_cmds, bio_out, indent); 482 util_do_cmds(e, post_cmds, bio_out, indent);
508 ENGINE_finish(e); 483 ENGINE_finish(e);
509 } 484 } else {
510 else
511 {
512 BIO_printf(bio_out, "[ unavailable ]\n"); 485 BIO_printf(bio_out, "[ unavailable ]\n");
513 if(test_avail_noise) 486 if (test_avail_noise)
514 ERR_print_errors_fp(stdout); 487 ERR_print_errors_fp(stdout);
515 ERR_clear_error(); 488 ERR_clear_error();
516 }
517 } 489 }
518 if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) 490 }
491 if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
519 goto end; 492 goto end;
520 ENGINE_free(e); 493 ENGINE_free(e);
521 } 494 } else
522 else
523 ERR_print_errors(bio_err); 495 ERR_print_errors(bio_err);
524 } 496 }
525 497
526 ret=0; 498 ret = 0;
527end: 499end:
528 500
529 ERR_print_errors(bio_err); 501 ERR_print_errors(bio_err);
530 sk_OPENSSL_STRING_pop_free(engines, identity); 502 sk_OPENSSL_STRING_pop_free(engines, identity);
531 sk_OPENSSL_STRING_pop_free(pre_cmds, identity); 503 sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
532 sk_OPENSSL_STRING_pop_free(post_cmds, identity); 504 sk_OPENSSL_STRING_pop_free(post_cmds, identity);
533 if (bio_out != NULL) BIO_free_all(bio_out); 505 if (bio_out != NULL)
506 BIO_free_all(bio_out);
534 apps_shutdown(); 507 apps_shutdown();
535 return(ret); 508 return (ret);
536 } 509}
537#else 510#else
538 511
539# if PEDANTIC 512#if PEDANTIC
540static void *dummy=&dummy; 513static void *dummy = &dummy;
541# endif 514#endif
542 515
543#endif 516#endif
diff --git a/src/lib/libssl/src/apps/errstr.c b/src/lib/libssl/src/apps/errstr.c
index 2a26c4ed15..77d2ea6a7c 100644
--- a/src/lib/libssl/src/apps/errstr.c
+++ b/src/lib/libssl/src/apps/errstr.c
@@ -81,7 +81,7 @@ MAIN(int argc, char **argv)
81 81
82 if (bio_err == NULL) 82 if (bio_err == NULL)
83 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 83 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
84 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 84 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
85 85
86 SSL_load_error_strings(); 86 SSL_load_error_strings();
87 87
@@ -102,9 +102,8 @@ MAIN(int argc, char **argv)
102 argc--; 102 argc--;
103 argv++; 103 argv++;
104 } 104 }
105
106 for (i = 1; i < argc; i++) { 105 for (i = 1; i < argc; i++) {
107 if (sscanf(argv[i], "%lx",&l)) { 106 if (sscanf(argv[i], "%lx", &l)) {
108 ERR_error_string_n(l, buf, sizeof buf); 107 ERR_error_string_n(l, buf, sizeof buf);
109 printf("%s\n", buf); 108 printf("%s\n", buf);
110 } else { 109 } else {
@@ -114,5 +113,5 @@ MAIN(int argc, char **argv)
114 } 113 }
115 } 114 }
116 apps_shutdown(); 115 apps_shutdown();
117 return(ret); 116 return (ret);
118} 117}
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c
index 531e37a25b..644ef87bd2 100644
--- a/src/lib/libssl/src/apps/gendh.c
+++ b/src/lib/libssl/src/apps/gendh.c
@@ -82,7 +82,7 @@
82#undef PROG 82#undef PROG
83#define PROG gendh_main 83#define PROG gendh_main
84 84
85static int dh_cb(int p, int n, BN_GENCB *cb); 85static int dh_cb(int p, int n, BN_GENCB * cb);
86 86
87int MAIN(int, char **); 87int MAIN(int, char **);
88 88
@@ -105,7 +105,7 @@ MAIN(int argc, char **argv)
105 BN_GENCB_set(&cb, dh_cb, bio_err); 105 BN_GENCB_set(&cb, dh_cb, bio_err);
106 if (bio_err == NULL) 106 if (bio_err == NULL)
107 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 107 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
108 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 108 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
109 109
110 if (!load_config(bio_err, NULL)) 110 if (!load_config(bio_err, NULL))
111 goto end; 111 goto end;
@@ -118,35 +118,39 @@ MAIN(int argc, char **argv)
118 if (strcmp(*argv, "-out") == 0) { 118 if (strcmp(*argv, "-out") == 0) {
119 if (--argc < 1) 119 if (--argc < 1)
120 goto bad; 120 goto bad;
121 outfile= *(++argv); 121 outfile = *(++argv);
122 } else if (strcmp(*argv, "-2") == 0) 122 } else if (strcmp(*argv, "-2") == 0)
123 g = 2; 123 g = 2;
124 /* else if (strcmp(*argv,"-3") == 0) 124 /*
125 g=3; */ 125 * else if (strcmp(*argv,"-3") == 0) g=3;
126 */
126 else if (strcmp(*argv, "-5") == 0) 127 else if (strcmp(*argv, "-5") == 0)
127 g = 5; 128 g = 5;
128#ifndef OPENSSL_NO_ENGINE 129#ifndef OPENSSL_NO_ENGINE
129 else if (strcmp(*argv, "-engine") == 0) { 130 else if (strcmp(*argv, "-engine") == 0) {
130 if (--argc < 1) 131 if (--argc < 1)
131 goto bad; 132 goto bad;
132 engine= *(++argv); 133 engine = *(++argv);
133 } 134 }
134#endif 135#endif
135 else if (strcmp(*argv, "-rand") == 0) { 136 else if (strcmp(*argv, "-rand") == 0) {
136 if (--argc < 1) 137 if (--argc < 1)
137 goto bad; 138 goto bad;
138 inrand= *(++argv); 139 inrand = *(++argv);
139 } else 140 } else
140 break; 141 break;
141 argv++; 142 argv++;
142 argc--; 143 argc--;
143 } 144 }
144 if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) { 145 if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
145bad: 146bad:
146 BIO_printf(bio_err, "usage: gendh [args] [numbits]\n"); 147 BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
147 BIO_printf(bio_err, " -out file - output the key to 'file\n"); 148 BIO_printf(bio_err, " -out file - output the key to 'file\n");
148 BIO_printf(bio_err, " -2 - use 2 as the generator value\n"); 149 BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
149 /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ 150 /*
151 * BIO_printf(bio_err," -3 - use 3 as the generator
152 * value\n");
153 */
150 BIO_printf(bio_err, " -5 - use 5 as the generator value\n"); 154 BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
151#ifndef OPENSSL_NO_ENGINE 155#ifndef OPENSSL_NO_ENGINE
152 BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n"); 156 BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n");
@@ -156,7 +160,6 @@ bad:
156 BIO_printf(bio_err, " the random number generator\n"); 160 BIO_printf(bio_err, " the random number generator\n");
157 goto end; 161 goto end;
158 } 162 }
159
160#ifndef OPENSSL_NO_ENGINE 163#ifndef OPENSSL_NO_ENGINE
161 setup_engine(bio_err, engine, 0); 164 setup_engine(bio_err, engine, 0);
162#endif 165#endif
@@ -166,7 +169,6 @@ bad:
166 ERR_print_errors(bio_err); 169 ERR_print_errors(bio_err);
167 goto end; 170 goto end;
168 } 171 }
169
170 if (outfile == NULL) { 172 if (outfile == NULL) {
171 BIO_set_fp(out, stdout, BIO_NOCLOSE); 173 BIO_set_fp(out, stdout, BIO_NOCLOSE);
172 } else { 174 } else {
@@ -183,7 +185,7 @@ bad:
183 BIO_printf(bio_err, "%ld semi-random bytes loaded\n", 185 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
184 app_RAND_load_files(inrand)); 186 app_RAND_load_files(inrand));
185 187
186 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); 188 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g);
187 BIO_printf(bio_err, "This is going to take a long time\n"); 189 BIO_printf(bio_err, "This is going to take a long time\n");
188 190
189 if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) 191 if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
@@ -202,11 +204,11 @@ end:
202 if (dh != NULL) 204 if (dh != NULL)
203 DH_free(dh); 205 DH_free(dh);
204 apps_shutdown(); 206 apps_shutdown();
205 return(ret); 207 return (ret);
206} 208}
207 209
208static int 210static int
209dh_cb(int p, int n, BN_GENCB *cb) 211dh_cb(int p, int n, BN_GENCB * cb)
210{ 212{
211 char c = '*'; 213 char c = '*';
212 214
@@ -219,16 +221,16 @@ dh_cb(int p, int n, BN_GENCB *cb)
219 if (p == 3) 221 if (p == 3)
220 c = '\n'; 222 c = '\n';
221 BIO_write(cb->arg, &c, 1); 223 BIO_write(cb->arg, &c, 1);
222 (void)BIO_flush(cb->arg); 224 (void) BIO_flush(cb->arg);
223#ifdef LINT 225#ifdef LINT
224 p = n; 226 p = n;
225#endif 227#endif
226 return 1; 228 return 1;
227} 229}
228#else /* !OPENSSL_NO_DH */ 230#else /* !OPENSSL_NO_DH */
229 231
230# if PEDANTIC 232#if PEDANTIC
231static void *dummy = &dummy; 233static void *dummy = &dummy;
232# endif 234#endif
233 235
234#endif 236#endif
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c
index c4e5415cdc..2042f69f68 100644
--- a/src/lib/libssl/src/apps/gendsa.c
+++ b/src/lib/libssl/src/apps/gendsa.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ 59#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
60#ifndef OPENSSL_NO_DSA 60#ifndef OPENSSL_NO_DSA
61#include <stdio.h> 61#include <stdio.h>
62#include <string.h> 62#include <string.h>
@@ -94,7 +94,7 @@ MAIN(int argc, char **argv)
94 94
95 if (bio_err == NULL) 95 if (bio_err == NULL)
96 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 96 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
97 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 97 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
98 98
99 if (!load_config(bio_err, NULL)) 99 if (!load_config(bio_err, NULL))
100 goto end; 100 goto end;
@@ -107,23 +107,23 @@ MAIN(int argc, char **argv)
107 if (strcmp(*argv, "-out") == 0) { 107 if (strcmp(*argv, "-out") == 0) {
108 if (--argc < 1) 108 if (--argc < 1)
109 goto bad; 109 goto bad;
110 outfile= *(++argv); 110 outfile = *(++argv);
111 } else if (strcmp(*argv, "-passout") == 0) { 111 } else if (strcmp(*argv, "-passout") == 0) {
112 if (--argc < 1) 112 if (--argc < 1)
113 goto bad; 113 goto bad;
114 passargout= *(++argv); 114 passargout = *(++argv);
115 } 115 }
116#ifndef OPENSSL_NO_ENGINE 116#ifndef OPENSSL_NO_ENGINE
117 else if (strcmp(*argv, "-engine") == 0) { 117 else if (strcmp(*argv, "-engine") == 0) {
118 if (--argc < 1) 118 if (--argc < 1)
119 goto bad; 119 goto bad;
120 engine= *(++argv); 120 engine = *(++argv);
121 } 121 }
122#endif 122#endif
123 else if (strcmp(*argv, "-rand") == 0) { 123 else if (strcmp(*argv, "-rand") == 0) {
124 if (--argc < 1) 124 if (--argc < 1)
125 goto bad; 125 goto bad;
126 inrand= *(++argv); 126 inrand = *(++argv);
127 } else if (strcmp(*argv, "-") == 0) 127 } else if (strcmp(*argv, "-") == 0)
128 goto bad; 128 goto bad;
129#ifndef OPENSSL_NO_DES 129#ifndef OPENSSL_NO_DES
@@ -197,7 +197,6 @@ bad:
197 BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n"); 197 BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n");
198 goto end; 198 goto end;
199 } 199 }
200
201#ifndef OPENSSL_NO_ENGINE 200#ifndef OPENSSL_NO_ENGINE
202 setup_engine(bio_err, engine, 0); 201 setup_engine(bio_err, engine, 0);
203#endif 202#endif
@@ -206,14 +205,11 @@ bad:
206 BIO_printf(bio_err, "Error getting password\n"); 205 BIO_printf(bio_err, "Error getting password\n");
207 goto end; 206 goto end;
208 } 207 }
209
210
211 in = BIO_new(BIO_s_file()); 208 in = BIO_new(BIO_s_file());
212 if (!(BIO_read_filename(in, dsaparams))) { 209 if (!(BIO_read_filename(in, dsaparams))) {
213 perror(dsaparams); 210 perror(dsaparams);
214 goto end; 211 goto end;
215 } 212 }
216
217 if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) { 213 if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
218 BIO_printf(bio_err, "unable to load DSA parameter file\n"); 214 BIO_printf(bio_err, "unable to load DSA parameter file\n");
219 goto end; 215 goto end;
@@ -263,12 +259,12 @@ end:
263 if (passout) 259 if (passout)
264 free(passout); 260 free(passout);
265 apps_shutdown(); 261 apps_shutdown();
266 return(ret); 262 return (ret);
267} 263}
268#else /* !OPENSSL_NO_DSA */ 264#else /* !OPENSSL_NO_DSA */
269 265
270# if PEDANTIC 266#if PEDANTIC
271static void *dummy = &dummy; 267static void *dummy = &dummy;
272# endif 268#endif
273 269
274#endif 270#endif
diff --git a/src/lib/libssl/src/apps/genpkey.c b/src/lib/libssl/src/apps/genpkey.c
index de375a571b..ec7e5b2f25 100644
--- a/src/lib/libssl/src/apps/genpkey.c
+++ b/src/lib/libssl/src/apps/genpkey.c
@@ -65,9 +65,10 @@
65#include <openssl/engine.h> 65#include <openssl/engine.h>
66#endif 66#endif
67 67
68static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, const char *file, 68static int
69 ENGINE *e); 69init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file,
70static int genpkey_cb(EVP_PKEY_CTX *ctx); 70 ENGINE * e);
71static int genpkey_cb(EVP_PKEY_CTX * ctx);
71 72
72#define PROG genpkey_main 73#define PROG genpkey_main
73 74
@@ -112,7 +113,7 @@ MAIN(int argc, char **argv)
112 } else if (!strcmp(*args, "-pass")) { 113 } else if (!strcmp(*args, "-pass")) {
113 if (!args[1]) 114 if (!args[1])
114 goto bad; 115 goto bad;
115 passarg= *(++args); 116 passarg = *(++args);
116 } 117 }
117#ifndef OPENSSL_NO_ENGINE 118#ifndef OPENSSL_NO_ENGINE
118 else if (strcmp(*args, "-engine") == 0) { 119 else if (strcmp(*args, "-engine") == 0) {
@@ -121,7 +122,7 @@ MAIN(int argc, char **argv)
121 e = setup_engine(bio_err, *(++args), 0); 122 e = setup_engine(bio_err, *(++args), 0);
122 } 123 }
123#endif 124#endif
124 else if (!strcmp (*args, "-paramfile")) { 125 else if (!strcmp(*args, "-paramfile")) {
125 if (!args[1]) 126 if (!args[1])
126 goto bad; 127 goto bad;
127 args++; 128 args++;
@@ -129,7 +130,7 @@ MAIN(int argc, char **argv)
129 goto bad; 130 goto bad;
130 if (!init_keygen_file(bio_err, &ctx, *args, e)) 131 if (!init_keygen_file(bio_err, &ctx, *args, e))
131 goto end; 132 goto end;
132 } else if (!strcmp (*args, "-out")) { 133 } else if (!strcmp(*args, "-out")) {
133 if (args[1]) { 134 if (args[1]) {
134 args++; 135 args++;
135 outfile = *args; 136 outfile = *args;
@@ -193,20 +194,18 @@ bad:
193 BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n"); 194 BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
194 goto end; 195 goto end;
195 } 196 }
196
197 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 197 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
198 BIO_puts(bio_err, "Error getting password\n"); 198 BIO_puts(bio_err, "Error getting password\n");
199 goto end; 199 goto end;
200 } 200 }
201
202 if (outfile) { 201 if (outfile) {
203 if (!(out = BIO_new_file (outfile, "wb"))) { 202 if (!(out = BIO_new_file(outfile, "wb"))) {
204 BIO_printf(bio_err, 203 BIO_printf(bio_err,
205 "Can't open output file %s\n", outfile); 204 "Can't open output file %s\n", outfile);
206 goto end; 205 goto end;
207 } 206 }
208 } else { 207 } else {
209 out = BIO_new_fp (stdout, BIO_NOCLOSE); 208 out = BIO_new_fp(stdout, BIO_NOCLOSE);
210 } 209 }
211 210
212 EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); 211 EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
@@ -242,7 +241,6 @@ bad:
242 BIO_puts(bio_err, "Error writing key\n"); 241 BIO_puts(bio_err, "Error writing key\n");
243 ERR_print_errors(bio_err); 242 ERR_print_errors(bio_err);
244 } 243 }
245
246 if (text) { 244 if (text) {
247 if (do_param) 245 if (do_param)
248 rv = EVP_PKEY_print_params(out, pkey, 0, NULL); 246 rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
@@ -254,7 +252,6 @@ bad:
254 ERR_print_errors(bio_err); 252 ERR_print_errors(bio_err);
255 } 253 }
256 } 254 }
257
258 ret = 0; 255 ret = 0;
259 256
260end: 257end:
@@ -272,8 +269,8 @@ end:
272} 269}
273 270
274static int 271static int
275init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, 272init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx,
276 const char *file, ENGINE *e) 273 const char *file, ENGINE * e)
277{ 274{
278 BIO *pbio; 275 BIO *pbio;
279 EVP_PKEY *pkey = NULL; 276 EVP_PKEY *pkey = NULL;
@@ -282,13 +279,11 @@ init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
282 BIO_puts(err, "Parameters already set!\n"); 279 BIO_puts(err, "Parameters already set!\n");
283 return 0; 280 return 0;
284 } 281 }
285
286 pbio = BIO_new_file(file, "r"); 282 pbio = BIO_new_file(file, "r");
287 if (!pbio) { 283 if (!pbio) {
288 BIO_printf(err, "Can't open parameter file %s\n", file); 284 BIO_printf(err, "Can't open parameter file %s\n", file);
289 return 0; 285 return 0;
290 } 286 }
291
292 pkey = PEM_read_bio_Parameters(pbio, NULL); 287 pkey = PEM_read_bio_Parameters(pbio, NULL);
293 BIO_free(pbio); 288 BIO_free(pbio);
294 289
@@ -296,7 +291,6 @@ init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
296 BIO_printf(bio_err, "Error reading parameter file %s\n", file); 291 BIO_printf(bio_err, "Error reading parameter file %s\n", file);
297 return 0; 292 return 0;
298 } 293 }
299
300 ctx = EVP_PKEY_CTX_new(pkey, e); 294 ctx = EVP_PKEY_CTX_new(pkey, e);
301 if (!ctx) 295 if (!ctx)
302 goto err; 296 goto err;
@@ -318,8 +312,8 @@ err:
318} 312}
319 313
320int 314int
321init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, 315init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx,
322 const char *algname, ENGINE *e, int do_param) 316 const char *algname, ENGINE * e, int do_param)
323{ 317{
324 EVP_PKEY_CTX *ctx = NULL; 318 EVP_PKEY_CTX *ctx = NULL;
325 const EVP_PKEY_ASN1_METHOD *ameth; 319 const EVP_PKEY_ASN1_METHOD *ameth;
@@ -330,7 +324,6 @@ init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
330 BIO_puts(err, "Algorithm already set!\n"); 324 BIO_puts(err, "Algorithm already set!\n");
331 return 0; 325 return 0;
332 } 326 }
333
334 ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); 327 ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
335 328
336#ifndef OPENSSL_NO_ENGINE 329#ifndef OPENSSL_NO_ENGINE
@@ -342,7 +335,6 @@ init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
342 BIO_printf(bio_err, "Algorithm %s not found\n", algname); 335 BIO_printf(bio_err, "Algorithm %s not found\n", algname);
343 return 0; 336 return 0;
344 } 337 }
345
346 ERR_clear_error(); 338 ERR_clear_error();
347 339
348 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 340 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
@@ -375,7 +367,7 @@ err:
375} 367}
376 368
377static int 369static int
378genpkey_cb(EVP_PKEY_CTX *ctx) 370genpkey_cb(EVP_PKEY_CTX * ctx)
379{ 371{
380 char c = '*'; 372 char c = '*';
381 BIO *b = EVP_PKEY_CTX_get_app_data(ctx); 373 BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
@@ -390,7 +382,7 @@ genpkey_cb(EVP_PKEY_CTX *ctx)
390 if (p == 3) 382 if (p == 3)
391 c = '\n'; 383 c = '\n';
392 BIO_write(b, &c, 1); 384 BIO_write(b, &c, 1);
393 (void)BIO_flush(b); 385 (void) BIO_flush(b);
394#ifdef LINT 386#ifdef LINT
395 p = n; 387 p = n;
396#endif 388#endif
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index e6e9877cb9..67e68fc20a 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -82,7 +82,7 @@
82#undef PROG 82#undef PROG
83#define PROG genrsa_main 83#define PROG genrsa_main
84 84
85static int genrsa_cb(int p, int n, BN_GENCB *cb); 85static int genrsa_cb(int p, int n, BN_GENCB * cb);
86 86
87int MAIN(int, char **); 87int MAIN(int, char **);
88 88
@@ -108,14 +108,15 @@ MAIN(int argc, char **argv)
108 BIGNUM *bn = BN_new(); 108 BIGNUM *bn = BN_new();
109 RSA *rsa = NULL; 109 RSA *rsa = NULL;
110 110
111 if (!bn) goto err; 111 if (!bn)
112 goto err;
112 113
113 apps_startup(); 114 apps_startup();
114 BN_GENCB_set(&cb, genrsa_cb, bio_err); 115 BN_GENCB_set(&cb, genrsa_cb, bio_err);
115 116
116 if (bio_err == NULL) 117 if (bio_err == NULL)
117 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 118 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
118 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 119 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
119 120
120 if (!load_config(bio_err, NULL)) 121 if (!load_config(bio_err, NULL))
121 goto err; 122 goto err;
@@ -123,7 +124,6 @@ MAIN(int argc, char **argv)
123 BIO_printf(bio_err, "unable to create BIO for output\n"); 124 BIO_printf(bio_err, "unable to create BIO for output\n");
124 goto err; 125 goto err;
125 } 126 }
126
127 argv++; 127 argv++;
128 argc--; 128 argc--;
129 for (;;) { 129 for (;;) {
@@ -132,22 +132,22 @@ MAIN(int argc, char **argv)
132 if (strcmp(*argv, "-out") == 0) { 132 if (strcmp(*argv, "-out") == 0) {
133 if (--argc < 1) 133 if (--argc < 1)
134 goto bad; 134 goto bad;
135 outfile= *(++argv); 135 outfile = *(++argv);
136 } else if (strcmp(*argv, "-3") == 0) 136 } else if (strcmp(*argv, "-3") == 0)
137 f4 = 3; 137 f4 = 3;
138 else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv,"-f4") == 0) 138 else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
139 f4 = RSA_F4; 139 f4 = RSA_F4;
140#ifndef OPENSSL_NO_ENGINE 140#ifndef OPENSSL_NO_ENGINE
141 else if (strcmp(*argv, "-engine") == 0) { 141 else if (strcmp(*argv, "-engine") == 0) {
142 if (--argc < 1) 142 if (--argc < 1)
143 goto bad; 143 goto bad;
144 engine= *(++argv); 144 engine = *(++argv);
145 } 145 }
146#endif 146#endif
147 else if (strcmp(*argv, "-rand") == 0) { 147 else if (strcmp(*argv, "-rand") == 0) {
148 if (--argc < 1) 148 if (--argc < 1)
149 goto bad; 149 goto bad;
150 inrand= *(++argv); 150 inrand = *(++argv);
151 } 151 }
152#ifndef OPENSSL_NO_DES 152#ifndef OPENSSL_NO_DES
153 else if (strcmp(*argv, "-des") == 0) 153 else if (strcmp(*argv, "-des") == 0)
@@ -182,13 +182,13 @@ MAIN(int argc, char **argv)
182 else if (strcmp(*argv, "-passout") == 0) { 182 else if (strcmp(*argv, "-passout") == 0) {
183 if (--argc < 1) 183 if (--argc < 1)
184 goto bad; 184 goto bad;
185 passargout= *(++argv); 185 passargout = *(++argv);
186 } else 186 } else
187 break; 187 break;
188 argv++; 188 argv++;
189 argc--; 189 argc--;
190 } 190 }
191 if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) { 191 if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
192bad: 192bad:
193 BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); 193 BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
194 BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); 194 BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n");
@@ -220,14 +220,12 @@ bad:
220 BIO_printf(bio_err, " the random number generator\n"); 220 BIO_printf(bio_err, " the random number generator\n");
221 goto err; 221 goto err;
222 } 222 }
223
224 ERR_load_crypto_strings(); 223 ERR_load_crypto_strings();
225 224
226 if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { 225 if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
227 BIO_printf(bio_err, "Error getting password\n"); 226 BIO_printf(bio_err, "Error getting password\n");
228 goto err; 227 goto err;
229 } 228 }
230
231#ifndef OPENSSL_NO_ENGINE 229#ifndef OPENSSL_NO_ENGINE
232 e = setup_engine(bio_err, engine, 0); 230 e = setup_engine(bio_err, engine, 0);
233#endif 231#endif
@@ -264,23 +262,25 @@ bad:
264 262
265 app_RAND_write_file(NULL, bio_err); 263 app_RAND_write_file(NULL, bio_err);
266 264
267 /* We need to do the following for when the base number size is < 265 /*
268 * long, esp windows 3.1 :-(. */ 266 * We need to do the following for when the base number size is <
267 * long, esp windows 3.1 :-(.
268 */
269 l = 0L; 269 l = 0L;
270 for (i = 0; i < rsa->e->top; i++) { 270 for (i = 0; i < rsa->e->top; i++) {
271#ifndef SIXTY_FOUR_BIT 271#ifndef SIXTY_FOUR_BIT
272 l<<=BN_BITS4; 272 l <<= BN_BITS4;
273 l<<=BN_BITS4; 273 l <<= BN_BITS4;
274#endif 274#endif
275 l += rsa->e->d[i]; 275 l += rsa->e->d[i];
276 } 276 }
277 BIO_printf(bio_err, "e is %ld (0x%lX)\n",l,l); 277 BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
278 { 278 {
279 PW_CB_DATA cb_data; 279 PW_CB_DATA cb_data;
280 cb_data.password = passout; 280 cb_data.password = passout;
281 cb_data.prompt_info = outfile; 281 cb_data.prompt_info = outfile;
282 if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, 282 if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
283 (pem_password_cb *)password_callback, &cb_data)) 283 (pem_password_cb *) password_callback, &cb_data))
284 goto err; 284 goto err;
285 } 285 }
286 286
@@ -292,15 +292,16 @@ err:
292 RSA_free(rsa); 292 RSA_free(rsa);
293 if (out) 293 if (out)
294 BIO_free_all(out); 294 BIO_free_all(out);
295 if (passout) free(passout); 295 if (passout)
296 if (ret != 0) 296 free(passout);
297 ERR_print_errors(bio_err); 297 if (ret != 0)
298 ERR_print_errors(bio_err);
298 apps_shutdown(); 299 apps_shutdown();
299 return(ret); 300 return (ret);
300} 301}
301 302
302static int 303static int
303genrsa_cb(int p, int n, BN_GENCB *cb) 304genrsa_cb(int p, int n, BN_GENCB * cb)
304{ 305{
305 char c = '*'; 306 char c = '*';
306 307
@@ -313,16 +314,16 @@ genrsa_cb(int p, int n, BN_GENCB *cb)
313 if (p == 3) 314 if (p == 3)
314 c = '\n'; 315 c = '\n';
315 BIO_write(cb->arg, &c, 1); 316 BIO_write(cb->arg, &c, 1);
316 (void)BIO_flush(cb->arg); 317 (void) BIO_flush(cb->arg);
317#ifdef LINT 318#ifdef LINT
318 p = n; 319 p = n;
319#endif 320#endif
320 return 1; 321 return 1;
321} 322}
322#else /* !OPENSSL_NO_RSA */ 323#else /* !OPENSSL_NO_RSA */
323 324
324# if PEDANTIC 325#if PEDANTIC
325static void *dummy = &dummy; 326static void *dummy = &dummy;
326# endif 327#endif
327 328
328#endif 329#endif
diff --git a/src/lib/libssl/src/apps/nseq.c b/src/lib/libssl/src/apps/nseq.c
index cb83570562..43f3073635 100644
--- a/src/lib/libssl/src/apps/nseq.c
+++ b/src/lib/libssl/src/apps/nseq.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,8 @@
67 67
68int MAIN(int, char **); 68int MAIN(int, char **);
69 69
70int MAIN(int argc, char **argv) 70int
71MAIN(int argc, char **argv)
71{ 72{
72 char **args, *infile = NULL, *outfile = NULL; 73 char **args, *infile = NULL, *outfile = NULL;
73 BIO *in = NULL, *out = NULL; 74 BIO *in = NULL, *out = NULL;
@@ -76,47 +77,52 @@ int MAIN(int argc, char **argv)
76 NETSCAPE_CERT_SEQUENCE *seq = NULL; 77 NETSCAPE_CERT_SEQUENCE *seq = NULL;
77 int i, ret = 1; 78 int i, ret = 1;
78 int badarg = 0; 79 int badarg = 0;
79 if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); 80 if (bio_err == NULL)
81 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
80 ERR_load_crypto_strings(); 82 ERR_load_crypto_strings();
81 args = argv + 1; 83 args = argv + 1;
82 while (!badarg && *args && *args[0] == '-') { 84 while (!badarg && *args && *args[0] == '-') {
83 if (!strcmp (*args, "-toseq")) toseq = 1; 85 if (!strcmp(*args, "-toseq"))
84 else if (!strcmp (*args, "-in")) { 86 toseq = 1;
87 else if (!strcmp(*args, "-in")) {
85 if (args[1]) { 88 if (args[1]) {
86 args++; 89 args++;
87 infile = *args; 90 infile = *args;
88 } else badarg = 1; 91 } else
89 } else if (!strcmp (*args, "-out")) { 92 badarg = 1;
93 } else if (!strcmp(*args, "-out")) {
90 if (args[1]) { 94 if (args[1]) {
91 args++; 95 args++;
92 outfile = *args; 96 outfile = *args;
93 } else badarg = 1; 97 } else
94 } else badarg = 1; 98 badarg = 1;
99 } else
100 badarg = 1;
95 args++; 101 args++;
96 } 102 }
97 103
98 if (badarg) { 104 if (badarg) {
99 BIO_printf (bio_err, "Netscape certificate sequence utility\n"); 105 BIO_printf(bio_err, "Netscape certificate sequence utility\n");
100 BIO_printf (bio_err, "Usage nseq [options]\n"); 106 BIO_printf(bio_err, "Usage nseq [options]\n");
101 BIO_printf (bio_err, "where options are\n"); 107 BIO_printf(bio_err, "where options are\n");
102 BIO_printf (bio_err, "-in file input file\n"); 108 BIO_printf(bio_err, "-in file input file\n");
103 BIO_printf (bio_err, "-out file output file\n"); 109 BIO_printf(bio_err, "-out file output file\n");
104 BIO_printf (bio_err, "-toseq output NS Sequence file\n"); 110 BIO_printf(bio_err, "-toseq output NS Sequence file\n");
105 return(1); 111 return (1);
106 } 112 }
107
108 if (infile) { 113 if (infile) {
109 if (!(in = BIO_new_file (infile, "r"))) { 114 if (!(in = BIO_new_file(infile, "r"))) {
110 BIO_printf (bio_err, 115 BIO_printf(bio_err,
111 "Can't open input file %s\n", infile); 116 "Can't open input file %s\n", infile);
112 goto end; 117 goto end;
113 } 118 }
114 } else in = BIO_new_fp(stdin, BIO_NOCLOSE); 119 } else
120 in = BIO_new_fp(stdin, BIO_NOCLOSE);
115 121
116 if (outfile) { 122 if (outfile) {
117 if (!(out = BIO_new_file (outfile, "w"))) { 123 if (!(out = BIO_new_file(outfile, "w"))) {
118 BIO_printf (bio_err, 124 BIO_printf(bio_err,
119 "Can't open output file %s\n", outfile); 125 "Can't open output file %s\n", outfile);
120 goto end; 126 goto end;
121 } 127 }
122 } else { 128 } else {
@@ -125,12 +131,11 @@ int MAIN(int argc, char **argv)
125 if (toseq) { 131 if (toseq) {
126 seq = NETSCAPE_CERT_SEQUENCE_new(); 132 seq = NETSCAPE_CERT_SEQUENCE_new();
127 seq->certs = sk_X509_new_null(); 133 seq->certs = sk_X509_new_null();
128 while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 134 while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
129 sk_X509_push(seq->certs,x509); 135 sk_X509_push(seq->certs, x509);
130 136
131 if(!sk_X509_num(seq->certs)) 137 if (!sk_X509_num(seq->certs)) {
132 { 138 BIO_printf(bio_err, "Error reading certs file %s\n", infile);
133 BIO_printf (bio_err, "Error reading certs file %s\n", infile);
134 ERR_print_errors(bio_err); 139 ERR_print_errors(bio_err);
135 goto end; 140 goto end;
136 } 141 }
@@ -138,14 +143,12 @@ int MAIN(int argc, char **argv)
138 ret = 0; 143 ret = 0;
139 goto end; 144 goto end;
140 } 145 }
141
142 if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { 146 if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
143 BIO_printf (bio_err, "Error reading sequence file %s\n", infile); 147 BIO_printf(bio_err, "Error reading sequence file %s\n", infile);
144 ERR_print_errors(bio_err); 148 ERR_print_errors(bio_err);
145 goto end; 149 goto end;
146 } 150 }
147 151 for (i = 0; i < sk_X509_num(seq->certs); i++) {
148 for(i = 0; i < sk_X509_num(seq->certs); i++) {
149 x509 = sk_X509_value(seq->certs, i); 152 x509 = sk_X509_value(seq->certs, i);
150 dump_cert_text(out, x509); 153 dump_cert_text(out, x509);
151 PEM_write_bio_X509(out, x509); 154 PEM_write_bio_X509(out, x509);
@@ -156,6 +159,5 @@ end:
156 BIO_free_all(out); 159 BIO_free_all(out);
157 NETSCAPE_CERT_SEQUENCE_free(seq); 160 NETSCAPE_CERT_SEQUENCE_free(seq);
158 161
159 return(ret); 162 return (ret);
160} 163}
161
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index e68589f4a8..330d850890 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,7 +61,8 @@
61#include <stdlib.h> 61#include <stdlib.h>
62#include <string.h> 62#include <string.h>
63#include <time.h> 63#include <time.h>
64#include "apps.h" /* needs to be included before the openssl headers! */ 64#include "apps.h" /* needs to be included before the openssl
65 * headers! */
65#include <openssl/e_os2.h> 66#include <openssl/e_os2.h>
66#include <openssl/crypto.h> 67#include <openssl/crypto.h>
67#include <openssl/err.h> 68#include <openssl/err.h>
@@ -71,52 +72,53 @@
71#include <openssl/x509v3.h> 72#include <openssl/x509v3.h>
72 73
73#if defined(NETWARE_CLIB) 74#if defined(NETWARE_CLIB)
74# ifdef NETWARE_BSDSOCK 75#ifdef NETWARE_BSDSOCK
75# include <sys/socket.h> 76#include <sys/socket.h>
76# include <sys/bsdskt.h> 77#include <sys/bsdskt.h>
77# else 78#else
78# include <novsock2.h> 79#include <novsock2.h>
79# endif 80#endif
80#elif defined(NETWARE_LIBC) 81#elif defined(NETWARE_LIBC)
81# ifdef NETWARE_BSDSOCK 82#ifdef NETWARE_BSDSOCK
82# include <sys/select.h> 83#include <sys/select.h>
83# else 84#else
84# include <novsock2.h> 85#include <novsock2.h>
85# endif
86#endif 86#endif
87 87#endif
88
88/* Maximum leeway in validity period: default 5 minutes */ 89/* Maximum leeway in validity period: default 5 minutes */
89#define MAX_VALIDITY_PERIOD (5 * 60) 90#define MAX_VALIDITY_PERIOD (5 * 60)
90 91
91static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, 92static int
92 STACK_OF(OCSP_CERTID) *ids); 93add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer,
93static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, 94 STACK_OF(OCSP_CERTID) * ids);
94 STACK_OF(OCSP_CERTID) *ids); 95 static int add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer,
95static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 96 STACK_OF(OCSP_CERTID) * ids);
96 STACK_OF(OPENSSL_STRING) *names, 97 static int print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req,
97 STACK_OF(OCSP_CERTID) *ids, long nsec, 98 STACK_OF(OPENSSL_STRING) * names,
98 long maxage); 99 STACK_OF(OCSP_CERTID) * ids, long nsec,
99 100 long maxage);
100static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 101
101 X509 *ca, X509 *rcert, EVP_PKEY *rkey, 102 static int make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db,
102 STACK_OF(X509) *rother, unsigned long flags, 103 X509 * ca, X509 * rcert, EVP_PKEY * rkey,
103 int nmin, int ndays); 104 STACK_OF(X509) * rother, unsigned long flags,
104 105 int nmin, int ndays);
105static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); 106
106static BIO *init_responder(char *port); 107 static char **lookup_serial(CA_DB * db, ASN1_INTEGER * ser);
107static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); 108 static BIO *init_responder(char *port);
108static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); 109 static int do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port);
109static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 110 static int send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp);
110 STACK_OF(CONF_VALUE) *headers, 111 static OCSP_RESPONSE *query_responder(BIO * err, BIO * cbio, char *path,
111 OCSP_REQUEST *req, int req_timeout); 112 STACK_OF(CONF_VALUE) * headers,
113 OCSP_REQUEST * req, int req_timeout);
112 114
113#undef PROG 115#undef PROG
114#define PROG ocsp_main 116#define PROG ocsp_main
115 117
116int MAIN(int, char **); 118 int MAIN(int, char **);
117 119
118int MAIN(int argc, char **argv) 120 int MAIN(int argc, char **argv)
119 { 121{
120 ENGINE *e = NULL; 122 ENGINE *e = NULL;
121 char **args; 123 char **args;
122 char *host = NULL, *port = NULL, *path = "/"; 124 char *host = NULL, *port = NULL, *path = "/";
@@ -126,7 +128,7 @@ int MAIN(int argc, char **argv)
126 char *rsignfile = NULL, *rkeyfile = NULL; 128 char *rsignfile = NULL, *rkeyfile = NULL;
127 char *outfile = NULL; 129 char *outfile = NULL;
128 int add_nonce = 1, noverify = 0, use_ssl = -1; 130 int add_nonce = 1, noverify = 0, use_ssl = -1;
129 STACK_OF(CONF_VALUE) *headers = NULL; 131 STACK_OF(CONF_VALUE) * headers = NULL;
130 OCSP_REQUEST *req = NULL; 132 OCSP_REQUEST *req = NULL;
131 OCSP_RESPONSE *resp = NULL; 133 OCSP_RESPONSE *resp = NULL;
132 OCSP_BASICRESP *bs = NULL; 134 OCSP_BASICRESP *bs = NULL;
@@ -141,7 +143,7 @@ int MAIN(int argc, char **argv)
141 long nsec = MAX_VALIDITY_PERIOD, maxage = -1; 143 long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
142 char *CAfile = NULL, *CApath = NULL; 144 char *CAfile = NULL, *CApath = NULL;
143 X509_STORE *store = NULL; 145 X509_STORE *store = NULL;
144 STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; 146 STACK_OF(X509) * sign_other = NULL, *verify_other = NULL, *rother = NULL;
145 char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; 147 char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
146 unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; 148 unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
147 int ret = 1; 149 int ret = 1;
@@ -149,8 +151,8 @@ int MAIN(int argc, char **argv)
149 int badarg = 0; 151 int badarg = 0;
150 int i; 152 int i;
151 int ignore_err = 0; 153 int ignore_err = 0;
152 STACK_OF(OPENSSL_STRING) *reqnames = NULL; 154 STACK_OF(OPENSSL_STRING) * reqnames = NULL;
153 STACK_OF(OCSP_CERTID) *ids = NULL; 155 STACK_OF(OCSP_CERTID) * ids = NULL;
154 156
155 X509 *rca_cert = NULL; 157 X509 *rca_cert = NULL;
156 char *ridx_filename = NULL; 158 char *ridx_filename = NULL;
@@ -159,7 +161,8 @@ int MAIN(int argc, char **argv)
159 int nmin = 0, ndays = -1; 161 int nmin = 0, ndays = -1;
160 const EVP_MD *cert_id_md = NULL; 162 const EVP_MD *cert_id_md = NULL;
161 163
162 if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 164 if (bio_err == NULL)
165 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
163 166
164 if (!load_config(bio_err, NULL)) 167 if (!load_config(bio_err, NULL))
165 goto end; 168 goto end;
@@ -168,75 +171,54 @@ int MAIN(int argc, char **argv)
168 args = argv + 1; 171 args = argv + 1;
169 reqnames = sk_OPENSSL_STRING_new_null(); 172 reqnames = sk_OPENSSL_STRING_new_null();
170 ids = sk_OCSP_CERTID_new_null(); 173 ids = sk_OCSP_CERTID_new_null();
171 while (!badarg && *args && *args[0] == '-') 174 while (!badarg && *args && *args[0] == '-') {
172 { 175 if (!strcmp(*args, "-out")) {
173 if (!strcmp(*args, "-out")) 176 if (args[1]) {
174 {
175 if (args[1])
176 {
177 args++; 177 args++;
178 outfile = *args; 178 outfile = *args;
179 } 179 } else
180 else badarg = 1; 180 badarg = 1;
181 } 181 } else if (!strcmp(*args, "-timeout")) {
182 else if (!strcmp(*args, "-timeout")) 182 if (args[1]) {
183 {
184 if (args[1])
185 {
186 args++; 183 args++;
187 req_timeout = atol(*args); 184 req_timeout = atol(*args);
188 if (req_timeout < 0) 185 if (req_timeout < 0) {
189 {
190 BIO_printf(bio_err, 186 BIO_printf(bio_err,
191 "Illegal timeout value %s\n", 187 "Illegal timeout value %s\n",
192 *args); 188 *args);
193 badarg = 1; 189 badarg = 1;
194 }
195 } 190 }
196 else badarg = 1; 191 } else
197 } 192 badarg = 1;
198 else if (!strcmp(*args, "-url")) 193 } else if (!strcmp(*args, "-url")) {
199 { 194 if (args[1]) {
200 if (args[1])
201 {
202 args++; 195 args++;
203 if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) 196 if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
204 {
205 BIO_printf(bio_err, "Error parsing URL\n"); 197 BIO_printf(bio_err, "Error parsing URL\n");
206 badarg = 1; 198 badarg = 1;
207 }
208 } 199 }
209 else badarg = 1; 200 } else
210 } 201 badarg = 1;
211 else if (!strcmp(*args, "-host")) 202 } else if (!strcmp(*args, "-host")) {
212 { 203 if (args[1]) {
213 if (args[1])
214 {
215 args++; 204 args++;
216 host = *args; 205 host = *args;
217 } 206 } else
218 else badarg = 1; 207 badarg = 1;
219 } 208 } else if (!strcmp(*args, "-port")) {
220 else if (!strcmp(*args, "-port")) 209 if (args[1]) {
221 {
222 if (args[1])
223 {
224 args++; 210 args++;
225 port = *args; 211 port = *args;
226 } 212 } else
227 else badarg = 1; 213 badarg = 1;
228 } 214 } else if (!strcmp(*args, "-header")) {
229 else if (!strcmp(*args, "-header")) 215 if (args[1] && args[2]) {
230 {
231 if (args[1] && args[2])
232 {
233 if (!X509V3_add_value(args[1], args[2], &headers)) 216 if (!X509V3_add_value(args[1], args[2], &headers))
234 goto end; 217 goto end;
235 args += 2; 218 args += 2;
236 } 219 } else
237 else badarg = 1; 220 badarg = 1;
238 } 221 } else if (!strcmp(*args, "-ignore_err"))
239 else if (!strcmp(*args, "-ignore_err"))
240 ignore_err = 1; 222 ignore_err = 1;
241 else if (!strcmp(*args, "-noverify")) 223 else if (!strcmp(*args, "-noverify"))
242 noverify = 1; 224 noverify = 1;
@@ -264,571 +246,459 @@ int MAIN(int argc, char **argv)
264 verify_flags |= OCSP_TRUSTOTHER; 246 verify_flags |= OCSP_TRUSTOTHER;
265 else if (!strcmp(*args, "-no_intern")) 247 else if (!strcmp(*args, "-no_intern"))
266 verify_flags |= OCSP_NOINTERN; 248 verify_flags |= OCSP_NOINTERN;
267 else if (!strcmp(*args, "-text")) 249 else if (!strcmp(*args, "-text")) {
268 {
269 req_text = 1; 250 req_text = 1;
270 resp_text = 1; 251 resp_text = 1;
271 } 252 } else if (!strcmp(*args, "-req_text"))
272 else if (!strcmp(*args, "-req_text"))
273 req_text = 1; 253 req_text = 1;
274 else if (!strcmp(*args, "-resp_text")) 254 else if (!strcmp(*args, "-resp_text"))
275 resp_text = 1; 255 resp_text = 1;
276 else if (!strcmp(*args, "-reqin")) 256 else if (!strcmp(*args, "-reqin")) {
277 { 257 if (args[1]) {
278 if (args[1])
279 {
280 args++; 258 args++;
281 reqin = *args; 259 reqin = *args;
282 } 260 } else
283 else badarg = 1; 261 badarg = 1;
284 } 262 } else if (!strcmp(*args, "-respin")) {
285 else if (!strcmp(*args, "-respin")) 263 if (args[1]) {
286 {
287 if (args[1])
288 {
289 args++; 264 args++;
290 respin = *args; 265 respin = *args;
291 } 266 } else
292 else badarg = 1; 267 badarg = 1;
293 } 268 } else if (!strcmp(*args, "-signer")) {
294 else if (!strcmp(*args, "-signer")) 269 if (args[1]) {
295 {
296 if (args[1])
297 {
298 args++; 270 args++;
299 signfile = *args; 271 signfile = *args;
300 } 272 } else
301 else badarg = 1; 273 badarg = 1;
302 } 274 } else if (!strcmp(*args, "-VAfile")) {
303 else if (!strcmp (*args, "-VAfile")) 275 if (args[1]) {
304 {
305 if (args[1])
306 {
307 args++; 276 args++;
308 verify_certfile = *args; 277 verify_certfile = *args;
309 verify_flags |= OCSP_TRUSTOTHER; 278 verify_flags |= OCSP_TRUSTOTHER;
310 } 279 } else
311 else badarg = 1; 280 badarg = 1;
312 } 281 } else if (!strcmp(*args, "-sign_other")) {
313 else if (!strcmp(*args, "-sign_other")) 282 if (args[1]) {
314 {
315 if (args[1])
316 {
317 args++; 283 args++;
318 sign_certfile = *args; 284 sign_certfile = *args;
319 } 285 } else
320 else badarg = 1; 286 badarg = 1;
321 } 287 } else if (!strcmp(*args, "-verify_other")) {
322 else if (!strcmp(*args, "-verify_other")) 288 if (args[1]) {
323 {
324 if (args[1])
325 {
326 args++; 289 args++;
327 verify_certfile = *args; 290 verify_certfile = *args;
328 } 291 } else
329 else badarg = 1; 292 badarg = 1;
330 } 293 } else if (!strcmp(*args, "-CAfile")) {
331 else if (!strcmp (*args, "-CAfile")) 294 if (args[1]) {
332 {
333 if (args[1])
334 {
335 args++; 295 args++;
336 CAfile = *args; 296 CAfile = *args;
337 } 297 } else
338 else badarg = 1; 298 badarg = 1;
339 } 299 } else if (!strcmp(*args, "-CApath")) {
340 else if (!strcmp (*args, "-CApath")) 300 if (args[1]) {
341 {
342 if (args[1])
343 {
344 args++; 301 args++;
345 CApath = *args; 302 CApath = *args;
346 } 303 } else
347 else badarg = 1; 304 badarg = 1;
348 } 305 } else if (!strcmp(*args, "-validity_period")) {
349 else if (!strcmp (*args, "-validity_period")) 306 if (args[1]) {
350 {
351 if (args[1])
352 {
353 args++; 307 args++;
354 nsec = atol(*args); 308 nsec = atol(*args);
355 if (nsec < 0) 309 if (nsec < 0) {
356 {
357 BIO_printf(bio_err, 310 BIO_printf(bio_err,
358 "Illegal validity period %s\n", 311 "Illegal validity period %s\n",
359 *args); 312 *args);
360 badarg = 1; 313 badarg = 1;
361 }
362 } 314 }
363 else badarg = 1; 315 } else
364 } 316 badarg = 1;
365 else if (!strcmp (*args, "-status_age")) 317 } else if (!strcmp(*args, "-status_age")) {
366 { 318 if (args[1]) {
367 if (args[1])
368 {
369 args++; 319 args++;
370 maxage = atol(*args); 320 maxage = atol(*args);
371 if (maxage < 0) 321 if (maxage < 0) {
372 {
373 BIO_printf(bio_err, 322 BIO_printf(bio_err,
374 "Illegal validity age %s\n", 323 "Illegal validity age %s\n",
375 *args); 324 *args);
376 badarg = 1; 325 badarg = 1;
377 }
378 } 326 }
379 else badarg = 1; 327 } else
380 } 328 badarg = 1;
381 else if (!strcmp(*args, "-signkey")) 329 } else if (!strcmp(*args, "-signkey")) {
382 { 330 if (args[1]) {
383 if (args[1])
384 {
385 args++; 331 args++;
386 keyfile = *args; 332 keyfile = *args;
387 } 333 } else
388 else badarg = 1; 334 badarg = 1;
389 } 335 } else if (!strcmp(*args, "-reqout")) {
390 else if (!strcmp(*args, "-reqout")) 336 if (args[1]) {
391 {
392 if (args[1])
393 {
394 args++; 337 args++;
395 reqout = *args; 338 reqout = *args;
396 } 339 } else
397 else badarg = 1; 340 badarg = 1;
398 } 341 } else if (!strcmp(*args, "-respout")) {
399 else if (!strcmp(*args, "-respout")) 342 if (args[1]) {
400 {
401 if (args[1])
402 {
403 args++; 343 args++;
404 respout = *args; 344 respout = *args;
405 } 345 } else
406 else badarg = 1; 346 badarg = 1;
407 } 347 } else if (!strcmp(*args, "-path")) {
408 else if (!strcmp(*args, "-path")) 348 if (args[1]) {
409 {
410 if (args[1])
411 {
412 args++; 349 args++;
413 path = *args; 350 path = *args;
414 } 351 } else
415 else badarg = 1; 352 badarg = 1;
416 } 353 } else if (!strcmp(*args, "-issuer")) {
417 else if (!strcmp(*args, "-issuer")) 354 if (args[1]) {
418 {
419 if (args[1])
420 {
421 args++; 355 args++;
422 X509_free(issuer); 356 X509_free(issuer);
423 issuer = load_cert(bio_err, *args, FORMAT_PEM, 357 issuer = load_cert(bio_err, *args, FORMAT_PEM,
424 NULL, e, "issuer certificate"); 358 NULL, e, "issuer certificate");
425 if(!issuer) goto end; 359 if (!issuer)
426 } 360 goto end;
427 else badarg = 1; 361 } else
428 } 362 badarg = 1;
429 else if (!strcmp (*args, "-cert")) 363 } else if (!strcmp(*args, "-cert")) {
430 { 364 if (args[1]) {
431 if (args[1])
432 {
433 args++; 365 args++;
434 X509_free(cert); 366 X509_free(cert);
435 cert = load_cert(bio_err, *args, FORMAT_PEM, 367 cert = load_cert(bio_err, *args, FORMAT_PEM,
436 NULL, e, "certificate"); 368 NULL, e, "certificate");
437 if(!cert) goto end; 369 if (!cert)
438 if (!cert_id_md) cert_id_md = EVP_sha1();
439 if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
440 goto end; 370 goto end;
441 if(!sk_OPENSSL_STRING_push(reqnames, *args)) 371 if (!cert_id_md)
372 cert_id_md = EVP_sha1();
373 if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
442 goto end; 374 goto end;
443 } 375 if (!sk_OPENSSL_STRING_push(reqnames, *args))
444 else badarg = 1; 376 goto end;
445 } 377 } else
446 else if (!strcmp(*args, "-serial")) 378 badarg = 1;
447 { 379 } else if (!strcmp(*args, "-serial")) {
448 if (args[1]) 380 if (args[1]) {
449 {
450 args++; 381 args++;
451 if (!cert_id_md) cert_id_md = EVP_sha1(); 382 if (!cert_id_md)
452 if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) 383 cert_id_md = EVP_sha1();
384 if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
453 goto end; 385 goto end;
454 if(!sk_OPENSSL_STRING_push(reqnames, *args)) 386 if (!sk_OPENSSL_STRING_push(reqnames, *args))
455 goto end; 387 goto end;
456 } 388 } else
457 else badarg = 1; 389 badarg = 1;
458 } 390 } else if (!strcmp(*args, "-index")) {
459 else if (!strcmp(*args, "-index")) 391 if (args[1]) {
460 {
461 if (args[1])
462 {
463 args++; 392 args++;
464 ridx_filename = *args; 393 ridx_filename = *args;
465 } 394 } else
466 else badarg = 1; 395 badarg = 1;
467 } 396 } else if (!strcmp(*args, "-CA")) {
468 else if (!strcmp(*args, "-CA")) 397 if (args[1]) {
469 {
470 if (args[1])
471 {
472 args++; 398 args++;
473 rca_filename = *args; 399 rca_filename = *args;
474 } 400 } else
475 else badarg = 1; 401 badarg = 1;
476 } 402 } else if (!strcmp(*args, "-nmin")) {
477 else if (!strcmp (*args, "-nmin")) 403 if (args[1]) {
478 {
479 if (args[1])
480 {
481 args++; 404 args++;
482 nmin = atol(*args); 405 nmin = atol(*args);
483 if (nmin < 0) 406 if (nmin < 0) {
484 {
485 BIO_printf(bio_err, 407 BIO_printf(bio_err,
486 "Illegal update period %s\n", 408 "Illegal update period %s\n",
487 *args); 409 *args);
488 badarg = 1; 410 badarg = 1;
489 }
490 } 411 }
491 if (ndays == -1)
492 ndays = 0;
493 else badarg = 1;
494 } 412 }
495 else if (!strcmp (*args, "-nrequest")) 413 if (ndays == -1)
496 { 414 ndays = 0;
497 if (args[1]) 415 else
498 { 416 badarg = 1;
417 } else if (!strcmp(*args, "-nrequest")) {
418 if (args[1]) {
499 args++; 419 args++;
500 accept_count = atol(*args); 420 accept_count = atol(*args);
501 if (accept_count < 0) 421 if (accept_count < 0) {
502 {
503 BIO_printf(bio_err, 422 BIO_printf(bio_err,
504 "Illegal accept count %s\n", 423 "Illegal accept count %s\n",
505 *args); 424 *args);
506 badarg = 1; 425 badarg = 1;
507 }
508 } 426 }
509 else badarg = 1; 427 } else
510 } 428 badarg = 1;
511 else if (!strcmp (*args, "-ndays")) 429 } else if (!strcmp(*args, "-ndays")) {
512 { 430 if (args[1]) {
513 if (args[1])
514 {
515 args++; 431 args++;
516 ndays = atol(*args); 432 ndays = atol(*args);
517 if (ndays < 0) 433 if (ndays < 0) {
518 {
519 BIO_printf(bio_err, 434 BIO_printf(bio_err,
520 "Illegal update period %s\n", 435 "Illegal update period %s\n",
521 *args); 436 *args);
522 badarg = 1; 437 badarg = 1;
523 }
524 } 438 }
525 else badarg = 1; 439 } else
526 } 440 badarg = 1;
527 else if (!strcmp(*args, "-rsigner")) 441 } else if (!strcmp(*args, "-rsigner")) {
528 { 442 if (args[1]) {
529 if (args[1])
530 {
531 args++; 443 args++;
532 rsignfile = *args; 444 rsignfile = *args;
533 } 445 } else
534 else badarg = 1; 446 badarg = 1;
535 } 447 } else if (!strcmp(*args, "-rkey")) {
536 else if (!strcmp(*args, "-rkey")) 448 if (args[1]) {
537 {
538 if (args[1])
539 {
540 args++; 449 args++;
541 rkeyfile = *args; 450 rkeyfile = *args;
542 } 451 } else
543 else badarg = 1; 452 badarg = 1;
544 } 453 } else if (!strcmp(*args, "-rother")) {
545 else if (!strcmp(*args, "-rother")) 454 if (args[1]) {
546 {
547 if (args[1])
548 {
549 args++; 455 args++;
550 rcertfile = *args; 456 rcertfile = *args;
551 } 457 } else
552 else badarg = 1; 458 badarg = 1;
553 } 459 } else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) {
554 else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
555 {
556 badarg = 1; 460 badarg = 1;
557 }
558 args++;
559 } 461 }
462 args++;
463 }
560 464
561 /* Have we anything to do? */ 465 /* Have we anything to do? */
562 if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; 466 if (!req && !reqin && !respin && !(port && ridx_filename))
563 467 badarg = 1;
564 if (badarg) 468
565 { 469 if (badarg) {
566 BIO_printf (bio_err, "OCSP utility\n"); 470 BIO_printf(bio_err, "OCSP utility\n");
567 BIO_printf (bio_err, "Usage ocsp [options]\n"); 471 BIO_printf(bio_err, "Usage ocsp [options]\n");
568 BIO_printf (bio_err, "where options are\n"); 472 BIO_printf(bio_err, "where options are\n");
569 BIO_printf (bio_err, "-out file output filename\n"); 473 BIO_printf(bio_err, "-out file output filename\n");
570 BIO_printf (bio_err, "-issuer file issuer certificate\n"); 474 BIO_printf(bio_err, "-issuer file issuer certificate\n");
571 BIO_printf (bio_err, "-cert file certificate to check\n"); 475 BIO_printf(bio_err, "-cert file certificate to check\n");
572 BIO_printf (bio_err, "-serial n serial number to check\n"); 476 BIO_printf(bio_err, "-serial n serial number to check\n");
573 BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); 477 BIO_printf(bio_err, "-signer file certificate to sign OCSP request with\n");
574 BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); 478 BIO_printf(bio_err, "-signkey file private key to sign OCSP request with\n");
575 BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); 479 BIO_printf(bio_err, "-sign_other file additional certificates to include in signed request\n");
576 BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); 480 BIO_printf(bio_err, "-no_certs don't include any certificates in signed request\n");
577 BIO_printf (bio_err, "-req_text print text form of request\n"); 481 BIO_printf(bio_err, "-req_text print text form of request\n");
578 BIO_printf (bio_err, "-resp_text print text form of response\n"); 482 BIO_printf(bio_err, "-resp_text print text form of response\n");
579 BIO_printf (bio_err, "-text print text form of request and response\n"); 483 BIO_printf(bio_err, "-text print text form of request and response\n");
580 BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); 484 BIO_printf(bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
581 BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); 485 BIO_printf(bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
582 BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); 486 BIO_printf(bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
583 BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); 487 BIO_printf(bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
584 BIO_printf (bio_err, "-nonce add OCSP nonce to request\n"); 488 BIO_printf(bio_err, "-nonce add OCSP nonce to request\n");
585 BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n"); 489 BIO_printf(bio_err, "-no_nonce don't add OCSP nonce to request\n");
586 BIO_printf (bio_err, "-url URL OCSP responder URL\n"); 490 BIO_printf(bio_err, "-url URL OCSP responder URL\n");
587 BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n"); 491 BIO_printf(bio_err, "-host host:n send OCSP request to host on port n\n");
588 BIO_printf (bio_err, "-path path to use in OCSP request\n"); 492 BIO_printf(bio_err, "-path path to use in OCSP request\n");
589 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 493 BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
590 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 494 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
591 BIO_printf (bio_err, "-VAfile file validator certificates file\n"); 495 BIO_printf(bio_err, "-VAfile file validator certificates file\n");
592 BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); 496 BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
593 BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); 497 BIO_printf(bio_err, "-status_age n maximum status age in seconds\n");
594 BIO_printf (bio_err, "-noverify don't verify response at all\n"); 498 BIO_printf(bio_err, "-noverify don't verify response at all\n");
595 BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); 499 BIO_printf(bio_err, "-verify_other file additional certificates to search for signer\n");
596 BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); 500 BIO_printf(bio_err, "-trust_other don't verify additional certificates\n");
597 BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); 501 BIO_printf(bio_err, "-no_intern don't search certificates contained in response for signer\n");
598 BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); 502 BIO_printf(bio_err, "-no_signature_verify don't check signature on response\n");
599 BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); 503 BIO_printf(bio_err, "-no_cert_verify don't check signing certificate\n");
600 BIO_printf (bio_err, "-no_chain don't chain verify response\n"); 504 BIO_printf(bio_err, "-no_chain don't chain verify response\n");
601 BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); 505 BIO_printf(bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
602 BIO_printf (bio_err, "-port num port to run responder on\n"); 506 BIO_printf(bio_err, "-port num port to run responder on\n");
603 BIO_printf (bio_err, "-index file certificate status index file\n"); 507 BIO_printf(bio_err, "-index file certificate status index file\n");
604 BIO_printf (bio_err, "-CA file CA certificate\n"); 508 BIO_printf(bio_err, "-CA file CA certificate\n");
605 BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); 509 BIO_printf(bio_err, "-rsigner file responder certificate to sign responses with\n");
606 BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); 510 BIO_printf(bio_err, "-rkey file responder key to sign responses with\n");
607 BIO_printf (bio_err, "-rother file other certificates to include in response\n"); 511 BIO_printf(bio_err, "-rother file other certificates to include in response\n");
608 BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); 512 BIO_printf(bio_err, "-resp_no_certs don't include any certificates in response\n");
609 BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); 513 BIO_printf(bio_err, "-nmin n number of minutes before next update\n");
610 BIO_printf (bio_err, "-ndays n number of days before next update\n"); 514 BIO_printf(bio_err, "-ndays n number of days before next update\n");
611 BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); 515 BIO_printf(bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
612 BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); 516 BIO_printf(bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
613 BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n"); 517 BIO_printf(bio_err, "-<dgst alg> use specified digest in the request\n");
614 goto end; 518 goto end;
615 } 519 }
616 520 if (outfile)
617 if(outfile) out = BIO_new_file(outfile, "w"); 521 out = BIO_new_file(outfile, "w");
618 else out = BIO_new_fp(stdout, BIO_NOCLOSE); 522 else
523 out = BIO_new_fp(stdout, BIO_NOCLOSE);
619 524
620 if(!out) 525 if (!out) {
621 {
622 BIO_printf(bio_err, "Error opening output file\n"); 526 BIO_printf(bio_err, "Error opening output file\n");
623 goto end; 527 goto end;
624 } 528 }
625 529 if (!req && (add_nonce != 2))
626 if (!req && (add_nonce != 2)) add_nonce = 0; 530 add_nonce = 0;
627 531
628 if (!req && reqin) 532 if (!req && reqin) {
629 {
630 derbio = BIO_new_file(reqin, "rb"); 533 derbio = BIO_new_file(reqin, "rb");
631 if (!derbio) 534 if (!derbio) {
632 {
633 BIO_printf(bio_err, "Error Opening OCSP request file\n"); 535 BIO_printf(bio_err, "Error Opening OCSP request file\n");
634 goto end; 536 goto end;
635 } 537 }
636 req = d2i_OCSP_REQUEST_bio(derbio, NULL); 538 req = d2i_OCSP_REQUEST_bio(derbio, NULL);
637 BIO_free(derbio); 539 BIO_free(derbio);
638 if(!req) 540 if (!req) {
639 {
640 BIO_printf(bio_err, "Error reading OCSP request\n"); 541 BIO_printf(bio_err, "Error reading OCSP request\n");
641 goto end; 542 goto end;
642 }
643 } 543 }
644 544 }
645 if (!req && port) 545 if (!req && port) {
646 {
647 acbio = init_responder(port); 546 acbio = init_responder(port);
648 if (!acbio) 547 if (!acbio)
649 goto end; 548 goto end;
650 } 549 }
651 550 if (rsignfile && !rdb) {
652 if (rsignfile && !rdb) 551 if (!rkeyfile)
653 { 552 rkeyfile = rsignfile;
654 if (!rkeyfile) rkeyfile = rsignfile;
655 rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, 553 rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
656 NULL, e, "responder certificate"); 554 NULL, e, "responder certificate");
657 if (!rsigner) 555 if (!rsigner) {
658 {
659 BIO_printf(bio_err, "Error loading responder certificate\n"); 556 BIO_printf(bio_err, "Error loading responder certificate\n");
660 goto end; 557 goto end;
661 } 558 }
662 rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, 559 rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
663 NULL, e, "CA certificate"); 560 NULL, e, "CA certificate");
664 if (rcertfile) 561 if (rcertfile) {
665 {
666 rother = load_certs(bio_err, rcertfile, FORMAT_PEM, 562 rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
667 NULL, e, "responder other certificates"); 563 NULL, e, "responder other certificates");
668 if (!rother) goto end; 564 if (!rother)
669 } 565 goto end;
566 }
670 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, 567 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
671 "responder private key"); 568 "responder private key");
672 if (!rkey) 569 if (!rkey)
673 goto end; 570 goto end;
674 } 571 }
675 if(acbio) 572 if (acbio)
676 BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); 573 BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
677 574
678 redo_accept: 575redo_accept:
679 576
680 if (acbio) 577 if (acbio) {
681 {
682 if (!do_responder(&req, &cbio, acbio, port)) 578 if (!do_responder(&req, &cbio, acbio, port))
683 goto end; 579 goto end;
684 if (!req) 580 if (!req) {
685 {
686 resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 581 resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
687 send_ocsp_response(cbio, resp); 582 send_ocsp_response(cbio, resp);
688 goto done_resp; 583 goto done_resp;
689 }
690 } 584 }
691 585 }
692 if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) 586 if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
693 {
694 BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); 587 BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
695 goto end; 588 goto end;
696 } 589 }
697 590 if (req && add_nonce)
698 if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); 591 OCSP_request_add1_nonce(req, NULL, -1);
699 592
700 if (signfile) 593 if (signfile) {
701 { 594 if (!keyfile)
702 if (!keyfile) keyfile = signfile; 595 keyfile = signfile;
703 signer = load_cert(bio_err, signfile, FORMAT_PEM, 596 signer = load_cert(bio_err, signfile, FORMAT_PEM,
704 NULL, e, "signer certificate"); 597 NULL, e, "signer certificate");
705 if (!signer) 598 if (!signer) {
706 {
707 BIO_printf(bio_err, "Error loading signer certificate\n"); 599 BIO_printf(bio_err, "Error loading signer certificate\n");
708 goto end; 600 goto end;
709 } 601 }
710 if (sign_certfile) 602 if (sign_certfile) {
711 {
712 sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, 603 sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
713 NULL, e, "signer certificates"); 604 NULL, e, "signer certificates");
714 if (!sign_other) goto end; 605 if (!sign_other)
715 } 606 goto end;
607 }
716 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, 608 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
717 "signer private key"); 609 "signer private key");
718 if (!key) 610 if (!key)
719 goto end; 611 goto end;
720 612
721 if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) 613 if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) {
722 {
723 BIO_printf(bio_err, "Error signing OCSP request\n"); 614 BIO_printf(bio_err, "Error signing OCSP request\n");
724 goto end; 615 goto end;
725 }
726 } 616 }
617 }
618 if (req_text && req)
619 OCSP_REQUEST_print(out, req, 0);
727 620
728 if (req_text && req) OCSP_REQUEST_print(out, req, 0); 621 if (reqout) {
729
730 if (reqout)
731 {
732 derbio = BIO_new_file(reqout, "wb"); 622 derbio = BIO_new_file(reqout, "wb");
733 if(!derbio) 623 if (!derbio) {
734 {
735 BIO_printf(bio_err, "Error opening file %s\n", reqout); 624 BIO_printf(bio_err, "Error opening file %s\n", reqout);
736 goto end; 625 goto end;
737 } 626 }
738 i2d_OCSP_REQUEST_bio(derbio, req); 627 i2d_OCSP_REQUEST_bio(derbio, req);
739 BIO_free(derbio); 628 BIO_free(derbio);
740 } 629 }
741 630 if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
742 if (ridx_filename && (!rkey || !rsigner || !rca_cert))
743 {
744 BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); 631 BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
745 goto end; 632 goto end;
746 } 633 }
747 634 if (ridx_filename && !rdb) {
748 if (ridx_filename && !rdb)
749 {
750 rdb = load_index(ridx_filename, NULL); 635 rdb = load_index(ridx_filename, NULL);
751 if (!rdb) goto end; 636 if (!rdb)
752 if (!index_index(rdb)) goto end; 637 goto end;
753 } 638 if (!index_index(rdb))
754 639 goto end;
755 if (rdb) 640 }
756 { 641 if (rdb) {
757 i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); 642 i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
758 if (cbio) 643 if (cbio)
759 send_ocsp_response(cbio, resp); 644 send_ocsp_response(cbio, resp);
760 } 645 } else if (host) {
761 else if (host)
762 {
763#ifndef OPENSSL_NO_SOCK 646#ifndef OPENSSL_NO_SOCK
764 resp = process_responder(bio_err, req, host, path, 647 resp = process_responder(bio_err, req, host, path,
765 port, use_ssl, headers, req_timeout); 648 port, use_ssl, headers, req_timeout);
766 if (!resp) 649 if (!resp)
767 goto end; 650 goto end;
768#else 651#else
769 BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); 652 BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
770 goto end; 653 goto end;
771#endif 654#endif
772 } 655 } else if (respin) {
773 else if (respin)
774 {
775 derbio = BIO_new_file(respin, "rb"); 656 derbio = BIO_new_file(respin, "rb");
776 if (!derbio) 657 if (!derbio) {
777 {
778 BIO_printf(bio_err, "Error Opening OCSP response file\n"); 658 BIO_printf(bio_err, "Error Opening OCSP response file\n");
779 goto end; 659 goto end;
780 } 660 }
781 resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); 661 resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
782 BIO_free(derbio); 662 BIO_free(derbio);
783 if(!resp) 663 if (!resp) {
784 {
785 BIO_printf(bio_err, "Error reading OCSP response\n"); 664 BIO_printf(bio_err, "Error reading OCSP response\n");
786 goto end; 665 goto end;
787 }
788
789 } 666 }
790 else 667 } else {
791 {
792 ret = 0; 668 ret = 0;
793 goto end; 669 goto end;
794 } 670 }
795 671
796 done_resp: 672done_resp:
797 673
798 if (respout) 674 if (respout) {
799 {
800 derbio = BIO_new_file(respout, "wb"); 675 derbio = BIO_new_file(respout, "wb");
801 if(!derbio) 676 if (!derbio) {
802 {
803 BIO_printf(bio_err, "Error opening file %s\n", respout); 677 BIO_printf(bio_err, "Error opening file %s\n", respout);
804 goto end; 678 goto end;
805 } 679 }
806 i2d_OCSP_RESPONSE_bio(derbio, resp); 680 i2d_OCSP_RESPONSE_bio(derbio, resp);
807 BIO_free(derbio); 681 BIO_free(derbio);
808 } 682 }
809
810 i = OCSP_response_status(resp); 683 i = OCSP_response_status(resp);
811 684
812 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) 685 if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
813 {
814 BIO_printf(out, "Responder Error: %s (%d)\n", 686 BIO_printf(out, "Responder Error: %s (%d)\n",
815 OCSP_response_status_str(i), i); 687 OCSP_response_status_str(i), i);
816 if (ignore_err) 688 if (ignore_err)
817 goto redo_accept; 689 goto redo_accept;
818 ret = 0; 690 ret = 0;
819 goto end; 691 goto end;
820 } 692 }
821 693 if (resp_text)
822 if (resp_text) OCSP_RESPONSE_print(out, resp, 0); 694 OCSP_RESPONSE_print(out, resp, 0);
823 695
824 /* If running as responder don't verify our own response */ 696 /* If running as responder don't verify our own response */
825 if (cbio) 697 if (cbio) {
826 {
827 if (accept_count > 0) 698 if (accept_count > 0)
828 accept_count--; 699 accept_count--;
829 /* Redo if more connections needed */ 700 /* Redo if more connections needed */
830 if (accept_count) 701 if (accept_count) {
831 {
832 BIO_free_all(cbio); 702 BIO_free_all(cbio);
833 cbio = NULL; 703 cbio = NULL;
834 OCSP_REQUEST_free(req); 704 OCSP_REQUEST_free(req);
@@ -836,55 +706,45 @@ int MAIN(int argc, char **argv)
836 OCSP_RESPONSE_free(resp); 706 OCSP_RESPONSE_free(resp);
837 resp = NULL; 707 resp = NULL;
838 goto redo_accept; 708 goto redo_accept;
839 }
840 goto end;
841 } 709 }
842 710 goto end;
711 }
843 if (!store) 712 if (!store)
844 store = setup_verify(bio_err, CAfile, CApath); 713 store = setup_verify(bio_err, CAfile, CApath);
845 if (!store) 714 if (!store)
846 goto end; 715 goto end;
847 if (verify_certfile) 716 if (verify_certfile) {
848 {
849 verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, 717 verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
850 NULL, e, "validator certificate"); 718 NULL, e, "validator certificate");
851 if (!verify_other) goto end; 719 if (!verify_other)
852 } 720 goto end;
853 721 }
854 bs = OCSP_response_get1_basic(resp); 722 bs = OCSP_response_get1_basic(resp);
855 723
856 if (!bs) 724 if (!bs) {
857 {
858 BIO_printf(bio_err, "Error parsing response\n"); 725 BIO_printf(bio_err, "Error parsing response\n");
859 goto end; 726 goto end;
860 } 727 }
861 728 if (!noverify) {
862 if (!noverify) 729 if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
863 {
864 if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
865 {
866 if (i == -1) 730 if (i == -1)
867 BIO_printf(bio_err, "WARNING: no nonce in response\n"); 731 BIO_printf(bio_err, "WARNING: no nonce in response\n");
868 else 732 else {
869 {
870 BIO_printf(bio_err, "Nonce Verify error\n"); 733 BIO_printf(bio_err, "Nonce Verify error\n");
871 goto end; 734 goto end;
872 }
873 } 735 }
874 736 }
875 i = OCSP_basic_verify(bs, verify_other, store, verify_flags); 737 i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
876 if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); 738 if (i < 0)
739 i = OCSP_basic_verify(bs, NULL, store, 0);
877 740
878 if(i <= 0) 741 if (i <= 0) {
879 {
880 BIO_printf(bio_err, "Response Verify Failure\n"); 742 BIO_printf(bio_err, "Response Verify Failure\n");
881 ERR_print_errors(bio_err); 743 ERR_print_errors(bio_err);
882 } 744 } else
883 else
884 BIO_printf(bio_err, "Response verify OK\n"); 745 BIO_printf(bio_err, "Response verify OK\n");
885 746
886 } 747 }
887
888 if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) 748 if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
889 goto end; 749 goto end;
890 750
@@ -913,75 +773,81 @@ end:
913 sk_X509_pop_free(verify_other, X509_free); 773 sk_X509_pop_free(verify_other, X509_free);
914 sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); 774 sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
915 775
916 if (use_ssl != -1) 776 if (use_ssl != -1) {
917 {
918 free(host); 777 free(host);
919 free(port); 778 free(port);
920 free(path); 779 free(path);
921 } 780 }
922 781 return (ret);
923 return(ret);
924} 782}
925 783
926static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer, 784static int
927 STACK_OF(OCSP_CERTID) *ids) 785add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer,
928 { 786 STACK_OF(OCSP_CERTID) * ids)
787{
929 OCSP_CERTID *id; 788 OCSP_CERTID *id;
930 if(!issuer) 789 if (!issuer) {
931 {
932 BIO_printf(bio_err, "No issuer certificate specified\n"); 790 BIO_printf(bio_err, "No issuer certificate specified\n");
933 return 0; 791 return 0;
934 } 792 }
935 if(!*req) *req = OCSP_REQUEST_new(); 793 if (!*req)
936 if(!*req) goto err; 794 *req = OCSP_REQUEST_new();
795 if (!*req)
796 goto err;
937 id = OCSP_cert_to_id(cert_id_md, cert, issuer); 797 id = OCSP_cert_to_id(cert_id_md, cert, issuer);
938 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 798 if (!id || !sk_OCSP_CERTID_push(ids, id))
939 if(!OCSP_request_add0_id(*req, id)) goto err; 799 goto err;
800 if (!OCSP_request_add0_id(*req, id))
801 goto err;
940 return 1; 802 return 1;
941 803
942 err: 804err:
943 BIO_printf(bio_err, "Error Creating OCSP request\n"); 805 BIO_printf(bio_err, "Error Creating OCSP request\n");
944 return 0; 806 return 0;
945 } 807}
946 808
947static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer, 809static int
948 STACK_OF(OCSP_CERTID) *ids) 810add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer,
949 { 811 STACK_OF(OCSP_CERTID) * ids)
812{
950 OCSP_CERTID *id; 813 OCSP_CERTID *id;
951 X509_NAME *iname; 814 X509_NAME *iname;
952 ASN1_BIT_STRING *ikey; 815 ASN1_BIT_STRING *ikey;
953 ASN1_INTEGER *sno; 816 ASN1_INTEGER *sno;
954 if(!issuer) 817 if (!issuer) {
955 {
956 BIO_printf(bio_err, "No issuer certificate specified\n"); 818 BIO_printf(bio_err, "No issuer certificate specified\n");
957 return 0; 819 return 0;
958 } 820 }
959 if(!*req) *req = OCSP_REQUEST_new(); 821 if (!*req)
960 if(!*req) goto err; 822 *req = OCSP_REQUEST_new();
823 if (!*req)
824 goto err;
961 iname = X509_get_subject_name(issuer); 825 iname = X509_get_subject_name(issuer);
962 ikey = X509_get0_pubkey_bitstr(issuer); 826 ikey = X509_get0_pubkey_bitstr(issuer);
963 sno = s2i_ASN1_INTEGER(NULL, serial); 827 sno = s2i_ASN1_INTEGER(NULL, serial);
964 if(!sno) 828 if (!sno) {
965 {
966 BIO_printf(bio_err, "Error converting serial number %s\n", serial); 829 BIO_printf(bio_err, "Error converting serial number %s\n", serial);
967 return 0; 830 return 0;
968 } 831 }
969 id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); 832 id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
970 ASN1_INTEGER_free(sno); 833 ASN1_INTEGER_free(sno);
971 if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; 834 if (!id || !sk_OCSP_CERTID_push(ids, id))
972 if(!OCSP_request_add0_id(*req, id)) goto err; 835 goto err;
836 if (!OCSP_request_add0_id(*req, id))
837 goto err;
973 return 1; 838 return 1;
974 839
975 err: 840err:
976 BIO_printf(bio_err, "Error Creating OCSP request\n"); 841 BIO_printf(bio_err, "Error Creating OCSP request\n");
977 return 0; 842 return 0;
978 } 843}
979 844
980static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, 845static int
981 STACK_OF(OPENSSL_STRING) *names, 846print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req,
982 STACK_OF(OCSP_CERTID) *ids, long nsec, 847 STACK_OF(OPENSSL_STRING) * names,
983 long maxage) 848 STACK_OF(OCSP_CERTID) * ids, long nsec,
984 { 849 long maxage)
850{
985 OCSP_CERTID *id; 851 OCSP_CERTID *id;
986 char *name; 852 char *name;
987 int i; 853 int i;
@@ -993,61 +859,57 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
993 if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) 859 if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
994 return 1; 860 return 1;
995 861
996 for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) 862 for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
997 {
998 id = sk_OCSP_CERTID_value(ids, i); 863 id = sk_OCSP_CERTID_value(ids, i);
999 name = sk_OPENSSL_STRING_value(names, i); 864 name = sk_OPENSSL_STRING_value(names, i);
1000 BIO_printf(out, "%s: ", name); 865 BIO_printf(out, "%s: ", name);
1001 866
1002 if(!OCSP_resp_find_status(bs, id, &status, &reason, 867 if (!OCSP_resp_find_status(bs, id, &status, &reason,
1003 &rev, &thisupd, &nextupd)) 868 &rev, &thisupd, &nextupd)) {
1004 {
1005 BIO_puts(out, "ERROR: No Status found.\n"); 869 BIO_puts(out, "ERROR: No Status found.\n");
1006 continue; 870 continue;
1007 } 871 }
1008 872 /*
1009 /* Check validity: if invalid write to output BIO so we 873 * Check validity: if invalid write to output BIO so we know
1010 * know which response this refers to. 874 * which response this refers to.
1011 */ 875 */
1012 if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) 876 if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
1013 {
1014 BIO_puts(out, "WARNING: Status times invalid.\n"); 877 BIO_puts(out, "WARNING: Status times invalid.\n");
1015 ERR_print_errors(out); 878 ERR_print_errors(out);
1016 } 879 }
1017 BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); 880 BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
1018 881
1019 BIO_puts(out, "\tThis Update: "); 882 BIO_puts(out, "\tThis Update: ");
1020 ASN1_GENERALIZEDTIME_print(out, thisupd); 883 ASN1_GENERALIZEDTIME_print(out, thisupd);
1021 BIO_puts(out, "\n"); 884 BIO_puts(out, "\n");
1022 885
1023 if(nextupd) 886 if (nextupd) {
1024 {
1025 BIO_puts(out, "\tNext Update: "); 887 BIO_puts(out, "\tNext Update: ");
1026 ASN1_GENERALIZEDTIME_print(out, nextupd); 888 ASN1_GENERALIZEDTIME_print(out, nextupd);
1027 BIO_puts(out, "\n"); 889 BIO_puts(out, "\n");
1028 } 890 }
1029
1030 if (status != V_OCSP_CERTSTATUS_REVOKED) 891 if (status != V_OCSP_CERTSTATUS_REVOKED)
1031 continue; 892 continue;
1032 893
1033 if (reason != -1) 894 if (reason != -1)
1034 BIO_printf(out, "\tReason: %s\n", 895 BIO_printf(out, "\tReason: %s\n",
1035 OCSP_crl_reason_str(reason)); 896 OCSP_crl_reason_str(reason));
1036 897
1037 BIO_puts(out, "\tRevocation Time: "); 898 BIO_puts(out, "\tRevocation Time: ");
1038 ASN1_GENERALIZEDTIME_print(out, rev); 899 ASN1_GENERALIZEDTIME_print(out, rev);
1039 BIO_puts(out, "\n"); 900 BIO_puts(out, "\n");
1040 } 901 }
1041 902
1042 return 1; 903 return 1;
1043 } 904}
1044 905
1045 906
1046static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, 907static int
1047 X509 *ca, X509 *rcert, EVP_PKEY *rkey, 908make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db,
1048 STACK_OF(X509) *rother, unsigned long flags, 909 X509 * ca, X509 * rcert, EVP_PKEY * rkey,
1049 int nmin, int ndays) 910 STACK_OF(X509) * rother, unsigned long flags,
1050 { 911 int nmin, int ndays)
912{
1051 ASN1_TIME *thisupd = NULL, *nextupd = NULL; 913 ASN1_TIME *thisupd = NULL, *nextupd = NULL;
1052 OCSP_CERTID *cid, *ca_id = NULL; 914 OCSP_CERTID *cid, *ca_id = NULL;
1053 OCSP_BASICRESP *bs = NULL; 915 OCSP_BASICRESP *bs = NULL;
@@ -1055,21 +917,17 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
1055 917
1056 id_count = OCSP_request_onereq_count(req); 918 id_count = OCSP_request_onereq_count(req);
1057 919
1058 if (id_count <= 0) 920 if (id_count <= 0) {
1059 {
1060 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); 921 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
1061 goto end; 922 goto end;
1062 } 923 }
1063
1064
1065 bs = OCSP_BASICRESP_new(); 924 bs = OCSP_BASICRESP_new();
1066 thisupd = X509_gmtime_adj(NULL, 0); 925 thisupd = X509_gmtime_adj(NULL, 0);
1067 if (ndays != -1) 926 if (ndays != -1)
1068 nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); 927 nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
1069 928
1070 /* Examine each certificate id in the request */ 929 /* Examine each certificate id in the request */
1071 for (i = 0; i < id_count; i++) 930 for (i = 0; i < id_count; i++) {
1072 {
1073 OCSP_ONEREQ *one; 931 OCSP_ONEREQ *one;
1074 ASN1_INTEGER *serial; 932 ASN1_INTEGER *serial;
1075 char **inf; 933 char **inf;
@@ -1078,41 +936,39 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
1078 one = OCSP_request_onereq_get0(req, i); 936 one = OCSP_request_onereq_get0(req, i);
1079 cid = OCSP_onereq_get0_id(one); 937 cid = OCSP_onereq_get0_id(one);
1080 938
1081 OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); 939 OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
1082 940
1083 cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); 941 cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
1084 if (! cert_id_md) 942 if (!cert_id_md) {
1085 {
1086 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, 943 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
1087 NULL); 944 NULL);
1088 goto end; 945 goto end;
1089 } 946 }
1090 if (ca_id) OCSP_CERTID_free(ca_id); 947 if (ca_id)
948 OCSP_CERTID_free(ca_id);
1091 ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); 949 ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
1092 950
1093 /* Is this request about our CA? */ 951 /* Is this request about our CA? */
1094 if (OCSP_id_issuer_cmp(ca_id, cid)) 952 if (OCSP_id_issuer_cmp(ca_id, cid)) {
1095 {
1096 OCSP_basic_add1_status(bs, cid, 953 OCSP_basic_add1_status(bs, cid,
1097 V_OCSP_CERTSTATUS_UNKNOWN, 954 V_OCSP_CERTSTATUS_UNKNOWN,
1098 0, NULL, 955 0, NULL,
1099 thisupd, nextupd); 956 thisupd, nextupd);
1100 continue; 957 continue;
1101 } 958 }
1102 OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); 959 OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
1103 inf = lookup_serial(db, serial); 960 inf = lookup_serial(db, serial);
1104 if (!inf) 961 if (!inf)
1105 OCSP_basic_add1_status(bs, cid, 962 OCSP_basic_add1_status(bs, cid,
1106 V_OCSP_CERTSTATUS_UNKNOWN, 963 V_OCSP_CERTSTATUS_UNKNOWN,
1107 0, NULL, 964 0, NULL,
1108 thisupd, nextupd); 965 thisupd, nextupd);
1109 else if (inf[DB_type][0] == DB_TYPE_VAL) 966 else if (inf[DB_type][0] == DB_TYPE_VAL)
1110 OCSP_basic_add1_status(bs, cid, 967 OCSP_basic_add1_status(bs, cid,
1111 V_OCSP_CERTSTATUS_GOOD, 968 V_OCSP_CERTSTATUS_GOOD,
1112 0, NULL, 969 0, NULL,
1113 thisupd, nextupd); 970 thisupd, nextupd);
1114 else if (inf[DB_type][0] == DB_TYPE_REV) 971 else if (inf[DB_type][0] == DB_TYPE_REV) {
1115 {
1116 ASN1_OBJECT *inst = NULL; 972 ASN1_OBJECT *inst = NULL;
1117 ASN1_TIME *revtm = NULL; 973 ASN1_TIME *revtm = NULL;
1118 ASN1_GENERALIZEDTIME *invtm = NULL; 974 ASN1_GENERALIZEDTIME *invtm = NULL;
@@ -1120,9 +976,9 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
1120 int reason = -1; 976 int reason = -1;
1121 unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); 977 unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
1122 single = OCSP_basic_add1_status(bs, cid, 978 single = OCSP_basic_add1_status(bs, cid,
1123 V_OCSP_CERTSTATUS_REVOKED, 979 V_OCSP_CERTSTATUS_REVOKED,
1124 reason, revtm, 980 reason, revtm,
1125 thisupd, nextupd); 981 thisupd, nextupd);
1126 if (invtm) 982 if (invtm)
1127 OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); 983 OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
1128 else if (inst) 984 else if (inst)
@@ -1130,50 +986,54 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
1130 ASN1_OBJECT_free(inst); 986 ASN1_OBJECT_free(inst);
1131 ASN1_TIME_free(revtm); 987 ASN1_TIME_free(revtm);
1132 ASN1_GENERALIZEDTIME_free(invtm); 988 ASN1_GENERALIZEDTIME_free(invtm);
1133 }
1134 } 989 }
990 }
1135 991
1136 OCSP_copy_nonce(bs, req); 992 OCSP_copy_nonce(bs, req);
1137 993
1138 OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); 994 OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
1139 995
1140 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); 996 *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
1141 997
1142 end: 998end:
1143 ASN1_TIME_free(thisupd); 999 ASN1_TIME_free(thisupd);
1144 ASN1_TIME_free(nextupd); 1000 ASN1_TIME_free(nextupd);
1145 OCSP_CERTID_free(ca_id); 1001 OCSP_CERTID_free(ca_id);
1146 OCSP_BASICRESP_free(bs); 1002 OCSP_BASICRESP_free(bs);
1147 return ret; 1003 return ret;
1148 1004
1149 } 1005}
1150 1006
1151static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) 1007static char **
1152 { 1008lookup_serial(CA_DB * db, ASN1_INTEGER * ser)
1009{
1153 int i; 1010 int i;
1154 BIGNUM *bn = NULL; 1011 BIGNUM *bn = NULL;
1155 char *itmp, *row[DB_NUMBER],**rrow; 1012 char *itmp, *row[DB_NUMBER], **rrow;
1156 for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; 1013 for (i = 0; i < DB_NUMBER; i++)
1157 bn = ASN1_INTEGER_to_BN(ser,NULL); 1014 row[i] = NULL;
1158 OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ 1015 bn = ASN1_INTEGER_to_BN(ser, NULL);
1016 OPENSSL_assert(bn); /* FIXME: should report an error at this
1017 * point and abort */
1159 if (BN_is_zero(bn)) 1018 if (BN_is_zero(bn))
1160 itmp = BUF_strdup("00"); 1019 itmp = BUF_strdup("00");
1161 else 1020 else
1162 itmp = BN_bn2hex(bn); 1021 itmp = BN_bn2hex(bn);
1163 row[DB_serial] = itmp; 1022 row[DB_serial] = itmp;
1164 BN_free(bn); 1023 BN_free(bn);
1165 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1024 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
1166 free(itmp); 1025 free(itmp);
1167 return rrow; 1026 return rrow;
1168 } 1027}
1169 1028
1170/* Quick and dirty OCSP server: read in and parse input request */ 1029/* Quick and dirty OCSP server: read in and parse input request */
1171 1030
1172static BIO *init_responder(char *port) 1031static BIO *
1173 { 1032init_responder(char *port)
1033{
1174 BIO *acbio = NULL, *bufbio = NULL; 1034 BIO *acbio = NULL, *bufbio = NULL;
1175 bufbio = BIO_new(BIO_f_buffer()); 1035 bufbio = BIO_new(BIO_f_buffer());
1176 if (!bufbio) 1036 if (!bufbio)
1177 goto err; 1037 goto err;
1178#ifndef OPENSSL_NO_SOCK 1038#ifndef OPENSSL_NO_SOCK
1179 acbio = BIO_new_accept(port); 1039 acbio = BIO_new_accept(port);
@@ -1185,91 +1045,85 @@ static BIO *init_responder(char *port)
1185 BIO_set_accept_bios(acbio, bufbio); 1045 BIO_set_accept_bios(acbio, bufbio);
1186 bufbio = NULL; 1046 bufbio = NULL;
1187 1047
1188 if (BIO_do_accept(acbio) <= 0) 1048 if (BIO_do_accept(acbio) <= 0) {
1189 { 1049 BIO_printf(bio_err, "Error setting up accept BIO\n");
1190 BIO_printf(bio_err, "Error setting up accept BIO\n"); 1050 ERR_print_errors(bio_err);
1191 ERR_print_errors(bio_err); 1051 goto err;
1192 goto err; 1052 }
1193 }
1194
1195 return acbio; 1053 return acbio;
1196 1054
1197 err: 1055err:
1198 BIO_free_all(acbio); 1056 BIO_free_all(acbio);
1199 BIO_free(bufbio); 1057 BIO_free(bufbio);
1200 return NULL; 1058 return NULL;
1201 } 1059}
1202 1060
1203static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) 1061static int
1204 { 1062do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port)
1063{
1205 int have_post = 0, len; 1064 int have_post = 0, len;
1206 OCSP_REQUEST *req = NULL; 1065 OCSP_REQUEST *req = NULL;
1207 char inbuf[1024]; 1066 char inbuf[1024];
1208 BIO *cbio = NULL; 1067 BIO *cbio = NULL;
1209 1068
1210 if (BIO_do_accept(acbio) <= 0) 1069 if (BIO_do_accept(acbio) <= 0) {
1211 { 1070 BIO_printf(bio_err, "Error accepting connection\n");
1212 BIO_printf(bio_err, "Error accepting connection\n"); 1071 ERR_print_errors(bio_err);
1213 ERR_print_errors(bio_err); 1072 return 0;
1214 return 0; 1073 }
1215 }
1216
1217 cbio = BIO_pop(acbio); 1074 cbio = BIO_pop(acbio);
1218 *pcbio = cbio; 1075 *pcbio = cbio;
1219 1076
1220 for(;;) 1077 for (;;) {
1221 {
1222 len = BIO_gets(cbio, inbuf, sizeof inbuf); 1078 len = BIO_gets(cbio, inbuf, sizeof inbuf);
1223 if (len <= 0) 1079 if (len <= 0)
1224 return 1; 1080 return 1;
1225 /* Look for "POST" signalling start of query */ 1081 /* Look for "POST" signalling start of query */
1226 if (!have_post) 1082 if (!have_post) {
1227 { 1083 if (strncmp(inbuf, "POST", 4)) {
1228 if(strncmp(inbuf, "POST", 4))
1229 {
1230 BIO_printf(bio_err, "Invalid request\n"); 1084 BIO_printf(bio_err, "Invalid request\n");
1231 return 1; 1085 return 1;
1232 }
1233 have_post = 1;
1234 } 1086 }
1087 have_post = 1;
1088 }
1235 /* Look for end of headers */ 1089 /* Look for end of headers */
1236 if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) 1090 if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
1237 break; 1091 break;
1238 } 1092 }
1239 1093
1240 /* Try to read OCSP request */ 1094 /* Try to read OCSP request */
1241 1095
1242 req = d2i_OCSP_REQUEST_bio(cbio, NULL); 1096 req = d2i_OCSP_REQUEST_bio(cbio, NULL);
1243 1097
1244 if (!req) 1098 if (!req) {
1245 {
1246 BIO_printf(bio_err, "Error parsing OCSP request\n"); 1099 BIO_printf(bio_err, "Error parsing OCSP request\n");
1247 ERR_print_errors(bio_err); 1100 ERR_print_errors(bio_err);
1248 } 1101 }
1249
1250 *preq = req; 1102 *preq = req;
1251 1103
1252 return 1; 1104 return 1;
1253 1105
1254 } 1106}
1255 1107
1256static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) 1108static int
1257 { 1109send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp)
1258 static const char http_resp[] = 1110{
1259 "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" 1111 static const char http_resp[] =
1260 "Content-Length: %d\r\n\r\n"; 1112 "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
1113 "Content-Length: %d\r\n\r\n";
1261 if (!cbio) 1114 if (!cbio)
1262 return 0; 1115 return 0;
1263 BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); 1116 BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
1264 i2d_OCSP_RESPONSE_bio(cbio, resp); 1117 i2d_OCSP_RESPONSE_bio(cbio, resp);
1265 (void)BIO_flush(cbio); 1118 (void) BIO_flush(cbio);
1266 return 1; 1119 return 1;
1267 } 1120}
1268 1121
1269static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, 1122static OCSP_RESPONSE *
1270 STACK_OF(CONF_VALUE) *headers, 1123query_responder(BIO * err, BIO * cbio, char *path,
1271 OCSP_REQUEST *req, int req_timeout) 1124 STACK_OF(CONF_VALUE) * headers,
1272 { 1125 OCSP_REQUEST * req, int req_timeout)
1126{
1273 int fd; 1127 int fd;
1274 int rv; 1128 int rv;
1275 int i; 1129 int i;
@@ -1283,49 +1137,39 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
1283 1137
1284 rv = BIO_do_connect(cbio); 1138 rv = BIO_do_connect(cbio);
1285 1139
1286 if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) 1140 if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
1287 {
1288 BIO_puts(err, "Error connecting BIO\n"); 1141 BIO_puts(err, "Error connecting BIO\n");
1289 return NULL; 1142 return NULL;
1290 } 1143 }
1291 1144 if (BIO_get_fd(cbio, &fd) <= 0) {
1292 if (BIO_get_fd(cbio, &fd) <= 0)
1293 {
1294 BIO_puts(err, "Can't get connection fd\n"); 1145 BIO_puts(err, "Can't get connection fd\n");
1295 goto err; 1146 goto err;
1296 } 1147 }
1297 1148 if (req_timeout != -1 && rv <= 0) {
1298 if (req_timeout != -1 && rv <= 0)
1299 {
1300 FD_ZERO(&confds); 1149 FD_ZERO(&confds);
1301 openssl_fdset(fd, &confds); 1150 openssl_fdset(fd, &confds);
1302 tv.tv_usec = 0; 1151 tv.tv_usec = 0;
1303 tv.tv_sec = req_timeout; 1152 tv.tv_sec = req_timeout;
1304 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1153 rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv);
1305 if (rv == 0) 1154 if (rv == 0) {
1306 {
1307 BIO_puts(err, "Timeout on connect\n"); 1155 BIO_puts(err, "Timeout on connect\n");
1308 return NULL; 1156 return NULL;
1309 }
1310 } 1157 }
1311 1158 }
1312
1313 ctx = OCSP_sendreq_new(cbio, path, NULL, -1); 1159 ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
1314 if (!ctx) 1160 if (!ctx)
1315 return NULL; 1161 return NULL;
1316 1162
1317 for (i = 0; i < sk_CONF_VALUE_num(headers); i++) 1163 for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
1318 {
1319 CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); 1164 CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
1320 if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) 1165 if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
1321 goto err; 1166 goto err;
1322 } 1167 }
1323 1168
1324 if (!OCSP_REQ_CTX_set1_req(ctx, req)) 1169 if (!OCSP_REQ_CTX_set1_req(ctx, req))
1325 goto err; 1170 goto err;
1326 1171
1327 for (;;) 1172 for (;;) {
1328 {
1329 rv = OCSP_sendreq_nbio(&rsp, ctx); 1173 rv = OCSP_sendreq_nbio(&rsp, ctx);
1330 if (rv != -1) 1174 if (rv != -1)
1331 break; 1175 break;
@@ -1336,70 +1180,65 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
1336 tv.tv_usec = 0; 1180 tv.tv_usec = 0;
1337 tv.tv_sec = req_timeout; 1181 tv.tv_sec = req_timeout;
1338 if (BIO_should_read(cbio)) 1182 if (BIO_should_read(cbio))
1339 rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); 1183 rv = select(fd + 1, (void *) &confds, NULL, NULL, &tv);
1340 else if (BIO_should_write(cbio)) 1184 else if (BIO_should_write(cbio))
1341 rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); 1185 rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv);
1342 else 1186 else {
1343 {
1344 BIO_puts(err, "Unexpected retry condition\n"); 1187 BIO_puts(err, "Unexpected retry condition\n");
1345 goto err; 1188 goto err;
1346 } 1189 }
1347 if (rv == 0) 1190 if (rv == 0) {
1348 {
1349 BIO_puts(err, "Timeout on request\n"); 1191 BIO_puts(err, "Timeout on request\n");
1350 break; 1192 break;
1351 } 1193 }
1352 if (rv == -1) 1194 if (rv == -1) {
1353 {
1354 BIO_puts(err, "Select error\n"); 1195 BIO_puts(err, "Select error\n");
1355 break; 1196 break;
1356 }
1357
1358 } 1197 }
1359 err: 1198 }
1199err:
1360 if (ctx) 1200 if (ctx)
1361 OCSP_REQ_CTX_free(ctx); 1201 OCSP_REQ_CTX_free(ctx);
1362 1202
1363 return rsp; 1203 return rsp;
1364 } 1204}
1365 1205
1366OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, 1206OCSP_RESPONSE *
1367 char *host, char *path, char *port, int use_ssl, 1207process_responder(BIO * err, OCSP_REQUEST * req,
1368 STACK_OF(CONF_VALUE) *headers, 1208 char *host, char *path, char *port, int use_ssl,
1369 int req_timeout) 1209 STACK_OF(CONF_VALUE) * headers,
1370 { 1210 int req_timeout)
1211{
1371 BIO *cbio = NULL; 1212 BIO *cbio = NULL;
1372 SSL_CTX *ctx = NULL; 1213 SSL_CTX *ctx = NULL;
1373 OCSP_RESPONSE *resp = NULL; 1214 OCSP_RESPONSE *resp = NULL;
1374 cbio = BIO_new_connect(host); 1215 cbio = BIO_new_connect(host);
1375 if (!cbio) 1216 if (!cbio) {
1376 {
1377 BIO_printf(err, "Error creating connect BIO\n"); 1217 BIO_printf(err, "Error creating connect BIO\n");
1378 goto end; 1218 goto end;
1379 } 1219 }
1380 if (port) BIO_set_conn_port(cbio, port); 1220 if (port)
1381 if (use_ssl == 1) 1221 BIO_set_conn_port(cbio, port);
1382 { 1222 if (use_ssl == 1) {
1383 BIO *sbio; 1223 BIO *sbio;
1384 ctx = SSL_CTX_new(SSLv23_client_method()); 1224 ctx = SSL_CTX_new(SSLv23_client_method());
1385 if (ctx == NULL) 1225 if (ctx == NULL) {
1386 {
1387 BIO_printf(err, "Error creating SSL context.\n"); 1226 BIO_printf(err, "Error creating SSL context.\n");
1388 goto end; 1227 goto end;
1389 } 1228 }
1390 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); 1229 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
1391 sbio = BIO_new_ssl(ctx, 1); 1230 sbio = BIO_new_ssl(ctx, 1);
1392 cbio = BIO_push(sbio, cbio); 1231 cbio = BIO_push(sbio, cbio);
1393 } 1232 }
1394 resp = query_responder(err, cbio, path, headers, req, req_timeout); 1233 resp = query_responder(err, cbio, path, headers, req, req_timeout);
1395 if (!resp) 1234 if (!resp)
1396 BIO_printf(bio_err, "Error querying OCSP responder\n"); 1235 BIO_printf(bio_err, "Error querying OCSP responder\n");
1397 end: 1236end:
1398 if (cbio) 1237 if (cbio)
1399 BIO_free_all(cbio); 1238 BIO_free_all(cbio);
1400 if (ctx) 1239 if (ctx)
1401 SSL_CTX_free(ctx); 1240 SSL_CTX_free(ctx);
1402 return resp; 1241 return resp;
1403 } 1242}
1404 1243
1405#endif 1244#endif
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 8b2f699cba..9f01e3c576 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -113,7 +113,8 @@
113#include <stdio.h> 113#include <stdio.h>
114#include <string.h> 114#include <string.h>
115#include <stdlib.h> 115#include <stdlib.h>
116#define OPENSSL_C /* tells apps.h to use complete apps_startup() */ 116#define OPENSSL_C /* tells apps.h to use complete
117 * apps_startup() */
117#include "apps.h" 118#include "apps.h"
118#include <openssl/bio.h> 119#include <openssl/bio.h>
119#include <openssl/crypto.h> 120#include <openssl/crypto.h>
@@ -135,256 +136,236 @@
135 * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper 136 * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
136 * functions. */ 137 * functions. */
137 138
138static LHASH_OF(FUNCTION) *prog_init(void ); 139static LHASH_OF(FUNCTION) * prog_init(void);
139static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]); 140static int do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]);
140static void list_pkey(BIO *out); 141static void list_pkey(BIO * out);
141static void list_cipher(BIO *out); 142static void list_cipher(BIO * out);
142static void list_md(BIO *out); 143static void list_md(BIO * out);
143char *default_config_file=NULL; 144char *default_config_file = NULL;
144 145
145CONF *config=NULL; 146CONF *config = NULL;
146BIO *bio_err=NULL; 147BIO *bio_err = NULL;
147 148
148static void lock_dbg_cb(int mode, int type, const char *file, int line) 149static void
149 { 150lock_dbg_cb(int mode, int type, const char *file, int line)
150 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ 151{
152 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
151 const char *errstr = NULL; 153 const char *errstr = NULL;
152 int rw; 154 int rw;
153 155
154 rw = mode & (CRYPTO_READ|CRYPTO_WRITE); 156 rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
155 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) 157 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
156 {
157 errstr = "invalid mode"; 158 errstr = "invalid mode";
158 goto err; 159 goto err;
159 } 160 }
160 161 if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
161 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
162 {
163 errstr = "type out of bounds"; 162 errstr = "type out of bounds";
164 goto err; 163 goto err;
165 } 164 }
166 165 if (mode & CRYPTO_LOCK) {
167 if (mode & CRYPTO_LOCK) 166 if (modes[type]) {
168 {
169 if (modes[type])
170 {
171 errstr = "already locked"; 167 errstr = "already locked";
172 /* must not happen in a single-threaded program 168 /*
173 * (would deadlock) */ 169 * must not happen in a single-threaded program
170 * (would deadlock)
171 */
174 goto err; 172 goto err;
175 }
176
177 modes[type] = rw;
178 } 173 }
179 else if (mode & CRYPTO_UNLOCK) 174 modes[type] = rw;
180 { 175 } else if (mode & CRYPTO_UNLOCK) {
181 if (!modes[type]) 176 if (!modes[type]) {
182 {
183 errstr = "not locked"; 177 errstr = "not locked";
184 goto err; 178 goto err;
185 } 179 }
186 180 if (modes[type] != rw) {
187 if (modes[type] != rw)
188 {
189 errstr = (rw == CRYPTO_READ) ? 181 errstr = (rw == CRYPTO_READ) ?
190 "CRYPTO_r_unlock on write lock" : 182 "CRYPTO_r_unlock on write lock" :
191 "CRYPTO_w_unlock on read lock"; 183 "CRYPTO_w_unlock on read lock";
192 }
193
194 modes[type] = 0;
195 } 184 }
196 else 185 modes[type] = 0;
197 { 186 } else {
198 errstr = "invalid mode"; 187 errstr = "invalid mode";
199 goto err; 188 goto err;
200 } 189 }
201 190
202 err: 191err:
203 if (errstr) 192 if (errstr) {
204 {
205 /* we cannot use bio_err here */ 193 /* we cannot use bio_err here */
206 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", 194 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
207 errstr, mode, type, file, line); 195 errstr, mode, type, file, line);
208 }
209 } 196 }
197}
210 198
211# define ARGV Argv 199#define ARGV Argv
212 200
213int main(int Argc, char *ARGV[]) 201int
214 { 202main(int Argc, char *ARGV[])
203{
215 ARGS arg; 204 ARGS arg;
216#define PROG_NAME_SIZE 39 205#define PROG_NAME_SIZE 39
217 char pname[PROG_NAME_SIZE+1]; 206 char pname[PROG_NAME_SIZE + 1];
218 FUNCTION f,*fp; 207 FUNCTION f, *fp;
219 const char *prompt; 208 const char *prompt;
220 char buf[1024]; 209 char buf[1024];
221 char *to_free=NULL; 210 char *to_free = NULL;
222 int n,i,ret=0; 211 int n, i, ret = 0;
223 int argc; 212 int argc;
224 char **argv,*p; 213 char **argv, *p;
225 LHASH_OF(FUNCTION) *prog=NULL; 214 LHASH_OF(FUNCTION) * prog = NULL;
226 long errline; 215 long errline;
227 216
228 arg.data=NULL; 217 arg.data = NULL;
229 arg.count=0; 218 arg.count = 0;
230 219
231 if (bio_err == NULL) 220 if (bio_err == NULL)
232 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 221 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
233 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 222 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
234 223
235 if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */ 224 if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
236 { 225 * compiled-in library
237 if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) 226 * defaults */
238 { 227 if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
239 CRYPTO_malloc_debug_init(); 228 CRYPTO_malloc_debug_init();
240 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 229 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
241 } 230 } else {
242 else
243 {
244 /* OPENSSL_DEBUG_MEMORY=off */ 231 /* OPENSSL_DEBUG_MEMORY=off */
245 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); 232 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
246 }
247 } 233 }
234 }
248 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 235 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
249 236
250#if 0 237#if 0
251 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) 238 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
252#endif 239#endif
253 { 240 {
254 CRYPTO_set_locking_callback(lock_dbg_cb); 241 CRYPTO_set_locking_callback(lock_dbg_cb);
255 } 242 }
256 243 if (getenv("OPENSSL_FIPS")) {
257 if(getenv("OPENSSL_FIPS")) {
258#ifdef OPENSSL_FIPS 244#ifdef OPENSSL_FIPS
259 if (!FIPS_mode_set(1)) { 245 if (!FIPS_mode_set(1)) {
260 ERR_load_crypto_strings(); 246 ERR_load_crypto_strings();
261 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); 247 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
262 exit(1); 248 exit(1);
263 } 249 }
264#else 250#else
265 fprintf(stderr, "FIPS mode not supported.\n"); 251 fprintf(stderr, "FIPS mode not supported.\n");
266 exit(1); 252 exit(1);
267#endif 253#endif
268 } 254 }
269
270 apps_startup(); 255 apps_startup();
271 256
272 /* Lets load up our environment a little */ 257 /* Lets load up our environment a little */
273 p=getenv("OPENSSL_CONF"); 258 p = getenv("OPENSSL_CONF");
274 if (p == NULL) 259 if (p == NULL)
275 p=getenv("SSLEAY_CONF"); 260 p = getenv("SSLEAY_CONF");
276 if (p == NULL) 261 if (p == NULL)
277 p=to_free=make_config_name(); 262 p = to_free = make_config_name();
278 263
279 default_config_file=p; 264 default_config_file = p;
280 265
281 config=NCONF_new(NULL); 266 config = NCONF_new(NULL);
282 i=NCONF_load(config,p,&errline); 267 i = NCONF_load(config, p, &errline);
283 if (i == 0) 268 if (i == 0) {
284 {
285 if (ERR_GET_REASON(ERR_peek_last_error()) 269 if (ERR_GET_REASON(ERR_peek_last_error())
286 == CONF_R_NO_SUCH_FILE) 270 == CONF_R_NO_SUCH_FILE) {
287 {
288 BIO_printf(bio_err, 271 BIO_printf(bio_err,
289 "WARNING: can't open config file: %s\n",p); 272 "WARNING: can't open config file: %s\n", p);
290 ERR_clear_error(); 273 ERR_clear_error();
291 NCONF_free(config); 274 NCONF_free(config);
292 config = NULL; 275 config = NULL;
293 } 276 } else {
294 else
295 {
296 ERR_print_errors(bio_err); 277 ERR_print_errors(bio_err);
297 NCONF_free(config); 278 NCONF_free(config);
298 exit(1); 279 exit(1);
299 }
300 } 280 }
301 281 }
302 prog=prog_init(); 282 prog = prog_init();
303 283
304 /* first check the program name */ 284 /* first check the program name */
305 program_name(Argv[0],pname,sizeof pname); 285 program_name(Argv[0], pname, sizeof pname);
306
307 f.name=pname;
308 fp=lh_FUNCTION_retrieve(prog,&f);
309 if (fp != NULL)
310 {
311 Argv[0]=pname;
312 ret=fp->func(Argc,Argv);
313 goto end;
314 }
315 286
316 /* ok, now check that there are not arguments, if there are, 287 f.name = pname;
317 * run with them, shifting the ssleay off the front */ 288 fp = lh_FUNCTION_retrieve(prog, &f);
318 if (Argc != 1) 289 if (fp != NULL) {
319 { 290 Argv[0] = pname;
291 ret = fp->func(Argc, Argv);
292 goto end;
293 }
294 /*
295 * ok, now check that there are not arguments, if there are, run with
296 * them, shifting the ssleay off the front
297 */
298 if (Argc != 1) {
320 Argc--; 299 Argc--;
321 Argv++; 300 Argv++;
322 ret=do_cmd(prog,Argc,Argv); 301 ret = do_cmd(prog, Argc, Argv);
323 if (ret < 0) ret=0; 302 if (ret < 0)
303 ret = 0;
324 goto end; 304 goto end;
325 } 305 }
326
327 /* ok, lets enter the old 'OpenSSL>' mode */ 306 /* ok, lets enter the old 'OpenSSL>' mode */
328 307
329 for (;;) 308 for (;;) {
330 { 309 ret = 0;
331 ret=0; 310 p = buf;
332 p=buf; 311 n = sizeof buf;
333 n=sizeof buf; 312 i = 0;
334 i=0; 313 for (;;) {
335 for (;;) 314 p[0] = '\0';
336 {
337 p[0]='\0';
338 if (i++) 315 if (i++)
339 prompt=">"; 316 prompt = ">";
340 else prompt="OpenSSL> "; 317 else
341 fputs(prompt,stdout); 318 prompt = "OpenSSL> ";
319 fputs(prompt, stdout);
342 fflush(stdout); 320 fflush(stdout);
343 if (!fgets(p,n,stdin)) 321 if (!fgets(p, n, stdin))
344 goto end; 322 goto end;
345 if (p[0] == '\0') goto end; 323 if (p[0] == '\0')
346 i=strlen(p); 324 goto end;
347 if (i <= 1) break; 325 i = strlen(p);
348 if (p[i-2] != '\\') break; 326 if (i <= 1)
349 i-=2; 327 break;
350 p+=i; 328 if (p[i - 2] != '\\')
351 n-=i; 329 break;
352 } 330 i -= 2;
353 if (!chopup_args(&arg,buf,&argc,&argv)) break; 331 p += i;
332 n -= i;
333 }
334 if (!chopup_args(&arg, buf, &argc, &argv))
335 break;
354 336
355 ret=do_cmd(prog,argc,argv); 337 ret = do_cmd(prog, argc, argv);
356 if (ret < 0) 338 if (ret < 0) {
357 { 339 ret = 0;
358 ret=0;
359 goto end; 340 goto end;
360 }
361 if (ret != 0)
362 BIO_printf(bio_err,"error in %s\n",argv[0]);
363 (void)BIO_flush(bio_err);
364 } 341 }
365 BIO_printf(bio_err,"bad exit\n"); 342 if (ret != 0)
366 ret=1; 343 BIO_printf(bio_err, "error in %s\n", argv[0]);
344 (void) BIO_flush(bio_err);
345 }
346 BIO_printf(bio_err, "bad exit\n");
347 ret = 1;
367end: 348end:
368 if (to_free) 349 if (to_free)
369 free(to_free); 350 free(to_free);
370 if (config != NULL) 351 if (config != NULL) {
371 {
372 NCONF_free(config); 352 NCONF_free(config);
373 config=NULL; 353 config = NULL;
374 } 354 }
375 if (prog != NULL) lh_FUNCTION_free(prog); 355 if (prog != NULL)
376 if (arg.data != NULL) free(arg.data); 356 lh_FUNCTION_free(prog);
357 if (arg.data != NULL)
358 free(arg.data);
377 359
378 apps_shutdown(); 360 apps_shutdown();
379 361
380 CRYPTO_mem_leaks(bio_err); 362 CRYPTO_mem_leaks(bio_err);
381 if (bio_err != NULL) 363 if (bio_err != NULL) {
382 {
383 BIO_free(bio_err); 364 BIO_free(bio_err);
384 bio_err=NULL; 365 bio_err = NULL;
385 }
386 return(ret);
387 } 366 }
367 return (ret);
368}
388 369
389#define LIST_STANDARD_COMMANDS "list-standard-commands" 370#define LIST_STANDARD_COMMANDS "list-standard-commands"
390#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" 371#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
@@ -394,257 +375,241 @@ end:
394#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms" 375#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
395 376
396 377
397static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) 378static int
398 { 379do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
399 FUNCTION f,*fp; 380{
400 int i,ret=1,tp,nl; 381 FUNCTION f, *fp;
401 382 int i, ret = 1, tp, nl;
402 if ((argc <= 0) || (argv[0] == NULL)) 383
403 { ret=0; goto end; } 384 if ((argc <= 0) || (argv[0] == NULL)) {
404 f.name=argv[0]; 385 ret = 0;
405 fp=lh_FUNCTION_retrieve(prog,&f); 386 goto end;
406 if (fp == NULL) 387 }
407 { 388 f.name = argv[0];
408 if (EVP_get_digestbyname(argv[0])) 389 fp = lh_FUNCTION_retrieve(prog, &f);
409 { 390 if (fp == NULL) {
391 if (EVP_get_digestbyname(argv[0])) {
410 f.type = FUNC_TYPE_MD; 392 f.type = FUNC_TYPE_MD;
411 f.func = dgst_main; 393 f.func = dgst_main;
412 fp = &f; 394 fp = &f;
413 } 395 } else if (EVP_get_cipherbyname(argv[0])) {
414 else if (EVP_get_cipherbyname(argv[0]))
415 {
416 f.type = FUNC_TYPE_CIPHER; 396 f.type = FUNC_TYPE_CIPHER;
417 f.func = enc_main; 397 f.func = enc_main;
418 fp = &f; 398 fp = &f;
419 }
420 } 399 }
421 if (fp != NULL) 400 }
422 { 401 if (fp != NULL) {
423 ret=fp->func(argc,argv); 402 ret = fp->func(argc, argv);
424 } 403 } else if ((strncmp(argv[0], "no-", 3)) == 0) {
425 else if ((strncmp(argv[0],"no-",3)) == 0) 404 BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
426 { 405 f.name = argv[0] + 3;
427 BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); 406 ret = (lh_FUNCTION_retrieve(prog, &f) != NULL);
428 f.name=argv[0]+3;
429 ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
430 if (!ret) 407 if (!ret)
431 BIO_printf(bio_stdout, "%s\n", argv[0]); 408 BIO_printf(bio_stdout, "%s\n", argv[0]);
432 else 409 else
433 BIO_printf(bio_stdout, "%s\n", argv[0]+3); 410 BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
434 BIO_free_all(bio_stdout); 411 BIO_free_all(bio_stdout);
435 goto end; 412 goto end;
436 } 413 } else if ((strcmp(argv[0], "quit") == 0) ||
437 else if ((strcmp(argv[0],"quit") == 0) || 414 (strcmp(argv[0], "q") == 0) ||
438 (strcmp(argv[0],"q") == 0) || 415 (strcmp(argv[0], "exit") == 0) ||
439 (strcmp(argv[0],"exit") == 0) || 416 (strcmp(argv[0], "bye") == 0)) {
440 (strcmp(argv[0],"bye") == 0)) 417 ret = -1;
441 {
442 ret= -1;
443 goto end; 418 goto end;
444 } 419 } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
445 else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || 420 (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
446 (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || 421 (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
447 (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || 422 (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0) ||
448 (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) || 423 (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0) ||
449 (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) || 424 (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) {
450 (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
451 {
452 int list_type; 425 int list_type;
453 BIO *bio_stdout; 426 BIO *bio_stdout;
454 427
455 if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) 428 if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0)
456 list_type = FUNC_TYPE_GENERAL; 429 list_type = FUNC_TYPE_GENERAL;
457 else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) 430 else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0)
458 list_type = FUNC_TYPE_MD; 431 list_type = FUNC_TYPE_MD;
459 else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) 432 else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
460 list_type = FUNC_TYPE_MD_ALG; 433 list_type = FUNC_TYPE_MD_ALG;
461 else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0) 434 else if (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)
462 list_type = FUNC_TYPE_PKEY; 435 list_type = FUNC_TYPE_PKEY;
463 else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) 436 else if (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0)
464 list_type = FUNC_TYPE_CIPHER_ALG; 437 list_type = FUNC_TYPE_CIPHER_ALG;
465 else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ 438 else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
466 list_type = FUNC_TYPE_CIPHER; 439 list_type = FUNC_TYPE_CIPHER;
467 bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); 440 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
468 441
469 if (!load_config(bio_err, NULL)) 442 if (!load_config(bio_err, NULL))
470 goto end; 443 goto end;
471 444
472 if (list_type == FUNC_TYPE_PKEY) 445 if (list_type == FUNC_TYPE_PKEY)
473 list_pkey(bio_stdout); 446 list_pkey(bio_stdout);
474 if (list_type == FUNC_TYPE_MD_ALG) 447 if (list_type == FUNC_TYPE_MD_ALG)
475 list_md(bio_stdout); 448 list_md(bio_stdout);
476 if (list_type == FUNC_TYPE_CIPHER_ALG) 449 if (list_type == FUNC_TYPE_CIPHER_ALG)
477 list_cipher(bio_stdout); 450 list_cipher(bio_stdout);
478 else 451 else {
479 { 452 for (fp = functions; fp->name != NULL; fp++)
480 for (fp=functions; fp->name != NULL; fp++)
481 if (fp->type == list_type) 453 if (fp->type == list_type)
482 BIO_printf(bio_stdout, "%s\n", 454 BIO_printf(bio_stdout, "%s\n",
483 fp->name); 455 fp->name);
484 } 456 }
485 BIO_free_all(bio_stdout); 457 BIO_free_all(bio_stdout);
486 ret=0; 458 ret = 0;
487 goto end; 459 goto end;
488 } 460 } else {
489 else 461 BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n",
490 { 462 argv[0]);
491 BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
492 argv[0]);
493 BIO_printf(bio_err, "\nStandard commands"); 463 BIO_printf(bio_err, "\nStandard commands");
494 i=0; 464 i = 0;
495 tp=0; 465 tp = 0;
496 for (fp=functions; fp->name != NULL; fp++) 466 for (fp = functions; fp->name != NULL; fp++) {
497 { 467 nl = 0;
498 nl=0;
499#ifdef OPENSSL_NO_CAMELLIA 468#ifdef OPENSSL_NO_CAMELLIA
500 if (((i++) % 5) == 0) 469 if (((i++) % 5) == 0)
501#else 470#else
502 if (((i++) % 4) == 0) 471 if (((i++) % 4) == 0)
503#endif 472#endif
504 { 473 {
505 BIO_printf(bio_err,"\n"); 474 BIO_printf(bio_err, "\n");
506 nl=1; 475 nl = 1;
507 } 476 }
508 if (fp->type != tp) 477 if (fp->type != tp) {
509 { 478 tp = fp->type;
510 tp=fp->type; 479 if (!nl)
511 if (!nl) BIO_printf(bio_err,"\n"); 480 BIO_printf(bio_err, "\n");
512 if (tp == FUNC_TYPE_MD) 481 if (tp == FUNC_TYPE_MD) {
513 { 482 i = 1;
514 i=1;
515 BIO_printf(bio_err, 483 BIO_printf(bio_err,
516 "\nMessage Digest commands (see the `dgst' command for more details)\n"); 484 "\nMessage Digest commands (see the `dgst' command for more details)\n");
517 } 485 } else if (tp == FUNC_TYPE_CIPHER) {
518 else if (tp == FUNC_TYPE_CIPHER) 486 i = 1;
519 { 487 BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
520 i=1;
521 BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
522 }
523 } 488 }
489 }
524#ifdef OPENSSL_NO_CAMELLIA 490#ifdef OPENSSL_NO_CAMELLIA
525 BIO_printf(bio_err,"%-15s",fp->name); 491 BIO_printf(bio_err, "%-15s", fp->name);
526#else 492#else
527 BIO_printf(bio_err,"%-18s",fp->name); 493 BIO_printf(bio_err, "%-18s", fp->name);
528#endif 494#endif
529 }
530 BIO_printf(bio_err,"\n\n");
531 ret=0;
532 } 495 }
533end: 496 BIO_printf(bio_err, "\n\n");
534 return(ret); 497 ret = 0;
535 } 498 }
536 499end:
537static int SortFnByName(const void *_f1,const void *_f2) 500 return (ret);
538 { 501}
539 const FUNCTION *f1=_f1; 502
540 const FUNCTION *f2=_f2; 503static int
541 504SortFnByName(const void *_f1, const void *_f2)
542 if(f1->type != f2->type) 505{
543 return f1->type-f2->type; 506 const FUNCTION *f1 = _f1;
544 return strcmp(f1->name,f2->name); 507 const FUNCTION *f2 = _f2;
545 } 508
546 509 if (f1->type != f2->type)
547static void list_pkey(BIO *out) 510 return f1->type - f2->type;
548 { 511 return strcmp(f1->name, f2->name);
512}
513
514static void
515list_pkey(BIO * out)
516{
549 int i; 517 int i;
550 for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) 518 for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
551 {
552 const EVP_PKEY_ASN1_METHOD *ameth; 519 const EVP_PKEY_ASN1_METHOD *ameth;
553 int pkey_id, pkey_base_id, pkey_flags; 520 int pkey_id, pkey_base_id, pkey_flags;
554 const char *pinfo, *pem_str; 521 const char *pinfo, *pem_str;
555 ameth = EVP_PKEY_asn1_get0(i); 522 ameth = EVP_PKEY_asn1_get0(i);
556 EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, 523 EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
557 &pinfo, &pem_str, ameth); 524 &pinfo, &pem_str, ameth);
558 if (pkey_flags & ASN1_PKEY_ALIAS) 525 if (pkey_flags & ASN1_PKEY_ALIAS) {
559 { 526 BIO_printf(out, "Name: %s\n",
560 BIO_printf(out, "Name: %s\n", 527 OBJ_nid2ln(pkey_id));
561 OBJ_nid2ln(pkey_id));
562 BIO_printf(out, "\tType: Alias to %s\n", 528 BIO_printf(out, "\tType: Alias to %s\n",
563 OBJ_nid2ln(pkey_base_id)); 529 OBJ_nid2ln(pkey_base_id));
564 } 530 } else {
565 else
566 {
567 BIO_printf(out, "Name: %s\n", pinfo); 531 BIO_printf(out, "Name: %s\n", pinfo);
568 BIO_printf(out, "\tType: %s Algorithm\n", 532 BIO_printf(out, "\tType: %s Algorithm\n",
569 pkey_flags & ASN1_PKEY_DYNAMIC ? 533 pkey_flags & ASN1_PKEY_DYNAMIC ?
570 "External" : "Builtin"); 534 "External" : "Builtin");
571 BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); 535 BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
572 if (pem_str == NULL) 536 if (pem_str == NULL)
573 pem_str = "(none)"; 537 pem_str = "(none)";
574 BIO_printf(out, "\tPEM string: %s\n", pem_str); 538 BIO_printf(out, "\tPEM string: %s\n", pem_str);
575 }
576
577 } 539 }
540
578 } 541 }
542}
579 543
580static void list_cipher_fn(const EVP_CIPHER *c, 544static void
581 const char *from, const char *to, void *arg) 545list_cipher_fn(const EVP_CIPHER * c,
582 { 546 const char *from, const char *to, void *arg)
547{
583 if (c) 548 if (c)
584 BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); 549 BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
585 else 550 else {
586 {
587 if (!from) 551 if (!from)
588 from = "<undefined>"; 552 from = "<undefined>";
589 if (!to) 553 if (!to)
590 to = "<undefined>"; 554 to = "<undefined>";
591 BIO_printf(arg, "%s => %s\n", from, to); 555 BIO_printf(arg, "%s => %s\n", from, to);
592 }
593 } 556 }
557}
594 558
595static void list_cipher(BIO *out) 559static void
596 { 560list_cipher(BIO * out)
561{
597 EVP_CIPHER_do_all_sorted(list_cipher_fn, out); 562 EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
598 } 563}
599 564
600static void list_md_fn(const EVP_MD *m, 565static void
601 const char *from, const char *to, void *arg) 566list_md_fn(const EVP_MD * m,
602 { 567 const char *from, const char *to, void *arg)
568{
603 if (m) 569 if (m)
604 BIO_printf(arg, "%s\n", EVP_MD_name(m)); 570 BIO_printf(arg, "%s\n", EVP_MD_name(m));
605 else 571 else {
606 {
607 if (!from) 572 if (!from)
608 from = "<undefined>"; 573 from = "<undefined>";
609 if (!to) 574 if (!to)
610 to = "<undefined>"; 575 to = "<undefined>";
611 BIO_printf(arg, "%s => %s\n", from, to); 576 BIO_printf(arg, "%s => %s\n", from, to);
612 }
613 } 577 }
578}
614 579
615static void list_md(BIO *out) 580static void
616 { 581list_md(BIO * out)
582{
617 EVP_MD_do_all_sorted(list_md_fn, out); 583 EVP_MD_do_all_sorted(list_md_fn, out);
618 } 584}
619 585
620static int function_cmp(const FUNCTION *a, const FUNCTION *b) 586static int
621 { 587function_cmp(const FUNCTION * a, const FUNCTION * b)
622 return strncmp(a->name,b->name,8); 588{
623 } 589 return strncmp(a->name, b->name, 8);
624static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) 590}
625 591static
626static unsigned long function_hash(const FUNCTION *a) 592IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
627 { 593 static unsigned long function_hash(const FUNCTION * a)
594{
628 return lh_strhash(a->name); 595 return lh_strhash(a->name);
629 } 596}
630static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION) 597static
631 598IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
632static LHASH_OF(FUNCTION) *prog_init(void) 599 static LHASH_OF(FUNCTION) * prog_init(void)
633 { 600{
634 LHASH_OF(FUNCTION) *ret; 601 LHASH_OF(FUNCTION) * ret;
635 FUNCTION *f; 602 FUNCTION *f;
636 size_t i; 603 size_t i;
637 604
638 /* Purely so it looks nice when the user hits ? */ 605 /* Purely so it looks nice when the user hits ? */
639 for(i=0,f=functions ; f->name != NULL ; ++f,++i) 606 for (i = 0, f = functions; f->name != NULL; ++f, ++i);
640 ; 607 qsort(functions, i, sizeof *functions, SortFnByName);
641 qsort(functions,i,sizeof *functions,SortFnByName);
642
643 if ((ret=lh_FUNCTION_new()) == NULL)
644 return(NULL);
645 608
646 for (f=functions; f->name != NULL; f++) 609 if ((ret = lh_FUNCTION_new()) == NULL)
647 (void)lh_FUNCTION_insert(ret,f); 610 return (NULL);
648 return(ret);
649 }
650 611
612 for (f = functions; f->name != NULL; f++)
613 (void) lh_FUNCTION_insert(ret, f);
614 return (ret);
615}
diff --git a/src/lib/libssl/src/apps/passwd.c b/src/lib/libssl/src/apps/passwd.c
index 7f99e3fd23..92f6b776b6 100644
--- a/src/lib/libssl/src/apps/passwd.c
+++ b/src/lib/libssl/src/apps/passwd.c
@@ -1,7 +1,7 @@
1/* apps/passwd.c */ 1/* apps/passwd.c */
2 2
3#if defined OPENSSL_NO_MD5 3#if defined OPENSSL_NO_MD5
4# define NO_MD5CRYPT_1 4#define NO_MD5CRYPT_1
5#endif 5#endif
6 6
7#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) 7#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
@@ -16,10 +16,10 @@
16#include <openssl/evp.h> 16#include <openssl/evp.h>
17#include <openssl/rand.h> 17#include <openssl/rand.h>
18#ifndef OPENSSL_NO_DES 18#ifndef OPENSSL_NO_DES
19# include <openssl/des.h> 19#include <openssl/des.h>
20#endif 20#endif
21#ifndef NO_MD5CRYPT_1 21#ifndef NO_MD5CRYPT_1
22# include <openssl/md5.h> 22#include <openssl/md5.h>
23#endif 23#endif
24 24
25 25
@@ -27,21 +27,22 @@
27#define PROG passwd_main 27#define PROG passwd_main
28 28
29 29
30static unsigned const char cov_2char[64]={ 30static unsigned const char cov_2char[64] = {
31 /* from crypto/des/fcrypt.c */ 31 /* from crypto/des/fcrypt.c */
32 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, 32 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
33 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, 33 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
34 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, 34 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
35 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, 35 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
36 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, 36 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
37 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, 37 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
38 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, 38 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
39 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A 39 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
40}; 40};
41 41
42static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 42static int
43 char *passwd, BIO *out, int quiet, int table, int reverse, 43do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
44 size_t pw_maxlen, int usecrypt, int use1, int useapr1); 44 char *passwd, BIO * out, int quiet, int table, int reverse,
45 size_t pw_maxlen, int usecrypt, int use1, int useapr1);
45 46
46/* -crypt - standard Unix password algorithm (default) 47/* -crypt - standard Unix password algorithm (default)
47 * -1 - MD5-based password algorithm 48 * -1 - MD5-based password algorithm
@@ -57,8 +58,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
57 58
58int MAIN(int, char **); 59int MAIN(int, char **);
59 60
60int MAIN(int argc, char **argv) 61int
61 { 62MAIN(int argc, char **argv)
63{
62 int ret = 1; 64 int ret = 1;
63 char *infile = NULL; 65 char *infile = NULL;
64 int in_stdin = 0; 66 int in_stdin = 0;
@@ -76,8 +78,8 @@ int MAIN(int argc, char **argv)
76 apps_startup(); 78 apps_startup();
77 79
78 if (bio_err == NULL) 80 if (bio_err == NULL)
79 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 81 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
80 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 82 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
81 83
82 if (!load_config(bio_err, NULL)) 84 if (!load_config(bio_err, NULL))
83 goto err; 85 goto err;
@@ -88,45 +90,32 @@ int MAIN(int argc, char **argv)
88 90
89 badopt = 0, opt_done = 0; 91 badopt = 0, opt_done = 0;
90 i = 0; 92 i = 0;
91 while (!badopt && !opt_done && argv[++i] != NULL) 93 while (!badopt && !opt_done && argv[++i] != NULL) {
92 {
93 if (strcmp(argv[i], "-crypt") == 0) 94 if (strcmp(argv[i], "-crypt") == 0)
94 usecrypt = 1; 95 usecrypt = 1;
95 else if (strcmp(argv[i], "-1") == 0) 96 else if (strcmp(argv[i], "-1") == 0)
96 use1 = 1; 97 use1 = 1;
97 else if (strcmp(argv[i], "-apr1") == 0) 98 else if (strcmp(argv[i], "-apr1") == 0)
98 useapr1 = 1; 99 useapr1 = 1;
99 else if (strcmp(argv[i], "-salt") == 0) 100 else if (strcmp(argv[i], "-salt") == 0) {
100 { 101 if ((argv[i + 1] != NULL) && (salt == NULL)) {
101 if ((argv[i+1] != NULL) && (salt == NULL))
102 {
103 passed_salt = 1; 102 passed_salt = 1;
104 salt = argv[++i]; 103 salt = argv[++i];
105 } 104 } else
106 else
107 badopt = 1; 105 badopt = 1;
108 } 106 } else if (strcmp(argv[i], "-in") == 0) {
109 else if (strcmp(argv[i], "-in") == 0) 107 if ((argv[i + 1] != NULL) && !pw_source_defined) {
110 {
111 if ((argv[i+1] != NULL) && !pw_source_defined)
112 {
113 pw_source_defined = 1; 108 pw_source_defined = 1;
114 infile = argv[++i]; 109 infile = argv[++i];
115 } 110 } else
116 else
117 badopt = 1; 111 badopt = 1;
118 } 112 } else if (strcmp(argv[i], "-stdin") == 0) {
119 else if (strcmp(argv[i], "-stdin") == 0) 113 if (!pw_source_defined) {
120 {
121 if (!pw_source_defined)
122 {
123 pw_source_defined = 1; 114 pw_source_defined = 1;
124 in_stdin = 1; 115 in_stdin = 1;
125 } 116 } else
126 else
127 badopt = 1; 117 badopt = 1;
128 } 118 } else if (strcmp(argv[i], "-noverify") == 0)
129 else if (strcmp(argv[i], "-noverify") == 0)
130 in_noverify = 1; 119 in_noverify = 1;
131 else if (strcmp(argv[i], "-quiet") == 0) 120 else if (strcmp(argv[i], "-quiet") == 0)
132 quiet = 1; 121 quiet = 1;
@@ -138,30 +127,30 @@ int MAIN(int argc, char **argv)
138 badopt = 1; 127 badopt = 1;
139 else if (!pw_source_defined) 128 else if (!pw_source_defined)
140 /* non-option arguments, use as passwords */ 129 /* non-option arguments, use as passwords */
141 { 130 {
142 pw_source_defined = 1; 131 pw_source_defined = 1;
143 passwds = &argv[i]; 132 passwds = &argv[i];
144 opt_done = 1; 133 opt_done = 1;
145 } 134 } else
146 else
147 badopt = 1; 135 badopt = 1;
148 } 136 }
149 137
150 if (!usecrypt && !use1 && !useapr1) /* use default */ 138 if (!usecrypt && !use1 && !useapr1) /* use default */
151 usecrypt = 1; 139 usecrypt = 1;
152 if (usecrypt + use1 + useapr1 > 1) /* conflict */ 140 if (usecrypt + use1 + useapr1 > 1) /* conflict */
153 badopt = 1; 141 badopt = 1;
154 142
155 /* reject unsupported algorithms */ 143 /* reject unsupported algorithms */
156#ifdef OPENSSL_NO_DES 144#ifdef OPENSSL_NO_DES
157 if (usecrypt) badopt = 1; 145 if (usecrypt)
146 badopt = 1;
158#endif 147#endif
159#ifdef NO_MD5CRYPT_1 148#ifdef NO_MD5CRYPT_1
160 if (use1 || useapr1) badopt = 1; 149 if (use1 || useapr1)
150 badopt = 1;
161#endif 151#endif
162 152
163 if (badopt) 153 if (badopt) {
164 {
165 BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); 154 BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
166 BIO_printf(bio_err, "where options are\n"); 155 BIO_printf(bio_err, "where options are\n");
167#ifndef OPENSSL_NO_DES 156#ifndef OPENSSL_NO_DES
@@ -178,35 +167,29 @@ int MAIN(int argc, char **argv)
178 BIO_printf(bio_err, "-quiet no warnings\n"); 167 BIO_printf(bio_err, "-quiet no warnings\n");
179 BIO_printf(bio_err, "-table format output as table\n"); 168 BIO_printf(bio_err, "-table format output as table\n");
180 BIO_printf(bio_err, "-reverse switch table columns\n"); 169 BIO_printf(bio_err, "-reverse switch table columns\n");
181
182 goto err;
183 }
184 170
185 if ((infile != NULL) || in_stdin) 171 goto err;
186 { 172 }
173 if ((infile != NULL) || in_stdin) {
187 in = BIO_new(BIO_s_file()); 174 in = BIO_new(BIO_s_file());
188 if (in == NULL) 175 if (in == NULL)
189 goto err; 176 goto err;
190 if (infile != NULL) 177 if (infile != NULL) {
191 {
192 assert(in_stdin == 0); 178 assert(in_stdin == 0);
193 if (BIO_read_filename(in, infile) <= 0) 179 if (BIO_read_filename(in, infile) <= 0)
194 goto err; 180 goto err;
195 } 181 } else {
196 else
197 {
198 assert(in_stdin); 182 assert(in_stdin);
199 BIO_set_fp(in, stdin, BIO_NOCLOSE); 183 BIO_set_fp(in, stdin, BIO_NOCLOSE);
200 }
201 } 184 }
202 185 }
203 if (usecrypt) 186 if (usecrypt)
204 pw_maxlen = 8; 187 pw_maxlen = 8;
205 else if (use1 || useapr1) 188 else if (use1 || useapr1)
206 pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ 189 pw_maxlen = 256;/* arbitrary limit, should be enough for most
190 * passwords */
207 191
208 if (passwds == NULL) 192 if (passwds == NULL) {
209 {
210 /* no passwords on the command line */ 193 /* no passwords on the command line */
211 194
212 passwd_malloc_size = pw_maxlen + 2; 195 passwd_malloc_size = pw_maxlen + 2;
@@ -214,65 +197,56 @@ int MAIN(int argc, char **argv)
214 passwd = passwd_malloc = malloc(passwd_malloc_size); 197 passwd = passwd_malloc = malloc(passwd_malloc_size);
215 if (passwd_malloc == NULL) 198 if (passwd_malloc == NULL)
216 goto err; 199 goto err;
217 } 200 }
218 201 if ((in == NULL) && (passwds == NULL)) {
219 if ((in == NULL) && (passwds == NULL))
220 {
221 /* build a null-terminated list */ 202 /* build a null-terminated list */
222 static char *passwds_static[2] = {NULL, NULL}; 203 static char *passwds_static[2] = {NULL, NULL};
223 204
224 passwds = passwds_static; 205 passwds = passwds_static;
225 if (in == NULL) 206 if (in == NULL)
226 if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) 207 if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
227 goto err; 208 goto err;
228 passwds[0] = passwd_malloc; 209 passwds[0] = passwd_malloc;
229 } 210 }
230 211 if (in == NULL) {
231 if (in == NULL)
232 {
233 assert(passwds != NULL); 212 assert(passwds != NULL);
234 assert(*passwds != NULL); 213 assert(*passwds != NULL);
235 214
236 do /* loop over list of passwords */ 215 do { /* loop over list of passwords */
237 {
238 passwd = *passwds++; 216 passwd = *passwds++;
239 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, 217 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
240 quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) 218 quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
241 goto err; 219 goto err;
242 }
243 while (*passwds != NULL);
244 } 220 }
245 else 221 while (*passwds != NULL);
222 } else
246 /* in != NULL */ 223 /* in != NULL */
247 { 224 {
248 int done; 225 int done;
249 226
250 assert (passwd != NULL); 227 assert(passwd != NULL);
251 do 228 do {
252 {
253 int r = BIO_gets(in, passwd, pw_maxlen + 1); 229 int r = BIO_gets(in, passwd, pw_maxlen + 1);
254 if (r > 0) 230 if (r > 0) {
255 { 231 char *c = (strchr(passwd, '\n'));
256 char *c = (strchr(passwd, '\n')) ;
257 if (c != NULL) 232 if (c != NULL)
258 *c = 0; /* truncate at newline */ 233 *c = 0; /* truncate at newline */
259 else 234 else {
260 {
261 /* ignore rest of line */ 235 /* ignore rest of line */
262 char trash[BUFSIZ]; 236 char trash[BUFSIZ];
263 do 237 do
264 r = BIO_gets(in, trash, sizeof trash); 238 r = BIO_gets(in, trash, sizeof trash);
265 while ((r > 0) && (!strchr(trash, '\n'))); 239 while ((r > 0) && (!strchr(trash, '\n')));
266 } 240 }
267 241
268 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, 242 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
269 quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) 243 quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
270 goto err; 244 goto err;
271 }
272 done = (r <= 0);
273 } 245 }
274 while (!done); 246 done = (r <= 0);
275 } 247 }
248 while (!done);
249 }
276 ret = 0; 250 ret = 0;
277 251
278err: 252err:
@@ -286,8 +260,8 @@ err:
286 if (out) 260 if (out)
287 BIO_free_all(out); 261 BIO_free_all(out);
288 apps_shutdown(); 262 apps_shutdown();
289 return(ret); 263 return (ret);
290 } 264}
291 265
292 266
293#ifndef NO_MD5CRYPT_1 267#ifndef NO_MD5CRYPT_1
@@ -301,38 +275,40 @@ err:
301 * 'magic' string was changed -- the laziest application of the NIH principle 275 * 'magic' string was changed -- the laziest application of the NIH principle
302 * I've ever encountered.) 276 * I've ever encountered.)
303 */ 277 */
304static char *md5crypt(const char *passwd, const char *magic, const char *salt) 278static char *
305 { 279md5crypt(const char *passwd, const char *magic, const char *salt)
306 static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ 280{
281 static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5h
282 * ash..........\0" */
307 unsigned char buf[MD5_DIGEST_LENGTH]; 283 unsigned char buf[MD5_DIGEST_LENGTH];
308 char *salt_out; 284 char *salt_out;
309 int n; 285 int n;
310 unsigned int i; 286 unsigned int i;
311 EVP_MD_CTX md,md2; 287 EVP_MD_CTX md, md2;
312 size_t passwd_len, salt_len; 288 size_t passwd_len, salt_len;
313 289
314 passwd_len = strlen(passwd); 290 passwd_len = strlen(passwd);
315 out_buf[0] = '$'; 291 out_buf[0] = '$';
316 out_buf[1] = 0; 292 out_buf[1] = 0;
317 assert(strlen(magic) <= 4); /* "1" or "apr1" */ 293 assert(strlen(magic) <= 4); /* "1" or "apr1" */
318 strlcat(out_buf, magic, sizeof(out_buf)); 294 strlcat(out_buf, magic, sizeof(out_buf));
319 strlcat(out_buf, "$", sizeof(out_buf)); 295 strlcat(out_buf, "$", sizeof(out_buf));
320 strlcat(out_buf, salt, sizeof(out_buf)); 296 strlcat(out_buf, salt, sizeof(out_buf));
321 assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ 297 assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
322 salt_out = out_buf + 2 + strlen(magic); 298 salt_out = out_buf + 2 + strlen(magic);
323 salt_len = strlen(salt_out); 299 salt_len = strlen(salt_out);
324 assert(salt_len <= 8); 300 assert(salt_len <= 8);
325 301
326 EVP_MD_CTX_init(&md); 302 EVP_MD_CTX_init(&md);
327 EVP_DigestInit_ex(&md,EVP_md5(), NULL); 303 EVP_DigestInit_ex(&md, EVP_md5(), NULL);
328 EVP_DigestUpdate(&md, passwd, passwd_len); 304 EVP_DigestUpdate(&md, passwd, passwd_len);
329 EVP_DigestUpdate(&md, "$", 1); 305 EVP_DigestUpdate(&md, "$", 1);
330 EVP_DigestUpdate(&md, magic, strlen(magic)); 306 EVP_DigestUpdate(&md, magic, strlen(magic));
331 EVP_DigestUpdate(&md, "$", 1); 307 EVP_DigestUpdate(&md, "$", 1);
332 EVP_DigestUpdate(&md, salt_out, salt_len); 308 EVP_DigestUpdate(&md, salt_out, salt_len);
333 309
334 EVP_MD_CTX_init(&md2); 310 EVP_MD_CTX_init(&md2);
335 EVP_DigestInit_ex(&md2,EVP_md5(), NULL); 311 EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
336 EVP_DigestUpdate(&md2, passwd, passwd_len); 312 EVP_DigestUpdate(&md2, passwd, passwd_len);
337 EVP_DigestUpdate(&md2, salt_out, salt_len); 313 EVP_DigestUpdate(&md2, salt_out, salt_len);
338 EVP_DigestUpdate(&md2, passwd, passwd_len); 314 EVP_DigestUpdate(&md2, passwd, passwd_len);
@@ -341,33 +317,31 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
341 for (i = passwd_len; i > sizeof buf; i -= sizeof buf) 317 for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
342 EVP_DigestUpdate(&md, buf, sizeof buf); 318 EVP_DigestUpdate(&md, buf, sizeof buf);
343 EVP_DigestUpdate(&md, buf, i); 319 EVP_DigestUpdate(&md, buf, i);
344 320
345 n = passwd_len; 321 n = passwd_len;
346 while (n) 322 while (n) {
347 {
348 EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); 323 EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
349 n >>= 1; 324 n >>= 1;
350 } 325 }
351 EVP_DigestFinal_ex(&md, buf, NULL); 326 EVP_DigestFinal_ex(&md, buf, NULL);
352 327
353 for (i = 0; i < 1000; i++) 328 for (i = 0; i < 1000; i++) {
354 { 329 EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
355 EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
356 EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, 330 EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
357 (i & 1) ? passwd_len : sizeof buf); 331 (i & 1) ? passwd_len : sizeof buf);
358 if (i % 3) 332 if (i % 3)
359 EVP_DigestUpdate(&md2, salt_out, salt_len); 333 EVP_DigestUpdate(&md2, salt_out, salt_len);
360 if (i % 7) 334 if (i % 7)
361 EVP_DigestUpdate(&md2, passwd, passwd_len); 335 EVP_DigestUpdate(&md2, passwd, passwd_len);
362 EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, 336 EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
363 (i & 1) ? sizeof buf : passwd_len); 337 (i & 1) ? sizeof buf : passwd_len);
364 EVP_DigestFinal_ex(&md2, buf, NULL); 338 EVP_DigestFinal_ex(&md2, buf, NULL);
365 } 339 }
366 EVP_MD_CTX_cleanup(&md2); 340 EVP_MD_CTX_cleanup(&md2);
367 341
368 { 342 {
369 /* transform buf into output string */ 343 /* transform buf into output string */
370 344
371 unsigned char buf_perm[sizeof buf]; 345 unsigned char buf_perm[sizeof buf];
372 int dest, source; 346 int dest, source;
373 char *output; 347 char *output;
@@ -377,99 +351,96 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
377 buf_perm[dest] = buf[source]; 351 buf_perm[dest] = buf[source];
378 buf_perm[14] = buf[5]; 352 buf_perm[14] = buf[5];
379 buf_perm[15] = buf[11]; 353 buf_perm[15] = buf[11];
380#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ 354#ifndef PEDANTIC /* Unfortunately, this generates a "no
355 * effect" warning */
381 assert(16 == sizeof buf_perm); 356 assert(16 == sizeof buf_perm);
382#endif 357#endif
383 358
384 output = salt_out + salt_len; 359 output = salt_out + salt_len;
385 assert(output == out_buf + strlen(out_buf)); 360 assert(output == out_buf + strlen(out_buf));
386 361
387 *output++ = '$'; 362 *output++ = '$';
388 363
389 for (i = 0; i < 15; i += 3) 364 for (i = 0; i < 15; i += 3) {
390 { 365 *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
391 *output++ = cov_2char[buf_perm[i+2] & 0x3f]; 366 *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
392 *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) | 367 (buf_perm[i + 2] >> 6)];
393 (buf_perm[i+2] >> 6)];
394 *output++ = cov_2char[((buf_perm[i] & 3) << 4) | 368 *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
395 (buf_perm[i+1] >> 4)]; 369 (buf_perm[i + 1] >> 4)];
396 *output++ = cov_2char[buf_perm[i] >> 2]; 370 *output++ = cov_2char[buf_perm[i] >> 2];
397 } 371 }
398 assert(i == 15); 372 assert(i == 15);
399 *output++ = cov_2char[buf_perm[i] & 0x3f]; 373 *output++ = cov_2char[buf_perm[i] & 0x3f];
400 *output++ = cov_2char[buf_perm[i] >> 6]; 374 *output++ = cov_2char[buf_perm[i] >> 6];
401 *output = 0; 375 *output = 0;
402 assert(strlen(out_buf) < sizeof(out_buf)); 376 assert(strlen(out_buf) < sizeof(out_buf));
403 } 377 }
404 EVP_MD_CTX_cleanup(&md); 378 EVP_MD_CTX_cleanup(&md);
405 379
406 return out_buf; 380 return out_buf;
407 } 381}
408#endif 382#endif
409 383
410 384
411static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 385static int
412 char *passwd, BIO *out, int quiet, int table, int reverse, 386do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
413 size_t pw_maxlen, int usecrypt, int use1, int useapr1) 387 char *passwd, BIO * out, int quiet, int table, int reverse,
414 { 388 size_t pw_maxlen, int usecrypt, int use1, int useapr1)
389{
415 char *hash = NULL; 390 char *hash = NULL;
416 391
417 assert(salt_p != NULL); 392 assert(salt_p != NULL);
418 assert(salt_malloc_p != NULL); 393 assert(salt_malloc_p != NULL);
419 394
420 /* first make sure we have a salt */ 395 /* first make sure we have a salt */
421 if (!passed_salt) 396 if (!passed_salt) {
422 {
423#ifndef OPENSSL_NO_DES 397#ifndef OPENSSL_NO_DES
424 if (usecrypt) 398 if (usecrypt) {
425 { 399 if (*salt_malloc_p == NULL) {
426 if (*salt_malloc_p == NULL)
427 {
428 *salt_p = *salt_malloc_p = malloc(3); 400 *salt_p = *salt_malloc_p = malloc(3);
429 if (*salt_malloc_p == NULL) 401 if (*salt_malloc_p == NULL)
430 goto err; 402 goto err;
431 } 403 }
432 if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) 404 if (RAND_pseudo_bytes((unsigned char *) *salt_p, 2) < 0)
433 goto err; 405 goto err;
434 (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ 406 (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
435 (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ 407 (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
436 (*salt_p)[2] = 0; 408 (*salt_p)[2] = 0;
437 } 409 }
438#endif /* !OPENSSL_NO_DES */ 410#endif /* !OPENSSL_NO_DES */
439 411
440#ifndef NO_MD5CRYPT_1 412#ifndef NO_MD5CRYPT_1
441 if (use1 || useapr1) 413 if (use1 || useapr1) {
442 {
443 int i; 414 int i;
444 415
445 if (*salt_malloc_p == NULL) 416 if (*salt_malloc_p == NULL) {
446 {
447 *salt_p = *salt_malloc_p = malloc(9); 417 *salt_p = *salt_malloc_p = malloc(9);
448 if (*salt_malloc_p == NULL) 418 if (*salt_malloc_p == NULL)
449 goto err; 419 goto err;
450 } 420 }
451 if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) 421 if (RAND_pseudo_bytes((unsigned char *) *salt_p, 8) < 0)
452 goto err; 422 goto err;
453 423
454 for (i = 0; i < 8; i++) 424 for (i = 0; i < 8; i++)
455 (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ 425 (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
456 (*salt_p)[8] = 0; 426 (*salt_p)[8] = 0;
457 }
458#endif /* !NO_MD5CRYPT_1 */
459 } 427 }
460 428#endif /* !NO_MD5CRYPT_1 */
429 }
461 assert(*salt_p != NULL); 430 assert(*salt_p != NULL);
462 431
463 /* truncate password if necessary */ 432 /* truncate password if necessary */
464 if ((strlen(passwd) > pw_maxlen)) 433 if ((strlen(passwd) > pw_maxlen)) {
465 {
466 if (!quiet) 434 if (!quiet)
467 /* XXX: really we should know how to print a size_t, not cast it */ 435 /*
468 BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); 436 * XXX: really we should know how to print a size_t,
437 * not cast it
438 */
439 BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned) pw_maxlen);
469 passwd[pw_maxlen] = 0; 440 passwd[pw_maxlen] = 0;
470 } 441 }
471 assert(strlen(passwd) <= pw_maxlen); 442 assert(strlen(passwd) <= pw_maxlen);
472 443
473 /* now compute password hash */ 444 /* now compute password hash */
474#ifndef OPENSSL_NO_DES 445#ifndef OPENSSL_NO_DES
475 if (usecrypt) 446 if (usecrypt)
@@ -488,15 +459,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
488 else 459 else
489 BIO_printf(out, "%s\n", hash); 460 BIO_printf(out, "%s\n", hash);
490 return 1; 461 return 1;
491 462
492err: 463err:
493 return 0; 464 return 0;
494 } 465}
495#else 466#else
496 467
497int MAIN(int argc, char **argv) 468int
498 { 469MAIN(int argc, char **argv)
470{
499 fputs("Program not available.\n", stderr) 471 fputs("Program not available.\n", stderr)
500 return(1); 472 return (1);
501 } 473}
502#endif 474#endif
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index ca6824efcc..783abe277e 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -79,739 +79,786 @@ const EVP_CIPHER *enc;
79#define CLCERTS 0x8 79#define CLCERTS 0x8
80#define CACERTS 0x10 80#define CACERTS 0x10
81 81
82int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); 82int get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain);
83int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); 83int dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass, int passlen, int options, char *pempass);
84int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, 84int
85 int passlen, int options, char *pempass); 85dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags, char *pass,
86int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); 86 int passlen, int options, char *pempass);
87int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); 87 int dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bags, char *pass, int passlen, int options, char *pempass);
88void hex_prin(BIO *out, unsigned char *buf, int len); 88 int print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name);
89int alg_print(BIO *x, X509_ALGOR *alg); 89 void hex_prin(BIO * out, unsigned char *buf, int len);
90int cert_load(BIO *in, STACK_OF(X509) *sk); 90 int alg_print(BIO * x, X509_ALGOR * alg);
91static int set_pbe(BIO *err, int *ppbe, const char *str); 91 int cert_load(BIO * in, STACK_OF(X509) * sk);
92 92 static int set_pbe(BIO * err, int *ppbe, const char *str);
93int MAIN(int, char **); 93
94 94 int MAIN(int, char **);
95int MAIN(int argc, char **argv) 95
96 int MAIN(int argc, char **argv)
96{ 97{
97 ENGINE *e = NULL; 98 ENGINE *e = NULL;
98 char *infile=NULL, *outfile=NULL, *keyname = NULL; 99 char *infile = NULL, *outfile = NULL, *keyname = NULL;
99 char *certfile=NULL; 100 char *certfile = NULL;
100 BIO *in=NULL, *out = NULL; 101 BIO *in = NULL, *out = NULL;
101 char **args; 102 char **args;
102 char *name = NULL; 103 char *name = NULL;
103 char *csp_name = NULL; 104 char *csp_name = NULL;
104 int add_lmk = 0; 105 int add_lmk = 0;
105 PKCS12 *p12 = NULL; 106 PKCS12 *p12 = NULL;
106 char pass[50], macpass[50]; 107 char pass[50], macpass[50];
107 int export_cert = 0; 108 int export_cert = 0;
108 int options = 0; 109 int options = 0;
109 int chain = 0; 110 int chain = 0;
110 int badarg = 0; 111 int badarg = 0;
111 int iter = PKCS12_DEFAULT_ITER; 112 int iter = PKCS12_DEFAULT_ITER;
112 int maciter = PKCS12_DEFAULT_ITER; 113 int maciter = PKCS12_DEFAULT_ITER;
113 int twopass = 0; 114 int twopass = 0;
114 int keytype = 0; 115 int keytype = 0;
115 int cert_pbe; 116 int cert_pbe;
116 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 117 int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
117 int ret = 1; 118 int ret = 1;
118 int macver = 1; 119 int macver = 1;
119 int noprompt = 0; 120 int noprompt = 0;
120 STACK_OF(OPENSSL_STRING) *canames = NULL; 121 STACK_OF(OPENSSL_STRING) * canames = NULL;
121 char *cpass = NULL, *mpass = NULL; 122 char *cpass = NULL, *mpass = NULL;
122 char *passargin = NULL, *passargout = NULL, *passarg = NULL; 123 char *passargin = NULL, *passargout = NULL, *passarg = NULL;
123 char *passin = NULL, *passout = NULL; 124 char *passin = NULL, *passout = NULL;
124 char *inrand = NULL; 125 char *inrand = NULL;
125 char *macalg = NULL; 126 char *macalg = NULL;
126 char *CApath = NULL, *CAfile = NULL; 127 char *CApath = NULL, *CAfile = NULL;
127#ifndef OPENSSL_NO_ENGINE 128#ifndef OPENSSL_NO_ENGINE
128 char *engine=NULL; 129 char *engine = NULL;
129#endif 130#endif
130 131
131 apps_startup(); 132 apps_startup();
132 133
133 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 134 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
134 135
135 enc = EVP_des_ede3_cbc(); 136 enc = EVP_des_ede3_cbc();
136 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); 137 if (bio_err == NULL)
138 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
137 139
138 if (!load_config(bio_err, NULL)) 140 if (!load_config(bio_err, NULL))
139 goto end; 141 goto end;
140 142
141 args = argv + 1; 143 args = argv + 1;
142 144
143 145
144 while (*args) { 146 while (*args) {
145 if (*args[0] == '-') { 147 if (*args[0] == '-') {
146 if (!strcmp (*args, "-nokeys")) options |= NOKEYS; 148 if (!strcmp(*args, "-nokeys"))
147 else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; 149 options |= NOKEYS;
148 else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; 150 else if (!strcmp(*args, "-keyex"))
149 else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; 151 keytype = KEY_EX;
150 else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; 152 else if (!strcmp(*args, "-keysig"))
151 else if (!strcmp (*args, "-cacerts")) options |= CACERTS; 153 keytype = KEY_SIG;
152 else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); 154 else if (!strcmp(*args, "-nocerts"))
153 else if (!strcmp (*args, "-info")) options |= INFO; 155 options |= NOCERTS;
154 else if (!strcmp (*args, "-chain")) chain = 1; 156 else if (!strcmp(*args, "-clcerts"))
155 else if (!strcmp (*args, "-twopass")) twopass = 1; 157 options |= CLCERTS;
156 else if (!strcmp (*args, "-nomacver")) macver = 0; 158 else if (!strcmp(*args, "-cacerts"))
157 else if (!strcmp (*args, "-descert")) 159 options |= CACERTS;
158 cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 160 else if (!strcmp(*args, "-noout"))
159 else if (!strcmp (*args, "-export")) export_cert = 1; 161 options |= (NOKEYS | NOCERTS);
160 else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); 162 else if (!strcmp(*args, "-info"))
161 else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); 163 options |= INFO;
164 else if (!strcmp(*args, "-chain"))
165 chain = 1;
166 else if (!strcmp(*args, "-twopass"))
167 twopass = 1;
168 else if (!strcmp(*args, "-nomacver"))
169 macver = 0;
170 else if (!strcmp(*args, "-descert"))
171 cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
172 else if (!strcmp(*args, "-export"))
173 export_cert = 1;
174 else if (!strcmp(*args, "-des"))
175 enc = EVP_des_cbc();
176 else if (!strcmp(*args, "-des3"))
177 enc = EVP_des_ede3_cbc();
162#ifndef OPENSSL_NO_IDEA 178#ifndef OPENSSL_NO_IDEA
163 else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); 179 else if (!strcmp(*args, "-idea"))
180 enc = EVP_idea_cbc();
164#endif 181#endif
165#ifndef OPENSSL_NO_SEED 182#ifndef OPENSSL_NO_SEED
166 else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); 183 else if (!strcmp(*args, "-seed"))
184 enc = EVP_seed_cbc();
167#endif 185#endif
168#ifndef OPENSSL_NO_AES 186#ifndef OPENSSL_NO_AES
169 else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); 187 else if (!strcmp(*args, "-aes128"))
170 else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); 188 enc = EVP_aes_128_cbc();
171 else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); 189 else if (!strcmp(*args, "-aes192"))
190 enc = EVP_aes_192_cbc();
191 else if (!strcmp(*args, "-aes256"))
192 enc = EVP_aes_256_cbc();
172#endif 193#endif
173#ifndef OPENSSL_NO_CAMELLIA 194#ifndef OPENSSL_NO_CAMELLIA
174 else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); 195 else if (!strcmp(*args, "-camellia128"))
175 else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); 196 enc = EVP_camellia_128_cbc();
176 else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); 197 else if (!strcmp(*args, "-camellia192"))
177#endif 198 enc = EVP_camellia_192_cbc();
178 else if (!strcmp (*args, "-noiter")) iter = 1; 199 else if (!strcmp(*args, "-camellia256"))
179 else if (!strcmp (*args, "-maciter")) 200 enc = EVP_camellia_256_cbc();
180 maciter = PKCS12_DEFAULT_ITER; 201#endif
181 else if (!strcmp (*args, "-nomaciter")) 202 else if (!strcmp(*args, "-noiter"))
182 maciter = 1; 203 iter = 1;
183 else if (!strcmp (*args, "-nomac")) 204 else if (!strcmp(*args, "-maciter"))
184 maciter = -1; 205 maciter = PKCS12_DEFAULT_ITER;
185 else if (!strcmp (*args, "-macalg")) 206 else if (!strcmp(*args, "-nomaciter"))
186 if (args[1]) { 207 maciter = 1;
187 args++; 208 else if (!strcmp(*args, "-nomac"))
188 macalg = *args; 209 maciter = -1;
189 } else badarg = 1; 210 else if (!strcmp(*args, "-macalg"))
190 else if (!strcmp (*args, "-nodes")) enc=NULL; 211 if (args[1]) {
191 else if (!strcmp (*args, "-certpbe")) { 212 args++;
192 if (!set_pbe(bio_err, &cert_pbe, *++args)) 213 macalg = *args;
193 badarg = 1; 214 } else
194 } else if (!strcmp (*args, "-keypbe")) { 215 badarg = 1;
195 if (!set_pbe(bio_err, &key_pbe, *++args)) 216 else if (!strcmp(*args, "-nodes"))
196 badarg = 1; 217 enc = NULL;
197 } else if (!strcmp (*args, "-rand")) { 218 else if (!strcmp(*args, "-certpbe")) {
198 if (args[1]) { 219 if (!set_pbe(bio_err, &cert_pbe, *++args))
199 args++; 220 badarg = 1;
200 inrand = *args; 221 } else if (!strcmp(*args, "-keypbe")) {
201 } else badarg = 1; 222 if (!set_pbe(bio_err, &key_pbe, *++args))
202 } else if (!strcmp (*args, "-inkey")) { 223 badarg = 1;
203 if (args[1]) { 224 } else if (!strcmp(*args, "-rand")) {
204 args++; 225 if (args[1]) {
205 keyname = *args; 226 args++;
206 } else badarg = 1; 227 inrand = *args;
207 } else if (!strcmp (*args, "-certfile")) { 228 } else
208 if (args[1]) { 229 badarg = 1;
209 args++; 230 } else if (!strcmp(*args, "-inkey")) {
210 certfile = *args; 231 if (args[1]) {
211 } else badarg = 1; 232 args++;
212 } else if (!strcmp (*args, "-name")) { 233 keyname = *args;
213 if (args[1]) { 234 } else
214 args++; 235 badarg = 1;
215 name = *args; 236 } else if (!strcmp(*args, "-certfile")) {
216 } else badarg = 1; 237 if (args[1]) {
217 } else if (!strcmp (*args, "-LMK")) 238 args++;
218 add_lmk = 1; 239 certfile = *args;
219 else if (!strcmp (*args, "-CSP")) { 240 } else
220 if (args[1]) { 241 badarg = 1;
221 args++; 242 } else if (!strcmp(*args, "-name")) {
222 csp_name = *args; 243 if (args[1]) {
223 } else badarg = 1; 244 args++;
224 } else if (!strcmp (*args, "-caname")) { 245 name = *args;
225 if (args[1]) { 246 } else
226 args++; 247 badarg = 1;
227 if (!canames) canames = sk_OPENSSL_STRING_new_null(); 248 } else if (!strcmp(*args, "-LMK"))
228 sk_OPENSSL_STRING_push(canames, *args); 249 add_lmk = 1;
229 } else badarg = 1; 250 else if (!strcmp(*args, "-CSP")) {
230 } else if (!strcmp (*args, "-in")) { 251 if (args[1]) {
231 if (args[1]) { 252 args++;
232 args++; 253 csp_name = *args;
233 infile = *args; 254 } else
234 } else badarg = 1; 255 badarg = 1;
235 } else if (!strcmp (*args, "-out")) { 256 } else if (!strcmp(*args, "-caname")) {
236 if (args[1]) { 257 if (args[1]) {
237 args++; 258 args++;
238 outfile = *args; 259 if (!canames)
239 } else badarg = 1; 260 canames = sk_OPENSSL_STRING_new_null();
240 } else if (!strcmp(*args,"-passin")) { 261 sk_OPENSSL_STRING_push(canames, *args);
241 if (args[1]) { 262 } else
242 args++; 263 badarg = 1;
243 passargin = *args; 264 } else if (!strcmp(*args, "-in")) {
244 } else badarg = 1; 265 if (args[1]) {
245 } else if (!strcmp(*args,"-passout")) { 266 args++;
246 if (args[1]) { 267 infile = *args;
247 args++; 268 } else
248 passargout = *args; 269 badarg = 1;
249 } else badarg = 1; 270 } else if (!strcmp(*args, "-out")) {
250 } else if (!strcmp (*args, "-password")) { 271 if (args[1]) {
251 if (args[1]) { 272 args++;
252 args++; 273 outfile = *args;
253 passarg = *args; 274 } else
254 noprompt = 1; 275 badarg = 1;
255 } else badarg = 1; 276 } else if (!strcmp(*args, "-passin")) {
256 } else if (!strcmp(*args,"-CApath")) { 277 if (args[1]) {
257 if (args[1]) { 278 args++;
258 args++; 279 passargin = *args;
259 CApath = *args; 280 } else
260 } else badarg = 1; 281 badarg = 1;
261 } else if (!strcmp(*args,"-CAfile")) { 282 } else if (!strcmp(*args, "-passout")) {
262 if (args[1]) { 283 if (args[1]) {
263 args++; 284 args++;
264 CAfile = *args; 285 passargout = *args;
265 } else badarg = 1; 286 } else
287 badarg = 1;
288 } else if (!strcmp(*args, "-password")) {
289 if (args[1]) {
290 args++;
291 passarg = *args;
292 noprompt = 1;
293 } else
294 badarg = 1;
295 } else if (!strcmp(*args, "-CApath")) {
296 if (args[1]) {
297 args++;
298 CApath = *args;
299 } else
300 badarg = 1;
301 } else if (!strcmp(*args, "-CAfile")) {
302 if (args[1]) {
303 args++;
304 CAfile = *args;
305 } else
306 badarg = 1;
266#ifndef OPENSSL_NO_ENGINE 307#ifndef OPENSSL_NO_ENGINE
267 } else if (!strcmp(*args,"-engine")) { 308 } else if (!strcmp(*args, "-engine")) {
268 if (args[1]) { 309 if (args[1]) {
269 args++; 310 args++;
270 engine = *args; 311 engine = *args;
271 } else badarg = 1; 312 } else
272#endif 313 badarg = 1;
273 } else badarg = 1; 314#endif
274 315 } else
275 } else badarg = 1; 316 badarg = 1;
276 args++; 317
277 } 318 } else
278 319 badarg = 1;
279 if (badarg) { 320 args++;
280 BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); 321 }
281 BIO_printf (bio_err, "where options are\n"); 322
282 BIO_printf (bio_err, "-export output PKCS12 file\n"); 323 if (badarg) {
283 BIO_printf (bio_err, "-chain add certificate chain\n"); 324 BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
284 BIO_printf (bio_err, "-inkey file private key if not infile\n"); 325 BIO_printf(bio_err, "where options are\n");
285 BIO_printf (bio_err, "-certfile f add all certs in f\n"); 326 BIO_printf(bio_err, "-export output PKCS12 file\n");
286 BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n"); 327 BIO_printf(bio_err, "-chain add certificate chain\n");
287 BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n"); 328 BIO_printf(bio_err, "-inkey file private key if not infile\n");
288 BIO_printf (bio_err, "-name \"name\" use name as friendly name\n"); 329 BIO_printf(bio_err, "-certfile f add all certs in f\n");
289 BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); 330 BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
290 BIO_printf (bio_err, "-in infile input filename\n"); 331 BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
291 BIO_printf (bio_err, "-out outfile output filename\n"); 332 BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
292 BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); 333 BIO_printf(bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
293 BIO_printf (bio_err, "-nomacver don't verify MAC.\n"); 334 BIO_printf(bio_err, "-in infile input filename\n");
294 BIO_printf (bio_err, "-nocerts don't output certificates.\n"); 335 BIO_printf(bio_err, "-out outfile output filename\n");
295 BIO_printf (bio_err, "-clcerts only output client certificates.\n"); 336 BIO_printf(bio_err, "-noout don't output anything, just verify.\n");
296 BIO_printf (bio_err, "-cacerts only output CA certificates.\n"); 337 BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
297 BIO_printf (bio_err, "-nokeys don't output private keys.\n"); 338 BIO_printf(bio_err, "-nocerts don't output certificates.\n");
298 BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); 339 BIO_printf(bio_err, "-clcerts only output client certificates.\n");
299 BIO_printf (bio_err, "-des encrypt private keys with DES\n"); 340 BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
300 BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); 341 BIO_printf(bio_err, "-nokeys don't output private keys.\n");
342 BIO_printf(bio_err, "-info give info about PKCS#12 structure.\n");
343 BIO_printf(bio_err, "-des encrypt private keys with DES\n");
344 BIO_printf(bio_err, "-des3 encrypt private keys with triple DES (default)\n");
301#ifndef OPENSSL_NO_IDEA 345#ifndef OPENSSL_NO_IDEA
302 BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); 346 BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
303#endif 347#endif
304#ifndef OPENSSL_NO_SEED 348#ifndef OPENSSL_NO_SEED
305 BIO_printf (bio_err, "-seed encrypt private keys with seed\n"); 349 BIO_printf(bio_err, "-seed encrypt private keys with seed\n");
306#endif 350#endif
307#ifndef OPENSSL_NO_AES 351#ifndef OPENSSL_NO_AES
308 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 352 BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
309 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 353 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
310#endif 354#endif
311#ifndef OPENSSL_NO_CAMELLIA 355#ifndef OPENSSL_NO_CAMELLIA
312 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); 356 BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
313 BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); 357 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
314#endif 358#endif
315 BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); 359 BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
316 BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); 360 BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
317 BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); 361 BIO_printf(bio_err, "-nomaciter don't use MAC iteration\n");
318 BIO_printf (bio_err, "-maciter use MAC iteration\n"); 362 BIO_printf(bio_err, "-maciter use MAC iteration\n");
319 BIO_printf (bio_err, "-nomac don't generate MAC\n"); 363 BIO_printf(bio_err, "-nomac don't generate MAC\n");
320 BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); 364 BIO_printf(bio_err, "-twopass separate MAC, encryption passwords\n");
321 BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); 365 BIO_printf(bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
322 BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); 366 BIO_printf(bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
323 BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); 367 BIO_printf(bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
324 BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n"); 368 BIO_printf(bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
325 BIO_printf (bio_err, "-keyex set MS key exchange type\n"); 369 BIO_printf(bio_err, "-keyex set MS key exchange type\n");
326 BIO_printf (bio_err, "-keysig set MS key signature type\n"); 370 BIO_printf(bio_err, "-keysig set MS key signature type\n");
327 BIO_printf (bio_err, "-password p set import/export password source\n"); 371 BIO_printf(bio_err, "-password p set import/export password source\n");
328 BIO_printf (bio_err, "-passin p input file pass phrase source\n"); 372 BIO_printf(bio_err, "-passin p input file pass phrase source\n");
329 BIO_printf (bio_err, "-passout p output file pass phrase source\n"); 373 BIO_printf(bio_err, "-passout p output file pass phrase source\n");
330#ifndef OPENSSL_NO_ENGINE 374#ifndef OPENSSL_NO_ENGINE
331 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 375 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
332#endif 376#endif
333 BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':'); 377 BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
334 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 378 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
335 BIO_printf(bio_err, " the random number generator\n"); 379 BIO_printf(bio_err, " the random number generator\n");
336 BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); 380 BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
337 BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); 381 BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
338 goto end; 382 goto end;
339 } 383 }
340
341#ifndef OPENSSL_NO_ENGINE 384#ifndef OPENSSL_NO_ENGINE
342 e = setup_engine(bio_err, engine, 0); 385 e = setup_engine(bio_err, engine, 0);
343#endif
344
345 if(passarg) {
346 if(export_cert) passargout = passarg;
347 else passargin = passarg;
348 }
349
350 if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
351 BIO_printf(bio_err, "Error getting passwords\n");
352 goto end;
353 }
354
355 if(!cpass) {
356 if(export_cert) cpass = passout;
357 else cpass = passin;
358 }
359
360 if(cpass) {
361 mpass = cpass;
362 noprompt = 1;
363 } else {
364 cpass = pass;
365 mpass = macpass;
366 }
367
368 if(export_cert || inrand) {
369 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
370 if (inrand != NULL)
371 BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
372 app_RAND_load_files(inrand));
373 }
374 ERR_load_crypto_strings();
375
376#ifdef CRYPTO_MDEBUG
377 CRYPTO_push_info("read files");
378#endif 386#endif
379 387
380 if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); 388 if (passarg) {
381 else in = BIO_new_file(infile, "rb"); 389 if (export_cert)
382 if (!in) { 390 passargout = passarg;
383 BIO_printf(bio_err, "Error opening input file %s\n", 391 else
384 infile ? infile : "<stdin>"); 392 passargin = passarg;
385 perror (infile); 393 }
386 goto end; 394 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
387 } 395 BIO_printf(bio_err, "Error getting passwords\n");
396 goto end;
397 }
398 if (!cpass) {
399 if (export_cert)
400 cpass = passout;
401 else
402 cpass = passin;
403 }
404 if (cpass) {
405 mpass = cpass;
406 noprompt = 1;
407 } else {
408 cpass = pass;
409 mpass = macpass;
410 }
411
412 if (export_cert || inrand) {
413 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
414 if (inrand != NULL)
415 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
416 app_RAND_load_files(inrand));
417 }
418 ERR_load_crypto_strings();
388 419
389#ifdef CRYPTO_MDEBUG 420#ifdef CRYPTO_MDEBUG
390 CRYPTO_pop_info(); 421 CRYPTO_push_info("read files");
391 CRYPTO_push_info("write files");
392#endif
393
394 if (!outfile) {
395 out = BIO_new_fp(stdout, BIO_NOCLOSE);
396 } else out = BIO_new_file(outfile, "wb");
397 if (!out) {
398 BIO_printf(bio_err, "Error opening output file %s\n",
399 outfile ? outfile : "<stdout>");
400 perror (outfile);
401 goto end;
402 }
403 if (twopass) {
404#ifdef CRYPTO_MDEBUG
405 CRYPTO_push_info("read MAC password");
406#endif 422#endif
407 if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) 423
408 { 424 if (!infile)
409 BIO_printf (bio_err, "Can't read Password\n"); 425 in = BIO_new_fp(stdin, BIO_NOCLOSE);
410 goto end; 426 else
411 } 427 in = BIO_new_file(infile, "rb");
428 if (!in) {
429 BIO_printf(bio_err, "Error opening input file %s\n",
430 infile ? infile : "<stdin>");
431 perror(infile);
432 goto end;
433 }
412#ifdef CRYPTO_MDEBUG 434#ifdef CRYPTO_MDEBUG
413 CRYPTO_pop_info(); 435 CRYPTO_pop_info();
436 CRYPTO_push_info("write files");
414#endif 437#endif
415 }
416 438
417 if (export_cert) { 439 if (!outfile) {
418 EVP_PKEY *key = NULL; 440 out = BIO_new_fp(stdout, BIO_NOCLOSE);
419 X509 *ucert = NULL, *x = NULL; 441 } else
420 STACK_OF(X509) *certs=NULL; 442 out = BIO_new_file(outfile, "wb");
421 const EVP_MD *macmd = NULL; 443 if (!out) {
422 unsigned char *catmp = NULL; 444 BIO_printf(bio_err, "Error opening output file %s\n",
423 int i; 445 outfile ? outfile : "<stdout>");
424 446 perror(outfile);
425 if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) 447 goto end;
426 { 448 }
427 BIO_printf(bio_err, "Nothing to do!\n"); 449 if (twopass) {
428 goto export_end; 450#ifdef CRYPTO_MDEBUG
451 CRYPTO_push_info("read MAC password");
452#endif
453 if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
454 BIO_printf(bio_err, "Can't read Password\n");
455 goto end;
429 } 456 }
430
431 if (options & NOCERTS)
432 chain = 0;
433
434#ifdef CRYPTO_MDEBUG 457#ifdef CRYPTO_MDEBUG
435 CRYPTO_push_info("process -export_cert"); 458 CRYPTO_pop_info();
436 CRYPTO_push_info("reading private key"); 459#endif
437#endif 460 }
438 if (!(options & NOKEYS)) 461 if (export_cert) {
439 { 462 EVP_PKEY *key = NULL;
440 key = load_key(bio_err, keyname ? keyname : infile, 463 X509 *ucert = NULL, *x = NULL;
441 FORMAT_PEM, 1, passin, e, "private key"); 464 STACK_OF(X509) * certs = NULL;
442 if (!key) 465 const EVP_MD *macmd = NULL;
466 unsigned char *catmp = NULL;
467 int i;
468
469 if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
470 BIO_printf(bio_err, "Nothing to do!\n");
443 goto export_end; 471 goto export_end;
444 } 472 }
473 if (options & NOCERTS)
474 chain = 0;
445 475
446#ifdef CRYPTO_MDEBUG 476#ifdef CRYPTO_MDEBUG
447 CRYPTO_pop_info(); 477 CRYPTO_push_info("process -export_cert");
448 CRYPTO_push_info("reading certs from input"); 478 CRYPTO_push_info("reading private key");
479#endif
480 if (!(options & NOKEYS)) {
481 key = load_key(bio_err, keyname ? keyname : infile,
482 FORMAT_PEM, 1, passin, e, "private key");
483 if (!key)
484 goto export_end;
485 }
486#ifdef CRYPTO_MDEBUG
487 CRYPTO_pop_info();
488 CRYPTO_push_info("reading certs from input");
449#endif 489#endif
450 490
451 /* Load in all certs in input file */ 491 /* Load in all certs in input file */
452 if(!(options & NOCERTS)) 492 if (!(options & NOCERTS)) {
453 { 493 certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
454 certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, 494 "certificates");
455 "certificates"); 495 if (!certs)
456 if (!certs) 496 goto export_end;
457 goto export_end;
458 497
459 if (key) 498 if (key) {
460 { 499 /* Look for matching private key */
461 /* Look for matching private key */ 500 for (i = 0; i < sk_X509_num(certs); i++) {
462 for(i = 0; i < sk_X509_num(certs); i++) 501 x = sk_X509_value(certs, i);
463 { 502 if (X509_check_private_key(x, key)) {
464 x = sk_X509_value(certs, i); 503 ucert = x;
465 if(X509_check_private_key(x, key)) 504 /* Zero keyid and alias */
466 { 505 X509_keyid_set1(ucert, NULL, 0);
467 ucert = x; 506 X509_alias_set1(ucert, NULL, 0);
468 /* Zero keyid and alias */ 507 /* Remove from list */
469 X509_keyid_set1(ucert, NULL, 0); 508 (void) sk_X509_delete(certs, i);
470 X509_alias_set1(ucert, NULL, 0); 509 break;
471 /* Remove from list */
472 (void)sk_X509_delete(certs, i);
473 break;
474 } 510 }
475 } 511 }
476 if (!ucert) 512 if (!ucert) {
477 { 513 BIO_printf(bio_err, "No certificate matches private key\n");
478 BIO_printf(bio_err, "No certificate matches private key\n"); 514 goto export_end;
479 goto export_end;
480 } 515 }
481 } 516 }
482
483 } 517 }
484
485#ifdef CRYPTO_MDEBUG 518#ifdef CRYPTO_MDEBUG
486 CRYPTO_pop_info(); 519 CRYPTO_pop_info();
487 CRYPTO_push_info("reading certs from input 2"); 520 CRYPTO_push_info("reading certs from input 2");
488#endif 521#endif
489 522
490 /* Add any more certificates asked for */ 523 /* Add any more certificates asked for */
491 if(certfile) 524 if (certfile) {
492 { 525 STACK_OF(X509) * morecerts = NULL;
493 STACK_OF(X509) *morecerts=NULL; 526 if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
494 if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, 527 NULL, e,
495 NULL, e, 528 "certificates from certfile")))
496 "certificates from certfile"))) 529 goto export_end;
497 goto export_end; 530 while (sk_X509_num(morecerts) > 0)
498 while(sk_X509_num(morecerts) > 0) 531 sk_X509_push(certs, sk_X509_shift(morecerts));
499 sk_X509_push(certs, sk_X509_shift(morecerts)); 532 sk_X509_free(morecerts);
500 sk_X509_free(morecerts); 533 }
501 }
502
503#ifdef CRYPTO_MDEBUG 534#ifdef CRYPTO_MDEBUG
504 CRYPTO_pop_info(); 535 CRYPTO_pop_info();
505 CRYPTO_push_info("reading certs from certfile"); 536 CRYPTO_push_info("reading certs from certfile");
506#endif 537#endif
507 538
508#ifdef CRYPTO_MDEBUG 539#ifdef CRYPTO_MDEBUG
509 CRYPTO_pop_info(); 540 CRYPTO_pop_info();
510 CRYPTO_push_info("building chain"); 541 CRYPTO_push_info("building chain");
511#endif 542#endif
512 543
513 /* If chaining get chain from user cert */ 544 /* If chaining get chain from user cert */
514 if (chain) { 545 if (chain) {
515 int vret; 546 int vret;
516 STACK_OF(X509) *chain2; 547 STACK_OF(X509) * chain2;
517 X509_STORE *store = X509_STORE_new(); 548 X509_STORE *store = X509_STORE_new();
518 if (!store) 549 if (!store) {
519 { 550 BIO_printf(bio_err, "Memory allocation error\n");
520 BIO_printf (bio_err, "Memory allocation error\n"); 551 goto export_end;
521 goto export_end;
522 } 552 }
523 if (!X509_STORE_load_locations(store, CAfile, CApath)) 553 if (!X509_STORE_load_locations(store, CAfile, CApath))
524 X509_STORE_set_default_paths (store); 554 X509_STORE_set_default_paths(store);
525 555
526 vret = get_cert_chain (ucert, store, &chain2); 556 vret = get_cert_chain(ucert, store, &chain2);
527 X509_STORE_free(store); 557 X509_STORE_free(store);
528 558
529 if (!vret) { 559 if (!vret) {
530 /* Exclude verified certificate */ 560 /* Exclude verified certificate */
531 for (i = 1; i < sk_X509_num (chain2) ; i++) 561 for (i = 1; i < sk_X509_num(chain2); i++)
532 sk_X509_push(certs, sk_X509_value (chain2, i)); 562 sk_X509_push(certs, sk_X509_value(chain2, i));
533 /* Free first certificate */ 563 /* Free first certificate */
534 X509_free(sk_X509_value(chain2, 0)); 564 X509_free(sk_X509_value(chain2, 0));
535 sk_X509_free(chain2); 565 sk_X509_free(chain2);
536 } else { 566 } else {
537 if (vret >= 0) 567 if (vret >= 0)
538 BIO_printf (bio_err, "Error %s getting chain.\n", 568 BIO_printf(bio_err, "Error %s getting chain.\n",
539 X509_verify_cert_error_string(vret)); 569 X509_verify_cert_error_string(vret));
540 else 570 else
541 ERR_print_errors(bio_err); 571 ERR_print_errors(bio_err);
542 goto export_end; 572 goto export_end;
543 } 573 }
544 } 574 }
545 575 /* Add any CA names */
546 /* Add any CA names */
547 576
548 for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) 577 for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
549 { 578 catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i);
550 catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); 579 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
551 X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
552 } 580 }
553 581
554 if (csp_name && key) 582 if (csp_name && key)
555 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 583 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
556 MBSTRING_ASC, (unsigned char *)csp_name, -1); 584 MBSTRING_ASC, (unsigned char *) csp_name, -1);
557 585
558 if (add_lmk && key) 586 if (add_lmk && key)
559 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); 587 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
560 588
561#ifdef CRYPTO_MDEBUG 589#ifdef CRYPTO_MDEBUG
562 CRYPTO_pop_info(); 590 CRYPTO_pop_info();
563 CRYPTO_push_info("reading password"); 591 CRYPTO_push_info("reading password");
564#endif 592#endif
565 593
566 if(!noprompt && 594 if (!noprompt &&
567 EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) 595 EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
568 { 596 BIO_printf(bio_err, "Can't read Password\n");
569 BIO_printf (bio_err, "Can't read Password\n"); 597 goto export_end;
570 goto export_end; 598 }
571 } 599 if (!twopass)
572 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); 600 BUF_strlcpy(macpass, pass, sizeof macpass);
573 601
574#ifdef CRYPTO_MDEBUG 602#ifdef CRYPTO_MDEBUG
575 CRYPTO_pop_info(); 603 CRYPTO_pop_info();
576 CRYPTO_push_info("creating PKCS#12 structure"); 604 CRYPTO_push_info("creating PKCS#12 structure");
577#endif 605#endif
578 606
579 p12 = PKCS12_create(cpass, name, key, ucert, certs, 607 p12 = PKCS12_create(cpass, name, key, ucert, certs,
580 key_pbe, cert_pbe, iter, -1, keytype); 608 key_pbe, cert_pbe, iter, -1, keytype);
581 609
582 if (!p12) 610 if (!p12) {
583 { 611 ERR_print_errors(bio_err);
584 ERR_print_errors (bio_err); 612 goto export_end;
585 goto export_end;
586 } 613 }
587 614 if (macalg) {
588 if (macalg) 615 macmd = EVP_get_digestbyname(macalg);
589 { 616 if (!macmd) {
590 macmd = EVP_get_digestbyname(macalg); 617 BIO_printf(bio_err, "Unknown digest algorithm %s\n",
591 if (!macmd) 618 macalg);
592 {
593 BIO_printf(bio_err, "Unknown digest algorithm %s\n",
594 macalg);
595 } 619 }
596 } 620 }
597 621 if (maciter != -1)
598 if (maciter != -1) 622 PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
599 PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
600 623
601#ifdef CRYPTO_MDEBUG 624#ifdef CRYPTO_MDEBUG
602 CRYPTO_pop_info(); 625 CRYPTO_pop_info();
603 CRYPTO_push_info("writing pkcs12"); 626 CRYPTO_push_info("writing pkcs12");
604#endif 627#endif
605 628
606 i2d_PKCS12_bio(out, p12); 629 i2d_PKCS12_bio(out, p12);
607 630
608 ret = 0; 631 ret = 0;
609 632
610 export_end: 633export_end:
611#ifdef CRYPTO_MDEBUG 634#ifdef CRYPTO_MDEBUG
612 CRYPTO_pop_info(); 635 CRYPTO_pop_info();
613 CRYPTO_pop_info(); 636 CRYPTO_pop_info();
614 CRYPTO_push_info("process -export_cert: freeing"); 637 CRYPTO_push_info("process -export_cert: freeing");
615#endif 638#endif
616 639
617 if (key) EVP_PKEY_free(key); 640 if (key)
618 if (certs) sk_X509_pop_free(certs, X509_free); 641 EVP_PKEY_free(key);
619 if (ucert) X509_free(ucert); 642 if (certs)
643 sk_X509_pop_free(certs, X509_free);
644 if (ucert)
645 X509_free(ucert);
620 646
621#ifdef CRYPTO_MDEBUG 647#ifdef CRYPTO_MDEBUG
622 CRYPTO_pop_info(); 648 CRYPTO_pop_info();
623#endif 649#endif
624 goto end; 650 goto end;
625
626 }
627
628 if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
629 ERR_print_errors(bio_err);
630 goto end;
631 }
632 651
652 }
653 if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
654 ERR_print_errors(bio_err);
655 goto end;
656 }
633#ifdef CRYPTO_MDEBUG 657#ifdef CRYPTO_MDEBUG
634 CRYPTO_push_info("read import password"); 658 CRYPTO_push_info("read import password");
635#endif 659#endif
636 if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { 660 if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
637 BIO_printf (bio_err, "Can't read Password\n"); 661 BIO_printf(bio_err, "Can't read Password\n");
638 goto end; 662 goto end;
639 } 663 }
640#ifdef CRYPTO_MDEBUG 664#ifdef CRYPTO_MDEBUG
641 CRYPTO_pop_info(); 665 CRYPTO_pop_info();
642#endif 666#endif
643 667
644 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); 668 if (!twopass)
669 BUF_strlcpy(macpass, pass, sizeof macpass);
645 670
646 if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); 671 if ((options & INFO) && p12->mac)
647 if(macver) { 672 BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
673 if (macver) {
648#ifdef CRYPTO_MDEBUG 674#ifdef CRYPTO_MDEBUG
649 CRYPTO_push_info("verify MAC"); 675 CRYPTO_push_info("verify MAC");
650#endif 676#endif
651 /* If we enter empty password try no password first */ 677 /* If we enter empty password try no password first */
652 if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { 678 if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
653 /* If mac and crypto pass the same set it to NULL too */ 679 /* If mac and crypto pass the same set it to NULL too */
654 if(!twopass) cpass = NULL; 680 if (!twopass)
655 } else if (!PKCS12_verify_mac(p12, mpass, -1)) { 681 cpass = NULL;
656 BIO_printf (bio_err, "Mac verify error: invalid password?\n"); 682 } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
657 ERR_print_errors (bio_err); 683 BIO_printf(bio_err, "Mac verify error: invalid password?\n");
658 goto end; 684 ERR_print_errors(bio_err);
659 } 685 goto end;
660 BIO_printf (bio_err, "MAC verified OK\n"); 686 }
687 BIO_printf(bio_err, "MAC verified OK\n");
661#ifdef CRYPTO_MDEBUG 688#ifdef CRYPTO_MDEBUG
662 CRYPTO_pop_info(); 689 CRYPTO_pop_info();
663#endif 690#endif
664 } 691 }
665
666#ifdef CRYPTO_MDEBUG 692#ifdef CRYPTO_MDEBUG
667 CRYPTO_push_info("output keys and certificates"); 693 CRYPTO_push_info("output keys and certificates");
668#endif 694#endif
669 if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) { 695 if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
670 BIO_printf(bio_err, "Error outputting keys and certificates\n"); 696 BIO_printf(bio_err, "Error outputting keys and certificates\n");
671 ERR_print_errors (bio_err); 697 ERR_print_errors(bio_err);
672 goto end; 698 goto end;
673 } 699 }
674#ifdef CRYPTO_MDEBUG 700#ifdef CRYPTO_MDEBUG
675 CRYPTO_pop_info(); 701 CRYPTO_pop_info();
676#endif 702#endif
677 ret = 0; 703 ret = 0;
678 end: 704end:
679 if (p12) PKCS12_free(p12); 705 if (p12)
680 if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); 706 PKCS12_free(p12);
707 if (export_cert || inrand)
708 app_RAND_write_file(NULL, bio_err);
681#ifdef CRYPTO_MDEBUG 709#ifdef CRYPTO_MDEBUG
682 CRYPTO_remove_all_info(); 710 CRYPTO_remove_all_info();
683#endif 711#endif
684 BIO_free(in); 712 BIO_free(in);
685 BIO_free_all(out); 713 BIO_free_all(out);
686 if (canames) sk_OPENSSL_STRING_free(canames); 714 if (canames)
687 if(passin) free(passin); 715 sk_OPENSSL_STRING_free(canames);
688 if(passout) free(passout); 716 if (passin)
689 apps_shutdown(); 717 free(passin);
690 return(ret); 718 if (passout)
719 free(passout);
720 apps_shutdown();
721 return (ret);
691} 722}
692 723
693int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, 724int
694 int passlen, int options, char *pempass) 725dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass,
726 int passlen, int options, char *pempass)
695{ 727{
696 STACK_OF(PKCS7) *asafes = NULL; 728 STACK_OF(PKCS7) * asafes = NULL;
697 STACK_OF(PKCS12_SAFEBAG) *bags; 729 STACK_OF(PKCS12_SAFEBAG) * bags;
698 int i, bagnid; 730 int i, bagnid;
699 int ret = 0; 731 int ret = 0;
700 PKCS7 *p7; 732 PKCS7 *p7;
701 733
702 if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; 734 if (!(asafes = PKCS12_unpack_authsafes(p12)))
703 for (i = 0; i < sk_PKCS7_num (asafes); i++) { 735 return 0;
704 p7 = sk_PKCS7_value (asafes, i); 736 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
705 bagnid = OBJ_obj2nid (p7->type); 737 p7 = sk_PKCS7_value(asafes, i);
738 bagnid = OBJ_obj2nid(p7->type);
706 if (bagnid == NID_pkcs7_data) { 739 if (bagnid == NID_pkcs7_data) {
707 bags = PKCS12_unpack_p7data(p7); 740 bags = PKCS12_unpack_p7data(p7);
708 if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); 741 if (options & INFO)
742 BIO_printf(bio_err, "PKCS7 Data\n");
709 } else if (bagnid == NID_pkcs7_encrypted) { 743 } else if (bagnid == NID_pkcs7_encrypted) {
710 if (options & INFO) { 744 if (options & INFO) {
711 BIO_printf(bio_err, "PKCS7 Encrypted data: "); 745 BIO_printf(bio_err, "PKCS7 Encrypted data: ");
712 alg_print(bio_err, 746 alg_print(bio_err,
713 p7->d.encrypted->enc_data->algorithm); 747 p7->d.encrypted->enc_data->algorithm);
714 } 748 }
715 bags = PKCS12_unpack_p7encdata(p7, pass, passlen); 749 bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
716 } else continue; 750 } else
717 if (!bags) goto err; 751 continue;
718 if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 752 if (!bags)
719 options, pempass)) { 753 goto err;
720 sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); 754 if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
755 options, pempass)) {
756 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
721 goto err; 757 goto err;
722 } 758 }
723 sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); 759 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
724 bags = NULL; 760 bags = NULL;
725 } 761 }
726 ret = 1; 762 ret = 1;
727 763
728 err: 764err:
729 765
730 if (asafes) 766 if (asafes)
731 sk_PKCS7_pop_free (asafes, PKCS7_free); 767 sk_PKCS7_pop_free(asafes, PKCS7_free);
732 return ret; 768 return ret;
733} 769}
734 770
735int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, 771int
736 char *pass, int passlen, int options, char *pempass) 772dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags,
773 char *pass, int passlen, int options, char *pempass)
737{ 774{
738 int i; 775 int i;
739 for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) { 776 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
740 if (!dump_certs_pkeys_bag (out, 777 if (!dump_certs_pkeys_bag(out,
741 sk_PKCS12_SAFEBAG_value (bags, i), 778 sk_PKCS12_SAFEBAG_value(bags, i),
742 pass, passlen, 779 pass, passlen,
743 options, pempass)) 780 options, pempass))
744 return 0; 781 return 0;
745 } 782 }
746 return 1; 783 return 1;
747} 784}
748 785
749int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, 786int
750 int passlen, int options, char *pempass) 787dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
788 int passlen, int options, char *pempass)
751{ 789{
752 EVP_PKEY *pkey; 790 EVP_PKEY *pkey;
753 PKCS8_PRIV_KEY_INFO *p8; 791 PKCS8_PRIV_KEY_INFO *p8;
754 X509 *x509; 792 X509 *x509;
755 793
756 switch (M_PKCS12_bag_type(bag)) 794 switch (M_PKCS12_bag_type(bag)) {
757 {
758 case NID_keyBag: 795 case NID_keyBag:
759 if (options & INFO) BIO_printf (bio_err, "Key bag\n"); 796 if (options & INFO)
760 if (options & NOKEYS) return 1; 797 BIO_printf(bio_err, "Key bag\n");
761 print_attribs (out, bag->attrib, "Bag Attributes"); 798 if (options & NOKEYS)
799 return 1;
800 print_attribs(out, bag->attrib, "Bag Attributes");
762 p8 = bag->value.keybag; 801 p8 = bag->value.keybag;
763 if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; 802 if (!(pkey = EVP_PKCS82PKEY(p8)))
764 print_attribs (out, p8->attributes, "Key Attributes"); 803 return 0;
765 PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); 804 print_attribs(out, p8->attributes, "Key Attributes");
805 PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
766 EVP_PKEY_free(pkey); 806 EVP_PKEY_free(pkey);
767 break; 807 break;
768 808
769 case NID_pkcs8ShroudedKeyBag: 809 case NID_pkcs8ShroudedKeyBag:
770 if (options & INFO) { 810 if (options & INFO) {
771 BIO_printf (bio_err, "Shrouded Keybag: "); 811 BIO_printf(bio_err, "Shrouded Keybag: ");
772 alg_print (bio_err, bag->value.shkeybag->algor); 812 alg_print(bio_err, bag->value.shkeybag->algor);
773 } 813 }
774 if (options & NOKEYS) return 1; 814 if (options & NOKEYS)
775 print_attribs (out, bag->attrib, "Bag Attributes"); 815 return 1;
816 print_attribs(out, bag->attrib, "Bag Attributes");
776 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) 817 if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
777 return 0; 818 return 0;
778 if (!(pkey = EVP_PKCS82PKEY (p8))) { 819 if (!(pkey = EVP_PKCS82PKEY(p8))) {
779 PKCS8_PRIV_KEY_INFO_free(p8); 820 PKCS8_PRIV_KEY_INFO_free(p8);
780 return 0; 821 return 0;
781 } 822 }
782 print_attribs (out, p8->attributes, "Key Attributes"); 823 print_attribs(out, p8->attributes, "Key Attributes");
783 PKCS8_PRIV_KEY_INFO_free(p8); 824 PKCS8_PRIV_KEY_INFO_free(p8);
784 PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); 825 PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
785 EVP_PKEY_free(pkey); 826 EVP_PKEY_free(pkey);
786 break; 827 break;
787 828
788 case NID_certBag: 829 case NID_certBag:
789 if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); 830 if (options & INFO)
790 if (options & NOCERTS) return 1; 831 BIO_printf(bio_err, "Certificate bag\n");
791 if (PKCS12_get_attr(bag, NID_localKeyID)) { 832 if (options & NOCERTS)
792 if (options & CACERTS) return 1; 833 return 1;
793 } else if (options & CLCERTS) return 1; 834 if (PKCS12_get_attr(bag, NID_localKeyID)) {
794 print_attribs (out, bag->attrib, "Bag Attributes"); 835 if (options & CACERTS)
795 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) 836 return 1;
796 return 1; 837 } else if (options & CLCERTS)
797 if (!(x509 = PKCS12_certbag2x509(bag))) return 0; 838 return 1;
798 dump_cert_text (out, x509); 839 print_attribs(out, bag->attrib, "Bag Attributes");
799 PEM_write_bio_X509 (out, x509); 840 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
841 return 1;
842 if (!(x509 = PKCS12_certbag2x509(bag)))
843 return 0;
844 dump_cert_text(out, x509);
845 PEM_write_bio_X509(out, x509);
800 X509_free(x509); 846 X509_free(x509);
801 break; 847 break;
802 848
803 case NID_safeContentsBag: 849 case NID_safeContentsBag:
804 if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); 850 if (options & INFO)
805 print_attribs (out, bag->attrib, "Bag Attributes"); 851 BIO_printf(bio_err, "Safe Contents bag\n");
806 return dump_certs_pkeys_bags (out, bag->value.safes, pass, 852 print_attribs(out, bag->attrib, "Bag Attributes");
807 passlen, options, pempass); 853 return dump_certs_pkeys_bags(out, bag->value.safes, pass,
808 854 passlen, options, pempass);
855
809 default: 856 default:
810 BIO_printf (bio_err, "Warning unsupported bag type: "); 857 BIO_printf(bio_err, "Warning unsupported bag type: ");
811 i2a_ASN1_OBJECT (bio_err, bag->type); 858 i2a_ASN1_OBJECT(bio_err, bag->type);
812 BIO_printf (bio_err, "\n"); 859 BIO_printf(bio_err, "\n");
813 return 1; 860 return 1;
814 break; 861 break;
815 } 862 }
816 return 1; 863 return 1;
817} 864}
@@ -820,21 +867,26 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
820 867
821/* Hope this is OK .... */ 868/* Hope this is OK .... */
822 869
823int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) 870int
871get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain)
824{ 872{
825 X509_STORE_CTX store_ctx; 873 X509_STORE_CTX store_ctx;
826 STACK_OF(X509) *chn; 874 STACK_OF(X509) * chn;
827 int i = 0; 875 int i = 0;
828 876
829 /* FIXME: Should really check the return status of X509_STORE_CTX_init 877 /*
830 * for an error, but how that fits into the return value of this 878 * FIXME: Should really check the return status of
831 * function is less obvious. */ 879 * X509_STORE_CTX_init for an error, but how that fits into the
880 * return value of this function is less obvious.
881 */
832 X509_STORE_CTX_init(&store_ctx, store, cert, NULL); 882 X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
833 if (X509_verify_cert(&store_ctx) <= 0) { 883 if (X509_verify_cert(&store_ctx) <= 0) {
834 i = X509_STORE_CTX_get_error (&store_ctx); 884 i = X509_STORE_CTX_get_error(&store_ctx);
835 if (i == 0) 885 if (i == 0)
836 /* avoid returning 0 if X509_verify_cert() did not 886 /*
837 * set an appropriate error value in the context */ 887 * avoid returning 0 if X509_verify_cert() did not
888 * set an appropriate error value in the context
889 */
838 i = -1; 890 i = -1;
839 chn = NULL; 891 chn = NULL;
840 goto err; 892 goto err;
@@ -843,11 +895,12 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
843err: 895err:
844 X509_STORE_CTX_cleanup(&store_ctx); 896 X509_STORE_CTX_cleanup(&store_ctx);
845 *chain = chn; 897 *chain = chn;
846 898
847 return i; 899 return i;
848} 900}
849 901
850int alg_print (BIO *x, X509_ALGOR *alg) 902int
903alg_print(BIO * x, X509_ALGOR * alg)
851{ 904{
852 PBEPARAM *pbe; 905 PBEPARAM *pbe;
853 const unsigned char *p; 906 const unsigned char *p;
@@ -855,16 +908,17 @@ int alg_print (BIO *x, X509_ALGOR *alg)
855 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); 908 pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
856 if (!pbe) 909 if (!pbe)
857 return 1; 910 return 1;
858 BIO_printf (bio_err, "%s, Iteration %ld\n", 911 BIO_printf(bio_err, "%s, Iteration %ld\n",
859 OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), 912 OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
860 ASN1_INTEGER_get(pbe->iter)); 913 ASN1_INTEGER_get(pbe->iter));
861 PBEPARAM_free (pbe); 914 PBEPARAM_free(pbe);
862 return 1; 915 return 1;
863} 916}
864 917
865/* Load all certificates from a given file */ 918/* Load all certificates from a given file */
866 919
867int cert_load(BIO *in, STACK_OF(X509) *sk) 920int
921cert_load(BIO * in, STACK_OF(X509) * sk)
868{ 922{
869 int ret; 923 int ret;
870 X509 *cert; 924 X509 *cert;
@@ -872,7 +926,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
872#ifdef CRYPTO_MDEBUG 926#ifdef CRYPTO_MDEBUG
873 CRYPTO_push_info("cert_load(): reading one cert"); 927 CRYPTO_push_info("cert_load(): reading one cert");
874#endif 928#endif
875 while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { 929 while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
876#ifdef CRYPTO_MDEBUG 930#ifdef CRYPTO_MDEBUG
877 CRYPTO_pop_info(); 931 CRYPTO_pop_info();
878#endif 932#endif
@@ -885,89 +939,94 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
885#ifdef CRYPTO_MDEBUG 939#ifdef CRYPTO_MDEBUG
886 CRYPTO_pop_info(); 940 CRYPTO_pop_info();
887#endif 941#endif
888 if(ret) ERR_clear_error(); 942 if (ret)
943 ERR_clear_error();
889 return ret; 944 return ret;
890} 945}
891 946
892/* Generalised attribute print: handle PKCS#8 and bag attributes */ 947/* Generalised attribute print: handle PKCS#8 and bag attributes */
893 948
894int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) 949int
950print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name)
895{ 951{
896 X509_ATTRIBUTE *attr; 952 X509_ATTRIBUTE *attr;
897 ASN1_TYPE *av; 953 ASN1_TYPE *av;
898 char *value; 954 char *value;
899 int i, attr_nid; 955 int i, attr_nid;
900 if(!attrlst) { 956 if (!attrlst) {
901 BIO_printf(out, "%s: <No Attributes>\n", name); 957 BIO_printf(out, "%s: <No Attributes>\n", name);
902 return 1; 958 return 1;
903 } 959 }
904 if(!sk_X509_ATTRIBUTE_num(attrlst)) { 960 if (!sk_X509_ATTRIBUTE_num(attrlst)) {
905 BIO_printf(out, "%s: <Empty Attributes>\n", name); 961 BIO_printf(out, "%s: <Empty Attributes>\n", name);
906 return 1; 962 return 1;
907 } 963 }
908 BIO_printf(out, "%s\n", name); 964 BIO_printf(out, "%s\n", name);
909 for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { 965 for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
910 attr = sk_X509_ATTRIBUTE_value(attrlst, i); 966 attr = sk_X509_ATTRIBUTE_value(attrlst, i);
911 attr_nid = OBJ_obj2nid(attr->object); 967 attr_nid = OBJ_obj2nid(attr->object);
912 BIO_printf(out, " "); 968 BIO_printf(out, " ");
913 if(attr_nid == NID_undef) { 969 if (attr_nid == NID_undef) {
914 i2a_ASN1_OBJECT (out, attr->object); 970 i2a_ASN1_OBJECT(out, attr->object);
915 BIO_printf(out, ": "); 971 BIO_printf(out, ": ");
916 } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); 972 } else
973 BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
917 974
918 if(sk_ASN1_TYPE_num(attr->value.set)) { 975 if (sk_ASN1_TYPE_num(attr->value.set)) {
919 av = sk_ASN1_TYPE_value(attr->value.set, 0); 976 av = sk_ASN1_TYPE_value(attr->value.set, 0);
920 switch(av->type) { 977 switch (av->type) {
921 case V_ASN1_BMPSTRING: 978 case V_ASN1_BMPSTRING:
922 value = OPENSSL_uni2asc(av->value.bmpstring->data, 979 value = OPENSSL_uni2asc(av->value.bmpstring->data,
923 av->value.bmpstring->length); 980 av->value.bmpstring->length);
924 BIO_printf(out, "%s\n", value); 981 BIO_printf(out, "%s\n", value);
925 free(value); 982 free(value);
926 break; 983 break;
927 984
928 case V_ASN1_OCTET_STRING: 985 case V_ASN1_OCTET_STRING:
929 hex_prin(out, av->value.octet_string->data, 986 hex_prin(out, av->value.octet_string->data,
930 av->value.octet_string->length); 987 av->value.octet_string->length);
931 BIO_printf(out, "\n"); 988 BIO_printf(out, "\n");
932 break; 989 break;
933 990
934 case V_ASN1_BIT_STRING: 991 case V_ASN1_BIT_STRING:
935 hex_prin(out, av->value.bit_string->data, 992 hex_prin(out, av->value.bit_string->data,
936 av->value.bit_string->length); 993 av->value.bit_string->length);
937 BIO_printf(out, "\n"); 994 BIO_printf(out, "\n");
938 break; 995 break;
939 996
940 default: 997 default:
941 BIO_printf(out, "<Unsupported tag %d>\n", av->type); 998 BIO_printf(out, "<Unsupported tag %d>\n", av->type);
942 break; 999 break;
943 } 1000 }
944 } else BIO_printf(out, "<No Values>\n"); 1001 } else
1002 BIO_printf(out, "<No Values>\n");
945 } 1003 }
946 return 1; 1004 return 1;
947} 1005}
948 1006
949void hex_prin(BIO *out, unsigned char *buf, int len) 1007void
1008hex_prin(BIO * out, unsigned char *buf, int len)
950{ 1009{
951 int i; 1010 int i;
952 for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); 1011 for (i = 0; i < len; i++)
1012 BIO_printf(out, "%02X ", buf[i]);
953} 1013}
954 1014
955static int set_pbe(BIO *err, int *ppbe, const char *str) 1015static int
956 { 1016set_pbe(BIO * err, int *ppbe, const char *str)
1017{
957 if (!str) 1018 if (!str)
958 return 0; 1019 return 0;
959 if (!strcmp(str, "NONE")) 1020 if (!strcmp(str, "NONE")) {
960 {
961 *ppbe = -1; 1021 *ppbe = -1;
962 return 1; 1022 return 1;
963 } 1023 }
964 *ppbe=OBJ_txt2nid(str); 1024 *ppbe = OBJ_txt2nid(str);
965 if (*ppbe == NID_undef) 1025 if (*ppbe == NID_undef) {
966 {
967 BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); 1026 BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
968 return 0; 1027 return 0;
969 }
970 return 1;
971 } 1028 }
972 1029 return 1;
1030}
1031
973#endif 1032#endif
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c
index 8a0e878e49..3c5cf09680 100644
--- a/src/lib/libssl/src/apps/pkcs7.c
+++ b/src/lib/libssl/src/apps/pkcs7.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -80,235 +80,215 @@
80 80
81int MAIN(int, char **); 81int MAIN(int, char **);
82 82
83int MAIN(int argc, char **argv) 83int
84 { 84MAIN(int argc, char **argv)
85 PKCS7 *p7=NULL; 85{
86 int i,badops=0; 86 PKCS7 *p7 = NULL;
87 BIO *in=NULL,*out=NULL; 87 int i, badops = 0;
88 int informat,outformat; 88 BIO *in = NULL, *out = NULL;
89 char *infile,*outfile,*prog; 89 int informat, outformat;
90 int print_certs=0,text=0,noout=0,p7_print=0; 90 char *infile, *outfile, *prog;
91 int ret=1; 91 int print_certs = 0, text = 0, noout = 0, p7_print = 0;
92 int ret = 1;
92#ifndef OPENSSL_NO_ENGINE 93#ifndef OPENSSL_NO_ENGINE
93 char *engine=NULL; 94 char *engine = NULL;
94#endif 95#endif
95 96
96 apps_startup(); 97 apps_startup();
97 98
98 if (bio_err == NULL) 99 if (bio_err == NULL)
99 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 100 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
100 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 101 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
101 102
102 if (!load_config(bio_err, NULL)) 103 if (!load_config(bio_err, NULL))
103 goto end; 104 goto end;
104 105
105 infile=NULL; 106 infile = NULL;
106 outfile=NULL; 107 outfile = NULL;
107 informat=FORMAT_PEM; 108 informat = FORMAT_PEM;
108 outformat=FORMAT_PEM; 109 outformat = FORMAT_PEM;
109 110
110 prog=argv[0]; 111 prog = argv[0];
111 argc--; 112 argc--;
112 argv++; 113 argv++;
113 while (argc >= 1) 114 while (argc >= 1) {
114 { 115 if (strcmp(*argv, "-inform") == 0) {
115 if (strcmp(*argv,"-inform") == 0) 116 if (--argc < 1)
116 { 117 goto bad;
117 if (--argc < 1) goto bad; 118 informat = str2fmt(*(++argv));
118 informat=str2fmt(*(++argv)); 119 } else if (strcmp(*argv, "-outform") == 0) {
119 } 120 if (--argc < 1)
120 else if (strcmp(*argv,"-outform") == 0) 121 goto bad;
121 { 122 outformat = str2fmt(*(++argv));
122 if (--argc < 1) goto bad; 123 } else if (strcmp(*argv, "-in") == 0) {
123 outformat=str2fmt(*(++argv)); 124 if (--argc < 1)
124 } 125 goto bad;
125 else if (strcmp(*argv,"-in") == 0) 126 infile = *(++argv);
126 { 127 } else if (strcmp(*argv, "-out") == 0) {
127 if (--argc < 1) goto bad; 128 if (--argc < 1)
128 infile= *(++argv); 129 goto bad;
129 } 130 outfile = *(++argv);
130 else if (strcmp(*argv,"-out") == 0) 131 } else if (strcmp(*argv, "-noout") == 0)
131 { 132 noout = 1;
132 if (--argc < 1) goto bad; 133 else if (strcmp(*argv, "-text") == 0)
133 outfile= *(++argv); 134 text = 1;
134 } 135 else if (strcmp(*argv, "-print") == 0)
135 else if (strcmp(*argv,"-noout") == 0) 136 p7_print = 1;
136 noout=1; 137 else if (strcmp(*argv, "-print_certs") == 0)
137 else if (strcmp(*argv,"-text") == 0) 138 print_certs = 1;
138 text=1;
139 else if (strcmp(*argv,"-print") == 0)
140 p7_print=1;
141 else if (strcmp(*argv,"-print_certs") == 0)
142 print_certs=1;
143#ifndef OPENSSL_NO_ENGINE 139#ifndef OPENSSL_NO_ENGINE
144 else if (strcmp(*argv,"-engine") == 0) 140 else if (strcmp(*argv, "-engine") == 0) {
145 { 141 if (--argc < 1)
146 if (--argc < 1) goto bad; 142 goto bad;
147 engine= *(++argv); 143 engine = *(++argv);
148 } 144 }
149#endif 145#endif
150 else 146 else {
151 { 147 BIO_printf(bio_err, "unknown option %s\n", *argv);
152 BIO_printf(bio_err,"unknown option %s\n",*argv); 148 badops = 1;
153 badops=1;
154 break; 149 break;
155 } 150 }
156 argc--; 151 argc--;
157 argv++; 152 argv++;
158 } 153 }
159 154
160 if (badops) 155 if (badops) {
161 {
162bad: 156bad:
163 BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); 157 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
164 BIO_printf(bio_err,"where options are\n"); 158 BIO_printf(bio_err, "where options are\n");
165 BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); 159 BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
166 BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); 160 BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
167 BIO_printf(bio_err," -in arg input file\n"); 161 BIO_printf(bio_err, " -in arg input file\n");
168 BIO_printf(bio_err," -out arg output file\n"); 162 BIO_printf(bio_err, " -out arg output file\n");
169 BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); 163 BIO_printf(bio_err, " -print_certs print any certs or crl in the input\n");
170 BIO_printf(bio_err," -text print full details of certificates\n"); 164 BIO_printf(bio_err, " -text print full details of certificates\n");
171 BIO_printf(bio_err," -noout don't output encoded data\n"); 165 BIO_printf(bio_err, " -noout don't output encoded data\n");
172#ifndef OPENSSL_NO_ENGINE 166#ifndef OPENSSL_NO_ENGINE
173 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); 167 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
174#endif 168#endif
175 ret = 1; 169 ret = 1;
176 goto end; 170 goto end;
177 } 171 }
178
179 ERR_load_crypto_strings(); 172 ERR_load_crypto_strings();
180 173
181#ifndef OPENSSL_NO_ENGINE 174#ifndef OPENSSL_NO_ENGINE
182 setup_engine(bio_err, engine, 0); 175 setup_engine(bio_err, engine, 0);
183#endif 176#endif
184 177
185 in=BIO_new(BIO_s_file()); 178 in = BIO_new(BIO_s_file());
186 out=BIO_new(BIO_s_file()); 179 out = BIO_new(BIO_s_file());
187 if ((in == NULL) || (out == NULL)) 180 if ((in == NULL) || (out == NULL)) {
188 {
189 ERR_print_errors(bio_err); 181 ERR_print_errors(bio_err);
190 goto end; 182 goto end;
191 } 183 }
192
193 if (infile == NULL) 184 if (infile == NULL)
194 BIO_set_fp(in,stdin,BIO_NOCLOSE); 185 BIO_set_fp(in, stdin, BIO_NOCLOSE);
195 else 186 else {
196 { 187 if (BIO_read_filename(in, infile) <= 0)
197 if (BIO_read_filename(in,infile) <= 0) 188 if (in == NULL) {
198 if (in == NULL) 189 perror(infile);
199 { 190 goto end;
200 perror(infile);
201 goto end;
202 } 191 }
203 } 192 }
204 193
205 if (informat == FORMAT_ASN1) 194 if (informat == FORMAT_ASN1)
206 p7=d2i_PKCS7_bio(in,NULL); 195 p7 = d2i_PKCS7_bio(in, NULL);
207 else if (informat == FORMAT_PEM) 196 else if (informat == FORMAT_PEM)
208 p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); 197 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
209 else 198 else {
210 { 199 BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
211 BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
212 goto end; 200 goto end;
213 } 201 }
214 if (p7 == NULL) 202 if (p7 == NULL) {
215 { 203 BIO_printf(bio_err, "unable to load PKCS7 object\n");
216 BIO_printf(bio_err,"unable to load PKCS7 object\n");
217 ERR_print_errors(bio_err); 204 ERR_print_errors(bio_err);
218 goto end; 205 goto end;
219 } 206 }
220 207 if (outfile == NULL) {
221 if (outfile == NULL) 208 BIO_set_fp(out, stdout, BIO_NOCLOSE);
222 { 209 } else {
223 BIO_set_fp(out,stdout,BIO_NOCLOSE); 210 if (BIO_write_filename(out, outfile) <= 0) {
224 }
225 else
226 {
227 if (BIO_write_filename(out,outfile) <= 0)
228 {
229 perror(outfile); 211 perror(outfile);
230 goto end; 212 goto end;
231 }
232 } 213 }
214 }
233 215
234 if (p7_print) 216 if (p7_print)
235 PKCS7_print_ctx(out, p7, 0, NULL); 217 PKCS7_print_ctx(out, p7, 0, NULL);
236 218
237 if (print_certs) 219 if (print_certs) {
238 { 220 STACK_OF(X509) * certs = NULL;
239 STACK_OF(X509) *certs=NULL; 221 STACK_OF(X509_CRL) * crls = NULL;
240 STACK_OF(X509_CRL) *crls=NULL;
241 222
242 i=OBJ_obj2nid(p7->type); 223 i = OBJ_obj2nid(p7->type);
243 switch (i) 224 switch (i) {
244 {
245 case NID_pkcs7_signed: 225 case NID_pkcs7_signed:
246 certs=p7->d.sign->cert; 226 certs = p7->d.sign->cert;
247 crls=p7->d.sign->crl; 227 crls = p7->d.sign->crl;
248 break; 228 break;
249 case NID_pkcs7_signedAndEnveloped: 229 case NID_pkcs7_signedAndEnveloped:
250 certs=p7->d.signed_and_enveloped->cert; 230 certs = p7->d.signed_and_enveloped->cert;
251 crls=p7->d.signed_and_enveloped->crl; 231 crls = p7->d.signed_and_enveloped->crl;
252 break; 232 break;
253 default: 233 default:
254 break; 234 break;
255 } 235 }
256 236
257 if (certs != NULL) 237 if (certs != NULL) {
258 {
259 X509 *x; 238 X509 *x;
260 239
261 for (i=0; i<sk_X509_num(certs); i++) 240 for (i = 0; i < sk_X509_num(certs); i++) {
262 { 241 x = sk_X509_value(certs, i);
263 x=sk_X509_value(certs,i); 242 if (text)
264 if(text) X509_print(out, x); 243 X509_print(out, x);
265 else dump_cert_text(out, x); 244 else
245 dump_cert_text(out, x);
266 246
267 if(!noout) PEM_write_bio_X509(out,x); 247 if (!noout)
268 BIO_puts(out,"\n"); 248 PEM_write_bio_X509(out, x);
269 } 249 BIO_puts(out, "\n");
270 } 250 }
271 if (crls != NULL) 251 }
272 { 252 if (crls != NULL) {
273 X509_CRL *crl; 253 X509_CRL *crl;
274 254
275 for (i=0; i<sk_X509_CRL_num(crls); i++) 255 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
276 { 256 crl = sk_X509_CRL_value(crls, i);
277 crl=sk_X509_CRL_value(crls,i);
278 257
279 X509_CRL_print(out, crl); 258 X509_CRL_print(out, crl);
280 259
281 if(!noout)PEM_write_bio_X509_CRL(out,crl); 260 if (!noout)
282 BIO_puts(out,"\n"); 261 PEM_write_bio_X509_CRL(out, crl);
283 } 262 BIO_puts(out, "\n");
284 } 263 }
285
286 ret=0;
287 goto end;
288 } 264 }
289 265 ret = 0;
290 if(!noout) { 266 goto end;
291 if (outformat == FORMAT_ASN1) 267 }
292 i=i2d_PKCS7_bio(out,p7); 268 if (!noout) {
269 if (outformat == FORMAT_ASN1)
270 i = i2d_PKCS7_bio(out, p7);
293 else if (outformat == FORMAT_PEM) 271 else if (outformat == FORMAT_PEM)
294 i=PEM_write_bio_PKCS7(out,p7); 272 i = PEM_write_bio_PKCS7(out, p7);
295 else { 273 else {
296 BIO_printf(bio_err,"bad output format specified for outfile\n"); 274 BIO_printf(bio_err, "bad output format specified for outfile\n");
297 goto end; 275 goto end;
298 } 276 }
299 277
300 if (!i) 278 if (!i) {
301 { 279 BIO_printf(bio_err, "unable to write pkcs7 object\n");
302 BIO_printf(bio_err,"unable to write pkcs7 object\n");
303 ERR_print_errors(bio_err); 280 ERR_print_errors(bio_err);
304 goto end; 281 goto end;
305 } 282 }
306 } 283 }
307 ret=0; 284 ret = 0;
308end: 285end:
309 if (p7 != NULL) PKCS7_free(p7); 286 if (p7 != NULL)
310 if (in != NULL) BIO_free(in); 287 PKCS7_free(p7);
311 if (out != NULL) BIO_free_all(out); 288 if (in != NULL)
289 BIO_free(in);
290 if (out != NULL)
291 BIO_free_all(out);
312 apps_shutdown(); 292 apps_shutdown();
313 return(ret); 293 return (ret);
314 } 294}
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index 74fe9a1b3d..089511ee2a 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,8 +67,9 @@
67 67
68int MAIN(int, char **); 68int MAIN(int, char **);
69 69
70int MAIN(int argc, char **argv) 70int
71 { 71MAIN(int argc, char **argv)
72{
72 ENGINE *e = NULL; 73 ENGINE *e = NULL;
73 char **args, *infile = NULL, *outfile = NULL; 74 char **args, *infile = NULL, *outfile = NULL;
74 char *passargin = NULL, *passargout = NULL; 75 char *passargin = NULL, *passargout = NULL;
@@ -82,131 +83,108 @@ int MAIN(int argc, char **argv)
82 int nocrypt = 0; 83 int nocrypt = 0;
83 X509_SIG *p8 = NULL; 84 X509_SIG *p8 = NULL;
84 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 85 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
85 EVP_PKEY *pkey=NULL; 86 EVP_PKEY *pkey = NULL;
86 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; 87 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
87 int badarg = 0; 88 int badarg = 0;
88 int ret = 1; 89 int ret = 1;
89#ifndef OPENSSL_NO_ENGINE 90#ifndef OPENSSL_NO_ENGINE
90 char *engine=NULL; 91 char *engine = NULL;
91#endif 92#endif
92 93
93 if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); 94 if (bio_err == NULL)
95 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
94 96
95 if (!load_config(bio_err, NULL)) 97 if (!load_config(bio_err, NULL))
96 goto end; 98 goto end;
97 99
98 informat=FORMAT_PEM; 100 informat = FORMAT_PEM;
99 outformat=FORMAT_PEM; 101 outformat = FORMAT_PEM;
100 102
101 ERR_load_crypto_strings(); 103 ERR_load_crypto_strings();
102 OpenSSL_add_all_algorithms(); 104 OpenSSL_add_all_algorithms();
103 args = argv + 1; 105 args = argv + 1;
104 while (!badarg && *args && *args[0] == '-') 106 while (!badarg && *args && *args[0] == '-') {
105 { 107 if (!strcmp(*args, "-v2")) {
106 if (!strcmp(*args,"-v2")) 108 if (args[1]) {
107 {
108 if (args[1])
109 {
110 args++; 109 args++;
111 cipher=EVP_get_cipherbyname(*args); 110 cipher = EVP_get_cipherbyname(*args);
112 if (!cipher) 111 if (!cipher) {
113 {
114 BIO_printf(bio_err, 112 BIO_printf(bio_err,
115 "Unknown cipher %s\n", *args); 113 "Unknown cipher %s\n", *args);
116 badarg = 1; 114 badarg = 1;
117 }
118 } 115 }
119 else 116 } else
120 badarg = 1; 117 badarg = 1;
121 } 118 } else if (!strcmp(*args, "-v1")) {
122 else if (!strcmp(*args,"-v1")) 119 if (args[1]) {
123 {
124 if (args[1])
125 {
126 args++; 120 args++;
127 pbe_nid=OBJ_txt2nid(*args); 121 pbe_nid = OBJ_txt2nid(*args);
128 if (pbe_nid == NID_undef) 122 if (pbe_nid == NID_undef) {
129 {
130 BIO_printf(bio_err, 123 BIO_printf(bio_err,
131 "Unknown PBE algorithm %s\n", *args); 124 "Unknown PBE algorithm %s\n", *args);
132 badarg = 1; 125 badarg = 1;
133 }
134 } 126 }
135 else 127 } else
136 badarg = 1; 128 badarg = 1;
137 } 129 } else if (!strcmp(*args, "-inform")) {
138 else if (!strcmp(*args,"-inform")) 130 if (args[1]) {
139 {
140 if (args[1])
141 {
142 args++; 131 args++;
143 informat=str2fmt(*args); 132 informat = str2fmt(*args);
144 } 133 } else
145 else badarg = 1; 134 badarg = 1;
146 } 135 } else if (!strcmp(*args, "-outform")) {
147 else if (!strcmp(*args,"-outform")) 136 if (args[1]) {
148 {
149 if (args[1])
150 {
151 args++; 137 args++;
152 outformat=str2fmt(*args); 138 outformat = str2fmt(*args);
153 } 139 } else
154 else badarg = 1; 140 badarg = 1;
155 } 141 } else if (!strcmp(*args, "-topk8"))
156 else if (!strcmp (*args, "-topk8"))
157 topk8 = 1; 142 topk8 = 1;
158 else if (!strcmp (*args, "-noiter")) 143 else if (!strcmp(*args, "-noiter"))
159 iter = 1; 144 iter = 1;
160 else if (!strcmp (*args, "-nocrypt")) 145 else if (!strcmp(*args, "-nocrypt"))
161 nocrypt = 1; 146 nocrypt = 1;
162 else if (!strcmp (*args, "-nooct")) 147 else if (!strcmp(*args, "-nooct"))
163 p8_broken = PKCS8_NO_OCTET; 148 p8_broken = PKCS8_NO_OCTET;
164 else if (!strcmp (*args, "-nsdb")) 149 else if (!strcmp(*args, "-nsdb"))
165 p8_broken = PKCS8_NS_DB; 150 p8_broken = PKCS8_NS_DB;
166 else if (!strcmp (*args, "-embed")) 151 else if (!strcmp(*args, "-embed"))
167 p8_broken = PKCS8_EMBEDDED_PARAM; 152 p8_broken = PKCS8_EMBEDDED_PARAM;
168 else if (!strcmp(*args,"-passin")) 153 else if (!strcmp(*args, "-passin")) {
169 { 154 if (!args[1])
170 if (!args[1]) goto bad; 155 goto bad;
171 passargin= *(++args); 156 passargin = *(++args);
172 } 157 } else if (!strcmp(*args, "-passout")) {
173 else if (!strcmp(*args,"-passout")) 158 if (!args[1])
174 { 159 goto bad;
175 if (!args[1]) goto bad; 160 passargout = *(++args);
176 passargout= *(++args); 161 }
177 }
178#ifndef OPENSSL_NO_ENGINE 162#ifndef OPENSSL_NO_ENGINE
179 else if (strcmp(*args,"-engine") == 0) 163 else if (strcmp(*args, "-engine") == 0) {
180 { 164 if (!args[1])
181 if (!args[1]) goto bad; 165 goto bad;
182 engine= *(++args); 166 engine = *(++args);
183 } 167 }
184#endif 168#endif
185 else if (!strcmp (*args, "-in")) 169 else if (!strcmp(*args, "-in")) {
186 { 170 if (args[1]) {
187 if (args[1])
188 {
189 args++; 171 args++;
190 infile = *args; 172 infile = *args;
191 } 173 } else
192 else badarg = 1; 174 badarg = 1;
193 } 175 } else if (!strcmp(*args, "-out")) {
194 else if (!strcmp (*args, "-out")) 176 if (args[1]) {
195 {
196 if (args[1])
197 {
198 args++; 177 args++;
199 outfile = *args; 178 outfile = *args;
200 } 179 } else
201 else badarg = 1; 180 badarg = 1;
202 } 181 } else
203 else badarg = 1; 182 badarg = 1;
204 args++; 183 args++;
205 } 184 }
206 185
207 if (badarg) 186 if (badarg) {
208 { 187bad:
209 bad:
210 BIO_printf(bio_err, "Usage pkcs8 [options]\n"); 188 BIO_printf(bio_err, "Usage pkcs8 [options]\n");
211 BIO_printf(bio_err, "where options are\n"); 189 BIO_printf(bio_err, "where options are\n");
212 BIO_printf(bio_err, "-in file input file\n"); 190 BIO_printf(bio_err, "-in file input file\n");
@@ -224,201 +202,166 @@ int MAIN(int argc, char **argv)
224 BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); 202 BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
225 BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); 203 BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
226#ifndef OPENSSL_NO_ENGINE 204#ifndef OPENSSL_NO_ENGINE
227 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); 205 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
228#endif 206#endif
229 goto end; 207 goto end;
230 } 208 }
231
232#ifndef OPENSSL_NO_ENGINE 209#ifndef OPENSSL_NO_ENGINE
233 e = setup_engine(bio_err, engine, 0); 210 e = setup_engine(bio_err, engine, 0);
234#endif 211#endif
235 212
236 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 213 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
237 {
238 BIO_printf(bio_err, "Error getting passwords\n"); 214 BIO_printf(bio_err, "Error getting passwords\n");
239 goto end; 215 goto end;
240 } 216 }
241
242 if ((pbe_nid == -1) && !cipher) 217 if ((pbe_nid == -1) && !cipher)
243 pbe_nid = NID_pbeWithMD5AndDES_CBC; 218 pbe_nid = NID_pbeWithMD5AndDES_CBC;
244 219
245 if (infile) 220 if (infile) {
246 { 221 if (!(in = BIO_new_file(infile, "rb"))) {
247 if (!(in = BIO_new_file(infile, "rb")))
248 {
249 BIO_printf(bio_err, 222 BIO_printf(bio_err,
250 "Can't open input file %s\n", infile); 223 "Can't open input file %s\n", infile);
251 goto end; 224 goto end;
252 }
253 } 225 }
254 else 226 } else
255 in = BIO_new_fp (stdin, BIO_NOCLOSE); 227 in = BIO_new_fp(stdin, BIO_NOCLOSE);
256 228
257 if (outfile) 229 if (outfile) {
258 { 230 if (!(out = BIO_new_file(outfile, "wb"))) {
259 if (!(out = BIO_new_file (outfile, "wb")))
260 {
261 BIO_printf(bio_err, 231 BIO_printf(bio_err,
262 "Can't open output file %s\n", outfile); 232 "Can't open output file %s\n", outfile);
263 goto end; 233 goto end;
264 }
265 }
266 else
267 {
268 out = BIO_new_fp (stdout, BIO_NOCLOSE);
269 } 234 }
270 if (topk8) 235 } else {
271 { 236 out = BIO_new_fp(stdout, BIO_NOCLOSE);
237 }
238 if (topk8) {
272 pkey = load_key(bio_err, infile, informat, 1, 239 pkey = load_key(bio_err, infile, informat, 1,
273 passin, e, "key"); 240 passin, e, "key");
274 if (!pkey) 241 if (!pkey)
275 goto end; 242 goto end;
276 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) 243 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
277 {
278 BIO_printf(bio_err, "Error converting key\n"); 244 BIO_printf(bio_err, "Error converting key\n");
279 ERR_print_errors(bio_err); 245 ERR_print_errors(bio_err);
280 goto end; 246 goto end;
281 } 247 }
282 if (nocrypt) 248 if (nocrypt) {
283 { 249 if (outformat == FORMAT_PEM)
284 if (outformat == FORMAT_PEM)
285 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); 250 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
286 else if (outformat == FORMAT_ASN1) 251 else if (outformat == FORMAT_ASN1)
287 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); 252 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
288 else 253 else {
289 {
290 BIO_printf(bio_err, "Bad format specified for key\n"); 254 BIO_printf(bio_err, "Bad format specified for key\n");
291 goto end; 255 goto end;
292 }
293 } 256 }
294 else 257 } else {
295 {
296 if (passout) 258 if (passout)
297 p8pass = passout; 259 p8pass = passout;
298 else 260 else {
299 {
300 p8pass = pass; 261 p8pass = pass;
301 if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) 262 if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
302 goto end; 263 goto end;
303 } 264 }
304 app_RAND_load_file(NULL, bio_err, 0); 265 app_RAND_load_file(NULL, bio_err, 0);
305 if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, 266 if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
306 p8pass, strlen(p8pass), 267 p8pass, strlen(p8pass),
307 NULL, 0, iter, p8inf))) 268 NULL, 0, iter, p8inf))) {
308 {
309 BIO_printf(bio_err, "Error encrypting key\n"); 269 BIO_printf(bio_err, "Error encrypting key\n");
310 ERR_print_errors(bio_err); 270 ERR_print_errors(bio_err);
311 goto end; 271 goto end;
312 } 272 }
313 app_RAND_write_file(NULL, bio_err); 273 app_RAND_write_file(NULL, bio_err);
314 if (outformat == FORMAT_PEM) 274 if (outformat == FORMAT_PEM)
315 PEM_write_bio_PKCS8(out, p8); 275 PEM_write_bio_PKCS8(out, p8);
316 else if (outformat == FORMAT_ASN1) 276 else if (outformat == FORMAT_ASN1)
317 i2d_PKCS8_bio(out, p8); 277 i2d_PKCS8_bio(out, p8);
318 else 278 else {
319 {
320 BIO_printf(bio_err, "Bad format specified for key\n"); 279 BIO_printf(bio_err, "Bad format specified for key\n");
321 goto end; 280 goto end;
322 }
323 } 281 }
282 }
324 283
325 ret = 0; 284 ret = 0;
326 goto end; 285 goto end;
327 } 286 }
328 287 if (nocrypt) {
329 if (nocrypt) 288 if (informat == FORMAT_PEM)
330 { 289 p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
331 if (informat == FORMAT_PEM)
332 p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
333 else if (informat == FORMAT_ASN1) 290 else if (informat == FORMAT_ASN1)
334 p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); 291 p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
335 else 292 else {
336 {
337 BIO_printf(bio_err, "Bad format specified for key\n"); 293 BIO_printf(bio_err, "Bad format specified for key\n");
338 goto end; 294 goto end;
339 }
340 } 295 }
341 else 296 } else {
342 { 297 if (informat == FORMAT_PEM)
343 if (informat == FORMAT_PEM)
344 p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); 298 p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
345 else if (informat == FORMAT_ASN1) 299 else if (informat == FORMAT_ASN1)
346 p8 = d2i_PKCS8_bio(in, NULL); 300 p8 = d2i_PKCS8_bio(in, NULL);
347 else 301 else {
348 {
349 BIO_printf(bio_err, "Bad format specified for key\n"); 302 BIO_printf(bio_err, "Bad format specified for key\n");
350 goto end; 303 goto end;
351 } 304 }
352 305
353 if (!p8) 306 if (!p8) {
354 { 307 BIO_printf(bio_err, "Error reading key\n");
355 BIO_printf (bio_err, "Error reading key\n");
356 ERR_print_errors(bio_err); 308 ERR_print_errors(bio_err);
357 goto end; 309 goto end;
358 } 310 }
359 if (passin) 311 if (passin)
360 p8pass = passin; 312 p8pass = passin;
361 else 313 else {
362 {
363 p8pass = pass; 314 p8pass = pass;
364 EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); 315 EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
365 }
366 p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
367 } 316 }
317 p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
318 }
368 319
369 if (!p8inf) 320 if (!p8inf) {
370 {
371 BIO_printf(bio_err, "Error decrypting key\n"); 321 BIO_printf(bio_err, "Error decrypting key\n");
372 ERR_print_errors(bio_err); 322 ERR_print_errors(bio_err);
373 goto end; 323 goto end;
374 } 324 }
375 325 if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
376 if (!(pkey = EVP_PKCS82PKEY(p8inf)))
377 {
378 BIO_printf(bio_err, "Error converting key\n"); 326 BIO_printf(bio_err, "Error converting key\n");
379 ERR_print_errors(bio_err); 327 ERR_print_errors(bio_err);
380 goto end; 328 goto end;
381 } 329 }
382 330 if (p8inf->broken) {
383 if (p8inf->broken)
384 {
385 BIO_printf(bio_err, "Warning: broken key encoding: "); 331 BIO_printf(bio_err, "Warning: broken key encoding: ");
386 switch (p8inf->broken) 332 switch (p8inf->broken) {
387 { 333 case PKCS8_NO_OCTET:
388 case PKCS8_NO_OCTET:
389 BIO_printf(bio_err, "No Octet String in PrivateKey\n"); 334 BIO_printf(bio_err, "No Octet String in PrivateKey\n");
390 break; 335 break;
391 336
392 case PKCS8_EMBEDDED_PARAM: 337 case PKCS8_EMBEDDED_PARAM:
393 BIO_printf(bio_err, "DSA parameters included in PrivateKey\n"); 338 BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
394 break; 339 break;
395 340
396 case PKCS8_NS_DB: 341 case PKCS8_NS_DB:
397 BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); 342 BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
398 break; 343 break;
399 344
400 case PKCS8_NEG_PRIVKEY: 345 case PKCS8_NEG_PRIVKEY:
401 BIO_printf(bio_err, "DSA private key value is negative\n"); 346 BIO_printf(bio_err, "DSA private key value is negative\n");
402 break; 347 break;
403 348
404 default: 349 default:
405 BIO_printf(bio_err, "Unknown broken type\n"); 350 BIO_printf(bio_err, "Unknown broken type\n");
406 break; 351 break;
407 } 352 }
408 } 353 }
409 354 if (outformat == FORMAT_PEM)
410 if (outformat == FORMAT_PEM)
411 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); 355 PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
412 else if (outformat == FORMAT_ASN1) 356 else if (outformat == FORMAT_ASN1)
413 i2d_PrivateKey_bio(out, pkey); 357 i2d_PrivateKey_bio(out, pkey);
414 else 358 else {
415 {
416 BIO_printf(bio_err, "Bad format specified for key\n"); 359 BIO_printf(bio_err, "Bad format specified for key\n");
417 goto end; 360 goto end;
418 } 361 }
419 ret = 0; 362 ret = 0;
420 363
421 end: 364end:
422 X509_SIG_free(p8); 365 X509_SIG_free(p8);
423 PKCS8_PRIV_KEY_INFO_free(p8inf); 366 PKCS8_PRIV_KEY_INFO_free(p8inf);
424 EVP_PKEY_free(pkey); 367 EVP_PKEY_free(pkey);
@@ -430,4 +373,4 @@ int MAIN(int argc, char **argv)
430 free(passout); 373 free(passout);
431 374
432 return ret; 375 return ret;
433 } 376}
diff --git a/src/lib/libssl/src/apps/pkey.c b/src/lib/libssl/src/apps/pkey.c
index 82c67b732b..963ab92368 100644
--- a/src/lib/libssl/src/apps/pkey.c
+++ b/src/lib/libssl/src/apps/pkey.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,9 @@
66 66
67int MAIN(int, char **); 67int MAIN(int, char **);
68 68
69int MAIN(int argc, char **argv) 69int
70 { 70MAIN(int argc, char **argv)
71{
71 ENGINE *e = NULL; 72 ENGINE *e = NULL;
72 char **args, *infile = NULL, *outfile = NULL; 73 char **args, *infile = NULL, *outfile = NULL;
73 char *passargin = NULL, *passargout = NULL; 74 char *passargin = NULL, *passargout = NULL;
@@ -75,114 +76,93 @@ int MAIN(int argc, char **argv)
75 const EVP_CIPHER *cipher = NULL; 76 const EVP_CIPHER *cipher = NULL;
76 int informat, outformat; 77 int informat, outformat;
77 int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0; 78 int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
78 EVP_PKEY *pkey=NULL; 79 EVP_PKEY *pkey = NULL;
79 char *passin = NULL, *passout = NULL; 80 char *passin = NULL, *passout = NULL;
80 int badarg = 0; 81 int badarg = 0;
81#ifndef OPENSSL_NO_ENGINE 82#ifndef OPENSSL_NO_ENGINE
82 char *engine=NULL; 83 char *engine = NULL;
83#endif 84#endif
84 int ret = 1; 85 int ret = 1;
85 86
86 if (bio_err == NULL) 87 if (bio_err == NULL)
87 bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); 88 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
88 89
89 if (!load_config(bio_err, NULL)) 90 if (!load_config(bio_err, NULL))
90 goto end; 91 goto end;
91 92
92 informat=FORMAT_PEM; 93 informat = FORMAT_PEM;
93 outformat=FORMAT_PEM; 94 outformat = FORMAT_PEM;
94 95
95 ERR_load_crypto_strings(); 96 ERR_load_crypto_strings();
96 OpenSSL_add_all_algorithms(); 97 OpenSSL_add_all_algorithms();
97 args = argv + 1; 98 args = argv + 1;
98 while (!badarg && *args && *args[0] == '-') 99 while (!badarg && *args && *args[0] == '-') {
99 { 100 if (!strcmp(*args, "-inform")) {
100 if (!strcmp(*args,"-inform")) 101 if (args[1]) {
101 {
102 if (args[1])
103 {
104 args++; 102 args++;
105 informat=str2fmt(*args); 103 informat = str2fmt(*args);
106 } 104 } else
107 else badarg = 1; 105 badarg = 1;
108 } 106 } else if (!strcmp(*args, "-outform")) {
109 else if (!strcmp(*args,"-outform")) 107 if (args[1]) {
110 {
111 if (args[1])
112 {
113 args++; 108 args++;
114 outformat=str2fmt(*args); 109 outformat = str2fmt(*args);
115 } 110 } else
116 else badarg = 1; 111 badarg = 1;
117 } 112 } else if (!strcmp(*args, "-passin")) {
118 else if (!strcmp(*args,"-passin")) 113 if (!args[1])
119 { 114 goto bad;
120 if (!args[1]) goto bad; 115 passargin = *(++args);
121 passargin= *(++args); 116 } else if (!strcmp(*args, "-passout")) {
122 } 117 if (!args[1])
123 else if (!strcmp(*args,"-passout")) 118 goto bad;
124 { 119 passargout = *(++args);
125 if (!args[1]) goto bad; 120 }
126 passargout= *(++args);
127 }
128#ifndef OPENSSL_NO_ENGINE 121#ifndef OPENSSL_NO_ENGINE
129 else if (strcmp(*args,"-engine") == 0) 122 else if (strcmp(*args, "-engine") == 0) {
130 { 123 if (!args[1])
131 if (!args[1]) goto bad; 124 goto bad;
132 engine= *(++args); 125 engine = *(++args);
133 } 126 }
134#endif 127#endif
135 else if (!strcmp (*args, "-in")) 128 else if (!strcmp(*args, "-in")) {
136 { 129 if (args[1]) {
137 if (args[1])
138 {
139 args++; 130 args++;
140 infile = *args; 131 infile = *args;
141 } 132 } else
142 else badarg = 1; 133 badarg = 1;
143 } 134 } else if (!strcmp(*args, "-out")) {
144 else if (!strcmp (*args, "-out")) 135 if (args[1]) {
145 {
146 if (args[1])
147 {
148 args++; 136 args++;
149 outfile = *args; 137 outfile = *args;
150 } 138 } else
151 else badarg = 1; 139 badarg = 1;
152 } 140 } else if (strcmp(*args, "-pubin") == 0) {
153 else if (strcmp(*args,"-pubin") == 0) 141 pubin = 1;
154 { 142 pubout = 1;
155 pubin=1; 143 pubtext = 1;
156 pubout=1; 144 } else if (strcmp(*args, "-pubout") == 0)
157 pubtext=1; 145 pubout = 1;
158 } 146 else if (strcmp(*args, "-text_pub") == 0) {
159 else if (strcmp(*args,"-pubout") == 0) 147 pubtext = 1;
160 pubout=1; 148 text = 1;
161 else if (strcmp(*args,"-text_pub") == 0) 149 } else if (strcmp(*args, "-text") == 0)
162 { 150 text = 1;
163 pubtext=1; 151 else if (strcmp(*args, "-noout") == 0)
164 text=1; 152 noout = 1;
165 } 153 else {
166 else if (strcmp(*args,"-text") == 0)
167 text=1;
168 else if (strcmp(*args,"-noout") == 0)
169 noout=1;
170 else
171 {
172 cipher = EVP_get_cipherbyname(*args + 1); 154 cipher = EVP_get_cipherbyname(*args + 1);
173 if (!cipher) 155 if (!cipher) {
174 {
175 BIO_printf(bio_err, "Unknown cipher %s\n", 156 BIO_printf(bio_err, "Unknown cipher %s\n",
176 *args + 1); 157 *args + 1);
177 badarg = 1; 158 badarg = 1;
178 }
179 } 159 }
180 args++;
181 } 160 }
161 args++;
162 }
182 163
183 if (badarg) 164 if (badarg) {
184 { 165bad:
185 bad:
186 BIO_printf(bio_err, "Usage pkey [options]\n"); 166 BIO_printf(bio_err, "Usage pkey [options]\n");
187 BIO_printf(bio_err, "where options are\n"); 167 BIO_printf(bio_err, "where options are\n");
188 BIO_printf(bio_err, "-in file input file\n"); 168 BIO_printf(bio_err, "-in file input file\n");
@@ -195,77 +175,61 @@ int MAIN(int argc, char **argv)
195 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); 175 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
196#endif 176#endif
197 return 1; 177 return 1;
198 } 178 }
199
200#ifndef OPENSSL_NO_ENGINE 179#ifndef OPENSSL_NO_ENGINE
201 e = setup_engine(bio_err, engine, 0); 180 e = setup_engine(bio_err, engine, 0);
202#endif 181#endif
203 182
204 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 183 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
205 {
206 BIO_printf(bio_err, "Error getting passwords\n"); 184 BIO_printf(bio_err, "Error getting passwords\n");
207 goto end; 185 goto end;
208 } 186 }
209 187 if (outfile) {
210 if (outfile) 188 if (!(out = BIO_new_file(outfile, "wb"))) {
211 {
212 if (!(out = BIO_new_file (outfile, "wb")))
213 {
214 BIO_printf(bio_err, 189 BIO_printf(bio_err,
215 "Can't open output file %s\n", outfile); 190 "Can't open output file %s\n", outfile);
216 goto end; 191 goto end;
217 }
218 }
219 else
220 {
221 out = BIO_new_fp (stdout, BIO_NOCLOSE);
222 } 192 }
193 } else {
194 out = BIO_new_fp(stdout, BIO_NOCLOSE);
195 }
223 196
224 if (pubin) 197 if (pubin)
225 pkey = load_pubkey(bio_err, infile, informat, 1, 198 pkey = load_pubkey(bio_err, infile, informat, 1,
226 passin, e, "Public Key"); 199 passin, e, "Public Key");
227 else 200 else
228 pkey = load_key(bio_err, infile, informat, 1, 201 pkey = load_key(bio_err, infile, informat, 1,
229 passin, e, "key"); 202 passin, e, "key");
230 if (!pkey) 203 if (!pkey)
231 goto end; 204 goto end;
232 205
233 if (!noout) 206 if (!noout) {
234 { 207 if (outformat == FORMAT_PEM) {
235 if (outformat == FORMAT_PEM)
236 {
237 if (pubout) 208 if (pubout)
238 PEM_write_bio_PUBKEY(out,pkey); 209 PEM_write_bio_PUBKEY(out, pkey);
239 else 210 else
240 PEM_write_bio_PrivateKey(out, pkey, cipher, 211 PEM_write_bio_PrivateKey(out, pkey, cipher,
241 NULL, 0, NULL, passout); 212 NULL, 0, NULL, passout);
242 } 213 } else if (outformat == FORMAT_ASN1) {
243 else if (outformat == FORMAT_ASN1)
244 {
245 if (pubout) 214 if (pubout)
246 i2d_PUBKEY_bio(out, pkey); 215 i2d_PUBKEY_bio(out, pkey);
247 else 216 else
248 i2d_PrivateKey_bio(out, pkey); 217 i2d_PrivateKey_bio(out, pkey);
249 } 218 } else {
250 else
251 {
252 BIO_printf(bio_err, "Bad format specified for key\n"); 219 BIO_printf(bio_err, "Bad format specified for key\n");
253 goto end; 220 goto end;
254 }
255
256 } 221 }
257 222
258 if (text) 223 }
259 { 224 if (text) {
260 if (pubtext) 225 if (pubtext)
261 EVP_PKEY_print_public(out, pkey, 0, NULL); 226 EVP_PKEY_print_public(out, pkey, 0, NULL);
262 else 227 else
263 EVP_PKEY_print_private(out, pkey, 0, NULL); 228 EVP_PKEY_print_private(out, pkey, 0, NULL);
264 } 229 }
265
266 ret = 0; 230 ret = 0;
267 231
268 end: 232end:
269 EVP_PKEY_free(pkey); 233 EVP_PKEY_free(pkey);
270 BIO_free_all(out); 234 BIO_free_all(out);
271 BIO_free(in); 235 BIO_free(in);
@@ -275,4 +239,4 @@ int MAIN(int argc, char **argv)
275 free(passout); 239 free(passout);
276 240
277 return ret; 241 return ret;
278 } 242}
diff --git a/src/lib/libssl/src/apps/pkeyparam.c b/src/lib/libssl/src/apps/pkeyparam.c
index 6a46c8ac49..06c295dfe8 100644
--- a/src/lib/libssl/src/apps/pkeyparam.c
+++ b/src/lib/libssl/src/apps/pkeyparam.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,20 +66,21 @@
66 66
67int MAIN(int, char **); 67int MAIN(int, char **);
68 68
69int MAIN(int argc, char **argv) 69int
70 { 70MAIN(int argc, char **argv)
71{
71 char **args, *infile = NULL, *outfile = NULL; 72 char **args, *infile = NULL, *outfile = NULL;
72 BIO *in = NULL, *out = NULL; 73 BIO *in = NULL, *out = NULL;
73 int text = 0, noout = 0; 74 int text = 0, noout = 0;
74 EVP_PKEY *pkey=NULL; 75 EVP_PKEY *pkey = NULL;
75 int badarg = 0; 76 int badarg = 0;
76#ifndef OPENSSL_NO_ENGINE 77#ifndef OPENSSL_NO_ENGINE
77 char *engine=NULL; 78 char *engine = NULL;
78#endif 79#endif
79 int ret = 1; 80 int ret = 1;
80 81
81 if (bio_err == NULL) 82 if (bio_err == NULL)
82 bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); 83 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
83 84
84 if (!load_config(bio_err, NULL)) 85 if (!load_config(bio_err, NULL))
85 goto end; 86 goto end;
@@ -87,45 +88,38 @@ int MAIN(int argc, char **argv)
87 ERR_load_crypto_strings(); 88 ERR_load_crypto_strings();
88 OpenSSL_add_all_algorithms(); 89 OpenSSL_add_all_algorithms();
89 args = argv + 1; 90 args = argv + 1;
90 while (!badarg && *args && *args[0] == '-') 91 while (!badarg && *args && *args[0] == '-') {
91 { 92 if (!strcmp(*args, "-in")) {
92 if (!strcmp (*args, "-in")) 93 if (args[1]) {
93 {
94 if (args[1])
95 {
96 args++; 94 args++;
97 infile = *args; 95 infile = *args;
98 } 96 } else
99 else badarg = 1; 97 badarg = 1;
100 } 98 } else if (!strcmp(*args, "-out")) {
101 else if (!strcmp (*args, "-out")) 99 if (args[1]) {
102 {
103 if (args[1])
104 {
105 args++; 100 args++;
106 outfile = *args; 101 outfile = *args;
107 } 102 } else
108 else badarg = 1; 103 badarg = 1;
109 } 104 }
110#ifndef OPENSSL_NO_ENGINE 105#ifndef OPENSSL_NO_ENGINE
111 else if (strcmp(*args,"-engine") == 0) 106 else if (strcmp(*args, "-engine") == 0) {
112 { 107 if (!args[1])
113 if (!args[1]) goto bad; 108 goto bad;
114 engine= *(++args); 109 engine = *(++args);
115 } 110 }
116#endif 111#endif
117 112
118 else if (strcmp(*args,"-text") == 0) 113 else if (strcmp(*args, "-text") == 0)
119 text=1; 114 text = 1;
120 else if (strcmp(*args,"-noout") == 0) 115 else if (strcmp(*args, "-noout") == 0)
121 noout=1; 116 noout = 1;
122 args++; 117 args++;
123 } 118 }
124 119
125 if (badarg) 120 if (badarg) {
126 {
127#ifndef OPENSSL_NO_ENGINE 121#ifndef OPENSSL_NO_ENGINE
128 bad: 122bad:
129#endif 123#endif
130 BIO_printf(bio_err, "Usage pkeyparam [options]\n"); 124 BIO_printf(bio_err, "Usage pkeyparam [options]\n");
131 BIO_printf(bio_err, "where options are\n"); 125 BIO_printf(bio_err, "where options are\n");
@@ -137,58 +131,48 @@ int MAIN(int argc, char **argv)
137 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); 131 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
138#endif 132#endif
139 return 1; 133 return 1;
140 } 134 }
141
142#ifndef OPENSSL_NO_ENGINE 135#ifndef OPENSSL_NO_ENGINE
143 setup_engine(bio_err, engine, 0); 136 setup_engine(bio_err, engine, 0);
144#endif 137#endif
145 138
146 if (infile) 139 if (infile) {
147 { 140 if (!(in = BIO_new_file(infile, "r"))) {
148 if (!(in = BIO_new_file (infile, "r")))
149 {
150 BIO_printf(bio_err, 141 BIO_printf(bio_err,
151 "Can't open input file %s\n", infile); 142 "Can't open input file %s\n", infile);
152 goto end; 143 goto end;
153 }
154 } 144 }
155 else 145 } else
156 in = BIO_new_fp (stdin, BIO_NOCLOSE); 146 in = BIO_new_fp(stdin, BIO_NOCLOSE);
157 147
158 if (outfile) 148 if (outfile) {
159 { 149 if (!(out = BIO_new_file(outfile, "w"))) {
160 if (!(out = BIO_new_file (outfile, "w")))
161 {
162 BIO_printf(bio_err, 150 BIO_printf(bio_err,
163 "Can't open output file %s\n", outfile); 151 "Can't open output file %s\n", outfile);
164 goto end; 152 goto end;
165 }
166 }
167 else
168 {
169 out = BIO_new_fp (stdout, BIO_NOCLOSE);
170 } 153 }
154 } else {
155 out = BIO_new_fp(stdout, BIO_NOCLOSE);
156 }
171 157
172 pkey = PEM_read_bio_Parameters(in, NULL); 158 pkey = PEM_read_bio_Parameters(in, NULL);
173 if (!pkey) 159 if (!pkey) {
174 {
175 BIO_printf(bio_err, "Error reading parameters\n"); 160 BIO_printf(bio_err, "Error reading parameters\n");
176 ERR_print_errors(bio_err); 161 ERR_print_errors(bio_err);
177 goto end; 162 goto end;
178 } 163 }
179
180 if (!noout) 164 if (!noout)
181 PEM_write_bio_Parameters(out,pkey); 165 PEM_write_bio_Parameters(out, pkey);
182 166
183 if (text) 167 if (text)
184 EVP_PKEY_print_params(out, pkey, 0, NULL); 168 EVP_PKEY_print_params(out, pkey, 0, NULL);
185 169
186 ret = 0; 170 ret = 0;
187 171
188 end: 172end:
189 EVP_PKEY_free(pkey); 173 EVP_PKEY_free(pkey);
190 BIO_free_all(out); 174 BIO_free_all(out);
191 BIO_free(in); 175 BIO_free(in);
192 176
193 return ret; 177 return ret;
194 } 178}
diff --git a/src/lib/libssl/src/apps/pkeyutl.c b/src/lib/libssl/src/apps/pkeyutl.c
index 3627839e05..226bb25220 100644
--- a/src/lib/libssl/src/apps/pkeyutl.c
+++ b/src/lib/libssl/src/apps/pkeyutl.c
@@ -9,7 +9,7 @@
9 * are met: 9 * are met:
10 * 10 *
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 13 *
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in 15 * notice, this list of conditions and the following disclaimer in
@@ -72,20 +72,24 @@ static void usage(void);
72 72
73#define PROG pkeyutl_main 73#define PROG pkeyutl_main
74 74
75static EVP_PKEY_CTX *init_ctx(int *pkeysize, 75static EVP_PKEY_CTX *
76 char *keyfile, int keyform, int key_type, 76init_ctx(int *pkeysize,
77 char *passargin, int pkey_op, ENGINE *e); 77 char *keyfile, int keyform, int key_type,
78 char *passargin, int pkey_op, ENGINE * e);
78 79
79static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, 80static int
80 const char *file); 81setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
82 const char *file);
81 83
82static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, 84static int
83 unsigned char *out, size_t *poutlen, 85do_keyop(EVP_PKEY_CTX * ctx, int pkey_op,
84 unsigned char *in, size_t inlen); 86 unsigned char *out, size_t * poutlen,
87 unsigned char *in, size_t inlen);
85 88
86int MAIN(int argc, char **); 89int MAIN(int argc, char **);
87 90
88int MAIN(int argc, char **argv) 91int
92MAIN(int argc, char **argv)
89{ 93{
90 BIO *in = NULL, *out = NULL; 94 BIO *in = NULL, *out = NULL;
91 char *infile = NULL, *outfile = NULL, *sigfile = NULL; 95 char *infile = NULL, *outfile = NULL, *sigfile = NULL;
@@ -107,265 +111,223 @@ int MAIN(int argc, char **argv)
107 argc--; 111 argc--;
108 argv++; 112 argv++;
109 113
110 if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 114 if (!bio_err)
115 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
111 116
112 if (!load_config(bio_err, NULL)) 117 if (!load_config(bio_err, NULL))
113 goto end; 118 goto end;
114 ERR_load_crypto_strings(); 119 ERR_load_crypto_strings();
115 OpenSSL_add_all_algorithms(); 120 OpenSSL_add_all_algorithms();
116 121
117 while(argc >= 1) 122 while (argc >= 1) {
118 { 123 if (!strcmp(*argv, "-in")) {
119 if (!strcmp(*argv,"-in")) 124 if (--argc < 1)
120 { 125 badarg = 1;
121 if (--argc < 1) badarg = 1; 126 else
122 else infile= *(++argv); 127 infile = *(++argv);
123 } 128 } else if (!strcmp(*argv, "-out")) {
124 else if (!strcmp(*argv,"-out"))
125 {
126 if (--argc < 1) badarg = 1;
127 else outfile= *(++argv);
128 }
129 else if (!strcmp(*argv,"-sigfile"))
130 {
131 if (--argc < 1) badarg = 1;
132 else sigfile= *(++argv);
133 }
134 else if(!strcmp(*argv, "-inkey"))
135 {
136 if (--argc < 1) 129 if (--argc < 1)
137 badarg = 1; 130 badarg = 1;
138 else 131 else
139 { 132 outfile = *(++argv);
133 } else if (!strcmp(*argv, "-sigfile")) {
134 if (--argc < 1)
135 badarg = 1;
136 else
137 sigfile = *(++argv);
138 } else if (!strcmp(*argv, "-inkey")) {
139 if (--argc < 1)
140 badarg = 1;
141 else {
140 ctx = init_ctx(&keysize, 142 ctx = init_ctx(&keysize,
141 *(++argv), keyform, key_type, 143 *(++argv), keyform, key_type,
142 passargin, pkey_op, e); 144 passargin, pkey_op, e);
143 if (!ctx) 145 if (!ctx) {
144 {
145 BIO_puts(bio_err, 146 BIO_puts(bio_err,
146 "Error initializing context\n"); 147 "Error initializing context\n");
147 ERR_print_errors(bio_err); 148 ERR_print_errors(bio_err);
148 badarg = 1; 149 badarg = 1;
149 }
150 } 150 }
151 } 151 }
152 else if (!strcmp(*argv,"-peerkey")) 152 } else if (!strcmp(*argv, "-peerkey")) {
153 {
154 if (--argc < 1) 153 if (--argc < 1)
155 badarg = 1; 154 badarg = 1;
156 else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) 155 else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
157 badarg = 1; 156 badarg = 1;
158 } 157 } else if (!strcmp(*argv, "-passin")) {
159 else if (!strcmp(*argv,"-passin")) 158 if (--argc < 1)
160 { 159 badarg = 1;
161 if (--argc < 1) badarg = 1; 160 else
162 else passargin= *(++argv); 161 passargin = *(++argv);
163 } 162 } else if (strcmp(*argv, "-peerform") == 0) {
164 else if (strcmp(*argv,"-peerform") == 0) 163 if (--argc < 1)
165 { 164 badarg = 1;
166 if (--argc < 1) badarg = 1; 165 else
167 else peerform=str2fmt(*(++argv)); 166 peerform = str2fmt(*(++argv));
168 } 167 } else if (strcmp(*argv, "-keyform") == 0) {
169 else if (strcmp(*argv,"-keyform") == 0) 168 if (--argc < 1)
170 { 169 badarg = 1;
171 if (--argc < 1) badarg = 1; 170 else
172 else keyform=str2fmt(*(++argv)); 171 keyform = str2fmt(*(++argv));
173 } 172 }
174#ifndef OPENSSL_NO_ENGINE 173#ifndef OPENSSL_NO_ENGINE
175 else if(!strcmp(*argv, "-engine")) 174 else if (!strcmp(*argv, "-engine")) {
176 {
177 if (--argc < 1) 175 if (--argc < 1)
178 badarg = 1; 176 badarg = 1;
179 else 177 else
180 e = setup_engine(bio_err, *(++argv), 0); 178 e = setup_engine(bio_err, *(++argv), 0);
181 } 179 }
182#endif 180#endif
183 else if(!strcmp(*argv, "-pubin")) 181 else if (!strcmp(*argv, "-pubin"))
184 key_type = KEY_PUBKEY; 182 key_type = KEY_PUBKEY;
185 else if(!strcmp(*argv, "-certin")) 183 else if (!strcmp(*argv, "-certin"))
186 key_type = KEY_CERT; 184 key_type = KEY_CERT;
187 else if(!strcmp(*argv, "-asn1parse")) 185 else if (!strcmp(*argv, "-asn1parse"))
188 asn1parse = 1; 186 asn1parse = 1;
189 else if(!strcmp(*argv, "-hexdump")) 187 else if (!strcmp(*argv, "-hexdump"))
190 hexdump = 1; 188 hexdump = 1;
191 else if(!strcmp(*argv, "-sign")) 189 else if (!strcmp(*argv, "-sign"))
192 pkey_op = EVP_PKEY_OP_SIGN; 190 pkey_op = EVP_PKEY_OP_SIGN;
193 else if(!strcmp(*argv, "-verify")) 191 else if (!strcmp(*argv, "-verify"))
194 pkey_op = EVP_PKEY_OP_VERIFY; 192 pkey_op = EVP_PKEY_OP_VERIFY;
195 else if(!strcmp(*argv, "-verifyrecover")) 193 else if (!strcmp(*argv, "-verifyrecover"))
196 pkey_op = EVP_PKEY_OP_VERIFYRECOVER; 194 pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
197 else if(!strcmp(*argv, "-rev")) 195 else if (!strcmp(*argv, "-rev"))
198 rev = 1; 196 rev = 1;
199 else if(!strcmp(*argv, "-encrypt")) 197 else if (!strcmp(*argv, "-encrypt"))
200 pkey_op = EVP_PKEY_OP_ENCRYPT; 198 pkey_op = EVP_PKEY_OP_ENCRYPT;
201 else if(!strcmp(*argv, "-decrypt")) 199 else if (!strcmp(*argv, "-decrypt"))
202 pkey_op = EVP_PKEY_OP_DECRYPT; 200 pkey_op = EVP_PKEY_OP_DECRYPT;
203 else if(!strcmp(*argv, "-derive")) 201 else if (!strcmp(*argv, "-derive"))
204 pkey_op = EVP_PKEY_OP_DERIVE; 202 pkey_op = EVP_PKEY_OP_DERIVE;
205 else if (strcmp(*argv,"-pkeyopt") == 0) 203 else if (strcmp(*argv, "-pkeyopt") == 0) {
206 {
207 if (--argc < 1) 204 if (--argc < 1)
208 badarg = 1; 205 badarg = 1;
209 else if (!ctx) 206 else if (!ctx) {
210 {
211 BIO_puts(bio_err, 207 BIO_puts(bio_err,
212 "-pkeyopt command before -inkey\n"); 208 "-pkeyopt command before -inkey\n");
213 badarg = 1; 209 badarg = 1;
214 } 210 } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
215 else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
216 {
217 BIO_puts(bio_err, "parameter setting error\n"); 211 BIO_puts(bio_err, "parameter setting error\n");
218 ERR_print_errors(bio_err); 212 ERR_print_errors(bio_err);
219 goto end; 213 goto end;
220 }
221 } 214 }
222 else badarg = 1; 215 } else
223 if(badarg) 216 badarg = 1;
224 { 217 if (badarg) {
225 usage(); 218 usage();
226 goto end; 219 goto end;
227 } 220 }
228 argc--; 221 argc--;
229 argv++; 222 argv++;
230 } 223 }
231 224
232 if (!ctx) 225 if (!ctx) {
233 {
234 usage(); 226 usage();
235 goto end; 227 goto end;
236 } 228 }
237 229 if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
238 if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
239 {
240 BIO_puts(bio_err, "Signature file specified for non verify\n"); 230 BIO_puts(bio_err, "Signature file specified for non verify\n");
241 goto end; 231 goto end;
242 } 232 }
243 233 if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
244 if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
245 {
246 BIO_puts(bio_err, "No signature file specified for verify\n"); 234 BIO_puts(bio_err, "No signature file specified for verify\n");
247 goto end; 235 goto end;
248 } 236 }
249
250/* FIXME: seed PRNG only if needed */ 237/* FIXME: seed PRNG only if needed */
251 app_RAND_load_file(NULL, bio_err, 0); 238 app_RAND_load_file(NULL, bio_err, 0);
252 239
253 if (pkey_op != EVP_PKEY_OP_DERIVE) 240 if (pkey_op != EVP_PKEY_OP_DERIVE) {
254 { 241 if (infile) {
255 if(infile) 242 if (!(in = BIO_new_file(infile, "rb"))) {
256 {
257 if(!(in = BIO_new_file(infile, "rb")))
258 {
259 BIO_puts(bio_err, 243 BIO_puts(bio_err,
260 "Error Opening Input File\n"); 244 "Error Opening Input File\n");
261 ERR_print_errors(bio_err); 245 ERR_print_errors(bio_err);
262 goto end; 246 goto end;
263 }
264 } 247 }
265 else 248 } else
266 in = BIO_new_fp(stdin, BIO_NOCLOSE); 249 in = BIO_new_fp(stdin, BIO_NOCLOSE);
267 } 250 }
268 251 if (outfile) {
269 if(outfile) 252 if (!(out = BIO_new_file(outfile, "wb"))) {
270 {
271 if(!(out = BIO_new_file(outfile, "wb")))
272 {
273 BIO_printf(bio_err, "Error Creating Output File\n"); 253 BIO_printf(bio_err, "Error Creating Output File\n");
274 ERR_print_errors(bio_err); 254 ERR_print_errors(bio_err);
275 goto end; 255 goto end;
276 }
277 } 256 }
278 else 257 } else {
279 {
280 out = BIO_new_fp(stdout, BIO_NOCLOSE); 258 out = BIO_new_fp(stdout, BIO_NOCLOSE);
281 } 259 }
282 260
283 if (sigfile) 261 if (sigfile) {
284 {
285 BIO *sigbio = BIO_new_file(sigfile, "rb"); 262 BIO *sigbio = BIO_new_file(sigfile, "rb");
286 if (!sigbio) 263 if (!sigbio) {
287 {
288 BIO_printf(bio_err, "Can't open signature file %s\n", 264 BIO_printf(bio_err, "Can't open signature file %s\n",
289 sigfile); 265 sigfile);
290 goto end; 266 goto end;
291 } 267 }
292 siglen = bio_to_mem(&sig, keysize * 10, sigbio); 268 siglen = bio_to_mem(&sig, keysize * 10, sigbio);
293 BIO_free(sigbio); 269 BIO_free(sigbio);
294 if (siglen <= 0) 270 if (siglen <= 0) {
295 {
296 BIO_printf(bio_err, "Error reading signature data\n"); 271 BIO_printf(bio_err, "Error reading signature data\n");
297 goto end; 272 goto end;
298 }
299 } 273 }
300 274 }
301 if (in) 275 if (in) {
302 {
303 /* Read the input data */ 276 /* Read the input data */
304 buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); 277 buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
305 if(buf_inlen <= 0) 278 if (buf_inlen <= 0) {
306 {
307 BIO_printf(bio_err, "Error reading input Data\n"); 279 BIO_printf(bio_err, "Error reading input Data\n");
308 exit(1); 280 exit(1);
309 } 281 }
310 if(rev) 282 if (rev) {
311 {
312 size_t i; 283 size_t i;
313 unsigned char ctmp; 284 unsigned char ctmp;
314 size_t l = (size_t)buf_inlen; 285 size_t l = (size_t) buf_inlen;
315 for(i = 0; i < l/2; i++) 286 for (i = 0; i < l / 2; i++) {
316 {
317 ctmp = buf_in[i]; 287 ctmp = buf_in[i];
318 buf_in[i] = buf_in[l - 1 - i]; 288 buf_in[i] = buf_in[l - 1 - i];
319 buf_in[l - 1 - i] = ctmp; 289 buf_in[l - 1 - i] = ctmp;
320 }
321 } 290 }
322 } 291 }
323 292 }
324 if(pkey_op == EVP_PKEY_OP_VERIFY) 293 if (pkey_op == EVP_PKEY_OP_VERIFY) {
325 { 294 rv = EVP_PKEY_verify(ctx, sig, (size_t) siglen,
326 rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, 295 buf_in, (size_t) buf_inlen);
327 buf_in, (size_t)buf_inlen);
328 if (rv == 0) 296 if (rv == 0)
329 BIO_puts(out, "Signature Verification Failure\n"); 297 BIO_puts(out, "Signature Verification Failure\n");
330 else if (rv == 1) 298 else if (rv == 1)
331 BIO_puts(out, "Signature Verified Successfully\n"); 299 BIO_puts(out, "Signature Verified Successfully\n");
332 if (rv >= 0) 300 if (rv >= 0)
333 goto end; 301 goto end;
334 } 302 } else {
335 else 303 rv = do_keyop(ctx, pkey_op, NULL, (size_t *) & buf_outlen,
336 { 304 buf_in, (size_t) buf_inlen);
337 rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, 305 if (rv > 0) {
338 buf_in, (size_t)buf_inlen);
339 if (rv > 0)
340 {
341 buf_out = malloc(buf_outlen); 306 buf_out = malloc(buf_outlen);
342 if (!buf_out) 307 if (!buf_out)
343 rv = -1; 308 rv = -1;
344 else 309 else
345 rv = do_keyop(ctx, pkey_op, 310 rv = do_keyop(ctx, pkey_op,
346 buf_out, (size_t *)&buf_outlen, 311 buf_out, (size_t *) & buf_outlen,
347 buf_in, (size_t)buf_inlen); 312 buf_in, (size_t) buf_inlen);
348 }
349 } 313 }
314 }
350 315
351 if(rv <= 0) 316 if (rv <= 0) {
352 {
353 BIO_printf(bio_err, "Public Key operation error\n"); 317 BIO_printf(bio_err, "Public Key operation error\n");
354 ERR_print_errors(bio_err); 318 ERR_print_errors(bio_err);
355 goto end; 319 goto end;
356 } 320 }
357 ret = 0; 321 ret = 0;
358 if(asn1parse) 322 if (asn1parse) {
359 { 323 if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
360 if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
361 ERR_print_errors(bio_err); 324 ERR_print_errors(bio_err);
362 } 325 } else if (hexdump)
363 else if(hexdump) 326 BIO_dump(out, (char *) buf_out, buf_outlen);
364 BIO_dump(out, (char *)buf_out, buf_outlen);
365 else 327 else
366 BIO_write(out, buf_out, buf_outlen); 328 BIO_write(out, buf_out, buf_outlen);
367 329
368 end: 330end:
369 if (ctx) 331 if (ctx)
370 EVP_PKEY_CTX_free(ctx); 332 EVP_PKEY_CTX_free(ctx);
371 BIO_free(in); 333 BIO_free(in);
@@ -379,7 +341,8 @@ int MAIN(int argc, char **argv)
379 return ret; 341 return ret;
380} 342}
381 343
382static void usage() 344static void
345usage()
383{ 346{
384 BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); 347 BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
385 BIO_printf(bio_err, "-in file input file\n"); 348 BIO_printf(bio_err, "-in file input file\n");
@@ -404,50 +367,47 @@ static void usage()
404 367
405} 368}
406 369
407static EVP_PKEY_CTX *init_ctx(int *pkeysize, 370static EVP_PKEY_CTX *
408 char *keyfile, int keyform, int key_type, 371init_ctx(int *pkeysize,
409 char *passargin, int pkey_op, ENGINE *e) 372 char *keyfile, int keyform, int key_type,
410 { 373 char *passargin, int pkey_op, ENGINE * e)
374{
411 EVP_PKEY *pkey = NULL; 375 EVP_PKEY *pkey = NULL;
412 EVP_PKEY_CTX *ctx = NULL; 376 EVP_PKEY_CTX *ctx = NULL;
413 char *passin = NULL; 377 char *passin = NULL;
414 int rv = -1; 378 int rv = -1;
415 X509 *x; 379 X509 *x;
416 if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 380 if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
417 || (pkey_op == EVP_PKEY_OP_DERIVE)) 381 || (pkey_op == EVP_PKEY_OP_DERIVE))
418 && (key_type != KEY_PRIVKEY)) 382 && (key_type != KEY_PRIVKEY)) {
419 {
420 BIO_printf(bio_err, "A private key is needed for this operation\n"); 383 BIO_printf(bio_err, "A private key is needed for this operation\n");
421 goto end; 384 goto end;
422 } 385 }
423 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 386 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
424 {
425 BIO_printf(bio_err, "Error getting password\n"); 387 BIO_printf(bio_err, "Error getting password\n");
426 goto end; 388 goto end;
427 } 389 }
428 switch(key_type) 390 switch (key_type) {
429 { 391 case KEY_PRIVKEY:
430 case KEY_PRIVKEY:
431 pkey = load_key(bio_err, keyfile, keyform, 0, 392 pkey = load_key(bio_err, keyfile, keyform, 0,
432 passin, e, "Private Key"); 393 passin, e, "Private Key");
433 break; 394 break;
434 395
435 case KEY_PUBKEY: 396 case KEY_PUBKEY:
436 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 397 pkey = load_pubkey(bio_err, keyfile, keyform, 0,
437 NULL, e, "Public Key"); 398 NULL, e, "Public Key");
438 break; 399 break;
439 400
440 case KEY_CERT: 401 case KEY_CERT:
441 x = load_cert(bio_err, keyfile, keyform, 402 x = load_cert(bio_err, keyfile, keyform,
442 NULL, e, "Certificate"); 403 NULL, e, "Certificate");
443 if(x) 404 if (x) {
444 {
445 pkey = X509_get_pubkey(x); 405 pkey = X509_get_pubkey(x);
446 X509_free(x); 406 X509_free(x);
447 } 407 }
448 break; 408 break;
449 409
450 } 410 }
451 411
452 *pkeysize = EVP_PKEY_size(pkey); 412 *pkeysize = EVP_PKEY_size(pkey);
453 413
@@ -461,40 +421,37 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
461 if (!ctx) 421 if (!ctx)
462 goto end; 422 goto end;
463 423
464 switch(pkey_op) 424 switch (pkey_op) {
465 { 425 case EVP_PKEY_OP_SIGN:
466 case EVP_PKEY_OP_SIGN:
467 rv = EVP_PKEY_sign_init(ctx); 426 rv = EVP_PKEY_sign_init(ctx);
468 break; 427 break;
469 428
470 case EVP_PKEY_OP_VERIFY: 429 case EVP_PKEY_OP_VERIFY:
471 rv = EVP_PKEY_verify_init(ctx); 430 rv = EVP_PKEY_verify_init(ctx);
472 break; 431 break;
473 432
474 case EVP_PKEY_OP_VERIFYRECOVER: 433 case EVP_PKEY_OP_VERIFYRECOVER:
475 rv = EVP_PKEY_verify_recover_init(ctx); 434 rv = EVP_PKEY_verify_recover_init(ctx);
476 break; 435 break;
477 436
478 case EVP_PKEY_OP_ENCRYPT: 437 case EVP_PKEY_OP_ENCRYPT:
479 rv = EVP_PKEY_encrypt_init(ctx); 438 rv = EVP_PKEY_encrypt_init(ctx);
480 break; 439 break;
481 440
482 case EVP_PKEY_OP_DECRYPT: 441 case EVP_PKEY_OP_DECRYPT:
483 rv = EVP_PKEY_decrypt_init(ctx); 442 rv = EVP_PKEY_decrypt_init(ctx);
484 break; 443 break;
485 444
486 case EVP_PKEY_OP_DERIVE: 445 case EVP_PKEY_OP_DERIVE:
487 rv = EVP_PKEY_derive_init(ctx); 446 rv = EVP_PKEY_derive_init(ctx);
488 break; 447 break;
489 } 448 }
490 449
491 if (rv <= 0) 450 if (rv <= 0) {
492 {
493 EVP_PKEY_CTX_free(ctx); 451 EVP_PKEY_CTX_free(ctx);
494 ctx = NULL; 452 ctx = NULL;
495 } 453 }
496 454end:
497 end:
498 455
499 if (passin) 456 if (passin)
500 free(passin); 457 free(passin);
@@ -502,63 +459,60 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
502 return ctx; 459 return ctx;
503 460
504 461
505 } 462}
506 463
507static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, 464static int
508 const char *file) 465setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
509 { 466 const char *file)
467{
510 EVP_PKEY *peer = NULL; 468 EVP_PKEY *peer = NULL;
511 int ret; 469 int ret;
512 if (!ctx) 470 if (!ctx) {
513 {
514 BIO_puts(err, "-peerkey command before -inkey\n"); 471 BIO_puts(err, "-peerkey command before -inkey\n");
515 return 0; 472 return 0;
516 } 473 }
517
518 peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); 474 peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
519 475
520 if (!peer) 476 if (!peer) {
521 {
522 BIO_printf(bio_err, "Error reading peer key %s\n", file); 477 BIO_printf(bio_err, "Error reading peer key %s\n", file);
523 ERR_print_errors(err); 478 ERR_print_errors(err);
524 return 0; 479 return 0;
525 } 480 }
526
527 ret = EVP_PKEY_derive_set_peer(ctx, peer); 481 ret = EVP_PKEY_derive_set_peer(ctx, peer);
528 482
529 EVP_PKEY_free(peer); 483 EVP_PKEY_free(peer);
530 if (ret <= 0) 484 if (ret <= 0)
531 ERR_print_errors(err); 485 ERR_print_errors(err);
532 return ret; 486 return ret;
533 } 487}
534 488
535static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, 489static int
536 unsigned char *out, size_t *poutlen, 490do_keyop(EVP_PKEY_CTX * ctx, int pkey_op,
537 unsigned char *in, size_t inlen) 491 unsigned char *out, size_t * poutlen,
538 { 492 unsigned char *in, size_t inlen)
493{
539 int rv = 0; 494 int rv = 0;
540 switch(pkey_op) 495 switch (pkey_op) {
541 { 496 case EVP_PKEY_OP_VERIFYRECOVER:
542 case EVP_PKEY_OP_VERIFYRECOVER: 497 rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
543 rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
544 break; 498 break;
545 499
546 case EVP_PKEY_OP_SIGN: 500 case EVP_PKEY_OP_SIGN:
547 rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); 501 rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
548 break; 502 break;
549 503
550 case EVP_PKEY_OP_ENCRYPT: 504 case EVP_PKEY_OP_ENCRYPT:
551 rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); 505 rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
552 break; 506 break;
553 507
554 case EVP_PKEY_OP_DECRYPT: 508 case EVP_PKEY_OP_DECRYPT:
555 rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); 509 rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
556 break; 510 break;
557 511
558 case EVP_PKEY_OP_DERIVE: 512 case EVP_PKEY_OP_DERIVE:
559 rv = EVP_PKEY_derive(ctx, out, poutlen); 513 rv = EVP_PKEY_derive(ctx, out, poutlen);
560 break; 514 break;
561 515
562 }
563 return rv;
564 } 516 }
517 return rv;
518}
diff --git a/src/lib/libssl/src/apps/prime.c b/src/lib/libssl/src/apps/prime.c
index 690f03ef32..4bd53a69bf 100644
--- a/src/lib/libssl/src/apps/prime.c
+++ b/src/lib/libssl/src/apps/prime.c
@@ -6,7 +6,7 @@
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 10 *
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in 12 * notice, this list of conditions and the following disclaimer in
@@ -58,97 +58,88 @@
58 58
59int MAIN(int, char **); 59int MAIN(int, char **);
60 60
61int MAIN(int argc, char **argv) 61int
62 { 62MAIN(int argc, char **argv)
63 int hex=0; 63{
64 int checks=20; 64 int hex = 0;
65 int generate=0; 65 int checks = 20;
66 int bits=0; 66 int generate = 0;
67 int safe=0; 67 int bits = 0;
68 BIGNUM *bn=NULL; 68 int safe = 0;
69 BIO *bio_out; 69 BIGNUM *bn = NULL;
70 BIO *bio_out;
70 71
71 apps_startup(); 72 apps_startup();
72 73
73 if (bio_err == NULL) 74 if (bio_err == NULL)
74 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 75 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
75 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 76 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
76 77
77 --argc;
78 ++argv;
79 while (argc >= 1 && **argv == '-')
80 {
81 if(!strcmp(*argv,"-hex"))
82 hex=1;
83 else if(!strcmp(*argv,"-generate"))
84 generate=1;
85 else if(!strcmp(*argv,"-bits"))
86 if(--argc < 1)
87 goto bad;
88 else
89 bits=atoi(*++argv);
90 else if(!strcmp(*argv,"-safe"))
91 safe=1;
92 else if(!strcmp(*argv,"-checks"))
93 if(--argc < 1)
94 goto bad;
95 else
96 checks=atoi(*++argv);
97 else
98 {
99 BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
100 goto bad;
101 }
102 --argc; 78 --argc;
103 ++argv; 79 ++argv;
80 while (argc >= 1 && **argv == '-') {
81 if (!strcmp(*argv, "-hex"))
82 hex = 1;
83 else if (!strcmp(*argv, "-generate"))
84 generate = 1;
85 else if (!strcmp(*argv, "-bits"))
86 if (--argc < 1)
87 goto bad;
88 else
89 bits = atoi(*++argv);
90 else if (!strcmp(*argv, "-safe"))
91 safe = 1;
92 else if (!strcmp(*argv, "-checks"))
93 if (--argc < 1)
94 goto bad;
95 else
96 checks = atoi(*++argv);
97 else {
98 BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
99 goto bad;
100 }
101 --argc;
102 ++argv;
104 } 103 }
105 104
106 if (argv[0] == NULL && !generate) 105 if (argv[0] == NULL && !generate) {
107 { 106 BIO_printf(bio_err, "No prime specified\n");
108 BIO_printf(bio_err,"No prime specified\n"); 107 goto bad;
109 goto bad;
110 }
111
112 if ((bio_out=BIO_new(BIO_s_file())) != NULL)
113 {
114 BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
115 } 108 }
116 109 if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
117 if(generate) 110 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
118 {
119 char *s;
120
121 if(!bits)
122 {
123 BIO_printf(bio_err,"Specifiy the number of bits.\n");
124 return 1;
125 }
126 bn=BN_new();
127 BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL);
128 s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
129 BIO_printf(bio_out,"%s\n",s);
130 free(s);
131 } 111 }
132 else 112 if (generate) {
133 { 113 char *s;
134 if(hex) 114
135 BN_hex2bn(&bn,argv[0]); 115 if (!bits) {
136 else 116 BIO_printf(bio_err, "Specifiy the number of bits.\n");
137 BN_dec2bn(&bn,argv[0]); 117 return 1;
138 118 }
139 BN_print(bio_out,bn); 119 bn = BN_new();
140 BIO_printf(bio_out," is %sprime\n", 120 BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
141 BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); 121 s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
122 BIO_printf(bio_out, "%s\n", s);
123 free(s);
124 } else {
125 if (hex)
126 BN_hex2bn(&bn, argv[0]);
127 else
128 BN_dec2bn(&bn, argv[0]);
129
130 BN_print(bio_out, bn);
131 BIO_printf(bio_out, " is %sprime\n",
132 BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
142 } 133 }
143 134
144 BN_free(bn); 135 BN_free(bn);
145 BIO_free_all(bio_out); 136 BIO_free_all(bio_out);
146 137
147 return 0; 138 return 0;
148 139
149 bad: 140bad:
150 BIO_printf(bio_err,"options are\n"); 141 BIO_printf(bio_err, "options are\n");
151 BIO_printf(bio_err,"%-14s hex\n","-hex"); 142 BIO_printf(bio_err, "%-14s hex\n", "-hex");
152 BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); 143 BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
153 return 1; 144 return 1;
154 } 145}
diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c
index c01df530ae..443a64d848 100644
--- a/src/lib/libssl/src/apps/rand.c
+++ b/src/lib/libssl/src/apps/rand.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -75,8 +75,9 @@
75 75
76int MAIN(int, char **); 76int MAIN(int, char **);
77 77
78int MAIN(int argc, char **argv) 78int
79 { 79MAIN(int argc, char **argv)
80{
80 int i, r, ret = 1; 81 int i, r, ret = 1;
81 int badopt; 82 int badopt;
82 char *outfile = NULL; 83 char *outfile = NULL;
@@ -86,82 +87,68 @@ int MAIN(int argc, char **argv)
86 BIO *out = NULL; 87 BIO *out = NULL;
87 int num = -1; 88 int num = -1;
88#ifndef OPENSSL_NO_ENGINE 89#ifndef OPENSSL_NO_ENGINE
89 char *engine=NULL; 90 char *engine = NULL;
90#endif 91#endif
91 92
92 apps_startup(); 93 apps_startup();
93 94
94 if (bio_err == NULL) 95 if (bio_err == NULL)
95 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 96 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
96 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 97 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
97 98
98 if (!load_config(bio_err, NULL)) 99 if (!load_config(bio_err, NULL))
99 goto err; 100 goto err;
100 101
101 badopt = 0; 102 badopt = 0;
102 i = 0; 103 i = 0;
103 while (!badopt && argv[++i] != NULL) 104 while (!badopt && argv[++i] != NULL) {
104 { 105 if (strcmp(argv[i], "-out") == 0) {
105 if (strcmp(argv[i], "-out") == 0) 106 if ((argv[i + 1] != NULL) && (outfile == NULL))
106 {
107 if ((argv[i+1] != NULL) && (outfile == NULL))
108 outfile = argv[++i]; 107 outfile = argv[++i];
109 else 108 else
110 badopt = 1; 109 badopt = 1;
111 } 110 }
112#ifndef OPENSSL_NO_ENGINE 111#ifndef OPENSSL_NO_ENGINE
113 else if (strcmp(argv[i], "-engine") == 0) 112 else if (strcmp(argv[i], "-engine") == 0) {
114 { 113 if ((argv[i + 1] != NULL) && (engine == NULL))
115 if ((argv[i+1] != NULL) && (engine == NULL))
116 engine = argv[++i]; 114 engine = argv[++i];
117 else 115 else
118 badopt = 1; 116 badopt = 1;
119 } 117 }
120#endif 118#endif
121 else if (strcmp(argv[i], "-rand") == 0) 119 else if (strcmp(argv[i], "-rand") == 0) {
122 { 120 if ((argv[i + 1] != NULL) && (inrand == NULL))
123 if ((argv[i+1] != NULL) && (inrand == NULL))
124 inrand = argv[++i]; 121 inrand = argv[++i];
125 else 122 else
126 badopt = 1; 123 badopt = 1;
127 } 124 } else if (strcmp(argv[i], "-base64") == 0) {
128 else if (strcmp(argv[i], "-base64") == 0)
129 {
130 if (!base64) 125 if (!base64)
131 base64 = 1; 126 base64 = 1;
132 else 127 else
133 badopt = 1; 128 badopt = 1;
134 } 129 } else if (strcmp(argv[i], "-hex") == 0) {
135 else if (strcmp(argv[i], "-hex") == 0)
136 {
137 if (!hex) 130 if (!hex)
138 hex = 1; 131 hex = 1;
139 else 132 else
140 badopt = 1; 133 badopt = 1;
141 } 134 } else if (isdigit((unsigned char) argv[i][0])) {
142 else if (isdigit((unsigned char)argv[i][0])) 135 if (num < 0) {
143 {
144 if (num < 0)
145 {
146 r = sscanf(argv[i], "%d", &num); 136 r = sscanf(argv[i], "%d", &num);
147 if (r == 0 || num < 0) 137 if (r == 0 || num < 0)
148 badopt = 1; 138 badopt = 1;
149 } 139 } else
150 else
151 badopt = 1; 140 badopt = 1;
152 } 141 } else
153 else
154 badopt = 1; 142 badopt = 1;
155 } 143 }
156 144
157 if (hex && base64) 145 if (hex && base64)
158 badopt = 1; 146 badopt = 1;
159 147
160 if (num < 0) 148 if (num < 0)
161 badopt = 1; 149 badopt = 1;
162 150
163 if (badopt) 151 if (badopt) {
164 {
165 BIO_printf(bio_err, "Usage: rand [options] num\n"); 152 BIO_printf(bio_err, "Usage: rand [options] num\n");
166 BIO_printf(bio_err, "where options are\n"); 153 BIO_printf(bio_err, "where options are\n");
167 BIO_printf(bio_err, "-out file - write to file\n"); 154 BIO_printf(bio_err, "-out file - write to file\n");
@@ -172,68 +159,62 @@ int MAIN(int argc, char **argv)
172 BIO_printf(bio_err, "-base64 - base64 encode output\n"); 159 BIO_printf(bio_err, "-base64 - base64 encode output\n");
173 BIO_printf(bio_err, "-hex - hex encode output\n"); 160 BIO_printf(bio_err, "-hex - hex encode output\n");
174 goto err; 161 goto err;
175 } 162 }
176
177#ifndef OPENSSL_NO_ENGINE 163#ifndef OPENSSL_NO_ENGINE
178 setup_engine(bio_err, engine, 0); 164 setup_engine(bio_err, engine, 0);
179#endif 165#endif
180 166
181 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 167 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
182 if (inrand != NULL) 168 if (inrand != NULL)
183 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 169 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
184 app_RAND_load_files(inrand)); 170 app_RAND_load_files(inrand));
185 171
186 out = BIO_new(BIO_s_file()); 172 out = BIO_new(BIO_s_file());
187 if (out == NULL) 173 if (out == NULL)
188 goto err; 174 goto err;
189 if (outfile != NULL) 175 if (outfile != NULL)
190 r = BIO_write_filename(out, outfile); 176 r = BIO_write_filename(out, outfile);
191 else 177 else {
192 {
193 r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); 178 r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
194 } 179 }
195 if (r <= 0) 180 if (r <= 0)
196 goto err; 181 goto err;
197 182
198 if (base64) 183 if (base64) {
199 {
200 BIO *b64 = BIO_new(BIO_f_base64()); 184 BIO *b64 = BIO_new(BIO_f_base64());
201 if (b64 == NULL) 185 if (b64 == NULL)
202 goto err; 186 goto err;
203 out = BIO_push(b64, out); 187 out = BIO_push(b64, out);
204 } 188 }
205 189 while (num > 0) {
206 while (num > 0)
207 {
208 unsigned char buf[4096]; 190 unsigned char buf[4096];
209 int chunk; 191 int chunk;
210 192
211 chunk = num; 193 chunk = num;
212 if (chunk > (int)sizeof(buf)) 194 if (chunk > (int) sizeof(buf))
213 chunk = sizeof buf; 195 chunk = sizeof buf;
214 r = RAND_bytes(buf, chunk); 196 r = RAND_bytes(buf, chunk);
215 if (r <= 0) 197 if (r <= 0)
216 goto err; 198 goto err;
217 if (!hex) 199 if (!hex)
218 BIO_write(out, buf, chunk); 200 BIO_write(out, buf, chunk);
219 else 201 else {
220 {
221 for (i = 0; i < chunk; i++) 202 for (i = 0; i < chunk; i++)
222 BIO_printf(out, "%02x", buf[i]); 203 BIO_printf(out, "%02x", buf[i]);
223 }
224 num -= chunk;
225 } 204 }
205 num -= chunk;
206 }
226 if (hex) 207 if (hex)
227 BIO_puts(out, "\n"); 208 BIO_puts(out, "\n");
228 (void)BIO_flush(out); 209 (void) BIO_flush(out);
229 210
230 app_RAND_write_file(NULL, bio_err); 211 app_RAND_write_file(NULL, bio_err);
231 ret = 0; 212 ret = 0;
232 213
233err: 214err:
234 ERR_print_errors(bio_err); 215 ERR_print_errors(bio_err);
235 if (out) 216 if (out)
236 BIO_free_all(out); 217 BIO_free_all(out);
237 apps_shutdown(); 218 apps_shutdown();
238 return(ret); 219 return (ret);
239 } 220}
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index d28a1f3258..923837c4f9 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -125,706 +125,617 @@
125 * require. This format is wrong 125 * require. This format is wrong
126 */ 126 */
127 127
128static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, 128static int
129 int attribs,unsigned long chtype); 129make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *dn, int mutlirdn,
130static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, 130 int attribs, unsigned long chtype);
131 int multirdn); 131static int
132static int prompt_info(X509_REQ *req, 132build_subject(X509_REQ * req, char *subj, unsigned long chtype,
133 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, 133 int multirdn);
134 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, 134static int
135 unsigned long chtype); 135prompt_info(X509_REQ * req,
136static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, 136 STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect,
137 STACK_OF(CONF_VALUE) *attr, int attribs, 137 STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs,
138 unsigned long chtype); 138 unsigned long chtype);
139static int add_attribute_object(X509_REQ *req, char *text, const char *def, 139 static int auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * sk,
140 char *value, int nid, int n_min, 140 STACK_OF(CONF_VALUE) * attr, int attribs,
141 int n_max, unsigned long chtype); 141 unsigned long chtype);
142static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, 142 static int add_attribute_object(X509_REQ * req, char *text, const char *def,
143 int nid,int n_min,int n_max, unsigned long chtype, int mval); 143 char *value, int nid, int n_min,
144static int genpkey_cb(EVP_PKEY_CTX *ctx); 144 int n_max, unsigned long chtype);
145static int req_check_len(int len,int n_min,int n_max); 145 static int add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
146static int check_end(const char *str, const char *end); 146 int nid, int n_min, int n_max, unsigned long chtype, int mval);
147static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, 147 static int genpkey_cb(EVP_PKEY_CTX * ctx);
148 long *pkeylen, char **palgnam, 148 static int req_check_len(int len, int n_min, int n_max);
149 ENGINE *keygen_engine); 149 static int check_end(const char *str, const char *end);
150static CONF *req_conf=NULL; 150 static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
151static int batch=0; 151 long *pkeylen, char **palgnam,
152 152 ENGINE * keygen_engine);
153int MAIN(int, char **); 153 static CONF *req_conf = NULL;
154 154 static int batch = 0;
155int MAIN(int argc, char **argv) 155
156 { 156 int MAIN(int, char **);
157
158 int MAIN(int argc, char **argv)
159{
157 ENGINE *e = NULL, *gen_eng = NULL; 160 ENGINE *e = NULL, *gen_eng = NULL;
158 unsigned long nmflag = 0, reqflag = 0; 161 unsigned long nmflag = 0, reqflag = 0;
159 int ex=1,x509=0,days=30; 162 int ex = 1, x509 = 0, days = 30;
160 X509 *x509ss=NULL; 163 X509 *x509ss = NULL;
161 X509_REQ *req=NULL; 164 X509_REQ *req = NULL;
162 EVP_PKEY_CTX *genctx = NULL; 165 EVP_PKEY_CTX *genctx = NULL;
163 const char *keyalg = NULL; 166 const char *keyalg = NULL;
164 char *keyalgstr = NULL; 167 char *keyalgstr = NULL;
165 STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL; 168 STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL;
166 EVP_PKEY *pkey=NULL; 169 EVP_PKEY *pkey = NULL;
167 int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; 170 int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
168 long newkey = -1; 171 long newkey = -1;
169 BIO *in=NULL,*out=NULL; 172 BIO *in = NULL, *out = NULL;
170 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 173 int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM;
171 int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; 174 int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
172 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 175 char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
176 *keyout = NULL;
173#ifndef OPENSSL_NO_ENGINE 177#ifndef OPENSSL_NO_ENGINE
174 char *engine=NULL; 178 char *engine = NULL;
175#endif 179#endif
176 char *extensions = NULL; 180 char *extensions = NULL;
177 char *req_exts = NULL; 181 char *req_exts = NULL;
178 const EVP_CIPHER *cipher=NULL; 182 const EVP_CIPHER *cipher = NULL;
179 ASN1_INTEGER *serial = NULL; 183 ASN1_INTEGER *serial = NULL;
180 int modulus=0; 184 int modulus = 0;
181 char *inrand=NULL; 185 char *inrand = NULL;
182 char *passargin = NULL, *passargout = NULL; 186 char *passargin = NULL, *passargout = NULL;
183 char *passin = NULL, *passout = NULL; 187 char *passin = NULL, *passout = NULL;
184 char *p; 188 char *p;
185 char *subj = NULL; 189 char *subj = NULL;
186 int multirdn = 0; 190 int multirdn = 0;
187 const EVP_MD *md_alg=NULL,*digest=NULL; 191 const EVP_MD *md_alg = NULL, *digest = NULL;
188 unsigned long chtype = MBSTRING_ASC; 192 unsigned long chtype = MBSTRING_ASC;
189 193
190 req_conf = NULL; 194 req_conf = NULL;
191#ifndef OPENSSL_NO_DES 195#ifndef OPENSSL_NO_DES
192 cipher=EVP_des_ede3_cbc(); 196 cipher = EVP_des_ede3_cbc();
193#endif 197#endif
194 apps_startup(); 198 apps_startup();
195 199
196 if (bio_err == NULL) 200 if (bio_err == NULL)
197 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 201 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
198 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 202 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
199 203
200 infile=NULL; 204 infile = NULL;
201 outfile=NULL; 205 outfile = NULL;
202 informat=FORMAT_PEM; 206 informat = FORMAT_PEM;
203 outformat=FORMAT_PEM; 207 outformat = FORMAT_PEM;
204 208
205 prog=argv[0]; 209 prog = argv[0];
206 argc--; 210 argc--;
207 argv++; 211 argv++;
208 while (argc >= 1) 212 while (argc >= 1) {
209 { 213 if (strcmp(*argv, "-inform") == 0) {
210 if (strcmp(*argv,"-inform") == 0) 214 if (--argc < 1)
211 { 215 goto bad;
212 if (--argc < 1) goto bad; 216 informat = str2fmt(*(++argv));
213 informat=str2fmt(*(++argv)); 217 } else if (strcmp(*argv, "-outform") == 0) {
214 } 218 if (--argc < 1)
215 else if (strcmp(*argv,"-outform") == 0) 219 goto bad;
216 { 220 outformat = str2fmt(*(++argv));
217 if (--argc < 1) goto bad; 221 }
218 outformat=str2fmt(*(++argv));
219 }
220#ifndef OPENSSL_NO_ENGINE 222#ifndef OPENSSL_NO_ENGINE
221 else if (strcmp(*argv,"-engine") == 0) 223 else if (strcmp(*argv, "-engine") == 0) {
222 { 224 if (--argc < 1)
223 if (--argc < 1) goto bad; 225 goto bad;
224 engine= *(++argv); 226 engine = *(++argv);
225 } 227 } else if (strcmp(*argv, "-keygen_engine") == 0) {
226 else if (strcmp(*argv,"-keygen_engine") == 0) 228 if (--argc < 1)
227 { 229 goto bad;
228 if (--argc < 1) goto bad;
229 gen_eng = ENGINE_by_id(*(++argv)); 230 gen_eng = ENGINE_by_id(*(++argv));
230 if (gen_eng == NULL) 231 if (gen_eng == NULL) {
231 {
232 BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); 232 BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
233 goto end; 233 goto end;
234 }
235 } 234 }
235 }
236#endif 236#endif
237 else if (strcmp(*argv,"-key") == 0) 237 else if (strcmp(*argv, "-key") == 0) {
238 { 238 if (--argc < 1)
239 if (--argc < 1) goto bad; 239 goto bad;
240 keyfile= *(++argv); 240 keyfile = *(++argv);
241 } 241 } else if (strcmp(*argv, "-pubkey") == 0) {
242 else if (strcmp(*argv,"-pubkey") == 0) 242 pubkey = 1;
243 { 243 } else if (strcmp(*argv, "-new") == 0) {
244 pubkey=1; 244 newreq = 1;
245 } 245 } else if (strcmp(*argv, "-config") == 0) {
246 else if (strcmp(*argv,"-new") == 0) 246 if (--argc < 1)
247 { 247 goto bad;
248 newreq=1; 248 template = *(++argv);
249 } 249 } else if (strcmp(*argv, "-keyform") == 0) {
250 else if (strcmp(*argv,"-config") == 0) 250 if (--argc < 1)
251 { 251 goto bad;
252 if (--argc < 1) goto bad; 252 keyform = str2fmt(*(++argv));
253 template= *(++argv); 253 } else if (strcmp(*argv, "-in") == 0) {
254 } 254 if (--argc < 1)
255 else if (strcmp(*argv,"-keyform") == 0) 255 goto bad;
256 { 256 infile = *(++argv);
257 if (--argc < 1) goto bad; 257 } else if (strcmp(*argv, "-out") == 0) {
258 keyform=str2fmt(*(++argv)); 258 if (--argc < 1)
259 } 259 goto bad;
260 else if (strcmp(*argv,"-in") == 0) 260 outfile = *(++argv);
261 { 261 } else if (strcmp(*argv, "-keyout") == 0) {
262 if (--argc < 1) goto bad; 262 if (--argc < 1)
263 infile= *(++argv); 263 goto bad;
264 } 264 keyout = *(++argv);
265 else if (strcmp(*argv,"-out") == 0) 265 } else if (strcmp(*argv, "-passin") == 0) {
266 { 266 if (--argc < 1)
267 if (--argc < 1) goto bad; 267 goto bad;
268 outfile= *(++argv); 268 passargin = *(++argv);
269 } 269 } else if (strcmp(*argv, "-passout") == 0) {
270 else if (strcmp(*argv,"-keyout") == 0) 270 if (--argc < 1)
271 { 271 goto bad;
272 if (--argc < 1) goto bad; 272 passargout = *(++argv);
273 keyout= *(++argv); 273 } else if (strcmp(*argv, "-rand") == 0) {
274 } 274 if (--argc < 1)
275 else if (strcmp(*argv,"-passin") == 0) 275 goto bad;
276 { 276 inrand = *(++argv);
277 if (--argc < 1) goto bad; 277 } else if (strcmp(*argv, "-newkey") == 0) {
278 passargin= *(++argv);
279 }
280 else if (strcmp(*argv,"-passout") == 0)
281 {
282 if (--argc < 1) goto bad;
283 passargout= *(++argv);
284 }
285 else if (strcmp(*argv,"-rand") == 0)
286 {
287 if (--argc < 1) goto bad;
288 inrand= *(++argv);
289 }
290 else if (strcmp(*argv,"-newkey") == 0)
291 {
292 if (--argc < 1) 278 if (--argc < 1)
293 goto bad; 279 goto bad;
294 keyalg = *(++argv); 280 keyalg = *(++argv);
295 newreq=1; 281 newreq = 1;
296 } 282 } else if (strcmp(*argv, "-pkeyopt") == 0) {
297 else if (strcmp(*argv,"-pkeyopt") == 0)
298 {
299 if (--argc < 1) 283 if (--argc < 1)
300 goto bad; 284 goto bad;
301 if (!pkeyopts) 285 if (!pkeyopts)
302 pkeyopts = sk_OPENSSL_STRING_new_null(); 286 pkeyopts = sk_OPENSSL_STRING_new_null();
303 if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv))) 287 if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
304 goto bad; 288 goto bad;
305 } 289 } else if (strcmp(*argv, "-sigopt") == 0) {
306 else if (strcmp(*argv,"-sigopt") == 0)
307 {
308 if (--argc < 1) 290 if (--argc < 1)
309 goto bad; 291 goto bad;
310 if (!sigopts) 292 if (!sigopts)
311 sigopts = sk_OPENSSL_STRING_new_null(); 293 sigopts = sk_OPENSSL_STRING_new_null();
312 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) 294 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
313 goto bad; 295 goto bad;
314 } 296 } else if (strcmp(*argv, "-batch") == 0)
315 else if (strcmp(*argv,"-batch") == 0) 297 batch = 1;
316 batch=1; 298 else if (strcmp(*argv, "-newhdr") == 0)
317 else if (strcmp(*argv,"-newhdr") == 0) 299 newhdr = 1;
318 newhdr=1; 300 else if (strcmp(*argv, "-modulus") == 0)
319 else if (strcmp(*argv,"-modulus") == 0) 301 modulus = 1;
320 modulus=1; 302 else if (strcmp(*argv, "-verify") == 0)
321 else if (strcmp(*argv,"-verify") == 0) 303 verify = 1;
322 verify=1; 304 else if (strcmp(*argv, "-nodes") == 0)
323 else if (strcmp(*argv,"-nodes") == 0) 305 nodes = 1;
324 nodes=1; 306 else if (strcmp(*argv, "-noout") == 0)
325 else if (strcmp(*argv,"-noout") == 0) 307 noout = 1;
326 noout=1; 308 else if (strcmp(*argv, "-verbose") == 0)
327 else if (strcmp(*argv,"-verbose") == 0) 309 verbose = 1;
328 verbose=1; 310 else if (strcmp(*argv, "-utf8") == 0)
329 else if (strcmp(*argv,"-utf8") == 0)
330 chtype = MBSTRING_UTF8; 311 chtype = MBSTRING_UTF8;
331 else if (strcmp(*argv,"-nameopt") == 0) 312 else if (strcmp(*argv, "-nameopt") == 0) {
332 { 313 if (--argc < 1)
333 if (--argc < 1) goto bad; 314 goto bad;
334 if (!set_name_ex(&nmflag, *(++argv))) goto bad; 315 if (!set_name_ex(&nmflag, *(++argv)))
335 } 316 goto bad;
336 else if (strcmp(*argv,"-reqopt") == 0) 317 } else if (strcmp(*argv, "-reqopt") == 0) {
337 { 318 if (--argc < 1)
338 if (--argc < 1) goto bad; 319 goto bad;
339 if (!set_cert_ex(&reqflag, *(++argv))) goto bad; 320 if (!set_cert_ex(&reqflag, *(++argv)))
340 } 321 goto bad;
341 else if (strcmp(*argv,"-subject") == 0) 322 } else if (strcmp(*argv, "-subject") == 0)
342 subject=1; 323 subject = 1;
343 else if (strcmp(*argv,"-text") == 0) 324 else if (strcmp(*argv, "-text") == 0)
344 text=1; 325 text = 1;
345 else if (strcmp(*argv,"-x509") == 0) 326 else if (strcmp(*argv, "-x509") == 0)
346 x509=1; 327 x509 = 1;
347 else if (strcmp(*argv,"-asn1-kludge") == 0) 328 else if (strcmp(*argv, "-asn1-kludge") == 0)
348 kludge=1; 329 kludge = 1;
349 else if (strcmp(*argv,"-no-asn1-kludge") == 0) 330 else if (strcmp(*argv, "-no-asn1-kludge") == 0)
350 kludge=0; 331 kludge = 0;
351 else if (strcmp(*argv,"-subj") == 0) 332 else if (strcmp(*argv, "-subj") == 0) {
352 { 333 if (--argc < 1)
353 if (--argc < 1) goto bad; 334 goto bad;
354 subj= *(++argv); 335 subj = *(++argv);
355 } 336 } else if (strcmp(*argv, "-multivalue-rdn") == 0)
356 else if (strcmp(*argv,"-multivalue-rdn") == 0) 337 multirdn = 1;
357 multirdn=1; 338 else if (strcmp(*argv, "-days") == 0) {
358 else if (strcmp(*argv,"-days") == 0) 339 if (--argc < 1)
359 { 340 goto bad;
360 if (--argc < 1) goto bad; 341 days = atoi(*(++argv));
361 days= atoi(*(++argv)); 342 if (days == 0)
362 if (days == 0) days=30; 343 days = 30;
363 } 344 } else if (strcmp(*argv, "-set_serial") == 0) {
364 else if (strcmp(*argv,"-set_serial") == 0) 345 if (--argc < 1)
365 { 346 goto bad;
366 if (--argc < 1) goto bad;
367 serial = s2i_ASN1_INTEGER(NULL, *(++argv)); 347 serial = s2i_ASN1_INTEGER(NULL, *(++argv));
368 if (!serial) goto bad; 348 if (!serial)
369 } 349 goto bad;
370 else if (strcmp(*argv,"-extensions") == 0) 350 } else if (strcmp(*argv, "-extensions") == 0) {
371 { 351 if (--argc < 1)
372 if (--argc < 1) goto bad; 352 goto bad;
373 extensions = *(++argv); 353 extensions = *(++argv);
374 } 354 } else if (strcmp(*argv, "-reqexts") == 0) {
375 else if (strcmp(*argv,"-reqexts") == 0) 355 if (--argc < 1)
376 { 356 goto bad;
377 if (--argc < 1) goto bad;
378 req_exts = *(++argv); 357 req_exts = *(++argv);
379 } 358 } else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) {
380 else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
381 {
382 /* ok */ 359 /* ok */
383 digest=md_alg; 360 digest = md_alg;
384 } 361 } else {
385 else 362 BIO_printf(bio_err, "unknown option %s\n", *argv);
386 { 363 badops = 1;
387 BIO_printf(bio_err,"unknown option %s\n",*argv);
388 badops=1;
389 break; 364 break;
390 } 365 }
391 argc--; 366 argc--;
392 argv++; 367 argv++;
393 } 368 }
394 369
395 if (badops) 370 if (badops) {
396 {
397bad: 371bad:
398 BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); 372 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
399 BIO_printf(bio_err,"where options are\n"); 373 BIO_printf(bio_err, "where options are\n");
400 BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); 374 BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
401 BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); 375 BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
402 BIO_printf(bio_err," -in arg input file\n"); 376 BIO_printf(bio_err, " -in arg input file\n");
403 BIO_printf(bio_err," -out arg output file\n"); 377 BIO_printf(bio_err, " -out arg output file\n");
404 BIO_printf(bio_err," -text text form of request\n"); 378 BIO_printf(bio_err, " -text text form of request\n");
405 BIO_printf(bio_err," -pubkey output public key\n"); 379 BIO_printf(bio_err, " -pubkey output public key\n");
406 BIO_printf(bio_err," -noout do not output REQ\n"); 380 BIO_printf(bio_err, " -noout do not output REQ\n");
407 BIO_printf(bio_err," -verify verify signature on REQ\n"); 381 BIO_printf(bio_err, " -verify verify signature on REQ\n");
408 BIO_printf(bio_err," -modulus RSA modulus\n"); 382 BIO_printf(bio_err, " -modulus RSA modulus\n");
409 BIO_printf(bio_err," -nodes don't encrypt the output key\n"); 383 BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
410#ifndef OPENSSL_NO_ENGINE 384#ifndef OPENSSL_NO_ENGINE
411 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); 385 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device\n");
412#endif 386#endif
413 BIO_printf(bio_err," -subject output the request's subject\n"); 387 BIO_printf(bio_err, " -subject output the request's subject\n");
414 BIO_printf(bio_err," -passin private key password source\n"); 388 BIO_printf(bio_err, " -passin private key password source\n");
415 BIO_printf(bio_err," -key file use the private key contained in file\n"); 389 BIO_printf(bio_err, " -key file use the private key contained in file\n");
416 BIO_printf(bio_err," -keyform arg key file format\n"); 390 BIO_printf(bio_err, " -keyform arg key file format\n");
417 BIO_printf(bio_err," -keyout arg file to send the key to\n"); 391 BIO_printf(bio_err, " -keyout arg file to send the key to\n");
418 BIO_printf(bio_err," -rand file:file:...\n"); 392 BIO_printf(bio_err, " -rand file:file:...\n");
419 BIO_printf(bio_err," load the file (or the files in the directory) into\n"); 393 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
420 BIO_printf(bio_err," the random number generator\n"); 394 BIO_printf(bio_err, " the random number generator\n");
421 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); 395 BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
422 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); 396 BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
423#ifndef OPENSSL_NO_ECDSA 397#ifndef OPENSSL_NO_ECDSA
424 BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); 398 BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
425#endif 399#endif
426 BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); 400 BIO_printf(bio_err, " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
427 BIO_printf(bio_err," -config file request template file.\n"); 401 BIO_printf(bio_err, " -config file request template file.\n");
428 BIO_printf(bio_err," -subj arg set or modify request subject\n"); 402 BIO_printf(bio_err, " -subj arg set or modify request subject\n");
429 BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); 403 BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
430 BIO_printf(bio_err," -new new request.\n"); 404 BIO_printf(bio_err, " -new new request.\n");
431 BIO_printf(bio_err," -batch do not ask anything during request generation\n"); 405 BIO_printf(bio_err, " -batch do not ask anything during request generation\n");
432 BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); 406 BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n");
433 BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n"); 407 BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n");
434 BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n"); 408 BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n");
435 BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n"); 409 BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n");
436 BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); 410 BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
437 BIO_printf(bio_err," have been reported as requiring\n"); 411 BIO_printf(bio_err, " have been reported as requiring\n");
438 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); 412 BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n");
439 BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); 413 BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n");
440 BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); 414 BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n");
441 BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); 415 BIO_printf(bio_err, " -nameopt arg - various certificate name options\n");
442 BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); 416 BIO_printf(bio_err, " -reqopt arg - various request text options\n\n");
443 goto end; 417 goto end;
444 } 418 }
445
446 ERR_load_crypto_strings(); 419 ERR_load_crypto_strings();
447 if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 420 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
448 BIO_printf(bio_err, "Error getting passwords\n"); 421 BIO_printf(bio_err, "Error getting passwords\n");
449 goto end; 422 goto end;
450 } 423 }
451 424 if (template != NULL) {
452 if (template != NULL)
453 {
454 long errline = -1; 425 long errline = -1;
455 426
456 if( verbose ) 427 if (verbose)
457 BIO_printf(bio_err,"Using configuration from %s\n",template); 428 BIO_printf(bio_err, "Using configuration from %s\n", template);
458 req_conf=NCONF_new(NULL); 429 req_conf = NCONF_new(NULL);
459 i=NCONF_load(req_conf,template,&errline); 430 i = NCONF_load(req_conf, template, &errline);
460 if (i == 0) 431 if (i == 0) {
461 { 432 BIO_printf(bio_err, "error on line %ld of %s\n", errline, template);
462 BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
463 goto end; 433 goto end;
464 }
465 } 434 }
466 else 435 } else {
467 { 436 req_conf = config;
468 req_conf=config;
469 437
470 if (req_conf == NULL) 438 if (req_conf == NULL) {
471 { 439 BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
472 BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
473 if (newreq) 440 if (newreq)
474 goto end; 441 goto end;
475 } 442 } else if (verbose)
476 else if( verbose ) 443 BIO_printf(bio_err, "Using configuration from %s\n",
477 BIO_printf(bio_err,"Using configuration from %s\n", 444 default_config_file);
478 default_config_file); 445 }
479 }
480 446
481 if (req_conf != NULL) 447 if (req_conf != NULL) {
482 {
483 if (!load_config(bio_err, req_conf)) 448 if (!load_config(bio_err, req_conf))
484 goto end; 449 goto end;
485 p=NCONF_get_string(req_conf,NULL,"oid_file"); 450 p = NCONF_get_string(req_conf, NULL, "oid_file");
486 if (p == NULL) 451 if (p == NULL)
487 ERR_clear_error(); 452 ERR_clear_error();
488 if (p != NULL) 453 if (p != NULL) {
489 {
490 BIO *oid_bio; 454 BIO *oid_bio;
491 455
492 oid_bio=BIO_new_file(p,"r"); 456 oid_bio = BIO_new_file(p, "r");
493 if (oid_bio == NULL) 457 if (oid_bio == NULL) {
494 {
495 /* 458 /*
496 BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); 459 BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
497 ERR_print_errors(bio_err); 460 ERR_print_errors(bio_err);
498 */ 461 */
499 } 462 } else {
500 else
501 {
502 OBJ_create_objects(oid_bio); 463 OBJ_create_objects(oid_bio);
503 BIO_free(oid_bio); 464 BIO_free(oid_bio);
504 }
505 } 465 }
506 } 466 }
507 if(!add_oid_section(bio_err, req_conf)) goto end; 467 }
468 if (!add_oid_section(bio_err, req_conf))
469 goto end;
508 470
509 if (md_alg == NULL) 471 if (md_alg == NULL) {
510 { 472 p = NCONF_get_string(req_conf, SECTION, "default_md");
511 p=NCONF_get_string(req_conf,SECTION,"default_md");
512 if (p == NULL) 473 if (p == NULL)
513 ERR_clear_error(); 474 ERR_clear_error();
514 if (p != NULL) 475 if (p != NULL) {
515 { 476 if ((md_alg = EVP_get_digestbyname(p)) != NULL)
516 if ((md_alg=EVP_get_digestbyname(p)) != NULL) 477 digest = md_alg;
517 digest=md_alg;
518 }
519 } 478 }
520 479 }
521 if (!extensions) 480 if (!extensions) {
522 {
523 extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); 481 extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
524 if (!extensions) 482 if (!extensions)
525 ERR_clear_error(); 483 ERR_clear_error();
526 } 484 }
527 if (extensions) { 485 if (extensions) {
528 /* Check syntax of file */ 486 /* Check syntax of file */
529 X509V3_CTX ctx; 487 X509V3_CTX ctx;
530 X509V3_set_ctx_test(&ctx); 488 X509V3_set_ctx_test(&ctx);
531 X509V3_set_nconf(&ctx, req_conf); 489 X509V3_set_nconf(&ctx, req_conf);
532 if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { 490 if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
533 BIO_printf(bio_err, 491 BIO_printf(bio_err,
534 "Error Loading extension section %s\n", extensions); 492 "Error Loading extension section %s\n", extensions);
535 goto end; 493 goto end;
536 } 494 }
537 } 495 }
538 496 if (!passin) {
539 if(!passin)
540 {
541 passin = NCONF_get_string(req_conf, SECTION, "input_password"); 497 passin = NCONF_get_string(req_conf, SECTION, "input_password");
542 if (!passin) 498 if (!passin)
543 ERR_clear_error(); 499 ERR_clear_error();
544 } 500 }
545 501 if (!passout) {
546 if(!passout)
547 {
548 passout = NCONF_get_string(req_conf, SECTION, "output_password"); 502 passout = NCONF_get_string(req_conf, SECTION, "output_password");
549 if (!passout) 503 if (!passout)
550 ERR_clear_error(); 504 ERR_clear_error();
551 } 505 }
552
553 p = NCONF_get_string(req_conf, SECTION, STRING_MASK); 506 p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
554 if (!p) 507 if (!p)
555 ERR_clear_error(); 508 ERR_clear_error();
556 509
557 if(p && !ASN1_STRING_set_default_mask_asc(p)) { 510 if (p && !ASN1_STRING_set_default_mask_asc(p)) {
558 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); 511 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
559 goto end; 512 goto end;
560 } 513 }
561 514 if (chtype != MBSTRING_UTF8) {
562 if (chtype != MBSTRING_UTF8)
563 {
564 p = NCONF_get_string(req_conf, SECTION, UTF8_IN); 515 p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
565 if (!p) 516 if (!p)
566 ERR_clear_error(); 517 ERR_clear_error();
567 else if (!strcmp(p, "yes")) 518 else if (!strcmp(p, "yes"))
568 chtype = MBSTRING_UTF8; 519 chtype = MBSTRING_UTF8;
569 } 520 }
570 521 if (!req_exts) {
571
572 if(!req_exts)
573 {
574 req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); 522 req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
575 if (!req_exts) 523 if (!req_exts)
576 ERR_clear_error(); 524 ERR_clear_error();
577 } 525 }
578 if(req_exts) { 526 if (req_exts) {
579 /* Check syntax of file */ 527 /* Check syntax of file */
580 X509V3_CTX ctx; 528 X509V3_CTX ctx;
581 X509V3_set_ctx_test(&ctx); 529 X509V3_set_ctx_test(&ctx);
582 X509V3_set_nconf(&ctx, req_conf); 530 X509V3_set_nconf(&ctx, req_conf);
583 if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { 531 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
584 BIO_printf(bio_err, 532 BIO_printf(bio_err,
585 "Error Loading request extension section %s\n", 533 "Error Loading request extension section %s\n",
586 req_exts); 534 req_exts);
587 goto end; 535 goto end;
588 } 536 }
589 } 537 }
590 538 in = BIO_new(BIO_s_file());
591 in=BIO_new(BIO_s_file()); 539 out = BIO_new(BIO_s_file());
592 out=BIO_new(BIO_s_file());
593 if ((in == NULL) || (out == NULL)) 540 if ((in == NULL) || (out == NULL))
594 goto end; 541 goto end;
595 542
596#ifndef OPENSSL_NO_ENGINE 543#ifndef OPENSSL_NO_ENGINE
597 e = setup_engine(bio_err, engine, 0); 544 e = setup_engine(bio_err, engine, 0);
598#endif 545#endif
599 546
600 if (keyfile != NULL) 547 if (keyfile != NULL) {
601 {
602 pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, 548 pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
603 "Private Key"); 549 "Private Key");
604 if (!pkey) 550 if (!pkey) {
605 { 551 /*
606 /* load_key() has already printed an appropriate 552 * load_key() has already printed an appropriate
607 message */ 553 * message
554 */
608 goto end; 555 goto end;
609 } 556 } else {
610 else 557 char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
611 {
612 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
613 if (randfile == NULL) 558 if (randfile == NULL)
614 ERR_clear_error(); 559 ERR_clear_error();
615 app_RAND_load_file(randfile, bio_err, 0); 560 app_RAND_load_file(randfile, bio_err, 0);
616 }
617 } 561 }
618 562 }
619 if (newreq && (pkey == NULL)) 563 if (newreq && (pkey == NULL)) {
620 { 564 char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
621 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
622 if (randfile == NULL) 565 if (randfile == NULL)
623 ERR_clear_error(); 566 ERR_clear_error();
624 app_RAND_load_file(randfile, bio_err, 0); 567 app_RAND_load_file(randfile, bio_err, 0);
625 if (inrand) 568 if (inrand)
626 app_RAND_load_files(inrand); 569 app_RAND_load_files(inrand);
627 570
628 if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) 571 if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
629 { 572 newkey = DEFAULT_KEY_LENGTH;
630 newkey=DEFAULT_KEY_LENGTH; 573 }
631 } 574 if (keyalg) {
632
633 if (keyalg)
634 {
635 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, 575 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
636 &keyalgstr, gen_eng); 576 &keyalgstr, gen_eng);
637 if (!genctx) 577 if (!genctx)
638 goto end; 578 goto end;
639 } 579 }
640 580 if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
641 if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) 581 BIO_printf(bio_err, "private key length is too short,\n");
642 { 582 BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, newkey);
643 BIO_printf(bio_err,"private key length is too short,\n");
644 BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
645 goto end; 583 goto end;
646 } 584 }
647 585 if (!genctx) {
648 if (!genctx)
649 {
650 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, 586 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
651 &keyalgstr, gen_eng); 587 &keyalgstr, gen_eng);
652 if (!genctx) 588 if (!genctx)
653 goto end; 589 goto end;
654 } 590 }
655 591 if (pkeyopts) {
656 if (pkeyopts)
657 {
658 char *genopt; 592 char *genopt;
659 for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) 593 for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
660 {
661 genopt = sk_OPENSSL_STRING_value(pkeyopts, i); 594 genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
662 if (pkey_ctrl_string(genctx, genopt) <= 0) 595 if (pkey_ctrl_string(genctx, genopt) <= 0) {
663 {
664 BIO_printf(bio_err, 596 BIO_printf(bio_err,
665 "parameter error \"%s\"\n", 597 "parameter error \"%s\"\n",
666 genopt); 598 genopt);
667 ERR_print_errors(bio_err); 599 ERR_print_errors(bio_err);
668 goto end; 600 goto end;
669 }
670 } 601 }
671 } 602 }
672 603 }
673 BIO_printf(bio_err,"Generating a %ld bit %s private key\n", 604 BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
674 newkey, keyalgstr); 605 newkey, keyalgstr);
675 606
676 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); 607 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
677 EVP_PKEY_CTX_set_app_data(genctx, bio_err); 608 EVP_PKEY_CTX_set_app_data(genctx, bio_err);
678 609
679 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) 610 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
680 {
681 BIO_puts(bio_err, "Error Generating Key\n"); 611 BIO_puts(bio_err, "Error Generating Key\n");
682 goto end; 612 goto end;
683 } 613 }
684
685 EVP_PKEY_CTX_free(genctx); 614 EVP_PKEY_CTX_free(genctx);
686 genctx = NULL; 615 genctx = NULL;
687 616
688 app_RAND_write_file(randfile, bio_err); 617 app_RAND_write_file(randfile, bio_err);
689 618
690 if (keyout == NULL) 619 if (keyout == NULL) {
691 { 620 keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
692 keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
693 if (keyout == NULL) 621 if (keyout == NULL)
694 ERR_clear_error(); 622 ERR_clear_error();
695 } 623 }
696 624 if (keyout == NULL) {
697 if (keyout == NULL) 625 BIO_printf(bio_err, "writing new private key to stdout\n");
698 { 626 BIO_set_fp(out, stdout, BIO_NOCLOSE);
699 BIO_printf(bio_err,"writing new private key to stdout\n"); 627 } else {
700 BIO_set_fp(out,stdout,BIO_NOCLOSE); 628 BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
701 } 629 if (BIO_write_filename(out, keyout) <= 0) {
702 else
703 {
704 BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
705 if (BIO_write_filename(out,keyout) <= 0)
706 {
707 perror(keyout); 630 perror(keyout);
708 goto end; 631 goto end;
709 }
710 } 632 }
633 }
711 634
712 p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); 635 p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
713 if (p == NULL) 636 if (p == NULL) {
714 {
715 ERR_clear_error(); 637 ERR_clear_error();
716 p=NCONF_get_string(req_conf,SECTION,"encrypt_key"); 638 p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
717 if (p == NULL) 639 if (p == NULL)
718 ERR_clear_error(); 640 ERR_clear_error();
719 } 641 }
720 if ((p != NULL) && (strcmp(p,"no") == 0)) 642 if ((p != NULL) && (strcmp(p, "no") == 0))
721 cipher=NULL; 643 cipher = NULL;
722 if (nodes) cipher=NULL; 644 if (nodes)
723 645 cipher = NULL;
724 i=0; 646
647 i = 0;
725loop: 648loop:
726 if (!PEM_write_bio_PrivateKey(out,pkey,cipher, 649 if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
727 NULL,0,NULL,passout)) 650 NULL, 0, NULL, passout)) {
728 {
729 if ((ERR_GET_REASON(ERR_peek_error()) == 651 if ((ERR_GET_REASON(ERR_peek_error()) ==
730 PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) 652 PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
731 {
732 ERR_clear_error(); 653 ERR_clear_error();
733 i++; 654 i++;
734 goto loop; 655 goto loop;
735 }
736 goto end;
737 } 656 }
738 BIO_printf(bio_err,"-----\n"); 657 goto end;
739 } 658 }
740 659 BIO_printf(bio_err, "-----\n");
741 if (!newreq) 660 }
742 { 661 if (!newreq) {
743 /* Since we are using a pre-existing certificate 662 /*
744 * request, the kludge 'format' info should not be 663 * Since we are using a pre-existing certificate request, the
745 * changed. */ 664 * kludge 'format' info should not be changed.
746 kludge= -1; 665 */
666 kludge = -1;
747 if (infile == NULL) 667 if (infile == NULL)
748 BIO_set_fp(in,stdin,BIO_NOCLOSE); 668 BIO_set_fp(in, stdin, BIO_NOCLOSE);
749 else 669 else {
750 { 670 if (BIO_read_filename(in, infile) <= 0) {
751 if (BIO_read_filename(in,infile) <= 0)
752 {
753 perror(infile); 671 perror(infile);
754 goto end; 672 goto end;
755 }
756 } 673 }
674 }
757 675
758 if (informat == FORMAT_ASN1) 676 if (informat == FORMAT_ASN1)
759 req=d2i_X509_REQ_bio(in,NULL); 677 req = d2i_X509_REQ_bio(in, NULL);
760 else if (informat == FORMAT_PEM) 678 else if (informat == FORMAT_PEM)
761 req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); 679 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
762 else 680 else {
763 { 681 BIO_printf(bio_err, "bad input format specified for X509 request\n");
764 BIO_printf(bio_err,"bad input format specified for X509 request\n");
765 goto end; 682 goto end;
766 } 683 }
767 if (req == NULL) 684 if (req == NULL) {
768 { 685 BIO_printf(bio_err, "unable to load X509 request\n");
769 BIO_printf(bio_err,"unable to load X509 request\n");
770 goto end; 686 goto end;
771 }
772 } 687 }
773 688 }
774 if (newreq || x509) 689 if (newreq || x509) {
775 { 690 if (pkey == NULL) {
776 if (pkey == NULL) 691 BIO_printf(bio_err, "you need to specify a private key\n");
777 {
778 BIO_printf(bio_err,"you need to specify a private key\n");
779 goto end; 692 goto end;
780 } 693 }
781 694 if (req == NULL) {
782 if (req == NULL) 695 req = X509_REQ_new();
783 { 696 if (req == NULL) {
784 req=X509_REQ_new();
785 if (req == NULL)
786 {
787 goto end; 697 goto end;
788 } 698 }
789 699 i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
790 i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); 700 subj = NULL; /* done processing '-subj' option */
791 subj=NULL; /* done processing '-subj' option */ 701 if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
792 if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
793 {
794 sk_X509_ATTRIBUTE_free(req->req_info->attributes); 702 sk_X509_ATTRIBUTE_free(req->req_info->attributes);
795 req->req_info->attributes = NULL; 703 req->req_info->attributes = NULL;
796 } 704 }
797 if (!i) 705 if (!i) {
798 { 706 BIO_printf(bio_err, "problems making Certificate Request\n");
799 BIO_printf(bio_err,"problems making Certificate Request\n");
800 goto end; 707 goto end;
801 }
802 } 708 }
803 if (x509) 709 }
804 { 710 if (x509) {
805 EVP_PKEY *tmppkey; 711 EVP_PKEY *tmppkey;
806 X509V3_CTX ext_ctx; 712 X509V3_CTX ext_ctx;
807 if ((x509ss=X509_new()) == NULL) goto end; 713 if ((x509ss = X509_new()) == NULL)
714 goto end;
808 715
809 /* Set version to V3 */ 716 /* Set version to V3 */
810 if(extensions && !X509_set_version(x509ss, 2)) goto end; 717 if (extensions && !X509_set_version(x509ss, 2))
811 if (serial) 718 goto end;
812 { 719 if (serial) {
813 if (!X509_set_serialNumber(x509ss, serial)) goto end; 720 if (!X509_set_serialNumber(x509ss, serial))
814 } 721 goto end;
815 else 722 } else {
816 {
817 if (!rand_serial(NULL, 723 if (!rand_serial(NULL,
818 X509_get_serialNumber(x509ss))) 724 X509_get_serialNumber(x509ss)))
819 goto end; 725 goto end;
820 } 726 }
821 727
822 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; 728 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
823 if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; 729 goto end;
824 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end; 730 if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
825 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; 731 goto end;
732 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
733 goto end;
734 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
735 goto end;
826 tmppkey = X509_REQ_get_pubkey(req); 736 tmppkey = X509_REQ_get_pubkey(req);
827 if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end; 737 if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
738 goto end;
828 EVP_PKEY_free(tmppkey); 739 EVP_PKEY_free(tmppkey);
829 740
830 /* Set up V3 context struct */ 741 /* Set up V3 context struct */
@@ -833,24 +744,19 @@ loop:
833 X509V3_set_nconf(&ext_ctx, req_conf); 744 X509V3_set_nconf(&ext_ctx, req_conf);
834 745
835 /* Add extensions */ 746 /* Add extensions */
836 if(extensions && !X509V3_EXT_add_nconf(req_conf, 747 if (extensions && !X509V3_EXT_add_nconf(req_conf,
837 &ext_ctx, extensions, x509ss)) 748 &ext_ctx, extensions, x509ss)) {
838 {
839 BIO_printf(bio_err, 749 BIO_printf(bio_err,
840 "Error Loading extension section %s\n", 750 "Error Loading extension section %s\n",
841 extensions); 751 extensions);
842 goto end; 752 goto end;
843 } 753 }
844 754 i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
845 i=do_X509_sign(bio_err, x509ss, pkey, digest, sigopts); 755 if (!i) {
846 if (!i)
847 {
848 ERR_print_errors(bio_err); 756 ERR_print_errors(bio_err);
849 goto end; 757 goto end;
850 }
851 } 758 }
852 else 759 } else {
853 {
854 X509V3_CTX ext_ctx; 760 X509V3_CTX ext_ctx;
855 761
856 /* Set up V3 context struct */ 762 /* Set up V3 context struct */
@@ -859,199 +765,161 @@ loop:
859 X509V3_set_nconf(&ext_ctx, req_conf); 765 X509V3_set_nconf(&ext_ctx, req_conf);
860 766
861 /* Add extensions */ 767 /* Add extensions */
862 if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 768 if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
863 &ext_ctx, req_exts, req)) 769 &ext_ctx, req_exts, req)) {
864 {
865 BIO_printf(bio_err, 770 BIO_printf(bio_err,
866 "Error Loading extension section %s\n", 771 "Error Loading extension section %s\n",
867 req_exts); 772 req_exts);
868 goto end; 773 goto end;
869 } 774 }
870 i=do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts); 775 i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
871 if (!i) 776 if (!i) {
872 {
873 ERR_print_errors(bio_err); 777 ERR_print_errors(bio_err);
874 goto end; 778 goto end;
875 }
876 } 779 }
877 } 780 }
878 781 }
879 if (subj && x509) 782 if (subj && x509) {
880 {
881 BIO_printf(bio_err, "Cannot modifiy certificate subject\n"); 783 BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
882 goto end; 784 goto end;
883 } 785 }
884 786 if (subj && !x509) {
885 if (subj && !x509) 787 if (verbose) {
886 {
887 if (verbose)
888 {
889 BIO_printf(bio_err, "Modifying Request's Subject\n"); 788 BIO_printf(bio_err, "Modifying Request's Subject\n");
890 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); 789 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
891 } 790 }
892 791 if (build_subject(req, subj, chtype, multirdn) == 0) {
893 if (build_subject(req, subj, chtype, multirdn) == 0)
894 {
895 BIO_printf(bio_err, "ERROR: cannot modify subject\n"); 792 BIO_printf(bio_err, "ERROR: cannot modify subject\n");
896 ex=1; 793 ex = 1;
897 goto end; 794 goto end;
898 } 795 }
899
900 req->req_info->enc.modified = 1; 796 req->req_info->enc.modified = 1;
901 797
902 if (verbose) 798 if (verbose) {
903 {
904 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag); 799 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
905 }
906 } 800 }
801 }
802 if (verify && !x509) {
803 int tmp = 0;
907 804
908 if (verify && !x509) 805 if (pkey == NULL) {
909 { 806 pkey = X509_REQ_get_pubkey(req);
910 int tmp=0; 807 tmp = 1;
911 808 if (pkey == NULL)
912 if (pkey == NULL) 809 goto end;
913 { 810 }
914 pkey=X509_REQ_get_pubkey(req); 811 i = X509_REQ_verify(req, pkey);
915 tmp=1;
916 if (pkey == NULL) goto end;
917 }
918
919 i=X509_REQ_verify(req,pkey);
920 if (tmp) { 812 if (tmp) {
921 EVP_PKEY_free(pkey); 813 EVP_PKEY_free(pkey);
922 pkey=NULL; 814 pkey = NULL;
923 } 815 }
924 816 if (i < 0) {
925 if (i < 0)
926 {
927 goto end; 817 goto end;
928 } 818 } else if (i == 0) {
929 else if (i == 0) 819 BIO_printf(bio_err, "verify failure\n");
930 {
931 BIO_printf(bio_err,"verify failure\n");
932 ERR_print_errors(bio_err); 820 ERR_print_errors(bio_err);
933 } 821 } else /* if (i > 0) */
934 else /* if (i > 0) */ 822 BIO_printf(bio_err, "verify OK\n");
935 BIO_printf(bio_err,"verify OK\n"); 823 }
936 } 824 if (noout && !text && !modulus && !subject && !pubkey) {
937 825 ex = 0;
938 if (noout && !text && !modulus && !subject && !pubkey)
939 {
940 ex=0;
941 goto end; 826 goto end;
942 } 827 }
943 828 if (outfile == NULL) {
944 if (outfile == NULL) 829 BIO_set_fp(out, stdout, BIO_NOCLOSE);
945 { 830 } else {
946 BIO_set_fp(out,stdout,BIO_NOCLOSE); 831 if ((keyout != NULL) && (strcmp(outfile, keyout) == 0))
947 } 832 i = (int) BIO_append_filename(out, outfile);
948 else
949 {
950 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
951 i=(int)BIO_append_filename(out,outfile);
952 else 833 else
953 i=(int)BIO_write_filename(out,outfile); 834 i = (int) BIO_write_filename(out, outfile);
954 if (!i) 835 if (!i) {
955 {
956 perror(outfile); 836 perror(outfile);
957 goto end; 837 goto end;
958 }
959 } 838 }
839 }
960 840
961 if (pubkey) 841 if (pubkey) {
962 { 842 EVP_PKEY *tpubkey;
963 EVP_PKEY *tpubkey; 843 tpubkey = X509_REQ_get_pubkey(req);
964 tpubkey=X509_REQ_get_pubkey(req); 844 if (tpubkey == NULL) {
965 if (tpubkey == NULL) 845 BIO_printf(bio_err, "Error getting public key\n");
966 {
967 BIO_printf(bio_err,"Error getting public key\n");
968 ERR_print_errors(bio_err); 846 ERR_print_errors(bio_err);
969 goto end; 847 goto end;
970 } 848 }
971 PEM_write_bio_PUBKEY(out, tpubkey); 849 PEM_write_bio_PUBKEY(out, tpubkey);
972 EVP_PKEY_free(tpubkey); 850 EVP_PKEY_free(tpubkey);
973 } 851 }
974 852 if (text) {
975 if (text)
976 {
977 if (x509) 853 if (x509)
978 X509_print_ex(out, x509ss, nmflag, reqflag); 854 X509_print_ex(out, x509ss, nmflag, reqflag);
979 else 855 else
980 X509_REQ_print_ex(out, req, nmflag, reqflag); 856 X509_REQ_print_ex(out, req, nmflag, reqflag);
981 } 857 }
982 858 if (subject) {
983 if(subject) 859 if (x509)
984 {
985 if(x509)
986 print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); 860 print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
987 else 861 else
988 print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); 862 print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
989 } 863 }
990 864 if (modulus) {
991 if (modulus)
992 {
993 EVP_PKEY *tpubkey; 865 EVP_PKEY *tpubkey;
994 866
995 if (x509) 867 if (x509)
996 tpubkey=X509_get_pubkey(x509ss); 868 tpubkey = X509_get_pubkey(x509ss);
997 else 869 else
998 tpubkey=X509_REQ_get_pubkey(req); 870 tpubkey = X509_REQ_get_pubkey(req);
999 if (tpubkey == NULL) 871 if (tpubkey == NULL) {
1000 { 872 fprintf(stdout, "Modulus=unavailable\n");
1001 fprintf(stdout,"Modulus=unavailable\n"); 873 goto end;
1002 goto end; 874 }
1003 } 875 fprintf(stdout, "Modulus=");
1004 fprintf(stdout,"Modulus=");
1005#ifndef OPENSSL_NO_RSA 876#ifndef OPENSSL_NO_RSA
1006 if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) 877 if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
1007 BN_print(out,tpubkey->pkey.rsa->n); 878 BN_print(out, tpubkey->pkey.rsa->n);
1008 else 879 else
1009#endif 880#endif
1010 fprintf(stdout,"Wrong Algorithm type"); 881 fprintf(stdout, "Wrong Algorithm type");
1011 EVP_PKEY_free(tpubkey); 882 EVP_PKEY_free(tpubkey);
1012 fprintf(stdout,"\n"); 883 fprintf(stdout, "\n");
1013 } 884 }
1014 885 if (!noout && !x509) {
1015 if (!noout && !x509) 886 if (outformat == FORMAT_ASN1)
1016 { 887 i = i2d_X509_REQ_bio(out, req);
1017 if (outformat == FORMAT_ASN1)
1018 i=i2d_X509_REQ_bio(out,req);
1019 else if (outformat == FORMAT_PEM) { 888 else if (outformat == FORMAT_PEM) {
1020 if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req); 889 if (newhdr)
1021 else i=PEM_write_bio_X509_REQ(out,req); 890 i = PEM_write_bio_X509_REQ_NEW(out, req);
891 else
892 i = PEM_write_bio_X509_REQ(out, req);
1022 } else { 893 } else {
1023 BIO_printf(bio_err,"bad output format specified for outfile\n"); 894 BIO_printf(bio_err, "bad output format specified for outfile\n");
1024 goto end; 895 goto end;
1025 } 896 }
1026 if (!i) 897 if (!i) {
1027 { 898 BIO_printf(bio_err, "unable to write X509 request\n");
1028 BIO_printf(bio_err,"unable to write X509 request\n");
1029 goto end; 899 goto end;
1030 }
1031 } 900 }
1032 if (!noout && x509 && (x509ss != NULL)) 901 }
1033 { 902 if (!noout && x509 && (x509ss != NULL)) {
1034 if (outformat == FORMAT_ASN1) 903 if (outformat == FORMAT_ASN1)
1035 i=i2d_X509_bio(out,x509ss); 904 i = i2d_X509_bio(out, x509ss);
1036 else if (outformat == FORMAT_PEM) 905 else if (outformat == FORMAT_PEM)
1037 i=PEM_write_bio_X509(out,x509ss); 906 i = PEM_write_bio_X509(out, x509ss);
1038 else { 907 else {
1039 BIO_printf(bio_err,"bad output format specified for outfile\n"); 908 BIO_printf(bio_err, "bad output format specified for outfile\n");
1040 goto end; 909 goto end;
1041 } 910 }
1042 if (!i) 911 if (!i) {
1043 { 912 BIO_printf(bio_err, "unable to write X509 certificate\n");
1044 BIO_printf(bio_err,"unable to write X509 certificate\n");
1045 goto end; 913 goto end;
1046 }
1047 } 914 }
1048 ex=0; 915 }
916 ex = 0;
1049end: 917end:
1050 if (ex) 918 if (ex) {
1051 {
1052 ERR_print_errors(bio_err); 919 ERR_print_errors(bio_err);
1053 } 920 }
1054 if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); 921 if ((req_conf != NULL) && (req_conf != config))
922 NCONF_free(req_conf);
1055 BIO_free(in); 923 BIO_free(in);
1056 BIO_free_all(out); 924 BIO_free_all(out);
1057 EVP_PKEY_free(pkey); 925 EVP_PKEY_free(pkey);
@@ -1070,502 +938,459 @@ end:
1070 X509_REQ_free(req); 938 X509_REQ_free(req);
1071 X509_free(x509ss); 939 X509_free(x509ss);
1072 ASN1_INTEGER_free(serial); 940 ASN1_INTEGER_free(serial);
1073 if(passargin && passin) free(passin); 941 if (passargin && passin)
1074 if(passargout && passout) free(passout); 942 free(passin);
943 if (passargout && passout)
944 free(passout);
1075 OBJ_cleanup(); 945 OBJ_cleanup();
1076 apps_shutdown(); 946 apps_shutdown();
1077 return(ex); 947 return (ex);
1078 } 948}
1079 949
1080static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, 950static int
1081 int attribs, unsigned long chtype) 951make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *subj, int multirdn,
1082 { 952 int attribs, unsigned long chtype)
1083 int ret=0,i; 953{
954 int ret = 0, i;
1084 char no_prompt = 0; 955 char no_prompt = 0;
1085 STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; 956 STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
1086 char *tmp, *dn_sect,*attr_sect; 957 char *tmp, *dn_sect, *attr_sect;
1087 958
1088 tmp=NCONF_get_string(req_conf,SECTION,PROMPT); 959 tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
1089 if (tmp == NULL) 960 if (tmp == NULL)
1090 ERR_clear_error(); 961 ERR_clear_error();
1091 if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; 962 if ((tmp != NULL) && !strcmp(tmp, "no"))
963 no_prompt = 1;
1092 964
1093 dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); 965 dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
1094 if (dn_sect == NULL) 966 if (dn_sect == NULL) {
1095 { 967 BIO_printf(bio_err, "unable to find '%s' in config\n",
1096 BIO_printf(bio_err,"unable to find '%s' in config\n", 968 DISTINGUISHED_NAME);
1097 DISTINGUISHED_NAME);
1098 goto err; 969 goto err;
1099 } 970 }
1100 dn_sk=NCONF_get_section(req_conf,dn_sect); 971 dn_sk = NCONF_get_section(req_conf, dn_sect);
1101 if (dn_sk == NULL) 972 if (dn_sk == NULL) {
1102 { 973 BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
1103 BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
1104 goto err; 974 goto err;
1105 } 975 }
1106 976 attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
1107 attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES); 977 if (attr_sect == NULL) {
1108 if (attr_sect == NULL) 978 ERR_clear_error();
1109 { 979 attr_sk = NULL;
1110 ERR_clear_error(); 980 } else {
1111 attr_sk=NULL; 981 attr_sk = NCONF_get_section(req_conf, attr_sect);
1112 } 982 if (attr_sk == NULL) {
1113 else 983 BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
1114 {
1115 attr_sk=NCONF_get_section(req_conf,attr_sect);
1116 if (attr_sk == NULL)
1117 {
1118 BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
1119 goto err; 984 goto err;
1120 }
1121 } 985 }
986 }
1122 987
1123 /* setup version number */ 988 /* setup version number */
1124 if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */ 989 if (!X509_REQ_set_version(req, 0L))
990 goto err; /* version 1 */
1125 991
1126 if (no_prompt) 992 if (no_prompt)
1127 i = auto_info(req, dn_sk, attr_sk, attribs, chtype); 993 i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
1128 else 994 else {
1129 {
1130 if (subj) 995 if (subj)
1131 i = build_subject(req, subj, chtype, multirdn); 996 i = build_subject(req, subj, chtype, multirdn);
1132 else 997 else
1133 i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); 998 i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
1134 } 999 }
1135 if(!i) goto err; 1000 if (!i)
1001 goto err;
1136 1002
1137 if (!X509_REQ_set_pubkey(req,pkey)) goto err; 1003 if (!X509_REQ_set_pubkey(req, pkey))
1004 goto err;
1138 1005
1139 ret=1; 1006 ret = 1;
1140err: 1007err:
1141 return(ret); 1008 return (ret);
1142 } 1009}
1143 1010
1144/* 1011/*
1145 * subject is expected to be in the format /type0=value0/type1=value1/type2=... 1012 * subject is expected to be in the format /type0=value0/type1=value1/type2=...
1146 * where characters may be escaped by \ 1013 * where characters may be escaped by \
1147 */ 1014 */
1148static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) 1015static int
1149 { 1016build_subject(X509_REQ * req, char *subject, unsigned long chtype, int multirdn)
1017{
1150 X509_NAME *n; 1018 X509_NAME *n;
1151 1019
1152 if (!(n = parse_name(subject, chtype, multirdn))) 1020 if (!(n = parse_name(subject, chtype, multirdn)))
1153 return 0; 1021 return 0;
1154 1022
1155 if (!X509_REQ_set_subject_name(req, n)) 1023 if (!X509_REQ_set_subject_name(req, n)) {
1156 {
1157 X509_NAME_free(n); 1024 X509_NAME_free(n);
1158 return 0; 1025 return 0;
1159 } 1026 }
1160 X509_NAME_free(n); 1027 X509_NAME_free(n);
1161 return 1; 1028 return 1;
1162} 1029}
1163 1030
1164 1031
1165static int prompt_info(X509_REQ *req, 1032static int
1166 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, 1033prompt_info(X509_REQ * req,
1167 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, 1034 STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect,
1168 unsigned long chtype) 1035 STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs,
1169 { 1036 unsigned long chtype)
1037{
1170 int i; 1038 int i;
1171 char *p,*q; 1039 char *p, *q;
1172 char buf[100]; 1040 char buf[100];
1173 int nid, mval; 1041 int nid, mval;
1174 long n_min,n_max; 1042 long n_min, n_max;
1175 char *type, *value; 1043 char *type, *value;
1176 const char *def; 1044 const char *def;
1177 CONF_VALUE *v; 1045 CONF_VALUE *v;
1178 X509_NAME *subj; 1046 X509_NAME *subj;
1179 subj = X509_REQ_get_subject_name(req); 1047 subj = X509_REQ_get_subject_name(req);
1180 1048
1181 if(!batch) 1049 if (!batch) {
1182 { 1050 BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n");
1183 BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); 1051 BIO_printf(bio_err, "into your certificate request.\n");
1184 BIO_printf(bio_err,"into your certificate request.\n"); 1052 BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n");
1185 BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); 1053 BIO_printf(bio_err, "There are quite a few fields but you can leave some blank\n");
1186 BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); 1054 BIO_printf(bio_err, "For some fields there will be a default value,\n");
1187 BIO_printf(bio_err,"For some fields there will be a default value,\n"); 1055 BIO_printf(bio_err, "If you enter '.', the field will be left blank.\n");
1188 BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); 1056 BIO_printf(bio_err, "-----\n");
1189 BIO_printf(bio_err,"-----\n"); 1057 }
1190 } 1058 if (sk_CONF_VALUE_num(dn_sk)) {
1191 1059 i = -1;
1192 1060start: for (;;) {
1193 if (sk_CONF_VALUE_num(dn_sk))
1194 {
1195 i= -1;
1196start: for (;;)
1197 {
1198 int ret; 1061 int ret;
1199 i++; 1062 i++;
1200 if (sk_CONF_VALUE_num(dn_sk) <= i) break; 1063 if (sk_CONF_VALUE_num(dn_sk) <= i)
1201 1064 break;
1202 v=sk_CONF_VALUE_value(dn_sk,i); 1065
1203 p=q=NULL; 1066 v = sk_CONF_VALUE_value(dn_sk, i);
1204 type=v->name; 1067 p = q = NULL;
1205 if(!check_end(type,"_min") || !check_end(type,"_max") || 1068 type = v->name;
1206 !check_end(type,"_default") || 1069 if (!check_end(type, "_min") || !check_end(type, "_max") ||
1207 !check_end(type,"_value")) continue; 1070 !check_end(type, "_default") ||
1208 /* Skip past any leading X. X: X, etc to allow for 1071 !check_end(type, "_value"))
1209 * multiple instances 1072 continue;
1073 /*
1074 * Skip past any leading X. X: X, etc to allow for
1075 * multiple instances
1210 */ 1076 */
1211 for(p = v->name; *p ; p++) 1077 for (p = v->name; *p; p++)
1212 if ((*p == ':') || (*p == ',') || 1078 if ((*p == ':') || (*p == ',') ||
1213 (*p == '.')) { 1079 (*p == '.')) {
1214 p++; 1080 p++;
1215 if(*p) type = p; 1081 if (*p)
1082 type = p;
1216 break; 1083 break;
1217 } 1084 }
1218 if (*type == '+') 1085 if (*type == '+') {
1219 {
1220 mval = -1; 1086 mval = -1;
1221 type++; 1087 type++;
1222 } 1088 } else
1223 else
1224 mval = 0; 1089 mval = 0;
1225 /* If OBJ not recognised ignore it */ 1090 /* If OBJ not recognised ignore it */
1226 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; 1091 if ((nid = OBJ_txt2nid(type)) == NID_undef)
1227 ret = snprintf(buf,sizeof buf,"%s_default",v->name); 1092 goto start;
1228 if (ret == -1 || ret >= sizeof(buf)) 1093 ret = snprintf(buf, sizeof buf, "%s_default", v->name);
1229 { 1094 if (ret == -1 || ret >= sizeof(buf)) {
1230 BIO_printf(bio_err,"Name '%s' too long\n",v->name); 1095 BIO_printf(bio_err, "Name '%s' too long\n", v->name);
1231 return 0; 1096 return 0;
1232 } 1097 }
1233 1098 if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
1234 if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1235 {
1236 ERR_clear_error(); 1099 ERR_clear_error();
1237 def=""; 1100 def = "";
1238 } 1101 }
1239 1102 (void) snprintf(buf, sizeof buf, "%s_value", v->name);
1240 (void) snprintf(buf,sizeof buf,"%s_value",v->name); 1103 if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
1241 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1242 {
1243 ERR_clear_error(); 1104 ERR_clear_error();
1244 value=NULL; 1105 value = NULL;
1245 } 1106 }
1246 1107 (void) snprintf(buf, sizeof buf, "%s_min", v->name);
1247 (void) snprintf(buf,sizeof buf,"%s_min",v->name); 1108 if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
1248 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
1249 {
1250 ERR_clear_error(); 1109 ERR_clear_error();
1251 n_min = -1; 1110 n_min = -1;
1252 } 1111 }
1253 1112 (void) snprintf(buf, sizeof buf, "%s_max", v->name);
1254 (void) snprintf(buf,sizeof buf,"%s_max",v->name); 1113 if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
1255 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
1256 {
1257 ERR_clear_error(); 1114 ERR_clear_error();
1258 n_max = -1; 1115 n_max = -1;
1259 }
1260
1261 if (!add_DN_object(subj,v->value,def,value,nid,
1262 n_min,n_max, chtype, mval))
1263 return 0;
1264 } 1116 }
1265 if (X509_NAME_entry_count(subj) == 0) 1117 if (!add_DN_object(subj, v->value, def, value, nid,
1266 { 1118 n_min, n_max, chtype, mval))
1267 BIO_printf(bio_err,"error, no objects specified in config file\n"); 1119 return 0;
1120 }
1121 if (X509_NAME_entry_count(subj) == 0) {
1122 BIO_printf(bio_err, "error, no objects specified in config file\n");
1268 return 0; 1123 return 0;
1124 }
1125 if (attribs) {
1126 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) {
1127 BIO_printf(bio_err, "\nPlease enter the following 'extra' attributes\n");
1128 BIO_printf(bio_err, "to be sent with your certificate request\n");
1269 } 1129 }
1270 1130 i = -1;
1271 if (attribs) 1131 start2: for (;;) {
1272 {
1273 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
1274 {
1275 BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
1276 BIO_printf(bio_err,"to be sent with your certificate request\n");
1277 }
1278
1279 i= -1;
1280start2: for (;;)
1281 {
1282 int ret; 1132 int ret;
1283 i++; 1133 i++;
1284 if ((attr_sk == NULL) || 1134 if ((attr_sk == NULL) ||
1285 (sk_CONF_VALUE_num(attr_sk) <= i)) 1135 (sk_CONF_VALUE_num(attr_sk) <= i))
1286 break; 1136 break;
1287 1137
1288 v=sk_CONF_VALUE_value(attr_sk,i); 1138 v = sk_CONF_VALUE_value(attr_sk, i);
1289 type=v->name; 1139 type = v->name;
1290 if ((nid=OBJ_txt2nid(type)) == NID_undef) 1140 if ((nid = OBJ_txt2nid(type)) == NID_undef)
1291 goto start2; 1141 goto start2;
1292 ret = snprintf(buf,sizeof buf,"%s_default",type); 1142 ret = snprintf(buf, sizeof buf, "%s_default", type);
1293 if (ret == -1 || ret >= sizeof(buf)) 1143 if (ret == -1 || ret >= sizeof(buf)) {
1294 { 1144 BIO_printf(bio_err, "Name '%s' too long\n", v->name);
1295 BIO_printf(bio_err,"Name '%s' too long\n",v->name); 1145 return 0;
1296 return 0; 1146 }
1297 } 1147 if ((def = NCONF_get_string(req_conf, attr_sect, buf))
1298 1148 == NULL) {
1299 if ((def=NCONF_get_string(req_conf,attr_sect,buf))
1300 == NULL)
1301 {
1302 ERR_clear_error(); 1149 ERR_clear_error();
1303 def=""; 1150 def = "";
1304 } 1151 }
1305 1152 (void) snprintf(buf, sizeof buf, "%s_value", type);
1306 1153 if ((value = NCONF_get_string(req_conf, attr_sect, buf))
1307 (void) snprintf(buf,sizeof buf,"%s_value",type); 1154 == NULL) {
1308 if ((value=NCONF_get_string(req_conf,attr_sect,buf))
1309 == NULL)
1310 {
1311 ERR_clear_error(); 1155 ERR_clear_error();
1312 value=NULL; 1156 value = NULL;
1313 } 1157 }
1314 1158 (void) snprintf(buf, sizeof buf, "%s_min", type);
1315 (void) snprintf(buf,sizeof buf,"%s_min",type); 1159 if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
1316 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
1317 {
1318 ERR_clear_error(); 1160 ERR_clear_error();
1319 n_min = -1; 1161 n_min = -1;
1320 } 1162 }
1321 1163 (void) snprintf(buf, sizeof buf, "%s_max", type);
1322 (void) snprintf(buf,sizeof buf,"%s_max",type); 1164 if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
1323 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
1324 {
1325 ERR_clear_error(); 1165 ERR_clear_error();
1326 n_max = -1; 1166 n_max = -1;
1327 } 1167 }
1328
1329 if (!add_attribute_object(req, 1168 if (!add_attribute_object(req,
1330 v->value,def,value,nid,n_min,n_max, chtype)) 1169 v->value, def, value, nid, n_min, n_max, chtype))
1331 return 0; 1170 return 0;
1332 }
1333 } 1171 }
1334 } 1172 }
1335 else 1173 } else {
1336 { 1174 BIO_printf(bio_err, "No template, please set one up.\n");
1337 BIO_printf(bio_err,"No template, please set one up.\n");
1338 return 0; 1175 return 0;
1339 } 1176 }
1340 1177
1341 return 1; 1178 return 1;
1342 1179
1343 } 1180}
1344 1181
1345static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, 1182static int
1346 STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype) 1183auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * dn_sk,
1347 { 1184 STACK_OF(CONF_VALUE) * attr_sk, int attribs, unsigned long chtype)
1185{
1348 int i; 1186 int i;
1349 char *p,*q; 1187 char *p, *q;
1350 char *type; 1188 char *type;
1351 CONF_VALUE *v; 1189 CONF_VALUE *v;
1352 X509_NAME *subj; 1190 X509_NAME *subj;
1353 1191
1354 subj = X509_REQ_get_subject_name(req); 1192 subj = X509_REQ_get_subject_name(req);
1355 1193
1356 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) 1194 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
1357 {
1358 int mval; 1195 int mval;
1359 v=sk_CONF_VALUE_value(dn_sk,i); 1196 v = sk_CONF_VALUE_value(dn_sk, i);
1360 p=q=NULL; 1197 p = q = NULL;
1361 type=v->name; 1198 type = v->name;
1362 /* Skip past any leading X. X: X, etc to allow for 1199 /*
1363 * multiple instances 1200 * Skip past any leading X. X: X, etc to allow for multiple
1201 * instances
1364 */ 1202 */
1365 for(p = v->name; *p ; p++) 1203 for (p = v->name; *p; p++)
1366 if ((*p == ':') || (*p == ',') || (*p == '.')) { 1204 if ((*p == ':') || (*p == ',') || (*p == '.')) {
1367 p++; 1205 p++;
1368 if(*p) type = p; 1206 if (*p)
1207 type = p;
1369 break; 1208 break;
1370 } 1209 }
1371 if (*p == '+') 1210 if (*p == '+') {
1372 {
1373 p++; 1211 p++;
1374 mval = -1; 1212 mval = -1;
1375 } 1213 } else
1376 else
1377 mval = 0; 1214 mval = 0;
1378 if (!X509_NAME_add_entry_by_txt(subj,type, chtype, 1215 if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
1379 (unsigned char *) v->value,-1,-1,mval)) return 0; 1216 (unsigned char *) v->value, -1, -1, mval))
1217 return 0;
1380 1218
1381 } 1219 }
1382 1220
1383 if (!X509_NAME_entry_count(subj)) 1221 if (!X509_NAME_entry_count(subj)) {
1384 { 1222 BIO_printf(bio_err, "error, no objects specified in config file\n");
1385 BIO_printf(bio_err,"error, no objects specified in config file\n"); 1223 return 0;
1386 return 0;
1387 }
1388 if (attribs)
1389 {
1390 for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
1391 {
1392 v=sk_CONF_VALUE_value(attr_sk,i);
1393 if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
1394 (unsigned char *)v->value, -1)) return 0;
1395 }
1396 }
1397 return 1;
1398 } 1224 }
1225 if (attribs) {
1226 for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
1227 v = sk_CONF_VALUE_value(attr_sk, i);
1228 if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
1229 (unsigned char *) v->value, -1))
1230 return 0;
1231 }
1232 }
1233 return 1;
1234}
1399 1235
1400 1236
1401static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, 1237static int
1402 int nid, int n_min, int n_max, unsigned long chtype, int mval) 1238add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
1403 { 1239 int nid, int n_min, int n_max, unsigned long chtype, int mval)
1404 int i,ret=0; 1240{
1241 int i, ret = 0;
1405 char buf[1024]; 1242 char buf[1024];
1406start: 1243start:
1407 if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); 1244 if (!batch)
1408 (void)BIO_flush(bio_err); 1245 BIO_printf(bio_err, "%s [%s]:", text, def);
1409 if(value != NULL) 1246 (void) BIO_flush(bio_err);
1410 { 1247 if (value != NULL) {
1411 BUF_strlcpy(buf,value,sizeof buf); 1248 BUF_strlcpy(buf, value, sizeof buf);
1412 BUF_strlcat(buf,"\n",sizeof buf); 1249 BUF_strlcat(buf, "\n", sizeof buf);
1413 BIO_printf(bio_err,"%s\n",value); 1250 BIO_printf(bio_err, "%s\n", value);
1414 } 1251 } else {
1415 else 1252 buf[0] = '\0';
1416 { 1253 if (!batch) {
1417 buf[0]='\0'; 1254 if (!fgets(buf, sizeof buf, stdin))
1418 if (!batch)
1419 {
1420 if (!fgets(buf,sizeof buf,stdin))
1421 return 0; 1255 return 0;
1422 } 1256 } else {
1423 else
1424 {
1425 buf[0] = '\n'; 1257 buf[0] = '\n';
1426 buf[1] = '\0'; 1258 buf[1] = '\0';
1427 }
1428 } 1259 }
1260 }
1429 1261
1430 if (buf[0] == '\0') return(0); 1262 if (buf[0] == '\0')
1431 else if (buf[0] == '\n') 1263 return (0);
1432 { 1264 else if (buf[0] == '\n') {
1433 if ((def == NULL) || (def[0] == '\0')) 1265 if ((def == NULL) || (def[0] == '\0'))
1434 return(1); 1266 return (1);
1435 BUF_strlcpy(buf,def,sizeof buf); 1267 BUF_strlcpy(buf, def, sizeof buf);
1436 BUF_strlcat(buf,"\n",sizeof buf); 1268 BUF_strlcat(buf, "\n", sizeof buf);
1437 } 1269 } else if ((buf[0] == '.') && (buf[1] == '\n'))
1438 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1270 return (1);
1439 1271
1440 i=strlen(buf); 1272 i = strlen(buf);
1441 if (buf[i-1] != '\n') 1273 if (buf[i - 1] != '\n') {
1442 { 1274 BIO_printf(bio_err, "weird input :-(\n");
1443 BIO_printf(bio_err,"weird input :-(\n"); 1275 return (0);
1444 return(0);
1445 }
1446 buf[--i]='\0';
1447 if(!req_check_len(i, n_min, n_max)) goto start;
1448 if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
1449 (unsigned char *) buf, -1,-1,mval)) goto err;
1450 ret=1;
1451err:
1452 return(ret);
1453 } 1276 }
1277 buf[--i] = '\0';
1278 if (!req_check_len(i, n_min, n_max))
1279 goto start;
1280 if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
1281 (unsigned char *) buf, -1, -1, mval))
1282 goto err;
1283 ret = 1;
1284err:
1285 return (ret);
1286}
1454 1287
1455static int add_attribute_object(X509_REQ *req, char *text, const char *def, 1288static int
1456 char *value, int nid, int n_min, 1289add_attribute_object(X509_REQ * req, char *text, const char *def,
1457 int n_max, unsigned long chtype) 1290 char *value, int nid, int n_min,
1458 { 1291 int n_max, unsigned long chtype)
1292{
1459 int i; 1293 int i;
1460 static char buf[1024]; 1294 static char buf[1024];
1461 1295
1462start: 1296start:
1463 if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); 1297 if (!batch)
1464 (void)BIO_flush(bio_err); 1298 BIO_printf(bio_err, "%s [%s]:", text, def);
1465 if (value != NULL) 1299 (void) BIO_flush(bio_err);
1466 { 1300 if (value != NULL) {
1467 BUF_strlcpy(buf,value,sizeof buf); 1301 BUF_strlcpy(buf, value, sizeof buf);
1468 BUF_strlcat(buf,"\n",sizeof buf); 1302 BUF_strlcat(buf, "\n", sizeof buf);
1469 BIO_printf(bio_err,"%s\n",value); 1303 BIO_printf(bio_err, "%s\n", value);
1470 } 1304 } else {
1471 else 1305 buf[0] = '\0';
1472 { 1306 if (!batch) {
1473 buf[0]='\0'; 1307 if (!fgets(buf, sizeof buf, stdin))
1474 if (!batch)
1475 {
1476 if (!fgets(buf,sizeof buf,stdin))
1477 return 0; 1308 return 0;
1478 } 1309 } else {
1479 else
1480 {
1481 buf[0] = '\n'; 1310 buf[0] = '\n';
1482 buf[1] = '\0'; 1311 buf[1] = '\0';
1483 }
1484 } 1312 }
1313 }
1485 1314
1486 if (buf[0] == '\0') return(0); 1315 if (buf[0] == '\0')
1487 else if (buf[0] == '\n') 1316 return (0);
1488 { 1317 else if (buf[0] == '\n') {
1489 if ((def == NULL) || (def[0] == '\0')) 1318 if ((def == NULL) || (def[0] == '\0'))
1490 return(1); 1319 return (1);
1491 BUF_strlcpy(buf,def,sizeof buf); 1320 BUF_strlcpy(buf, def, sizeof buf);
1492 BUF_strlcat(buf,"\n",sizeof buf); 1321 BUF_strlcat(buf, "\n", sizeof buf);
1493 } 1322 } else if ((buf[0] == '.') && (buf[1] == '\n'))
1494 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1323 return (1);
1495 1324
1496 i=strlen(buf); 1325 i = strlen(buf);
1497 if (buf[i-1] != '\n') 1326 if (buf[i - 1] != '\n') {
1498 { 1327 BIO_printf(bio_err, "weird input :-(\n");
1499 BIO_printf(bio_err,"weird input :-(\n"); 1328 return (0);
1500 return(0); 1329 }
1501 } 1330 buf[--i] = '\0';
1502 buf[--i]='\0'; 1331 if (!req_check_len(i, n_min, n_max))
1503 if(!req_check_len(i, n_min, n_max)) goto start; 1332 goto start;
1504 1333
1505 if(!X509_REQ_add1_attr_by_NID(req, nid, chtype, 1334 if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
1506 (unsigned char *)buf, -1)) { 1335 (unsigned char *) buf, -1)) {
1507 BIO_printf(bio_err, "Error adding attribute\n"); 1336 BIO_printf(bio_err, "Error adding attribute\n");
1508 ERR_print_errors(bio_err); 1337 ERR_print_errors(bio_err);
1509 goto err; 1338 goto err;
1510 } 1339 }
1511 1340 return (1);
1512 return(1);
1513err: 1341err:
1514 return(0); 1342 return (0);
1515 } 1343}
1516 1344
1517static int req_check_len(int len, int n_min, int n_max) 1345static int
1518 { 1346req_check_len(int len, int n_min, int n_max)
1519 if ((n_min > 0) && (len < n_min)) 1347{
1520 { 1348 if ((n_min > 0) && (len < n_min)) {
1521 BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); 1349 BIO_printf(bio_err, "string is too short, it needs to be at least %d bytes long\n", n_min);
1522 return(0); 1350 return (0);
1523 } 1351 }
1524 if ((n_max >= 0) && (len > n_max)) 1352 if ((n_max >= 0) && (len > n_max)) {
1525 { 1353 BIO_printf(bio_err, "string is too long, it needs to be less than %d bytes long\n", n_max);
1526 BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); 1354 return (0);
1527 return(0);
1528 }
1529 return(1);
1530 } 1355 }
1356 return (1);
1357}
1531 1358
1532/* Check if the end of a string matches 'end' */ 1359/* Check if the end of a string matches 'end' */
1533static int check_end(const char *str, const char *end) 1360static int
1361check_end(const char *str, const char *end)
1534{ 1362{
1535 int elen, slen; 1363 int elen, slen;
1536 const char *tmp; 1364 const char *tmp;
1537 elen = strlen(end); 1365 elen = strlen(end);
1538 slen = strlen(str); 1366 slen = strlen(str);
1539 if(elen > slen) return 1; 1367 if (elen > slen)
1368 return 1;
1540 tmp = str + slen - elen; 1369 tmp = str + slen - elen;
1541 return strcmp(tmp, end); 1370 return strcmp(tmp, end);
1542} 1371}
1543 1372
1544static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, 1373static EVP_PKEY_CTX *
1545 long *pkeylen, char **palgnam, 1374set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1546 ENGINE *keygen_engine) 1375 long *pkeylen, char **palgnam,
1547 { 1376 ENGINE * keygen_engine)
1377{
1548 EVP_PKEY_CTX *gctx = NULL; 1378 EVP_PKEY_CTX *gctx = NULL;
1549 EVP_PKEY *param = NULL; 1379 EVP_PKEY *param = NULL;
1550 long keylen = -1; 1380 long keylen = -1;
1551 BIO *pbio = NULL; 1381 BIO *pbio = NULL;
1552 const char *paramfile = NULL; 1382 const char *paramfile = NULL;
1553 1383
1554 if (gstr == NULL) 1384 if (gstr == NULL) {
1555 {
1556 *pkey_type = EVP_PKEY_RSA; 1385 *pkey_type = EVP_PKEY_RSA;
1557 keylen = *pkeylen; 1386 keylen = *pkeylen;
1558 } 1387 } else if (gstr[0] >= '0' && gstr[0] <= '9') {
1559 else if (gstr[0] >= '0' && gstr[0] <= '9')
1560 {
1561 *pkey_type = EVP_PKEY_RSA; 1388 *pkey_type = EVP_PKEY_RSA;
1562 keylen = atol(gstr); 1389 keylen = atol(gstr);
1563 *pkeylen = keylen; 1390 *pkeylen = keylen;
1564 } 1391 } else if (!strncmp(gstr, "param:", 6))
1565 else if (!strncmp(gstr, "param:", 6))
1566 paramfile = gstr + 6; 1392 paramfile = gstr + 6;
1567 else 1393 else {
1568 {
1569 const char *p = strchr(gstr, ':'); 1394 const char *p = strchr(gstr, ':');
1570 int len; 1395 int len;
1571 ENGINE *tmpeng; 1396 ENGINE *tmpeng;
@@ -1575,178 +1400,160 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
1575 len = p - gstr; 1400 len = p - gstr;
1576 else 1401 else
1577 len = strlen(gstr); 1402 len = strlen(gstr);
1578 /* The lookup of a the string will cover all engines so 1403 /*
1579 * keep a note of the implementation. 1404 * The lookup of a the string will cover all engines so keep
1405 * a note of the implementation.
1580 */ 1406 */
1581 1407
1582 ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); 1408 ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
1583 1409
1584 if (!ameth) 1410 if (!ameth) {
1585 {
1586 BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr); 1411 BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
1587 return NULL; 1412 return NULL;
1588 } 1413 }
1589
1590 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, 1414 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
1591 ameth); 1415 ameth);
1592#ifndef OPENSSL_NO_ENGINE 1416#ifndef OPENSSL_NO_ENGINE
1593 if (tmpeng) 1417 if (tmpeng)
1594 ENGINE_finish(tmpeng); 1418 ENGINE_finish(tmpeng);
1595#endif 1419#endif
1596 if (*pkey_type == EVP_PKEY_RSA) 1420 if (*pkey_type == EVP_PKEY_RSA) {
1597 { 1421 if (p) {
1598 if (p)
1599 {
1600 keylen = atol(p + 1); 1422 keylen = atol(p + 1);
1601 *pkeylen = keylen; 1423 *pkeylen = keylen;
1602 } 1424 } else
1603 else
1604 keylen = *pkeylen; 1425 keylen = *pkeylen;
1605 } 1426 } else if (p)
1606 else if (p)
1607 paramfile = p + 1; 1427 paramfile = p + 1;
1608 } 1428 }
1609 1429
1610 if (paramfile) 1430 if (paramfile) {
1611 {
1612 pbio = BIO_new_file(paramfile, "r"); 1431 pbio = BIO_new_file(paramfile, "r");
1613 if (!pbio) 1432 if (!pbio) {
1614 {
1615 BIO_printf(err, "Can't open parameter file %s\n", 1433 BIO_printf(err, "Can't open parameter file %s\n",
1616 paramfile); 1434 paramfile);
1617 return NULL; 1435 return NULL;
1618 } 1436 }
1619 param = PEM_read_bio_Parameters(pbio, NULL); 1437 param = PEM_read_bio_Parameters(pbio, NULL);
1620 1438
1621 if (!param) 1439 if (!param) {
1622 {
1623 X509 *x; 1440 X509 *x;
1624 (void)BIO_reset(pbio); 1441 (void) BIO_reset(pbio);
1625 x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); 1442 x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
1626 if (x) 1443 if (x) {
1627 {
1628 param = X509_get_pubkey(x); 1444 param = X509_get_pubkey(x);
1629 X509_free(x); 1445 X509_free(x);
1630 }
1631 } 1446 }
1632 1447 }
1633 BIO_free(pbio); 1448 BIO_free(pbio);
1634 1449
1635 if (!param) 1450 if (!param) {
1636 {
1637 BIO_printf(err, "Error reading parameter file %s\n", 1451 BIO_printf(err, "Error reading parameter file %s\n",
1638 paramfile); 1452 paramfile);
1639 return NULL; 1453 return NULL;
1640 } 1454 }
1641 if (*pkey_type == -1) 1455 if (*pkey_type == -1)
1642 *pkey_type = EVP_PKEY_id(param); 1456 *pkey_type = EVP_PKEY_id(param);
1643 else if (*pkey_type != EVP_PKEY_base_id(param)) 1457 else if (*pkey_type != EVP_PKEY_base_id(param)) {
1644 {
1645 BIO_printf(err, "Key Type does not match parameters\n"); 1458 BIO_printf(err, "Key Type does not match parameters\n");
1646 EVP_PKEY_free(param); 1459 EVP_PKEY_free(param);
1647 return NULL; 1460 return NULL;
1648 }
1649 } 1461 }
1650 1462 }
1651 if (palgnam) 1463 if (palgnam) {
1652 {
1653 const EVP_PKEY_ASN1_METHOD *ameth; 1464 const EVP_PKEY_ASN1_METHOD *ameth;
1654 ENGINE *tmpeng; 1465 ENGINE *tmpeng;
1655 const char *anam; 1466 const char *anam;
1656 ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); 1467 ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
1657 if (!ameth) 1468 if (!ameth) {
1658 {
1659 BIO_puts(err, "Internal error: can't find key algorithm\n"); 1469 BIO_puts(err, "Internal error: can't find key algorithm\n");
1660 return NULL; 1470 return NULL;
1661 } 1471 }
1662 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); 1472 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
1663 *palgnam = BUF_strdup(anam); 1473 *palgnam = BUF_strdup(anam);
1664#ifndef OPENSSL_NO_ENGINE 1474#ifndef OPENSSL_NO_ENGINE
1665 if (tmpeng) 1475 if (tmpeng)
1666 ENGINE_finish(tmpeng); 1476 ENGINE_finish(tmpeng);
1667#endif 1477#endif
1668 } 1478 }
1669 1479 if (param) {
1670 if (param)
1671 {
1672 gctx = EVP_PKEY_CTX_new(param, keygen_engine); 1480 gctx = EVP_PKEY_CTX_new(param, keygen_engine);
1673 *pkeylen = EVP_PKEY_bits(param); 1481 *pkeylen = EVP_PKEY_bits(param);
1674 EVP_PKEY_free(param); 1482 EVP_PKEY_free(param);
1675 } 1483 } else
1676 else
1677 gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); 1484 gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
1678 1485
1679 if (!gctx) 1486 if (!gctx) {
1680 {
1681 BIO_puts(err, "Error allocating keygen context\n"); 1487 BIO_puts(err, "Error allocating keygen context\n");
1682 ERR_print_errors(err); 1488 ERR_print_errors(err);
1683 return NULL; 1489 return NULL;
1684 } 1490 }
1685 1491 if (EVP_PKEY_keygen_init(gctx) <= 0) {
1686 if (EVP_PKEY_keygen_init(gctx) <= 0)
1687 {
1688 BIO_puts(err, "Error initializing keygen context\n"); 1492 BIO_puts(err, "Error initializing keygen context\n");
1689 ERR_print_errors(err); 1493 ERR_print_errors(err);
1690 return NULL; 1494 return NULL;
1691 } 1495 }
1692#ifndef OPENSSL_NO_RSA 1496#ifndef OPENSSL_NO_RSA
1693 if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) 1497 if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
1694 { 1498 if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
1695 if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
1696 {
1697 BIO_puts(err, "Error setting RSA keysize\n"); 1499 BIO_puts(err, "Error setting RSA keysize\n");
1698 ERR_print_errors(err); 1500 ERR_print_errors(err);
1699 EVP_PKEY_CTX_free(gctx); 1501 EVP_PKEY_CTX_free(gctx);
1700 return NULL; 1502 return NULL;
1701 }
1702 } 1503 }
1504 }
1703#endif 1505#endif
1704 1506
1705 return gctx; 1507 return gctx;
1706 } 1508}
1707 1509
1708static int genpkey_cb(EVP_PKEY_CTX *ctx) 1510static int
1709 { 1511genpkey_cb(EVP_PKEY_CTX * ctx)
1710 char c='*'; 1512{
1513 char c = '*';
1711 BIO *b = EVP_PKEY_CTX_get_app_data(ctx); 1514 BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
1712 int p; 1515 int p;
1713 p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); 1516 p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
1714 if (p == 0) c='.'; 1517 if (p == 0)
1715 if (p == 1) c='+'; 1518 c = '.';
1716 if (p == 2) c='*'; 1519 if (p == 1)
1717 if (p == 3) c='\n'; 1520 c = '+';
1718 BIO_write(b,&c,1); 1521 if (p == 2)
1719 (void)BIO_flush(b); 1522 c = '*';
1523 if (p == 3)
1524 c = '\n';
1525 BIO_write(b, &c, 1);
1526 (void) BIO_flush(b);
1720#ifdef LINT 1527#ifdef LINT
1721 p=n; 1528 p = n;
1722#endif 1529#endif
1723 return 1; 1530 return 1;
1724 } 1531}
1725 1532
1726static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey, 1533static int
1727 const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) 1534do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey,
1728 { 1535 const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts)
1536{
1729 EVP_PKEY_CTX *pkctx = NULL; 1537 EVP_PKEY_CTX *pkctx = NULL;
1730 int i; 1538 int i;
1731 EVP_MD_CTX_init(ctx); 1539 EVP_MD_CTX_init(ctx);
1732 if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) 1540 if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
1733 return 0; 1541 return 0;
1734 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) 1542 for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
1735 {
1736 char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); 1543 char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
1737 if (pkey_ctrl_string(pkctx, sigopt) <= 0) 1544 if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
1738 {
1739 BIO_printf(err, "parameter error \"%s\"\n", sigopt); 1545 BIO_printf(err, "parameter error \"%s\"\n", sigopt);
1740 ERR_print_errors(bio_err); 1546 ERR_print_errors(bio_err);
1741 return 0; 1547 return 0;
1742 }
1743 } 1548 }
1744 return 1;
1745 } 1549 }
1550 return 1;
1551}
1746 1552
1747int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, 1553int
1748 STACK_OF(OPENSSL_STRING) *sigopts) 1554do_X509_sign(BIO * err, X509 * x, EVP_PKEY * pkey, const EVP_MD * md,
1749 { 1555 STACK_OF(OPENSSL_STRING) * sigopts)
1556{
1750 int rv; 1557 int rv;
1751 EVP_MD_CTX mctx; 1558 EVP_MD_CTX mctx;
1752 EVP_MD_CTX_init(&mctx); 1559 EVP_MD_CTX_init(&mctx);
@@ -1755,12 +1562,13 @@ int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
1755 rv = X509_sign_ctx(x, &mctx); 1562 rv = X509_sign_ctx(x, &mctx);
1756 EVP_MD_CTX_cleanup(&mctx); 1563 EVP_MD_CTX_cleanup(&mctx);
1757 return rv > 0 ? 1 : 0; 1564 return rv > 0 ? 1 : 0;
1758 } 1565}
1759 1566
1760 1567
1761int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, 1568int
1762 STACK_OF(OPENSSL_STRING) *sigopts) 1569do_X509_REQ_sign(BIO * err, X509_REQ * x, EVP_PKEY * pkey, const EVP_MD * md,
1763 { 1570 STACK_OF(OPENSSL_STRING) * sigopts)
1571{
1764 int rv; 1572 int rv;
1765 EVP_MD_CTX mctx; 1573 EVP_MD_CTX mctx;
1766 EVP_MD_CTX_init(&mctx); 1574 EVP_MD_CTX_init(&mctx);
@@ -1769,13 +1577,14 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
1769 rv = X509_REQ_sign_ctx(x, &mctx); 1577 rv = X509_REQ_sign_ctx(x, &mctx);
1770 EVP_MD_CTX_cleanup(&mctx); 1578 EVP_MD_CTX_cleanup(&mctx);
1771 return rv > 0 ? 1 : 0; 1579 return rv > 0 ? 1 : 0;
1772 } 1580}
1773 1581
1774 1582
1775 1583
1776int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, 1584int
1777 STACK_OF(OPENSSL_STRING) *sigopts) 1585do_X509_CRL_sign(BIO * err, X509_CRL * x, EVP_PKEY * pkey, const EVP_MD * md,
1778 { 1586 STACK_OF(OPENSSL_STRING) * sigopts)
1587{
1779 int rv; 1588 int rv;
1780 EVP_MD_CTX mctx; 1589 EVP_MD_CTX mctx;
1781 EVP_MD_CTX_init(&mctx); 1590 EVP_MD_CTX_init(&mctx);
@@ -1784,6 +1593,4 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
1784 rv = X509_CRL_sign_ctx(x, &mctx); 1593 rv = X509_CRL_sign_ctx(x, &mctx);
1785 EVP_MD_CTX_cleanup(&mctx); 1594 EVP_MD_CTX_cleanup(&mctx);
1786 return rv > 0 ? 1 : 0; 1595 return rv > 0 ? 1 : 0;
1787 } 1596}
1788
1789
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
index b367f23551..e3f4989aeb 100644
--- a/src/lib/libssl/src/apps/rsa.c
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -97,312 +97,279 @@
97 97
98int MAIN(int, char **); 98int MAIN(int, char **);
99 99
100int MAIN(int argc, char **argv) 100int
101 { 101MAIN(int argc, char **argv)
102{
102 ENGINE *e = NULL; 103 ENGINE *e = NULL;
103 int ret=1; 104 int ret = 1;
104 RSA *rsa=NULL; 105 RSA *rsa = NULL;
105 int i,badops=0, sgckey=0; 106 int i, badops = 0, sgckey = 0;
106 const EVP_CIPHER *enc=NULL; 107 const EVP_CIPHER *enc = NULL;
107 BIO *out=NULL; 108 BIO *out = NULL;
108 int informat,outformat,text=0,check=0,noout=0; 109 int informat, outformat, text = 0, check = 0, noout = 0;
109 int pubin = 0, pubout = 0; 110 int pubin = 0, pubout = 0;
110 char *infile,*outfile,*prog; 111 char *infile, *outfile, *prog;
111 char *passargin = NULL, *passargout = NULL; 112 char *passargin = NULL, *passargout = NULL;
112 char *passin = NULL, *passout = NULL; 113 char *passin = NULL, *passout = NULL;
113#ifndef OPENSSL_NO_ENGINE 114#ifndef OPENSSL_NO_ENGINE
114 char *engine=NULL; 115 char *engine = NULL;
115#endif 116#endif
116 int modulus=0; 117 int modulus = 0;
117 118
118 int pvk_encr = 2; 119 int pvk_encr = 2;
119 120
120 apps_startup(); 121 apps_startup();
121 122
122 if (bio_err == NULL) 123 if (bio_err == NULL)
123 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 124 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
124 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 125 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
125 126
126 if (!load_config(bio_err, NULL)) 127 if (!load_config(bio_err, NULL))
127 goto end; 128 goto end;
128 129
129 infile=NULL; 130 infile = NULL;
130 outfile=NULL; 131 outfile = NULL;
131 informat=FORMAT_PEM; 132 informat = FORMAT_PEM;
132 outformat=FORMAT_PEM; 133 outformat = FORMAT_PEM;
133 134
134 prog=argv[0]; 135 prog = argv[0];
135 argc--; 136 argc--;
136 argv++; 137 argv++;
137 while (argc >= 1) 138 while (argc >= 1) {
138 { 139 if (strcmp(*argv, "-inform") == 0) {
139 if (strcmp(*argv,"-inform") == 0) 140 if (--argc < 1)
140 { 141 goto bad;
141 if (--argc < 1) goto bad; 142 informat = str2fmt(*(++argv));
142 informat=str2fmt(*(++argv)); 143 } else if (strcmp(*argv, "-outform") == 0) {
143 } 144 if (--argc < 1)
144 else if (strcmp(*argv,"-outform") == 0) 145 goto bad;
145 { 146 outformat = str2fmt(*(++argv));
146 if (--argc < 1) goto bad; 147 } else if (strcmp(*argv, "-in") == 0) {
147 outformat=str2fmt(*(++argv)); 148 if (--argc < 1)
148 } 149 goto bad;
149 else if (strcmp(*argv,"-in") == 0) 150 infile = *(++argv);
150 { 151 } else if (strcmp(*argv, "-out") == 0) {
151 if (--argc < 1) goto bad; 152 if (--argc < 1)
152 infile= *(++argv); 153 goto bad;
153 } 154 outfile = *(++argv);
154 else if (strcmp(*argv,"-out") == 0) 155 } else if (strcmp(*argv, "-passin") == 0) {
155 { 156 if (--argc < 1)
156 if (--argc < 1) goto bad; 157 goto bad;
157 outfile= *(++argv); 158 passargin = *(++argv);
158 } 159 } else if (strcmp(*argv, "-passout") == 0) {
159 else if (strcmp(*argv,"-passin") == 0) 160 if (--argc < 1)
160 { 161 goto bad;
161 if (--argc < 1) goto bad; 162 passargout = *(++argv);
162 passargin= *(++argv); 163 }
163 }
164 else if (strcmp(*argv,"-passout") == 0)
165 {
166 if (--argc < 1) goto bad;
167 passargout= *(++argv);
168 }
169#ifndef OPENSSL_NO_ENGINE 164#ifndef OPENSSL_NO_ENGINE
170 else if (strcmp(*argv,"-engine") == 0) 165 else if (strcmp(*argv, "-engine") == 0) {
171 { 166 if (--argc < 1)
172 if (--argc < 1) goto bad; 167 goto bad;
173 engine= *(++argv); 168 engine = *(++argv);
174 } 169 }
175#endif 170#endif
176 else if (strcmp(*argv,"-sgckey") == 0) 171 else if (strcmp(*argv, "-sgckey") == 0)
177 sgckey=1; 172 sgckey = 1;
178 else if (strcmp(*argv,"-pubin") == 0) 173 else if (strcmp(*argv, "-pubin") == 0)
179 pubin=1; 174 pubin = 1;
180 else if (strcmp(*argv,"-pubout") == 0) 175 else if (strcmp(*argv, "-pubout") == 0)
181 pubout=1; 176 pubout = 1;
182 else if (strcmp(*argv,"-RSAPublicKey_in") == 0) 177 else if (strcmp(*argv, "-RSAPublicKey_in") == 0)
183 pubin = 2; 178 pubin = 2;
184 else if (strcmp(*argv,"-RSAPublicKey_out") == 0) 179 else if (strcmp(*argv, "-RSAPublicKey_out") == 0)
185 pubout = 2; 180 pubout = 2;
186 else if (strcmp(*argv,"-pvk-strong") == 0) 181 else if (strcmp(*argv, "-pvk-strong") == 0)
187 pvk_encr=2; 182 pvk_encr = 2;
188 else if (strcmp(*argv,"-pvk-weak") == 0) 183 else if (strcmp(*argv, "-pvk-weak") == 0)
189 pvk_encr=1; 184 pvk_encr = 1;
190 else if (strcmp(*argv,"-pvk-none") == 0) 185 else if (strcmp(*argv, "-pvk-none") == 0)
191 pvk_encr=0; 186 pvk_encr = 0;
192 else if (strcmp(*argv,"-noout") == 0) 187 else if (strcmp(*argv, "-noout") == 0)
193 noout=1; 188 noout = 1;
194 else if (strcmp(*argv,"-text") == 0) 189 else if (strcmp(*argv, "-text") == 0)
195 text=1; 190 text = 1;
196 else if (strcmp(*argv,"-modulus") == 0) 191 else if (strcmp(*argv, "-modulus") == 0)
197 modulus=1; 192 modulus = 1;
198 else if (strcmp(*argv,"-check") == 0) 193 else if (strcmp(*argv, "-check") == 0)
199 check=1; 194 check = 1;
200 else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) 195 else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
201 { 196 BIO_printf(bio_err, "unknown option %s\n", *argv);
202 BIO_printf(bio_err,"unknown option %s\n",*argv); 197 badops = 1;
203 badops=1;
204 break; 198 break;
205 } 199 }
206 argc--; 200 argc--;
207 argv++; 201 argv++;
208 } 202 }
209 203
210 if (badops) 204 if (badops) {
211 {
212bad: 205bad:
213 BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); 206 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
214 BIO_printf(bio_err,"where options are\n"); 207 BIO_printf(bio_err, "where options are\n");
215 BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); 208 BIO_printf(bio_err, " -inform arg input format - one of DER NET PEM\n");
216 BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); 209 BIO_printf(bio_err, " -outform arg output format - one of DER NET PEM\n");
217 BIO_printf(bio_err," -in arg input file\n"); 210 BIO_printf(bio_err, " -in arg input file\n");
218 BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); 211 BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
219 BIO_printf(bio_err," -passin arg input file pass phrase source\n"); 212 BIO_printf(bio_err, " -passin arg input file pass phrase source\n");
220 BIO_printf(bio_err," -out arg output file\n"); 213 BIO_printf(bio_err, " -out arg output file\n");
221 BIO_printf(bio_err," -passout arg output file pass phrase source\n"); 214 BIO_printf(bio_err, " -passout arg output file pass phrase source\n");
222 BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); 215 BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n");
223 BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); 216 BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
224#ifndef OPENSSL_NO_IDEA 217#ifndef OPENSSL_NO_IDEA
225 BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); 218 BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n");
226#endif 219#endif
227#ifndef OPENSSL_NO_SEED 220#ifndef OPENSSL_NO_SEED
228 BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); 221 BIO_printf(bio_err, " -seed encrypt PEM output with cbc seed\n");
229#endif 222#endif
230#ifndef OPENSSL_NO_AES 223#ifndef OPENSSL_NO_AES
231 BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); 224 BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
232 BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); 225 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
233#endif 226#endif
234#ifndef OPENSSL_NO_CAMELLIA 227#ifndef OPENSSL_NO_CAMELLIA
235 BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); 228 BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
236 BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); 229 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
237#endif 230#endif
238 BIO_printf(bio_err," -text print the key in text\n"); 231 BIO_printf(bio_err, " -text print the key in text\n");
239 BIO_printf(bio_err," -noout don't print key out\n"); 232 BIO_printf(bio_err, " -noout don't print key out\n");
240 BIO_printf(bio_err," -modulus print the RSA key modulus\n"); 233 BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
241 BIO_printf(bio_err," -check verify key consistency\n"); 234 BIO_printf(bio_err, " -check verify key consistency\n");
242 BIO_printf(bio_err," -pubin expect a public key in input file\n"); 235 BIO_printf(bio_err, " -pubin expect a public key in input file\n");
243 BIO_printf(bio_err," -pubout output a public key\n"); 236 BIO_printf(bio_err, " -pubout output a public key\n");
244#ifndef OPENSSL_NO_ENGINE 237#ifndef OPENSSL_NO_ENGINE
245 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); 238 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
246#endif 239#endif
247 goto end; 240 goto end;
248 } 241 }
249
250 ERR_load_crypto_strings(); 242 ERR_load_crypto_strings();
251 243
252#ifndef OPENSSL_NO_ENGINE 244#ifndef OPENSSL_NO_ENGINE
253 e = setup_engine(bio_err, engine, 0); 245 e = setup_engine(bio_err, engine, 0);
254#endif 246#endif
255 247
256 if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 248 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
257 BIO_printf(bio_err, "Error getting passwords\n"); 249 BIO_printf(bio_err, "Error getting passwords\n");
258 goto end; 250 goto end;
259 } 251 }
260 252 if (check && pubin) {
261 if(check && pubin) {
262 BIO_printf(bio_err, "Only private keys can be checked\n"); 253 BIO_printf(bio_err, "Only private keys can be checked\n");
263 goto end; 254 goto end;
264 } 255 }
265 256 out = BIO_new(BIO_s_file());
266 out=BIO_new(BIO_s_file());
267 257
268 { 258 {
269 EVP_PKEY *pkey; 259 EVP_PKEY *pkey;
270 260
271 if (pubin) 261 if (pubin) {
272 { 262 int tmpformat = -1;
273 int tmpformat=-1; 263 if (pubin == 2) {
274 if (pubin == 2)
275 {
276 if (informat == FORMAT_PEM) 264 if (informat == FORMAT_PEM)
277 tmpformat = FORMAT_PEMRSA; 265 tmpformat = FORMAT_PEMRSA;
278 else if (informat == FORMAT_ASN1) 266 else if (informat == FORMAT_ASN1)
279 tmpformat = FORMAT_ASN1RSA; 267 tmpformat = FORMAT_ASN1RSA;
280 } 268 } else if (informat == FORMAT_NETSCAPE && sgckey)
281 else if (informat == FORMAT_NETSCAPE && sgckey)
282 tmpformat = FORMAT_IISSGC; 269 tmpformat = FORMAT_IISSGC;
283 else 270 else
284 tmpformat = informat; 271 tmpformat = informat;
285 272
286 pkey = load_pubkey(bio_err, infile, tmpformat, 1, 273 pkey = load_pubkey(bio_err, infile, tmpformat, 1,
287 passin, e, "Public Key"); 274 passin, e, "Public Key");
288 } 275 } else
289 else
290 pkey = load_key(bio_err, infile, 276 pkey = load_key(bio_err, infile,
291 (informat == FORMAT_NETSCAPE && sgckey ? 277 (informat == FORMAT_NETSCAPE && sgckey ?
292 FORMAT_IISSGC : informat), 1, 278 FORMAT_IISSGC : informat), 1,
293 passin, e, "Private Key"); 279 passin, e, "Private Key");
294 280
295 if (pkey != NULL) 281 if (pkey != NULL)
296 rsa = EVP_PKEY_get1_RSA(pkey); 282 rsa = EVP_PKEY_get1_RSA(pkey);
297 EVP_PKEY_free(pkey); 283 EVP_PKEY_free(pkey);
298 } 284 }
299 285
300 if (rsa == NULL) 286 if (rsa == NULL) {
301 {
302 ERR_print_errors(bio_err); 287 ERR_print_errors(bio_err);
303 goto end; 288 goto end;
304 } 289 }
305 290 if (outfile == NULL) {
306 if (outfile == NULL) 291 BIO_set_fp(out, stdout, BIO_NOCLOSE);
307 { 292 } else {
308 BIO_set_fp(out,stdout,BIO_NOCLOSE); 293 if (BIO_write_filename(out, outfile) <= 0) {
309 }
310 else
311 {
312 if (BIO_write_filename(out,outfile) <= 0)
313 {
314 perror(outfile); 294 perror(outfile);
315 goto end; 295 goto end;
316 }
317 } 296 }
297 }
318 298
319 if (text) 299 if (text)
320 if (!RSA_print(out,rsa,0)) 300 if (!RSA_print(out, rsa, 0)) {
321 {
322 perror(outfile); 301 perror(outfile);
323 ERR_print_errors(bio_err); 302 ERR_print_errors(bio_err);
324 goto end; 303 goto end;
325 }
326
327 if (modulus)
328 {
329 BIO_printf(out,"Modulus=");
330 BN_print(out,rsa->n);
331 BIO_printf(out,"\n");
332 } 304 }
333 305 if (modulus) {
334 if (check) 306 BIO_printf(out, "Modulus=");
335 { 307 BN_print(out, rsa->n);
308 BIO_printf(out, "\n");
309 }
310 if (check) {
336 int r = RSA_check_key(rsa); 311 int r = RSA_check_key(rsa);
337 312
338 if (r == 1) 313 if (r == 1)
339 BIO_printf(out,"RSA key ok\n"); 314 BIO_printf(out, "RSA key ok\n");
340 else if (r == 0) 315 else if (r == 0) {
341 {
342 unsigned long err; 316 unsigned long err;
343 317
344 while ((err = ERR_peek_error()) != 0 && 318 while ((err = ERR_peek_error()) != 0 &&
345 ERR_GET_LIB(err) == ERR_LIB_RSA && 319 ERR_GET_LIB(err) == ERR_LIB_RSA &&
346 ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && 320 ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
347 ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) 321 ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
348 {
349 BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); 322 BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
350 ERR_get_error(); /* remove e from error stack */ 323 ERR_get_error(); /* remove e from error
351 } 324 * stack */
352 } 325 }
353 326 }
354 if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ 327 if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
355 { 328 * r == -1 */
356 ERR_print_errors(bio_err); 329 ERR_print_errors(bio_err);
357 goto end; 330 goto end;
358 }
359 } 331 }
360 332 }
361 if (noout) 333 if (noout) {
362 {
363 ret = 0; 334 ret = 0;
364 goto end; 335 goto end;
365 } 336 }
366 BIO_printf(bio_err,"writing RSA key\n"); 337 BIO_printf(bio_err, "writing RSA key\n");
367 if (outformat == FORMAT_ASN1) { 338 if (outformat == FORMAT_ASN1) {
368 if(pubout || pubin) 339 if (pubout || pubin) {
369 {
370 if (pubout == 2) 340 if (pubout == 2)
371 i=i2d_RSAPublicKey_bio(out,rsa); 341 i = i2d_RSAPublicKey_bio(out, rsa);
372 else 342 else
373 i=i2d_RSA_PUBKEY_bio(out,rsa); 343 i = i2d_RSA_PUBKEY_bio(out, rsa);
374 } 344 } else
375 else i=i2d_RSAPrivateKey_bio(out,rsa); 345 i = i2d_RSAPrivateKey_bio(out, rsa);
376 } 346 }
377#ifndef OPENSSL_NO_RC4 347#ifndef OPENSSL_NO_RC4
378 else if (outformat == FORMAT_NETSCAPE) 348 else if (outformat == FORMAT_NETSCAPE) {
379 { 349 unsigned char *p, *pp;
380 unsigned char *p,*pp;
381 int size; 350 int size;
382 351
383 i=1; 352 i = 1;
384 size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); 353 size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
385 if ((p=(unsigned char *)malloc(size)) == NULL) 354 if ((p = (unsigned char *) malloc(size)) == NULL) {
386 { 355 BIO_printf(bio_err, "Memory allocation failure\n");
387 BIO_printf(bio_err,"Memory allocation failure\n");
388 goto end; 356 goto end;
389 }
390 pp=p;
391 i2d_RSA_NET(rsa,&p,NULL, sgckey);
392 BIO_write(out,(char *)pp,size);
393 free(pp);
394 } 357 }
358 pp = p;
359 i2d_RSA_NET(rsa, &p, NULL, sgckey);
360 BIO_write(out, (char *) pp, size);
361 free(pp);
362 }
395#endif 363#endif
396 else if (outformat == FORMAT_PEM) { 364 else if (outformat == FORMAT_PEM) {
397 if(pubout || pubin) 365 if (pubout || pubin) {
398 {
399 if (pubout == 2) 366 if (pubout == 2)
400 i=PEM_write_bio_RSAPublicKey(out,rsa); 367 i = PEM_write_bio_RSAPublicKey(out, rsa);
401 else 368 else
402 i=PEM_write_bio_RSA_PUBKEY(out,rsa); 369 i = PEM_write_bio_RSA_PUBKEY(out, rsa);
403 } 370 } else
404 else i=PEM_write_bio_RSAPrivateKey(out,rsa, 371 i = PEM_write_bio_RSAPrivateKey(out, rsa,
405 enc,NULL,0,NULL,passout); 372 enc, NULL, 0, NULL, passout);
406#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) 373#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
407 } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { 374 } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
408 EVP_PKEY *pk; 375 EVP_PKEY *pk;
@@ -416,29 +383,31 @@ bad:
416 i = i2b_PrivateKey_bio(out, pk); 383 i = i2b_PrivateKey_bio(out, pk);
417 EVP_PKEY_free(pk); 384 EVP_PKEY_free(pk);
418#endif 385#endif
419 } else { 386 } else {
420 BIO_printf(bio_err,"bad output format specified for outfile\n"); 387 BIO_printf(bio_err, "bad output format specified for outfile\n");
421 goto end; 388 goto end;
422 } 389 }
423 if (i <= 0) 390 if (i <= 0) {
424 { 391 BIO_printf(bio_err, "unable to write key\n");
425 BIO_printf(bio_err,"unable to write key\n");
426 ERR_print_errors(bio_err); 392 ERR_print_errors(bio_err);
427 } 393 } else
428 else 394 ret = 0;
429 ret=0;
430end: 395end:
431 if(out != NULL) BIO_free_all(out); 396 if (out != NULL)
432 if(rsa != NULL) RSA_free(rsa); 397 BIO_free_all(out);
433 if(passin) free(passin); 398 if (rsa != NULL)
434 if(passout) free(passout); 399 RSA_free(rsa);
400 if (passin)
401 free(passin);
402 if (passout)
403 free(passout);
435 apps_shutdown(); 404 apps_shutdown();
436 return(ret); 405 return (ret);
437 } 406}
438#else /* !OPENSSL_NO_RSA */ 407#else /* !OPENSSL_NO_RSA */
439 408
440# if PEDANTIC 409#if PEDANTIC
441static void *dummy=&dummy; 410static void *dummy = &dummy;
442# endif 411#endif
443 412
444#endif 413#endif
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index ba9758c94b..9b8a040853 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -82,7 +82,8 @@ static void usage(void);
82 82
83int MAIN(int argc, char **); 83int MAIN(int argc, char **);
84 84
85int MAIN(int argc, char **argv) 85int
86MAIN(int argc, char **argv)
86{ 87{
87 ENGINE *e = NULL; 88 ENGINE *e = NULL;
88 BIO *in = NULL, *out = NULL; 89 BIO *in = NULL, *out = NULL;
@@ -108,71 +109,81 @@ int MAIN(int argc, char **argv)
108 argc--; 109 argc--;
109 argv++; 110 argv++;
110 111
111 if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 112 if (!bio_err)
113 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
112 114
113 if (!load_config(bio_err, NULL)) 115 if (!load_config(bio_err, NULL))
114 goto end; 116 goto end;
115 ERR_load_crypto_strings(); 117 ERR_load_crypto_strings();
116 OpenSSL_add_all_algorithms(); 118 OpenSSL_add_all_algorithms();
117 pad = RSA_PKCS1_PADDING; 119 pad = RSA_PKCS1_PADDING;
118 120
119 while(argc >= 1) 121 while (argc >= 1) {
120 { 122 if (!strcmp(*argv, "-in")) {
121 if (!strcmp(*argv,"-in")) {
122 if (--argc < 1) 123 if (--argc < 1)
123 badarg = 1; 124 badarg = 1;
124 else 125 else
125 infile= *(++argv); 126 infile = *(++argv);
126 } else if (!strcmp(*argv,"-out")) { 127 } else if (!strcmp(*argv, "-out")) {
127 if (--argc < 1) 128 if (--argc < 1)
128 badarg = 1; 129 badarg = 1;
129 else 130 else
130 outfile= *(++argv); 131 outfile = *(++argv);
131 } else if(!strcmp(*argv, "-inkey")) { 132 } else if (!strcmp(*argv, "-inkey")) {
132 if (--argc < 1) 133 if (--argc < 1)
133 badarg = 1; 134 badarg = 1;
134 else 135 else
135 keyfile = *(++argv); 136 keyfile = *(++argv);
136 } else if (!strcmp(*argv,"-passin")) { 137 } else if (!strcmp(*argv, "-passin")) {
137 if (--argc < 1) 138 if (--argc < 1)
138 badarg = 1; 139 badarg = 1;
139 else 140 else
140 passargin= *(++argv); 141 passargin = *(++argv);
141 } else if (strcmp(*argv,"-keyform") == 0) { 142 } else if (strcmp(*argv, "-keyform") == 0) {
142 if (--argc < 1) 143 if (--argc < 1)
143 badarg = 1; 144 badarg = 1;
144 else 145 else
145 keyform=str2fmt(*(++argv)); 146 keyform = str2fmt(*(++argv));
146#ifndef OPENSSL_NO_ENGINE 147#ifndef OPENSSL_NO_ENGINE
147 } else if(!strcmp(*argv, "-engine")) { 148 } else if (!strcmp(*argv, "-engine")) {
148 if (--argc < 1) 149 if (--argc < 1)
149 badarg = 1; 150 badarg = 1;
150 else 151 else
151 engine = *(++argv); 152 engine = *(++argv);
152#endif 153#endif
153 } else if(!strcmp(*argv, "-pubin")) { 154 } else if (!strcmp(*argv, "-pubin")) {
154 key_type = KEY_PUBKEY; 155 key_type = KEY_PUBKEY;
155 } else if(!strcmp(*argv, "-certin")) { 156 } else if (!strcmp(*argv, "-certin")) {
156 key_type = KEY_CERT; 157 key_type = KEY_CERT;
157 } 158 } else if (!strcmp(*argv, "-asn1parse"))
158 else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; 159 asn1parse = 1;
159 else if(!strcmp(*argv, "-hexdump")) hexdump = 1; 160 else if (!strcmp(*argv, "-hexdump"))
160 else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; 161 hexdump = 1;
161 else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; 162 else if (!strcmp(*argv, "-raw"))
162 else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; 163 pad = RSA_NO_PADDING;
163 else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; 164 else if (!strcmp(*argv, "-oaep"))
164 else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; 165 pad = RSA_PKCS1_OAEP_PADDING;
165 else if(!strcmp(*argv, "-sign")) { 166 else if (!strcmp(*argv, "-ssl"))
167 pad = RSA_SSLV23_PADDING;
168 else if (!strcmp(*argv, "-pkcs"))
169 pad = RSA_PKCS1_PADDING;
170 else if (!strcmp(*argv, "-x931"))
171 pad = RSA_X931_PADDING;
172 else if (!strcmp(*argv, "-sign")) {
166 rsa_mode = RSA_SIGN; 173 rsa_mode = RSA_SIGN;
167 need_priv = 1; 174 need_priv = 1;
168 } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY; 175 } else if (!strcmp(*argv, "-verify"))
169 else if(!strcmp(*argv, "-rev")) rev = 1; 176 rsa_mode = RSA_VERIFY;
170 else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT; 177 else if (!strcmp(*argv, "-rev"))
171 else if(!strcmp(*argv, "-decrypt")) { 178 rev = 1;
179 else if (!strcmp(*argv, "-encrypt"))
180 rsa_mode = RSA_ENCRYPT;
181 else if (!strcmp(*argv, "-decrypt")) {
172 rsa_mode = RSA_DECRYPT; 182 rsa_mode = RSA_DECRYPT;
173 need_priv = 1; 183 need_priv = 1;
174 } else badarg = 1; 184 } else
175 if(badarg) { 185 badarg = 1;
186 if (badarg) {
176 usage(); 187 usage();
177 goto end; 188 goto end;
178 } 189 }
@@ -180,69 +191,65 @@ int MAIN(int argc, char **argv)
180 argv++; 191 argv++;
181 } 192 }
182 193
183 if(need_priv && (key_type != KEY_PRIVKEY)) { 194 if (need_priv && (key_type != KEY_PRIVKEY)) {
184 BIO_printf(bio_err, "A private key is needed for this operation\n"); 195 BIO_printf(bio_err, "A private key is needed for this operation\n");
185 goto end; 196 goto end;
186 } 197 }
187
188#ifndef OPENSSL_NO_ENGINE 198#ifndef OPENSSL_NO_ENGINE
189 e = setup_engine(bio_err, engine, 0); 199 e = setup_engine(bio_err, engine, 0);
190#endif 200#endif
191 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 201 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
192 BIO_printf(bio_err, "Error getting password\n"); 202 BIO_printf(bio_err, "Error getting password\n");
193 goto end; 203 goto end;
194 } 204 }
195
196/* FIXME: seed PRNG only if needed */ 205/* FIXME: seed PRNG only if needed */
197 app_RAND_load_file(NULL, bio_err, 0); 206 app_RAND_load_file(NULL, bio_err, 0);
198 207
199 switch(key_type) { 208 switch (key_type) {
200 case KEY_PRIVKEY: 209 case KEY_PRIVKEY:
201 pkey = load_key(bio_err, keyfile, keyform, 0, 210 pkey = load_key(bio_err, keyfile, keyform, 0,
202 passin, e, "Private Key"); 211 passin, e, "Private Key");
203 break; 212 break;
204 213
205 case KEY_PUBKEY: 214 case KEY_PUBKEY:
206 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 215 pkey = load_pubkey(bio_err, keyfile, keyform, 0,
207 NULL, e, "Public Key"); 216 NULL, e, "Public Key");
208 break; 217 break;
209 218
210 case KEY_CERT: 219 case KEY_CERT:
211 x = load_cert(bio_err, keyfile, keyform, 220 x = load_cert(bio_err, keyfile, keyform,
212 NULL, e, "Certificate"); 221 NULL, e, "Certificate");
213 if(x) { 222 if (x) {
214 pkey = X509_get_pubkey(x); 223 pkey = X509_get_pubkey(x);
215 X509_free(x); 224 X509_free(x);
216 } 225 }
217 break; 226 break;
218 } 227 }
219 228
220 if(!pkey) { 229 if (!pkey) {
221 return 1; 230 return 1;
222 } 231 }
223
224 rsa = EVP_PKEY_get1_RSA(pkey); 232 rsa = EVP_PKEY_get1_RSA(pkey);
225 EVP_PKEY_free(pkey); 233 EVP_PKEY_free(pkey);
226 234
227 if(!rsa) { 235 if (!rsa) {
228 BIO_printf(bio_err, "Error getting RSA key\n"); 236 BIO_printf(bio_err, "Error getting RSA key\n");
229 ERR_print_errors(bio_err); 237 ERR_print_errors(bio_err);
230 goto end; 238 goto end;
231 } 239 }
232 240 if (infile) {
233 241 if (!(in = BIO_new_file(infile, "rb"))) {
234 if(infile) {
235 if(!(in = BIO_new_file(infile, "rb"))) {
236 BIO_printf(bio_err, "Error Reading Input File\n"); 242 BIO_printf(bio_err, "Error Reading Input File\n");
237 ERR_print_errors(bio_err); 243 ERR_print_errors(bio_err);
238 goto end; 244 goto end;
239 } 245 }
240 } else in = BIO_new_fp(stdin, BIO_NOCLOSE); 246 } else
247 in = BIO_new_fp(stdin, BIO_NOCLOSE);
241 248
242 if(outfile) { 249 if (outfile) {
243 if(!(out = BIO_new_file(outfile, "wb"))) { 250 if (!(out = BIO_new_file(outfile, "wb"))) {
244 BIO_printf(bio_err, "Error Reading Output File\n"); 251 BIO_printf(bio_err, "Error Reading Output File\n");
245 ERR_print_errors(bio_err); 252 ERR_print_errors(bio_err);
246 goto end; 253 goto end;
247 } 254 }
248 } else { 255 } else {
@@ -256,62 +263,68 @@ int MAIN(int argc, char **argv)
256 263
257 /* Read the input data */ 264 /* Read the input data */
258 rsa_inlen = BIO_read(in, rsa_in, keysize * 2); 265 rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
259 if(rsa_inlen <= 0) { 266 if (rsa_inlen <= 0) {
260 BIO_printf(bio_err, "Error reading input Data\n"); 267 BIO_printf(bio_err, "Error reading input Data\n");
261 exit(1); 268 exit(1);
262 } 269 }
263 if(rev) { 270 if (rev) {
264 int i; 271 int i;
265 unsigned char ctmp; 272 unsigned char ctmp;
266 for(i = 0; i < rsa_inlen/2; i++) { 273 for (i = 0; i < rsa_inlen / 2; i++) {
267 ctmp = rsa_in[i]; 274 ctmp = rsa_in[i];
268 rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; 275 rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
269 rsa_in[rsa_inlen - 1 - i] = ctmp; 276 rsa_in[rsa_inlen - 1 - i] = ctmp;
270 } 277 }
271 } 278 }
272 switch(rsa_mode) { 279 switch (rsa_mode) {
273 280
274 case RSA_VERIFY: 281 case RSA_VERIFY:
275 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 282 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
276 break; 283 break;
277 284
278 case RSA_SIGN: 285 case RSA_SIGN:
279 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 286 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
280 break; 287 break;
281 288
282 case RSA_ENCRYPT: 289 case RSA_ENCRYPT:
283 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 290 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
284 break; 291 break;
285 292
286 case RSA_DECRYPT: 293 case RSA_DECRYPT:
287 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 294 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
288 break; 295 break;
289 296
290 } 297 }
291 298
292 if(rsa_outlen <= 0) { 299 if (rsa_outlen <= 0) {
293 BIO_printf(bio_err, "RSA operation error\n"); 300 BIO_printf(bio_err, "RSA operation error\n");
294 ERR_print_errors(bio_err); 301 ERR_print_errors(bio_err);
295 goto end; 302 goto end;
296 } 303 }
297 ret = 0; 304 ret = 0;
298 if(asn1parse) { 305 if (asn1parse) {
299 if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { 306 if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
300 ERR_print_errors(bio_err); 307 ERR_print_errors(bio_err);
301 } 308 }
302 } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen); 309 } else if (hexdump)
303 else BIO_write(out, rsa_out, rsa_outlen); 310 BIO_dump(out, (char *) rsa_out, rsa_outlen);
304 end: 311 else
312 BIO_write(out, rsa_out, rsa_outlen);
313end:
305 RSA_free(rsa); 314 RSA_free(rsa);
306 BIO_free(in); 315 BIO_free(in);
307 BIO_free_all(out); 316 BIO_free_all(out);
308 if(rsa_in) free(rsa_in); 317 if (rsa_in)
309 if(rsa_out) free(rsa_out); 318 free(rsa_in);
310 if(passin) free(passin); 319 if (rsa_out)
320 free(rsa_out);
321 if (passin)
322 free(passin);
311 return ret; 323 return ret;
312} 324}
313 325
314static void usage() 326static void
327usage()
315{ 328{
316 BIO_printf(bio_err, "Usage: rsautl [options]\n"); 329 BIO_printf(bio_err, "Usage: rsautl [options]\n");
317 BIO_printf(bio_err, "-in file input file\n"); 330 BIO_printf(bio_err, "-in file input file\n");
@@ -331,15 +344,15 @@ static void usage()
331 BIO_printf(bio_err, "-hexdump hex dump output\n"); 344 BIO_printf(bio_err, "-hexdump hex dump output\n");
332#ifndef OPENSSL_NO_ENGINE 345#ifndef OPENSSL_NO_ENGINE
333 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); 346 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
334 BIO_printf (bio_err, "-passin arg pass phrase source\n"); 347 BIO_printf(bio_err, "-passin arg pass phrase source\n");
335#endif 348#endif
336 349
337} 350}
338 351
339#else /* !OPENSSL_NO_RSA */ 352#else /* !OPENSSL_NO_RSA */
340 353
341# if PEDANTIC 354#if PEDANTIC
342static void *dummy=&dummy; 355static void *dummy = &dummy;
343# endif 356#endif
344 357
345#endif 358#endif
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
index b5dc40c53a..1d1a2bd6df 100644
--- a/src/lib/libssl/src/apps/s_cb.c
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -133,7 +133,7 @@ unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
133int cookie_initialized = 0; 133int cookie_initialized = 0;
134 134
135int 135int
136verify_callback(int ok, X509_STORE_CTX *ctx) 136verify_callback(int ok, X509_STORE_CTX * ctx)
137{ 137{
138 X509 *err_cert; 138 X509 *err_cert;
139 int err, depth; 139 int err, depth;
@@ -192,7 +192,7 @@ verify_callback(int ok, X509_STORE_CTX *ctx)
192} 192}
193 193
194int 194int
195set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 195set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)
196{ 196{
197 if (cert_file != NULL) { 197 if (cert_file != NULL) {
198 /* 198 /*
@@ -201,7 +201,7 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
201 */ 201 */
202 202
203 if (SSL_CTX_use_certificate_file(ctx, cert_file, 203 if (SSL_CTX_use_certificate_file(ctx, cert_file,
204 SSL_FILETYPE_PEM) <= 0) { 204 SSL_FILETYPE_PEM) <= 0) {
205 BIO_printf(bio_err, 205 BIO_printf(bio_err,
206 "unable to get certificate from '%s'\n", cert_file); 206 "unable to get certificate from '%s'\n", cert_file);
207 ERR_print_errors(bio_err); 207 ERR_print_errors(bio_err);
@@ -210,13 +210,12 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
210 if (key_file == NULL) 210 if (key_file == NULL)
211 key_file = cert_file; 211 key_file = cert_file;
212 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, 212 if (SSL_CTX_use_PrivateKey_file(ctx, key_file,
213 SSL_FILETYPE_PEM) <= 0) { 213 SSL_FILETYPE_PEM) <= 0) {
214 BIO_printf(bio_err, 214 BIO_printf(bio_err,
215 "unable to get private key from '%s'\n", key_file); 215 "unable to get private key from '%s'\n", key_file);
216 ERR_print_errors(bio_err); 216 ERR_print_errors(bio_err);
217 return (0); 217 return (0);
218 } 218 }
219
220 /* 219 /*
221 In theory this is no longer needed 220 In theory this is no longer needed
222 ssl=SSL_new(ctx); 221 ssl=SSL_new(ctx);
@@ -232,12 +231,16 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
232 SSL_free(ssl); 231 SSL_free(ssl);
233 */ 232 */
234 233
235 /* If we are using DSA, we can copy the parameters from 234 /*
236 * the private key */ 235 * If we are using DSA, we can copy the parameters from the
236 * private key
237 */
237 238
238 239
239 /* Now we know that a key and cert have been set against 240 /*
240 * the SSL context */ 241 * Now we know that a key and cert have been set against the
242 * SSL context
243 */
241 if (!SSL_CTX_check_private_key(ctx)) { 244 if (!SSL_CTX_check_private_key(ctx)) {
242 BIO_printf(bio_err, 245 BIO_printf(bio_err,
243 "Private key does not match the certificate public key\n"); 246 "Private key does not match the certificate public key\n");
@@ -248,9 +251,9 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
248} 251}
249 252
250int 253int
251set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 254set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
252{ 255{
253 if (cert == NULL) 256 if (cert == NULL)
254 return 1; 257 return 1;
255 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 258 if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
256 BIO_printf(bio_err, "error setting certificate\n"); 259 BIO_printf(bio_err, "error setting certificate\n");
@@ -262,9 +265,10 @@ set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
262 ERR_print_errors(bio_err); 265 ERR_print_errors(bio_err);
263 return 0; 266 return 0;
264 } 267 }
265 268 /*
266 /* Now we know that a key and cert have been set against 269 * Now we know that a key and cert have been set against the SSL
267 * the SSL context */ 270 * context
271 */
268 if (!SSL_CTX_check_private_key(ctx)) { 272 if (!SSL_CTX_check_private_key(ctx)) {
269 BIO_printf(bio_err, 273 BIO_printf(bio_err,
270 "Private key does not match the certificate public key\n"); 274 "Private key does not match the certificate public key\n");
@@ -274,32 +278,32 @@ set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
274} 278}
275 279
276long 280long
277bio_dump_callback(BIO *bio, int cmd, const char *argp, 281bio_dump_callback(BIO * bio, int cmd, const char *argp,
278 int argi, long argl, long ret) 282 int argi, long argl, long ret)
279{ 283{
280 BIO *out; 284 BIO *out;
281 285
282 out = (BIO *)BIO_get_callback_arg(bio); 286 out = (BIO *) BIO_get_callback_arg(bio);
283 if (out == NULL) 287 if (out == NULL)
284 return (ret); 288 return (ret);
285 289
286 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { 290 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
287 BIO_printf(out, 291 BIO_printf(out,
288 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 292 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
289 (void *)bio, argp, (unsigned long)argi, ret, ret); 293 (void *) bio, argp, (unsigned long) argi, ret, ret);
290 BIO_dump(out, argp, (int)ret); 294 BIO_dump(out, argp, (int) ret);
291 return (ret); 295 return (ret);
292 } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { 296 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
293 BIO_printf(out, 297 BIO_printf(out,
294 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 298 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
295 (void *)bio, argp, (unsigned long)argi, ret, ret); 299 (void *) bio, argp, (unsigned long) argi, ret, ret);
296 BIO_dump(out, argp, (int)ret); 300 BIO_dump(out, argp, (int) ret);
297 } 301 }
298 return (ret); 302 return (ret);
299} 303}
300 304
301void 305void
302apps_ssl_info_callback(const SSL *s, int where, int ret) 306apps_ssl_info_callback(const SSL * s, int where, int ret)
303{ 307{
304 const char *str; 308 const char *str;
305 int w; 309 int w;
@@ -333,10 +337,11 @@ apps_ssl_info_callback(const SSL *s, int where, int ret)
333 337
334 338
335void 339void
336msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) 340msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg)
337{ 341{
338 BIO *bio = arg; 342 BIO *bio = arg;
339 const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; 343 const char *str_write_p, *str_version, *str_content_type = "",
344 *str_details1 = "", *str_details2 = "";
340 345
341 str_write_p = write_p ? ">>>" : "<<<"; 346 str_write_p = write_p ? ">>>" : "<<<";
342 347
@@ -370,12 +375,12 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
370 str_details1 = "???"; 375 str_details1 = "???";
371 376
372 if (len > 0) { 377 if (len > 0) {
373 switch (((const unsigned char*)buf)[0]) { 378 switch (((const unsigned char *) buf)[0]) {
374 case 0: 379 case 0:
375 str_details1 = ", ERROR:"; 380 str_details1 = ", ERROR:";
376 str_details2 = " ???"; 381 str_details2 = " ???";
377 if (len >= 3) { 382 if (len >= 3) {
378 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; 383 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
379 384
380 switch (err) { 385 switch (err) {
381 case 0x0001: 386 case 0x0001:
@@ -392,7 +397,6 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
392 break; 397 break;
393 } 398 }
394 } 399 }
395
396 break; 400 break;
397 case 1: 401 case 1:
398 str_details1 = ", CLIENT-HELLO"; 402 str_details1 = ", CLIENT-HELLO";
@@ -421,7 +425,6 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
421 } 425 }
422 } 426 }
423 } 427 }
424
425 if (version == SSL3_VERSION || version == TLS1_VERSION || 428 if (version == SSL3_VERSION || version == TLS1_VERSION ||
426 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 429 version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
427 version == DTLS1_VERSION || version == DTLS1_BAD_VER) { 430 version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
@@ -437,12 +440,11 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
437 break; 440 break;
438 } 441 }
439 442
440 if (content_type == 21) /* Alert */ 443 if (content_type == 21) { /* Alert */
441 {
442 str_details1 = ", ???"; 444 str_details1 = ", ???";
443 445
444 if (len == 2) { 446 if (len == 2) {
445 switch (((const unsigned char*)buf)[0]) { 447 switch (((const unsigned char *) buf)[0]) {
446 case 1: 448 case 1:
447 str_details1 = ", warning"; 449 str_details1 = ", warning";
448 break; 450 break;
@@ -452,7 +454,7 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
452 } 454 }
453 455
454 str_details2 = " ???"; 456 str_details2 = " ???";
455 switch (((const unsigned char*)buf)[1]) { 457 switch (((const unsigned char *) buf)[1]) {
456 case 0: 458 case 0:
457 str_details2 = " close_notify"; 459 str_details2 = " close_notify";
458 break; 460 break;
@@ -543,13 +545,11 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
543 } 545 }
544 } 546 }
545 } 547 }
546 548 if (content_type == 22) { /* Handshake */
547 if (content_type == 22) /* Handshake */
548 {
549 str_details1 = "???"; 549 str_details1 = "???";
550 550
551 if (len > 0) { 551 if (len > 0) {
552 switch (((const unsigned char*)buf)[0]) { 552 switch (((const unsigned char *) buf)[0]) {
553 case 0: 553 case 0:
554 str_details1 = ", HelloRequest"; 554 str_details1 = ", HelloRequest";
555 break; 555 break;
@@ -587,9 +587,8 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
587 } 587 }
588 } 588 }
589 } 589 }
590
591 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 590 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p,
592 str_version, str_content_type, (unsigned long)len, 591 str_version, str_content_type, (unsigned long) len,
593 str_details1, str_details2); 592 str_details1, str_details2);
594 593
595 if (len > 0) { 594 if (len > 0) {
@@ -605,17 +604,17 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len,
605 if (i % 16 == 0 && i > 0) 604 if (i % 16 == 0 && i > 0)
606 BIO_printf(bio, "\n "); 605 BIO_printf(bio, "\n ");
607 BIO_printf(bio, " %02x", 606 BIO_printf(bio, " %02x",
608 ((const unsigned char*)buf)[i]); 607 ((const unsigned char *) buf)[i]);
609 } 608 }
610 if (i < len) 609 if (i < len)
611 BIO_printf(bio, " ..."); 610 BIO_printf(bio, " ...");
612 BIO_printf(bio, "\n"); 611 BIO_printf(bio, "\n");
613 } 612 }
614 (void)BIO_flush(bio); 613 (void) BIO_flush(bio);
615} 614}
616 615
617void 616void
618tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, 617tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,
619 void *arg) 618 void *arg)
620{ 619{
621 BIO *bio = arg; 620 BIO *bio = arg;
@@ -713,12 +712,12 @@ tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len,
713 712
714 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 713 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
715 client_server ? "server" : "client", extname, type, len); 714 client_server ? "server" : "client", extname, type, len);
716 BIO_dump(bio, (char *)data, len); 715 BIO_dump(bio, (char *) data, len);
717 (void)BIO_flush(bio); 716 (void) BIO_flush(bio);
718} 717}
719 718
720int 719int
721generate_cookie_callback(SSL *ssl, unsigned char *cookie, 720generate_cookie_callback(SSL * ssl, unsigned char *cookie,
722 unsigned int *cookie_len) 721 unsigned int *cookie_len)
723{ 722{
724 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 723 unsigned char *buffer, result[EVP_MAX_MD_SIZE];
@@ -740,9 +739,8 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie,
740 } 739 }
741 cookie_initialized = 1; 740 cookie_initialized = 1;
742 } 741 }
743
744 /* Read peer information */ 742 /* Read peer information */
745 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 743 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
746 744
747 /* Create buffer with peer's address and port */ 745 /* Create buffer with peer's address and port */
748 length = 0; 746 length = 0;
@@ -767,7 +765,6 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie,
767 BIO_printf(bio_err, "out of memory\n"); 765 BIO_printf(bio_err, "out of memory\n");
768 return 0; 766 return 0;
769 } 767 }
770
771 switch (peer.sa.sa_family) { 768 switch (peer.sa.sa_family) {
772 case AF_INET: 769 case AF_INET:
773 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 770 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
@@ -798,7 +795,7 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie,
798} 795}
799 796
800int 797int
801verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) 798verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len)
802{ 799{
803 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 800 unsigned char *buffer, result[EVP_MAX_MD_SIZE];
804 unsigned int length, resultlength; 801 unsigned int length, resultlength;
@@ -815,7 +812,7 @@ verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
815 return 0; 812 return 0;
816 813
817 /* Read peer information */ 814 /* Read peer information */
818 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 815 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
819 816
820 /* Create buffer with peer's address and port */ 817 /* Create buffer with peer's address and port */
821 length = 0; 818 length = 0;
@@ -840,7 +837,6 @@ verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
840 BIO_printf(bio_err, "out of memory\n"); 837 BIO_printf(bio_err, "out of memory\n");
841 return 0; 838 return 0;
842 } 839 }
843
844 switch (peer.sa.sa_family) { 840 switch (peer.sa.sa_family) {
845 case AF_INET: 841 case AF_INET:
846 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 842 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index d7552b1f1f..20b0ace583 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -174,7 +174,7 @@
174/*#define SSL_HOST_NAME "193.118.187.102" */ 174/*#define SSL_HOST_NAME "193.118.187.102" */
175#define SSL_HOST_NAME "localhost" 175#define SSL_HOST_NAME "localhost"
176 176
177/*#define TEST_CERT "client.pem" */ /* no default cert. */ 177 /*#define TEST_CERT "client.pem" *//* no default cert. */
178 178
179#undef BUFSIZZ 179#undef BUFSIZZ
180#define BUFSIZZ 1024*8 180#define BUFSIZZ 1024*8
@@ -184,247 +184,247 @@ extern int verify_error;
184extern int verify_return_error; 184extern int verify_return_error;
185 185
186#ifdef FIONBIO 186#ifdef FIONBIO
187static int c_nbio=0; 187static int c_nbio = 0;
188#endif 188#endif
189static int c_Pause=0; 189static int c_Pause = 0;
190static int c_debug=0; 190static int c_debug = 0;
191#ifndef OPENSSL_NO_TLSEXT 191#ifndef OPENSSL_NO_TLSEXT
192static int c_tlsextdebug=0; 192static int c_tlsextdebug = 0;
193static int c_status_req=0; 193static int c_status_req = 0;
194#endif 194#endif
195static int c_msg=0; 195static int c_msg = 0;
196static int c_showcerts=0; 196static int c_showcerts = 0;
197 197
198static char *keymatexportlabel=NULL; 198static char *keymatexportlabel = NULL;
199static int keymatexportlen=20; 199static int keymatexportlen = 20;
200 200
201static void sc_usage(void); 201static void sc_usage(void);
202static void print_stuff(BIO *berr,SSL *con,int full); 202static void print_stuff(BIO * berr, SSL * con, int full);
203#ifndef OPENSSL_NO_TLSEXT 203#ifndef OPENSSL_NO_TLSEXT
204static int ocsp_resp_cb(SSL *s, void *arg); 204static int ocsp_resp_cb(SSL * s, void *arg);
205#endif 205#endif
206static BIO *bio_c_out=NULL; 206static BIO *bio_c_out = NULL;
207static int c_quiet=0; 207static int c_quiet = 0;
208static int c_ign_eof=0; 208static int c_ign_eof = 0;
209 209
210#ifndef OPENSSL_NO_PSK 210#ifndef OPENSSL_NO_PSK
211/* Default PSK identity and key */ 211/* Default PSK identity and key */
212static char *psk_identity="Client_identity"; 212static char *psk_identity = "Client_identity";
213/*char *psk_key=NULL; by default PSK is not used */ 213/*char *psk_key=NULL; by default PSK is not used */
214 214
215static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, 215static unsigned int
216 unsigned int max_identity_len, unsigned char *psk, 216psk_client_cb(SSL * ssl, const char *hint, char *identity,
217 unsigned int max_psk_len) 217 unsigned int max_identity_len, unsigned char *psk,
218 { 218 unsigned int max_psk_len)
219{
219 unsigned int psk_len = 0; 220 unsigned int psk_len = 0;
220 size_t maxlen = 0; 221 size_t maxlen = 0;
221 int ret; 222 int ret;
222 BIGNUM *bn=NULL; 223 BIGNUM *bn = NULL;
223 224
224 if (c_debug) 225 if (c_debug)
225 BIO_printf(bio_c_out, "psk_client_cb\n"); 226 BIO_printf(bio_c_out, "psk_client_cb\n");
226 if (max_identity_len > INT_MAX) 227 if (max_identity_len > INT_MAX)
227 goto out_err; 228 goto out_err;
228 maxlen = max_identity_len; 229 maxlen = max_identity_len;
229 if (!hint) 230 if (!hint) {
230 { 231 /* no ServerKeyExchange message */
231 /* no ServerKeyExchange message*/
232 if (c_debug) 232 if (c_debug)
233 BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n"); 233 BIO_printf(bio_c_out, "NULL received PSK identity hint, continuing anyway\n");
234 } 234 } else if (c_debug)
235 else if (c_debug)
236 BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); 235 BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
237 236
238 /* lookup PSK identity and PSK key based on the given identity hint here */ 237 /*
238 * lookup PSK identity and PSK key based on the given identity hint
239 * here
240 */
239 ret = snprintf(identity, maxlen, "%s", psk_identity); 241 ret = snprintf(identity, maxlen, "%s", psk_identity);
240 if (ret == -1 || ret >= maxlen) 242 if (ret == -1 || ret >= maxlen)
241 goto out_err; 243 goto out_err;
242 if (c_debug) 244 if (c_debug)
243 BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret); 245 BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
244 ret=BN_hex2bn(&bn, psk_key); 246 ret = BN_hex2bn(&bn, psk_key);
245 if (!ret) 247 if (!ret) {
246 { 248 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key);
247 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); 249 if (bn)
248 if (bn) 250 BN_free(bn);
249 BN_free(bn); 251 return 0;
250 return 0; 252 }
251 } 253 if ((unsigned int) BN_num_bytes(bn) > max_psk_len) {
252 254 BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
253 if ((unsigned int)BN_num_bytes(bn) > max_psk_len) 255 max_psk_len, BN_num_bytes(bn));
254 { 256 BN_free(bn);
255 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", 257 return 0;
256 max_psk_len, BN_num_bytes(bn)); 258 }
257 BN_free(bn); 259 psk_len = BN_bn2bin(bn, psk);
258 return 0; 260 BN_free(bn);
259 } 261 if (psk_len == 0)
260 262 goto out_err;
261 psk_len=BN_bn2bin(bn, psk);
262 BN_free(bn);
263 if (psk_len == 0)
264 goto out_err;
265 263
266 if (c_debug) 264 if (c_debug)
267 BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); 265 BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
268 266
269 return psk_len; 267 return psk_len;
270 out_err: 268out_err:
271 if (c_debug) 269 if (c_debug)
272 BIO_printf(bio_err, "Error in PSK client callback\n"); 270 BIO_printf(bio_err, "Error in PSK client callback\n");
273 return 0; 271 return 0;
274 } 272}
275#endif 273#endif
276 274
277static void sc_usage(void) 275static void
278 { 276sc_usage(void)
279 BIO_printf(bio_err,"usage: s_client args\n"); 277{
280 BIO_printf(bio_err,"\n"); 278 BIO_printf(bio_err, "usage: s_client args\n");
281 BIO_printf(bio_err," -4 - Force IPv4\n"); 279 BIO_printf(bio_err, "\n");
282 BIO_printf(bio_err," -6 - Force IPv6\n"); 280 BIO_printf(bio_err, " -4 - Force IPv4\n");
283 BIO_printf(bio_err," -host host - use -connect instead\n"); 281 BIO_printf(bio_err, " -6 - Force IPv6\n");
284 BIO_printf(bio_err," -port port - use -connect instead\n"); 282 BIO_printf(bio_err, " -host host - use -connect instead\n");
285 BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); 283 BIO_printf(bio_err, " -port port - use -connect instead\n");
286 284 BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR);
287 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 285
288 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); 286 BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n");
289 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); 287 BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n");
290 BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); 288 BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
291 BIO_printf(bio_err," not specified but cert file is.\n"); 289 BIO_printf(bio_err, " -key arg - Private key file to use, in cert file if\n");
292 BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); 290 BIO_printf(bio_err, " not specified but cert file is.\n");
293 BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); 291 BIO_printf(bio_err, " -keyform arg - key format (PEM or DER) PEM default\n");
294 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 292 BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n");
295 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 293 BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
296 BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); 294 BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
297 BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); 295 BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n");
298 BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); 296 BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n");
299 BIO_printf(bio_err," -debug - extra output\n"); 297 BIO_printf(bio_err, " -showcerts - show all certificates in the chain\n");
298 BIO_printf(bio_err, " -debug - extra output\n");
300#ifdef WATT32 299#ifdef WATT32
301 BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); 300 BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
302#endif 301#endif
303 BIO_printf(bio_err," -msg - Show protocol messages\n"); 302 BIO_printf(bio_err, " -msg - Show protocol messages\n");
304 BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); 303 BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n");
305 BIO_printf(bio_err," -state - print the 'ssl' states\n"); 304 BIO_printf(bio_err, " -state - print the 'ssl' states\n");
306#ifdef FIONBIO 305#ifdef FIONBIO
307 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 306 BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
308#endif 307#endif
309 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 308 BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n");
310 BIO_printf(bio_err," -quiet - no s_client output\n"); 309 BIO_printf(bio_err, " -quiet - no s_client output\n");
311 BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); 310 BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n");
312 BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); 311 BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n");
313#ifndef OPENSSL_NO_PSK 312#ifndef OPENSSL_NO_PSK
314 BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); 313 BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
315 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); 314 BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
316# ifndef OPENSSL_NO_JPAKE 315#ifndef OPENSSL_NO_JPAKE
317 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); 316 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
318# endif 317#endif
319#endif 318#endif
320#ifndef OPENSSL_NO_SRP 319#ifndef OPENSSL_NO_SRP
321 BIO_printf(bio_err," -srpuser user - SRP authentification for 'user'\n"); 320 BIO_printf(bio_err, " -srpuser user - SRP authentification for 'user'\n");
322 BIO_printf(bio_err," -srppass arg - password for 'user'\n"); 321 BIO_printf(bio_err, " -srppass arg - password for 'user'\n");
323 BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n"); 322 BIO_printf(bio_err, " -srp_lateuser - SRP username into second ClientHello message\n");
324 BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n"); 323 BIO_printf(bio_err, " -srp_moregroups - Tolerate other than the known g N values.\n");
325 BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N); 324 BIO_printf(bio_err, " -srp_strength int - minimal mength in bits for N (default %d).\n", SRP_MINIMAL_N);
326#endif 325#endif
327 BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); 326 BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
328 BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n"); 327 BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
329 BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); 328 BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n");
330 BIO_printf(bio_err," -tls1 - just use TLSv1\n"); 329 BIO_printf(bio_err, " -tls1 - just use TLSv1\n");
331 BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); 330 BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n");
332 BIO_printf(bio_err," -mtu - set the link layer MTU\n"); 331 BIO_printf(bio_err, " -mtu - set the link layer MTU\n");
333 BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); 332 BIO_printf(bio_err, " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
334 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); 333 BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n");
335 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 334 BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
336 BIO_printf(bio_err," command to see what is available\n"); 335 BIO_printf(bio_err, " command to see what is available\n");
337 BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); 336 BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n");
338 BIO_printf(bio_err," for those protocols that support it, where\n"); 337 BIO_printf(bio_err, " for those protocols that support it, where\n");
339 BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); 338 BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n");
340 BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 339 BIO_printf(bio_err, " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
341 BIO_printf(bio_err," are supported.\n"); 340 BIO_printf(bio_err, " are supported.\n");
342#ifndef OPENSSL_NO_ENGINE 341#ifndef OPENSSL_NO_ENGINE
343 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 342 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
344#endif 343#endif
345 BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':'); 344 BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':');
346 BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); 345 BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
347 BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); 346 BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n");
348#ifndef OPENSSL_NO_TLSEXT 347#ifndef OPENSSL_NO_TLSEXT
349 BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); 348 BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n");
350 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 349 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
351 BIO_printf(bio_err," -status - request certificate status from server\n"); 350 BIO_printf(bio_err, " -status - request certificate status from server\n");
352 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 351 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
353# ifndef OPENSSL_NO_NEXTPROTONEG 352#ifndef OPENSSL_NO_NEXTPROTONEG
354 BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 353 BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
355# endif 354#endif
356#endif 355#endif
357 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 356 BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
358#ifndef OPENSSL_NO_SRTP 357#ifndef OPENSSL_NO_SRTP
359 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 358 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
360#endif 359#endif
361 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); 360 BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n");
362 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 361 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
363 } 362}
364 363
365#ifndef OPENSSL_NO_TLSEXT 364#ifndef OPENSSL_NO_TLSEXT
366 365
367/* This is a context that we pass to callbacks */ 366/* This is a context that we pass to callbacks */
368typedef struct tlsextctx_st { 367typedef struct tlsextctx_st {
369 BIO * biodebug; 368 BIO *biodebug;
370 int ack; 369 int ack;
371} tlsextctx; 370} tlsextctx;
372 371
373 372
374static int ssl_servername_cb(SSL *s, int *ad, void *arg) 373static int
375 { 374ssl_servername_cb(SSL * s, int *ad, void *arg)
376 tlsextctx * p = (tlsextctx *) arg; 375{
377 const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 376 tlsextctx *p = (tlsextctx *) arg;
378 if (SSL_get_servername_type(s) != -1) 377 const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
379 p->ack = !SSL_session_reused(s) && hn != NULL; 378 if (SSL_get_servername_type(s) != -1)
380 else 379 p->ack = !SSL_session_reused(s) && hn != NULL;
381 BIO_printf(bio_err,"Can't use SSL_get_servername\n"); 380 else
382 381 BIO_printf(bio_err, "Can't use SSL_get_servername\n");
382
383 return SSL_TLSEXT_ERR_OK; 383 return SSL_TLSEXT_ERR_OK;
384 } 384}
385 385
386#ifndef OPENSSL_NO_SRP 386#ifndef OPENSSL_NO_SRP
387 387
388/* This is a context that we pass to all callbacks */ 388/* This is a context that we pass to all callbacks */
389typedef struct srp_arg_st 389typedef struct srp_arg_st {
390 {
391 char *srppassin; 390 char *srppassin;
392 char *srplogin; 391 char *srplogin;
393 int msg; /* copy from c_msg */ 392 int msg; /* copy from c_msg */
394 int debug; /* copy from c_debug */ 393 int debug; /* copy from c_debug */
395 int amp; /* allow more groups */ 394 int amp; /* allow more groups */
396 int strength /* minimal size for N */ ; 395 int strength /* minimal size for N */ ;
397 } SRP_ARG; 396} SRP_ARG;
398 397
399#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 398#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
400 399
401static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) 400static int
402 { 401srp_Verify_N_and_g(BIGNUM * N, BIGNUM * g)
402{
403 BN_CTX *bn_ctx = BN_CTX_new(); 403 BN_CTX *bn_ctx = BN_CTX_new();
404 BIGNUM *p = BN_new(); 404 BIGNUM *p = BN_new();
405 BIGNUM *r = BN_new(); 405 BIGNUM *r = BN_new();
406 int ret = 406 int ret =
407 g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && 407 g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
408 BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 408 BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
409 p != NULL && BN_rshift1(p, N) && 409 p != NULL && BN_rshift1(p, N) &&
410 410
411 /* p = (N-1)/2 */ 411 /* p = (N-1)/2 */
412 BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && 412 BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
413 r != NULL && 413 r != NULL &&
414 414
415 /* verify g^((N-1)/2) == -1 (mod N) */ 415 /* verify g^((N-1)/2) == -1 (mod N) */
416 BN_mod_exp(r, g, p, N, bn_ctx) && 416 BN_mod_exp(r, g, p, N, bn_ctx) &&
417 BN_add_word(r, 1) && 417 BN_add_word(r, 1) &&
418 BN_cmp(r, N) == 0; 418 BN_cmp(r, N) == 0;
419 419
420 if(r) 420 if (r)
421 BN_free(r); 421 BN_free(r);
422 if(p) 422 if (p)
423 BN_free(p); 423 BN_free(p);
424 if(bn_ctx) 424 if (bn_ctx)
425 BN_CTX_free(bn_ctx); 425 BN_CTX_free(bn_ctx);
426 return ret; 426 return ret;
427 } 427}
428 428
429/* This callback is used here for two purposes: 429/* This callback is used here for two purposes:
430 - extended debugging 430 - extended debugging
@@ -432,34 +432,34 @@ static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
432 The callback is only called for a non default group. 432 The callback is only called for a non default group.
433 433
434 An application does not need the call back at all if 434 An application does not need the call back at all if
435 only the stanard groups are used. In real life situations, 435 only the stanard groups are used. In real life situations,
436 client and server already share well known groups, 436 client and server already share well known groups,
437 thus there is no need to verify them. 437 thus there is no need to verify them.
438 Furthermore, in case that a server actually proposes a group that 438 Furthermore, in case that a server actually proposes a group that
439 is not one of those defined in RFC 5054, it is more appropriate 439 is not one of those defined in RFC 5054, it is more appropriate
440 to add the group to a static list and then compare since 440 to add the group to a static list and then compare since
441 primality tests are rather cpu consuming. 441 primality tests are rather cpu consuming.
442*/ 442*/
443 443
444static int ssl_srp_verify_param_cb(SSL *s, void *arg) 444static int
445 { 445ssl_srp_verify_param_cb(SSL * s, void *arg)
446 SRP_ARG *srp_arg = (SRP_ARG *)arg; 446{
447 SRP_ARG *srp_arg = (SRP_ARG *) arg;
447 BIGNUM *N = NULL, *g = NULL; 448 BIGNUM *N = NULL, *g = NULL;
448 if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) 449 if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
449 return 0; 450 return 0;
450 if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) 451 if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
451 { 452 BIO_printf(bio_err, "SRP parameters:\n");
452 BIO_printf(bio_err, "SRP parameters:\n"); 453 BIO_printf(bio_err, "\tN=");
453 BIO_printf(bio_err,"\tN="); BN_print(bio_err,N); 454 BN_print(bio_err, N);
454 BIO_printf(bio_err,"\n\tg="); BN_print(bio_err,g); 455 BIO_printf(bio_err, "\n\tg=");
455 BIO_printf(bio_err,"\n"); 456 BN_print(bio_err, g);
456 } 457 BIO_printf(bio_err, "\n");
457 458 }
458 if (SRP_check_known_gN_param(g,N)) 459 if (SRP_check_known_gN_param(g, N))
459 return 1; 460 return 1;
460 461
461 if (srp_arg->amp == 1) 462 if (srp_arg->amp == 1) {
462 {
463 if (srp_arg->debug) 463 if (srp_arg->debug)
464 BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n"); 464 BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
465 465
@@ -467,41 +467,41 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg)
467 Implementors should rather add the value to the known ones. 467 Implementors should rather add the value to the known ones.
468 The minimal size has already been tested. 468 The minimal size has already been tested.
469*/ 469*/
470 if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g)) 470 if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
471 return 1; 471 return 1;
472 } 472 }
473 BIO_printf(bio_err, "SRP param N and g rejected.\n"); 473 BIO_printf(bio_err, "SRP param N and g rejected.\n");
474 return 0; 474 return 0;
475 } 475}
476 476
477#define PWD_STRLEN 1024 477#define PWD_STRLEN 1024
478 478
479static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 479static char *
480 { 480ssl_give_srp_client_pwd_cb(SSL * s, void *arg)
481 SRP_ARG *srp_arg = (SRP_ARG *)arg; 481{
482 char *pass = (char *)malloc(PWD_STRLEN+1); 482 SRP_ARG *srp_arg = (SRP_ARG *) arg;
483 char *pass = (char *) malloc(PWD_STRLEN + 1);
483 PW_CB_DATA cb_tmp; 484 PW_CB_DATA cb_tmp;
484 int l; 485 int l;
485 486
486 cb_tmp.password = (char *)srp_arg->srppassin; 487 cb_tmp.password = (char *) srp_arg->srppassin;
487 cb_tmp.prompt_info = "SRP user"; 488 cb_tmp.prompt_info = "SRP user";
488 if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp))<0) 489 if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
489 { 490 BIO_printf(bio_err, "Can't read Password\n");
490 BIO_printf (bio_err, "Can't read Password\n");
491 free(pass); 491 free(pass);
492 return NULL; 492 return NULL;
493 } 493 }
494 *(pass+l)= '\0'; 494 *(pass + l) = '\0';
495 495
496 return pass; 496 return pass;
497 } 497}
498 498
499#endif 499#endif
500#ifndef OPENSSL_NO_SRTP 500#ifndef OPENSSL_NO_SRTP
501 char *srtp_profiles = NULL; 501char *srtp_profiles = NULL;
502#endif 502#endif
503 503
504# ifndef OPENSSL_NO_NEXTPROTONEG 504#ifndef OPENSSL_NO_NEXTPROTONEG
505/* This the context that we pass to next_proto_cb */ 505/* This the context that we pass to next_proto_cb */
506typedef struct tlsextnextprotoctx_st { 506typedef struct tlsextnextprotoctx_st {
507 unsigned char *data; 507 unsigned char *data;
@@ -511,34 +511,31 @@ typedef struct tlsextnextprotoctx_st {
511 511
512static tlsextnextprotoctx next_proto; 512static tlsextnextprotoctx next_proto;
513 513
514static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) 514static int
515 { 515next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
516{
516 tlsextnextprotoctx *ctx = arg; 517 tlsextnextprotoctx *ctx = arg;
517 518
518 if (!c_quiet) 519 if (!c_quiet) {
519 {
520 /* We can assume that |in| is syntactically valid. */ 520 /* We can assume that |in| is syntactically valid. */
521 unsigned i; 521 unsigned i;
522 BIO_printf(bio_c_out, "Protocols advertised by server: "); 522 BIO_printf(bio_c_out, "Protocols advertised by server: ");
523 for (i = 0; i < inlen; ) 523 for (i = 0; i < inlen;) {
524 {
525 if (i) 524 if (i)
526 BIO_write(bio_c_out, ", ", 2); 525 BIO_write(bio_c_out, ", ", 2);
527 BIO_write(bio_c_out, &in[i + 1], in[i]); 526 BIO_write(bio_c_out, &in[i + 1], in[i]);
528 i += in[i] + 1; 527 i += in[i] + 1;
529 }
530 BIO_write(bio_c_out, "\n", 1);
531 } 528 }
532 529 BIO_write(bio_c_out, "\n", 1);
530 }
533 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 531 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
534 return SSL_TLSEXT_ERR_OK; 532 return SSL_TLSEXT_ERR_OK;
535 } 533}
536# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 534#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
537#endif 535#endif
538 536
539enum 537enum {
540{ 538 PROTO_OFF = 0,
541 PROTO_OFF = 0,
542 PROTO_SMTP, 539 PROTO_SMTP,
543 PROTO_POP3, 540 PROTO_POP3,
544 PROTO_IMAP, 541 PROTO_IMAP,
@@ -548,439 +545,406 @@ enum
548 545
549int MAIN(int, char **); 546int MAIN(int, char **);
550 547
551int MAIN(int argc, char **argv) 548int
552 { 549MAIN(int argc, char **argv)
553 unsigned int off=0, clr=0; 550{
554 SSL *con=NULL; 551 unsigned int off = 0, clr = 0;
552 SSL *con = NULL;
555#ifndef OPENSSL_NO_KRB5 553#ifndef OPENSSL_NO_KRB5
556 KSSL_CTX *kctx; 554 KSSL_CTX *kctx;
557#endif 555#endif
558 int s,k,width,state=0, af=AF_UNSPEC; 556 int s, k, width, state = 0, af = AF_UNSPEC;
559 char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; 557 char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
560 int cbuf_len,cbuf_off; 558 int cbuf_len, cbuf_off;
561 int sbuf_len,sbuf_off; 559 int sbuf_len, sbuf_off;
562 fd_set readfds,writefds; 560 fd_set readfds, writefds;
563 char *port=PORT_STR; 561 char *port = PORT_STR;
564 int full_log=1; 562 int full_log = 1;
565 char *host=SSL_HOST_NAME; 563 char *host = SSL_HOST_NAME;
566 char *cert_file=NULL,*key_file=NULL; 564 char *cert_file = NULL, *key_file = NULL;
567 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; 565 int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
568 char *passarg = NULL, *pass = NULL; 566 char *passarg = NULL, *pass = NULL;
569 X509 *cert = NULL; 567 X509 *cert = NULL;
570 EVP_PKEY *key = NULL; 568 EVP_PKEY *key = NULL;
571 char *CApath=NULL,*CAfile=NULL,*cipher=NULL; 569 char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
572 int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; 570 int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
573 int crlf=0; 571 int crlf = 0;
574 int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; 572 int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
575 SSL_CTX *ctx=NULL; 573 SSL_CTX *ctx = NULL;
576 int ret=1,in_init=1,i,nbio_test=0; 574 int ret = 1, in_init = 1, i, nbio_test = 0;
577 int starttls_proto = PROTO_OFF; 575 int starttls_proto = PROTO_OFF;
578 int prexit = 0; 576 int prexit = 0;
579 X509_VERIFY_PARAM *vpm = NULL; 577 X509_VERIFY_PARAM *vpm = NULL;
580 int badarg = 0; 578 int badarg = 0;
581 const SSL_METHOD *meth=NULL; 579 const SSL_METHOD *meth = NULL;
582 int socket_type=SOCK_STREAM; 580 int socket_type = SOCK_STREAM;
583 BIO *sbio; 581 BIO *sbio;
584 char *inrand=NULL; 582 char *inrand = NULL;
585 int mbuf_len=0; 583 int mbuf_len = 0;
586 struct timeval timeout, *timeoutp; 584 struct timeval timeout, *timeoutp;
587#ifndef OPENSSL_NO_ENGINE 585#ifndef OPENSSL_NO_ENGINE
588 char *engine_id=NULL; 586 char *engine_id = NULL;
589 char *ssl_client_engine_id=NULL; 587 char *ssl_client_engine_id = NULL;
590 ENGINE *ssl_client_engine=NULL; 588 ENGINE *ssl_client_engine = NULL;
591#endif 589#endif
592 ENGINE *e=NULL; 590 ENGINE *e = NULL;
593#ifndef OPENSSL_NO_TLSEXT 591#ifndef OPENSSL_NO_TLSEXT
594 char *servername = NULL; 592 char *servername = NULL;
595 tlsextctx tlsextcbp = 593 tlsextctx tlsextcbp =
596 {NULL,0}; 594 {NULL, 0};
597# ifndef OPENSSL_NO_NEXTPROTONEG 595#ifndef OPENSSL_NO_NEXTPROTONEG
598 const char *next_proto_neg_in = NULL; 596 const char *next_proto_neg_in = NULL;
599# endif 597#endif
600#endif 598#endif
601 char *sess_in = NULL; 599 char *sess_in = NULL;
602 char *sess_out = NULL; 600 char *sess_out = NULL;
603 struct sockaddr peer; 601 struct sockaddr peer;
604 int peerlen = sizeof(peer); 602 int peerlen = sizeof(peer);
605 int enable_timeouts = 0 ; 603 int enable_timeouts = 0;
606 long socket_mtu = 0; 604 long socket_mtu = 0;
607#ifndef OPENSSL_NO_JPAKE 605#ifndef OPENSSL_NO_JPAKE
608 char *jpake_secret = NULL; 606 char *jpake_secret = NULL;
609#endif 607#endif
610#ifndef OPENSSL_NO_SRP 608#ifndef OPENSSL_NO_SRP
611 char * srppass = NULL; 609 char *srppass = NULL;
612 int srp_lateuser = 0; 610 int srp_lateuser = 0;
613 SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024}; 611 SRP_ARG srp_arg = {NULL, NULL, 0, 0, 0, 1024};
614#endif 612#endif
615 613
616 meth=SSLv23_client_method(); 614 meth = SSLv23_client_method();
617 615
618 apps_startup(); 616 apps_startup();
619 c_Pause=0; 617 c_Pause = 0;
620 c_quiet=0; 618 c_quiet = 0;
621 c_ign_eof=0; 619 c_ign_eof = 0;
622 c_debug=0; 620 c_debug = 0;
623 c_msg=0; 621 c_msg = 0;
624 c_showcerts=0; 622 c_showcerts = 0;
625 623
626 if (bio_err == NULL) 624 if (bio_err == NULL)
627 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 625 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
628 626
629 if (!load_config(bio_err, NULL)) 627 if (!load_config(bio_err, NULL))
630 goto end; 628 goto end;
631 629
632 if ( ((cbuf=malloc(BUFSIZZ)) == NULL) || 630 if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
633 ((sbuf=malloc(BUFSIZZ)) == NULL) || 631 ((sbuf = malloc(BUFSIZZ)) == NULL) ||
634 ((mbuf=malloc(BUFSIZZ + 1)) == NULL)) /* NUL byte */ 632 ((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */
635 { 633 BIO_printf(bio_err, "out of memory\n");
636 BIO_printf(bio_err,"out of memory\n");
637 goto end; 634 goto end;
638 } 635 }
639 636 verify_depth = 0;
640 verify_depth=0; 637 verify_error = X509_V_OK;
641 verify_error=X509_V_OK;
642#ifdef FIONBIO 638#ifdef FIONBIO
643 c_nbio=0; 639 c_nbio = 0;
644#endif 640#endif
645 641
646 argc--; 642 argc--;
647 argv++; 643 argv++;
648 while (argc >= 1) 644 while (argc >= 1) {
649 { 645 if (strcmp(*argv, "-host") == 0) {
650 if (strcmp(*argv,"-host") == 0) 646 if (--argc < 1)
651 { 647 goto bad;
652 if (--argc < 1) goto bad; 648 host = *(++argv);
653 host= *(++argv); 649 } else if (strcmp(*argv, "-port") == 0) {
654 } 650 if (--argc < 1)
655 else if (strcmp(*argv,"-port") == 0) 651 goto bad;
656 { 652 port = *(++argv);
657 if (--argc < 1) goto bad; 653 if (port == NULL || *port == '\0')
658 port= *(++argv); 654 goto bad;
659 if (port == NULL || *port == '\0') goto bad; 655 } else if (strcmp(*argv, "-connect") == 0) {
660 } 656 if (--argc < 1)
661 else if (strcmp(*argv,"-connect") == 0) 657 goto bad;
662 { 658 if (!extract_host_port(*(++argv), &host, NULL, &port))
663 if (--argc < 1) goto bad; 659 goto bad;
664 if (!extract_host_port(*(++argv),&host,NULL,&port)) 660 } else if (strcmp(*argv, "-verify") == 0) {
661 verify = SSL_VERIFY_PEER;
662 if (--argc < 1)
663 goto bad;
664 verify_depth = atoi(*(++argv));
665 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
666 } else if (strcmp(*argv, "-cert") == 0) {
667 if (--argc < 1)
668 goto bad;
669 cert_file = *(++argv);
670 } else if (strcmp(*argv, "-sess_out") == 0) {
671 if (--argc < 1)
665 goto bad; 672 goto bad;
666 }
667 else if (strcmp(*argv,"-verify") == 0)
668 {
669 verify=SSL_VERIFY_PEER;
670 if (--argc < 1) goto bad;
671 verify_depth=atoi(*(++argv));
672 BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
673 }
674 else if (strcmp(*argv,"-cert") == 0)
675 {
676 if (--argc < 1) goto bad;
677 cert_file= *(++argv);
678 }
679 else if (strcmp(*argv,"-sess_out") == 0)
680 {
681 if (--argc < 1) goto bad;
682 sess_out = *(++argv); 673 sess_out = *(++argv);
683 } 674 } else if (strcmp(*argv, "-sess_in") == 0) {
684 else if (strcmp(*argv,"-sess_in") == 0) 675 if (--argc < 1)
685 { 676 goto bad;
686 if (--argc < 1) goto bad;
687 sess_in = *(++argv); 677 sess_in = *(++argv);
688 } 678 } else if (strcmp(*argv, "-certform") == 0) {
689 else if (strcmp(*argv,"-certform") == 0) 679 if (--argc < 1)
690 { 680 goto bad;
691 if (--argc < 1) goto bad;
692 cert_format = str2fmt(*(++argv)); 681 cert_format = str2fmt(*(++argv));
693 } 682 } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
694 else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
695 {
696 if (badarg) 683 if (badarg)
697 goto bad; 684 goto bad;
698 continue; 685 continue;
699 } 686 } else if (strcmp(*argv, "-verify_return_error") == 0)
700 else if (strcmp(*argv,"-verify_return_error") == 0)
701 verify_return_error = 1; 687 verify_return_error = 1;
702 else if (strcmp(*argv,"-prexit") == 0) 688 else if (strcmp(*argv, "-prexit") == 0)
703 prexit=1; 689 prexit = 1;
704 else if (strcmp(*argv,"-crlf") == 0) 690 else if (strcmp(*argv, "-crlf") == 0)
705 crlf=1; 691 crlf = 1;
706 else if (strcmp(*argv,"-quiet") == 0) 692 else if (strcmp(*argv, "-quiet") == 0) {
707 { 693 c_quiet = 1;
708 c_quiet=1; 694 c_ign_eof = 1;
709 c_ign_eof=1; 695 } else if (strcmp(*argv, "-ign_eof") == 0)
710 } 696 c_ign_eof = 1;
711 else if (strcmp(*argv,"-ign_eof") == 0) 697 else if (strcmp(*argv, "-no_ign_eof") == 0)
712 c_ign_eof=1; 698 c_ign_eof = 0;
713 else if (strcmp(*argv,"-no_ign_eof") == 0) 699 else if (strcmp(*argv, "-pause") == 0)
714 c_ign_eof=0; 700 c_Pause = 1;
715 else if (strcmp(*argv,"-pause") == 0) 701 else if (strcmp(*argv, "-debug") == 0)
716 c_Pause=1; 702 c_debug = 1;
717 else if (strcmp(*argv,"-debug") == 0)
718 c_debug=1;
719#ifndef OPENSSL_NO_TLSEXT 703#ifndef OPENSSL_NO_TLSEXT
720 else if (strcmp(*argv,"-tlsextdebug") == 0) 704 else if (strcmp(*argv, "-tlsextdebug") == 0)
721 c_tlsextdebug=1; 705 c_tlsextdebug = 1;
722 else if (strcmp(*argv,"-status") == 0) 706 else if (strcmp(*argv, "-status") == 0)
723 c_status_req=1; 707 c_status_req = 1;
724#endif 708#endif
725#ifdef WATT32 709#ifdef WATT32
726 else if (strcmp(*argv,"-wdebug") == 0) 710 else if (strcmp(*argv, "-wdebug") == 0)
727 dbug_init(); 711 dbug_init();
728#endif 712#endif
729 else if (strcmp(*argv,"-msg") == 0) 713 else if (strcmp(*argv, "-msg") == 0)
730 c_msg=1; 714 c_msg = 1;
731 else if (strcmp(*argv,"-showcerts") == 0) 715 else if (strcmp(*argv, "-showcerts") == 0)
732 c_showcerts=1; 716 c_showcerts = 1;
733 else if (strcmp(*argv,"-nbio_test") == 0) 717 else if (strcmp(*argv, "-nbio_test") == 0)
734 nbio_test=1; 718 nbio_test = 1;
735 else if (strcmp(*argv,"-state") == 0) 719 else if (strcmp(*argv, "-state") == 0)
736 state=1; 720 state = 1;
737#ifndef OPENSSL_NO_PSK 721#ifndef OPENSSL_NO_PSK
738 else if (strcmp(*argv,"-psk_identity") == 0) 722 else if (strcmp(*argv, "-psk_identity") == 0) {
739 { 723 if (--argc < 1)
740 if (--argc < 1) goto bad; 724 goto bad;
741 psk_identity=*(++argv); 725 psk_identity = *(++argv);
742 } 726 } else if (strcmp(*argv, "-psk") == 0) {
743 else if (strcmp(*argv,"-psk") == 0) 727 size_t j;
744 { 728
745 size_t j; 729 if (--argc < 1)
746 730 goto bad;
747 if (--argc < 1) goto bad; 731 psk_key = *(++argv);
748 psk_key=*(++argv); 732 for (j = 0; j < strlen(psk_key); j++) {
749 for (j = 0; j < strlen(psk_key); j++) 733 if (isxdigit((unsigned char) psk_key[j]))
750 { 734 continue;
751 if (isxdigit((unsigned char)psk_key[j])) 735 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
752 continue; 736 goto bad;
753 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
754 goto bad;
755 }
756 } 737 }
738 }
757#endif 739#endif
758#ifndef OPENSSL_NO_SRP 740#ifndef OPENSSL_NO_SRP
759 else if (strcmp(*argv,"-srpuser") == 0) 741 else if (strcmp(*argv, "-srpuser") == 0) {
760 { 742 if (--argc < 1)
761 if (--argc < 1) goto bad; 743 goto bad;
762 srp_arg.srplogin= *(++argv); 744 srp_arg.srplogin = *(++argv);
763 meth=TLSv1_client_method(); 745 meth = TLSv1_client_method();
764 } 746 } else if (strcmp(*argv, "-srppass") == 0) {
765 else if (strcmp(*argv,"-srppass") == 0) 747 if (--argc < 1)
766 { 748 goto bad;
767 if (--argc < 1) goto bad; 749 srppass = *(++argv);
768 srppass= *(++argv); 750 meth = TLSv1_client_method();
769 meth=TLSv1_client_method(); 751 } else if (strcmp(*argv, "-srp_strength") == 0) {
770 } 752 if (--argc < 1)
771 else if (strcmp(*argv,"-srp_strength") == 0) 753 goto bad;
772 { 754 srp_arg.strength = atoi(*(++argv));
773 if (--argc < 1) goto bad; 755 BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength);
774 srp_arg.strength=atoi(*(++argv)); 756 meth = TLSv1_client_method();
775 BIO_printf(bio_err,"SRP minimal length for N is %d\n",srp_arg.strength); 757 } else if (strcmp(*argv, "-srp_lateuser") == 0) {
776 meth=TLSv1_client_method(); 758 srp_lateuser = 1;
777 } 759 meth = TLSv1_client_method();
778 else if (strcmp(*argv,"-srp_lateuser") == 0) 760 } else if (strcmp(*argv, "-srp_moregroups") == 0) {
779 { 761 srp_arg.amp = 1;
780 srp_lateuser= 1; 762 meth = TLSv1_client_method();
781 meth=TLSv1_client_method(); 763 }
782 }
783 else if (strcmp(*argv,"-srp_moregroups") == 0)
784 {
785 srp_arg.amp=1;
786 meth=TLSv1_client_method();
787 }
788#endif 764#endif
789 else if (strcmp(*argv,"-ssl3") == 0) 765 else if (strcmp(*argv, "-ssl3") == 0)
790 meth=SSLv3_client_method(); 766 meth = SSLv3_client_method();
791 else if (strcmp(*argv,"-tls1_2") == 0) 767 else if (strcmp(*argv, "-tls1_2") == 0)
792 meth=TLSv1_2_client_method(); 768 meth = TLSv1_2_client_method();
793 else if (strcmp(*argv,"-tls1_1") == 0) 769 else if (strcmp(*argv, "-tls1_1") == 0)
794 meth=TLSv1_1_client_method(); 770 meth = TLSv1_1_client_method();
795 else if (strcmp(*argv,"-tls1") == 0) 771 else if (strcmp(*argv, "-tls1") == 0)
796 meth=TLSv1_client_method(); 772 meth = TLSv1_client_method();
797#ifndef OPENSSL_NO_DTLS1 773#ifndef OPENSSL_NO_DTLS1
798 else if (strcmp(*argv,"-dtls1") == 0) 774 else if (strcmp(*argv, "-dtls1") == 0) {
799 { 775 meth = DTLSv1_client_method();
800 meth=DTLSv1_client_method(); 776 socket_type = SOCK_DGRAM;
801 socket_type=SOCK_DGRAM; 777 } else if (strcmp(*argv, "-timeout") == 0)
802 } 778 enable_timeouts = 1;
803 else if (strcmp(*argv,"-timeout") == 0) 779 else if (strcmp(*argv, "-mtu") == 0) {
804 enable_timeouts=1; 780 if (--argc < 1)
805 else if (strcmp(*argv,"-mtu") == 0) 781 goto bad;
806 {
807 if (--argc < 1) goto bad;
808 socket_mtu = atol(*(++argv)); 782 socket_mtu = atol(*(++argv));
809 } 783 }
810#endif 784#endif
811 else if (strcmp(*argv,"-bugs") == 0) 785 else if (strcmp(*argv, "-bugs") == 0)
812 bugs=1; 786 bugs = 1;
813 else if (strcmp(*argv,"-keyform") == 0) 787 else if (strcmp(*argv, "-keyform") == 0) {
814 { 788 if (--argc < 1)
815 if (--argc < 1) goto bad; 789 goto bad;
816 key_format = str2fmt(*(++argv)); 790 key_format = str2fmt(*(++argv));
817 } 791 } else if (strcmp(*argv, "-pass") == 0) {
818 else if (strcmp(*argv,"-pass") == 0) 792 if (--argc < 1)
819 { 793 goto bad;
820 if (--argc < 1) goto bad;
821 passarg = *(++argv); 794 passarg = *(++argv);
822 } 795 } else if (strcmp(*argv, "-key") == 0) {
823 else if (strcmp(*argv,"-key") == 0) 796 if (--argc < 1)
824 { 797 goto bad;
825 if (--argc < 1) goto bad; 798 key_file = *(++argv);
826 key_file= *(++argv); 799 } else if (strcmp(*argv, "-reconnect") == 0) {
827 } 800 reconnect = 5;
828 else if (strcmp(*argv,"-reconnect") == 0) 801 } else if (strcmp(*argv, "-CApath") == 0) {
829 { 802 if (--argc < 1)
830 reconnect=5; 803 goto bad;
831 } 804 CApath = *(++argv);
832 else if (strcmp(*argv,"-CApath") == 0) 805 } else if (strcmp(*argv, "-CAfile") == 0) {
833 { 806 if (--argc < 1)
834 if (--argc < 1) goto bad; 807 goto bad;
835 CApath= *(++argv); 808 CAfile = *(++argv);
836 } 809 } else if (strcmp(*argv, "-no_tls1_2") == 0)
837 else if (strcmp(*argv,"-CAfile") == 0) 810 off |= SSL_OP_NO_TLSv1_2;
838 { 811 else if (strcmp(*argv, "-no_tls1_1") == 0)
839 if (--argc < 1) goto bad; 812 off |= SSL_OP_NO_TLSv1_1;
840 CAfile= *(++argv); 813 else if (strcmp(*argv, "-no_tls1") == 0)
841 } 814 off |= SSL_OP_NO_TLSv1;
842 else if (strcmp(*argv,"-no_tls1_2") == 0) 815 else if (strcmp(*argv, "-no_ssl3") == 0)
843 off|=SSL_OP_NO_TLSv1_2; 816 off |= SSL_OP_NO_SSLv3;
844 else if (strcmp(*argv,"-no_tls1_1") == 0) 817 else if (strcmp(*argv, "-no_ssl2") == 0)
845 off|=SSL_OP_NO_TLSv1_1; 818 off |= SSL_OP_NO_SSLv2;
846 else if (strcmp(*argv,"-no_tls1") == 0) 819 else if (strcmp(*argv, "-no_comp") == 0) {
847 off|=SSL_OP_NO_TLSv1; 820 off |= SSL_OP_NO_COMPRESSION;
848 else if (strcmp(*argv,"-no_ssl3") == 0) 821 }
849 off|=SSL_OP_NO_SSLv3;
850 else if (strcmp(*argv,"-no_ssl2") == 0)
851 off|=SSL_OP_NO_SSLv2;
852 else if (strcmp(*argv,"-no_comp") == 0)
853 { off|=SSL_OP_NO_COMPRESSION; }
854#ifndef OPENSSL_NO_TLSEXT 822#ifndef OPENSSL_NO_TLSEXT
855 else if (strcmp(*argv,"-no_ticket") == 0) 823 else if (strcmp(*argv, "-no_ticket") == 0) {
856 { off|=SSL_OP_NO_TICKET; } 824 off |= SSL_OP_NO_TICKET;
857# ifndef OPENSSL_NO_NEXTPROTONEG 825 }
858 else if (strcmp(*argv,"-nextprotoneg") == 0) 826#ifndef OPENSSL_NO_NEXTPROTONEG
859 { 827 else if (strcmp(*argv, "-nextprotoneg") == 0) {
860 if (--argc < 1) goto bad; 828 if (--argc < 1)
829 goto bad;
861 next_proto_neg_in = *(++argv); 830 next_proto_neg_in = *(++argv);
862 } 831 }
863# endif 832#endif
864#endif 833#endif
865 else if (strcmp(*argv,"-serverpref") == 0) 834 else if (strcmp(*argv, "-serverpref") == 0)
866 off|=SSL_OP_CIPHER_SERVER_PREFERENCE; 835 off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
867 else if (strcmp(*argv,"-legacy_renegotiation") == 0) 836 else if (strcmp(*argv, "-legacy_renegotiation") == 0)
868 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 837 off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
869 else if (strcmp(*argv,"-legacy_server_connect") == 0) 838 else if (strcmp(*argv, "-legacy_server_connect") == 0) {
870 { off|=SSL_OP_LEGACY_SERVER_CONNECT; } 839 off |= SSL_OP_LEGACY_SERVER_CONNECT;
871 else if (strcmp(*argv,"-no_legacy_server_connect") == 0) 840 } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
872 { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } 841 clr |= SSL_OP_LEGACY_SERVER_CONNECT;
873 else if (strcmp(*argv,"-cipher") == 0) 842 } else if (strcmp(*argv, "-cipher") == 0) {
874 { 843 if (--argc < 1)
875 if (--argc < 1) goto bad; 844 goto bad;
876 cipher= *(++argv); 845 cipher = *(++argv);
877 } 846 }
878#ifdef FIONBIO 847#ifdef FIONBIO
879 else if (strcmp(*argv,"-nbio") == 0) 848 else if (strcmp(*argv, "-nbio") == 0) {
880 { c_nbio=1; } 849 c_nbio = 1;
850 }
881#endif 851#endif
882 else if (strcmp(*argv,"-starttls") == 0) 852 else if (strcmp(*argv, "-starttls") == 0) {
883 { 853 if (--argc < 1)
884 if (--argc < 1) goto bad; 854 goto bad;
885 ++argv; 855 ++argv;
886 if (strcmp(*argv,"smtp") == 0) 856 if (strcmp(*argv, "smtp") == 0)
887 starttls_proto = PROTO_SMTP; 857 starttls_proto = PROTO_SMTP;
888 else if (strcmp(*argv,"pop3") == 0) 858 else if (strcmp(*argv, "pop3") == 0)
889 starttls_proto = PROTO_POP3; 859 starttls_proto = PROTO_POP3;
890 else if (strcmp(*argv,"imap") == 0) 860 else if (strcmp(*argv, "imap") == 0)
891 starttls_proto = PROTO_IMAP; 861 starttls_proto = PROTO_IMAP;
892 else if (strcmp(*argv,"ftp") == 0) 862 else if (strcmp(*argv, "ftp") == 0)
893 starttls_proto = PROTO_FTP; 863 starttls_proto = PROTO_FTP;
894 else if (strcmp(*argv, "xmpp") == 0) 864 else if (strcmp(*argv, "xmpp") == 0)
895 starttls_proto = PROTO_XMPP; 865 starttls_proto = PROTO_XMPP;
896 else 866 else
897 goto bad; 867 goto bad;
898 } 868 }
899#ifndef OPENSSL_NO_ENGINE 869#ifndef OPENSSL_NO_ENGINE
900 else if (strcmp(*argv,"-engine") == 0) 870 else if (strcmp(*argv, "-engine") == 0) {
901 { 871 if (--argc < 1)
902 if (--argc < 1) goto bad; 872 goto bad;
903 engine_id = *(++argv); 873 engine_id = *(++argv);
904 } 874 } else if (strcmp(*argv, "-ssl_client_engine") == 0) {
905 else if (strcmp(*argv,"-ssl_client_engine") == 0) 875 if (--argc < 1)
906 { 876 goto bad;
907 if (--argc < 1) goto bad;
908 ssl_client_engine_id = *(++argv); 877 ssl_client_engine_id = *(++argv);
909 } 878 }
910#endif 879#endif
911 else if (strcmp(*argv,"-rand") == 0) 880 else if (strcmp(*argv, "-rand") == 0) {
912 { 881 if (--argc < 1)
913 if (--argc < 1) goto bad; 882 goto bad;
914 inrand= *(++argv); 883 inrand = *(++argv);
915 } 884 } else if (strcmp(*argv, "-4") == 0) {
916 else if (strcmp(*argv,"-4") == 0) { af = AF_INET;} 885 af = AF_INET;
917 else if (strcmp(*argv,"-6") == 0) { af = AF_INET6;} 886 } else if (strcmp(*argv, "-6") == 0) {
887 af = AF_INET6;
888 }
918#ifndef OPENSSL_NO_TLSEXT 889#ifndef OPENSSL_NO_TLSEXT
919 else if (strcmp(*argv,"-servername") == 0) 890 else if (strcmp(*argv, "-servername") == 0) {
920 { 891 if (--argc < 1)
921 if (--argc < 1) goto bad; 892 goto bad;
922 servername= *(++argv); 893 servername = *(++argv);
923 /* meth=TLSv1_client_method(); */ 894 /* meth=TLSv1_client_method(); */
924 } 895 }
925#endif 896#endif
926#ifndef OPENSSL_NO_JPAKE 897#ifndef OPENSSL_NO_JPAKE
927 else if (strcmp(*argv,"-jpake") == 0) 898 else if (strcmp(*argv, "-jpake") == 0) {
928 { 899 if (--argc < 1)
929 if (--argc < 1) goto bad; 900 goto bad;
930 jpake_secret = *++argv; 901 jpake_secret = *++argv;
931 } 902 }
932#endif 903#endif
933#ifndef OPENSSL_NO_SRTP 904#ifndef OPENSSL_NO_SRTP
934 else if (strcmp(*argv,"-use_srtp") == 0) 905 else if (strcmp(*argv, "-use_srtp") == 0) {
935 { 906 if (--argc < 1)
936 if (--argc < 1) goto bad; 907 goto bad;
937 srtp_profiles = *(++argv); 908 srtp_profiles = *(++argv);
938 } 909 }
939#endif 910#endif
940 else if (strcmp(*argv,"-keymatexport") == 0) 911 else if (strcmp(*argv, "-keymatexport") == 0) {
941 { 912 if (--argc < 1)
942 if (--argc < 1) goto bad; 913 goto bad;
943 keymatexportlabel= *(++argv); 914 keymatexportlabel = *(++argv);
944 } 915 } else if (strcmp(*argv, "-keymatexportlen") == 0) {
945 else if (strcmp(*argv,"-keymatexportlen") == 0) 916 if (--argc < 1)
946 { 917 goto bad;
947 if (--argc < 1) goto bad; 918 keymatexportlen = atoi(*(++argv));
948 keymatexportlen=atoi(*(++argv)); 919 if (keymatexportlen == 0)
949 if (keymatexportlen == 0) goto bad; 920 goto bad;
950 } 921 } else {
951 else 922 BIO_printf(bio_err, "unknown option %s\n", *argv);
952 { 923 badop = 1;
953 BIO_printf(bio_err,"unknown option %s\n",*argv);
954 badop=1;
955 break; 924 break;
956 } 925 }
957 argc--; 926 argc--;
958 argv++; 927 argv++;
959 } 928 }
960 if (badop) 929 if (badop) {
961 {
962bad: 930bad:
963 sc_usage(); 931 sc_usage();
964 goto end; 932 goto end;
965 } 933 }
966
967#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 934#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
968 if (jpake_secret) 935 if (jpake_secret) {
969 { 936 if (psk_key) {
970 if (psk_key)
971 {
972 BIO_printf(bio_err, 937 BIO_printf(bio_err,
973 "Can't use JPAKE and PSK together\n"); 938 "Can't use JPAKE and PSK together\n");
974 goto end; 939 goto end;
975 } 940 }
976 psk_identity = "JPAKE"; 941 psk_identity = "JPAKE";
977 if (cipher) 942 if (cipher) {
978 {
979 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); 943 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
980 goto end; 944 goto end;
981 }
982 cipher = "PSK";
983 } 945 }
946 cipher = "PSK";
947 }
984#endif 948#endif
985 949
986 OpenSSL_add_ssl_algorithms(); 950 OpenSSL_add_ssl_algorithms();
@@ -988,122 +952,94 @@ bad:
988 952
989#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 953#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
990 next_proto.status = -1; 954 next_proto.status = -1;
991 if (next_proto_neg_in) 955 if (next_proto_neg_in) {
992 {
993 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); 956 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
994 if (next_proto.data == NULL) 957 if (next_proto.data == NULL) {
995 {
996 BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); 958 BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
997 goto end; 959 goto end;
998 }
999 } 960 }
1000 else 961 } else
1001 next_proto.data = NULL; 962 next_proto.data = NULL;
1002#endif 963#endif
1003 964
1004#ifndef OPENSSL_NO_ENGINE 965#ifndef OPENSSL_NO_ENGINE
1005 e = setup_engine(bio_err, engine_id, 1); 966 e = setup_engine(bio_err, engine_id, 1);
1006 if (ssl_client_engine_id) 967 if (ssl_client_engine_id) {
1007 {
1008 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); 968 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
1009 if (!ssl_client_engine) 969 if (!ssl_client_engine) {
1010 {
1011 BIO_printf(bio_err, 970 BIO_printf(bio_err,
1012 "Error getting client auth engine\n"); 971 "Error getting client auth engine\n");
1013 goto end; 972 goto end;
1014 }
1015 } 973 }
1016 974 }
1017#endif 975#endif
1018 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) 976 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
1019 {
1020 BIO_printf(bio_err, "Error getting password\n"); 977 BIO_printf(bio_err, "Error getting password\n");
1021 goto end; 978 goto end;
1022 } 979 }
1023
1024 if (key_file == NULL) 980 if (key_file == NULL)
1025 key_file = cert_file; 981 key_file = cert_file;
1026 982
1027 983
1028 if (key_file) 984 if (key_file) {
1029
1030 {
1031 985
1032 key = load_key(bio_err, key_file, key_format, 0, pass, e, 986 key = load_key(bio_err, key_file, key_format, 0, pass, e,
1033 "client certificate private key file"); 987 "client certificate private key file");
1034 if (!key) 988 if (!key) {
1035 {
1036 ERR_print_errors(bio_err); 989 ERR_print_errors(bio_err);
1037 goto end; 990 goto end;
1038 }
1039
1040 } 991 }
992 }
993 if (cert_file) {
994 cert = load_cert(bio_err, cert_file, cert_format,
995 NULL, e, "client certificate file");
1041 996
1042 if (cert_file) 997 if (!cert) {
1043
1044 {
1045 cert = load_cert(bio_err,cert_file,cert_format,
1046 NULL, e, "client certificate file");
1047
1048 if (!cert)
1049 {
1050 ERR_print_errors(bio_err); 998 ERR_print_errors(bio_err);
1051 goto end; 999 goto end;
1052 }
1053 } 1000 }
1054 1001 }
1055 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 1002 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1056 && !RAND_status()) 1003 && !RAND_status()) {
1057 { 1004 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
1058 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); 1005 }
1059 }
1060 if (inrand != NULL) 1006 if (inrand != NULL)
1061 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 1007 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1062 app_RAND_load_files(inrand)); 1008 app_RAND_load_files(inrand));
1063 1009
1064 if (bio_c_out == NULL) 1010 if (bio_c_out == NULL) {
1065 { 1011 if (c_quiet && !c_debug && !c_msg) {
1066 if (c_quiet && !c_debug && !c_msg) 1012 bio_c_out = BIO_new(BIO_s_null());
1067 { 1013 } else {
1068 bio_c_out=BIO_new(BIO_s_null());
1069 }
1070 else
1071 {
1072 if (bio_c_out == NULL) 1014 if (bio_c_out == NULL)
1073 bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); 1015 bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1074 }
1075 } 1016 }
1076 1017 }
1077#ifndef OPENSSL_NO_SRP 1018#ifndef OPENSSL_NO_SRP
1078 if(!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) 1019 if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) {
1079 {
1080 BIO_printf(bio_err, "Error getting password\n"); 1020 BIO_printf(bio_err, "Error getting password\n");
1081 goto end; 1021 goto end;
1082 } 1022 }
1083#endif 1023#endif
1084 1024
1085 ctx=SSL_CTX_new(meth); 1025 ctx = SSL_CTX_new(meth);
1086 if (ctx == NULL) 1026 if (ctx == NULL) {
1087 {
1088 ERR_print_errors(bio_err); 1027 ERR_print_errors(bio_err);
1089 goto end; 1028 goto end;
1090 } 1029 }
1091
1092 if (vpm) 1030 if (vpm)
1093 SSL_CTX_set1_param(ctx, vpm); 1031 SSL_CTX_set1_param(ctx, vpm);
1094 1032
1095#ifndef OPENSSL_NO_ENGINE 1033#ifndef OPENSSL_NO_ENGINE
1096 if (ssl_client_engine) 1034 if (ssl_client_engine) {
1097 { 1035 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
1098 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
1099 {
1100 BIO_puts(bio_err, "Error setting client auth engine\n"); 1036 BIO_puts(bio_err, "Error setting client auth engine\n");
1101 ERR_print_errors(bio_err); 1037 ERR_print_errors(bio_err);
1102 ENGINE_free(ssl_client_engine); 1038 ENGINE_free(ssl_client_engine);
1103 goto end; 1039 goto end;
1104 }
1105 ENGINE_free(ssl_client_engine);
1106 } 1040 }
1041 ENGINE_free(ssl_client_engine);
1042 }
1107#endif 1043#endif
1108 1044
1109#ifndef OPENSSL_NO_PSK 1045#ifndef OPENSSL_NO_PSK
@@ -1112,126 +1048,120 @@ bad:
1112#else 1048#else
1113 if (psk_key != NULL || jpake_secret) 1049 if (psk_key != NULL || jpake_secret)
1114#endif 1050#endif
1115 { 1051 {
1116 if (c_debug) 1052 if (c_debug)
1117 BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); 1053 BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
1118 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); 1054 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
1119 } 1055 }
1120#endif 1056#endif
1121#ifndef OPENSSL_NO_SRTP 1057#ifndef OPENSSL_NO_SRTP
1122 if (srtp_profiles != NULL) 1058 if (srtp_profiles != NULL)
1123 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 1059 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
1124#endif 1060#endif
1125 if (bugs) 1061 if (bugs)
1126 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); 1062 SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
1127 else 1063 else
1128 SSL_CTX_set_options(ctx,off); 1064 SSL_CTX_set_options(ctx, off);
1129 1065
1130 if (clr) 1066 if (clr)
1131 SSL_CTX_clear_options(ctx, clr); 1067 SSL_CTX_clear_options(ctx, clr);
1132 /* DTLS: partial reads end up discarding unread UDP bytes :-( 1068 /*
1133 * Setting read ahead solves this problem. 1069 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
1070 * read ahead solves this problem.
1134 */ 1071 */
1135 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); 1072 if (socket_type == SOCK_DGRAM)
1073 SSL_CTX_set_read_ahead(ctx, 1);
1136 1074
1137#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 1075#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
1138 if (next_proto.data) 1076 if (next_proto.data)
1139 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 1077 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
1140#endif 1078#endif
1141 1079
1142 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 1080 if (state)
1081 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1143 if (cipher != NULL) 1082 if (cipher != NULL)
1144 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { 1083 if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1145 BIO_printf(bio_err,"error setting cipher list\n"); 1084 BIO_printf(bio_err, "error setting cipher list\n");
1146 ERR_print_errors(bio_err); 1085 ERR_print_errors(bio_err);
1147 goto end; 1086 goto end;
1148 } 1087 }
1149#if 0 1088#if 0
1150 else 1089 else
1151 SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); 1090 SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
1152#endif 1091#endif
1153 1092
1154 SSL_CTX_set_verify(ctx,verify,verify_callback); 1093 SSL_CTX_set_verify(ctx, verify, verify_callback);
1155 if (!set_cert_key_stuff(ctx,cert,key)) 1094 if (!set_cert_key_stuff(ctx, cert, key))
1156 goto end; 1095 goto end;
1157 1096
1158 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 1097 if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1159 (!SSL_CTX_set_default_verify_paths(ctx))) 1098 (!SSL_CTX_set_default_verify_paths(ctx))) {
1160 { 1099 /*
1161 /* BIO_printf(bio_err,"error setting default verify locations\n"); */ 1100 * BIO_printf(bio_err,"error setting default verify
1101 * locations\n");
1102 */
1162 ERR_print_errors(bio_err); 1103 ERR_print_errors(bio_err);
1163 /* goto end; */ 1104 /* goto end; */
1164 } 1105 }
1165
1166#ifndef OPENSSL_NO_TLSEXT 1106#ifndef OPENSSL_NO_TLSEXT
1167 if (servername != NULL) 1107 if (servername != NULL) {
1168 {
1169 tlsextcbp.biodebug = bio_err; 1108 tlsextcbp.biodebug = bio_err;
1170 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1109 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1171 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1110 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1172 } 1111 }
1173#ifndef OPENSSL_NO_SRP 1112#ifndef OPENSSL_NO_SRP
1174 if (srp_arg.srplogin) 1113 if (srp_arg.srplogin) {
1175 { 1114 if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
1176 if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) 1115 BIO_printf(bio_err, "Unable to set SRP username\n");
1177 {
1178 BIO_printf(bio_err,"Unable to set SRP username\n");
1179 goto end; 1116 goto end;
1180 } 1117 }
1181 srp_arg.msg = c_msg; 1118 srp_arg.msg = c_msg;
1182 srp_arg.debug = c_debug ; 1119 srp_arg.debug = c_debug;
1183 SSL_CTX_set_srp_cb_arg(ctx,&srp_arg); 1120 SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
1184 SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); 1121 SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
1185 SSL_CTX_set_srp_strength(ctx, srp_arg.strength); 1122 SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
1186 if (c_msg || c_debug || srp_arg.amp == 0) 1123 if (c_msg || c_debug || srp_arg.amp == 0)
1187 SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb); 1124 SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
1188 } 1125 }
1189
1190#endif 1126#endif
1191#endif 1127#endif
1192 1128
1193 con=SSL_new(ctx); 1129 con = SSL_new(ctx);
1194 if (sess_in) 1130 if (sess_in) {
1195 {
1196 SSL_SESSION *sess; 1131 SSL_SESSION *sess;
1197 BIO *stmp = BIO_new_file(sess_in, "r"); 1132 BIO *stmp = BIO_new_file(sess_in, "r");
1198 if (!stmp) 1133 if (!stmp) {
1199 {
1200 BIO_printf(bio_err, "Can't open session file %s\n", 1134 BIO_printf(bio_err, "Can't open session file %s\n",
1201 sess_in); 1135 sess_in);
1202 ERR_print_errors(bio_err); 1136 ERR_print_errors(bio_err);
1203 goto end; 1137 goto end;
1204 } 1138 }
1205 sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 1139 sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
1206 BIO_free(stmp); 1140 BIO_free(stmp);
1207 if (!sess) 1141 if (!sess) {
1208 {
1209 BIO_printf(bio_err, "Can't open session file %s\n", 1142 BIO_printf(bio_err, "Can't open session file %s\n",
1210 sess_in); 1143 sess_in);
1211 ERR_print_errors(bio_err); 1144 ERR_print_errors(bio_err);
1212 goto end; 1145 goto end;
1213 } 1146 }
1214 SSL_set_session(con, sess); 1147 SSL_set_session(con, sess);
1215 SSL_SESSION_free(sess); 1148 SSL_SESSION_free(sess);
1216 } 1149 }
1217#ifndef OPENSSL_NO_TLSEXT 1150#ifndef OPENSSL_NO_TLSEXT
1218 if (servername != NULL) 1151 if (servername != NULL) {
1219 { 1152 if (!SSL_set_tlsext_host_name(con, servername)) {
1220 if (!SSL_set_tlsext_host_name(con,servername)) 1153 BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
1221 {
1222 BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
1223 ERR_print_errors(bio_err); 1154 ERR_print_errors(bio_err);
1224 goto end; 1155 goto end;
1225 }
1226 } 1156 }
1157 }
1227#endif 1158#endif
1228#ifndef OPENSSL_NO_KRB5 1159#ifndef OPENSSL_NO_KRB5
1229 if (con && (kctx = kssl_ctx_new()) != NULL) 1160 if (con && (kctx = kssl_ctx_new()) != NULL) {
1230 {
1231 SSL_set0_kssl_ctx(con, kctx); 1161 SSL_set0_kssl_ctx(con, kctx);
1232 kssl_ctx_setstring(kctx, KSSL_SERVER, host); 1162 kssl_ctx_setstring(kctx, KSSL_SERVER, host);
1233 } 1163 }
1234#endif /* OPENSSL_NO_KRB5 */ 1164#endif /* OPENSSL_NO_KRB5 */
1235/* SSL_set_cipher_list(con,"RC4-MD5"); */ 1165/* SSL_set_cipher_list(con,"RC4-MD5"); */
1236#if 0 1166#if 0
1237#ifdef TLSEXT_TYPE_opaque_prf_input 1167#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -1241,564 +1171,499 @@ bad:
1241 1171
1242re_start: 1172re_start:
1243 1173
1244 if (init_client(&s,host,port,socket_type,af) == 0) 1174 if (init_client(&s, host, port, socket_type, af) == 0) {
1245 { 1175 BIO_printf(bio_err, "connect:errno=%d\n", errno);
1246 BIO_printf(bio_err,"connect:errno=%d\n",errno);
1247 shutdown(s, SHUT_RD); 1176 shutdown(s, SHUT_RD);
1248 close(s); 1177 close(s);
1249 goto end; 1178 goto end;
1250 } 1179 }
1251 BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); 1180 BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
1252 1181
1253#ifdef FIONBIO 1182#ifdef FIONBIO
1254 if (c_nbio) 1183 if (c_nbio) {
1255 { 1184 unsigned long l = 1;
1256 unsigned long l=1; 1185 BIO_printf(bio_c_out, "turning on non blocking io\n");
1257 BIO_printf(bio_c_out,"turning on non blocking io\n"); 1186 if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) {
1258 if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
1259 {
1260 ERR_print_errors(bio_err); 1187 ERR_print_errors(bio_err);
1261 goto end; 1188 goto end;
1262 }
1263 } 1189 }
1264#endif 1190 }
1265 if (c_Pause & 0x01) SSL_set_debug(con, 1); 1191#endif
1192 if (c_Pause & 0x01)
1193 SSL_set_debug(con, 1);
1266 1194
1267 if ( SSL_version(con) == DTLS1_VERSION) 1195 if (SSL_version(con) == DTLS1_VERSION) {
1268 {
1269 1196
1270 sbio=BIO_new_dgram(s,BIO_NOCLOSE); 1197 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1271 if (getsockname(s, &peer, (void *)&peerlen) < 0) 1198 if (getsockname(s, &peer, (void *) &peerlen) < 0) {
1272 {
1273 BIO_printf(bio_err, "getsockname:errno=%d\n", 1199 BIO_printf(bio_err, "getsockname:errno=%d\n",
1274 errno); 1200 errno);
1275 shutdown(s, SHUT_RD); 1201 shutdown(s, SHUT_RD);
1276 close(s); 1202 close(s);
1277 goto end; 1203 goto end;
1278 } 1204 }
1279 1205 (void) BIO_ctrl_set_connected(sbio, 1, &peer);
1280 (void)BIO_ctrl_set_connected(sbio, 1, &peer);
1281 1206
1282 if (enable_timeouts) 1207 if (enable_timeouts) {
1283 {
1284 timeout.tv_sec = 0; 1208 timeout.tv_sec = 0;
1285 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1209 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1286 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 1210 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1287 1211
1288 timeout.tv_sec = 0; 1212 timeout.tv_sec = 0;
1289 timeout.tv_usec = DGRAM_SND_TIMEOUT; 1213 timeout.tv_usec = DGRAM_SND_TIMEOUT;
1290 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 1214 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1291 } 1215 }
1292 1216 if (socket_mtu > 28) {
1293 if (socket_mtu > 28)
1294 {
1295 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1217 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1296 SSL_set_mtu(con, socket_mtu - 28); 1218 SSL_set_mtu(con, socket_mtu - 28);
1297 } 1219 } else
1298 else
1299 /* want to do MTU discovery */ 1220 /* want to do MTU discovery */
1300 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1221 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1301 } 1222 } else
1302 else 1223 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1303 sbio=BIO_new_socket(s,BIO_NOCLOSE);
1304 1224
1305 if (nbio_test) 1225 if (nbio_test) {
1306 {
1307 BIO *test; 1226 BIO *test;
1308 1227
1309 test=BIO_new(BIO_f_nbio_test()); 1228 test = BIO_new(BIO_f_nbio_test());
1310 sbio=BIO_push(test,sbio); 1229 sbio = BIO_push(test, sbio);
1311 } 1230 }
1312 1231 if (c_debug) {
1313 if (c_debug)
1314 {
1315 SSL_set_debug(con, 1); 1232 SSL_set_debug(con, 1);
1316 BIO_set_callback(sbio,bio_dump_callback); 1233 BIO_set_callback(sbio, bio_dump_callback);
1317 BIO_set_callback_arg(sbio,(char *)bio_c_out); 1234 BIO_set_callback_arg(sbio, (char *) bio_c_out);
1318 } 1235 }
1319 if (c_msg) 1236 if (c_msg) {
1320 {
1321 SSL_set_msg_callback(con, msg_cb); 1237 SSL_set_msg_callback(con, msg_cb);
1322 SSL_set_msg_callback_arg(con, bio_c_out); 1238 SSL_set_msg_callback_arg(con, bio_c_out);
1323 } 1239 }
1324#ifndef OPENSSL_NO_TLSEXT 1240#ifndef OPENSSL_NO_TLSEXT
1325 if (c_tlsextdebug) 1241 if (c_tlsextdebug) {
1326 {
1327 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1242 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1328 SSL_set_tlsext_debug_arg(con, bio_c_out); 1243 SSL_set_tlsext_debug_arg(con, bio_c_out);
1329 } 1244 }
1330 if (c_status_req) 1245 if (c_status_req) {
1331 {
1332 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); 1246 SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
1333 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 1247 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
1334 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 1248 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
1335#if 0 1249#if 0
1336{ 1250 {
1337STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); 1251 STACK_OF(OCSP_RESPID) * ids = sk_OCSP_RESPID_new_null();
1338OCSP_RESPID *id = OCSP_RESPID_new(); 1252 OCSP_RESPID *id = OCSP_RESPID_new();
1339id->value.byKey = ASN1_OCTET_STRING_new(); 1253 id->value.byKey = ASN1_OCTET_STRING_new();
1340id->type = V_OCSP_RESPID_KEY; 1254 id->type = V_OCSP_RESPID_KEY;
1341ASN1_STRING_set(id->value.byKey, "Hello World", -1); 1255 ASN1_STRING_set(id->value.byKey, "Hello World", -1);
1342sk_OCSP_RESPID_push(ids, id); 1256 sk_OCSP_RESPID_push(ids, id);
1343SSL_set_tlsext_status_ids(con, ids); 1257 SSL_set_tlsext_status_ids(con, ids);
1344}
1345#endif
1346 } 1258 }
1347#endif 1259#endif
1260 }
1261#endif
1348#ifndef OPENSSL_NO_JPAKE 1262#ifndef OPENSSL_NO_JPAKE
1349 if (jpake_secret) 1263 if (jpake_secret)
1350 jpake_client_auth(bio_c_out, sbio, jpake_secret); 1264 jpake_client_auth(bio_c_out, sbio, jpake_secret);
1351#endif 1265#endif
1352 1266
1353 SSL_set_bio(con,sbio,sbio); 1267 SSL_set_bio(con, sbio, sbio);
1354 SSL_set_connect_state(con); 1268 SSL_set_connect_state(con);
1355 1269
1356 /* ok, lets connect */ 1270 /* ok, lets connect */
1357 width=SSL_get_fd(con)+1; 1271 width = SSL_get_fd(con) + 1;
1358 1272
1359 read_tty=1; 1273 read_tty = 1;
1360 write_tty=0; 1274 write_tty = 0;
1361 tty_on=0; 1275 tty_on = 0;
1362 read_ssl=1; 1276 read_ssl = 1;
1363 write_ssl=1; 1277 write_ssl = 1;
1364 1278
1365 cbuf_len=0; 1279 cbuf_len = 0;
1366 cbuf_off=0; 1280 cbuf_off = 0;
1367 sbuf_len=0; 1281 sbuf_len = 0;
1368 sbuf_off=0; 1282 sbuf_off = 0;
1369 1283
1370 /* This is an ugly hack that does a lot of assumptions */ 1284 /* This is an ugly hack that does a lot of assumptions */
1371 /* We do have to handle multi-line responses which may come 1285 /*
1372 in a single packet or not. We therefore have to use 1286 * We do have to handle multi-line responses which may come in a
1373 BIO_gets() which does need a buffering BIO. So during 1287 * single packet or not. We therefore have to use BIO_gets() which
1374 the initial chitchat we do push a buffering BIO into the 1288 * does need a buffering BIO. So during the initial chitchat we do
1375 chain that is removed again later on to not disturb the 1289 * push a buffering BIO into the chain that is removed again later on
1376 rest of the s_client operation. */ 1290 * to not disturb the rest of the s_client operation.
1377 if (starttls_proto == PROTO_SMTP) 1291 */
1378 { 1292 if (starttls_proto == PROTO_SMTP) {
1379 int foundit=0; 1293 int foundit = 0;
1380 BIO *fbio = BIO_new(BIO_f_buffer()); 1294 BIO *fbio = BIO_new(BIO_f_buffer());
1381 BIO_push(fbio, sbio); 1295 BIO_push(fbio, sbio);
1382 /* wait for multi-line response to end from SMTP */ 1296 /* wait for multi-line response to end from SMTP */
1383 do 1297 do {
1384 { 1298 mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
1385 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); 1299 }
1386 } 1300 while (mbuf_len > 3 && mbuf[3] == '-');
1387 while (mbuf_len>3 && mbuf[3]=='-');
1388 /* STARTTLS command requires EHLO... */ 1301 /* STARTTLS command requires EHLO... */
1389 BIO_printf(fbio,"EHLO openssl.client.net\r\n"); 1302 BIO_printf(fbio, "EHLO openssl.client.net\r\n");
1390 (void)BIO_flush(fbio); 1303 (void) BIO_flush(fbio);
1391 /* wait for multi-line response to end EHLO SMTP response */ 1304 /* wait for multi-line response to end EHLO SMTP response */
1392 do 1305 do {
1393 { 1306 mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
1394 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); 1307 if (strstr(mbuf, "STARTTLS"))
1395 if (strstr(mbuf,"STARTTLS")) 1308 foundit = 1;
1396 foundit=1; 1309 }
1397 } 1310 while (mbuf_len > 3 && mbuf[3] == '-');
1398 while (mbuf_len>3 && mbuf[3]=='-'); 1311 (void) BIO_flush(fbio);
1399 (void)BIO_flush(fbio);
1400 BIO_pop(fbio); 1312 BIO_pop(fbio);
1401 BIO_free(fbio); 1313 BIO_free(fbio);
1402 if (!foundit) 1314 if (!foundit)
1403 BIO_printf(bio_err, 1315 BIO_printf(bio_err,
1404 "didn't found starttls in server response," 1316 "didn't found starttls in server response,"
1405 " try anyway...\n"); 1317 " try anyway...\n");
1406 BIO_printf(sbio,"STARTTLS\r\n"); 1318 BIO_printf(sbio, "STARTTLS\r\n");
1407 BIO_read(sbio,sbuf,BUFSIZZ); 1319 BIO_read(sbio, sbuf, BUFSIZZ);
1408 } 1320 } else if (starttls_proto == PROTO_POP3) {
1409 else if (starttls_proto == PROTO_POP3) 1321 mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
1410 { 1322 if (mbuf_len == -1) {
1411 mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); 1323 BIO_printf(bio_err, "BIO_read failed\n");
1412 if (mbuf_len == -1)
1413 {
1414 BIO_printf(bio_err,"BIO_read failed\n");
1415 goto end; 1324 goto end;
1416 }
1417 BIO_printf(sbio,"STLS\r\n");
1418 BIO_read(sbio,sbuf,BUFSIZZ);
1419 } 1325 }
1420 else if (starttls_proto == PROTO_IMAP) 1326 BIO_printf(sbio, "STLS\r\n");
1421 { 1327 BIO_read(sbio, sbuf, BUFSIZZ);
1422 int foundit=0; 1328 } else if (starttls_proto == PROTO_IMAP) {
1329 int foundit = 0;
1423 BIO *fbio = BIO_new(BIO_f_buffer()); 1330 BIO *fbio = BIO_new(BIO_f_buffer());
1424 BIO_push(fbio, sbio); 1331 BIO_push(fbio, sbio);
1425 BIO_gets(fbio,mbuf,BUFSIZZ); 1332 BIO_gets(fbio, mbuf, BUFSIZZ);
1426 /* STARTTLS command requires CAPABILITY... */ 1333 /* STARTTLS command requires CAPABILITY... */
1427 BIO_printf(fbio,". CAPABILITY\r\n"); 1334 BIO_printf(fbio, ". CAPABILITY\r\n");
1428 (void)BIO_flush(fbio); 1335 (void) BIO_flush(fbio);
1429 /* wait for multi-line CAPABILITY response */ 1336 /* wait for multi-line CAPABILITY response */
1430 do 1337 do {
1431 { 1338 mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
1432 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); 1339 if (strstr(mbuf, "STARTTLS"))
1433 if (strstr(mbuf,"STARTTLS")) 1340 foundit = 1;
1434 foundit=1; 1341 }
1435 } 1342 while (mbuf_len > 3 && mbuf[0] != '.');
1436 while (mbuf_len>3 && mbuf[0]!='.'); 1343 (void) BIO_flush(fbio);
1437 (void)BIO_flush(fbio);
1438 BIO_pop(fbio); 1344 BIO_pop(fbio);
1439 BIO_free(fbio); 1345 BIO_free(fbio);
1440 if (!foundit) 1346 if (!foundit)
1441 BIO_printf(bio_err, 1347 BIO_printf(bio_err,
1442 "didn't found STARTTLS in server response," 1348 "didn't found STARTTLS in server response,"
1443 " try anyway...\n"); 1349 " try anyway...\n");
1444 BIO_printf(sbio,". STARTTLS\r\n"); 1350 BIO_printf(sbio, ". STARTTLS\r\n");
1445 BIO_read(sbio,sbuf,BUFSIZZ); 1351 BIO_read(sbio, sbuf, BUFSIZZ);
1446 } 1352 } else if (starttls_proto == PROTO_FTP) {
1447 else if (starttls_proto == PROTO_FTP)
1448 {
1449 BIO *fbio = BIO_new(BIO_f_buffer()); 1353 BIO *fbio = BIO_new(BIO_f_buffer());
1450 BIO_push(fbio, sbio); 1354 BIO_push(fbio, sbio);
1451 /* wait for multi-line response to end from FTP */ 1355 /* wait for multi-line response to end from FTP */
1452 do 1356 do {
1453 { 1357 mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
1454 mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); 1358 }
1455 } 1359 while (mbuf_len > 3 && mbuf[3] == '-');
1456 while (mbuf_len>3 && mbuf[3]=='-'); 1360 (void) BIO_flush(fbio);
1457 (void)BIO_flush(fbio);
1458 BIO_pop(fbio); 1361 BIO_pop(fbio);
1459 BIO_free(fbio); 1362 BIO_free(fbio);
1460 BIO_printf(sbio,"AUTH TLS\r\n"); 1363 BIO_printf(sbio, "AUTH TLS\r\n");
1461 BIO_read(sbio,sbuf,BUFSIZZ); 1364 BIO_read(sbio, sbuf, BUFSIZZ);
1462 } 1365 }
1463 if (starttls_proto == PROTO_XMPP) 1366 if (starttls_proto == PROTO_XMPP) {
1464 {
1465 int seen = 0; 1367 int seen = 0;
1466 BIO_printf(sbio,"<stream:stream " 1368 BIO_printf(sbio, "<stream:stream "
1467 "xmlns:stream='http://etherx.jabber.org/streams' " 1369 "xmlns:stream='http://etherx.jabber.org/streams' "
1468 "xmlns='jabber:client' to='%s' version='1.0'>", host); 1370 "xmlns='jabber:client' to='%s' version='1.0'>", host);
1469 seen = BIO_read(sbio,mbuf,BUFSIZZ); 1371 seen = BIO_read(sbio, mbuf, BUFSIZZ);
1470 mbuf[seen] = 0; 1372 mbuf[seen] = 0;
1471 while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) 1373 while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
1472 {
1473 if (strstr(mbuf, "/stream:features>")) 1374 if (strstr(mbuf, "/stream:features>"))
1474 goto shut; 1375 goto shut;
1475 seen = BIO_read(sbio,mbuf,BUFSIZZ); 1376 seen = BIO_read(sbio, mbuf, BUFSIZZ);
1476 mbuf[seen] = 0; 1377 mbuf[seen] = 0;
1477 } 1378 }
1478 BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); 1379 BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
1479 seen = BIO_read(sbio,sbuf,BUFSIZZ); 1380 seen = BIO_read(sbio, sbuf, BUFSIZZ);
1480 sbuf[seen] = 0; 1381 sbuf[seen] = 0;
1481 if (!strstr(sbuf, "<proceed")) 1382 if (!strstr(sbuf, "<proceed"))
1482 goto shut; 1383 goto shut;
1483 mbuf[0] = 0; 1384 mbuf[0] = 0;
1484 } 1385 }
1485 1386 for (;;) {
1486 for (;;)
1487 {
1488 FD_ZERO(&readfds); 1387 FD_ZERO(&readfds);
1489 FD_ZERO(&writefds); 1388 FD_ZERO(&writefds);
1490 1389
1491 if ((SSL_version(con) == DTLS1_VERSION) && 1390 if ((SSL_version(con) == DTLS1_VERSION) &&
1492 DTLSv1_get_timeout(con, &timeout)) 1391 DTLSv1_get_timeout(con, &timeout))
1493 timeoutp = &timeout; 1392 timeoutp = &timeout;
1494 else 1393 else
1495 timeoutp = NULL; 1394 timeoutp = NULL;
1496 1395
1497 if (SSL_in_init(con) && !SSL_total_renegotiations(con)) 1396 if (SSL_in_init(con) && !SSL_total_renegotiations(con)) {
1498 { 1397 in_init = 1;
1499 in_init=1; 1398 tty_on = 0;
1500 tty_on=0; 1399 } else {
1501 } 1400 tty_on = 1;
1502 else 1401 if (in_init) {
1503 { 1402 in_init = 0;
1504 tty_on=1; 1403#if 0 /* This test doesn't really work as intended
1505 if (in_init) 1404 * (needs to be fixed) */
1506 {
1507 in_init=0;
1508#if 0 /* This test doesn't really work as intended (needs to be fixed) */
1509#ifndef OPENSSL_NO_TLSEXT 1405#ifndef OPENSSL_NO_TLSEXT
1510 if (servername != NULL && !SSL_session_reused(con)) 1406 if (servername != NULL && !SSL_session_reused(con)) {
1511 { 1407 BIO_printf(bio_c_out, "Server did %sacknowledge servername extension.\n", tlsextcbp.ack ? "" : "not ");
1512 BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not "); 1408 }
1513 }
1514#endif 1409#endif
1515#endif 1410#endif
1516 if (sess_out) 1411 if (sess_out) {
1517 {
1518 BIO *stmp = BIO_new_file(sess_out, "w"); 1412 BIO *stmp = BIO_new_file(sess_out, "w");
1519 if (stmp) 1413 if (stmp) {
1520 {
1521 PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); 1414 PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
1522 BIO_free(stmp); 1415 BIO_free(stmp);
1523 } 1416 } else
1524 else
1525 BIO_printf(bio_err, "Error writing session file %s\n", sess_out); 1417 BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
1526 } 1418 }
1527 print_stuff(bio_c_out,con,full_log); 1419 print_stuff(bio_c_out, con, full_log);
1528 if (full_log > 0) full_log--; 1420 if (full_log > 0)
1421 full_log--;
1529 1422
1530 if (starttls_proto) 1423 if (starttls_proto) {
1531 {
1532 BIO_write(bio_err, mbuf, mbuf_len); 1424 BIO_write(bio_err, mbuf, mbuf_len);
1533 /* We don't need to know any more */ 1425 /* We don't need to know any more */
1534 starttls_proto = PROTO_OFF; 1426 starttls_proto = PROTO_OFF;
1535 } 1427 }
1536 1428 if (reconnect) {
1537 if (reconnect)
1538 {
1539 reconnect--; 1429 reconnect--;
1540 BIO_printf(bio_c_out,"drop connection and then reconnect\n"); 1430 BIO_printf(bio_c_out, "drop connection and then reconnect\n");
1541 SSL_shutdown(con); 1431 SSL_shutdown(con);
1542 SSL_set_connect_state(con); 1432 SSL_set_connect_state(con);
1543 shutdown(SSL_get_fd(con), SHUT_RD); 1433 shutdown(SSL_get_fd(con), SHUT_RD);
1544 close(SSL_get_fd(con)); 1434 close(SSL_get_fd(con));
1545 goto re_start; 1435 goto re_start;
1546 }
1547 } 1436 }
1548 } 1437 }
1438 }
1549 1439
1550 ssl_pending = read_ssl && SSL_pending(con); 1440 ssl_pending = read_ssl && SSL_pending(con);
1551 1441
1552 if (!ssl_pending) 1442 if (!ssl_pending) {
1553 { 1443 if (tty_on) {
1554 if (tty_on) 1444 if (read_tty)
1555 { 1445 openssl_fdset(fileno(stdin), &readfds);
1556 if (read_tty) openssl_fdset(fileno(stdin),&readfds); 1446 if (write_tty)
1557 if (write_tty) openssl_fdset(fileno(stdout),&writefds); 1447 openssl_fdset(fileno(stdout), &writefds);
1558 } 1448 }
1559 if (read_ssl) 1449 if (read_ssl)
1560 openssl_fdset(SSL_get_fd(con),&readfds); 1450 openssl_fdset(SSL_get_fd(con), &readfds);
1561 if (write_ssl) 1451 if (write_ssl)
1562 openssl_fdset(SSL_get_fd(con),&writefds); 1452 openssl_fdset(SSL_get_fd(con), &writefds);
1563/* printf("mode tty(%d %d%d) ssl(%d%d)\n", 1453/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
1564 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ 1454 tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
1565 1455
1566 /* Note: under VMS with SOCKETSHR the second parameter 1456 /*
1567 * is currently of type (int *) whereas under other 1457 * Note: under VMS with SOCKETSHR the second
1568 * systems it is (void *) if you don't have a cast it 1458 * parameter is currently of type (int *) whereas
1569 * will choke the compiler: if you do have a cast then 1459 * under other systems it is (void *) if you don't
1570 * you can either go for (int *) or (void *). 1460 * have a cast it will choke the compiler: if you do
1461 * have a cast then you can either go for (int *) or
1462 * (void *).
1571 */ 1463 */
1572 i=select(width,(void *)&readfds,(void *)&writefds, 1464 i = select(width, (void *) &readfds, (void *) &writefds,
1573 NULL,timeoutp); 1465 NULL, timeoutp);
1574 if ( i < 0) 1466 if (i < 0) {
1575 { 1467 BIO_printf(bio_err, "bad select %d\n",
1576 BIO_printf(bio_err,"bad select %d\n",
1577 errno); 1468 errno);
1578 goto shut; 1469 goto shut;
1579 /* goto end; */ 1470 /* goto end; */
1580 }
1581 }
1582
1583 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
1584 {
1585 BIO_printf(bio_err,"TIMEOUT occured\n");
1586 } 1471 }
1587 1472 }
1588 if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) 1473 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
1589 { 1474 BIO_printf(bio_err, "TIMEOUT occured\n");
1590 k=SSL_write(con,&(cbuf[cbuf_off]), 1475 }
1591 (unsigned int)cbuf_len); 1476 if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
1592 switch (SSL_get_error(con,k)) 1477 k = SSL_write(con, &(cbuf[cbuf_off]),
1593 { 1478 (unsigned int) cbuf_len);
1479 switch (SSL_get_error(con, k)) {
1594 case SSL_ERROR_NONE: 1480 case SSL_ERROR_NONE:
1595 cbuf_off+=k; 1481 cbuf_off += k;
1596 cbuf_len-=k; 1482 cbuf_len -= k;
1597 if (k <= 0) goto end; 1483 if (k <= 0)
1484 goto end;
1598 /* we have done a write(con,NULL,0); */ 1485 /* we have done a write(con,NULL,0); */
1599 if (cbuf_len <= 0) 1486 if (cbuf_len <= 0) {
1600 { 1487 read_tty = 1;
1601 read_tty=1; 1488 write_ssl = 0;
1602 write_ssl=0; 1489 } else { /* if (cbuf_len > 0) */
1603 } 1490 read_tty = 0;
1604 else /* if (cbuf_len > 0) */ 1491 write_ssl = 1;
1605 { 1492 }
1606 read_tty=0;
1607 write_ssl=1;
1608 }
1609 break; 1493 break;
1610 case SSL_ERROR_WANT_WRITE: 1494 case SSL_ERROR_WANT_WRITE:
1611 BIO_printf(bio_c_out,"write W BLOCK\n"); 1495 BIO_printf(bio_c_out, "write W BLOCK\n");
1612 write_ssl=1; 1496 write_ssl = 1;
1613 read_tty=0; 1497 read_tty = 0;
1614 break; 1498 break;
1615 case SSL_ERROR_WANT_READ: 1499 case SSL_ERROR_WANT_READ:
1616 BIO_printf(bio_c_out,"write R BLOCK\n"); 1500 BIO_printf(bio_c_out, "write R BLOCK\n");
1617 write_tty=0; 1501 write_tty = 0;
1618 read_ssl=1; 1502 read_ssl = 1;
1619 write_ssl=0; 1503 write_ssl = 0;
1620 break; 1504 break;
1621 case SSL_ERROR_WANT_X509_LOOKUP: 1505 case SSL_ERROR_WANT_X509_LOOKUP:
1622 BIO_printf(bio_c_out,"write X BLOCK\n"); 1506 BIO_printf(bio_c_out, "write X BLOCK\n");
1623 break; 1507 break;
1624 case SSL_ERROR_ZERO_RETURN: 1508 case SSL_ERROR_ZERO_RETURN:
1625 if (cbuf_len != 0) 1509 if (cbuf_len != 0) {
1626 { 1510 BIO_printf(bio_c_out, "shutdown\n");
1627 BIO_printf(bio_c_out,"shutdown\n");
1628 ret = 0; 1511 ret = 0;
1629 goto shut; 1512 goto shut;
1630 } 1513 } else {
1631 else 1514 read_tty = 1;
1632 { 1515 write_ssl = 0;
1633 read_tty=1;
1634 write_ssl=0;
1635 break; 1516 break;
1636 } 1517 }
1637 1518
1638 case SSL_ERROR_SYSCALL: 1519 case SSL_ERROR_SYSCALL:
1639 if ((k != 0) || (cbuf_len != 0)) 1520 if ((k != 0) || (cbuf_len != 0)) {
1640 { 1521 BIO_printf(bio_err, "write:errno=%d\n",
1641 BIO_printf(bio_err,"write:errno=%d\n", 1522 errno);
1642 errno);
1643 goto shut; 1523 goto shut;
1644 } 1524 } else {
1645 else 1525 read_tty = 1;
1646 { 1526 write_ssl = 0;
1647 read_tty=1; 1527 }
1648 write_ssl=0;
1649 }
1650 break; 1528 break;
1651 case SSL_ERROR_SSL: 1529 case SSL_ERROR_SSL:
1652 ERR_print_errors(bio_err); 1530 ERR_print_errors(bio_err);
1653 goto shut; 1531 goto shut;
1654 }
1655 } 1532 }
1656 else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) 1533 } else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) {
1657 { 1534 i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
1658 i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
1659 1535
1660 if (i <= 0) 1536 if (i <= 0) {
1661 { 1537 BIO_printf(bio_c_out, "DONE\n");
1662 BIO_printf(bio_c_out,"DONE\n");
1663 ret = 0; 1538 ret = 0;
1664 goto shut; 1539 goto shut;
1665 /* goto end; */ 1540 /* goto end; */
1666 }
1667
1668 sbuf_len-=i;
1669 sbuf_off+=i;
1670 if (sbuf_len <= 0)
1671 {
1672 read_ssl=1;
1673 write_tty=0;
1674 }
1675 } 1541 }
1676 else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) 1542 sbuf_len -= i;
1677 { 1543 sbuf_off += i;
1544 if (sbuf_len <= 0) {
1545 read_ssl = 1;
1546 write_tty = 0;
1547 }
1548 } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
1678#ifdef RENEG 1549#ifdef RENEG
1679{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } 1550 {
1551 static int iiii;
1552 if (++iiii == 52) {
1553 SSL_renegotiate(con);
1554 iiii = 0;
1555 }
1556 }
1680#endif 1557#endif
1681#if 1 1558#if 1
1682 k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); 1559 k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
1683#else 1560#else
1684/* Demo for pending and peek :-) */ 1561/* Demo for pending and peek :-) */
1685 k=SSL_read(con,sbuf,16); 1562 k = SSL_read(con, sbuf, 16);
1686{ char zbuf[10240]; 1563 {
1687printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); 1564 char zbuf[10240];
1688} 1565 printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), SSL_peek(con, zbuf, 10240));
1566 }
1689#endif 1567#endif
1690 1568
1691 switch (SSL_get_error(con,k)) 1569 switch (SSL_get_error(con, k)) {
1692 {
1693 case SSL_ERROR_NONE: 1570 case SSL_ERROR_NONE:
1694 if (k <= 0) 1571 if (k <= 0)
1695 goto end; 1572 goto end;
1696 sbuf_off=0; 1573 sbuf_off = 0;
1697 sbuf_len=k; 1574 sbuf_len = k;
1698 1575
1699 read_ssl=0; 1576 read_ssl = 0;
1700 write_tty=1; 1577 write_tty = 1;
1701 break; 1578 break;
1702 case SSL_ERROR_WANT_WRITE: 1579 case SSL_ERROR_WANT_WRITE:
1703 BIO_printf(bio_c_out,"read W BLOCK\n"); 1580 BIO_printf(bio_c_out, "read W BLOCK\n");
1704 write_ssl=1; 1581 write_ssl = 1;
1705 read_tty=0; 1582 read_tty = 0;
1706 break; 1583 break;
1707 case SSL_ERROR_WANT_READ: 1584 case SSL_ERROR_WANT_READ:
1708 BIO_printf(bio_c_out,"read R BLOCK\n"); 1585 BIO_printf(bio_c_out, "read R BLOCK\n");
1709 write_tty=0; 1586 write_tty = 0;
1710 read_ssl=1; 1587 read_ssl = 1;
1711 if ((read_tty == 0) && (write_ssl == 0)) 1588 if ((read_tty == 0) && (write_ssl == 0))
1712 write_ssl=1; 1589 write_ssl = 1;
1713 break; 1590 break;
1714 case SSL_ERROR_WANT_X509_LOOKUP: 1591 case SSL_ERROR_WANT_X509_LOOKUP:
1715 BIO_printf(bio_c_out,"read X BLOCK\n"); 1592 BIO_printf(bio_c_out, "read X BLOCK\n");
1716 break; 1593 break;
1717 case SSL_ERROR_SYSCALL: 1594 case SSL_ERROR_SYSCALL:
1718 ret=errno; 1595 ret = errno;
1719 BIO_printf(bio_err,"read:errno=%d\n",ret); 1596 BIO_printf(bio_err, "read:errno=%d\n", ret);
1720 goto shut; 1597 goto shut;
1721 case SSL_ERROR_ZERO_RETURN: 1598 case SSL_ERROR_ZERO_RETURN:
1722 BIO_printf(bio_c_out,"closed\n"); 1599 BIO_printf(bio_c_out, "closed\n");
1723 ret=0; 1600 ret = 0;
1724 goto shut; 1601 goto shut;
1725 case SSL_ERROR_SSL: 1602 case SSL_ERROR_SSL:
1726 ERR_print_errors(bio_err); 1603 ERR_print_errors(bio_err);
1727 goto shut; 1604 goto shut;
1728 /* break; */ 1605 /* break; */
1729 }
1730 } 1606 }
1731 1607 } else if (FD_ISSET(fileno(stdin), &readfds)) {
1732 else if (FD_ISSET(fileno(stdin),&readfds)) 1608 if (crlf) {
1733 {
1734 if (crlf)
1735 {
1736 int j, lf_num; 1609 int j, lf_num;
1737 1610
1738 i=raw_read_stdin(cbuf,BUFSIZZ/2); 1611 i = raw_read_stdin(cbuf, BUFSIZZ / 2);
1739 lf_num = 0; 1612 lf_num = 0;
1740 /* both loops are skipped when i <= 0 */ 1613 /* both loops are skipped when i <= 0 */
1741 for (j = 0; j < i; j++) 1614 for (j = 0; j < i; j++)
1742 if (cbuf[j] == '\n') 1615 if (cbuf[j] == '\n')
1743 lf_num++; 1616 lf_num++;
1744 for (j = i-1; j >= 0; j--) 1617 for (j = i - 1; j >= 0; j--) {
1745 { 1618 cbuf[j + lf_num] = cbuf[j];
1746 cbuf[j+lf_num] = cbuf[j]; 1619 if (cbuf[j] == '\n') {
1747 if (cbuf[j] == '\n')
1748 {
1749 lf_num--; 1620 lf_num--;
1750 i++; 1621 i++;
1751 cbuf[j+lf_num] = '\r'; 1622 cbuf[j + lf_num] = '\r';
1752 }
1753 } 1623 }
1754 assert(lf_num == 0);
1755 } 1624 }
1756 else 1625 assert(lf_num == 0);
1757 i=raw_read_stdin(cbuf,BUFSIZZ); 1626 } else
1627 i = raw_read_stdin(cbuf, BUFSIZZ);
1758 1628
1759 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) 1629 if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) {
1760 { 1630 BIO_printf(bio_err, "DONE\n");
1761 BIO_printf(bio_err,"DONE\n"); 1631 ret = 0;
1762 ret=0;
1763 goto shut; 1632 goto shut;
1764 } 1633 }
1765 1634 if ((!c_ign_eof) && (cbuf[0] == 'R')) {
1766 if ((!c_ign_eof) && (cbuf[0] == 'R')) 1635 BIO_printf(bio_err, "RENEGOTIATING\n");
1767 {
1768 BIO_printf(bio_err,"RENEGOTIATING\n");
1769 SSL_renegotiate(con); 1636 SSL_renegotiate(con);
1770 cbuf_len=0; 1637 cbuf_len = 0;
1771 } 1638 } else {
1772 else 1639 cbuf_len = i;
1773 { 1640 cbuf_off = 0;
1774 cbuf_len=i;
1775 cbuf_off=0;
1776 }
1777
1778 write_ssl=1;
1779 read_tty=0;
1780 } 1641 }
1642
1643 write_ssl = 1;
1644 read_tty = 0;
1781 } 1645 }
1646 }
1782 1647
1783 ret=0; 1648 ret = 0;
1784shut: 1649shut:
1785 if (in_init) 1650 if (in_init)
1786 print_stuff(bio_c_out,con,full_log); 1651 print_stuff(bio_c_out, con, full_log);
1787 SSL_shutdown(con); 1652 SSL_shutdown(con);
1788 shutdown(SSL_get_fd(con), SHUT_RD); 1653 shutdown(SSL_get_fd(con), SHUT_RD);
1789 close(SSL_get_fd(con)); 1654 close(SSL_get_fd(con));
1790end: 1655end:
1791 if (con != NULL) 1656 if (con != NULL) {
1792 {
1793 if (prexit != 0) 1657 if (prexit != 0)
1794 print_stuff(bio_c_out,con,1); 1658 print_stuff(bio_c_out, con, 1);
1795 SSL_free(con); 1659 SSL_free(con);
1796 } 1660 }
1797#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 1661#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
1798 if (next_proto.data) 1662 if (next_proto.data)
1799 free(next_proto.data); 1663 free(next_proto.data);
1800#endif 1664#endif
1801 if (ctx != NULL) SSL_CTX_free(ctx); 1665 if (ctx != NULL)
1666 SSL_CTX_free(ctx);
1802 if (cert) 1667 if (cert)
1803 X509_free(cert); 1668 X509_free(cert);
1804 if (key) 1669 if (key)
@@ -1807,156 +1672,154 @@ end:
1807 free(pass); 1672 free(pass);
1808 if (vpm) 1673 if (vpm)
1809 X509_VERIFY_PARAM_free(vpm); 1674 X509_VERIFY_PARAM_free(vpm);
1810 if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); free(cbuf); } 1675 if (cbuf != NULL) {
1811 if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); free(sbuf); } 1676 OPENSSL_cleanse(cbuf, BUFSIZZ);
1812 if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); free(mbuf); } 1677 free(cbuf);
1813 if (bio_c_out != NULL) 1678 }
1814 { 1679 if (sbuf != NULL) {
1680 OPENSSL_cleanse(sbuf, BUFSIZZ);
1681 free(sbuf);
1682 }
1683 if (mbuf != NULL) {
1684 OPENSSL_cleanse(mbuf, BUFSIZZ);
1685 free(mbuf);
1686 }
1687 if (bio_c_out != NULL) {
1815 BIO_free(bio_c_out); 1688 BIO_free(bio_c_out);
1816 bio_c_out=NULL; 1689 bio_c_out = NULL;
1817 }
1818 apps_shutdown();
1819 return(ret);
1820 } 1690 }
1691 apps_shutdown();
1692 return (ret);
1693}
1821 1694
1822 1695
1823static void print_stuff(BIO *bio, SSL *s, int full) 1696static void
1824 { 1697print_stuff(BIO * bio, SSL * s, int full)
1825 X509 *peer=NULL; 1698{
1699 X509 *peer = NULL;
1826 char *p; 1700 char *p;
1827 static const char *space=" "; 1701 static const char *space = " ";
1828 char buf[BUFSIZ]; 1702 char buf[BUFSIZ];
1829 STACK_OF(X509) *sk; 1703 STACK_OF(X509) * sk;
1830 STACK_OF(X509_NAME) *sk2; 1704 STACK_OF(X509_NAME) * sk2;
1831 const SSL_CIPHER *c; 1705 const SSL_CIPHER *c;
1832 X509_NAME *xn; 1706 X509_NAME *xn;
1833 int j,i; 1707 int j, i;
1834#ifndef OPENSSL_NO_COMP 1708#ifndef OPENSSL_NO_COMP
1835 const COMP_METHOD *comp, *expansion; 1709 const COMP_METHOD *comp, *expansion;
1836#endif 1710#endif
1837 unsigned char *exportedkeymat; 1711 unsigned char *exportedkeymat;
1838 1712
1839 if (full) 1713 if (full) {
1840 {
1841 int got_a_chain = 0; 1714 int got_a_chain = 0;
1842 1715
1843 sk=SSL_get_peer_cert_chain(s); 1716 sk = SSL_get_peer_cert_chain(s);
1844 if (sk != NULL) 1717 if (sk != NULL) {
1845 { 1718 got_a_chain = 1; /* we don't have it for SSL2
1846 got_a_chain = 1; /* we don't have it for SSL2 (yet) */ 1719 * (yet) */
1847 1720
1848 BIO_printf(bio,"---\nCertificate chain\n"); 1721 BIO_printf(bio, "---\nCertificate chain\n");
1849 for (i=0; i<sk_X509_num(sk); i++) 1722 for (i = 0; i < sk_X509_num(sk); i++) {
1850 {
1851 X509_NAME_oneline(X509_get_subject_name( 1723 X509_NAME_oneline(X509_get_subject_name(
1852 sk_X509_value(sk,i)),buf,sizeof buf); 1724 sk_X509_value(sk, i)), buf, sizeof buf);
1853 BIO_printf(bio,"%2d s:%s\n",i,buf); 1725 BIO_printf(bio, "%2d s:%s\n", i, buf);
1854 X509_NAME_oneline(X509_get_issuer_name( 1726 X509_NAME_oneline(X509_get_issuer_name(
1855 sk_X509_value(sk,i)),buf,sizeof buf); 1727 sk_X509_value(sk, i)), buf, sizeof buf);
1856 BIO_printf(bio," i:%s\n",buf); 1728 BIO_printf(bio, " i:%s\n", buf);
1857 if (c_showcerts) 1729 if (c_showcerts)
1858 PEM_write_bio_X509(bio,sk_X509_value(sk,i)); 1730 PEM_write_bio_X509(bio, sk_X509_value(sk, i));
1859 }
1860 } 1731 }
1861 1732 }
1862 BIO_printf(bio,"---\n"); 1733 BIO_printf(bio, "---\n");
1863 peer=SSL_get_peer_certificate(s); 1734 peer = SSL_get_peer_certificate(s);
1864 if (peer != NULL) 1735 if (peer != NULL) {
1865 { 1736 BIO_printf(bio, "Server certificate\n");
1866 BIO_printf(bio,"Server certificate\n"); 1737 if (!(c_showcerts && got_a_chain)) /* Redundant if we
1867 if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ 1738 * showed the whole
1868 PEM_write_bio_X509(bio,peer); 1739 * chain */
1740 PEM_write_bio_X509(bio, peer);
1869 X509_NAME_oneline(X509_get_subject_name(peer), 1741 X509_NAME_oneline(X509_get_subject_name(peer),
1870 buf,sizeof buf); 1742 buf, sizeof buf);
1871 BIO_printf(bio,"subject=%s\n",buf); 1743 BIO_printf(bio, "subject=%s\n", buf);
1872 X509_NAME_oneline(X509_get_issuer_name(peer), 1744 X509_NAME_oneline(X509_get_issuer_name(peer),
1873 buf,sizeof buf); 1745 buf, sizeof buf);
1874 BIO_printf(bio,"issuer=%s\n",buf); 1746 BIO_printf(bio, "issuer=%s\n", buf);
1875 } 1747 } else
1876 else 1748 BIO_printf(bio, "no peer certificate available\n");
1877 BIO_printf(bio,"no peer certificate available\n"); 1749
1878 1750 sk2 = SSL_get_client_CA_list(s);
1879 sk2=SSL_get_client_CA_list(s); 1751 if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
1880 if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) 1752 BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
1881 { 1753 for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
1882 BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); 1754 xn = sk_X509_NAME_value(sk2, i);
1883 for (i=0; i<sk_X509_NAME_num(sk2); i++) 1755 X509_NAME_oneline(xn, buf, sizeof(buf));
1884 { 1756 BIO_write(bio, buf, strlen(buf));
1885 xn=sk_X509_NAME_value(sk2,i); 1757 BIO_write(bio, "\n", 1);
1886 X509_NAME_oneline(xn,buf,sizeof(buf)); 1758 }
1887 BIO_write(bio,buf,strlen(buf)); 1759 } else {
1888 BIO_write(bio,"\n",1); 1760 BIO_printf(bio, "---\nNo client certificate CA names sent\n");
1889 } 1761 }
1890 } 1762 p = SSL_get_shared_ciphers(s, buf, sizeof buf);
1891 else 1763 if (p != NULL) {
1892 { 1764 /*
1893 BIO_printf(bio,"---\nNo client certificate CA names sent\n"); 1765 * This works only for SSL 2. In later protocol
1894 }
1895 p=SSL_get_shared_ciphers(s,buf,sizeof buf);
1896 if (p != NULL)
1897 {
1898 /* This works only for SSL 2. In later protocol
1899 * versions, the client does not know what other 1766 * versions, the client does not know what other
1900 * ciphers (in addition to the one to be used 1767 * ciphers (in addition to the one to be used in the
1901 * in the current connection) the server supports. */ 1768 * current connection) the server supports.
1902 1769 */
1903 BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); 1770
1904 j=i=0; 1771 BIO_printf(bio, "---\nCiphers common between both SSL endpoints:\n");
1905 while (*p) 1772 j = i = 0;
1906 { 1773 while (*p) {
1907 if (*p == ':') 1774 if (*p == ':') {
1908 { 1775 BIO_write(bio, space, 15 - j % 25);
1909 BIO_write(bio,space,15-j%25);
1910 i++; 1776 i++;
1911 j=0; 1777 j = 0;
1912 BIO_write(bio,((i%3)?" ":"\n"),1); 1778 BIO_write(bio, ((i % 3) ? " " : "\n"), 1);
1913 } 1779 } else {
1914 else 1780 BIO_write(bio, p, 1);
1915 {
1916 BIO_write(bio,p,1);
1917 j++; 1781 j++;
1918 }
1919 p++;
1920 } 1782 }
1921 BIO_write(bio,"\n",1); 1783 p++;
1922 } 1784 }
1923 1785 BIO_write(bio, "\n", 1);
1924 BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
1925 BIO_number_read(SSL_get_rbio(s)),
1926 BIO_number_written(SSL_get_wbio(s)));
1927 } 1786 }
1928 BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, ")); 1787 BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
1929 c=SSL_get_current_cipher(s); 1788 BIO_number_read(SSL_get_rbio(s)),
1930 BIO_printf(bio,"%s, Cipher is %s\n", 1789 BIO_number_written(SSL_get_wbio(s)));
1931 SSL_CIPHER_get_version(c), 1790 }
1932 SSL_CIPHER_get_name(c)); 1791 BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
1792 c = SSL_get_current_cipher(s);
1793 BIO_printf(bio, "%s, Cipher is %s\n",
1794 SSL_CIPHER_get_version(c),
1795 SSL_CIPHER_get_name(c));
1933 if (peer != NULL) { 1796 if (peer != NULL) {
1934 EVP_PKEY *pktmp; 1797 EVP_PKEY *pktmp;
1935 pktmp = X509_get_pubkey(peer); 1798 pktmp = X509_get_pubkey(peer);
1936 BIO_printf(bio,"Server public key is %d bit\n", 1799 BIO_printf(bio, "Server public key is %d bit\n",
1937 EVP_PKEY_bits(pktmp)); 1800 EVP_PKEY_bits(pktmp));
1938 EVP_PKEY_free(pktmp); 1801 EVP_PKEY_free(pktmp);
1939 } 1802 }
1940 BIO_printf(bio, "Secure Renegotiation IS%s supported\n", 1803 BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
1941 SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); 1804 SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
1942#ifndef OPENSSL_NO_COMP 1805#ifndef OPENSSL_NO_COMP
1943 comp=SSL_get_current_compression(s); 1806 comp = SSL_get_current_compression(s);
1944 expansion=SSL_get_current_expansion(s); 1807 expansion = SSL_get_current_expansion(s);
1945 BIO_printf(bio,"Compression: %s\n", 1808 BIO_printf(bio, "Compression: %s\n",
1946 comp ? SSL_COMP_get_name(comp) : "NONE"); 1809 comp ? SSL_COMP_get_name(comp) : "NONE");
1947 BIO_printf(bio,"Expansion: %s\n", 1810 BIO_printf(bio, "Expansion: %s\n",
1948 expansion ? SSL_COMP_get_name(expansion) : "NONE"); 1811 expansion ? SSL_COMP_get_name(expansion) : "NONE");
1949#endif 1812#endif
1950 1813
1951#ifdef SSL_DEBUG 1814#ifdef SSL_DEBUG
1952 { 1815 {
1953 /* Print out local port of connection: useful for debugging */ 1816 /* Print out local port of connection: useful for debugging */
1954 int sock; 1817 int sock;
1955 struct sockaddr_in ladd; 1818 struct sockaddr_in ladd;
1956 socklen_t ladd_size = sizeof(ladd); 1819 socklen_t ladd_size = sizeof(ladd);
1957 sock = SSL_get_fd(s); 1820 sock = SSL_get_fd(s);
1958 getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); 1821 getsockname(sock, (struct sockaddr *) & ladd, &ladd_size);
1959 BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); 1822 BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
1960 } 1823 }
1961#endif 1824#endif
1962 1825
@@ -1972,76 +1835,70 @@ static void print_stuff(BIO *bio, SSL *s, int full)
1972#endif 1835#endif
1973 1836
1974#ifndef OPENSSL_NO_SRTP 1837#ifndef OPENSSL_NO_SRTP
1975 { 1838 {
1976 SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); 1839 SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s);
1977 1840
1978 if(srtp_profile) 1841 if (srtp_profile)
1979 BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", 1842 BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
1980 srtp_profile->name); 1843 srtp_profile->name);
1981 } 1844 }
1982#endif 1845#endif
1983 1846
1984 SSL_SESSION_print(bio,SSL_get_session(s)); 1847 SSL_SESSION_print(bio, SSL_get_session(s));
1985 if (keymatexportlabel != NULL) 1848 if (keymatexportlabel != NULL) {
1986 {
1987 BIO_printf(bio, "Keying material exporter:\n"); 1849 BIO_printf(bio, "Keying material exporter:\n");
1988 BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); 1850 BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
1989 BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); 1851 BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
1990 exportedkeymat = malloc(keymatexportlen); 1852 exportedkeymat = malloc(keymatexportlen);
1991 if (exportedkeymat != NULL) 1853 if (exportedkeymat != NULL) {
1992 {
1993 if (!SSL_export_keying_material(s, exportedkeymat, 1854 if (!SSL_export_keying_material(s, exportedkeymat,
1994 keymatexportlen, 1855 keymatexportlen,
1995 keymatexportlabel, 1856 keymatexportlabel,
1996 strlen(keymatexportlabel), 1857 strlen(keymatexportlabel),
1997 NULL, 0, 0)) 1858 NULL, 0, 0)) {
1998 {
1999 BIO_printf(bio, " Error\n"); 1859 BIO_printf(bio, " Error\n");
2000 } 1860 } else {
2001 else
2002 {
2003 BIO_printf(bio, " Keying material: "); 1861 BIO_printf(bio, " Keying material: ");
2004 for (i=0; i<keymatexportlen; i++) 1862 for (i = 0; i < keymatexportlen; i++)
2005 BIO_printf(bio, "%02X", 1863 BIO_printf(bio, "%02X",
2006 exportedkeymat[i]); 1864 exportedkeymat[i]);
2007 BIO_printf(bio, "\n"); 1865 BIO_printf(bio, "\n");
2008 }
2009 free(exportedkeymat);
2010 } 1866 }
1867 free(exportedkeymat);
2011 } 1868 }
2012 BIO_printf(bio,"---\n"); 1869 }
1870 BIO_printf(bio, "---\n");
2013 if (peer != NULL) 1871 if (peer != NULL)
2014 X509_free(peer); 1872 X509_free(peer);
2015 /* flush, or debugging output gets mixed with http response */ 1873 /* flush, or debugging output gets mixed with http response */
2016 (void)BIO_flush(bio); 1874 (void) BIO_flush(bio);
2017 } 1875}
2018 1876
2019#ifndef OPENSSL_NO_TLSEXT 1877#ifndef OPENSSL_NO_TLSEXT
2020 1878
2021static int ocsp_resp_cb(SSL *s, void *arg) 1879static int
2022 { 1880ocsp_resp_cb(SSL * s, void *arg)
1881{
2023 const unsigned char *p; 1882 const unsigned char *p;
2024 int len; 1883 int len;
2025 OCSP_RESPONSE *rsp; 1884 OCSP_RESPONSE *rsp;
2026 len = SSL_get_tlsext_status_ocsp_resp(s, &p); 1885 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
2027 BIO_puts(arg, "OCSP response: "); 1886 BIO_puts(arg, "OCSP response: ");
2028 if (!p) 1887 if (!p) {
2029 {
2030 BIO_puts(arg, "no response sent\n"); 1888 BIO_puts(arg, "no response sent\n");
2031 return 1; 1889 return 1;
2032 } 1890 }
2033 rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 1891 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2034 if (!rsp) 1892 if (!rsp) {
2035 {
2036 BIO_puts(arg, "response parse error\n"); 1893 BIO_puts(arg, "response parse error\n");
2037 BIO_dump_indent(arg, (char *)p, len, 4); 1894 BIO_dump_indent(arg, (char *) p, len, 4);
2038 return 0; 1895 return 0;
2039 } 1896 }
2040 BIO_puts(arg, "\n======================================\n"); 1897 BIO_puts(arg, "\n======================================\n");
2041 OCSP_RESPONSE_print(arg, rsp, 0); 1898 OCSP_RESPONSE_print(arg, rsp, 0);
2042 BIO_puts(arg, "======================================\n"); 1899 BIO_puts(arg, "======================================\n");
2043 OCSP_RESPONSE_free(rsp); 1900 OCSP_RESPONSE_free(rsp);
2044 return 1; 1901 return 1;
2045 } 1902}
2046 1903
2047#endif 1904#endif
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 7309f740e4..fb44573854 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -110,7 +110,7 @@
110 */ 110 */
111/* ==================================================================== 111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ==================================================================== 116/* ====================================================================
@@ -184,16 +184,17 @@
184 184
185 185
186#ifndef OPENSSL_NO_RSA 186#ifndef OPENSSL_NO_RSA
187static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); 187static RSA *tmp_rsa_cb(SSL * s, int is_export, int keylength);
188#endif 188#endif
189static int sv_body(char *hostname, int s, unsigned char *context); 189static int sv_body(char *hostname, int s, unsigned char *context);
190static int www_body(char *hostname, int s, unsigned char *context); 190static int www_body(char *hostname, int s, unsigned char *context);
191static void close_accept_socket(void ); 191static void close_accept_socket(void);
192static void sv_usage(void); 192static void sv_usage(void);
193static int init_ssl_connection(SSL *s); 193static int init_ssl_connection(SSL * s);
194static void print_stats(BIO *bp,SSL_CTX *ctx); 194static void print_stats(BIO * bp, SSL_CTX * ctx);
195static int generate_session_id(const SSL *ssl, unsigned char *id, 195static int
196 unsigned int *id_len); 196generate_session_id(const SSL * ssl, unsigned char *id,
197 unsigned int *id_len);
197#ifndef OPENSSL_NO_DH 198#ifndef OPENSSL_NO_DH
198static DH *load_dh_param(const char *dhfile); 199static DH *load_dh_param(const char *dhfile);
199static DH *get_dh512(void); 200static DH *get_dh512(void);
@@ -202,29 +203,31 @@ static DH *get_dh512(void);
202static void s_server_init(void); 203static void s_server_init(void);
203 204
204#ifndef OPENSSL_NO_DH 205#ifndef OPENSSL_NO_DH
205static unsigned char dh512_p[]={ 206static unsigned char dh512_p[] = {
206 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 207 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
207 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 208 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
208 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 209 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
209 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 210 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
210 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 211 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
211 0x47,0x74,0xE8,0x33, 212 0x47, 0x74, 0xE8, 0x33,
212 }; 213};
213static unsigned char dh512_g[]={ 214static unsigned char dh512_g[] = {
214 0x02, 215 0x02,
215 }; 216};
216 217
217static DH *get_dh512(void) 218static DH *
218 { 219get_dh512(void)
219 DH *dh=NULL; 220{
221 DH *dh = NULL;
220 222
221 if ((dh=DH_new()) == NULL) return(NULL); 223 if ((dh = DH_new()) == NULL)
222 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 224 return (NULL);
223 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 225 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
226 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
224 if ((dh->p == NULL) || (dh->g == NULL)) 227 if ((dh->p == NULL) || (dh->g == NULL))
225 return(NULL); 228 return (NULL);
226 return(dh); 229 return (dh);
227 } 230}
228#endif 231#endif
229 232
230 233
@@ -232,8 +235,8 @@ static DH *get_dh512(void)
232 235
233#undef BUFSIZZ 236#undef BUFSIZZ
234#define BUFSIZZ 16*1024 237#define BUFSIZZ 16*1024
235static int bufsize=BUFSIZZ; 238static int bufsize = BUFSIZZ;
236static int accept_socket= -1; 239static int accept_socket = -1;
237 240
238#define TEST_CERT "server.pem" 241#define TEST_CERT "server.pem"
239#ifndef OPENSSL_NO_TLSEXT 242#ifndef OPENSSL_NO_TLSEXT
@@ -244,43 +247,43 @@ static int accept_socket= -1;
244 247
245extern int verify_depth, verify_return_error; 248extern int verify_depth, verify_return_error;
246 249
247static char *cipher=NULL; 250static char *cipher = NULL;
248static int s_server_verify=SSL_VERIFY_NONE; 251static int s_server_verify = SSL_VERIFY_NONE;
249static int s_server_session_id_context = 1; /* anything will do */ 252static int s_server_session_id_context = 1; /* anything will do */
250static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; 253static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
251#ifndef OPENSSL_NO_TLSEXT 254#ifndef OPENSSL_NO_TLSEXT
252static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; 255static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
253#endif 256#endif
254static char *s_dcert_file=NULL,*s_dkey_file=NULL; 257static char *s_dcert_file = NULL, *s_dkey_file = NULL;
255#ifdef FIONBIO 258#ifdef FIONBIO
256static int s_nbio=0; 259static int s_nbio = 0;
257#endif 260#endif
258static int s_nbio_test=0; 261static int s_nbio_test = 0;
259int s_crlf=0; 262int s_crlf = 0;
260static SSL_CTX *ctx=NULL; 263static SSL_CTX *ctx = NULL;
261#ifndef OPENSSL_NO_TLSEXT 264#ifndef OPENSSL_NO_TLSEXT
262static SSL_CTX *ctx2=NULL; 265static SSL_CTX *ctx2 = NULL;
263#endif 266#endif
264static int www=0; 267static int www = 0;
265 268
266static BIO *bio_s_out=NULL; 269static BIO *bio_s_out = NULL;
267static int s_debug=0; 270static int s_debug = 0;
268#ifndef OPENSSL_NO_TLSEXT 271#ifndef OPENSSL_NO_TLSEXT
269static int s_tlsextdebug=0; 272static int s_tlsextdebug = 0;
270static int s_tlsextstatus=0; 273static int s_tlsextstatus = 0;
271static int cert_status_cb(SSL *s, void *arg); 274static int cert_status_cb(SSL * s, void *arg);
272#endif 275#endif
273static int s_msg=0; 276static int s_msg = 0;
274static int s_quiet=0; 277static int s_quiet = 0;
275 278
276static char *keymatexportlabel=NULL; 279static char *keymatexportlabel = NULL;
277static int keymatexportlen=20; 280static int keymatexportlen = 20;
278 281
279static int hack=0; 282static int hack = 0;
280#ifndef OPENSSL_NO_ENGINE 283#ifndef OPENSSL_NO_ENGINE
281static char *engine_id=NULL; 284static char *engine_id = NULL;
282#endif 285#endif
283static const char *session_id_prefix=NULL; 286static const char *session_id_prefix = NULL;
284 287
285static int enable_timeouts = 0; 288static int enable_timeouts = 0;
286static long socket_mtu; 289static long socket_mtu;
@@ -290,303 +293,296 @@ static int cert_chain = 0;
290 293
291 294
292#ifndef OPENSSL_NO_PSK 295#ifndef OPENSSL_NO_PSK
293static char *psk_identity="Client_identity"; 296static char *psk_identity = "Client_identity";
294char *psk_key=NULL; /* by default PSK is not used */ 297char *psk_key = NULL; /* by default PSK is not used */
295 298
296static unsigned int psk_server_cb(SSL *ssl, const char *identity, 299static unsigned int
297 unsigned char *psk, unsigned int max_psk_len) 300psk_server_cb(SSL * ssl, const char *identity,
298 { 301 unsigned char *psk, unsigned int max_psk_len)
302{
299 unsigned int psk_len = 0; 303 unsigned int psk_len = 0;
300 int ret; 304 int ret;
301 BIGNUM *bn = NULL; 305 BIGNUM *bn = NULL;
302 306
303 if (s_debug) 307 if (s_debug)
304 BIO_printf(bio_s_out,"psk_server_cb\n"); 308 BIO_printf(bio_s_out, "psk_server_cb\n");
305 if (!identity) 309 if (!identity) {
306 { 310 BIO_printf(bio_err, "Error: client did not send PSK identity\n");
307 BIO_printf(bio_err,"Error: client did not send PSK identity\n");
308 goto out_err; 311 goto out_err;
309 } 312 }
310 if (s_debug) 313 if (s_debug)
311 BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", 314 BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
312 identity ? (int)strlen(identity) : 0, identity); 315 identity ? (int) strlen(identity) : 0, identity);
313 316
314 /* here we could lookup the given identity e.g. from a database */ 317 /* here we could lookup the given identity e.g. from a database */
315 if (strcmp(identity, psk_identity) != 0) 318 if (strcmp(identity, psk_identity) != 0) {
316 { 319 BIO_printf(bio_s_out, "PSK error: client identity not found"
317 BIO_printf(bio_s_out, "PSK error: client identity not found" 320 " (got '%s' expected '%s')\n", identity,
318 " (got '%s' expected '%s')\n", identity, 321 psk_identity);
319 psk_identity);
320 goto out_err; 322 goto out_err;
321 } 323 }
322 if (s_debug) 324 if (s_debug)
323 BIO_printf(bio_s_out, "PSK client identity found\n"); 325 BIO_printf(bio_s_out, "PSK client identity found\n");
324 326
325 /* convert the PSK key to binary */ 327 /* convert the PSK key to binary */
326 ret = BN_hex2bn(&bn, psk_key); 328 ret = BN_hex2bn(&bn, psk_key);
327 if (!ret) 329 if (!ret) {
328 { 330 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key);
329 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
330 if (bn) 331 if (bn)
331 BN_free(bn); 332 BN_free(bn);
332 return 0; 333 return 0;
333 } 334 }
334 if (BN_num_bytes(bn) > (int)max_psk_len) 335 if (BN_num_bytes(bn) > (int) max_psk_len) {
335 { 336 BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
336 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", 337 max_psk_len, BN_num_bytes(bn));
337 max_psk_len, BN_num_bytes(bn));
338 BN_free(bn); 338 BN_free(bn);
339 return 0; 339 return 0;
340 } 340 }
341
342 ret = BN_bn2bin(bn, psk); 341 ret = BN_bn2bin(bn, psk);
343 BN_free(bn); 342 BN_free(bn);
344 343
345 if (ret < 0) 344 if (ret < 0)
346 goto out_err; 345 goto out_err;
347 psk_len = (unsigned int)ret; 346 psk_len = (unsigned int) ret;
348 347
349 if (s_debug) 348 if (s_debug)
350 BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); 349 BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
351 return psk_len; 350 return psk_len;
352 out_err: 351out_err:
353 if (s_debug) 352 if (s_debug)
354 BIO_printf(bio_err, "Error in PSK server callback\n"); 353 BIO_printf(bio_err, "Error in PSK server callback\n");
355 return 0; 354 return 0;
356 } 355}
357#endif 356#endif
358 357
359#ifndef OPENSSL_NO_SRP 358#ifndef OPENSSL_NO_SRP
360/* This is a context that we pass to callbacks */ 359/* This is a context that we pass to callbacks */
361typedef struct srpsrvparm_st 360typedef struct srpsrvparm_st {
362 {
363 char *login; 361 char *login;
364 SRP_VBASE *vb; 362 SRP_VBASE *vb;
365 SRP_user_pwd *user; 363 SRP_user_pwd *user;
366 } srpsrvparm; 364} srpsrvparm;
367 365
368/* This callback pretends to require some asynchronous logic in order to obtain 366/* This callback pretends to require some asynchronous logic in order to obtain
369 a verifier. When the callback is called for a new connection we return 367 a verifier. When the callback is called for a new connection we return
370 with a negative value. This will provoke the accept etc to return with 368 with a negative value. This will provoke the accept etc to return with
371 an LOOKUP_X509. The main logic of the reinvokes the suspended call 369 an LOOKUP_X509. The main logic of the reinvokes the suspended call
372 (which would normally occur after a worker has finished) and we 370 (which would normally occur after a worker has finished) and we
373 set the user parameters. 371 set the user parameters.
374*/ 372*/
375static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 373static int
376 { 374ssl_srp_server_param_cb(SSL * s, int *ad, void *arg)
377 srpsrvparm *p = (srpsrvparm *)arg; 375{
378 if (p->login == NULL && p->user == NULL ) 376 srpsrvparm *p = (srpsrvparm *) arg;
379 { 377 if (p->login == NULL && p->user == NULL) {
380 p->login = SSL_get_srp_username(s); 378 p->login = SSL_get_srp_username(s);
381 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); 379 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
382 return (-1) ; 380 return (-1);
383 } 381 }
384 382 if (p->user == NULL) {
385 if (p->user == NULL)
386 {
387 BIO_printf(bio_err, "User %s doesn't exist\n", p->login); 383 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
388 return SSL3_AL_FATAL; 384 return SSL3_AL_FATAL;
389 } 385 }
390 if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, 386 if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
391 p->user->info) < 0) 387 p->user->info) < 0) {
392 {
393 *ad = SSL_AD_INTERNAL_ERROR; 388 *ad = SSL_AD_INTERNAL_ERROR;
394 return SSL3_AL_FATAL; 389 return SSL3_AL_FATAL;
395 } 390 }
396 BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); 391 BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
397 /* need to check whether there are memory leaks */ 392 /* need to check whether there are memory leaks */
398 p->user = NULL; 393 p->user = NULL;
399 p->login = NULL; 394 p->login = NULL;
400 return SSL_ERROR_NONE; 395 return SSL_ERROR_NONE;
401 } 396}
402 397
403#endif 398#endif
404 399
405static void s_server_init(void) 400static void
406 { 401s_server_init(void)
407 accept_socket=-1; 402{
408 cipher=NULL; 403 accept_socket = -1;
409 s_server_verify=SSL_VERIFY_NONE; 404 cipher = NULL;
410 s_dcert_file=NULL; 405 s_server_verify = SSL_VERIFY_NONE;
411 s_dkey_file=NULL; 406 s_dcert_file = NULL;
412 s_cert_file=TEST_CERT; 407 s_dkey_file = NULL;
413 s_key_file=NULL; 408 s_cert_file = TEST_CERT;
409 s_key_file = NULL;
414#ifndef OPENSSL_NO_TLSEXT 410#ifndef OPENSSL_NO_TLSEXT
415 s_cert_file2=TEST_CERT2; 411 s_cert_file2 = TEST_CERT2;
416 s_key_file2=NULL; 412 s_key_file2 = NULL;
417 ctx2=NULL; 413 ctx2 = NULL;
418#endif 414#endif
419#ifdef FIONBIO 415#ifdef FIONBIO
420 s_nbio=0; 416 s_nbio = 0;
421#endif 417#endif
422 s_nbio_test=0; 418 s_nbio_test = 0;
423 ctx=NULL; 419 ctx = NULL;
424 www=0; 420 www = 0;
425 421
426 bio_s_out=NULL; 422 bio_s_out = NULL;
427 s_debug=0; 423 s_debug = 0;
428 s_msg=0; 424 s_msg = 0;
429 s_quiet=0; 425 s_quiet = 0;
430 hack=0; 426 hack = 0;
431#ifndef OPENSSL_NO_ENGINE 427#ifndef OPENSSL_NO_ENGINE
432 engine_id=NULL; 428 engine_id = NULL;
433#endif 429#endif
434 } 430}
435 431
436static void sv_usage(void) 432static void
437 { 433sv_usage(void)
438 BIO_printf(bio_err,"usage: s_server [args ...]\n"); 434{
439 BIO_printf(bio_err,"\n"); 435 BIO_printf(bio_err, "usage: s_server [args ...]\n");
440 BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 436 BIO_printf(bio_err, "\n");
441 BIO_printf(bio_err," -context arg - set session ID context\n"); 437 BIO_printf(bio_err, " -accept arg - port to accept on (default is %d)\n", PORT);
442 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 438 BIO_printf(bio_err, " -context arg - set session ID context\n");
443 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 439 BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n");
444 BIO_printf(bio_err," -cert arg - certificate file to use\n"); 440 BIO_printf(bio_err, " -Verify arg - turn on peer certificate verification, must have a cert.\n");
445 BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 441 BIO_printf(bio_err, " -cert arg - certificate file to use\n");
446 BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ 442 BIO_printf(bio_err, " (default is %s)\n", TEST_CERT);
447 " The CRL(s) are appended to the certificate file\n"); 443 BIO_printf(bio_err, " -crl_check - check the peer certificate has not been revoked by its CA.\n" \
448 BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ 444 " The CRL(s) are appended to the certificate file\n");
449 " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ 445 BIO_printf(bio_err, " -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
450 " the certificate file.\n"); 446 " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
451 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); 447 " the certificate file.\n");
452 BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); 448 BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
453 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 449 BIO_printf(bio_err, " -key arg - Private Key file to use, in cert file if\n");
454 BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); 450 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT);
455 BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); 451 BIO_printf(bio_err, " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
456 BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 452 BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n");
457 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); 453 BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n");
458 BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 454 BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n");
459 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); 455 BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n");
460 BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); 456 BIO_printf(bio_err, " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
461 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 457 BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n");
462 BIO_printf(bio_err," or a default set of parameters is used\n"); 458 BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
459 BIO_printf(bio_err, " or a default set of parameters is used\n");
463#ifndef OPENSSL_NO_ECDH 460#ifndef OPENSSL_NO_ECDH
464 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 461 BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
465 " Use \"openssl ecparam -list_curves\" for all names\n" \ 462 " Use \"openssl ecparam -list_curves\" for all names\n" \
466 " (default is nistp256).\n"); 463 " (default is nistp256).\n");
467#endif 464#endif
468#ifdef FIONBIO 465#ifdef FIONBIO
469 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 466 BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
470#endif 467#endif
471 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 468 BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n");
472 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 469 BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n");
473 BIO_printf(bio_err," -debug - Print more output\n"); 470 BIO_printf(bio_err, " -debug - Print more output\n");
474 BIO_printf(bio_err," -msg - Show protocol messages\n"); 471 BIO_printf(bio_err, " -msg - Show protocol messages\n");
475 BIO_printf(bio_err," -state - Print the SSL states\n"); 472 BIO_printf(bio_err, " -state - Print the SSL states\n");
476 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 473 BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
477 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 474 BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
478 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 475 BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n");
479 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 476 BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
480 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); 477 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
481 BIO_printf(bio_err," -quiet - No server output\n"); 478 BIO_printf(bio_err, " -quiet - No server output\n");
482 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 479 BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
483#ifndef OPENSSL_NO_PSK 480#ifndef OPENSSL_NO_PSK
484 BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); 481 BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
485 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); 482 BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
486# ifndef OPENSSL_NO_JPAKE 483#ifndef OPENSSL_NO_JPAKE
487 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); 484 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
488# endif 485#endif
489#endif 486#endif
490#ifndef OPENSSL_NO_SRP 487#ifndef OPENSSL_NO_SRP
491 BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); 488 BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
492 BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); 489 BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
493#endif 490#endif
494 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 491 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
495 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 492 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
496 BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n"); 493 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
497 BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); 494 BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
498 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 495 BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n");
499 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); 496 BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n");
500 BIO_printf(bio_err," -timeout - Enable timeouts\n"); 497 BIO_printf(bio_err, " -timeout - Enable timeouts\n");
501 BIO_printf(bio_err," -mtu - Set link layer MTU\n"); 498 BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
502 BIO_printf(bio_err," -chain - Read a certificate chain\n"); 499 BIO_printf(bio_err, " -chain - Read a certificate chain\n");
503 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 500 BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
504 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 501 BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
505 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 502 BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
506 BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); 503 BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n");
507 BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n"); 504 BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n");
508#ifndef OPENSSL_NO_DH 505#ifndef OPENSSL_NO_DH
509 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 506 BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
510#endif 507#endif
511#ifndef OPENSSL_NO_ECDH 508#ifndef OPENSSL_NO_ECDH
512 BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); 509 BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
513#endif 510#endif
514 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 511 BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
515 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 512 BIO_printf(bio_err, " -www - Respond to a 'GET /' with a status page\n");
516 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 513 BIO_printf(bio_err, " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
517 BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 514 BIO_printf(bio_err, " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
518 BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); 515 BIO_printf(bio_err, " with the assumption it contains a complete HTTP response.\n");
519#ifndef OPENSSL_NO_ENGINE 516#ifndef OPENSSL_NO_ENGINE
520 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 517 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
521#endif 518#endif
522 BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 519 BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
523 BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':'); 520 BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':');
524#ifndef OPENSSL_NO_TLSEXT 521#ifndef OPENSSL_NO_TLSEXT
525 BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); 522 BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
526 BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); 523 BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
527 BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); 524 BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n");
528 BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); 525 BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2);
529 BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); 526 BIO_printf(bio_err, " -key2 arg - Private Key file to use for servername, in cert file if\n");
530 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); 527 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2);
531 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 528 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
532 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 529 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
533 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 530 BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
534# ifndef OPENSSL_NO_NEXTPROTONEG 531#ifndef OPENSSL_NO_NEXTPROTONEG
535 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); 532 BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
536# endif 533#endif
537# ifndef OPENSSL_NO_SRTP 534#ifndef OPENSSL_NO_SRTP
538 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 535 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
539# endif 536#endif
540#endif 537#endif
541 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); 538 BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n");
542 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 539 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
543 } 540}
544 541
545static int local_argc=0; 542static int local_argc = 0;
546static char **local_argv; 543static char **local_argv;
547 544
548#ifndef OPENSSL_NO_TLSEXT 545#ifndef OPENSSL_NO_TLSEXT
549 546
550/* This is a context that we pass to callbacks */ 547/* This is a context that we pass to callbacks */
551typedef struct tlsextctx_st { 548typedef struct tlsextctx_st {
552 char * servername; 549 char *servername;
553 BIO * biodebug; 550 BIO *biodebug;
554 int extension_error; 551 int extension_error;
555} tlsextctx; 552} tlsextctx;
556 553
557 554
558static int ssl_servername_cb(SSL *s, int *ad, void *arg) 555static int
559 { 556ssl_servername_cb(SSL * s, int *ad, void *arg)
560 tlsextctx * p = (tlsextctx *) arg; 557{
561 const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 558 tlsextctx *p = (tlsextctx *) arg;
562 if (servername && p->biodebug) 559 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
563 BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); 560 if (servername && p->biodebug)
564 561 BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername);
562
565 if (!p->servername) 563 if (!p->servername)
566 return SSL_TLSEXT_ERR_NOACK; 564 return SSL_TLSEXT_ERR_NOACK;
567 565
568 if (servername) 566 if (servername) {
569 { 567 if (strcmp(servername, p->servername))
570 if (strcmp(servername,p->servername))
571 return p->extension_error; 568 return p->extension_error;
572 if (ctx2) 569 if (ctx2) {
573 { 570 BIO_printf(p->biodebug, "Switching server context.\n");
574 BIO_printf(p->biodebug,"Switching server context.\n"); 571 SSL_set_SSL_CTX(s, ctx2);
575 SSL_set_SSL_CTX(s,ctx2);
576 }
577 } 572 }
573 }
578 return SSL_TLSEXT_ERR_OK; 574 return SSL_TLSEXT_ERR_OK;
579} 575}
580 576
581/* Structure passed to cert status callback */ 577/* Structure passed to cert status callback */
582 578
583typedef struct tlsextstatusctx_st { 579typedef struct tlsextstatusctx_st {
584 /* Default responder to use */ 580 /* Default responder to use */
585 char *host, *path, *port; 581 char *host, *path, *port;
586 int use_ssl; 582 int use_ssl;
587 int timeout; 583 int timeout;
588 BIO *err; 584 BIO *err;
589 int verbose; 585 int verbose;
590} tlsextstatusctx; 586} tlsextstatusctx;
591 587
592static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; 588static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
@@ -602,70 +598,65 @@ static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
602 * considered "expired". 598 * considered "expired".
603 */ 599 */
604 600
605static int cert_status_cb(SSL *s, void *arg) 601static int
606 { 602cert_status_cb(SSL * s, void *arg)
603{
607 tlsextstatusctx *srctx = arg; 604 tlsextstatusctx *srctx = arg;
608 BIO *err = srctx->err; 605 BIO *err = srctx->err;
609 char *host, *port, *path; 606 char *host, *port, *path;
610 int use_ssl; 607 int use_ssl;
611 unsigned char *rspder = NULL; 608 unsigned char *rspder = NULL;
612 int rspderlen; 609 int rspderlen;
613 STACK_OF(OPENSSL_STRING) *aia = NULL; 610 STACK_OF(OPENSSL_STRING) * aia = NULL;
614 X509 *x = NULL; 611 X509 *x = NULL;
615 X509_STORE_CTX inctx; 612 X509_STORE_CTX inctx;
616 X509_OBJECT obj; 613 X509_OBJECT obj;
617 OCSP_REQUEST *req = NULL; 614 OCSP_REQUEST *req = NULL;
618 OCSP_RESPONSE *resp = NULL; 615 OCSP_RESPONSE *resp = NULL;
619 OCSP_CERTID *id = NULL; 616 OCSP_CERTID *id = NULL;
620 STACK_OF(X509_EXTENSION) *exts; 617 STACK_OF(X509_EXTENSION) * exts;
621 int ret = SSL_TLSEXT_ERR_NOACK; 618 int ret = SSL_TLSEXT_ERR_NOACK;
622 int i; 619 int i;
623#if 0 620#if 0
624STACK_OF(OCSP_RESPID) *ids; 621 STACK_OF(OCSP_RESPID) * ids;
625SSL_get_tlsext_status_ids(s, &ids); 622 SSL_get_tlsext_status_ids(s, &ids);
626BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); 623 BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
627#endif 624#endif
628 if (srctx->verbose) 625 if (srctx->verbose)
629 BIO_puts(err, "cert_status: callback called\n"); 626 BIO_puts(err, "cert_status: callback called\n");
630 /* Build up OCSP query from server certificate */ 627 /* Build up OCSP query from server certificate */
631 x = SSL_get_certificate(s); 628 x = SSL_get_certificate(s);
632 aia = X509_get1_ocsp(x); 629 aia = X509_get1_ocsp(x);
633 if (aia) 630 if (aia) {
634 {
635 if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), 631 if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
636 &host, &port, &path, &use_ssl)) 632 &host, &port, &path, &use_ssl)) {
637 {
638 BIO_puts(err, "cert_status: can't parse AIA URL\n"); 633 BIO_puts(err, "cert_status: can't parse AIA URL\n");
639 goto err; 634 goto err;
640 } 635 }
641 if (srctx->verbose) 636 if (srctx->verbose)
642 BIO_printf(err, "cert_status: AIA URL: %s\n", 637 BIO_printf(err, "cert_status: AIA URL: %s\n",
643 sk_OPENSSL_STRING_value(aia, 0)); 638 sk_OPENSSL_STRING_value(aia, 0));
644 } 639 } else {
645 else 640 if (!srctx->host) {
646 {
647 if (!srctx->host)
648 {
649 BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); 641 BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
650 goto done; 642 goto done;
651 } 643 }
652 host = srctx->host; 644 host = srctx->host;
653 path = srctx->path; 645 path = srctx->path;
654 port = srctx->port; 646 port = srctx->port;
655 use_ssl = srctx->use_ssl; 647 use_ssl = srctx->use_ssl;
656 } 648 }
657 649
658 if (!X509_STORE_CTX_init(&inctx, 650 if (!X509_STORE_CTX_init(&inctx,
659 SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), 651 SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
660 NULL, NULL)) 652 NULL, NULL))
661 goto err; 653 goto err;
662 if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, 654 if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
663 X509_get_issuer_name(x),&obj) <= 0) 655 X509_get_issuer_name(x), &obj) <= 0) {
664 {
665 BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); 656 BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
666 X509_STORE_CTX_cleanup(&inctx); 657 X509_STORE_CTX_cleanup(&inctx);
667 goto done; 658 goto done;
668 } 659 }
669 req = OCSP_REQUEST_new(); 660 req = OCSP_REQUEST_new();
670 if (!req) 661 if (!req)
671 goto err; 662 goto err;
@@ -679,39 +670,35 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
679 id = NULL; 670 id = NULL;
680 /* Add any extensions to the request */ 671 /* Add any extensions to the request */
681 SSL_get_tlsext_status_exts(s, &exts); 672 SSL_get_tlsext_status_exts(s, &exts);
682 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) 673 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
683 {
684 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 674 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
685 if (!OCSP_REQUEST_add_ext(req, ext, -1)) 675 if (!OCSP_REQUEST_add_ext(req, ext, -1))
686 goto err; 676 goto err;
687 } 677 }
688 resp = process_responder(err, req, host, path, port, use_ssl, NULL, 678 resp = process_responder(err, req, host, path, port, use_ssl, NULL,
689 srctx->timeout); 679 srctx->timeout);
690 if (!resp) 680 if (!resp) {
691 {
692 BIO_puts(err, "cert_status: error querying responder\n"); 681 BIO_puts(err, "cert_status: error querying responder\n");
693 goto done; 682 goto done;
694 } 683 }
695 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); 684 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
696 if (rspderlen <= 0) 685 if (rspderlen <= 0)
697 goto err; 686 goto err;
698 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); 687 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
699 if (srctx->verbose) 688 if (srctx->verbose) {
700 {
701 BIO_puts(err, "cert_status: ocsp response sent:\n"); 689 BIO_puts(err, "cert_status: ocsp response sent:\n");
702 OCSP_RESPONSE_print(err, resp, 2); 690 OCSP_RESPONSE_print(err, resp, 2);
703 } 691 }
704 ret = SSL_TLSEXT_ERR_OK; 692 ret = SSL_TLSEXT_ERR_OK;
705 done: 693done:
706 if (ret != SSL_TLSEXT_ERR_OK) 694 if (ret != SSL_TLSEXT_ERR_OK)
707 ERR_print_errors(err); 695 ERR_print_errors(err);
708 if (aia) 696 if (aia) {
709 {
710 free(host); 697 free(host);
711 free(path); 698 free(path);
712 free(port); 699 free(port);
713 X509_email_free(aia); 700 X509_email_free(aia);
714 } 701 }
715 if (id) 702 if (id)
716 OCSP_CERTID_free(id); 703 OCSP_CERTID_free(id);
717 if (req) 704 if (req)
@@ -719,28 +706,29 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
719 if (resp) 706 if (resp)
720 OCSP_RESPONSE_free(resp); 707 OCSP_RESPONSE_free(resp);
721 return ret; 708 return ret;
722 err: 709err:
723 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 710 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
724 goto done; 711 goto done;
725 } 712}
726 713
727# ifndef OPENSSL_NO_NEXTPROTONEG 714#ifndef OPENSSL_NO_NEXTPROTONEG
728/* This is the context that we pass to next_proto_cb */ 715/* This is the context that we pass to next_proto_cb */
729typedef struct tlsextnextprotoctx_st { 716typedef struct tlsextnextprotoctx_st {
730 unsigned char *data; 717 unsigned char *data;
731 unsigned int len; 718 unsigned int len;
732} tlsextnextprotoctx; 719} tlsextnextprotoctx;
733 720
734static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) 721static int
735 { 722next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
723{
736 tlsextnextprotoctx *next_proto = arg; 724 tlsextnextprotoctx *next_proto = arg;
737 725
738 *data = next_proto->data; 726 *data = next_proto->data;
739 *len = next_proto->len; 727 *len = next_proto->len;
740 728
741 return SSL_TLSEXT_ERR_OK; 729 return SSL_TLSEXT_ERR_OK;
742 } 730}
743# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 731#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
744 732
745 733
746#endif 734#endif
@@ -751,32 +739,33 @@ int MAIN(int, char **);
751static char *jpake_secret = NULL; 739static char *jpake_secret = NULL;
752#endif 740#endif
753#ifndef OPENSSL_NO_SRP 741#ifndef OPENSSL_NO_SRP
754 static srpsrvparm srp_callback_parm; 742static srpsrvparm srp_callback_parm;
755#endif 743#endif
756#ifndef OPENSSL_NO_SRTP 744#ifndef OPENSSL_NO_SRTP
757static char *srtp_profiles = NULL; 745static char *srtp_profiles = NULL;
758#endif 746#endif
759 747
760int MAIN(int argc, char *argv[]) 748int
761 { 749MAIN(int argc, char *argv[])
750{
762 X509_VERIFY_PARAM *vpm = NULL; 751 X509_VERIFY_PARAM *vpm = NULL;
763 int badarg = 0; 752 int badarg = 0;
764 short port=PORT; 753 short port = PORT;
765 char *CApath=NULL,*CAfile=NULL; 754 char *CApath = NULL, *CAfile = NULL;
766 unsigned char *context = NULL; 755 unsigned char *context = NULL;
767 char *dhfile = NULL; 756 char *dhfile = NULL;
768#ifndef OPENSSL_NO_ECDH 757#ifndef OPENSSL_NO_ECDH
769 char *named_curve = NULL; 758 char *named_curve = NULL;
770#endif 759#endif
771 int badop=0,bugs=0; 760 int badop = 0, bugs = 0;
772 int ret=1; 761 int ret = 1;
773 int off=0; 762 int off = 0;
774 int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; 763 int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
775 int state=0; 764 int state = 0;
776 const SSL_METHOD *meth=NULL; 765 const SSL_METHOD *meth = NULL;
777 int socket_type=SOCK_STREAM; 766 int socket_type = SOCK_STREAM;
778 ENGINE *e=NULL; 767 ENGINE *e = NULL;
779 char *inrand=NULL; 768 char *inrand = NULL;
780 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 769 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
781 char *passarg = NULL, *pass = NULL; 770 char *passarg = NULL, *pass = NULL;
782 char *dpassarg = NULL, *dpass = NULL; 771 char *dpassarg = NULL, *dpass = NULL;
@@ -787,428 +776,388 @@ int MAIN(int argc, char *argv[])
787#ifndef OPENSSL_NO_TLSEXT 776#ifndef OPENSSL_NO_TLSEXT
788 EVP_PKEY *s_key2 = NULL; 777 EVP_PKEY *s_key2 = NULL;
789 X509 *s_cert2 = NULL; 778 X509 *s_cert2 = NULL;
790 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 779 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
791# ifndef OPENSSL_NO_NEXTPROTONEG 780#ifndef OPENSSL_NO_NEXTPROTONEG
792 const char *next_proto_neg_in = NULL; 781 const char *next_proto_neg_in = NULL;
793 tlsextnextprotoctx next_proto; 782 tlsextnextprotoctx next_proto;
794# endif 783#endif
795#endif 784#endif
796#ifndef OPENSSL_NO_PSK 785#ifndef OPENSSL_NO_PSK
797 /* by default do not send a PSK identity hint */ 786 /* by default do not send a PSK identity hint */
798 static char *psk_identity_hint=NULL; 787 static char *psk_identity_hint = NULL;
799#endif 788#endif
800#ifndef OPENSSL_NO_SRP 789#ifndef OPENSSL_NO_SRP
801 char *srpuserseed = NULL; 790 char *srpuserseed = NULL;
802 char *srp_verifier_file = NULL; 791 char *srp_verifier_file = NULL;
803#endif 792#endif
804 meth=SSLv23_server_method(); 793 meth = SSLv23_server_method();
805 794
806 local_argc=argc; 795 local_argc = argc;
807 local_argv=argv; 796 local_argv = argv;
808 797
809 apps_startup(); 798 apps_startup();
810 s_server_init(); 799 s_server_init();
811 800
812 if (bio_err == NULL) 801 if (bio_err == NULL)
813 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 802 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
814 803
815 if (!load_config(bio_err, NULL)) 804 if (!load_config(bio_err, NULL))
816 goto end; 805 goto end;
817 806
818 verify_depth=0; 807 verify_depth = 0;
819#ifdef FIONBIO 808#ifdef FIONBIO
820 s_nbio=0; 809 s_nbio = 0;
821#endif 810#endif
822 s_nbio_test=0; 811 s_nbio_test = 0;
823 812
824 argc--; 813 argc--;
825 argv++; 814 argv++;
826 815
827 while (argc >= 1) 816 while (argc >= 1) {
828 { 817 if ((strcmp(*argv, "-port") == 0) ||
829 if ((strcmp(*argv,"-port") == 0) || 818 (strcmp(*argv, "-accept") == 0)) {
830 (strcmp(*argv,"-accept") == 0)) 819 if (--argc < 1)
831 { 820 goto bad;
832 if (--argc < 1) goto bad; 821 if (!extract_port(*(++argv), &port))
833 if (!extract_port(*(++argv),&port)) 822 goto bad;
823 } else if (strcmp(*argv, "-verify") == 0) {
824 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
825 if (--argc < 1)
826 goto bad;
827 verify_depth = atoi(*(++argv));
828 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
829 } else if (strcmp(*argv, "-Verify") == 0) {
830 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
831 SSL_VERIFY_CLIENT_ONCE;
832 if (--argc < 1)
833 goto bad;
834 verify_depth = atoi(*(++argv));
835 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth);
836 } else if (strcmp(*argv, "-context") == 0) {
837 if (--argc < 1)
838 goto bad;
839 context = (unsigned char *) *(++argv);
840 } else if (strcmp(*argv, "-cert") == 0) {
841 if (--argc < 1)
842 goto bad;
843 s_cert_file = *(++argv);
844 } else if (strcmp(*argv, "-certform") == 0) {
845 if (--argc < 1)
834 goto bad; 846 goto bad;
835 }
836 else if (strcmp(*argv,"-verify") == 0)
837 {
838 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
839 if (--argc < 1) goto bad;
840 verify_depth=atoi(*(++argv));
841 BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
842 }
843 else if (strcmp(*argv,"-Verify") == 0)
844 {
845 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
846 SSL_VERIFY_CLIENT_ONCE;
847 if (--argc < 1) goto bad;
848 verify_depth=atoi(*(++argv));
849 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
850 }
851 else if (strcmp(*argv,"-context") == 0)
852 {
853 if (--argc < 1) goto bad;
854 context= (unsigned char *)*(++argv);
855 }
856 else if (strcmp(*argv,"-cert") == 0)
857 {
858 if (--argc < 1) goto bad;
859 s_cert_file= *(++argv);
860 }
861 else if (strcmp(*argv,"-certform") == 0)
862 {
863 if (--argc < 1) goto bad;
864 s_cert_format = str2fmt(*(++argv)); 847 s_cert_format = str2fmt(*(++argv));
865 } 848 } else if (strcmp(*argv, "-key") == 0) {
866 else if (strcmp(*argv,"-key") == 0) 849 if (--argc < 1)
867 { 850 goto bad;
868 if (--argc < 1) goto bad; 851 s_key_file = *(++argv);
869 s_key_file= *(++argv); 852 } else if (strcmp(*argv, "-keyform") == 0) {
870 } 853 if (--argc < 1)
871 else if (strcmp(*argv,"-keyform") == 0) 854 goto bad;
872 {
873 if (--argc < 1) goto bad;
874 s_key_format = str2fmt(*(++argv)); 855 s_key_format = str2fmt(*(++argv));
875 } 856 } else if (strcmp(*argv, "-pass") == 0) {
876 else if (strcmp(*argv,"-pass") == 0) 857 if (--argc < 1)
877 { 858 goto bad;
878 if (--argc < 1) goto bad;
879 passarg = *(++argv); 859 passarg = *(++argv);
880 } 860 } else if (strcmp(*argv, "-dhparam") == 0) {
881 else if (strcmp(*argv,"-dhparam") == 0) 861 if (--argc < 1)
882 { 862 goto bad;
883 if (--argc < 1) goto bad;
884 dhfile = *(++argv); 863 dhfile = *(++argv);
885 } 864 }
886#ifndef OPENSSL_NO_ECDH 865#ifndef OPENSSL_NO_ECDH
887 else if (strcmp(*argv,"-named_curve") == 0) 866 else if (strcmp(*argv, "-named_curve") == 0) {
888 { 867 if (--argc < 1)
889 if (--argc < 1) goto bad; 868 goto bad;
890 named_curve = *(++argv); 869 named_curve = *(++argv);
891 } 870 }
892#endif 871#endif
893 else if (strcmp(*argv,"-dcertform") == 0) 872 else if (strcmp(*argv, "-dcertform") == 0) {
894 { 873 if (--argc < 1)
895 if (--argc < 1) goto bad; 874 goto bad;
896 s_dcert_format = str2fmt(*(++argv)); 875 s_dcert_format = str2fmt(*(++argv));
897 } 876 } else if (strcmp(*argv, "-dcert") == 0) {
898 else if (strcmp(*argv,"-dcert") == 0) 877 if (--argc < 1)
899 { 878 goto bad;
900 if (--argc < 1) goto bad; 879 s_dcert_file = *(++argv);
901 s_dcert_file= *(++argv); 880 } else if (strcmp(*argv, "-dkeyform") == 0) {
902 } 881 if (--argc < 1)
903 else if (strcmp(*argv,"-dkeyform") == 0) 882 goto bad;
904 {
905 if (--argc < 1) goto bad;
906 s_dkey_format = str2fmt(*(++argv)); 883 s_dkey_format = str2fmt(*(++argv));
907 } 884 } else if (strcmp(*argv, "-dpass") == 0) {
908 else if (strcmp(*argv,"-dpass") == 0) 885 if (--argc < 1)
909 { 886 goto bad;
910 if (--argc < 1) goto bad;
911 dpassarg = *(++argv); 887 dpassarg = *(++argv);
912 } 888 } else if (strcmp(*argv, "-dkey") == 0) {
913 else if (strcmp(*argv,"-dkey") == 0) 889 if (--argc < 1)
914 { 890 goto bad;
915 if (--argc < 1) goto bad; 891 s_dkey_file = *(++argv);
916 s_dkey_file= *(++argv); 892 } else if (strcmp(*argv, "-nocert") == 0) {
917 } 893 nocert = 1;
918 else if (strcmp(*argv,"-nocert") == 0) 894 } else if (strcmp(*argv, "-CApath") == 0) {
919 { 895 if (--argc < 1)
920 nocert=1; 896 goto bad;
921 } 897 CApath = *(++argv);
922 else if (strcmp(*argv,"-CApath") == 0) 898 } else if (strcmp(*argv, "-no_cache") == 0)
923 {
924 if (--argc < 1) goto bad;
925 CApath= *(++argv);
926 }
927 else if (strcmp(*argv,"-no_cache") == 0)
928 no_cache = 1; 899 no_cache = 1;
929 else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) 900 else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
930 {
931 if (badarg) 901 if (badarg)
932 goto bad; 902 goto bad;
933 continue; 903 continue;
934 } 904 } else if (strcmp(*argv, "-verify_return_error") == 0)
935 else if (strcmp(*argv,"-verify_return_error") == 0)
936 verify_return_error = 1; 905 verify_return_error = 1;
937 else if (strcmp(*argv,"-serverpref") == 0) 906 else if (strcmp(*argv, "-serverpref") == 0) {
938 { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } 907 off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
939 else if (strcmp(*argv,"-legacy_renegotiation") == 0) 908 } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
940 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 909 off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
941 else if (strcmp(*argv,"-cipher") == 0) 910 else if (strcmp(*argv, "-cipher") == 0) {
942 { 911 if (--argc < 1)
943 if (--argc < 1) goto bad; 912 goto bad;
944 cipher= *(++argv); 913 cipher = *(++argv);
945 } 914 } else if (strcmp(*argv, "-CAfile") == 0) {
946 else if (strcmp(*argv,"-CAfile") == 0) 915 if (--argc < 1)
947 { 916 goto bad;
948 if (--argc < 1) goto bad; 917 CAfile = *(++argv);
949 CAfile= *(++argv); 918 }
950 } 919#ifdef FIONBIO
951#ifdef FIONBIO 920 else if (strcmp(*argv, "-nbio") == 0) {
952 else if (strcmp(*argv,"-nbio") == 0) 921 s_nbio = 1;
953 { s_nbio=1; } 922 }
954#endif 923#endif
955 else if (strcmp(*argv,"-nbio_test") == 0) 924 else if (strcmp(*argv, "-nbio_test") == 0) {
956 { 925#ifdef FIONBIO
957#ifdef FIONBIO 926 s_nbio = 1;
958 s_nbio=1;
959#endif 927#endif
960 s_nbio_test=1; 928 s_nbio_test = 1;
961 } 929 } else if (strcmp(*argv, "-debug") == 0) {
962 else if (strcmp(*argv,"-debug") == 0) 930 s_debug = 1;
963 { s_debug=1; } 931 }
964#ifndef OPENSSL_NO_TLSEXT 932#ifndef OPENSSL_NO_TLSEXT
965 else if (strcmp(*argv,"-tlsextdebug") == 0) 933 else if (strcmp(*argv, "-tlsextdebug") == 0)
966 s_tlsextdebug=1; 934 s_tlsextdebug = 1;
967 else if (strcmp(*argv,"-status") == 0) 935 else if (strcmp(*argv, "-status") == 0)
968 s_tlsextstatus=1; 936 s_tlsextstatus = 1;
969 else if (strcmp(*argv,"-status_verbose") == 0) 937 else if (strcmp(*argv, "-status_verbose") == 0) {
970 { 938 s_tlsextstatus = 1;
971 s_tlsextstatus=1;
972 tlscstatp.verbose = 1; 939 tlscstatp.verbose = 1;
973 } 940 } else if (!strcmp(*argv, "-status_timeout")) {
974 else if (!strcmp(*argv, "-status_timeout")) 941 s_tlsextstatus = 1;
975 { 942 if (--argc < 1)
976 s_tlsextstatus=1; 943 goto bad;
977 if (--argc < 1) goto bad;
978 tlscstatp.timeout = atoi(*(++argv)); 944 tlscstatp.timeout = atoi(*(++argv));
979 } 945 } else if (!strcmp(*argv, "-status_url")) {
980 else if (!strcmp(*argv, "-status_url")) 946 s_tlsextstatus = 1;
981 { 947 if (--argc < 1)
982 s_tlsextstatus=1; 948 goto bad;
983 if (--argc < 1) goto bad;
984 if (!OCSP_parse_url(*(++argv), 949 if (!OCSP_parse_url(*(++argv),
985 &tlscstatp.host, 950 &tlscstatp.host,
986 &tlscstatp.port, 951 &tlscstatp.port,
987 &tlscstatp.path, 952 &tlscstatp.path,
988 &tlscstatp.use_ssl)) 953 &tlscstatp.use_ssl)) {
989 {
990 BIO_printf(bio_err, "Error parsing URL\n"); 954 BIO_printf(bio_err, "Error parsing URL\n");
991 goto bad; 955 goto bad;
992 }
993 } 956 }
957 }
994#endif 958#endif
995 else if (strcmp(*argv,"-msg") == 0) 959 else if (strcmp(*argv, "-msg") == 0) {
996 { s_msg=1; } 960 s_msg = 1;
997 else if (strcmp(*argv,"-hack") == 0) 961 } else if (strcmp(*argv, "-hack") == 0) {
998 { hack=1; } 962 hack = 1;
999 else if (strcmp(*argv,"-state") == 0) 963 } else if (strcmp(*argv, "-state") == 0) {
1000 { state=1; } 964 state = 1;
1001 else if (strcmp(*argv,"-crlf") == 0) 965 } else if (strcmp(*argv, "-crlf") == 0) {
1002 { s_crlf=1; } 966 s_crlf = 1;
1003 else if (strcmp(*argv,"-quiet") == 0) 967 } else if (strcmp(*argv, "-quiet") == 0) {
1004 { s_quiet=1; } 968 s_quiet = 1;
1005 else if (strcmp(*argv,"-bugs") == 0) 969 } else if (strcmp(*argv, "-bugs") == 0) {
1006 { bugs=1; } 970 bugs = 1;
1007 else if (strcmp(*argv,"-no_tmp_rsa") == 0) 971 } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
1008 { no_tmp_rsa=1; } 972 no_tmp_rsa = 1;
1009 else if (strcmp(*argv,"-no_dhe") == 0) 973 } else if (strcmp(*argv, "-no_dhe") == 0) {
1010 { no_dhe=1; } 974 no_dhe = 1;
1011 else if (strcmp(*argv,"-no_ecdhe") == 0) 975 } else if (strcmp(*argv, "-no_ecdhe") == 0) {
1012 { no_ecdhe=1; } 976 no_ecdhe = 1;
977 }
1013#ifndef OPENSSL_NO_PSK 978#ifndef OPENSSL_NO_PSK
1014 else if (strcmp(*argv,"-psk_hint") == 0) 979 else if (strcmp(*argv, "-psk_hint") == 0) {
1015 { 980 if (--argc < 1)
1016 if (--argc < 1) goto bad; 981 goto bad;
1017 psk_identity_hint= *(++argv); 982 psk_identity_hint = *(++argv);
1018 } 983 } else if (strcmp(*argv, "-psk") == 0) {
1019 else if (strcmp(*argv,"-psk") == 0)
1020 {
1021 size_t i; 984 size_t i;
1022 985
1023 if (--argc < 1) goto bad; 986 if (--argc < 1)
1024 psk_key=*(++argv); 987 goto bad;
1025 for (i=0; i<strlen(psk_key); i++) 988 psk_key = *(++argv);
1026 { 989 for (i = 0; i < strlen(psk_key); i++) {
1027 if (isxdigit((unsigned char)psk_key[i])) 990 if (isxdigit((unsigned char) psk_key[i]))
1028 continue; 991 continue;
1029 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); 992 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1030 goto bad; 993 goto bad;
1031 }
1032 } 994 }
995 }
1033#endif 996#endif
1034#ifndef OPENSSL_NO_SRP 997#ifndef OPENSSL_NO_SRP
1035 else if (strcmp(*argv, "-srpvfile") == 0) 998 else if (strcmp(*argv, "-srpvfile") == 0) {
1036 { 999 if (--argc < 1)
1037 if (--argc < 1) goto bad; 1000 goto bad;
1038 srp_verifier_file = *(++argv); 1001 srp_verifier_file = *(++argv);
1039 meth = TLSv1_server_method(); 1002 meth = TLSv1_server_method();
1040 } 1003 } else if (strcmp(*argv, "-srpuserseed") == 0) {
1041 else if (strcmp(*argv, "-srpuserseed") == 0) 1004 if (--argc < 1)
1042 { 1005 goto bad;
1043 if (--argc < 1) goto bad;
1044 srpuserseed = *(++argv); 1006 srpuserseed = *(++argv);
1045 meth = TLSv1_server_method(); 1007 meth = TLSv1_server_method();
1046 } 1008 }
1047#endif 1009#endif
1048 else if (strcmp(*argv,"-www") == 0) 1010 else if (strcmp(*argv, "-www") == 0) {
1049 { www=1; } 1011 www = 1;
1050 else if (strcmp(*argv,"-WWW") == 0) 1012 } else if (strcmp(*argv, "-WWW") == 0) {
1051 { www=2; } 1013 www = 2;
1052 else if (strcmp(*argv,"-HTTP") == 0) 1014 } else if (strcmp(*argv, "-HTTP") == 0) {
1053 { www=3; } 1015 www = 3;
1054 else if (strcmp(*argv,"-no_ssl2") == 0) 1016 } else if (strcmp(*argv, "-no_ssl2") == 0) {
1055 { off|=SSL_OP_NO_SSLv2; } 1017 off |= SSL_OP_NO_SSLv2;
1056 else if (strcmp(*argv,"-no_ssl3") == 0) 1018 } else if (strcmp(*argv, "-no_ssl3") == 0) {
1057 { off|=SSL_OP_NO_SSLv3; } 1019 off |= SSL_OP_NO_SSLv3;
1058 else if (strcmp(*argv,"-no_tls1") == 0) 1020 } else if (strcmp(*argv, "-no_tls1") == 0) {
1059 { off|=SSL_OP_NO_TLSv1; } 1021 off |= SSL_OP_NO_TLSv1;
1060 else if (strcmp(*argv,"-no_tls1_1") == 0) 1022 } else if (strcmp(*argv, "-no_tls1_1") == 0) {
1061 { off|=SSL_OP_NO_TLSv1_1; } 1023 off |= SSL_OP_NO_TLSv1_1;
1062 else if (strcmp(*argv,"-no_tls1_2") == 0) 1024 } else if (strcmp(*argv, "-no_tls1_2") == 0) {
1063 { off|=SSL_OP_NO_TLSv1_2; } 1025 off |= SSL_OP_NO_TLSv1_2;
1064 else if (strcmp(*argv,"-no_comp") == 0) 1026 } else if (strcmp(*argv, "-no_comp") == 0) {
1065 { off|=SSL_OP_NO_COMPRESSION; } 1027 off |= SSL_OP_NO_COMPRESSION;
1028 }
1066#ifndef OPENSSL_NO_TLSEXT 1029#ifndef OPENSSL_NO_TLSEXT
1067 else if (strcmp(*argv,"-no_ticket") == 0) 1030 else if (strcmp(*argv, "-no_ticket") == 0) {
1068 { off|=SSL_OP_NO_TICKET; } 1031 off |= SSL_OP_NO_TICKET;
1069#endif 1032 }
1070 else if (strcmp(*argv,"-ssl3") == 0) 1033#endif
1071 { meth=SSLv3_server_method(); } 1034 else if (strcmp(*argv, "-ssl3") == 0) {
1072 else if (strcmp(*argv,"-tls1") == 0) 1035 meth = SSLv3_server_method();
1073 { meth=TLSv1_server_method(); } 1036 } else if (strcmp(*argv, "-tls1") == 0) {
1074 else if (strcmp(*argv,"-tls1_1") == 0) 1037 meth = TLSv1_server_method();
1075 { meth=TLSv1_1_server_method(); } 1038 } else if (strcmp(*argv, "-tls1_1") == 0) {
1076 else if (strcmp(*argv,"-tls1_2") == 0) 1039 meth = TLSv1_1_server_method();
1077 { meth=TLSv1_2_server_method(); } 1040 } else if (strcmp(*argv, "-tls1_2") == 0) {
1041 meth = TLSv1_2_server_method();
1042 }
1078#ifndef OPENSSL_NO_DTLS1 1043#ifndef OPENSSL_NO_DTLS1
1079 else if (strcmp(*argv,"-dtls1") == 0) 1044 else if (strcmp(*argv, "-dtls1") == 0) {
1080 { 1045 meth = DTLSv1_server_method();
1081 meth=DTLSv1_server_method();
1082 socket_type = SOCK_DGRAM; 1046 socket_type = SOCK_DGRAM;
1083 } 1047 } else if (strcmp(*argv, "-timeout") == 0)
1084 else if (strcmp(*argv,"-timeout") == 0)
1085 enable_timeouts = 1; 1048 enable_timeouts = 1;
1086 else if (strcmp(*argv,"-mtu") == 0) 1049 else if (strcmp(*argv, "-mtu") == 0) {
1087 { 1050 if (--argc < 1)
1088 if (--argc < 1) goto bad; 1051 goto bad;
1089 socket_mtu = atol(*(++argv)); 1052 socket_mtu = atol(*(++argv));
1090 } 1053 } else if (strcmp(*argv, "-chain") == 0)
1091 else if (strcmp(*argv, "-chain") == 0)
1092 cert_chain = 1; 1054 cert_chain = 1;
1093#endif 1055#endif
1094 else if (strcmp(*argv, "-id_prefix") == 0) 1056 else if (strcmp(*argv, "-id_prefix") == 0) {
1095 { 1057 if (--argc < 1)
1096 if (--argc < 1) goto bad; 1058 goto bad;
1097 session_id_prefix = *(++argv); 1059 session_id_prefix = *(++argv);
1098 } 1060 }
1099#ifndef OPENSSL_NO_ENGINE 1061#ifndef OPENSSL_NO_ENGINE
1100 else if (strcmp(*argv,"-engine") == 0) 1062 else if (strcmp(*argv, "-engine") == 0) {
1101 { 1063 if (--argc < 1)
1102 if (--argc < 1) goto bad; 1064 goto bad;
1103 engine_id= *(++argv); 1065 engine_id = *(++argv);
1104 } 1066 }
1105#endif 1067#endif
1106 else if (strcmp(*argv,"-rand") == 0) 1068 else if (strcmp(*argv, "-rand") == 0) {
1107 { 1069 if (--argc < 1)
1108 if (--argc < 1) goto bad; 1070 goto bad;
1109 inrand= *(++argv); 1071 inrand = *(++argv);
1110 } 1072 }
1111#ifndef OPENSSL_NO_TLSEXT 1073#ifndef OPENSSL_NO_TLSEXT
1112 else if (strcmp(*argv,"-servername") == 0) 1074 else if (strcmp(*argv, "-servername") == 0) {
1113 { 1075 if (--argc < 1)
1114 if (--argc < 1) goto bad; 1076 goto bad;
1115 tlsextcbp.servername= *(++argv); 1077 tlsextcbp.servername = *(++argv);
1116 } 1078 } else if (strcmp(*argv, "-servername_fatal") == 0) {
1117 else if (strcmp(*argv,"-servername_fatal") == 0) 1079 tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
1118 { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } 1080 } else if (strcmp(*argv, "-cert2") == 0) {
1119 else if (strcmp(*argv,"-cert2") == 0) 1081 if (--argc < 1)
1120 { 1082 goto bad;
1121 if (--argc < 1) goto bad; 1083 s_cert_file2 = *(++argv);
1122 s_cert_file2= *(++argv); 1084 } else if (strcmp(*argv, "-key2") == 0) {
1123 } 1085 if (--argc < 1)
1124 else if (strcmp(*argv,"-key2") == 0) 1086 goto bad;
1125 { 1087 s_key_file2 = *(++argv);
1126 if (--argc < 1) goto bad; 1088 }
1127 s_key_file2= *(++argv); 1089#ifndef OPENSSL_NO_NEXTPROTONEG
1128 } 1090 else if (strcmp(*argv, "-nextprotoneg") == 0) {
1129# ifndef OPENSSL_NO_NEXTPROTONEG 1091 if (--argc < 1)
1130 else if (strcmp(*argv,"-nextprotoneg") == 0) 1092 goto bad;
1131 {
1132 if (--argc < 1) goto bad;
1133 next_proto_neg_in = *(++argv); 1093 next_proto_neg_in = *(++argv);
1134 } 1094 }
1135# endif 1095#endif
1136#endif 1096#endif
1137#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1097#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1138 else if (strcmp(*argv,"-jpake") == 0) 1098 else if (strcmp(*argv, "-jpake") == 0) {
1139 { 1099 if (--argc < 1)
1140 if (--argc < 1) goto bad; 1100 goto bad;
1141 jpake_secret = *(++argv); 1101 jpake_secret = *(++argv);
1142 } 1102 }
1143#endif 1103#endif
1144#ifndef OPENSSL_NO_SRTP 1104#ifndef OPENSSL_NO_SRTP
1145 else if (strcmp(*argv,"-use_srtp") == 0) 1105 else if (strcmp(*argv, "-use_srtp") == 0) {
1146 { 1106 if (--argc < 1)
1147 if (--argc < 1) goto bad; 1107 goto bad;
1148 srtp_profiles = *(++argv); 1108 srtp_profiles = *(++argv);
1149 } 1109 }
1150#endif 1110#endif
1151 else if (strcmp(*argv,"-keymatexport") == 0) 1111 else if (strcmp(*argv, "-keymatexport") == 0) {
1152 { 1112 if (--argc < 1)
1153 if (--argc < 1) goto bad; 1113 goto bad;
1154 keymatexportlabel= *(++argv); 1114 keymatexportlabel = *(++argv);
1155 } 1115 } else if (strcmp(*argv, "-keymatexportlen") == 0) {
1156 else if (strcmp(*argv,"-keymatexportlen") == 0) 1116 if (--argc < 1)
1157 { 1117 goto bad;
1158 if (--argc < 1) goto bad; 1118 keymatexportlen = atoi(*(++argv));
1159 keymatexportlen=atoi(*(++argv)); 1119 if (keymatexportlen == 0)
1160 if (keymatexportlen == 0) goto bad; 1120 goto bad;
1161 } 1121 } else {
1162 else 1122 BIO_printf(bio_err, "unknown option %s\n", *argv);
1163 { 1123 badop = 1;
1164 BIO_printf(bio_err,"unknown option %s\n",*argv);
1165 badop=1;
1166 break; 1124 break;
1167 } 1125 }
1168 argc--; 1126 argc--;
1169 argv++; 1127 argv++;
1170 } 1128 }
1171 if (badop) 1129 if (badop) {
1172 {
1173bad: 1130bad:
1174 sv_usage(); 1131 sv_usage();
1175 goto end; 1132 goto end;
1176 } 1133 }
1177
1178#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1134#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1179 if (jpake_secret) 1135 if (jpake_secret) {
1180 { 1136 if (psk_key) {
1181 if (psk_key)
1182 {
1183 BIO_printf(bio_err, 1137 BIO_printf(bio_err,
1184 "Can't use JPAKE and PSK together\n"); 1138 "Can't use JPAKE and PSK together\n");
1185 goto end; 1139 goto end;
1186 } 1140 }
1187 psk_identity = "JPAKE"; 1141 psk_identity = "JPAKE";
1188 if (cipher) 1142 if (cipher) {
1189 {
1190 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); 1143 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
1191 goto end; 1144 goto end;
1192 }
1193 cipher = "PSK";
1194 } 1145 }
1195 1146 cipher = "PSK";
1147 }
1196#endif 1148#endif
1197 1149
1198 SSL_load_error_strings(); 1150 SSL_load_error_strings();
1199 OpenSSL_add_ssl_algorithms(); 1151 OpenSSL_add_ssl_algorithms();
1200 1152
1201#ifndef OPENSSL_NO_ENGINE 1153#ifndef OPENSSL_NO_ENGINE
1202 e = setup_engine(bio_err, engine_id, 1); 1154 e = setup_engine(bio_err, engine_id, 1);
1203#endif 1155#endif
1204 1156
1205 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) 1157 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
1206 {
1207 BIO_printf(bio_err, "Error getting password\n"); 1158 BIO_printf(bio_err, "Error getting password\n");
1208 goto end; 1159 goto end;
1209 } 1160 }
1210
1211
1212 if (s_key_file == NULL) 1161 if (s_key_file == NULL)
1213 s_key_file = s_cert_file; 1162 s_key_file = s_cert_file;
1214#ifndef OPENSSL_NO_TLSEXT 1163#ifndef OPENSSL_NO_TLSEXT
@@ -1216,162 +1165,138 @@ bad:
1216 s_key_file2 = s_cert_file2; 1165 s_key_file2 = s_cert_file2;
1217#endif 1166#endif
1218 1167
1219 if (nocert == 0) 1168 if (nocert == 0) {
1220 {
1221 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, 1169 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
1222 "server certificate private key file"); 1170 "server certificate private key file");
1223 if (!s_key) 1171 if (!s_key) {
1224 {
1225 ERR_print_errors(bio_err); 1172 ERR_print_errors(bio_err);
1226 goto end; 1173 goto end;
1227 } 1174 }
1228 1175 s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
1229 s_cert = load_cert(bio_err,s_cert_file,s_cert_format, 1176 NULL, e, "server certificate file");
1230 NULL, e, "server certificate file");
1231 1177
1232 if (!s_cert) 1178 if (!s_cert) {
1233 {
1234 ERR_print_errors(bio_err); 1179 ERR_print_errors(bio_err);
1235 goto end; 1180 goto end;
1236 } 1181 }
1237
1238#ifndef OPENSSL_NO_TLSEXT 1182#ifndef OPENSSL_NO_TLSEXT
1239 if (tlsextcbp.servername) 1183 if (tlsextcbp.servername) {
1240 {
1241 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, 1184 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
1242 "second server certificate private key file"); 1185 "second server certificate private key file");
1243 if (!s_key2) 1186 if (!s_key2) {
1244 {
1245 ERR_print_errors(bio_err); 1187 ERR_print_errors(bio_err);
1246 goto end; 1188 goto end;
1247 } 1189 }
1248 1190 s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
1249 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, 1191 NULL, e, "second server certificate file");
1250 NULL, e, "second server certificate file"); 1192
1251 1193 if (!s_cert2) {
1252 if (!s_cert2)
1253 {
1254 ERR_print_errors(bio_err); 1194 ERR_print_errors(bio_err);
1255 goto end; 1195 goto end;
1256 }
1257 } 1196 }
1258#endif
1259 } 1197 }
1260 1198#endif
1261#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 1199 }
1262 if (next_proto_neg_in) 1200#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
1263 { 1201 if (next_proto_neg_in) {
1264 unsigned short len; 1202 unsigned short len;
1265 next_proto.data = next_protos_parse(&len, next_proto_neg_in); 1203 next_proto.data = next_protos_parse(&len, next_proto_neg_in);
1266 if (next_proto.data == NULL) 1204 if (next_proto.data == NULL)
1267 goto end; 1205 goto end;
1268 next_proto.len = len; 1206 next_proto.len = len;
1269 } 1207 } else {
1270 else
1271 {
1272 next_proto.data = NULL; 1208 next_proto.data = NULL;
1273 } 1209 }
1274#endif 1210#endif
1275 1211
1276 1212
1277 if (s_dcert_file) 1213 if (s_dcert_file) {
1278 {
1279 1214
1280 if (s_dkey_file == NULL) 1215 if (s_dkey_file == NULL)
1281 s_dkey_file = s_dcert_file; 1216 s_dkey_file = s_dcert_file;
1282 1217
1283 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, 1218 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
1284 0, dpass, e, 1219 0, dpass, e,
1285 "second certificate private key file"); 1220 "second certificate private key file");
1286 if (!s_dkey) 1221 if (!s_dkey) {
1287 {
1288 ERR_print_errors(bio_err); 1222 ERR_print_errors(bio_err);
1289 goto end; 1223 goto end;
1290 } 1224 }
1291 1225 s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
1292 s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, 1226 NULL, e, "second server certificate file");
1293 NULL, e, "second server certificate file");
1294 1227
1295 if (!s_dcert) 1228 if (!s_dcert) {
1296 {
1297 ERR_print_errors(bio_err); 1229 ERR_print_errors(bio_err);
1298 goto end; 1230 goto end;
1299 }
1300
1301 } 1231 }
1302 1232 }
1303 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 1233 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1304 && !RAND_status()) 1234 && !RAND_status()) {
1305 { 1235 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
1306 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); 1236 }
1307 }
1308 if (inrand != NULL) 1237 if (inrand != NULL)
1309 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 1238 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1310 app_RAND_load_files(inrand)); 1239 app_RAND_load_files(inrand));
1311 1240
1312 if (bio_s_out == NULL) 1241 if (bio_s_out == NULL) {
1313 { 1242 if (s_quiet && !s_debug && !s_msg) {
1314 if (s_quiet && !s_debug && !s_msg) 1243 bio_s_out = BIO_new(BIO_s_null());
1315 { 1244 } else {
1316 bio_s_out=BIO_new(BIO_s_null());
1317 }
1318 else
1319 {
1320 if (bio_s_out == NULL) 1245 if (bio_s_out == NULL)
1321 bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); 1246 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1322 }
1323 } 1247 }
1324 1248 }
1325#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1249#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1326 if (nocert) 1250 if (nocert)
1327#endif 1251#endif
1328 { 1252 {
1329 s_cert_file=NULL; 1253 s_cert_file = NULL;
1330 s_key_file=NULL; 1254 s_key_file = NULL;
1331 s_dcert_file=NULL; 1255 s_dcert_file = NULL;
1332 s_dkey_file=NULL; 1256 s_dkey_file = NULL;
1333#ifndef OPENSSL_NO_TLSEXT 1257#ifndef OPENSSL_NO_TLSEXT
1334 s_cert_file2=NULL; 1258 s_cert_file2 = NULL;
1335 s_key_file2=NULL; 1259 s_key_file2 = NULL;
1336#endif 1260#endif
1337 } 1261 }
1338 1262 ctx = SSL_CTX_new(meth);
1339 ctx=SSL_CTX_new(meth); 1263 if (ctx == NULL) {
1340 if (ctx == NULL)
1341 {
1342 ERR_print_errors(bio_err); 1264 ERR_print_errors(bio_err);
1343 goto end; 1265 goto end;
1344 } 1266 }
1345 if (session_id_prefix) 1267 if (session_id_prefix) {
1346 { 1268 if (strlen(session_id_prefix) >= 32)
1347 if(strlen(session_id_prefix) >= 32)
1348 BIO_printf(bio_err, 1269 BIO_printf(bio_err,
1349"warning: id_prefix is too long, only one new session will be possible\n"); 1270 "warning: id_prefix is too long, only one new session will be possible\n");
1350 else if(strlen(session_id_prefix) >= 16) 1271 else if (strlen(session_id_prefix) >= 16)
1351 BIO_printf(bio_err, 1272 BIO_printf(bio_err,
1352"warning: id_prefix is too long if you use SSLv2\n"); 1273 "warning: id_prefix is too long if you use SSLv2\n");
1353 if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) 1274 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
1354 { 1275 BIO_printf(bio_err, "error setting 'id_prefix'\n");
1355 BIO_printf(bio_err,"error setting 'id_prefix'\n");
1356 ERR_print_errors(bio_err); 1276 ERR_print_errors(bio_err);
1357 goto end; 1277 goto end;
1358 }
1359 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
1360 } 1278 }
1361 SSL_CTX_set_quiet_shutdown(ctx,1); 1279 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1362 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 1280 }
1363 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 1281 SSL_CTX_set_quiet_shutdown(ctx, 1);
1364 SSL_CTX_set_options(ctx,off); 1282 if (bugs)
1365 /* DTLS: partial reads end up discarding unread UDP bytes :-( 1283 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1366 * Setting read ahead solves this problem. 1284 if (hack)
1285 SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1286 SSL_CTX_set_options(ctx, off);
1287 /*
1288 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
1289 * read ahead solves this problem.
1367 */ 1290 */
1368 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); 1291 if (socket_type == SOCK_DGRAM)
1292 SSL_CTX_set_read_ahead(ctx, 1);
1369 1293
1370 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 1294 if (state)
1295 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1371 if (no_cache) 1296 if (no_cache)
1372 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1297 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1373 else 1298 else
1374 SSL_CTX_sess_set_cache_size(ctx,128); 1299 SSL_CTX_sess_set_cache_size(ctx, 128);
1375 1300
1376#ifndef OPENSSL_NO_SRTP 1301#ifndef OPENSSL_NO_SRTP
1377 if (srtp_profiles != NULL) 1302 if (srtp_profiles != NULL)
@@ -1379,232 +1304,205 @@ bad:
1379#endif 1304#endif
1380 1305
1381#if 0 1306#if 0
1382 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 1307 if (cipher == NULL)
1308 cipher = getenv("SSL_CIPHER");
1383#endif 1309#endif
1384 1310
1385#if 0 1311#if 0
1386 if (s_cert_file == NULL) 1312 if (s_cert_file == NULL) {
1387 { 1313 BIO_printf(bio_err, "You must specify a certificate file for the server to use\n");
1388 BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
1389 goto end; 1314 goto end;
1390 } 1315 }
1391#endif 1316#endif
1392 1317
1393 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 1318 if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1394 (!SSL_CTX_set_default_verify_paths(ctx))) 1319 (!SSL_CTX_set_default_verify_paths(ctx))) {
1395 {
1396 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 1320 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1397 ERR_print_errors(bio_err); 1321 ERR_print_errors(bio_err);
1398 /* goto end; */ 1322 /* goto end; */
1399 } 1323 }
1400 if (vpm) 1324 if (vpm)
1401 SSL_CTX_set1_param(ctx, vpm); 1325 SSL_CTX_set1_param(ctx, vpm);
1402 1326
1403#ifndef OPENSSL_NO_TLSEXT 1327#ifndef OPENSSL_NO_TLSEXT
1404 if (s_cert2) 1328 if (s_cert2) {
1405 { 1329 ctx2 = SSL_CTX_new(meth);
1406 ctx2=SSL_CTX_new(meth); 1330 if (ctx2 == NULL) {
1407 if (ctx2 == NULL)
1408 {
1409 ERR_print_errors(bio_err); 1331 ERR_print_errors(bio_err);
1410 goto end; 1332 goto end;
1411 }
1412 } 1333 }
1413 1334 }
1414 if (ctx2) 1335 if (ctx2) {
1415 { 1336 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1416 BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); 1337
1417 1338 if (session_id_prefix) {
1418 if (session_id_prefix) 1339 if (strlen(session_id_prefix) >= 32)
1419 {
1420 if(strlen(session_id_prefix) >= 32)
1421 BIO_printf(bio_err, 1340 BIO_printf(bio_err,
1422 "warning: id_prefix is too long, only one new session will be possible\n"); 1341 "warning: id_prefix is too long, only one new session will be possible\n");
1423 else if(strlen(session_id_prefix) >= 16) 1342 else if (strlen(session_id_prefix) >= 16)
1424 BIO_printf(bio_err, 1343 BIO_printf(bio_err,
1425 "warning: id_prefix is too long if you use SSLv2\n"); 1344 "warning: id_prefix is too long if you use SSLv2\n");
1426 if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) 1345 if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
1427 { 1346 BIO_printf(bio_err, "error setting 'id_prefix'\n");
1428 BIO_printf(bio_err,"error setting 'id_prefix'\n");
1429 ERR_print_errors(bio_err); 1347 ERR_print_errors(bio_err);
1430 goto end; 1348 goto end;
1431 }
1432 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
1433 } 1349 }
1434 SSL_CTX_set_quiet_shutdown(ctx2,1); 1350 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1435 if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); 1351 }
1436 if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 1352 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1437 SSL_CTX_set_options(ctx2,off); 1353 if (bugs)
1438 /* DTLS: partial reads end up discarding unread UDP bytes :-( 1354 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1355 if (hack)
1356 SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1357 SSL_CTX_set_options(ctx2, off);
1358 /*
1359 * DTLS: partial reads end up discarding unread UDP bytes :-(
1439 * Setting read ahead solves this problem. 1360 * Setting read ahead solves this problem.
1440 */ 1361 */
1441 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); 1362 if (socket_type == SOCK_DGRAM)
1363 SSL_CTX_set_read_ahead(ctx2, 1);
1442 1364
1443 if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); 1365 if (state)
1366 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1444 1367
1445 if (no_cache) 1368 if (no_cache)
1446 SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); 1369 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1447 else 1370 else
1448 SSL_CTX_sess_set_cache_size(ctx2,128); 1371 SSL_CTX_sess_set_cache_size(ctx2, 128);
1449 1372
1450 if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || 1373 if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
1451 (!SSL_CTX_set_default_verify_paths(ctx2))) 1374 (!SSL_CTX_set_default_verify_paths(ctx2))) {
1452 {
1453 ERR_print_errors(bio_err); 1375 ERR_print_errors(bio_err);
1454 } 1376 }
1455 if (vpm) 1377 if (vpm)
1456 SSL_CTX_set1_param(ctx2, vpm); 1378 SSL_CTX_set1_param(ctx2, vpm);
1457 } 1379 }
1458 1380#ifndef OPENSSL_NO_NEXTPROTONEG
1459# ifndef OPENSSL_NO_NEXTPROTONEG
1460 if (next_proto.data) 1381 if (next_proto.data)
1461 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); 1382 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1462# endif 1383#endif
1463#endif 1384#endif
1464 1385
1465#ifndef OPENSSL_NO_DH 1386#ifndef OPENSSL_NO_DH
1466 if (!no_dhe) 1387 if (!no_dhe) {
1467 { 1388 DH *dh = NULL;
1468 DH *dh=NULL;
1469 1389
1470 if (dhfile) 1390 if (dhfile)
1471 dh = load_dh_param(dhfile); 1391 dh = load_dh_param(dhfile);
1472 else if (s_cert_file) 1392 else if (s_cert_file)
1473 dh = load_dh_param(s_cert_file); 1393 dh = load_dh_param(s_cert_file);
1474 1394
1475 if (dh != NULL) 1395 if (dh != NULL) {
1476 { 1396 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1477 BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 1397 } else {
1478 } 1398 BIO_printf(bio_s_out, "Using default temp DH parameters\n");
1479 else 1399 dh = get_dh512();
1480 { 1400 }
1481 BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 1401 (void) BIO_flush(bio_s_out);
1482 dh=get_dh512();
1483 }
1484 (void)BIO_flush(bio_s_out);
1485 1402
1486 SSL_CTX_set_tmp_dh(ctx,dh); 1403 SSL_CTX_set_tmp_dh(ctx, dh);
1487#ifndef OPENSSL_NO_TLSEXT 1404#ifndef OPENSSL_NO_TLSEXT
1488 if (ctx2) 1405 if (ctx2) {
1489 { 1406 if (!dhfile) {
1490 if (!dhfile) 1407 DH *dh2 = load_dh_param(s_cert_file2);
1491 { 1408 if (dh2 != NULL) {
1492 DH *dh2=load_dh_param(s_cert_file2); 1409 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1493 if (dh2 != NULL) 1410 (void) BIO_flush(bio_s_out);
1494 {
1495 BIO_printf(bio_s_out,"Setting temp DH parameters\n");
1496 (void)BIO_flush(bio_s_out);
1497 1411
1498 DH_free(dh); 1412 DH_free(dh);
1499 dh = dh2; 1413 dh = dh2;
1500 }
1501 } 1414 }
1502 SSL_CTX_set_tmp_dh(ctx2,dh);
1503 } 1415 }
1416 SSL_CTX_set_tmp_dh(ctx2, dh);
1417 }
1504#endif 1418#endif
1505 DH_free(dh); 1419 DH_free(dh);
1506 } 1420 }
1507#endif 1421#endif
1508 1422
1509#ifndef OPENSSL_NO_ECDH 1423#ifndef OPENSSL_NO_ECDH
1510 if (!no_ecdhe) 1424 if (!no_ecdhe) {
1511 { 1425 EC_KEY *ecdh = NULL;
1512 EC_KEY *ecdh=NULL;
1513 1426
1514 if (named_curve) 1427 if (named_curve) {
1515 {
1516 int nid = OBJ_sn2nid(named_curve); 1428 int nid = OBJ_sn2nid(named_curve);
1517 1429
1518 if (nid == 0) 1430 if (nid == 0) {
1519 { 1431 BIO_printf(bio_err, "unknown curve name (%s)\n",
1520 BIO_printf(bio_err, "unknown curve name (%s)\n", 1432 named_curve);
1521 named_curve);
1522 goto end; 1433 goto end;
1523 } 1434 }
1524 ecdh = EC_KEY_new_by_curve_name(nid); 1435 ecdh = EC_KEY_new_by_curve_name(nid);
1525 if (ecdh == NULL) 1436 if (ecdh == NULL) {
1526 { 1437 BIO_printf(bio_err, "unable to create curve (%s)\n",
1527 BIO_printf(bio_err, "unable to create curve (%s)\n", 1438 named_curve);
1528 named_curve);
1529 goto end; 1439 goto end;
1530 }
1531 } 1440 }
1532 1441 }
1533 if (ecdh != NULL) 1442 if (ecdh != NULL) {
1534 { 1443 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
1535 BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); 1444 } else {
1536 } 1445 BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
1537 else
1538 {
1539 BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
1540 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1446 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1541 if (ecdh == NULL) 1447 if (ecdh == NULL) {
1542 {
1543 BIO_printf(bio_err, "unable to create curve (nistp256)\n"); 1448 BIO_printf(bio_err, "unable to create curve (nistp256)\n");
1544 goto end; 1449 goto end;
1545 }
1546 } 1450 }
1547 (void)BIO_flush(bio_s_out); 1451 }
1452 (void) BIO_flush(bio_s_out);
1548 1453
1549 SSL_CTX_set_tmp_ecdh(ctx,ecdh); 1454 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1550#ifndef OPENSSL_NO_TLSEXT 1455#ifndef OPENSSL_NO_TLSEXT
1551 if (ctx2) 1456 if (ctx2)
1552 SSL_CTX_set_tmp_ecdh(ctx2,ecdh); 1457 SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
1553#endif 1458#endif
1554 EC_KEY_free(ecdh); 1459 EC_KEY_free(ecdh);
1555 } 1460 }
1556#endif 1461#endif
1557 1462
1558 if (!set_cert_key_stuff(ctx, s_cert, s_key)) 1463 if (!set_cert_key_stuff(ctx, s_cert, s_key))
1559 goto end; 1464 goto end;
1560#ifndef OPENSSL_NO_TLSEXT 1465#ifndef OPENSSL_NO_TLSEXT
1561 if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) 1466 if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
1562 goto end; 1467 goto end;
1563#endif 1468#endif
1564 if (s_dcert != NULL) 1469 if (s_dcert != NULL) {
1565 {
1566 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) 1470 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1567 goto end; 1471 goto end;
1568 } 1472 }
1569
1570#ifndef OPENSSL_NO_RSA 1473#ifndef OPENSSL_NO_RSA
1571#if 1 1474#if 1
1572 if (!no_tmp_rsa) 1475 if (!no_tmp_rsa) {
1573 { 1476 SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
1574 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
1575#ifndef OPENSSL_NO_TLSEXT 1477#ifndef OPENSSL_NO_TLSEXT
1576 if (ctx2) 1478 if (ctx2)
1577 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); 1479 SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
1578#endif 1480#endif
1579 } 1481 }
1580#else 1482#else
1581 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 1483 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
1582 {
1583 RSA *rsa; 1484 RSA *rsa;
1584 1485
1585 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); 1486 BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
1586 BIO_flush(bio_s_out); 1487 BIO_flush(bio_s_out);
1587 1488
1588 rsa=RSA_generate_key(512,RSA_F4,NULL); 1489 rsa = RSA_generate_key(512, RSA_F4, NULL);
1589 1490
1590 if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) 1491 if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
1591 {
1592 ERR_print_errors(bio_err); 1492 ERR_print_errors(bio_err);
1593 goto end; 1493 goto end;
1594 } 1494 }
1595#ifndef OPENSSL_NO_TLSEXT 1495#ifndef OPENSSL_NO_TLSEXT
1596 if (ctx2) 1496 if (ctx2) {
1597 { 1497 if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
1598 if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) 1498 ERR_print_errors(bio_err);
1599 { 1499 goto end;
1600 ERR_print_errors(bio_err); 1500 }
1601 goto end; 1501 }
1602 }
1603 }
1604#endif 1502#endif
1605 RSA_free(rsa); 1503 RSA_free(rsa);
1606 BIO_printf(bio_s_out,"\n"); 1504 BIO_printf(bio_s_out, "\n");
1607 } 1505 }
1608#endif 1506#endif
1609#endif 1507#endif
1610 1508
@@ -1614,98 +1512,88 @@ bad:
1614#else 1512#else
1615 if (psk_key != NULL || jpake_secret) 1513 if (psk_key != NULL || jpake_secret)
1616#endif 1514#endif
1617 { 1515 {
1618 if (s_debug) 1516 if (s_debug)
1619 BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); 1517 BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
1620 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); 1518 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
1621 } 1519 }
1622 1520 if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
1623 if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) 1521 BIO_printf(bio_err, "error setting PSK identity hint to context\n");
1624 {
1625 BIO_printf(bio_err,"error setting PSK identity hint to context\n");
1626 ERR_print_errors(bio_err); 1522 ERR_print_errors(bio_err);
1627 goto end; 1523 goto end;
1628 } 1524 }
1629#endif 1525#endif
1630 1526
1631 if (cipher != NULL) 1527 if (cipher != NULL) {
1632 { 1528 if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1633 if(!SSL_CTX_set_cipher_list(ctx,cipher)) 1529 BIO_printf(bio_err, "error setting cipher list\n");
1634 {
1635 BIO_printf(bio_err,"error setting cipher list\n");
1636 ERR_print_errors(bio_err); 1530 ERR_print_errors(bio_err);
1637 goto end; 1531 goto end;
1638 } 1532 }
1639#ifndef OPENSSL_NO_TLSEXT 1533#ifndef OPENSSL_NO_TLSEXT
1640 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) 1534 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
1641 { 1535 BIO_printf(bio_err, "error setting cipher list\n");
1642 BIO_printf(bio_err,"error setting cipher list\n");
1643 ERR_print_errors(bio_err); 1536 ERR_print_errors(bio_err);
1644 goto end; 1537 goto end;
1645 }
1646#endif
1647 } 1538 }
1648 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 1539#endif
1649 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, 1540 }
1650 sizeof s_server_session_id_context); 1541 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
1542 SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context,
1543 sizeof s_server_session_id_context);
1651 1544
1652 /* Set DTLS cookie generation and verification callbacks */ 1545 /* Set DTLS cookie generation and verification callbacks */
1653 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 1546 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1654 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 1547 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1655 1548
1656#ifndef OPENSSL_NO_TLSEXT 1549#ifndef OPENSSL_NO_TLSEXT
1657 if (ctx2) 1550 if (ctx2) {
1658 { 1551 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
1659 SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); 1552 SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context,
1660 SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, 1553 sizeof s_server_session_id_context);
1661 sizeof s_server_session_id_context);
1662 1554
1663 tlsextcbp.biodebug = bio_s_out; 1555 tlsextcbp.biodebug = bio_s_out;
1664 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1556 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1665 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); 1557 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1666 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1558 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1667 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1559 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1668 } 1560 }
1669#endif 1561#endif
1670 1562
1671#ifndef OPENSSL_NO_SRP 1563#ifndef OPENSSL_NO_SRP
1672 if (srp_verifier_file != NULL) 1564 if (srp_verifier_file != NULL) {
1673 {
1674 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); 1565 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
1675 srp_callback_parm.user = NULL; 1566 srp_callback_parm.user = NULL;
1676 srp_callback_parm.login = NULL; 1567 srp_callback_parm.login = NULL;
1677 if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) 1568 if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
1678 {
1679 BIO_printf(bio_err, 1569 BIO_printf(bio_err,
1680 "Cannot initialize SRP verifier file \"%s\":ret=%d\n", 1570 "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
1681 srp_verifier_file, ret); 1571 srp_verifier_file, ret);
1682 goto end; 1572 goto end;
1683 }
1684 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback);
1685 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1686 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1687 } 1573 }
1688 else 1574 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
1575 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1576 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1577 } else
1689#endif 1578#endif
1690 if (CAfile != NULL) 1579 if (CAfile != NULL) {
1691 { 1580 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1692 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
1693#ifndef OPENSSL_NO_TLSEXT 1581#ifndef OPENSSL_NO_TLSEXT
1694 if (ctx2) 1582 if (ctx2)
1695 SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); 1583 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
1696#endif 1584#endif
1697 } 1585 }
1698 1586 BIO_printf(bio_s_out, "ACCEPT\n");
1699 BIO_printf(bio_s_out,"ACCEPT\n"); 1587 (void) BIO_flush(bio_s_out);
1700 (void)BIO_flush(bio_s_out);
1701 if (www) 1588 if (www)
1702 do_server(port,socket_type,&accept_socket,www_body, context); 1589 do_server(port, socket_type, &accept_socket, www_body, context);
1703 else 1590 else
1704 do_server(port,socket_type,&accept_socket,sv_body, context); 1591 do_server(port, socket_type, &accept_socket, sv_body, context);
1705 print_stats(bio_s_out,ctx); 1592 print_stats(bio_s_out, ctx);
1706 ret=0; 1593 ret = 0;
1707end: 1594end:
1708 if (ctx != NULL) SSL_CTX_free(ctx); 1595 if (ctx != NULL)
1596 SSL_CTX_free(ctx);
1709 if (s_cert) 1597 if (s_cert)
1710 X509_free(s_cert); 1598 X509_free(s_cert);
1711 if (s_dcert) 1599 if (s_dcert)
@@ -1727,54 +1615,56 @@ end:
1727 free(tlscstatp.port); 1615 free(tlscstatp.port);
1728 if (tlscstatp.path) 1616 if (tlscstatp.path)
1729 free(tlscstatp.path); 1617 free(tlscstatp.path);
1730 if (ctx2 != NULL) SSL_CTX_free(ctx2); 1618 if (ctx2 != NULL)
1619 SSL_CTX_free(ctx2);
1731 if (s_cert2) 1620 if (s_cert2)
1732 X509_free(s_cert2); 1621 X509_free(s_cert2);
1733 if (s_key2) 1622 if (s_key2)
1734 EVP_PKEY_free(s_key2); 1623 EVP_PKEY_free(s_key2);
1735#endif 1624#endif
1736 if (bio_s_out != NULL) 1625 if (bio_s_out != NULL) {
1737 { 1626 BIO_free(bio_s_out);
1738 BIO_free(bio_s_out); 1627 bio_s_out = NULL;
1739 bio_s_out=NULL;
1740 }
1741 apps_shutdown();
1742 return(ret);
1743 } 1628 }
1629 apps_shutdown();
1630 return (ret);
1631}
1744 1632
1745static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 1633static void
1746 { 1634print_stats(BIO * bio, SSL_CTX * ssl_ctx)
1747 BIO_printf(bio,"%4ld items in the session cache\n", 1635{
1748 SSL_CTX_sess_number(ssl_ctx)); 1636 BIO_printf(bio, "%4ld items in the session cache\n",
1749 BIO_printf(bio,"%4ld client connects (SSL_connect())\n", 1637 SSL_CTX_sess_number(ssl_ctx));
1750 SSL_CTX_sess_connect(ssl_ctx)); 1638 BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
1751 BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", 1639 SSL_CTX_sess_connect(ssl_ctx));
1752 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 1640 BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
1753 BIO_printf(bio,"%4ld client connects that finished\n", 1641 SSL_CTX_sess_connect_renegotiate(ssl_ctx));
1754 SSL_CTX_sess_connect_good(ssl_ctx)); 1642 BIO_printf(bio, "%4ld client connects that finished\n",
1755 BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", 1643 SSL_CTX_sess_connect_good(ssl_ctx));
1756 SSL_CTX_sess_accept(ssl_ctx)); 1644 BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
1757 BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", 1645 SSL_CTX_sess_accept(ssl_ctx));
1758 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 1646 BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
1759 BIO_printf(bio,"%4ld server accepts that finished\n", 1647 SSL_CTX_sess_accept_renegotiate(ssl_ctx));
1760 SSL_CTX_sess_accept_good(ssl_ctx)); 1648 BIO_printf(bio, "%4ld server accepts that finished\n",
1761 BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 1649 SSL_CTX_sess_accept_good(ssl_ctx));
1762 BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 1650 BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
1763 BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 1651 BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx));
1764 BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 1652 BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx));
1765 BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", 1653 BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx));
1766 SSL_CTX_sess_cache_full(ssl_ctx), 1654 BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
1767 SSL_CTX_sess_get_cache_size(ssl_ctx)); 1655 SSL_CTX_sess_cache_full(ssl_ctx),
1768 } 1656 SSL_CTX_sess_get_cache_size(ssl_ctx));
1769 1657}
1770static int sv_body(char *hostname, int s, unsigned char *context) 1658
1771 { 1659static int
1772 char *buf=NULL; 1660sv_body(char *hostname, int s, unsigned char *context)
1661{
1662 char *buf = NULL;
1773 fd_set readfds; 1663 fd_set readfds;
1774 int ret=1,width; 1664 int ret = 1, width;
1775 int k,i; 1665 int k, i;
1776 unsigned long l; 1666 unsigned long l;
1777 SSL *con=NULL; 1667 SSL *con = NULL;
1778 BIO *sbio; 1668 BIO *sbio;
1779#ifndef OPENSSL_NO_KRB5 1669#ifndef OPENSSL_NO_KRB5
1780 KSSL_CTX *kctx; 1670 KSSL_CTX *kctx;
@@ -1782,49 +1672,44 @@ static int sv_body(char *hostname, int s, unsigned char *context)
1782 struct timeval timeout; 1672 struct timeval timeout;
1783 struct timeval *timeoutp; 1673 struct timeval *timeoutp;
1784 1674
1785 if ((buf=malloc(bufsize)) == NULL) 1675 if ((buf = malloc(bufsize)) == NULL) {
1786 { 1676 BIO_printf(bio_err, "out of memory\n");
1787 BIO_printf(bio_err,"out of memory\n");
1788 goto err; 1677 goto err;
1789 } 1678 }
1790#ifdef FIONBIO 1679#ifdef FIONBIO
1791 if (s_nbio) 1680 if (s_nbio) {
1792 { 1681 unsigned long sl = 1;
1793 unsigned long sl=1;
1794 1682
1795 if (!s_quiet) 1683 if (!s_quiet)
1796 BIO_printf(bio_err,"turning on non blocking io\n"); 1684 BIO_printf(bio_err, "turning on non blocking io\n");
1797 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 1685 if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
1798 ERR_print_errors(bio_err); 1686 ERR_print_errors(bio_err);
1799 } 1687 }
1800#endif 1688#endif
1801 1689
1802 if (con == NULL) { 1690 if (con == NULL) {
1803 con=SSL_new(ctx); 1691 con = SSL_new(ctx);
1804#ifndef OPENSSL_NO_TLSEXT 1692#ifndef OPENSSL_NO_TLSEXT
1805 if (s_tlsextdebug) 1693 if (s_tlsextdebug) {
1806 { 1694 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1807 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1695 SSL_set_tlsext_debug_arg(con, bio_s_out);
1808 SSL_set_tlsext_debug_arg(con, bio_s_out);
1809 } 1696 }
1810 if (s_tlsextstatus) 1697 if (s_tlsextstatus) {
1811 { 1698 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1812 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 1699 tlscstatp.err = bio_err;
1813 tlscstatp.err = bio_err; 1700 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1814 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1815 } 1701 }
1816#endif 1702#endif
1817#ifndef OPENSSL_NO_KRB5 1703#ifndef OPENSSL_NO_KRB5
1818 if ((kctx = kssl_ctx_new()) != NULL) 1704 if ((kctx = kssl_ctx_new()) != NULL) {
1819 {
1820 SSL_set0_kssl_ctx(con, kctx); 1705 SSL_set0_kssl_ctx(con, kctx);
1821 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 1706 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
1822 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 1707 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
1823 } 1708 }
1824#endif /* OPENSSL_NO_KRB5 */ 1709#endif /* OPENSSL_NO_KRB5 */
1825 if(context) 1710 if (context)
1826 SSL_set_session_id_context(con, context, 1711 SSL_set_session_id_context(con, context,
1827 strlen((char *)context)); 1712 strlen((char *) context));
1828 } 1713 }
1829 SSL_clear(con); 1714 SSL_clear(con);
1830#if 0 1715#if 0
@@ -1833,329 +1718,309 @@ static int sv_body(char *hostname, int s, unsigned char *context)
1833#endif 1718#endif
1834#endif 1719#endif
1835 1720
1836 if (SSL_version(con) == DTLS1_VERSION) 1721 if (SSL_version(con) == DTLS1_VERSION) {
1837 {
1838 1722
1839 sbio=BIO_new_dgram(s,BIO_NOCLOSE); 1723 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1840 1724
1841 if (enable_timeouts) 1725 if (enable_timeouts) {
1842 {
1843 timeout.tv_sec = 0; 1726 timeout.tv_sec = 0;
1844 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1727 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1845 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 1728 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1846 1729
1847 timeout.tv_sec = 0; 1730 timeout.tv_sec = 0;
1848 timeout.tv_usec = DGRAM_SND_TIMEOUT; 1731 timeout.tv_usec = DGRAM_SND_TIMEOUT;
1849 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 1732 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1850 } 1733 }
1851 1734 if (socket_mtu > 28) {
1852 if (socket_mtu > 28)
1853 {
1854 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1735 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1855 SSL_set_mtu(con, socket_mtu - 28); 1736 SSL_set_mtu(con, socket_mtu - 28);
1856 } 1737 } else
1857 else
1858 /* want to do MTU discovery */ 1738 /* want to do MTU discovery */
1859 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1739 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1860 1740
1861 /* turn on cookie exchange */ 1741 /* turn on cookie exchange */
1862 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 1742 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
1863 } 1743 } else
1864 else 1744 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1865 sbio=BIO_new_socket(s,BIO_NOCLOSE);
1866 1745
1867 if (s_nbio_test) 1746 if (s_nbio_test) {
1868 {
1869 BIO *test; 1747 BIO *test;
1870 1748
1871 test=BIO_new(BIO_f_nbio_test()); 1749 test = BIO_new(BIO_f_nbio_test());
1872 sbio=BIO_push(test,sbio); 1750 sbio = BIO_push(test, sbio);
1873 } 1751 }
1874#ifndef OPENSSL_NO_JPAKE 1752#ifndef OPENSSL_NO_JPAKE
1875 if(jpake_secret) 1753 if (jpake_secret)
1876 jpake_server_auth(bio_s_out, sbio, jpake_secret); 1754 jpake_server_auth(bio_s_out, sbio, jpake_secret);
1877#endif 1755#endif
1878 1756
1879 SSL_set_bio(con,sbio,sbio); 1757 SSL_set_bio(con, sbio, sbio);
1880 SSL_set_accept_state(con); 1758 SSL_set_accept_state(con);
1881 /* SSL_set_fd(con,s); */ 1759 /* SSL_set_fd(con,s); */
1882 1760
1883 if (s_debug) 1761 if (s_debug) {
1884 {
1885 SSL_set_debug(con, 1); 1762 SSL_set_debug(con, 1);
1886 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 1763 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1887 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 1764 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1888 } 1765 }
1889 if (s_msg) 1766 if (s_msg) {
1890 {
1891 SSL_set_msg_callback(con, msg_cb); 1767 SSL_set_msg_callback(con, msg_cb);
1892 SSL_set_msg_callback_arg(con, bio_s_out); 1768 SSL_set_msg_callback_arg(con, bio_s_out);
1893 } 1769 }
1894#ifndef OPENSSL_NO_TLSEXT 1770#ifndef OPENSSL_NO_TLSEXT
1895 if (s_tlsextdebug) 1771 if (s_tlsextdebug) {
1896 {
1897 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1772 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1898 SSL_set_tlsext_debug_arg(con, bio_s_out); 1773 SSL_set_tlsext_debug_arg(con, bio_s_out);
1899 } 1774 }
1900#endif 1775#endif
1901 1776
1902 width=s+1; 1777 width = s + 1;
1903 for (;;) 1778 for (;;) {
1904 {
1905 int read_from_terminal; 1779 int read_from_terminal;
1906 int read_from_sslcon; 1780 int read_from_sslcon;
1907 1781
1908 read_from_terminal = 0; 1782 read_from_terminal = 0;
1909 read_from_sslcon = SSL_pending(con); 1783 read_from_sslcon = SSL_pending(con);
1910 1784
1911 if (!read_from_sslcon) 1785 if (!read_from_sslcon) {
1912 {
1913 FD_ZERO(&readfds); 1786 FD_ZERO(&readfds);
1914 openssl_fdset(fileno(stdin),&readfds); 1787 openssl_fdset(fileno(stdin), &readfds);
1915 openssl_fdset(s,&readfds); 1788 openssl_fdset(s, &readfds);
1916 /* Note: under VMS with SOCKETSHR the second parameter is 1789 /*
1917 * currently of type (int *) whereas under other systems 1790 * Note: under VMS with SOCKETSHR the second
1918 * it is (void *) if you don't have a cast it will choke 1791 * parameter is currently of type (int *) whereas
1919 * the compiler: if you do have a cast then you can either 1792 * under other systems it is (void *) if you don't
1920 * go for (int *) or (void *). 1793 * have a cast it will choke the compiler: if you do
1794 * have a cast then you can either go for (int *) or
1795 * (void *).
1921 */ 1796 */
1922 if ((SSL_version(con) == DTLS1_VERSION) && 1797 if ((SSL_version(con) == DTLS1_VERSION) &&
1923 DTLSv1_get_timeout(con, &timeout)) 1798 DTLSv1_get_timeout(con, &timeout))
1924 timeoutp = &timeout; 1799 timeoutp = &timeout;
1925 else 1800 else
1926 timeoutp = NULL; 1801 timeoutp = NULL;
1927 1802
1928 i=select(width,(void *)&readfds,NULL,NULL,timeoutp); 1803 i = select(width, (void *) &readfds, NULL, NULL, timeoutp);
1929 1804
1930 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) 1805 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
1931 { 1806 BIO_printf(bio_err, "TIMEOUT occured\n");
1932 BIO_printf(bio_err,"TIMEOUT occured\n"); 1807 }
1933 } 1808 if (i <= 0)
1934 1809 continue;
1935 if (i <= 0) continue; 1810 if (FD_ISSET(fileno(stdin), &readfds))
1936 if (FD_ISSET(fileno(stdin),&readfds))
1937 read_from_terminal = 1; 1811 read_from_terminal = 1;
1938 if (FD_ISSET(s,&readfds)) 1812 if (FD_ISSET(s, &readfds))
1939 read_from_sslcon = 1; 1813 read_from_sslcon = 1;
1940 } 1814 }
1941 if (read_from_terminal) 1815 if (read_from_terminal) {
1942 { 1816 if (s_crlf) {
1943 if (s_crlf)
1944 {
1945 int j, lf_num; 1817 int j, lf_num;
1946 1818
1947 i=raw_read_stdin(buf, bufsize/2); 1819 i = raw_read_stdin(buf, bufsize / 2);
1948 lf_num = 0; 1820 lf_num = 0;
1949 /* both loops are skipped when i <= 0 */ 1821 /* both loops are skipped when i <= 0 */
1950 for (j = 0; j < i; j++) 1822 for (j = 0; j < i; j++)
1951 if (buf[j] == '\n') 1823 if (buf[j] == '\n')
1952 lf_num++; 1824 lf_num++;
1953 for (j = i-1; j >= 0; j--) 1825 for (j = i - 1; j >= 0; j--) {
1954 { 1826 buf[j + lf_num] = buf[j];
1955 buf[j+lf_num] = buf[j]; 1827 if (buf[j] == '\n') {
1956 if (buf[j] == '\n')
1957 {
1958 lf_num--; 1828 lf_num--;
1959 i++; 1829 i++;
1960 buf[j+lf_num] = '\r'; 1830 buf[j + lf_num] = '\r';
1961 }
1962 } 1831 }
1963 assert(lf_num == 0);
1964 } 1832 }
1965 else 1833 assert(lf_num == 0);
1966 i=raw_read_stdin(buf,bufsize); 1834 } else
1967 if (!s_quiet) 1835 i = raw_read_stdin(buf, bufsize);
1968 { 1836 if (!s_quiet) {
1969 if ((i <= 0) || (buf[0] == 'Q')) 1837 if ((i <= 0) || (buf[0] == 'Q')) {
1970 { 1838 BIO_printf(bio_s_out, "DONE\n");
1971 BIO_printf(bio_s_out,"DONE\n");
1972 shutdown(s, SHUT_RD); 1839 shutdown(s, SHUT_RD);
1973 close(s); 1840 close(s);
1974 close_accept_socket(); 1841 close_accept_socket();
1975 ret= -11; 1842 ret = -11;
1976 goto err; 1843 goto err;
1977 } 1844 }
1978 if ((i <= 0) || (buf[0] == 'q')) 1845 if ((i <= 0) || (buf[0] == 'q')) {
1979 { 1846 BIO_printf(bio_s_out, "DONE\n");
1980 BIO_printf(bio_s_out,"DONE\n");
1981 if (SSL_version(con) != DTLS1_VERSION) { 1847 if (SSL_version(con) != DTLS1_VERSION) {
1982 shutdown(s, SHUT_RD); 1848 shutdown(s, SHUT_RD);
1983 close(s); 1849 close(s);
1984 } 1850 }
1985 /* close_accept_socket(); 1851 /*
1986 ret= -11;*/ 1852 * close_accept_socket(); ret= -11;
1853 */
1987 goto err; 1854 goto err;
1988 } 1855 }
1989 if ((buf[0] == 'r') && 1856 if ((buf[0] == 'r') &&
1990 ((buf[1] == '\n') || (buf[1] == '\r'))) 1857 ((buf[1] == '\n') || (buf[1] == '\r'))) {
1991 {
1992 SSL_renegotiate(con); 1858 SSL_renegotiate(con);
1993 i=SSL_do_handshake(con); 1859 i = SSL_do_handshake(con);
1994 printf("SSL_do_handshake -> %d\n",i); 1860 printf("SSL_do_handshake -> %d\n", i);
1995 i=0; /*13; */ 1861 i = 0; /* 13; */
1996 continue; 1862 continue;
1997 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 1863 /*
1998 } 1864 * strcpy(buf,"server side
1865 * RE-NEGOTIATE\n");
1866 */
1867 }
1999 if ((buf[0] == 'R') && 1868 if ((buf[0] == 'R') &&
2000 ((buf[1] == '\n') || (buf[1] == '\r'))) 1869 ((buf[1] == '\n') || (buf[1] == '\r'))) {
2001 {
2002 SSL_set_verify(con, 1870 SSL_set_verify(con,
2003 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 1871 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
2004 SSL_renegotiate(con); 1872 SSL_renegotiate(con);
2005 i=SSL_do_handshake(con); 1873 i = SSL_do_handshake(con);
2006 printf("SSL_do_handshake -> %d\n",i); 1874 printf("SSL_do_handshake -> %d\n", i);
2007 i=0; /* 13; */ 1875 i = 0; /* 13; */
2008 continue; 1876 continue;
2009 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 1877 /*
2010 } 1878 * strcpy(buf,"server side
2011 if (buf[0] == 'P') 1879 * RE-NEGOTIATE asking for client
2012 { 1880 * cert\n");
2013 static const char *str="Lets print some clear text\n"; 1881 */
2014 BIO_write(SSL_get_wbio(con),str,strlen(str));
2015 }
2016 if (buf[0] == 'S')
2017 {
2018 print_stats(bio_s_out,SSL_get_SSL_CTX(con));
2019 }
2020 } 1882 }
2021 l=k=0; 1883 if (buf[0] == 'P') {
2022 for (;;) 1884 static const char *str = "Lets print some clear text\n";
2023 { 1885 BIO_write(SSL_get_wbio(con), str, strlen(str));
1886 }
1887 if (buf[0] == 'S') {
1888 print_stats(bio_s_out, SSL_get_SSL_CTX(con));
1889 }
1890 }
1891 l = k = 0;
1892 for (;;) {
2024 /* should do a select for the write */ 1893 /* should do a select for the write */
2025#ifdef RENEG 1894#ifdef RENEG
2026{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 1895 {
1896 static count = 0;
1897 if (++count == 100) {
1898 count = 0;
1899 SSL_renegotiate(con);
1900 }
1901 }
2027#endif 1902#endif
2028 k=SSL_write(con,&(buf[l]),(unsigned int)i); 1903 k = SSL_write(con, &(buf[l]), (unsigned int) i);
2029#ifndef OPENSSL_NO_SRP 1904#ifndef OPENSSL_NO_SRP
2030 while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP) 1905 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
2031 { 1906 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
2032 BIO_printf(bio_s_out,"LOOKUP renego during write\n"); 1907 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2033 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 1908 if (srp_callback_parm.user)
2034 if (srp_callback_parm.user) 1909 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2035 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 1910 else
2036 else 1911 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2037 BIO_printf(bio_s_out,"LOOKUP not successful\n"); 1912 k = SSL_write(con, &(buf[l]), (unsigned int) i);
2038 k=SSL_write(con,&(buf[l]),(unsigned int)i); 1913 }
2039 }
2040#endif 1914#endif
2041 switch (SSL_get_error(con,k)) 1915 switch (SSL_get_error(con, k)) {
2042 {
2043 case SSL_ERROR_NONE: 1916 case SSL_ERROR_NONE:
2044 break; 1917 break;
2045 case SSL_ERROR_WANT_WRITE: 1918 case SSL_ERROR_WANT_WRITE:
2046 case SSL_ERROR_WANT_READ: 1919 case SSL_ERROR_WANT_READ:
2047 case SSL_ERROR_WANT_X509_LOOKUP: 1920 case SSL_ERROR_WANT_X509_LOOKUP:
2048 BIO_printf(bio_s_out,"Write BLOCK\n"); 1921 BIO_printf(bio_s_out, "Write BLOCK\n");
2049 break; 1922 break;
2050 case SSL_ERROR_SYSCALL: 1923 case SSL_ERROR_SYSCALL:
2051 case SSL_ERROR_SSL: 1924 case SSL_ERROR_SSL:
2052 BIO_printf(bio_s_out,"ERROR\n"); 1925 BIO_printf(bio_s_out, "ERROR\n");
2053 ERR_print_errors(bio_err); 1926 ERR_print_errors(bio_err);
2054 ret=1; 1927 ret = 1;
2055 goto err; 1928 goto err;
2056 /* break; */ 1929 /* break; */
2057 case SSL_ERROR_ZERO_RETURN: 1930 case SSL_ERROR_ZERO_RETURN:
2058 BIO_printf(bio_s_out,"DONE\n"); 1931 BIO_printf(bio_s_out, "DONE\n");
2059 ret=1; 1932 ret = 1;
2060 goto err; 1933 goto err;
2061 }
2062 l+=k;
2063 i-=k;
2064 if (i <= 0) break;
2065 } 1934 }
1935 l += k;
1936 i -= k;
1937 if (i <= 0)
1938 break;
2066 } 1939 }
2067 if (read_from_sslcon) 1940 }
2068 { 1941 if (read_from_sslcon) {
2069 if (!SSL_is_init_finished(con)) 1942 if (!SSL_is_init_finished(con)) {
2070 { 1943 i = init_ssl_connection(con);
2071 i=init_ssl_connection(con); 1944
2072 1945 if (i < 0) {
2073 if (i < 0) 1946 ret = 0;
2074 {
2075 ret=0;
2076 goto err; 1947 goto err;
2077 } 1948 } else if (i == 0) {
2078 else if (i == 0) 1949 ret = 1;
2079 {
2080 ret=1;
2081 goto err; 1950 goto err;
2082 }
2083 } 1951 }
2084 else 1952 } else {
2085 { 1953 again:
2086again: 1954 i = SSL_read(con, (char *) buf, bufsize);
2087 i=SSL_read(con,(char *)buf,bufsize);
2088#ifndef OPENSSL_NO_SRP 1955#ifndef OPENSSL_NO_SRP
2089 while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 1956 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2090 { 1957 BIO_printf(bio_s_out, "LOOKUP renego during read\n");
2091 BIO_printf(bio_s_out,"LOOKUP renego during read\n"); 1958 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2092 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 1959 if (srp_callback_parm.user)
2093 if (srp_callback_parm.user) 1960 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2094 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 1961 else
2095 else 1962 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2096 BIO_printf(bio_s_out,"LOOKUP not successful\n"); 1963 i = SSL_read(con, (char *) buf, bufsize);
2097 i=SSL_read(con,(char *)buf,bufsize); 1964 }
2098 }
2099#endif 1965#endif
2100 switch (SSL_get_error(con,i)) 1966 switch (SSL_get_error(con, i)) {
2101 {
2102 case SSL_ERROR_NONE: 1967 case SSL_ERROR_NONE:
2103 raw_write_stdout(buf, 1968 raw_write_stdout(buf,
2104 (unsigned int)i); 1969 (unsigned int) i);
2105 if (SSL_pending(con)) goto again; 1970 if (SSL_pending(con))
1971 goto again;
2106 break; 1972 break;
2107 case SSL_ERROR_WANT_WRITE: 1973 case SSL_ERROR_WANT_WRITE:
2108 case SSL_ERROR_WANT_READ: 1974 case SSL_ERROR_WANT_READ:
2109 BIO_printf(bio_s_out,"Read BLOCK\n"); 1975 BIO_printf(bio_s_out, "Read BLOCK\n");
2110 break; 1976 break;
2111 case SSL_ERROR_SYSCALL: 1977 case SSL_ERROR_SYSCALL:
2112 case SSL_ERROR_SSL: 1978 case SSL_ERROR_SSL:
2113 BIO_printf(bio_s_out,"ERROR\n"); 1979 BIO_printf(bio_s_out, "ERROR\n");
2114 ERR_print_errors(bio_err); 1980 ERR_print_errors(bio_err);
2115 ret=1; 1981 ret = 1;
2116 goto err; 1982 goto err;
2117 case SSL_ERROR_ZERO_RETURN: 1983 case SSL_ERROR_ZERO_RETURN:
2118 BIO_printf(bio_s_out,"DONE\n"); 1984 BIO_printf(bio_s_out, "DONE\n");
2119 ret=1; 1985 ret = 1;
2120 goto err; 1986 goto err;
2121 }
2122 } 1987 }
2123 } 1988 }
2124 } 1989 }
1990 }
2125err: 1991err:
2126 if (con != NULL) 1992 if (con != NULL) {
2127 { 1993 BIO_printf(bio_s_out, "shutting down SSL\n");
2128 BIO_printf(bio_s_out,"shutting down SSL\n");
2129#if 1 1994#if 1
2130 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1995 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2131#else 1996#else
2132 SSL_shutdown(con); 1997 SSL_shutdown(con);
2133#endif 1998#endif
2134 SSL_free(con); 1999 SSL_free(con);
2135 } 2000 }
2136 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 2001 BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
2137 if (buf != NULL) 2002 if (buf != NULL) {
2138 { 2003 OPENSSL_cleanse(buf, bufsize);
2139 OPENSSL_cleanse(buf,bufsize);
2140 free(buf); 2004 free(buf);
2141 }
2142 if (ret >= 0)
2143 BIO_printf(bio_s_out,"ACCEPT\n");
2144 return(ret);
2145 } 2005 }
2006 if (ret >= 0)
2007 BIO_printf(bio_s_out, "ACCEPT\n");
2008 return (ret);
2009}
2146 2010
2147static void close_accept_socket(void) 2011static void
2148 { 2012close_accept_socket(void)
2149 BIO_printf(bio_err,"shutdown accept socket\n"); 2013{
2150 if (accept_socket >= 0) 2014 BIO_printf(bio_err, "shutdown accept socket\n");
2151 { 2015 if (accept_socket >= 0) {
2152 shutdown(accept_socket, SHUT_RDWR); 2016 shutdown(accept_socket, SHUT_RDWR);
2153 close(accept_socket); 2017 close(accept_socket);
2154 }
2155 } 2018 }
2019}
2156 2020
2157static int init_ssl_connection(SSL *con) 2021static int
2158 { 2022init_ssl_connection(SSL * con)
2023{
2159 int i; 2024 int i;
2160 const char *str; 2025 const char *str;
2161 X509 *peer; 2026 X509 *peer;
@@ -2171,260 +2036,242 @@ static int init_ssl_connection(SSL *con)
2171 unsigned char *exportedkeymat; 2036 unsigned char *exportedkeymat;
2172 2037
2173 2038
2174 i=SSL_accept(con); 2039 i = SSL_accept(con);
2175#ifndef OPENSSL_NO_SRP 2040#ifndef OPENSSL_NO_SRP
2176 while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 2041 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2177 { 2042 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2178 BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 2043 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2179 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2044 if (srp_callback_parm.user)
2180 if (srp_callback_parm.user) 2045 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2181 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
2182 else
2183 BIO_printf(bio_s_out,"LOOKUP not successful\n");
2184 i=SSL_accept(con);
2185 }
2186#endif
2187 if (i <= 0)
2188 {
2189 if (BIO_sock_should_retry(i))
2190 {
2191 BIO_printf(bio_s_out,"DELAY\n");
2192 return(1);
2193 }
2194
2195 BIO_printf(bio_err,"ERROR\n");
2196 verify_error=SSL_get_verify_result(con);
2197 if (verify_error != X509_V_OK)
2198 {
2199 BIO_printf(bio_err,"verify error:%s\n",
2200 X509_verify_cert_error_string(verify_error));
2201 }
2202 else 2046 else
2047 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2048 i = SSL_accept(con);
2049 }
2050#endif
2051 if (i <= 0) {
2052 if (BIO_sock_should_retry(i)) {
2053 BIO_printf(bio_s_out, "DELAY\n");
2054 return (1);
2055 }
2056 BIO_printf(bio_err, "ERROR\n");
2057 verify_error = SSL_get_verify_result(con);
2058 if (verify_error != X509_V_OK) {
2059 BIO_printf(bio_err, "verify error:%s\n",
2060 X509_verify_cert_error_string(verify_error));
2061 } else
2203 ERR_print_errors(bio_err); 2062 ERR_print_errors(bio_err);
2204 return(0); 2063 return (0);
2205 } 2064 }
2206 2065 PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
2207 PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 2066
2208 2067 peer = SSL_get_peer_certificate(con);
2209 peer=SSL_get_peer_certificate(con); 2068 if (peer != NULL) {
2210 if (peer != NULL) 2069 BIO_printf(bio_s_out, "Client certificate\n");
2211 { 2070 PEM_write_bio_X509(bio_s_out, peer);
2212 BIO_printf(bio_s_out,"Client certificate\n"); 2071 X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
2213 PEM_write_bio_X509(bio_s_out,peer); 2072 BIO_printf(bio_s_out, "subject=%s\n", buf);
2214 X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); 2073 X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
2215 BIO_printf(bio_s_out,"subject=%s\n",buf); 2074 BIO_printf(bio_s_out, "issuer=%s\n", buf);
2216 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
2217 BIO_printf(bio_s_out,"issuer=%s\n",buf);
2218 X509_free(peer); 2075 X509_free(peer);
2219 } 2076 }
2220 2077 if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
2221 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) 2078 BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
2222 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 2079 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
2223 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2080 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
2224 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
2225 2081
2226#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2082#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2227 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 2083 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
2228 if (next_proto_neg) 2084 if (next_proto_neg) {
2229 { 2085 BIO_printf(bio_s_out, "NEXTPROTO is ");
2230 BIO_printf(bio_s_out,"NEXTPROTO is ");
2231 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 2086 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
2232 BIO_printf(bio_s_out, "\n"); 2087 BIO_printf(bio_s_out, "\n");
2233 } 2088 }
2234#endif 2089#endif
2235#ifndef OPENSSL_NO_SRTP 2090#ifndef OPENSSL_NO_SRTP
2236 { 2091 {
2237 SRTP_PROTECTION_PROFILE *srtp_profile 2092 SRTP_PROTECTION_PROFILE *srtp_profile
2238 = SSL_get_selected_srtp_profile(con); 2093 = SSL_get_selected_srtp_profile(con);
2239 2094
2240 if(srtp_profile) 2095 if (srtp_profile)
2241 BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", 2096 BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
2242 srtp_profile->name); 2097 srtp_profile->name);
2243 } 2098 }
2244#endif 2099#endif
2245 if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); 2100 if (SSL_cache_hit(con))
2246 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 2101 BIO_printf(bio_s_out, "Reused session-id\n");
2247 TLS1_FLAGS_TLS_PADDING_BUG) 2102 if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
2103 TLS1_FLAGS_TLS_PADDING_BUG)
2248 BIO_printf(bio_s_out, 2104 BIO_printf(bio_s_out,
2249 "Peer has incorrect TLSv1 block padding\n"); 2105 "Peer has incorrect TLSv1 block padding\n");
2250#ifndef OPENSSL_NO_KRB5 2106#ifndef OPENSSL_NO_KRB5
2251 client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); 2107 client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
2252 if (client_princ != NULL) 2108 if (client_princ != NULL) {
2253 { 2109 BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
2254 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", 2110 client_princ);
2255 client_princ); 2111 }
2256 } 2112#endif /* OPENSSL_NO_KRB5 */
2257#endif /* OPENSSL_NO_KRB5 */
2258 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 2113 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
2259 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 2114 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
2260 if (keymatexportlabel != NULL) 2115 if (keymatexportlabel != NULL) {
2261 {
2262 BIO_printf(bio_s_out, "Keying material exporter:\n"); 2116 BIO_printf(bio_s_out, "Keying material exporter:\n");
2263 BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); 2117 BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
2264 BIO_printf(bio_s_out, " Length: %i bytes\n", 2118 BIO_printf(bio_s_out, " Length: %i bytes\n",
2265 keymatexportlen); 2119 keymatexportlen);
2266 exportedkeymat = malloc(keymatexportlen); 2120 exportedkeymat = malloc(keymatexportlen);
2267 if (exportedkeymat != NULL) 2121 if (exportedkeymat != NULL) {
2268 {
2269 if (!SSL_export_keying_material(con, exportedkeymat, 2122 if (!SSL_export_keying_material(con, exportedkeymat,
2270 keymatexportlen, 2123 keymatexportlen,
2271 keymatexportlabel, 2124 keymatexportlabel,
2272 strlen(keymatexportlabel), 2125 strlen(keymatexportlabel),
2273 NULL, 0, 0)) 2126 NULL, 0, 0)) {
2274 {
2275 BIO_printf(bio_s_out, " Error\n"); 2127 BIO_printf(bio_s_out, " Error\n");
2276 } 2128 } else {
2277 else
2278 {
2279 BIO_printf(bio_s_out, " Keying material: "); 2129 BIO_printf(bio_s_out, " Keying material: ");
2280 for (i=0; i<keymatexportlen; i++) 2130 for (i = 0; i < keymatexportlen; i++)
2281 BIO_printf(bio_s_out, "%02X", 2131 BIO_printf(bio_s_out, "%02X",
2282 exportedkeymat[i]); 2132 exportedkeymat[i]);
2283 BIO_printf(bio_s_out, "\n"); 2133 BIO_printf(bio_s_out, "\n");
2284 }
2285 free(exportedkeymat);
2286 } 2134 }
2135 free(exportedkeymat);
2287 } 2136 }
2288
2289 return(1);
2290 } 2137 }
2138 return (1);
2139}
2291 2140
2292#ifndef OPENSSL_NO_DH 2141#ifndef OPENSSL_NO_DH
2293static DH *load_dh_param(const char *dhfile) 2142static DH *
2294 { 2143load_dh_param(const char *dhfile)
2295 DH *ret=NULL; 2144{
2145 DH *ret = NULL;
2296 BIO *bio; 2146 BIO *bio;
2297 2147
2298 if ((bio=BIO_new_file(dhfile,"r")) == NULL) 2148 if ((bio = BIO_new_file(dhfile, "r")) == NULL)
2299 goto err; 2149 goto err;
2300 ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 2150 ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2301err: 2151err:
2302 if (bio != NULL) BIO_free(bio); 2152 if (bio != NULL)
2303 return(ret); 2153 BIO_free(bio);
2304 } 2154 return (ret);
2155}
2305#endif 2156#endif
2306#ifndef OPENSSL_NO_KRB5 2157#ifndef OPENSSL_NO_KRB5
2307 char *client_princ; 2158char *client_princ;
2308#endif 2159#endif
2309 2160
2310#if 0 2161#if 0
2311static int load_CA(SSL_CTX *ctx, char *file) 2162static int
2312 { 2163load_CA(SSL_CTX * ctx, char *file)
2164{
2313 FILE *in; 2165 FILE *in;
2314 X509 *x=NULL; 2166 X509 *x = NULL;
2315 2167
2316 if ((in=fopen(file,"r")) == NULL) 2168 if ((in = fopen(file, "r")) == NULL)
2317 return(0); 2169 return (0);
2318 2170
2319 for (;;) 2171 for (;;) {
2320 { 2172 if (PEM_read_X509(in, &x, NULL) == NULL)
2321 if (PEM_read_X509(in,&x,NULL) == NULL)
2322 break; 2173 break;
2323 SSL_CTX_add_client_CA(ctx,x); 2174 SSL_CTX_add_client_CA(ctx, x);
2324 }
2325 if (x != NULL) X509_free(x);
2326 fclose(in);
2327 return(1);
2328 } 2175 }
2176 if (x != NULL)
2177 X509_free(x);
2178 fclose(in);
2179 return (1);
2180}
2329#endif 2181#endif
2330 2182
2331static int www_body(char *hostname, int s, unsigned char *context) 2183static int
2332 { 2184www_body(char *hostname, int s, unsigned char *context)
2333 char *buf=NULL; 2185{
2334 int ret=1; 2186 char *buf = NULL;
2335 int i,j,k,dot; 2187 int ret = 1;
2188 int i, j, k, dot;
2336 SSL *con; 2189 SSL *con;
2337 const SSL_CIPHER *c; 2190 const SSL_CIPHER *c;
2338 BIO *io,*ssl_bio,*sbio; 2191 BIO *io, *ssl_bio, *sbio;
2339#ifndef OPENSSL_NO_KRB5 2192#ifndef OPENSSL_NO_KRB5
2340 KSSL_CTX *kctx; 2193 KSSL_CTX *kctx;
2341#endif 2194#endif
2342 2195
2343 buf=malloc(bufsize); 2196 buf = malloc(bufsize);
2344 if (buf == NULL) return(0); 2197 if (buf == NULL)
2345 io=BIO_new(BIO_f_buffer()); 2198 return (0);
2346 ssl_bio=BIO_new(BIO_f_ssl()); 2199 io = BIO_new(BIO_f_buffer());
2347 if ((io == NULL) || (ssl_bio == NULL)) goto err; 2200 ssl_bio = BIO_new(BIO_f_ssl());
2201 if ((io == NULL) || (ssl_bio == NULL))
2202 goto err;
2348 2203
2349#ifdef FIONBIO 2204#ifdef FIONBIO
2350 if (s_nbio) 2205 if (s_nbio) {
2351 { 2206 unsigned long sl = 1;
2352 unsigned long sl=1;
2353 2207
2354 if (!s_quiet) 2208 if (!s_quiet)
2355 BIO_printf(bio_err,"turning on non blocking io\n"); 2209 BIO_printf(bio_err, "turning on non blocking io\n");
2356 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 2210 if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
2357 ERR_print_errors(bio_err); 2211 ERR_print_errors(bio_err);
2358 } 2212 }
2359#endif 2213#endif
2360 2214
2361 /* lets make the output buffer a reasonable size */ 2215 /* lets make the output buffer a reasonable size */
2362 if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 2216 if (!BIO_set_write_buffer_size(io, bufsize))
2217 goto err;
2363 2218
2364 if ((con=SSL_new(ctx)) == NULL) goto err; 2219 if ((con = SSL_new(ctx)) == NULL)
2220 goto err;
2365#ifndef OPENSSL_NO_TLSEXT 2221#ifndef OPENSSL_NO_TLSEXT
2366 if (s_tlsextdebug) 2222 if (s_tlsextdebug) {
2367 { 2223 SSL_set_tlsext_debug_callback(con, tlsext_cb);
2368 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2224 SSL_set_tlsext_debug_arg(con, bio_s_out);
2369 SSL_set_tlsext_debug_arg(con, bio_s_out); 2225 }
2370 }
2371#endif 2226#endif
2372#ifndef OPENSSL_NO_KRB5 2227#ifndef OPENSSL_NO_KRB5
2373 if ((kctx = kssl_ctx_new()) != NULL) 2228 if ((kctx = kssl_ctx_new()) != NULL) {
2374 {
2375 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 2229 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
2376 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 2230 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
2377 } 2231 }
2378#endif /* OPENSSL_NO_KRB5 */ 2232#endif /* OPENSSL_NO_KRB5 */
2379 if(context) SSL_set_session_id_context(con, context, 2233 if (context)
2380 strlen((char *)context)); 2234 SSL_set_session_id_context(con, context,
2235 strlen((char *) context));
2381 2236
2382 sbio=BIO_new_socket(s,BIO_NOCLOSE); 2237 sbio = BIO_new_socket(s, BIO_NOCLOSE);
2383 if (s_nbio_test) 2238 if (s_nbio_test) {
2384 {
2385 BIO *test; 2239 BIO *test;
2386 2240
2387 test=BIO_new(BIO_f_nbio_test()); 2241 test = BIO_new(BIO_f_nbio_test());
2388 sbio=BIO_push(test,sbio); 2242 sbio = BIO_push(test, sbio);
2389 } 2243 }
2390 SSL_set_bio(con,sbio,sbio); 2244 SSL_set_bio(con, sbio, sbio);
2391 SSL_set_accept_state(con); 2245 SSL_set_accept_state(con);
2392 2246
2393 /* SSL_set_fd(con,s); */ 2247 /* SSL_set_fd(con,s); */
2394 BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 2248 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2395 BIO_push(io,ssl_bio); 2249 BIO_push(io, ssl_bio);
2396 2250
2397 if (s_debug) 2251 if (s_debug) {
2398 {
2399 SSL_set_debug(con, 1); 2252 SSL_set_debug(con, 1);
2400 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 2253 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2401 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 2254 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
2402 } 2255 }
2403 if (s_msg) 2256 if (s_msg) {
2404 {
2405 SSL_set_msg_callback(con, msg_cb); 2257 SSL_set_msg_callback(con, msg_cb);
2406 SSL_set_msg_callback_arg(con, bio_s_out); 2258 SSL_set_msg_callback_arg(con, bio_s_out);
2407 } 2259 }
2408 2260 for (;;) {
2409 for (;;) 2261 if (hack) {
2410 { 2262 i = SSL_accept(con);
2411 if (hack)
2412 {
2413 i=SSL_accept(con);
2414#ifndef OPENSSL_NO_SRP 2263#ifndef OPENSSL_NO_SRP
2415 while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 2264 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2416 { 2265 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2417 BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 2266 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2418 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2267 if (srp_callback_parm.user)
2419 if (srp_callback_parm.user) 2268 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2420 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 2269 else
2421 else 2270 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2422 BIO_printf(bio_s_out,"LOOKUP not successful\n"); 2271 i = SSL_accept(con);
2423 i=SSL_accept(con); 2272 }
2424 }
2425#endif 2273#endif
2426 switch (SSL_get_error(con,i)) 2274 switch (SSL_get_error(con, i)) {
2427 {
2428 case SSL_ERROR_NONE: 2275 case SSL_ERROR_NONE:
2429 break; 2276 break;
2430 case SSL_ERROR_WANT_WRITE: 2277 case SSL_ERROR_WANT_WRITE:
@@ -2434,142 +2281,122 @@ static int www_body(char *hostname, int s, unsigned char *context)
2434 case SSL_ERROR_SYSCALL: 2281 case SSL_ERROR_SYSCALL:
2435 case SSL_ERROR_SSL: 2282 case SSL_ERROR_SSL:
2436 case SSL_ERROR_ZERO_RETURN: 2283 case SSL_ERROR_ZERO_RETURN:
2437 ret=1; 2284 ret = 1;
2438 goto err; 2285 goto err;
2439 /* break; */ 2286 /* break; */
2440 }
2441
2442 SSL_renegotiate(con);
2443 SSL_write(con,NULL,0);
2444 } 2287 }
2445 2288
2446 i=BIO_gets(io,buf,bufsize-1); 2289 SSL_renegotiate(con);
2447 if (i < 0) /* error */ 2290 SSL_write(con, NULL, 0);
2448 { 2291 }
2449 if (!BIO_should_retry(io)) 2292 i = BIO_gets(io, buf, bufsize - 1);
2450 { 2293 if (i < 0) { /* error */
2294 if (!BIO_should_retry(io)) {
2451 if (!s_quiet) 2295 if (!s_quiet)
2452 ERR_print_errors(bio_err); 2296 ERR_print_errors(bio_err);
2453 goto err; 2297 goto err;
2454 } 2298 } else {
2455 else 2299 BIO_printf(bio_s_out, "read R BLOCK\n");
2456 {
2457 BIO_printf(bio_s_out,"read R BLOCK\n");
2458 sleep(1); 2300 sleep(1);
2459 continue; 2301 continue;
2460 }
2461 } 2302 }
2462 else if (i == 0) /* end of input */ 2303 } else if (i == 0) { /* end of input */
2463 { 2304 ret = 1;
2464 ret=1;
2465 goto end; 2305 goto end;
2466 } 2306 }
2467
2468 /* else we have data */ 2307 /* else we have data */
2469 if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || 2308 if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
2470 ((www == 2) && (strncmp("GET /stats ",buf,11) == 0))) 2309 ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
2471 {
2472 char *p; 2310 char *p;
2473 X509 *peer; 2311 X509 *peer;
2474 STACK_OF(SSL_CIPHER) *sk; 2312 STACK_OF(SSL_CIPHER) * sk;
2475 static const char *space=" "; 2313 static const char *space = " ";
2476 2314
2477 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 2315 BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2478 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 2316 BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
2479 BIO_puts(io,"<pre>\n"); 2317 BIO_puts(io, "<pre>\n");
2480/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 2318/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
2481 BIO_puts(io,"\n"); 2319 BIO_puts(io, "\n");
2482 for (i=0; i<local_argc; i++) 2320 for (i = 0; i < local_argc; i++) {
2483 { 2321 BIO_puts(io, local_argv[i]);
2484 BIO_puts(io,local_argv[i]); 2322 BIO_write(io, " ", 1);
2485 BIO_write(io," ",1); 2323 }
2486 } 2324 BIO_puts(io, "\n");
2487 BIO_puts(io,"\n");
2488 2325
2489 BIO_printf(io, 2326 BIO_printf(io,
2490 "Secure Renegotiation IS%s supported\n", 2327 "Secure Renegotiation IS%s supported\n",
2491 SSL_get_secure_renegotiation_support(con) ? 2328 SSL_get_secure_renegotiation_support(con) ?
2492 "" : " NOT"); 2329 "" : " NOT");
2493 2330
2494 /* The following is evil and should not really 2331 /*
2495 * be done */ 2332 * The following is evil and should not really be
2496 BIO_printf(io,"Ciphers supported in s_server binary\n"); 2333 * done
2497 sk=SSL_get_ciphers(con); 2334 */
2498 j=sk_SSL_CIPHER_num(sk); 2335 BIO_printf(io, "Ciphers supported in s_server binary\n");
2499 for (i=0; i<j; i++) 2336 sk = SSL_get_ciphers(con);
2500 { 2337 j = sk_SSL_CIPHER_num(sk);
2501 c=sk_SSL_CIPHER_value(sk,i); 2338 for (i = 0; i < j; i++) {
2502 BIO_printf(io,"%-11s:%-25s", 2339 c = sk_SSL_CIPHER_value(sk, i);
2503 SSL_CIPHER_get_version(c), 2340 BIO_printf(io, "%-11s:%-25s",
2504 SSL_CIPHER_get_name(c)); 2341 SSL_CIPHER_get_version(c),
2505 if ((((i+1)%2) == 0) && (i+1 != j)) 2342 SSL_CIPHER_get_name(c));
2506 BIO_puts(io,"\n"); 2343 if ((((i + 1) % 2) == 0) && (i + 1 != j))
2507 } 2344 BIO_puts(io, "\n");
2508 BIO_puts(io,"\n"); 2345 }
2509 p=SSL_get_shared_ciphers(con,buf,bufsize); 2346 BIO_puts(io, "\n");
2510 if (p != NULL) 2347 p = SSL_get_shared_ciphers(con, buf, bufsize);
2511 { 2348 if (p != NULL) {
2512 BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 2349 BIO_printf(io, "---\nCiphers common between both SSL end points:\n");
2513 j=i=0; 2350 j = i = 0;
2514 while (*p) 2351 while (*p) {
2515 { 2352 if (*p == ':') {
2516 if (*p == ':') 2353 BIO_write(io, space, 26 - j);
2517 {
2518 BIO_write(io,space,26-j);
2519 i++; 2354 i++;
2520 j=0; 2355 j = 0;
2521 BIO_write(io,((i%3)?" ":"\n"),1); 2356 BIO_write(io, ((i % 3) ? " " : "\n"), 1);
2522 } 2357 } else {
2523 else 2358 BIO_write(io, p, 1);
2524 {
2525 BIO_write(io,p,1);
2526 j++; 2359 j++;
2527 }
2528 p++;
2529 } 2360 }
2530 BIO_puts(io,"\n"); 2361 p++;
2531 }
2532 BIO_printf(io,(SSL_cache_hit(con)
2533 ?"---\nReused, "
2534 :"---\nNew, "));
2535 c=SSL_get_current_cipher(con);
2536 BIO_printf(io,"%s, Cipher is %s\n",
2537 SSL_CIPHER_get_version(c),
2538 SSL_CIPHER_get_name(c));
2539 SSL_SESSION_print(io,SSL_get_session(con));
2540 BIO_printf(io,"---\n");
2541 print_stats(io,SSL_get_SSL_CTX(con));
2542 BIO_printf(io,"---\n");
2543 peer=SSL_get_peer_certificate(con);
2544 if (peer != NULL)
2545 {
2546 BIO_printf(io,"Client certificate\n");
2547 X509_print(io,peer);
2548 PEM_write_bio_X509(io,peer);
2549 } 2362 }
2550 else 2363 BIO_puts(io, "\n");
2551 BIO_puts(io,"no client certificate available\n"); 2364 }
2552 BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 2365 BIO_printf(io, (SSL_cache_hit(con)
2366 ? "---\nReused, "
2367 : "---\nNew, "));
2368 c = SSL_get_current_cipher(con);
2369 BIO_printf(io, "%s, Cipher is %s\n",
2370 SSL_CIPHER_get_version(c),
2371 SSL_CIPHER_get_name(c));
2372 SSL_SESSION_print(io, SSL_get_session(con));
2373 BIO_printf(io, "---\n");
2374 print_stats(io, SSL_get_SSL_CTX(con));
2375 BIO_printf(io, "---\n");
2376 peer = SSL_get_peer_certificate(con);
2377 if (peer != NULL) {
2378 BIO_printf(io, "Client certificate\n");
2379 X509_print(io, peer);
2380 PEM_write_bio_X509(io, peer);
2381 } else
2382 BIO_puts(io, "no client certificate available\n");
2383 BIO_puts(io, "</BODY></HTML>\r\n\r\n");
2553 break; 2384 break;
2554 } 2385 } else if ((www == 2 || www == 3)
2555 else if ((www == 2 || www == 3) 2386 && (strncmp("GET /", buf, 5) == 0)) {
2556 && (strncmp("GET /",buf,5) == 0))
2557 {
2558 BIO *file; 2387 BIO *file;
2559 char *p,*e; 2388 char *p, *e;
2560 static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 2389 static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
2561 2390
2562 /* skip the '/' */ 2391 /* skip the '/' */
2563 p= &(buf[5]); 2392 p = &(buf[5]);
2564 2393
2565 dot = 1; 2394 dot = 1;
2566 for (e=p; *e != '\0'; e++) 2395 for (e = p; *e != '\0'; e++) {
2567 {
2568 if (e[0] == ' ') 2396 if (e[0] == ' ')
2569 break; 2397 break;
2570 2398
2571 switch (dot) 2399 switch (dot) {
2572 {
2573 case 1: 2400 case 1:
2574 dot = (e[0] == '.') ? 2 : 0; 2401 dot = (e[0] == '.') ? 2 : 0;
2575 break; 2402 break;
@@ -2579,132 +2406,119 @@ static int www_body(char *hostname, int s, unsigned char *context)
2579 case 3: 2406 case 3:
2580 dot = (e[0] == '/') ? -1 : 0; 2407 dot = (e[0] == '/') ? -1 : 0;
2581 break; 2408 break;
2582 } 2409 }
2583 if (dot == 0) 2410 if (dot == 0)
2584 dot = (e[0] == '/') ? 1 : 0; 2411 dot = (e[0] == '/') ? 1 : 0;
2585 } 2412 }
2586 dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ 2413 dot = (dot == 3) || (dot == -1); /* filename contains
2414 * ".." component */
2587 2415
2588 if (*e == '\0') 2416 if (*e == '\0') {
2589 { 2417 BIO_puts(io, text);
2590 BIO_puts(io,text); 2418 BIO_printf(io, "'%s' is an invalid file name\r\n", p);
2591 BIO_printf(io,"'%s' is an invalid file name\r\n",p);
2592 break; 2419 break;
2593 } 2420 }
2594 *e='\0'; 2421 *e = '\0';
2595 2422
2596 if (dot) 2423 if (dot) {
2597 { 2424 BIO_puts(io, text);
2598 BIO_puts(io,text); 2425 BIO_printf(io, "'%s' contains '..' reference\r\n", p);
2599 BIO_printf(io,"'%s' contains '..' reference\r\n",p);
2600 break; 2426 break;
2601 } 2427 }
2602 2428 if (*p == '/') {
2603 if (*p == '/') 2429 BIO_puts(io, text);
2604 { 2430 BIO_printf(io, "'%s' is an invalid path\r\n", p);
2605 BIO_puts(io,text);
2606 BIO_printf(io,"'%s' is an invalid path\r\n",p);
2607 break; 2431 break;
2608 } 2432 }
2609
2610#if 0 2433#if 0
2611 /* append if a directory lookup */ 2434 /* append if a directory lookup */
2612 if (e[-1] == '/') 2435 if (e[-1] == '/')
2613 strcat(p,"index.html"); 2436 strcat(p, "index.html");
2614#endif 2437#endif
2615 2438
2616 /* if a directory, do the index thang */ 2439 /* if a directory, do the index thang */
2617 if (app_isdir(p)>0) 2440 if (app_isdir(p) > 0) {
2618 { 2441#if 0 /* must check buffer size */
2619#if 0 /* must check buffer size */ 2442 strcat(p, "/index.html");
2620 strcat(p,"/index.html");
2621#else 2443#else
2622 BIO_puts(io,text); 2444 BIO_puts(io, text);
2623 BIO_printf(io,"'%s' is a directory\r\n",p); 2445 BIO_printf(io, "'%s' is a directory\r\n", p);
2624 break; 2446 break;
2625#endif 2447#endif
2626 } 2448 }
2627 2449 if ((file = BIO_new_file(p, "r")) == NULL) {
2628 if ((file=BIO_new_file(p,"r")) == NULL) 2450 BIO_puts(io, text);
2629 { 2451 BIO_printf(io, "Error opening '%s'\r\n", p);
2630 BIO_puts(io,text);
2631 BIO_printf(io,"Error opening '%s'\r\n",p);
2632 ERR_print_errors(io); 2452 ERR_print_errors(io);
2633 break; 2453 break;
2634 } 2454 }
2635
2636 if (!s_quiet) 2455 if (!s_quiet)
2637 BIO_printf(bio_err,"FILE:%s\n",p); 2456 BIO_printf(bio_err, "FILE:%s\n", p);
2638 2457
2639 if (www == 2) 2458 if (www == 2) {
2640 { 2459 i = strlen(p);
2641 i=strlen(p); 2460 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
2642 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 2461 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
2643 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 2462 ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
2644 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 2463 BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2645 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 2464 else
2646 else 2465 BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
2647 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 2466 }
2648 }
2649 /* send the file */ 2467 /* send the file */
2650 for (;;) 2468 for (;;) {
2651 { 2469 i = BIO_read(file, buf, bufsize);
2652 i=BIO_read(file,buf,bufsize); 2470 if (i <= 0)
2653 if (i <= 0) break; 2471 break;
2654 2472
2655#ifdef RENEG 2473#ifdef RENEG
2656 total_bytes+=i; 2474 total_bytes += i;
2657 fprintf(stderr,"%d\n",i); 2475 fprintf(stderr, "%d\n", i);
2658 if (total_bytes > 3*1024) 2476 if (total_bytes > 3 * 1024) {
2659 { 2477 total_bytes = 0;
2660 total_bytes=0; 2478 fprintf(stderr, "RENEGOTIATE\n");
2661 fprintf(stderr,"RENEGOTIATE\n");
2662 SSL_renegotiate(con); 2479 SSL_renegotiate(con);
2663 } 2480 }
2664#endif 2481#endif
2665 2482
2666 for (j=0; j<i; ) 2483 for (j = 0; j < i;) {
2667 {
2668#ifdef RENEG 2484#ifdef RENEG
2669{ static count=0; if (++count == 13) { SSL_renegotiate(con); } } 2485 {
2486 static count = 0;
2487 if (++count == 13) {
2488 SSL_renegotiate(con);
2489 }
2490 }
2670#endif 2491#endif
2671 k=BIO_write(io,&(buf[j]),i-j); 2492 k = BIO_write(io, &(buf[j]), i - j);
2672 if (k <= 0) 2493 if (k <= 0) {
2673 {
2674 if (!BIO_should_retry(io)) 2494 if (!BIO_should_retry(io))
2675 goto write_error; 2495 goto write_error;
2676 else 2496 else {
2677 { 2497 BIO_printf(bio_s_out, "rwrite W BLOCK\n");
2678 BIO_printf(bio_s_out,"rwrite W BLOCK\n");
2679 }
2680 }
2681 else
2682 {
2683 j+=k;
2684 } 2498 }
2499 } else {
2500 j += k;
2685 } 2501 }
2686 } 2502 }
2687write_error: 2503 }
2504 write_error:
2688 BIO_free(file); 2505 BIO_free(file);
2689 break; 2506 break;
2690 }
2691 } 2507 }
2508 }
2692 2509
2693 for (;;) 2510 for (;;) {
2694 { 2511 i = (int) BIO_flush(io);
2695 i=(int)BIO_flush(io); 2512 if (i <= 0) {
2696 if (i <= 0)
2697 {
2698 if (!BIO_should_retry(io)) 2513 if (!BIO_should_retry(io))
2699 break; 2514 break;
2700 } 2515 } else
2701 else
2702 break; 2516 break;
2703 } 2517 }
2704end: 2518end:
2705#if 1 2519#if 1
2706 /* make sure we re-use sessions */ 2520 /* make sure we re-use sessions */
2707 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2521 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2708#else 2522#else
2709 /* This kills performance */ 2523 /* This kills performance */
2710/* SSL_shutdown(con); A shutdown gets sent in the 2524/* SSL_shutdown(con); A shutdown gets sent in the
@@ -2714,65 +2528,68 @@ end:
2714err: 2528err:
2715 2529
2716 if (ret >= 0) 2530 if (ret >= 0)
2717 BIO_printf(bio_s_out,"ACCEPT\n"); 2531 BIO_printf(bio_s_out, "ACCEPT\n");
2718 2532
2719 if (buf != NULL) free(buf); 2533 if (buf != NULL)
2720 if (io != NULL) BIO_free_all(io); 2534 free(buf);
2535 if (io != NULL)
2536 BIO_free_all(io);
2721/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 2537/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
2722 return(ret); 2538 return (ret);
2723 } 2539}
2724 2540
2725#ifndef OPENSSL_NO_RSA 2541#ifndef OPENSSL_NO_RSA
2726static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2542static RSA *
2727 { 2543tmp_rsa_cb(SSL * s, int is_export, int keylength)
2544{
2728 BIGNUM *bn = NULL; 2545 BIGNUM *bn = NULL;
2729 static RSA *rsa_tmp=NULL; 2546 static RSA *rsa_tmp = NULL;
2730 2547
2731 if (!rsa_tmp && ((bn = BN_new()) == NULL)) 2548 if (!rsa_tmp && ((bn = BN_new()) == NULL))
2732 BIO_printf(bio_err,"Allocation error in generating RSA key\n"); 2549 BIO_printf(bio_err, "Allocation error in generating RSA key\n");
2733 if (!rsa_tmp && bn) 2550 if (!rsa_tmp && bn) {
2734 { 2551 if (!s_quiet) {
2735 if (!s_quiet) 2552 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
2736 { 2553 (void) BIO_flush(bio_err);
2737 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2554 }
2738 (void)BIO_flush(bio_err); 2555 if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
2739 } 2556 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2740 if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || 2557 if (rsa_tmp)
2741 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) 2558 RSA_free(rsa_tmp);
2742 {
2743 if(rsa_tmp) RSA_free(rsa_tmp);
2744 rsa_tmp = NULL; 2559 rsa_tmp = NULL;
2745 }
2746 if (!s_quiet)
2747 {
2748 BIO_printf(bio_err,"\n");
2749 (void)BIO_flush(bio_err);
2750 }
2751 BN_free(bn);
2752 } 2560 }
2753 return(rsa_tmp); 2561 if (!s_quiet) {
2562 BIO_printf(bio_err, "\n");
2563 (void) BIO_flush(bio_err);
2564 }
2565 BN_free(bn);
2754 } 2566 }
2567 return (rsa_tmp);
2568}
2755#endif 2569#endif
2756 2570
2757#define MAX_SESSION_ID_ATTEMPTS 10 2571#define MAX_SESSION_ID_ATTEMPTS 10
2758static int generate_session_id(const SSL *ssl, unsigned char *id, 2572static int
2759 unsigned int *id_len) 2573generate_session_id(const SSL * ssl, unsigned char *id,
2760 { 2574 unsigned int *id_len)
2575{
2761 unsigned int count = 0; 2576 unsigned int count = 0;
2762 do { 2577 do {
2763 RAND_pseudo_bytes(id, *id_len); 2578 RAND_pseudo_bytes(id, *id_len);
2764 /* Prefix the session_id with the required prefix. NB: If our 2579 /*
2765 * prefix is too long, clip it - but there will be worse effects 2580 * Prefix the session_id with the required prefix. NB: If our
2766 * anyway, eg. the server could only possibly create 1 session 2581 * prefix is too long, clip it - but there will be worse
2767 * ID (ie. the prefix!) so all future session negotiations will 2582 * effects anyway, eg. the server could only possibly create
2768 * fail due to conflicts. */ 2583 * 1 session ID (ie. the prefix!) so all future session
2584 * negotiations will fail due to conflicts.
2585 */
2769 memcpy(id, session_id_prefix, 2586 memcpy(id, session_id_prefix,
2770 (strlen(session_id_prefix) < *id_len) ? 2587 (strlen(session_id_prefix) < *id_len) ?
2771 strlen(session_id_prefix) : *id_len); 2588 strlen(session_id_prefix) : *id_len);
2772 } 2589 }
2773 while(SSL_has_matching_session_id(ssl, id, *id_len) && 2590 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2774 (++count < MAX_SESSION_ID_ATTEMPTS)); 2591 (++count < MAX_SESSION_ID_ATTEMPTS));
2775 if(count >= MAX_SESSION_ID_ATTEMPTS) 2592 if (count >= MAX_SESSION_ID_ATTEMPTS)
2776 return 0; 2593 return 0;
2777 return 1; 2594 return 1;
2778 } 2595}
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index 6e7d31554a..f3c66f623a 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -126,7 +126,6 @@ init_client(int *sock, char *host, char *port, int type, int af)
126 } 126 }
127 return (0); 127 return (0);
128 } 128 }
129
130 for (ai = ai_top; ai != NULL; ai = ai->ai_next) { 129 for (ai = ai_top; ai != NULL; ai = ai->ai_next) {
131 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 130 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
132 if (s == -1) { 131 if (s == -1) {
@@ -135,7 +134,7 @@ init_client(int *sock, char *host, char *port, int type, int af)
135 if (type == SOCK_STREAM) { 134 if (type == SOCK_STREAM) {
136 i = 0; 135 i = 0;
137 i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, 136 i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
138 (char *)&i, sizeof(i)); 137 (char *) &i, sizeof(i));
139 if (i < 0) { 138 if (i < 0) {
140 perror("keepalive"); 139 perror("keepalive");
141 return (0); 140 return (0);
@@ -146,7 +145,6 @@ init_client(int *sock, char *host, char *port, int type, int af)
146 freeaddrinfo(ai_top); 145 freeaddrinfo(ai_top);
147 return (1); 146 return (1);
148 } 147 }
149
150 close(s); 148 close(s);
151 } 149 }
152 150
@@ -158,7 +156,7 @@ init_client(int *sock, char *host, char *port, int type, int af)
158 156
159int 157int
160do_server(int port, int type, int *ret, 158do_server(int port, int type, int *ret,
161 int (*cb)(char *hostname, int s, unsigned char *context), 159 int (*cb) (char *hostname, int s, unsigned char *context),
162 unsigned char *context) 160 unsigned char *context)
163{ 161{
164 int sock; 162 int sock;
@@ -171,7 +169,7 @@ do_server(int port, int type, int *ret,
171 169
172 if (ret != NULL) { 170 if (ret != NULL) {
173 *ret = accept_socket; 171 *ret = accept_socket;
174 /* return(1);*/ 172 /* return(1); */
175 } 173 }
176 for (;;) { 174 for (;;) {
177 if (type == SOCK_STREAM) { 175 if (type == SOCK_STREAM) {
@@ -182,7 +180,7 @@ do_server(int port, int type, int *ret,
182 } 180 }
183 } else 181 } else
184 sock = accept_socket; 182 sock = accept_socket;
185 i = (*cb)(name, sock, context); 183 i = (*cb) (name, sock, context);
186 if (name != NULL) 184 if (name != NULL)
187 free(name); 185 free(name);
188 if (type == SOCK_STREAM) { 186 if (type == SOCK_STREAM) {
@@ -207,22 +205,22 @@ init_server_long(int *sock, int port, char *ip, int type)
207 if (!ssl_sock_init()) 205 if (!ssl_sock_init())
208 return (0); 206 return (0);
209 207
210 memset((char *)&server, 0,sizeof(server)); 208 memset((char *) &server, 0, sizeof(server));
211 server.sin_family = AF_INET; 209 server.sin_family = AF_INET;
212 server.sin_port = htons((unsigned short)port); 210 server.sin_port = htons((unsigned short) port);
213 if (ip == NULL) 211 if (ip == NULL)
214 server.sin_addr.s_addr = INADDR_ANY; 212 server.sin_addr.s_addr = INADDR_ANY;
215 else 213 else
216/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ 214/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
217#ifndef BIT_FIELD_LIMITS 215#ifndef BIT_FIELD_LIMITS
218 memcpy(&server.sin_addr.s_addr, ip, 4); 216 memcpy(&server.sin_addr.s_addr, ip, 4);
219#else 217#else
220 memcpy(&server.sin_addr, ip, 4); 218 memcpy(&server.sin_addr, ip, 4);
221#endif 219#endif
222 220
223 if (type == SOCK_STREAM) 221 if (type == SOCK_STREAM)
224 s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); 222 s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
225 else /* type == SOCK_DGRAM */ 223 else /* type == SOCK_DGRAM */
226 s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); 224 s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
227 225
228 if (s == -1) 226 if (s == -1)
@@ -234,7 +232,7 @@ init_server_long(int *sock, int port, char *ip, int type)
234 (void *) &j, sizeof j); 232 (void *) &j, sizeof j);
235 } 233 }
236#endif 234#endif
237 if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { 235 if (bind(s, (struct sockaddr *) & server, sizeof(server)) == -1) {
238 perror("bind"); 236 perror("bind");
239 goto err; 237 goto err;
240 } 238 }
@@ -271,24 +269,24 @@ do_accept(int acc_sock, int *sock, char **host)
271 269
272redoit: 270redoit:
273 271
274 memset((char *)&from, 0, sizeof(from)); 272 memset((char *) &from, 0, sizeof(from));
275 len = sizeof(from); 273 len = sizeof(from);
276 /* Note: under VMS with SOCKETSHR the fourth parameter is currently 274 /*
277 * of type (int *) whereas under other systems it is (void *) if 275 * Note: under VMS with SOCKETSHR the fourth parameter is currently
278 * you don't have a cast it will choke the compiler: if you do 276 * of type (int *) whereas under other systems it is (void *) if you
279 * have a cast then you can either go for (int *) or (void *). 277 * don't have a cast it will choke the compiler: if you do have a
278 * cast then you can either go for (int *) or (void *).
280 */ 279 */
281 ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); 280 ret = accept(acc_sock, (struct sockaddr *) & from, (void *) &len);
282 if (ret == -1) { 281 if (ret == -1) {
283 if (errno == EINTR) { 282 if (errno == EINTR) {
284 /*check_timeout(); */ 283 /* check_timeout(); */
285 goto redoit; 284 goto redoit;
286 } 285 }
287 fprintf(stderr,"errno=%d ",errno); 286 fprintf(stderr, "errno=%d ", errno);
288 perror("accept"); 287 perror("accept");
289 return (0); 288 return (0);
290 } 289 }
291
292/* 290/*
293 ling.l_onoff=1; 291 ling.l_onoff=1;
294 ling.l_linger=0; 292 ling.l_linger=0;
@@ -303,10 +301,10 @@ redoit:
303 goto end; 301 goto end;
304#ifndef BIT_FIELD_LIMITS 302#ifndef BIT_FIELD_LIMITS
305 /* I should use WSAAsyncGetHostByName() under windows */ 303 /* I should use WSAAsyncGetHostByName() under windows */
306 h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, 304 h1 = gethostbyaddr((char *) &from.sin_addr.s_addr,
307 sizeof(from.sin_addr.s_addr), AF_INET); 305 sizeof(from.sin_addr.s_addr), AF_INET);
308#else 306#else
309 h1 = gethostbyaddr((char *)&from.sin_addr, 307 h1 = gethostbyaddr((char *) &from.sin_addr,
310 sizeof(struct in_addr), AF_INET); 308 sizeof(struct in_addr), AF_INET);
311#endif 309#endif
312 if (h1 == NULL) { 310 if (h1 == NULL) {
@@ -314,7 +312,7 @@ redoit:
314 *host = NULL; 312 *host = NULL;
315 /* return(0); */ 313 /* return(0); */
316 } else { 314 } else {
317 if ((*host = (char *)malloc(strlen(h1->h_name) + 1)) == NULL) { 315 if ((*host = (char *) malloc(strlen(h1->h_name) + 1)) == NULL) {
318 perror("malloc"); 316 perror("malloc");
319 return (0); 317 return (0);
320 } 318 }
@@ -343,7 +341,7 @@ extract_host_port(char *str, char **host_ptr, unsigned char *ip,
343 char *h, *p; 341 char *h, *p;
344 342
345 h = str; 343 h = str;
346 p = strrchr(str, '/'); /* IPv6 host/port */ 344 p = strrchr(str, '/'); /* IPv6 host/port */
347 if (p == NULL) { 345 if (p == NULL) {
348 p = strrchr(str, ':'); 346 p = strrchr(str, ':');
349 } 347 }
@@ -370,14 +368,14 @@ extract_port(char *str, short *port_ptr)
370 368
371 i = atoi(str); 369 i = atoi(str);
372 if (i != 0) 370 if (i != 0)
373 *port_ptr = (unsigned short)i; 371 *port_ptr = (unsigned short) i;
374 else { 372 else {
375 s = getservbyname(str, "tcp"); 373 s = getservbyname(str, "tcp");
376 if (s == NULL) { 374 if (s == NULL) {
377 BIO_printf(bio_err, "getservbyname failure for %s\n", str); 375 BIO_printf(bio_err, "getservbyname failure for %s\n", str);
378 return (0); 376 return (0);
379 } 377 }
380 *port_ptr = ntohs((unsigned short)s->s_port); 378 *port_ptr = ntohs((unsigned short) s->s_port);
381 } 379 }
382 return (1); 380 return (1);
383} 381}
@@ -393,10 +391,11 @@ static unsigned long ghbn_hits = 0L;
393static unsigned long ghbn_miss = 0L; 391static unsigned long ghbn_miss = 0L;
394 392
395static struct hostent * 393static struct hostent *
396GetHostByName(char *name) { 394GetHostByName(char *name)
395{
397 struct hostent *ret; 396 struct hostent *ret;
398 int i, lowi = 0; 397 int i, lowi = 0;
399 unsigned long low = (unsigned long) - 1; 398 unsigned long low = (unsigned long) -1;
400 399
401 for (i = 0; i < GHBN_NUM; i++) { 400 for (i = 0; i < GHBN_NUM; i++) {
402 if (low > ghbn_cache[i].order) { 401 if (low > ghbn_cache[i].order) {
@@ -408,8 +407,7 @@ GetHostByName(char *name) {
408 break; 407 break;
409 } 408 }
410 } 409 }
411 if (i == GHBN_NUM) /* no hit*/ 410 if (i == GHBN_NUM) { /* no hit */
412 {
413 ghbn_miss++; 411 ghbn_miss++;
414 ret = gethostbyname(name); 412 ret = gethostbyname(name);
415 if (ret == NULL) 413 if (ret == NULL)
@@ -417,7 +415,7 @@ GetHostByName(char *name) {
417 /* else add to cache */ 415 /* else add to cache */
418 if (strlen(name) < sizeof ghbn_cache[0].name) { 416 if (strlen(name) < sizeof ghbn_cache[0].name) {
419 strlcpy(ghbn_cache[lowi].name, name, sizeof(ghbn_cache[0].name)); 417 strlcpy(ghbn_cache[lowi].name, name, sizeof(ghbn_cache[0].name));
420 memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent)); 418 memcpy((char *) &(ghbn_cache[lowi].ent), ret, sizeof(struct hostent));
421 ghbn_cache[lowi].order = ghbn_miss + ghbn_hits; 419 ghbn_cache[lowi].order = ghbn_miss + ghbn_hits;
422 } 420 }
423 return (ret); 421 return (ret);
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index ee5f7c633e..bb680c6c9a 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -88,7 +88,7 @@
88 88
89#define SSL_CONNECT_NAME "localhost:4433" 89#define SSL_CONNECT_NAME "localhost:4433"
90 90
91/*#define TEST_CERT "client.pem" */ /* no default cert. */ 91 /*#define TEST_CERT "client.pem" *//* no default cert. */
92 92
93#undef BUFSIZZ 93#undef BUFSIZZ
94#define BUFSIZZ 1024*10 94#define BUFSIZZ 1024*10
@@ -106,8 +106,8 @@ extern int verify_depth;
106extern int verify_error; 106extern int verify_error;
107 107
108static void s_time_usage(void); 108static void s_time_usage(void);
109static int parseArgs( int argc, char **argv ); 109static int parseArgs(int argc, char **argv);
110static SSL *doConnection( SSL *scon ); 110static SSL *doConnection(SSL * scon);
111static void s_time_init(void); 111static void s_time_init(void);
112 112
113/*********************************************************************** 113/***********************************************************************
@@ -115,50 +115,52 @@ static void s_time_init(void);
115 */ 115 */
116 116
117/* static char *port=PORT_STR;*/ 117/* static char *port=PORT_STR;*/
118static char *host=SSL_CONNECT_NAME; 118static char *host = SSL_CONNECT_NAME;
119static char *t_cert_file=NULL; 119static char *t_cert_file = NULL;
120static char *t_key_file=NULL; 120static char *t_key_file = NULL;
121static char *CApath=NULL; 121static char *CApath = NULL;
122static char *CAfile=NULL; 122static char *CAfile = NULL;
123static char *tm_cipher=NULL; 123static char *tm_cipher = NULL;
124static int tm_verify = SSL_VERIFY_NONE; 124static int tm_verify = SSL_VERIFY_NONE;
125static int maxTime = SECONDS; 125static int maxTime = SECONDS;
126static SSL_CTX *tm_ctx=NULL; 126static SSL_CTX *tm_ctx = NULL;
127static const SSL_METHOD *s_time_meth=NULL; 127static const SSL_METHOD *s_time_meth = NULL;
128static char *s_www_path=NULL; 128static char *s_www_path = NULL;
129static long bytes_read=0; 129static long bytes_read = 0;
130static int st_bugs=0; 130static int st_bugs = 0;
131static int perform=0; 131static int perform = 0;
132#ifdef FIONBIO 132#ifdef FIONBIO
133static int t_nbio=0; 133static int t_nbio = 0;
134#endif 134#endif
135 135
136static void s_time_init(void) 136static void
137 { 137s_time_init(void)
138 host=SSL_CONNECT_NAME; 138{
139 t_cert_file=NULL; 139 host = SSL_CONNECT_NAME;
140 t_key_file=NULL; 140 t_cert_file = NULL;
141 CApath=NULL; 141 t_key_file = NULL;
142 CAfile=NULL; 142 CApath = NULL;
143 tm_cipher=NULL; 143 CAfile = NULL;
144 tm_cipher = NULL;
144 tm_verify = SSL_VERIFY_NONE; 145 tm_verify = SSL_VERIFY_NONE;
145 maxTime = SECONDS; 146 maxTime = SECONDS;
146 tm_ctx=NULL; 147 tm_ctx = NULL;
147 s_time_meth=NULL; 148 s_time_meth = NULL;
148 s_www_path=NULL; 149 s_www_path = NULL;
149 bytes_read=0; 150 bytes_read = 0;
150 st_bugs=0; 151 st_bugs = 0;
151 perform=0; 152 perform = 0;
152 153
153#ifdef FIONBIO 154#ifdef FIONBIO
154 t_nbio=0; 155 t_nbio = 0;
155#endif 156#endif
156 } 157}
157 158
158/*********************************************************************** 159/***********************************************************************
159 * usage - display usage message 160 * usage - display usage message
160 */ 161 */
161static void s_time_usage(void) 162static void
163s_time_usage(void)
162{ 164{
163 static const char umsg[] = "\ 165 static const char umsg[] = "\
164-time arg - max number of seconds to collect data, default %d\n\ 166-time arg - max number of seconds to collect data, default %d\n\
@@ -170,9 +172,9 @@ static void s_time_usage(void)
170-CAfile arg - PEM format file of CA's\n\ 172-CAfile arg - PEM format file of CA's\n\
171-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; 173-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
172 174
173 printf( "usage: s_time <args>\n\n" ); 175 printf("usage: s_time <args>\n\n");
174 176
175 printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); 177 printf("-connect host:port - host:port to connect to (default is %s)\n", SSL_CONNECT_NAME);
176#ifdef FIONBIO 178#ifdef FIONBIO
177 printf("-nbio - Run with non-blocking IO\n"); 179 printf("-nbio - Run with non-blocking IO\n");
178 printf("-ssl2 - Just use SSLv2\n"); 180 printf("-ssl2 - Just use SSLv2\n");
@@ -182,7 +184,7 @@ static void s_time_usage(void)
182 printf("-reuse - Just time connection reuse\n"); 184 printf("-reuse - Just time connection reuse\n");
183 printf("-www page - Retrieve 'page' from the site\n"); 185 printf("-www page - Retrieve 'page' from the site\n");
184#endif 186#endif
185 printf( umsg,SECONDS ); 187 printf(umsg, SECONDS);
186} 188}
187 189
188/*********************************************************************** 190/***********************************************************************
@@ -190,113 +192,117 @@ static void s_time_usage(void)
190 * 192 *
191 * Returns 0 if ok, -1 on bad args 193 * Returns 0 if ok, -1 on bad args
192 */ 194 */
193static int parseArgs(int argc, char **argv) 195static int
196parseArgs(int argc, char **argv)
194{ 197{
195 int badop = 0; 198 int badop = 0;
196 199
197 verify_depth=0; 200 verify_depth = 0;
198 verify_error=X509_V_OK; 201 verify_error = X509_V_OK;
199 202
200 argc--; 203 argc--;
201 argv++; 204 argv++;
202 205
203 while (argc >= 1) { 206 while (argc >= 1) {
204 if (strcmp(*argv,"-connect") == 0) 207 if (strcmp(*argv, "-connect") == 0) {
205 { 208 if (--argc < 1)
206 if (--argc < 1) goto bad; 209 goto bad;
207 host= *(++argv); 210 host = *(++argv);
208 } 211 }
209#if 0 212#if 0
210 else if( strcmp(*argv,"-host") == 0) 213 else if (strcmp(*argv, "-host") == 0) {
211 { 214 if (--argc < 1)
212 if (--argc < 1) goto bad; 215 goto bad;
213 host= *(++argv); 216 host = *(++argv);
214 } 217 } else if (strcmp(*argv, "-port") == 0) {
215 else if( strcmp(*argv,"-port") == 0) 218 if (--argc < 1)
216 { 219 goto bad;
217 if (--argc < 1) goto bad; 220 port = *(++argv);
218 port= *(++argv);
219 } 221 }
220#endif 222#endif
221 else if (strcmp(*argv,"-reuse") == 0) 223 else if (strcmp(*argv, "-reuse") == 0)
222 perform=2; 224 perform = 2;
223 else if (strcmp(*argv,"-new") == 0) 225 else if (strcmp(*argv, "-new") == 0)
224 perform=1; 226 perform = 1;
225 else if( strcmp(*argv,"-verify") == 0) { 227 else if (strcmp(*argv, "-verify") == 0) {
226 228
227 tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; 229 tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
228 if (--argc < 1) goto bad; 230 if (--argc < 1)
229 verify_depth=atoi(*(++argv)); 231 goto bad;
230 BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 232 verify_depth = atoi(*(++argv));
233 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
231 234
232 } else if( strcmp(*argv,"-cert") == 0) { 235 } else if (strcmp(*argv, "-cert") == 0) {
233 236
234 if (--argc < 1) goto bad; 237 if (--argc < 1)
235 t_cert_file= *(++argv); 238 goto bad;
239 t_cert_file = *(++argv);
236 240
237 } else if( strcmp(*argv,"-key") == 0) { 241 } else if (strcmp(*argv, "-key") == 0) {
238 242
239 if (--argc < 1) goto bad; 243 if (--argc < 1)
240 t_key_file= *(++argv); 244 goto bad;
245 t_key_file = *(++argv);
241 246
242 } else if( strcmp(*argv,"-CApath") == 0) { 247 } else if (strcmp(*argv, "-CApath") == 0) {
243 248
244 if (--argc < 1) goto bad; 249 if (--argc < 1)
245 CApath= *(++argv); 250 goto bad;
251 CApath = *(++argv);
246 252
247 } else if( strcmp(*argv,"-CAfile") == 0) { 253 } else if (strcmp(*argv, "-CAfile") == 0) {
248 254
249 if (--argc < 1) goto bad; 255 if (--argc < 1)
250 CAfile= *(++argv); 256 goto bad;
257 CAfile = *(++argv);
251 258
252 } else if( strcmp(*argv,"-cipher") == 0) { 259 } else if (strcmp(*argv, "-cipher") == 0) {
253 260
254 if (--argc < 1) goto bad; 261 if (--argc < 1)
255 tm_cipher= *(++argv); 262 goto bad;
256 } 263 tm_cipher = *(++argv);
264 }
257#ifdef FIONBIO 265#ifdef FIONBIO
258 else if(strcmp(*argv,"-nbio") == 0) { 266 else if (strcmp(*argv, "-nbio") == 0) {
259 t_nbio=1; 267 t_nbio = 1;
260 } 268 }
261#endif 269#endif
262 else if(strcmp(*argv,"-www") == 0) 270 else if (strcmp(*argv, "-www") == 0) {
263 { 271 if (--argc < 1)
264 if (--argc < 1) goto bad; 272 goto bad;
265 s_www_path= *(++argv); 273 s_www_path = *(++argv);
266 if(strlen(s_www_path) > MYBUFSIZ-100) 274 if (strlen(s_www_path) > MYBUFSIZ - 100) {
267 { 275 BIO_printf(bio_err, "-www option too long\n");
268 BIO_printf(bio_err,"-www option too long\n"); 276 badop = 1;
269 badop=1;
270 } 277 }
278 } else if (strcmp(*argv, "-bugs") == 0)
279 st_bugs = 1;
280 else if (strcmp(*argv, "-ssl3") == 0)
281 s_time_meth = SSLv3_client_method();
282 else if (strcmp(*argv, "-time") == 0) {
283
284 if (--argc < 1)
285 goto bad;
286 maxTime = atoi(*(++argv));
287 } else {
288 BIO_printf(bio_err, "unknown option %s\n", *argv);
289 badop = 1;
290 break;
271 } 291 }
272 else if(strcmp(*argv,"-bugs") == 0)
273 st_bugs=1;
274 else if(strcmp(*argv,"-ssl3") == 0)
275 s_time_meth=SSLv3_client_method();
276 else if( strcmp(*argv,"-time") == 0) {
277
278 if (--argc < 1) goto bad;
279 maxTime= atoi(*(++argv));
280 }
281 else {
282 BIO_printf(bio_err,"unknown option %s\n",*argv);
283 badop=1;
284 break;
285 }
286 292
287 argc--; 293 argc--;
288 argv++; 294 argv++;
289 } 295 }
290 296
291 if (perform == 0) perform=3; 297 if (perform == 0)
298 perform = 3;
292 299
293 if(badop) { 300 if (badop) {
294bad: 301bad:
295 s_time_usage(); 302 s_time_usage();
296 return -1; 303 return -1;
297 } 304 }
298 305 return 0; /* Valid args */
299 return 0; /* Valid args */
300} 306}
301 307
302/*********************************************************************** 308/***********************************************************************
@@ -305,10 +311,11 @@ bad:
305#define START 0 311#define START 0
306#define STOP 1 312#define STOP 1
307 313
308static double tm_Time_F(int s) 314static double
309 { 315tm_Time_F(int s)
310 return app_tminterval(s,1); 316{
311 } 317 return app_tminterval(s, 1);
318}
312 319
313/*********************************************************************** 320/***********************************************************************
314 * MAIN - main processing area for client 321 * MAIN - main processing area for client
@@ -316,88 +323,90 @@ static double tm_Time_F(int s)
316 */ 323 */
317int MAIN(int, char **); 324int MAIN(int, char **);
318 325
319int MAIN(int argc, char **argv) 326int
320 { 327MAIN(int argc, char **argv)
328{
321 double totalTime = 0.0; 329 double totalTime = 0.0;
322 int nConn = 0; 330 int nConn = 0;
323 SSL *scon=NULL; 331 SSL *scon = NULL;
324 long finishtime=0; 332 long finishtime = 0;
325 int ret=1,i; 333 int ret = 1, i;
326 char buf[1024*8]; 334 char buf[1024 * 8];
327 int ver; 335 int ver;
328 336
329 apps_startup(); 337 apps_startup();
330 s_time_init(); 338 s_time_init();
331 339
332 if (bio_err == NULL) 340 if (bio_err == NULL)
333 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 341 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
334 342
335 s_time_meth=SSLv23_client_method(); 343 s_time_meth = SSLv23_client_method();
336 344
337 /* parse the command line arguments */ 345 /* parse the command line arguments */
338 if( parseArgs( argc, argv ) < 0 ) 346 if (parseArgs(argc, argv) < 0)
339 goto end; 347 goto end;
340 348
341 OpenSSL_add_ssl_algorithms(); 349 OpenSSL_add_ssl_algorithms();
342 if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); 350 if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
351 return (1);
343 352
344 SSL_CTX_set_quiet_shutdown(tm_ctx,1); 353 SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
345 354
346 if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); 355 if (st_bugs)
347 SSL_CTX_set_cipher_list(tm_ctx,tm_cipher); 356 SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
348 if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 357 SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
358 if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
349 goto end; 359 goto end;
350 360
351 SSL_load_error_strings(); 361 SSL_load_error_strings();
352 362
353 if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || 363 if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
354 (!SSL_CTX_set_default_verify_paths(tm_ctx))) 364 (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
355 { 365 /*
356 /* BIO_printf(bio_err,"error setting default verify locations\n"); */ 366 * BIO_printf(bio_err,"error setting default verify
367 * locations\n");
368 */
357 ERR_print_errors(bio_err); 369 ERR_print_errors(bio_err);
358 /* goto end; */ 370 /* goto end; */
359 } 371 }
360
361 if (tm_cipher == NULL) 372 if (tm_cipher == NULL)
362 tm_cipher = getenv("SSL_CIPHER"); 373 tm_cipher = getenv("SSL_CIPHER");
363 374
364 if (tm_cipher == NULL ) { 375 if (tm_cipher == NULL) {
365 fprintf( stderr, "No CIPHER specified\n" ); 376 fprintf(stderr, "No CIPHER specified\n");
366 } 377 }
367 378 if (!(perform & 1))
368 if (!(perform & 1)) goto next; 379 goto next;
369 printf( "Collecting connection statistics for %d seconds\n", maxTime ); 380 printf("Collecting connection statistics for %d seconds\n", maxTime);
370 381
371 /* Loop and time how long it takes to make connections */ 382 /* Loop and time how long it takes to make connections */
372 383
373 bytes_read=0; 384 bytes_read = 0;
374 finishtime=(long)time(NULL)+maxTime; 385 finishtime = (long) time(NULL) + maxTime;
375 tm_Time_F(START); 386 tm_Time_F(START);
376 for (;;) 387 for (;;) {
377 { 388 if (finishtime < (long) time(NULL))
378 if (finishtime < (long)time(NULL)) break; 389 break;
379#ifdef WIN32_STUFF 390#ifdef WIN32_STUFF
380 391
381 if( flushWinMsgs(0) == -1 ) 392 if (flushWinMsgs(0) == -1)
382 goto end; 393 goto end;
383 394
384 if( waitingToDie || exitNow ) /* we're dead */ 395 if (waitingToDie || exitNow) /* we're dead */
385 goto end; 396 goto end;
386#endif 397#endif
387 398
388 if( (scon = doConnection( NULL )) == NULL ) 399 if ((scon = doConnection(NULL)) == NULL)
389 goto end; 400 goto end;
390 401
391 if (s_www_path != NULL) 402 if (s_www_path != NULL) {
392 { 403 (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
393 (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 404 SSL_write(scon, buf, strlen(buf));
394 SSL_write(scon,buf,strlen(buf)); 405 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
395 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 406 bytes_read += i;
396 bytes_read+=i; 407 }
397 }
398
399#ifdef NO_SHUTDOWN 408#ifdef NO_SHUTDOWN
400 SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 409 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
401#else 410#else
402 SSL_shutdown(scon); 411 SSL_shutdown(scon);
403#endif 412#endif
@@ -406,53 +415,52 @@ int MAIN(int argc, char **argv)
406 415
407 nConn += 1; 416 nConn += 1;
408 if (SSL_session_reused(scon)) 417 if (SSL_session_reused(scon))
409 ver='r'; 418 ver = 'r';
410 else 419 else {
411 { 420 ver = SSL_version(scon);
412 ver=SSL_version(scon);
413 if (ver == TLS1_VERSION) 421 if (ver == TLS1_VERSION)
414 ver='t'; 422 ver = 't';
415 else if (ver == SSL3_VERSION) 423 else if (ver == SSL3_VERSION)
416 ver='3'; 424 ver = '3';
417 else if (ver == SSL2_VERSION) 425 else if (ver == SSL2_VERSION)
418 ver='2'; 426 ver = '2';
419 else 427 else
420 ver='*'; 428 ver = '*';
421 } 429 }
422 fputc(ver,stdout); 430 fputc(ver, stdout);
423 fflush(stdout); 431 fflush(stdout);
424 432
425 SSL_free( scon ); 433 SSL_free(scon);
426 scon=NULL; 434 scon = NULL;
427 } 435 }
428 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ 436 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
429 437
430 i=(int)((long)time(NULL)-finishtime+maxTime); 438 i = (int) ((long) time(NULL) - finishtime + maxTime);
431 printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); 439 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
432 printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); 440 printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
433 441
434 /* Now loop and time connections using the same session id over and over */ 442 /*
443 * Now loop and time connections using the same session id over and
444 * over
445 */
435 446
436next: 447next:
437 if (!(perform & 2)) goto end; 448 if (!(perform & 2))
438 printf( "\n\nNow timing with session id reuse.\n" ); 449 goto end;
450 printf("\n\nNow timing with session id reuse.\n");
439 451
440 /* Get an SSL object so we can reuse the session id */ 452 /* Get an SSL object so we can reuse the session id */
441 if( (scon = doConnection( NULL )) == NULL ) 453 if ((scon = doConnection(NULL)) == NULL) {
442 { 454 fprintf(stderr, "Unable to get connection\n");
443 fprintf( stderr, "Unable to get connection\n" );
444 goto end; 455 goto end;
445 } 456 }
446 457 if (s_www_path != NULL) {
447 if (s_www_path != NULL) 458 (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
448 { 459 SSL_write(scon, buf, strlen(buf));
449 (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 460 while (SSL_read(scon, buf, sizeof(buf)) > 0);
450 SSL_write(scon,buf,strlen(buf)); 461 }
451 while (SSL_read(scon,buf,sizeof(buf)) > 0)
452 ;
453 }
454#ifdef NO_SHUTDOWN 462#ifdef NO_SHUTDOWN
455 SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 463 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
456#else 464#else
457 SSL_shutdown(scon); 465 SSL_shutdown(scon);
458#endif 466#endif
@@ -462,79 +470,76 @@ next:
462 nConn = 0; 470 nConn = 0;
463 totalTime = 0.0; 471 totalTime = 0.0;
464 472
465 finishtime=(long)time(NULL)+maxTime; 473 finishtime = (long) time(NULL) + maxTime;
466 474
467 printf( "starting\n" ); 475 printf("starting\n");
468 bytes_read=0; 476 bytes_read = 0;
469 tm_Time_F(START); 477 tm_Time_F(START);
470 478
471 for (;;) 479 for (;;) {
472 { 480 if (finishtime < (long) time(NULL))
473 if (finishtime < (long)time(NULL)) break; 481 break;
474 482
475#ifdef WIN32_STUFF 483#ifdef WIN32_STUFF
476 if( flushWinMsgs(0) == -1 ) 484 if (flushWinMsgs(0) == -1)
477 goto end; 485 goto end;
478 486
479 if( waitingToDie || exitNow ) /* we're dead */ 487 if (waitingToDie || exitNow) /* we're dead */
480 goto end; 488 goto end;
481#endif 489#endif
482 490
483 if( (doConnection( scon )) == NULL ) 491 if ((doConnection(scon)) == NULL)
484 goto end; 492 goto end;
485 493
486 if (s_www_path) 494 if (s_www_path) {
487 { 495 (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
488 (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 496 SSL_write(scon, buf, strlen(buf));
489 SSL_write(scon,buf,strlen(buf)); 497 while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
490 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 498 bytes_read += i;
491 bytes_read+=i; 499 }
492 }
493
494#ifdef NO_SHUTDOWN 500#ifdef NO_SHUTDOWN
495 SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 501 SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
496#else 502#else
497 SSL_shutdown(scon); 503 SSL_shutdown(scon);
498#endif 504#endif
499 shutdown(SSL_get_fd(scon), SHUT_RDWR); 505 shutdown(SSL_get_fd(scon), SHUT_RDWR);
500 close(SSL_get_fd(scon)); 506 close(SSL_get_fd(scon));
501 507
502 nConn += 1; 508 nConn += 1;
503 if (SSL_session_reused(scon)) 509 if (SSL_session_reused(scon))
504 ver='r'; 510 ver = 'r';
505 else 511 else {
506 { 512 ver = SSL_version(scon);
507 ver=SSL_version(scon);
508 if (ver == TLS1_VERSION) 513 if (ver == TLS1_VERSION)
509 ver='t'; 514 ver = 't';
510 else if (ver == SSL3_VERSION) 515 else if (ver == SSL3_VERSION)
511 ver='3'; 516 ver = '3';
512 else if (ver == SSL2_VERSION) 517 else if (ver == SSL2_VERSION)
513 ver='2'; 518 ver = '2';
514 else 519 else
515 ver='*'; 520 ver = '*';
516 }
517 fputc(ver,stdout);
518 fflush(stdout);
519 } 521 }
520 totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/ 522 fputc(ver, stdout);
523 fflush(stdout);
524 }
525 totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
521 526
522 527
523 printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); 528 printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
524 printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); 529 printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
525 530
526 ret=0; 531 ret = 0;
527end: 532end:
528 if (scon != NULL) SSL_free(scon); 533 if (scon != NULL)
534 SSL_free(scon);
529 535
530 if (tm_ctx != NULL) 536 if (tm_ctx != NULL) {
531 {
532 SSL_CTX_free(tm_ctx); 537 SSL_CTX_free(tm_ctx);
533 tm_ctx=NULL; 538 tm_ctx = NULL;
534 }
535 apps_shutdown();
536 return(ret);
537 } 539 }
540 apps_shutdown();
541 return (ret);
542}
538 543
539/*********************************************************************** 544/***********************************************************************
540 * doConnection - make a connection 545 * doConnection - make a connection
@@ -543,70 +548,66 @@ end:
543 * Returns: 548 * Returns:
544 * SSL * = the connection pointer. 549 * SSL * = the connection pointer.
545 */ 550 */
546static SSL *doConnection(SSL *scon) 551static SSL *
547 { 552doConnection(SSL * scon)
553{
548 BIO *conn; 554 BIO *conn;
549 SSL *serverCon; 555 SSL *serverCon;
550 int width, i; 556 int width, i;
551 fd_set readfds; 557 fd_set readfds;
552 558
553 if ((conn=BIO_new(BIO_s_connect())) == NULL) 559 if ((conn = BIO_new(BIO_s_connect())) == NULL)
554 return(NULL); 560 return (NULL);
555 561
556/* BIO_set_conn_port(conn,port);*/ 562/* BIO_set_conn_port(conn,port);*/
557 BIO_set_conn_hostname(conn,host); 563 BIO_set_conn_hostname(conn, host);
558 564
559 if (scon == NULL) 565 if (scon == NULL)
560 serverCon=SSL_new(tm_ctx); 566 serverCon = SSL_new(tm_ctx);
561 else 567 else {
562 { 568 serverCon = scon;
563 serverCon=scon;
564 SSL_set_connect_state(serverCon); 569 SSL_set_connect_state(serverCon);
565 } 570 }
566 571
567 SSL_set_bio(serverCon,conn,conn); 572 SSL_set_bio(serverCon, conn, conn);
568 573
569#if 0 574#if 0
570 if( scon != NULL ) 575 if (scon != NULL)
571 SSL_set_session(serverCon,SSL_get_session(scon)); 576 SSL_set_session(serverCon, SSL_get_session(scon));
572#endif 577#endif
573 578
574 /* ok, lets connect */ 579 /* ok, lets connect */
575 for(;;) { 580 for (;;) {
576 i=SSL_connect(serverCon); 581 i = SSL_connect(serverCon);
577 if (BIO_sock_should_retry(i)) 582 if (BIO_sock_should_retry(i)) {
578 { 583 BIO_printf(bio_err, "DELAY\n");
579 BIO_printf(bio_err,"DELAY\n"); 584
580 585 i = SSL_get_fd(serverCon);
581 i=SSL_get_fd(serverCon); 586 width = i + 1;
582 width=i+1;
583 FD_ZERO(&readfds); 587 FD_ZERO(&readfds);
584 openssl_fdset(i,&readfds); 588 openssl_fdset(i, &readfds);
585 /* Note: under VMS with SOCKETSHR the 2nd parameter 589 /*
590 * Note: under VMS with SOCKETSHR the 2nd parameter
586 * is currently of type (int *) whereas under other 591 * is currently of type (int *) whereas under other
587 * systems it is (void *) if you don't have a cast it 592 * systems it is (void *) if you don't have a cast it
588 * will choke the compiler: if you do have a cast then 593 * will choke the compiler: if you do have a cast
589 * you can either go for (int *) or (void *). 594 * then you can either go for (int *) or (void *).
590 */ 595 */
591 select(width,(void *)&readfds,NULL,NULL,NULL); 596 select(width, (void *) &readfds, NULL, NULL, NULL);
592 continue; 597 continue;
593 }
594 break;
595 } 598 }
596 if(i <= 0) 599 break;
597 { 600 }
598 BIO_printf(bio_err,"ERROR\n"); 601 if (i <= 0) {
602 BIO_printf(bio_err, "ERROR\n");
599 if (verify_error != X509_V_OK) 603 if (verify_error != X509_V_OK)
600 BIO_printf(bio_err,"verify error:%s\n", 604 BIO_printf(bio_err, "verify error:%s\n",
601 X509_verify_cert_error_string(verify_error)); 605 X509_verify_cert_error_string(verify_error));
602 else 606 else
603 ERR_print_errors(bio_err); 607 ERR_print_errors(bio_err);
604 if (scon == NULL) 608 if (scon == NULL)
605 SSL_free(serverCon); 609 SSL_free(serverCon);
606 return NULL; 610 return NULL;
607 }
608
609 return serverCon;
610 } 611 }
611 612 return serverCon;
612 613}
diff --git a/src/lib/libssl/src/apps/sess_id.c b/src/lib/libssl/src/apps/sess_id.c
index 5ad1bddedb..b9750ab356 100644
--- a/src/lib/libssl/src/apps/sess_id.c
+++ b/src/lib/libssl/src/apps/sess_id.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,248 +69,222 @@
69#undef PROG 69#undef PROG
70#define PROG sess_id_main 70#define PROG sess_id_main
71 71
72static const char *sess_id_usage[]={ 72static const char *sess_id_usage[] = {
73"usage: sess_id args\n", 73 "usage: sess_id args\n",
74"\n", 74 "\n",
75" -inform arg - input format - default PEM (DER or PEM)\n", 75 " -inform arg - input format - default PEM (DER or PEM)\n",
76" -outform arg - output format - default PEM\n", 76 " -outform arg - output format - default PEM\n",
77" -in arg - input file - default stdin\n", 77 " -in arg - input file - default stdin\n",
78" -out arg - output file - default stdout\n", 78 " -out arg - output file - default stdout\n",
79" -text - print ssl session id details\n", 79 " -text - print ssl session id details\n",
80" -cert - output certificate \n", 80 " -cert - output certificate \n",
81" -noout - no CRL output\n", 81 " -noout - no CRL output\n",
82" -context arg - set the session ID context\n", 82 " -context arg - set the session ID context\n",
83NULL 83 NULL
84}; 84};
85 85
86static SSL_SESSION *load_sess_id(char *file, int format); 86static SSL_SESSION *load_sess_id(char *file, int format);
87 87
88int MAIN(int, char **); 88int MAIN(int, char **);
89 89
90int MAIN(int argc, char **argv) 90int
91 { 91MAIN(int argc, char **argv)
92 SSL_SESSION *x=NULL; 92{
93 SSL_SESSION *x = NULL;
93 X509 *peer = NULL; 94 X509 *peer = NULL;
94 int ret=1,i,num,badops=0; 95 int ret = 1, i, num, badops = 0;
95 BIO *out=NULL; 96 BIO *out = NULL;
96 int informat,outformat; 97 int informat, outformat;
97 char *infile=NULL,*outfile=NULL,*context=NULL; 98 char *infile = NULL, *outfile = NULL, *context = NULL;
98 int cert=0,noout=0,text=0; 99 int cert = 0, noout = 0, text = 0;
99 const char **pp; 100 const char **pp;
100 101
101 apps_startup(); 102 apps_startup();
102 103
103 if (bio_err == NULL) 104 if (bio_err == NULL)
104 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 105 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
105 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 106 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
106 107
107 informat=FORMAT_PEM; 108 informat = FORMAT_PEM;
108 outformat=FORMAT_PEM; 109 outformat = FORMAT_PEM;
109 110
110 argc--; 111 argc--;
111 argv++; 112 argv++;
112 num=0; 113 num = 0;
113 while (argc >= 1) 114 while (argc >= 1) {
114 { 115 if (strcmp(*argv, "-inform") == 0) {
115 if (strcmp(*argv,"-inform") == 0) 116 if (--argc < 1)
116 { 117 goto bad;
117 if (--argc < 1) goto bad; 118 informat = str2fmt(*(++argv));
118 informat=str2fmt(*(++argv)); 119 } else if (strcmp(*argv, "-outform") == 0) {
119 } 120 if (--argc < 1)
120 else if (strcmp(*argv,"-outform") == 0) 121 goto bad;
121 { 122 outformat = str2fmt(*(++argv));
122 if (--argc < 1) goto bad; 123 } else if (strcmp(*argv, "-in") == 0) {
123 outformat=str2fmt(*(++argv)); 124 if (--argc < 1)
124 } 125 goto bad;
125 else if (strcmp(*argv,"-in") == 0) 126 infile = *(++argv);
126 { 127 } else if (strcmp(*argv, "-out") == 0) {
127 if (--argc < 1) goto bad; 128 if (--argc < 1)
128 infile= *(++argv); 129 goto bad;
129 } 130 outfile = *(++argv);
130 else if (strcmp(*argv,"-out") == 0) 131 } else if (strcmp(*argv, "-text") == 0)
131 { 132 text = ++num;
132 if (--argc < 1) goto bad; 133 else if (strcmp(*argv, "-cert") == 0)
133 outfile= *(++argv); 134 cert = ++num;
134 } 135 else if (strcmp(*argv, "-noout") == 0)
135 else if (strcmp(*argv,"-text") == 0) 136 noout = ++num;
136 text= ++num; 137 else if (strcmp(*argv, "-context") == 0) {
137 else if (strcmp(*argv,"-cert") == 0) 138 if (--argc < 1)
138 cert= ++num; 139 goto bad;
139 else if (strcmp(*argv,"-noout") == 0) 140 context = *++argv;
140 noout= ++num; 141 } else {
141 else if (strcmp(*argv,"-context") == 0) 142 BIO_printf(bio_err, "unknown option %s\n", *argv);
142 { 143 badops = 1;
143 if(--argc < 1) goto bad;
144 context=*++argv;
145 }
146 else
147 {
148 BIO_printf(bio_err,"unknown option %s\n",*argv);
149 badops=1;
150 break; 144 break;
151 } 145 }
152 argc--; 146 argc--;
153 argv++; 147 argv++;
154 } 148 }
155 149
156 if (badops) 150 if (badops) {
157 {
158bad: 151bad:
159 for (pp=sess_id_usage; (*pp != NULL); pp++) 152 for (pp = sess_id_usage; (*pp != NULL); pp++)
160 BIO_printf(bio_err,"%s",*pp); 153 BIO_printf(bio_err, "%s", *pp);
161 goto end; 154 goto end;
162 } 155 }
163
164 ERR_load_crypto_strings(); 156 ERR_load_crypto_strings();
165 x=load_sess_id(infile,informat); 157 x = load_sess_id(infile, informat);
166 if (x == NULL) { goto end; } 158 if (x == NULL) {
159 goto end;
160 }
167 peer = SSL_SESSION_get0_peer(x); 161 peer = SSL_SESSION_get0_peer(x);
168 162
169 if(context) 163 if (context) {
170 { 164 size_t ctx_len = strlen(context);
171 size_t ctx_len = strlen(context); 165 if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
172 if(ctx_len > SSL_MAX_SID_CTX_LENGTH) 166 BIO_printf(bio_err, "Context too long\n");
173 { 167 goto end;
174 BIO_printf(bio_err,"Context too long\n");
175 goto end;
176 } 168 }
177 SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len); 169 SSL_SESSION_set1_id_context(x, (unsigned char *) context, ctx_len);
178 } 170 }
179
180#ifdef undef 171#ifdef undef
181 /* just testing for memory leaks :-) */ 172 /* just testing for memory leaks :-) */
182 { 173 {
183 SSL_SESSION *s; 174 SSL_SESSION *s;
184 char buf[1024*10],*p; 175 char buf[1024 * 10], *p;
185 int i; 176 int i;
186 177
187 s=SSL_SESSION_new(); 178 s = SSL_SESSION_new();
188 179
189 p= &buf; 180 p = &buf;
190 i=i2d_SSL_SESSION(x,&p); 181 i = i2d_SSL_SESSION(x, &p);
191 p= &buf; 182 p = &buf;
192 d2i_SSL_SESSION(&s,&p,(long)i); 183 d2i_SSL_SESSION(&s, &p, (long) i);
193 p= &buf; 184 p = &buf;
194 d2i_SSL_SESSION(&s,&p,(long)i); 185 d2i_SSL_SESSION(&s, &p, (long) i);
195 p= &buf; 186 p = &buf;
196 d2i_SSL_SESSION(&s,&p,(long)i); 187 d2i_SSL_SESSION(&s, &p, (long) i);
197 SSL_SESSION_free(s); 188 SSL_SESSION_free(s);
198 } 189 }
199#endif 190#endif
200 191
201 if (!noout || text) 192 if (!noout || text) {
202 { 193 out = BIO_new(BIO_s_file());
203 out=BIO_new(BIO_s_file()); 194 if (out == NULL) {
204 if (out == NULL)
205 {
206 ERR_print_errors(bio_err); 195 ERR_print_errors(bio_err);
207 goto end; 196 goto end;
208 } 197 }
209 198 if (outfile == NULL) {
210 if (outfile == NULL) 199 BIO_set_fp(out, stdout, BIO_NOCLOSE);
211 { 200 } else {
212 BIO_set_fp(out,stdout,BIO_NOCLOSE); 201 if (BIO_write_filename(out, outfile) <= 0) {
213 }
214 else
215 {
216 if (BIO_write_filename(out,outfile) <= 0)
217 {
218 perror(outfile); 202 perror(outfile);
219 goto end; 203 goto end;
220 }
221 } 204 }
222 } 205 }
206 }
207 if (text) {
208 SSL_SESSION_print(out, x);
223 209
224 if (text) 210 if (cert) {
225 {
226 SSL_SESSION_print(out,x);
227
228 if (cert)
229 {
230 if (peer == NULL) 211 if (peer == NULL)
231 BIO_puts(out,"No certificate present\n"); 212 BIO_puts(out, "No certificate present\n");
232 else 213 else
233 X509_print(out,peer); 214 X509_print(out, peer);
234 }
235 } 215 }
236 216 }
237 if (!noout && !cert) 217 if (!noout && !cert) {
238 { 218 if (outformat == FORMAT_ASN1)
239 if (outformat == FORMAT_ASN1) 219 i = i2d_SSL_SESSION_bio(out, x);
240 i=i2d_SSL_SESSION_bio(out,x);
241 else if (outformat == FORMAT_PEM) 220 else if (outformat == FORMAT_PEM)
242 i=PEM_write_bio_SSL_SESSION(out,x); 221 i = PEM_write_bio_SSL_SESSION(out, x);
243 else { 222 else {
244 BIO_printf(bio_err,"bad output format specified for outfile\n"); 223 BIO_printf(bio_err, "bad output format specified for outfile\n");
245 goto end; 224 goto end;
246 } 225 }
247 if (!i) { 226 if (!i) {
248 BIO_printf(bio_err,"unable to write SSL_SESSION\n"); 227 BIO_printf(bio_err, "unable to write SSL_SESSION\n");
249 goto end; 228 goto end;
250 }
251 } 229 }
252 else if (!noout && (peer != NULL)) /* just print the certificate */ 230 } else if (!noout && (peer != NULL)) { /* just print the certificate */
253 { 231 if (outformat == FORMAT_ASN1)
254 if (outformat == FORMAT_ASN1) 232 i = (int) i2d_X509_bio(out, peer);
255 i=(int)i2d_X509_bio(out,peer);
256 else if (outformat == FORMAT_PEM) 233 else if (outformat == FORMAT_PEM)
257 i=PEM_write_bio_X509(out,peer); 234 i = PEM_write_bio_X509(out, peer);
258 else { 235 else {
259 BIO_printf(bio_err,"bad output format specified for outfile\n"); 236 BIO_printf(bio_err, "bad output format specified for outfile\n");
260 goto end; 237 goto end;
261 } 238 }
262 if (!i) { 239 if (!i) {
263 BIO_printf(bio_err,"unable to write X509\n"); 240 BIO_printf(bio_err, "unable to write X509\n");
264 goto end; 241 goto end;
265 }
266 } 242 }
267 ret=0; 243 }
244 ret = 0;
268end: 245end:
269 if (out != NULL) BIO_free_all(out); 246 if (out != NULL)
270 if (x != NULL) SSL_SESSION_free(x); 247 BIO_free_all(out);
248 if (x != NULL)
249 SSL_SESSION_free(x);
271 apps_shutdown(); 250 apps_shutdown();
272 return(ret); 251 return (ret);
273 } 252}
274 253
275static SSL_SESSION *load_sess_id(char *infile, int format) 254static SSL_SESSION *
276 { 255load_sess_id(char *infile, int format)
277 SSL_SESSION *x=NULL; 256{
278 BIO *in=NULL; 257 SSL_SESSION *x = NULL;
258 BIO *in = NULL;
279 259
280 in=BIO_new(BIO_s_file()); 260 in = BIO_new(BIO_s_file());
281 if (in == NULL) 261 if (in == NULL) {
282 {
283 ERR_print_errors(bio_err); 262 ERR_print_errors(bio_err);
284 goto end; 263 goto end;
285 } 264 }
286
287 if (infile == NULL) 265 if (infile == NULL)
288 BIO_set_fp(in,stdin,BIO_NOCLOSE); 266 BIO_set_fp(in, stdin, BIO_NOCLOSE);
289 else 267 else {
290 { 268 if (BIO_read_filename(in, infile) <= 0) {
291 if (BIO_read_filename(in,infile) <= 0)
292 {
293 perror(infile); 269 perror(infile);
294 goto end; 270 goto end;
295 }
296 } 271 }
297 if (format == FORMAT_ASN1) 272 }
298 x=d2i_SSL_SESSION_bio(in,NULL); 273 if (format == FORMAT_ASN1)
274 x = d2i_SSL_SESSION_bio(in, NULL);
299 else if (format == FORMAT_PEM) 275 else if (format == FORMAT_PEM)
300 x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL); 276 x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
301 else { 277 else {
302 BIO_printf(bio_err,"bad input format specified for input crl\n"); 278 BIO_printf(bio_err, "bad input format specified for input crl\n");
303 goto end; 279 goto end;
304 } 280 }
305 if (x == NULL) 281 if (x == NULL) {
306 { 282 BIO_printf(bio_err, "unable to load SSL_SESSION\n");
307 BIO_printf(bio_err,"unable to load SSL_SESSION\n");
308 ERR_print_errors(bio_err); 283 ERR_print_errors(bio_err);
309 goto end; 284 goto end;
310 }
311
312end:
313 if (in != NULL) BIO_free(in);
314 return(x);
315 } 285 }
316 286end:
287 if (in != NULL)
288 BIO_free(in);
289 return (x);
290}
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index c4b976fa00..9332ae9095 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,8 +69,8 @@
69 69
70#undef PROG 70#undef PROG
71#define PROG smime_main 71#define PROG smime_main
72static int save_certs(char *signerfile, STACK_OF(X509) *signers); 72static int save_certs(char *signerfile, STACK_OF(X509) * signers);
73static int smime_cb(int ok, X509_STORE_CTX *ctx); 73static int smime_cb(int ok, X509_STORE_CTX * ctx);
74 74
75#define SMIME_OP 0x10 75#define SMIME_OP 0x10
76#define SMIME_IP 0x20 76#define SMIME_IP 0x20
@@ -84,8 +84,9 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
84 84
85int MAIN(int, char **); 85int MAIN(int, char **);
86 86
87int MAIN(int argc, char **argv) 87int
88 { 88MAIN(int argc, char **argv)
89{
89 ENGINE *e = NULL; 90 ENGINE *e = NULL;
90 int operation = 0; 91 int operation = 0;
91 int ret = 0; 92 int ret = 0;
@@ -93,14 +94,14 @@ int MAIN(int argc, char **argv)
93 const char *inmode = "r", *outmode = "w"; 94 const char *inmode = "r", *outmode = "w";
94 char *infile = NULL, *outfile = NULL; 95 char *infile = NULL, *outfile = NULL;
95 char *signerfile = NULL, *recipfile = NULL; 96 char *signerfile = NULL, *recipfile = NULL;
96 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 97 STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
97 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; 98 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
98 const EVP_CIPHER *cipher = NULL; 99 const EVP_CIPHER *cipher = NULL;
99 PKCS7 *p7 = NULL; 100 PKCS7 *p7 = NULL;
100 X509_STORE *store = NULL; 101 X509_STORE *store = NULL;
101 X509 *cert = NULL, *recip = NULL, *signer = NULL; 102 X509 *cert = NULL, *recip = NULL, *signer = NULL;
102 EVP_PKEY *key = NULL; 103 EVP_PKEY *key = NULL;
103 STACK_OF(X509) *encerts = NULL, *other = NULL; 104 STACK_OF(X509) * encerts = NULL, *other = NULL;
104 BIO *in = NULL, *out = NULL, *indata = NULL; 105 BIO *in = NULL, *out = NULL, *indata = NULL;
105 int badarg = 0; 106 int badarg = 0;
106 int flags = PKCS7_DETACHED; 107 int flags = PKCS7_DETACHED;
@@ -112,9 +113,9 @@ int MAIN(int argc, char **argv)
112 int indef = 0; 113 int indef = 0;
113 const EVP_MD *sign_md = NULL; 114 const EVP_MD *sign_md = NULL;
114 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 115 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
115 int keyform = FORMAT_PEM; 116 int keyform = FORMAT_PEM;
116#ifndef OPENSSL_NO_ENGINE 117#ifndef OPENSSL_NO_ENGINE
117 char *engine=NULL; 118 char *engine = NULL;
118#endif 119#endif
119 120
120 X509_VERIFY_PARAM *vpm = NULL; 121 X509_VERIFY_PARAM *vpm = NULL;
@@ -124,141 +125,126 @@ int MAIN(int argc, char **argv)
124 125
125 apps_startup(); 126 apps_startup();
126 127
127 if (bio_err == NULL) 128 if (bio_err == NULL) {
128 {
129 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 129 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
130 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 130 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
131 } 131 }
132
133 if (!load_config(bio_err, NULL)) 132 if (!load_config(bio_err, NULL))
134 goto end; 133 goto end;
135 134
136 while (!badarg && *args && *args[0] == '-') 135 while (!badarg && *args && *args[0] == '-') {
137 { 136 if (!strcmp(*args, "-encrypt"))
138 if (!strcmp (*args, "-encrypt"))
139 operation = SMIME_ENCRYPT; 137 operation = SMIME_ENCRYPT;
140 else if (!strcmp (*args, "-decrypt")) 138 else if (!strcmp(*args, "-decrypt"))
141 operation = SMIME_DECRYPT; 139 operation = SMIME_DECRYPT;
142 else if (!strcmp (*args, "-sign")) 140 else if (!strcmp(*args, "-sign"))
143 operation = SMIME_SIGN; 141 operation = SMIME_SIGN;
144 else if (!strcmp (*args, "-resign")) 142 else if (!strcmp(*args, "-resign"))
145 operation = SMIME_RESIGN; 143 operation = SMIME_RESIGN;
146 else if (!strcmp (*args, "-verify")) 144 else if (!strcmp(*args, "-verify"))
147 operation = SMIME_VERIFY; 145 operation = SMIME_VERIFY;
148 else if (!strcmp (*args, "-pk7out")) 146 else if (!strcmp(*args, "-pk7out"))
149 operation = SMIME_PK7OUT; 147 operation = SMIME_PK7OUT;
150#ifndef OPENSSL_NO_DES 148#ifndef OPENSSL_NO_DES
151 else if (!strcmp (*args, "-des3")) 149 else if (!strcmp(*args, "-des3"))
152 cipher = EVP_des_ede3_cbc(); 150 cipher = EVP_des_ede3_cbc();
153 else if (!strcmp (*args, "-des")) 151 else if (!strcmp(*args, "-des"))
154 cipher = EVP_des_cbc(); 152 cipher = EVP_des_cbc();
155#endif 153#endif
156#ifndef OPENSSL_NO_SEED 154#ifndef OPENSSL_NO_SEED
157 else if (!strcmp (*args, "-seed")) 155 else if (!strcmp(*args, "-seed"))
158 cipher = EVP_seed_cbc(); 156 cipher = EVP_seed_cbc();
159#endif 157#endif
160#ifndef OPENSSL_NO_RC2 158#ifndef OPENSSL_NO_RC2
161 else if (!strcmp (*args, "-rc2-40")) 159 else if (!strcmp(*args, "-rc2-40"))
162 cipher = EVP_rc2_40_cbc(); 160 cipher = EVP_rc2_40_cbc();
163 else if (!strcmp (*args, "-rc2-128")) 161 else if (!strcmp(*args, "-rc2-128"))
164 cipher = EVP_rc2_cbc(); 162 cipher = EVP_rc2_cbc();
165 else if (!strcmp (*args, "-rc2-64")) 163 else if (!strcmp(*args, "-rc2-64"))
166 cipher = EVP_rc2_64_cbc(); 164 cipher = EVP_rc2_64_cbc();
167#endif 165#endif
168#ifndef OPENSSL_NO_AES 166#ifndef OPENSSL_NO_AES
169 else if (!strcmp(*args,"-aes128")) 167 else if (!strcmp(*args, "-aes128"))
170 cipher = EVP_aes_128_cbc(); 168 cipher = EVP_aes_128_cbc();
171 else if (!strcmp(*args,"-aes192")) 169 else if (!strcmp(*args, "-aes192"))
172 cipher = EVP_aes_192_cbc(); 170 cipher = EVP_aes_192_cbc();
173 else if (!strcmp(*args,"-aes256")) 171 else if (!strcmp(*args, "-aes256"))
174 cipher = EVP_aes_256_cbc(); 172 cipher = EVP_aes_256_cbc();
175#endif 173#endif
176#ifndef OPENSSL_NO_CAMELLIA 174#ifndef OPENSSL_NO_CAMELLIA
177 else if (!strcmp(*args,"-camellia128")) 175 else if (!strcmp(*args, "-camellia128"))
178 cipher = EVP_camellia_128_cbc(); 176 cipher = EVP_camellia_128_cbc();
179 else if (!strcmp(*args,"-camellia192")) 177 else if (!strcmp(*args, "-camellia192"))
180 cipher = EVP_camellia_192_cbc(); 178 cipher = EVP_camellia_192_cbc();
181 else if (!strcmp(*args,"-camellia256")) 179 else if (!strcmp(*args, "-camellia256"))
182 cipher = EVP_camellia_256_cbc(); 180 cipher = EVP_camellia_256_cbc();
183#endif 181#endif
184 else if (!strcmp (*args, "-text")) 182 else if (!strcmp(*args, "-text"))
185 flags |= PKCS7_TEXT; 183 flags |= PKCS7_TEXT;
186 else if (!strcmp (*args, "-nointern")) 184 else if (!strcmp(*args, "-nointern"))
187 flags |= PKCS7_NOINTERN; 185 flags |= PKCS7_NOINTERN;
188 else if (!strcmp (*args, "-noverify")) 186 else if (!strcmp(*args, "-noverify"))
189 flags |= PKCS7_NOVERIFY; 187 flags |= PKCS7_NOVERIFY;
190 else if (!strcmp (*args, "-nochain")) 188 else if (!strcmp(*args, "-nochain"))
191 flags |= PKCS7_NOCHAIN; 189 flags |= PKCS7_NOCHAIN;
192 else if (!strcmp (*args, "-nocerts")) 190 else if (!strcmp(*args, "-nocerts"))
193 flags |= PKCS7_NOCERTS; 191 flags |= PKCS7_NOCERTS;
194 else if (!strcmp (*args, "-noattr")) 192 else if (!strcmp(*args, "-noattr"))
195 flags |= PKCS7_NOATTR; 193 flags |= PKCS7_NOATTR;
196 else if (!strcmp (*args, "-nodetach")) 194 else if (!strcmp(*args, "-nodetach"))
197 flags &= ~PKCS7_DETACHED; 195 flags &= ~PKCS7_DETACHED;
198 else if (!strcmp (*args, "-nosmimecap")) 196 else if (!strcmp(*args, "-nosmimecap"))
199 flags |= PKCS7_NOSMIMECAP; 197 flags |= PKCS7_NOSMIMECAP;
200 else if (!strcmp (*args, "-binary")) 198 else if (!strcmp(*args, "-binary"))
201 flags |= PKCS7_BINARY; 199 flags |= PKCS7_BINARY;
202 else if (!strcmp (*args, "-nosigs")) 200 else if (!strcmp(*args, "-nosigs"))
203 flags |= PKCS7_NOSIGS; 201 flags |= PKCS7_NOSIGS;
204 else if (!strcmp (*args, "-stream")) 202 else if (!strcmp(*args, "-stream"))
205 indef = 1; 203 indef = 1;
206 else if (!strcmp (*args, "-indef")) 204 else if (!strcmp(*args, "-indef"))
207 indef = 1; 205 indef = 1;
208 else if (!strcmp (*args, "-noindef")) 206 else if (!strcmp(*args, "-noindef"))
209 indef = 0; 207 indef = 0;
210 else if (!strcmp (*args, "-nooldmime")) 208 else if (!strcmp(*args, "-nooldmime"))
211 flags |= PKCS7_NOOLDMIMETYPE; 209 flags |= PKCS7_NOOLDMIMETYPE;
212 else if (!strcmp (*args, "-crlfeol")) 210 else if (!strcmp(*args, "-crlfeol"))
213 flags |= PKCS7_CRLFEOL; 211 flags |= PKCS7_CRLFEOL;
214 else if (!strcmp(*args,"-rand")) 212 else if (!strcmp(*args, "-rand")) {
215 {
216 if (!args[1]) 213 if (!args[1])
217 goto argerr; 214 goto argerr;
218 args++; 215 args++;
219 inrand = *args; 216 inrand = *args;
220 need_rand = 1; 217 need_rand = 1;
221 } 218 }
222#ifndef OPENSSL_NO_ENGINE 219#ifndef OPENSSL_NO_ENGINE
223 else if (!strcmp(*args,"-engine")) 220 else if (!strcmp(*args, "-engine")) {
224 {
225 if (!args[1]) 221 if (!args[1])
226 goto argerr; 222 goto argerr;
227 engine = *++args; 223 engine = *++args;
228 } 224 }
229#endif 225#endif
230 else if (!strcmp(*args,"-passin")) 226 else if (!strcmp(*args, "-passin")) {
231 {
232 if (!args[1]) 227 if (!args[1])
233 goto argerr; 228 goto argerr;
234 passargin = *++args; 229 passargin = *++args;
235 } 230 } else if (!strcmp(*args, "-to")) {
236 else if (!strcmp (*args, "-to"))
237 {
238 if (!args[1]) 231 if (!args[1])
239 goto argerr; 232 goto argerr;
240 to = *++args; 233 to = *++args;
241 } 234 } else if (!strcmp(*args, "-from")) {
242 else if (!strcmp (*args, "-from"))
243 {
244 if (!args[1]) 235 if (!args[1])
245 goto argerr; 236 goto argerr;
246 from = *++args; 237 from = *++args;
247 } 238 } else if (!strcmp(*args, "-subject")) {
248 else if (!strcmp (*args, "-subject"))
249 {
250 if (!args[1]) 239 if (!args[1])
251 goto argerr; 240 goto argerr;
252 subject = *++args; 241 subject = *++args;
253 } 242 } else if (!strcmp(*args, "-signer")) {
254 else if (!strcmp (*args, "-signer"))
255 {
256 if (!args[1]) 243 if (!args[1])
257 goto argerr; 244 goto argerr;
258 /* If previous -signer argument add signer to list */ 245 /* If previous -signer argument add signer to list */
259 246
260 if (signerfile) 247 if (signerfile) {
261 {
262 if (!sksigners) 248 if (!sksigners)
263 sksigners = sk_OPENSSL_STRING_new_null(); 249 sksigners = sk_OPENSSL_STRING_new_null();
264 sk_OPENSSL_STRING_push(sksigners, signerfile); 250 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -268,39 +254,30 @@ int MAIN(int argc, char **argv)
268 skkeys = sk_OPENSSL_STRING_new_null(); 254 skkeys = sk_OPENSSL_STRING_new_null();
269 sk_OPENSSL_STRING_push(skkeys, keyfile); 255 sk_OPENSSL_STRING_push(skkeys, keyfile);
270 keyfile = NULL; 256 keyfile = NULL;
271 }
272 signerfile = *++args;
273 } 257 }
274 else if (!strcmp (*args, "-recip")) 258 signerfile = *++args;
275 { 259 } else if (!strcmp(*args, "-recip")) {
276 if (!args[1]) 260 if (!args[1])
277 goto argerr; 261 goto argerr;
278 recipfile = *++args; 262 recipfile = *++args;
279 } 263 } else if (!strcmp(*args, "-md")) {
280 else if (!strcmp (*args, "-md"))
281 {
282 if (!args[1]) 264 if (!args[1])
283 goto argerr; 265 goto argerr;
284 sign_md = EVP_get_digestbyname(*++args); 266 sign_md = EVP_get_digestbyname(*++args);
285 if (sign_md == NULL) 267 if (sign_md == NULL) {
286 {
287 BIO_printf(bio_err, "Unknown digest %s\n", 268 BIO_printf(bio_err, "Unknown digest %s\n",
288 *args); 269 *args);
289 goto argerr; 270 goto argerr;
290 }
291 } 271 }
292 else if (!strcmp (*args, "-inkey")) 272 } else if (!strcmp(*args, "-inkey")) {
293 { 273 if (!args[1])
294 if (!args[1])
295 goto argerr; 274 goto argerr;
296 /* If previous -inkey arument add signer to list */ 275 /* If previous -inkey arument add signer to list */
297 if (keyfile) 276 if (keyfile) {
298 { 277 if (!signerfile) {
299 if (!signerfile)
300 {
301 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 278 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
302 goto argerr; 279 goto argerr;
303 } 280 }
304 if (!sksigners) 281 if (!sksigners)
305 sksigners = sk_OPENSSL_STRING_new_null(); 282 sksigners = sk_OPENSSL_STRING_new_null();
306 sk_OPENSSL_STRING_push(sksigners, signerfile); 283 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -308,86 +285,62 @@ int MAIN(int argc, char **argv)
308 if (!skkeys) 285 if (!skkeys)
309 skkeys = sk_OPENSSL_STRING_new_null(); 286 skkeys = sk_OPENSSL_STRING_new_null();
310 sk_OPENSSL_STRING_push(skkeys, keyfile); 287 sk_OPENSSL_STRING_push(skkeys, keyfile);
311 }
312 keyfile = *++args;
313 } 288 }
314 else if (!strcmp (*args, "-keyform")) 289 keyfile = *++args;
315 { 290 } else if (!strcmp(*args, "-keyform")) {
316 if (!args[1]) 291 if (!args[1])
317 goto argerr; 292 goto argerr;
318 keyform = str2fmt(*++args); 293 keyform = str2fmt(*++args);
319 } 294 } else if (!strcmp(*args, "-certfile")) {
320 else if (!strcmp (*args, "-certfile"))
321 {
322 if (!args[1]) 295 if (!args[1])
323 goto argerr; 296 goto argerr;
324 certfile = *++args; 297 certfile = *++args;
325 } 298 } else if (!strcmp(*args, "-CAfile")) {
326 else if (!strcmp (*args, "-CAfile"))
327 {
328 if (!args[1]) 299 if (!args[1])
329 goto argerr; 300 goto argerr;
330 CAfile = *++args; 301 CAfile = *++args;
331 } 302 } else if (!strcmp(*args, "-CApath")) {
332 else if (!strcmp (*args, "-CApath"))
333 {
334 if (!args[1]) 303 if (!args[1])
335 goto argerr; 304 goto argerr;
336 CApath = *++args; 305 CApath = *++args;
337 } 306 } else if (!strcmp(*args, "-in")) {
338 else if (!strcmp (*args, "-in"))
339 {
340 if (!args[1]) 307 if (!args[1])
341 goto argerr; 308 goto argerr;
342 infile = *++args; 309 infile = *++args;
343 } 310 } else if (!strcmp(*args, "-inform")) {
344 else if (!strcmp (*args, "-inform"))
345 {
346 if (!args[1]) 311 if (!args[1])
347 goto argerr; 312 goto argerr;
348 informat = str2fmt(*++args); 313 informat = str2fmt(*++args);
349 } 314 } else if (!strcmp(*args, "-outform")) {
350 else if (!strcmp (*args, "-outform"))
351 {
352 if (!args[1]) 315 if (!args[1])
353 goto argerr; 316 goto argerr;
354 outformat = str2fmt(*++args); 317 outformat = str2fmt(*++args);
355 } 318 } else if (!strcmp(*args, "-out")) {
356 else if (!strcmp (*args, "-out"))
357 {
358 if (!args[1]) 319 if (!args[1])
359 goto argerr; 320 goto argerr;
360 outfile = *++args; 321 outfile = *++args;
361 } 322 } else if (!strcmp(*args, "-content")) {
362 else if (!strcmp (*args, "-content"))
363 {
364 if (!args[1]) 323 if (!args[1])
365 goto argerr; 324 goto argerr;
366 contfile = *++args; 325 contfile = *++args;
367 } 326 } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
368 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
369 continue; 327 continue;
370 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) 328 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
371 badarg = 1; 329 badarg = 1;
372 args++; 330 args++;
373 } 331 }
374 332
375 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) 333 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
376 {
377 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 334 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
378 goto argerr; 335 goto argerr;
379 } 336 }
380 337 if (operation & SMIME_SIGNERS) {
381 if (operation & SMIME_SIGNERS)
382 {
383 /* Check to see if any final signer needs to be appended */ 338 /* Check to see if any final signer needs to be appended */
384 if (keyfile && !signerfile) 339 if (keyfile && !signerfile) {
385 {
386 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 340 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
387 goto argerr; 341 goto argerr;
388 } 342 }
389 if (signerfile) 343 if (signerfile) {
390 {
391 if (!sksigners) 344 if (!sksigners)
392 sksigners = sk_OPENSSL_STRING_new_null(); 345 sksigners = sk_OPENSSL_STRING_new_null();
393 sk_OPENSSL_STRING_push(sksigners, signerfile); 346 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -396,406 +349,333 @@ int MAIN(int argc, char **argv)
396 if (!keyfile) 349 if (!keyfile)
397 keyfile = signerfile; 350 keyfile = signerfile;
398 sk_OPENSSL_STRING_push(skkeys, keyfile); 351 sk_OPENSSL_STRING_push(skkeys, keyfile);
399 } 352 }
400 if (!sksigners) 353 if (!sksigners) {
401 {
402 BIO_printf(bio_err, "No signer certificate specified\n"); 354 BIO_printf(bio_err, "No signer certificate specified\n");
403 badarg = 1; 355 badarg = 1;
404 } 356 }
405 signerfile = NULL; 357 signerfile = NULL;
406 keyfile = NULL; 358 keyfile = NULL;
407 need_rand = 1; 359 need_rand = 1;
408 } 360 } else if (operation == SMIME_DECRYPT) {
409 else if (operation == SMIME_DECRYPT) 361 if (!recipfile && !keyfile) {
410 {
411 if (!recipfile && !keyfile)
412 {
413 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 362 BIO_printf(bio_err, "No recipient certificate or key specified\n");
414 badarg = 1; 363 badarg = 1;
415 }
416 } 364 }
417 else if (operation == SMIME_ENCRYPT) 365 } else if (operation == SMIME_ENCRYPT) {
418 { 366 if (!*args) {
419 if (!*args)
420 {
421 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 367 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
422 badarg = 1; 368 badarg = 1;
423 }
424 need_rand = 1;
425 } 369 }
426 else if (!operation) 370 need_rand = 1;
371 } else if (!operation)
427 badarg = 1; 372 badarg = 1;
428 373
429 if (badarg) 374 if (badarg) {
430 { 375argerr:
431 argerr: 376 BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
432 BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); 377 BIO_printf(bio_err, "where options are\n");
433 BIO_printf (bio_err, "where options are\n"); 378 BIO_printf(bio_err, "-encrypt encrypt message\n");
434 BIO_printf (bio_err, "-encrypt encrypt message\n"); 379 BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
435 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); 380 BIO_printf(bio_err, "-sign sign message\n");
436 BIO_printf (bio_err, "-sign sign message\n"); 381 BIO_printf(bio_err, "-verify verify signed message\n");
437 BIO_printf (bio_err, "-verify verify signed message\n"); 382 BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n");
438 BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
439#ifndef OPENSSL_NO_DES 383#ifndef OPENSSL_NO_DES
440 BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); 384 BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
441 BIO_printf (bio_err, "-des encrypt with DES\n"); 385 BIO_printf(bio_err, "-des encrypt with DES\n");
442#endif 386#endif
443#ifndef OPENSSL_NO_SEED 387#ifndef OPENSSL_NO_SEED
444 BIO_printf (bio_err, "-seed encrypt with SEED\n"); 388 BIO_printf(bio_err, "-seed encrypt with SEED\n");
445#endif 389#endif
446#ifndef OPENSSL_NO_RC2 390#ifndef OPENSSL_NO_RC2
447 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); 391 BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
448 BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); 392 BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
449 BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); 393 BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
450#endif 394#endif
451#ifndef OPENSSL_NO_AES 395#ifndef OPENSSL_NO_AES
452 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 396 BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
453 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 397 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
454#endif 398#endif
455#ifndef OPENSSL_NO_CAMELLIA 399#ifndef OPENSSL_NO_CAMELLIA
456 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); 400 BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
457 BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); 401 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
458#endif 402#endif
459 BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); 403 BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
460 BIO_printf (bio_err, "-nosigs don't verify message signature\n"); 404 BIO_printf(bio_err, "-nosigs don't verify message signature\n");
461 BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); 405 BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
462 BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); 406 BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
463 BIO_printf (bio_err, "-nodetach use opaque signing\n"); 407 BIO_printf(bio_err, "-nodetach use opaque signing\n");
464 BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); 408 BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
465 BIO_printf (bio_err, "-binary don't translate message to text\n"); 409 BIO_printf(bio_err, "-binary don't translate message to text\n");
466 BIO_printf (bio_err, "-certfile file other certificates file\n"); 410 BIO_printf(bio_err, "-certfile file other certificates file\n");
467 BIO_printf (bio_err, "-signer file signer certificate file\n"); 411 BIO_printf(bio_err, "-signer file signer certificate file\n");
468 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 412 BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
469 BIO_printf (bio_err, "-in file input file\n"); 413 BIO_printf(bio_err, "-in file input file\n");
470 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 414 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
471 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 415 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
472 BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 416 BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
473 BIO_printf (bio_err, "-out file output file\n"); 417 BIO_printf(bio_err, "-out file output file\n");
474 BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 418 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
475 BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); 419 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
476 BIO_printf (bio_err, "-to addr to address\n"); 420 BIO_printf(bio_err, "-to addr to address\n");
477 BIO_printf (bio_err, "-from ad from address\n"); 421 BIO_printf(bio_err, "-from ad from address\n");
478 BIO_printf (bio_err, "-subject s subject\n"); 422 BIO_printf(bio_err, "-subject s subject\n");
479 BIO_printf (bio_err, "-text include or delete text MIME headers\n"); 423 BIO_printf(bio_err, "-text include or delete text MIME headers\n");
480 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 424 BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
481 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 425 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
482 BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 426 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
483 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 427 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
484#ifndef OPENSSL_NO_ENGINE 428#ifndef OPENSSL_NO_ENGINE
485 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 429 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
486#endif 430#endif
487 BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); 431 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
488 BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':'); 432 BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
489 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 433 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
490 BIO_printf(bio_err, " the random number generator\n"); 434 BIO_printf(bio_err, " the random number generator\n");
491 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 435 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
492 goto end; 436 goto end;
493 } 437 }
494
495#ifndef OPENSSL_NO_ENGINE 438#ifndef OPENSSL_NO_ENGINE
496 e = setup_engine(bio_err, engine, 0); 439 e = setup_engine(bio_err, engine, 0);
497#endif 440#endif
498 441
499 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 442 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
500 {
501 BIO_printf(bio_err, "Error getting password\n"); 443 BIO_printf(bio_err, "Error getting password\n");
502 goto end; 444 goto end;
503 } 445 }
504 446 if (need_rand) {
505 if (need_rand)
506 {
507 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 447 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
508 if (inrand != NULL) 448 if (inrand != NULL)
509 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 449 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
510 app_RAND_load_files(inrand)); 450 app_RAND_load_files(inrand));
511 } 451 }
512
513 ret = 2; 452 ret = 2;
514 453
515 if (!(operation & SMIME_SIGNERS)) 454 if (!(operation & SMIME_SIGNERS))
516 flags &= ~PKCS7_DETACHED; 455 flags &= ~PKCS7_DETACHED;
517 456
518 if (operation & SMIME_OP) 457 if (operation & SMIME_OP) {
519 {
520 if (outformat == FORMAT_ASN1) 458 if (outformat == FORMAT_ASN1)
521 outmode = "wb"; 459 outmode = "wb";
522 } 460 } else {
523 else
524 {
525 if (flags & PKCS7_BINARY) 461 if (flags & PKCS7_BINARY)
526 outmode = "wb"; 462 outmode = "wb";
527 } 463 }
528 464
529 if (operation & SMIME_IP) 465 if (operation & SMIME_IP) {
530 {
531 if (informat == FORMAT_ASN1) 466 if (informat == FORMAT_ASN1)
532 inmode = "rb"; 467 inmode = "rb";
533 } 468 } else {
534 else
535 {
536 if (flags & PKCS7_BINARY) 469 if (flags & PKCS7_BINARY)
537 inmode = "rb"; 470 inmode = "rb";
538 } 471 }
539 472
540 if (operation == SMIME_ENCRYPT) 473 if (operation == SMIME_ENCRYPT) {
541 { 474 if (!cipher) {
542 if (!cipher) 475#ifndef OPENSSL_NO_RC2
543 {
544#ifndef OPENSSL_NO_RC2
545 cipher = EVP_rc2_40_cbc(); 476 cipher = EVP_rc2_40_cbc();
546#else 477#else
547 BIO_printf(bio_err, "No cipher selected\n"); 478 BIO_printf(bio_err, "No cipher selected\n");
548 goto end; 479 goto end;
549#endif 480#endif
550 } 481 }
551 encerts = sk_X509_new_null(); 482 encerts = sk_X509_new_null();
552 while (*args) 483 while (*args) {
553 { 484 if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
554 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, 485 NULL, e, "recipient certificate file"))) {
555 NULL, e, "recipient certificate file")))
556 {
557#if 0 /* An appropriate message is already printed */ 486#if 0 /* An appropriate message is already printed */
558 BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); 487 BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
559#endif 488#endif
560 goto end; 489 goto end;
561 } 490 }
562 sk_X509_push(encerts, cert); 491 sk_X509_push(encerts, cert);
563 cert = NULL; 492 cert = NULL;
564 args++; 493 args++;
565 }
566 } 494 }
567 495 }
568 if (certfile) 496 if (certfile) {
569 { 497 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
570 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, 498 e, "certificate file"))) {
571 e, "certificate file")))
572 {
573 ERR_print_errors(bio_err); 499 ERR_print_errors(bio_err);
574 goto end; 500 goto end;
575 }
576 } 501 }
577 502 }
578 if (recipfile && (operation == SMIME_DECRYPT)) 503 if (recipfile && (operation == SMIME_DECRYPT)) {
579 { 504 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
580 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, 505 e, "recipient certificate file"))) {
581 e, "recipient certificate file")))
582 {
583 ERR_print_errors(bio_err); 506 ERR_print_errors(bio_err);
584 goto end; 507 goto end;
585 }
586 } 508 }
587 509 }
588 if (operation == SMIME_DECRYPT) 510 if (operation == SMIME_DECRYPT) {
589 {
590 if (!keyfile) 511 if (!keyfile)
591 keyfile = recipfile; 512 keyfile = recipfile;
592 } 513 } else if (operation == SMIME_SIGN) {
593 else if (operation == SMIME_SIGN)
594 {
595 if (!keyfile) 514 if (!keyfile)
596 keyfile = signerfile; 515 keyfile = signerfile;
597 } 516 } else
598 else keyfile = NULL; 517 keyfile = NULL;
599 518
600 if (keyfile) 519 if (keyfile) {
601 {
602 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 520 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
603 "signing key file"); 521 "signing key file");
604 if (!key) 522 if (!key)
605 goto end; 523 goto end;
606 } 524 }
607 525 if (infile) {
608 if (infile) 526 if (!(in = BIO_new_file(infile, inmode))) {
609 { 527 BIO_printf(bio_err,
610 if (!(in = BIO_new_file(infile, inmode))) 528 "Can't open input file %s\n", infile);
611 {
612 BIO_printf (bio_err,
613 "Can't open input file %s\n", infile);
614 goto end; 529 goto end;
615 }
616 } 530 }
617 else 531 } else
618 in = BIO_new_fp(stdin, BIO_NOCLOSE); 532 in = BIO_new_fp(stdin, BIO_NOCLOSE);
619 533
620 if (operation & SMIME_IP) 534 if (operation & SMIME_IP) {
621 { 535 if (informat == FORMAT_SMIME)
622 if (informat == FORMAT_SMIME)
623 p7 = SMIME_read_PKCS7(in, &indata); 536 p7 = SMIME_read_PKCS7(in, &indata);
624 else if (informat == FORMAT_PEM) 537 else if (informat == FORMAT_PEM)
625 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 538 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
626 else if (informat == FORMAT_ASN1) 539 else if (informat == FORMAT_ASN1)
627 p7 = d2i_PKCS7_bio(in, NULL); 540 p7 = d2i_PKCS7_bio(in, NULL);
628 else 541 else {
629 {
630 BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); 542 BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
631 goto end; 543 goto end;
632 } 544 }
633 545
634 if (!p7) 546 if (!p7) {
635 {
636 BIO_printf(bio_err, "Error reading S/MIME message\n"); 547 BIO_printf(bio_err, "Error reading S/MIME message\n");
637 goto end; 548 goto end;
638 } 549 }
639 if (contfile) 550 if (contfile) {
640 {
641 BIO_free(indata); 551 BIO_free(indata);
642 if (!(indata = BIO_new_file(contfile, "rb"))) 552 if (!(indata = BIO_new_file(contfile, "rb"))) {
643 {
644 BIO_printf(bio_err, "Can't read content file %s\n", contfile); 553 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
645 goto end; 554 goto end;
646 }
647 } 555 }
648 } 556 }
649 557 }
650 if (outfile) 558 if (outfile) {
651 { 559 if (!(out = BIO_new_file(outfile, outmode))) {
652 if (!(out = BIO_new_file(outfile, outmode))) 560 BIO_printf(bio_err,
653 { 561 "Can't open output file %s\n", outfile);
654 BIO_printf (bio_err,
655 "Can't open output file %s\n", outfile);
656 goto end; 562 goto end;
657 }
658 } 563 }
659 else 564 } else {
660 {
661 out = BIO_new_fp(stdout, BIO_NOCLOSE); 565 out = BIO_new_fp(stdout, BIO_NOCLOSE);
662 } 566 }
663 567
664 if (operation == SMIME_VERIFY) 568 if (operation == SMIME_VERIFY) {
665 {
666 if (!(store = setup_verify(bio_err, CAfile, CApath))) 569 if (!(store = setup_verify(bio_err, CAfile, CApath)))
667 goto end; 570 goto end;
668 X509_STORE_set_verify_cb(store, smime_cb); 571 X509_STORE_set_verify_cb(store, smime_cb);
669 if (vpm) 572 if (vpm)
670 X509_STORE_set1_param(store, vpm); 573 X509_STORE_set1_param(store, vpm);
671 } 574 }
672
673
674 ret = 3; 575 ret = 3;
675 576
676 if (operation == SMIME_ENCRYPT) 577 if (operation == SMIME_ENCRYPT) {
677 {
678 if (indef) 578 if (indef)
679 flags |= PKCS7_STREAM; 579 flags |= PKCS7_STREAM;
680 p7 = PKCS7_encrypt(encerts, in, cipher, flags); 580 p7 = PKCS7_encrypt(encerts, in, cipher, flags);
681 } 581 } else if (operation & SMIME_SIGNERS) {
682 else if (operation & SMIME_SIGNERS)
683 {
684 int i; 582 int i;
685 /* If detached data content we only enable streaming if 583 /*
584 * If detached data content we only enable streaming if
686 * S/MIME output format. 585 * S/MIME output format.
687 */ 586 */
688 if (operation == SMIME_SIGN) 587 if (operation == SMIME_SIGN) {
689 { 588 if (flags & PKCS7_DETACHED) {
690 if (flags & PKCS7_DETACHED)
691 {
692 if (outformat == FORMAT_SMIME) 589 if (outformat == FORMAT_SMIME)
693 flags |= PKCS7_STREAM; 590 flags |= PKCS7_STREAM;
694 } 591 } else if (indef)
695 else if (indef)
696 flags |= PKCS7_STREAM; 592 flags |= PKCS7_STREAM;
697 flags |= PKCS7_PARTIAL; 593 flags |= PKCS7_PARTIAL;
698 p7 = PKCS7_sign(NULL, NULL, other, in, flags); 594 p7 = PKCS7_sign(NULL, NULL, other, in, flags);
699 if (!p7) 595 if (!p7)
700 goto end; 596 goto end;
701 } 597 } else
702 else
703 flags |= PKCS7_REUSE_DIGEST; 598 flags |= PKCS7_REUSE_DIGEST;
704 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) 599 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
705 {
706 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 600 signerfile = sk_OPENSSL_STRING_value(sksigners, i);
707 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 601 keyfile = sk_OPENSSL_STRING_value(skkeys, i);
708 signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, 602 signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
709 e, "signer certificate"); 603 e, "signer certificate");
710 if (!signer) 604 if (!signer)
711 goto end; 605 goto end;
712 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 606 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
713 "signing key file"); 607 "signing key file");
714 if (!key) 608 if (!key)
715 goto end; 609 goto end;
716 if (!PKCS7_sign_add_signer(p7, signer, key, 610 if (!PKCS7_sign_add_signer(p7, signer, key,
717 sign_md, flags)) 611 sign_md, flags))
718 goto end; 612 goto end;
719 X509_free(signer); 613 X509_free(signer);
720 signer = NULL; 614 signer = NULL;
721 EVP_PKEY_free(key); 615 EVP_PKEY_free(key);
722 key = NULL; 616 key = NULL;
723 } 617 }
724 /* If not streaming or resigning finalize structure */ 618 /* If not streaming or resigning finalize structure */
725 if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) 619 if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
726 {
727 if (!PKCS7_final(p7, in, flags)) 620 if (!PKCS7_final(p7, in, flags))
728 goto end; 621 goto end;
729 }
730 } 622 }
731 623 }
732 if (!p7) 624 if (!p7) {
733 {
734 BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); 625 BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
735 goto end; 626 goto end;
736 } 627 }
737
738 ret = 4; 628 ret = 4;
739 if (operation == SMIME_DECRYPT) 629 if (operation == SMIME_DECRYPT) {
740 { 630 if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
741 if (!PKCS7_decrypt(p7, key, recip, out, flags))
742 {
743 BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); 631 BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
744 goto end; 632 goto end;
745 }
746 } 633 }
747 else if (operation == SMIME_VERIFY) 634 } else if (operation == SMIME_VERIFY) {
748 { 635 STACK_OF(X509) * signers;
749 STACK_OF(X509) *signers;
750 if (PKCS7_verify(p7, other, store, indata, out, flags)) 636 if (PKCS7_verify(p7, other, store, indata, out, flags))
751 BIO_printf(bio_err, "Verification successful\n"); 637 BIO_printf(bio_err, "Verification successful\n");
752 else 638 else {
753 {
754 BIO_printf(bio_err, "Verification failure\n"); 639 BIO_printf(bio_err, "Verification failure\n");
755 goto end; 640 goto end;
756 } 641 }
757 signers = PKCS7_get0_signers(p7, other, flags); 642 signers = PKCS7_get0_signers(p7, other, flags);
758 if (!save_certs(signerfile, signers)) 643 if (!save_certs(signerfile, signers)) {
759 {
760 BIO_printf(bio_err, "Error writing signers to %s\n", 644 BIO_printf(bio_err, "Error writing signers to %s\n",
761 signerfile); 645 signerfile);
762 ret = 5; 646 ret = 5;
763 goto end; 647 goto end;
764 }
765 sk_X509_free(signers);
766 } 648 }
767 else if (operation == SMIME_PK7OUT) 649 sk_X509_free(signers);
650 } else if (operation == SMIME_PK7OUT)
768 PEM_write_bio_PKCS7(out, p7); 651 PEM_write_bio_PKCS7(out, p7);
769 else 652 else {
770 {
771 if (to) 653 if (to)
772 BIO_printf(out, "To: %s\n", to); 654 BIO_printf(out, "To: %s\n", to);
773 if (from) 655 if (from)
774 BIO_printf(out, "From: %s\n", from); 656 BIO_printf(out, "From: %s\n", from);
775 if (subject) 657 if (subject)
776 BIO_printf(out, "Subject: %s\n", subject); 658 BIO_printf(out, "Subject: %s\n", subject);
777 if (outformat == FORMAT_SMIME) 659 if (outformat == FORMAT_SMIME) {
778 {
779 if (operation == SMIME_RESIGN) 660 if (operation == SMIME_RESIGN)
780 SMIME_write_PKCS7(out, p7, indata, flags); 661 SMIME_write_PKCS7(out, p7, indata, flags);
781 else 662 else
782 SMIME_write_PKCS7(out, p7, in, flags); 663 SMIME_write_PKCS7(out, p7, in, flags);
783 } 664 } else if (outformat == FORMAT_PEM)
784 else if (outformat == FORMAT_PEM)
785 PEM_write_bio_PKCS7_stream(out, p7, in, flags); 665 PEM_write_bio_PKCS7_stream(out, p7, in, flags);
786 else if (outformat == FORMAT_ASN1) 666 else if (outformat == FORMAT_ASN1)
787 i2d_PKCS7_bio_stream(out,p7, in, flags); 667 i2d_PKCS7_bio_stream(out, p7, in, flags);
788 else 668 else {
789 {
790 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); 669 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
791 goto end; 670 goto end;
792 }
793 } 671 }
672 }
794 ret = 0; 673 ret = 0;
795end: 674end:
796 if (need_rand) 675 if (need_rand)
797 app_RAND_write_file(NULL, bio_err); 676 app_RAND_write_file(NULL, bio_err);
798 if (ret) ERR_print_errors(bio_err); 677 if (ret)
678 ERR_print_errors(bio_err);
799 sk_X509_pop_free(encerts, X509_free); 679 sk_X509_pop_free(encerts, X509_free);
800 sk_X509_pop_free(other, X509_free); 680 sk_X509_pop_free(other, X509_free);
801 if (vpm) 681 if (vpm)
@@ -813,39 +693,43 @@ end:
813 BIO_free(in); 693 BIO_free(in);
814 BIO_free(indata); 694 BIO_free(indata);
815 BIO_free_all(out); 695 BIO_free_all(out);
816 if (passin) free(passin); 696 if (passin)
697 free(passin);
817 return (ret); 698 return (ret);
818} 699}
819 700
820static int save_certs(char *signerfile, STACK_OF(X509) *signers) 701static int
821 { 702save_certs(char *signerfile, STACK_OF(X509) * signers)
703{
822 int i; 704 int i;
823 BIO *tmp; 705 BIO *tmp;
824 if (!signerfile) 706 if (!signerfile)
825 return 1; 707 return 1;
826 tmp = BIO_new_file(signerfile, "w"); 708 tmp = BIO_new_file(signerfile, "w");
827 if (!tmp) return 0; 709 if (!tmp)
828 for(i = 0; i < sk_X509_num(signers); i++) 710 return 0;
711 for (i = 0; i < sk_X509_num(signers); i++)
829 PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 712 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
830 BIO_free(tmp); 713 BIO_free(tmp);
831 return 1; 714 return 1;
832 } 715}
833 716
834 717
835/* Minimal callback just to output policy info (if any) */ 718/* Minimal callback just to output policy info (if any) */
836 719
837static int smime_cb(int ok, X509_STORE_CTX *ctx) 720static int
838 { 721smime_cb(int ok, X509_STORE_CTX * ctx)
722{
839 int error; 723 int error;
840 724
841 error = X509_STORE_CTX_get_error(ctx); 725 error = X509_STORE_CTX_get_error(ctx);
842 726
843 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 727 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
844 && ((error != X509_V_OK) || (ok != 2))) 728 && ((error != X509_V_OK) || (ok != 2)))
845 return ok; 729 return ok;
846 730
847 policies_print(NULL, ctx); 731 policies_print(NULL, ctx);
848 732
849 return ok; 733 return ok;
850 734
851 } 735}
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 0806327c38..6b8610aa70 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -58,13 +58,13 @@
58/* ==================================================================== 58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * 60 *
61 * Portions of the attached software ("Contribution") are developed by 61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 * 63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source 64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above. 65 * license provided above.
66 * 66 *
67 * The ECDH and ECDSA speed test software is originally written by 67 * The ECDH and ECDSA speed test software is originally written by
68 * Sumit Gupta of Sun Microsystems Laboratories. 68 * Sumit Gupta of Sun Microsystems Laboratories.
69 * 69 *
70 */ 70 */
@@ -74,7 +74,7 @@
74#ifndef OPENSSL_NO_SPEED 74#ifndef OPENSSL_NO_SPEED
75 75
76#undef SECONDS 76#undef SECONDS
77#define SECONDS 3 77#define SECONDS 3
78#define RSA_SECONDS 10 78#define RSA_SECONDS 10
79#define DSA_SECONDS 10 79#define DSA_SECONDS 10
80#define ECDSA_SECONDS 10 80#define ECDSA_SECONDS 10
@@ -106,12 +106,14 @@
106 106
107#if defined(_WIN32) || defined(__CYGWIN__) 107#if defined(_WIN32) || defined(__CYGWIN__)
108#include <windows.h> 108#include <windows.h>
109# if defined(__CYGWIN__) && !defined(_WIN32) 109#if defined(__CYGWIN__) && !defined(_WIN32)
110 /* <windows.h> should define _WIN32, which normally is mutually 110 /*
111 * exclusive with __CYGWIN__, but if it didn't... */ 111 * <windows.h> should define _WIN32, which normally is mutually exclusive
112# define _WIN32 112 * with __CYGWIN__, but if it didn't...
113 /* this is done because Cygwin alarm() fails sometimes. */ 113 */
114# endif 114#define _WIN32
115 /* this is done because Cygwin alarm() fails sometimes. */
116#endif
115#endif 117#endif
116 118
117#include <openssl/bn.h> 119#include <openssl/bn.h>
@@ -189,7 +191,7 @@
189 191
190 192
191#ifndef HAVE_FORK 193#ifndef HAVE_FORK
192# define HAVE_FORK 1 194#define HAVE_FORK 1
193#endif 195#endif
194 196
195#if HAVE_FORK 197#if HAVE_FORK
@@ -200,16 +202,17 @@
200 202
201#undef BUFSIZE 203#undef BUFSIZE
202#define BUFSIZE ((long)1024*8+1) 204#define BUFSIZE ((long)1024*8+1)
203int run=0; 205int run = 0;
204 206
205static int mr=0; 207static int mr = 0;
206static int usertime=1; 208static int usertime = 1;
207 209
208static double Time_F(int s); 210static double Time_F(int s);
209static void print_message(const char *s,long num,int length); 211static void print_message(const char *s, long num, int length);
210static void pkey_print_message(const char *str, const char *str2, 212static void
211 long num, int bits, int sec); 213pkey_print_message(const char *str, const char *str2,
212static void print_result(int alg,int run_no,int count,double time_used); 214 long num, int bits, int sec);
215static void print_result(int alg, int run_no, int count, double time_used);
213#ifndef NO_FORK 216#ifndef NO_FORK
214static int do_multi(int multi); 217static int do_multi(int multi);
215#endif 218#endif
@@ -222,16 +225,16 @@ static int do_multi(int multi);
222#define EC_NUM 16 225#define EC_NUM 16
223#define MAX_ECDH_SIZE 256 226#define MAX_ECDH_SIZE 256
224 227
225static const char *names[ALGOR_NUM]={ 228static const char *names[ALGOR_NUM] = {
226 "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", 229 "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
227 "des cbc","des ede3","idea cbc","seed cbc", 230 "des cbc", "des ede3", "idea cbc", "seed cbc",
228 "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", 231 "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
229 "aes-128 cbc","aes-192 cbc","aes-256 cbc", 232 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
230 "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", 233 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
231 "evp","sha256","sha512","whirlpool", 234 "evp", "sha256", "sha512", "whirlpool",
232 "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; 235"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"};
233static double results[ALGOR_NUM][SIZE_NUM]; 236static double results[ALGOR_NUM][SIZE_NUM];
234static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; 237static int lengths[SIZE_NUM] = {16, 64, 256, 1024, 8 * 1024};
235#ifndef OPENSSL_NO_RSA 238#ifndef OPENSSL_NO_RSA
236static double rsa_results[RSA_NUM][2]; 239static double rsa_results[RSA_NUM][2];
237#endif 240#endif
@@ -255,33 +258,36 @@ static int rnd_fake = 0;
255#define SIGRETTYPE void 258#define SIGRETTYPE void
256#else 259#else
257#define SIGRETTYPE int 260#define SIGRETTYPE int
258#endif 261#endif
259 262
260static SIGRETTYPE sig_done(int sig); 263static SIGRETTYPE sig_done(int sig);
261static SIGRETTYPE sig_done(int sig) 264static SIGRETTYPE
262 { 265sig_done(int sig)
263 signal(SIGALRM,sig_done); 266{
264 run=0; 267 signal(SIGALRM, sig_done);
268 run = 0;
265#ifdef LINT 269#ifdef LINT
266 sig=sig; 270 sig = sig;
267#endif 271#endif
268 } 272}
269#endif 273#endif
270 274
271#define START 0 275#define START 0
272#define STOP 1 276#define STOP 1
273 277
274 278
275static double Time_F(int s) 279static double
276 { 280Time_F(int s)
277 return app_tminterval(s,usertime); 281{
278 } 282 return app_tminterval(s, usertime);
283}
279 284
280 285
281#ifndef OPENSSL_NO_ECDH 286#ifndef OPENSSL_NO_ECDH
282static const int KDF1_SHA1_len = 20; 287static const int KDF1_SHA1_len = 20;
283static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) 288static void *
284 { 289KDF1_SHA1(const void *in, size_t inlen, void *out, size_t * outlen)
290{
285#ifndef OPENSSL_NO_SHA 291#ifndef OPENSSL_NO_SHA
286 if (*outlen < SHA_DIGEST_LENGTH) 292 if (*outlen < SHA_DIGEST_LENGTH)
287 return NULL; 293 return NULL;
@@ -290,19 +296,20 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
290 return SHA1(in, inlen, out); 296 return SHA1(in, inlen, out);
291#else 297#else
292 return NULL; 298 return NULL;
293#endif /* OPENSSL_NO_SHA */ 299#endif /* OPENSSL_NO_SHA */
294 } 300}
295#endif /* OPENSSL_NO_ECDH */ 301#endif /* OPENSSL_NO_ECDH */
296 302
297 303
298int MAIN(int, char **); 304int MAIN(int, char **);
299 305
300int MAIN(int argc, char **argv) 306int
301 { 307MAIN(int argc, char **argv)
302 unsigned char *buf=NULL,*buf2=NULL; 308{
303 int mret=1; 309 unsigned char *buf = NULL, *buf2 = NULL;
304 long count=0,save_count=0; 310 int mret = 1;
305 int i,j,k; 311 long count = 0, save_count = 0;
312 int i, j, k;
306#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) 313#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
307 long rsa_count; 314 long rsa_count;
308#endif 315#endif
@@ -359,30 +366,30 @@ int MAIN(int argc, char **argv)
359#ifndef OPENSSL_NO_CAST 366#ifndef OPENSSL_NO_CAST
360 CAST_KEY cast_ks; 367 CAST_KEY cast_ks;
361#endif 368#endif
362 static const unsigned char key16[16]= 369 static const unsigned char key16[16] =
363 {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 370 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
364 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; 371 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
365#ifndef OPENSSL_NO_AES 372#ifndef OPENSSL_NO_AES
366 static const unsigned char key24[24]= 373 static const unsigned char key24[24] =
367 {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 374 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
368 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 375 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
369 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; 376 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
370 static const unsigned char key32[32]= 377 static const unsigned char key32[32] =
371 {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 378 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
372 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 379 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
373 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 380 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
374 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; 381 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
375#endif 382#endif
376#ifndef OPENSSL_NO_CAMELLIA 383#ifndef OPENSSL_NO_CAMELLIA
377 static const unsigned char ckey24[24]= 384 static const unsigned char ckey24[24] =
378 {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 385 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
379 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 386 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
380 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; 387 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
381 static const unsigned char ckey32[32]= 388 static const unsigned char ckey32[32] =
382 {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 389 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
383 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 390 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
384 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 391 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
385 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; 392 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
386#endif 393#endif
387#ifndef OPENSSL_NO_AES 394#ifndef OPENSSL_NO_AES
388#define MAX_BLOCK_SIZE 128 395#define MAX_BLOCK_SIZE 128
@@ -390,11 +397,11 @@ int MAIN(int argc, char **argv)
390#define MAX_BLOCK_SIZE 64 397#define MAX_BLOCK_SIZE 64
391#endif 398#endif
392 unsigned char DES_iv[8]; 399 unsigned char DES_iv[8];
393 unsigned char iv[2*MAX_BLOCK_SIZE/8]; 400 unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
394#ifndef OPENSSL_NO_DES 401#ifndef OPENSSL_NO_DES
395 static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; 402 static DES_cblock key = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
396 static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; 403 static DES_cblock key2 = {0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
397 static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; 404 static DES_cblock key3 = {0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
398 DES_key_schedule sch; 405 DES_key_schedule sch;
399 DES_key_schedule sch2; 406 DES_key_schedule sch2;
400 DES_key_schedule sch3; 407 DES_key_schedule sch3;
@@ -424,18 +431,18 @@ int MAIN(int argc, char **argv)
424#define D_CBC_128_AES 16 431#define D_CBC_128_AES 16
425#define D_CBC_192_AES 17 432#define D_CBC_192_AES 17
426#define D_CBC_256_AES 18 433#define D_CBC_256_AES 18
427#define D_CBC_128_CML 19 434#define D_CBC_128_CML 19
428#define D_CBC_192_CML 20 435#define D_CBC_192_CML 20
429#define D_CBC_256_CML 21 436#define D_CBC_256_CML 21
430#define D_EVP 22 437#define D_EVP 22
431#define D_SHA256 23 438#define D_SHA256 23
432#define D_SHA512 24 439#define D_SHA512 24
433#define D_WHIRLPOOL 25 440#define D_WHIRLPOOL 25
434#define D_IGE_128_AES 26 441#define D_IGE_128_AES 26
435#define D_IGE_192_AES 27 442#define D_IGE_192_AES 27
436#define D_IGE_256_AES 28 443#define D_IGE_256_AES 28
437#define D_GHASH 29 444#define D_GHASH 29
438 double d=0.0; 445 double d = 0.0;
439 long c[ALGOR_NUM][SIZE_NUM]; 446 long c[ALGOR_NUM][SIZE_NUM];
440#define R_DSA_512 0 447#define R_DSA_512 0
441#define R_DSA_1024 1 448#define R_DSA_1024 1
@@ -446,7 +453,7 @@ int MAIN(int argc, char **argv)
446#define R_RSA_4096 3 453#define R_RSA_4096 3
447 454
448#define R_EC_P160 0 455#define R_EC_P160 0
449#define R_EC_P192 1 456#define R_EC_P192 1
450#define R_EC_P224 2 457#define R_EC_P224 2
451#define R_EC_P256 3 458#define R_EC_P256 3
452#define R_EC_P384 4 459#define R_EC_P384 4
@@ -465,72 +472,73 @@ int MAIN(int argc, char **argv)
465#ifndef OPENSSL_NO_RSA 472#ifndef OPENSSL_NO_RSA
466 RSA *rsa_key[RSA_NUM]; 473 RSA *rsa_key[RSA_NUM];
467 long rsa_c[RSA_NUM][2]; 474 long rsa_c[RSA_NUM][2];
468 static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096}; 475 static unsigned int rsa_bits[RSA_NUM] = {512, 1024, 2048, 4096};
469 static unsigned char *rsa_data[RSA_NUM]= 476 static unsigned char *rsa_data[RSA_NUM] =
470 {test512,test1024,test2048,test4096}; 477 {test512, test1024, test2048, test4096};
471 static int rsa_data_length[RSA_NUM]={ 478 static int rsa_data_length[RSA_NUM] = {
472 sizeof(test512),sizeof(test1024), 479 sizeof(test512), sizeof(test1024),
473 sizeof(test2048),sizeof(test4096)}; 480 sizeof(test2048), sizeof(test4096)};
474#endif 481#endif
475#ifndef OPENSSL_NO_DSA 482#ifndef OPENSSL_NO_DSA
476 DSA *dsa_key[DSA_NUM]; 483 DSA *dsa_key[DSA_NUM];
477 long dsa_c[DSA_NUM][2]; 484 long dsa_c[DSA_NUM][2];
478 static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; 485 static unsigned int dsa_bits[DSA_NUM] = {512, 1024, 2048};
479#endif 486#endif
480#ifndef OPENSSL_NO_EC 487#ifndef OPENSSL_NO_EC
481 /* We only test over the following curves as they are representative, 488 /*
482 * To add tests over more curves, simply add the curve NID 489 * We only test over the following curves as they are representative,
483 * and curve name to the following arrays and increase the 490 * To add tests over more curves, simply add the curve NID and curve
484 * EC_NUM value accordingly. 491 * name to the following arrays and increase the EC_NUM value
492 * accordingly.
485 */ 493 */
486 static unsigned int test_curves[EC_NUM] = 494 static unsigned int test_curves[EC_NUM] =
487 { 495 {
488 /* Prime Curves */ 496 /* Prime Curves */
489 NID_secp160r1, 497 NID_secp160r1,
490 NID_X9_62_prime192v1, 498 NID_X9_62_prime192v1,
491 NID_secp224r1, 499 NID_secp224r1,
492 NID_X9_62_prime256v1, 500 NID_X9_62_prime256v1,
493 NID_secp384r1, 501 NID_secp384r1,
494 NID_secp521r1, 502 NID_secp521r1,
495 /* Binary Curves */ 503 /* Binary Curves */
496 NID_sect163k1, 504 NID_sect163k1,
497 NID_sect233k1, 505 NID_sect233k1,
498 NID_sect283k1, 506 NID_sect283k1,
499 NID_sect409k1, 507 NID_sect409k1,
500 NID_sect571k1, 508 NID_sect571k1,
501 NID_sect163r2, 509 NID_sect163r2,
502 NID_sect233r1, 510 NID_sect233r1,
503 NID_sect283r1, 511 NID_sect283r1,
504 NID_sect409r1, 512 NID_sect409r1,
505 NID_sect571r1 513 NID_sect571r1
506 }; 514 };
507 static const char * test_curves_names[EC_NUM] = 515 static const char *test_curves_names[EC_NUM] =
508 { 516 {
509 /* Prime Curves */ 517 /* Prime Curves */
510 "secp160r1", 518 "secp160r1",
511 "nistp192", 519 "nistp192",
512 "nistp224", 520 "nistp224",
513 "nistp256", 521 "nistp256",
514 "nistp384", 522 "nistp384",
515 "nistp521", 523 "nistp521",
516 /* Binary Curves */ 524 /* Binary Curves */
517 "nistk163", 525 "nistk163",
518 "nistk233", 526 "nistk233",
519 "nistk283", 527 "nistk283",
520 "nistk409", 528 "nistk409",
521 "nistk571", 529 "nistk571",
522 "nistb163", 530 "nistb163",
523 "nistb233", 531 "nistb233",
524 "nistb283", 532 "nistb283",
525 "nistb409", 533 "nistb409",
526 "nistb571" 534 "nistb571"
527 }; 535 };
528 static int test_curves_bits[EC_NUM] = 536 static int test_curves_bits[EC_NUM] =
529 { 537 {
530 160, 192, 224, 256, 384, 521, 538 160, 192, 224, 256, 384, 521,
531 163, 233, 283, 409, 571, 539 163, 233, 283, 409, 571,
532 163, 233, 283, 409, 571 540 163, 233, 283, 409, 571
533 }; 541 };
534 542
535#endif 543#endif
536 544
@@ -556,1947 +564,1831 @@ int MAIN(int argc, char **argv)
556 int ecdsa_doit[EC_NUM]; 564 int ecdsa_doit[EC_NUM];
557#endif 565#endif
558#ifndef OPENSSL_NO_ECDH 566#ifndef OPENSSL_NO_ECDH
559 int ecdh_doit[EC_NUM]; 567 int ecdh_doit[EC_NUM];
560#endif 568#endif
561 int doit[ALGOR_NUM]; 569 int doit[ALGOR_NUM];
562 int pr_header=0; 570 int pr_header = 0;
563 const EVP_CIPHER *evp_cipher=NULL; 571 const EVP_CIPHER *evp_cipher = NULL;
564 const EVP_MD *evp_md=NULL; 572 const EVP_MD *evp_md = NULL;
565 int decrypt=0; 573 int decrypt = 0;
566#ifndef NO_FORK 574#ifndef NO_FORK
567 int multi=0; 575 int multi = 0;
568#endif 576#endif
569 577
570#ifndef TIMES 578#ifndef TIMES
571 usertime=-1; 579 usertime = -1;
572#endif 580#endif
573 581
574 apps_startup(); 582 apps_startup();
575 memset(results, 0, sizeof(results)); 583 memset(results, 0, sizeof(results));
576#ifndef OPENSSL_NO_DSA 584#ifndef OPENSSL_NO_DSA
577 memset(dsa_key,0,sizeof(dsa_key)); 585 memset(dsa_key, 0, sizeof(dsa_key));
578#endif 586#endif
579#ifndef OPENSSL_NO_ECDSA 587#ifndef OPENSSL_NO_ECDSA
580 for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL; 588 for (i = 0; i < EC_NUM; i++)
589 ecdsa[i] = NULL;
581#endif 590#endif
582#ifndef OPENSSL_NO_ECDH 591#ifndef OPENSSL_NO_ECDH
583 for (i=0; i<EC_NUM; i++) 592 for (i = 0; i < EC_NUM; i++) {
584 {
585 ecdh_a[i] = NULL; 593 ecdh_a[i] = NULL;
586 ecdh_b[i] = NULL; 594 ecdh_b[i] = NULL;
587 } 595 }
588#endif 596#endif
589 597
590 598
591 if (bio_err == NULL) 599 if (bio_err == NULL)
592 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 600 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
593 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 601 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
594 602
595 if (!load_config(bio_err, NULL)) 603 if (!load_config(bio_err, NULL))
596 goto end; 604 goto end;
597 605
598#ifndef OPENSSL_NO_RSA 606#ifndef OPENSSL_NO_RSA
599 memset(rsa_key,0,sizeof(rsa_key)); 607 memset(rsa_key, 0, sizeof(rsa_key));
600 for (i=0; i<RSA_NUM; i++) 608 for (i = 0; i < RSA_NUM; i++)
601 rsa_key[i]=NULL; 609 rsa_key[i] = NULL;
602#endif 610#endif
603 611
604 if ((buf=(unsigned char *)malloc((int)BUFSIZE)) == NULL) 612 if ((buf = (unsigned char *) malloc((int) BUFSIZE)) == NULL) {
605 { 613 BIO_printf(bio_err, "out of memory\n");
606 BIO_printf(bio_err,"out of memory\n");
607 goto end; 614 goto end;
608 } 615 }
609 if ((buf2=(unsigned char *)malloc((int)BUFSIZE)) == NULL) 616 if ((buf2 = (unsigned char *) malloc((int) BUFSIZE)) == NULL) {
610 { 617 BIO_printf(bio_err, "out of memory\n");
611 BIO_printf(bio_err,"out of memory\n");
612 goto end; 618 goto end;
613 } 619 }
614 620 memset(c, 0, sizeof(c));
615 memset(c,0,sizeof(c)); 621 memset(DES_iv, 0, sizeof(DES_iv));
616 memset(DES_iv,0,sizeof(DES_iv)); 622 memset(iv, 0, sizeof(iv));
617 memset(iv,0,sizeof(iv)); 623
618 624 for (i = 0; i < ALGOR_NUM; i++)
619 for (i=0; i<ALGOR_NUM; i++) 625 doit[i] = 0;
620 doit[i]=0; 626 for (i = 0; i < RSA_NUM; i++)
621 for (i=0; i<RSA_NUM; i++) 627 rsa_doit[i] = 0;
622 rsa_doit[i]=0; 628 for (i = 0; i < DSA_NUM; i++)
623 for (i=0; i<DSA_NUM; i++) 629 dsa_doit[i] = 0;
624 dsa_doit[i]=0;
625#ifndef OPENSSL_NO_ECDSA 630#ifndef OPENSSL_NO_ECDSA
626 for (i=0; i<EC_NUM; i++) 631 for (i = 0; i < EC_NUM; i++)
627 ecdsa_doit[i]=0; 632 ecdsa_doit[i] = 0;
628#endif 633#endif
629#ifndef OPENSSL_NO_ECDH 634#ifndef OPENSSL_NO_ECDH
630 for (i=0; i<EC_NUM; i++) 635 for (i = 0; i < EC_NUM; i++)
631 ecdh_doit[i]=0; 636 ecdh_doit[i] = 0;
632#endif 637#endif
633 638
634 639
635 j=0; 640 j = 0;
636 argc--; 641 argc--;
637 argv++; 642 argv++;
638 while (argc) 643 while (argc) {
639 { 644 if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
640 if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
641 {
642 usertime = 0; 645 usertime = 0;
643 j--; /* Otherwise, -elapsed gets confused with 646 j--; /* Otherwise, -elapsed gets confused with an
644 an algorithm. */ 647 * algorithm. */
645 } 648 } else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
646 else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
647 {
648 argc--; 649 argc--;
649 argv++; 650 argv++;
650 if(argc == 0) 651 if (argc == 0) {
651 { 652 BIO_printf(bio_err, "no EVP given\n");
652 BIO_printf(bio_err,"no EVP given\n");
653 goto end;
654 }
655 evp_cipher=EVP_get_cipherbyname(*argv);
656 if(!evp_cipher)
657 {
658 evp_md=EVP_get_digestbyname(*argv);
659 }
660 if(!evp_cipher && !evp_md)
661 {
662 BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
663 goto end; 653 goto end;
664 }
665 doit[D_EVP]=1;
666 } 654 }
667 else if (argc > 0 && !strcmp(*argv,"-decrypt")) 655 evp_cipher = EVP_get_cipherbyname(*argv);
668 { 656 if (!evp_cipher) {
669 decrypt=1; 657 evp_md = EVP_get_digestbyname(*argv);
670 j--; /* Otherwise, -elapsed gets confused with 658 }
671 an algorithm. */ 659 if (!evp_cipher && !evp_md) {
660 BIO_printf(bio_err, "%s is an unknown cipher or digest\n", *argv);
661 goto end;
672 } 662 }
663 doit[D_EVP] = 1;
664 } else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
665 decrypt = 1;
666 j--; /* Otherwise, -elapsed gets confused with an
667 * algorithm. */
668 }
673#ifndef OPENSSL_NO_ENGINE 669#ifndef OPENSSL_NO_ENGINE
674 else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) 670 else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
675 {
676 argc--; 671 argc--;
677 argv++; 672 argv++;
678 if(argc == 0) 673 if (argc == 0) {
679 { 674 BIO_printf(bio_err, "no engine given\n");
680 BIO_printf(bio_err,"no engine given\n");
681 goto end; 675 goto end;
682 }
683 setup_engine(bio_err, *argv, 0);
684 /* j will be increased again further down. We just
685 don't want speed to confuse an engine with an
686 algorithm, especially when none is given (which
687 means all of them should be run) */
688 j--;
689 } 676 }
677 setup_engine(bio_err, *argv, 0);
678 /*
679 * j will be increased again further down. We just
680 * don't want speed to confuse an engine with an
681 * algorithm, especially when none is given (which
682 * means all of them should be run)
683 */
684 j--;
685 }
690#endif 686#endif
691#ifndef NO_FORK 687#ifndef NO_FORK
692 else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) 688 else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
693 {
694 argc--; 689 argc--;
695 argv++; 690 argv++;
696 if(argc == 0) 691 if (argc == 0) {
697 { 692 BIO_printf(bio_err, "no multi count given\n");
698 BIO_printf(bio_err,"no multi count given\n");
699 goto end; 693 goto end;
700 } 694 }
701 multi=atoi(argv[0]); 695 multi = atoi(argv[0]);
702 if(multi <= 0) 696 if (multi <= 0) {
703 { 697 BIO_printf(bio_err, "bad multi count\n");
704 BIO_printf(bio_err,"bad multi count\n");
705 goto end; 698 goto end;
706 }
707 j--; /* Otherwise, -mr gets confused with
708 an algorithm. */
709 } 699 }
700 j--; /* Otherwise, -mr gets confused with an
701 * algorithm. */
702 }
710#endif 703#endif
711 else if (argc > 0 && !strcmp(*argv,"-mr")) 704 else if (argc > 0 && !strcmp(*argv, "-mr")) {
712 { 705 mr = 1;
713 mr=1; 706 j--; /* Otherwise, -mr gets confused with an
714 j--; /* Otherwise, -mr gets confused with 707 * algorithm. */
715 an algorithm. */ 708 } else
716 }
717 else
718#ifndef OPENSSL_NO_MD2 709#ifndef OPENSSL_NO_MD2
719 if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1; 710 if (strcmp(*argv, "md2") == 0)
711 doit[D_MD2] = 1;
720 else 712 else
721#endif 713#endif
722#ifndef OPENSSL_NO_MDC2 714#ifndef OPENSSL_NO_MDC2
723 if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1; 715 if (strcmp(*argv, "mdc2") == 0)
716 doit[D_MDC2] = 1;
724 else 717 else
725#endif 718#endif
726#ifndef OPENSSL_NO_MD4 719#ifndef OPENSSL_NO_MD4
727 if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1; 720 if (strcmp(*argv, "md4") == 0)
721 doit[D_MD4] = 1;
728 else 722 else
729#endif 723#endif
730#ifndef OPENSSL_NO_MD5 724#ifndef OPENSSL_NO_MD5
731 if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1; 725 if (strcmp(*argv, "md5") == 0)
726 doit[D_MD5] = 1;
732 else 727 else
733#endif 728#endif
734#ifndef OPENSSL_NO_MD5 729#ifndef OPENSSL_NO_MD5
735 if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1; 730 if (strcmp(*argv, "hmac") == 0)
731 doit[D_HMAC] = 1;
736 else 732 else
737#endif 733#endif
738#ifndef OPENSSL_NO_SHA 734#ifndef OPENSSL_NO_SHA
739 if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; 735 if (strcmp(*argv, "sha1") == 0)
740 else 736 doit[D_SHA1] = 1;
741 if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1, 737 else if (strcmp(*argv, "sha") == 0)
742 doit[D_SHA256]=1, 738 doit[D_SHA1] = 1,
743 doit[D_SHA512]=1; 739 doit[D_SHA256] = 1,
740 doit[D_SHA512] = 1;
744 else 741 else
745#ifndef OPENSSL_NO_SHA256 742#ifndef OPENSSL_NO_SHA256
746 if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; 743 if (strcmp(*argv, "sha256") == 0)
744 doit[D_SHA256] = 1;
747 else 745 else
748#endif 746#endif
749#ifndef OPENSSL_NO_SHA512 747#ifndef OPENSSL_NO_SHA512
750 if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1; 748 if (strcmp(*argv, "sha512") == 0)
749 doit[D_SHA512] = 1;
751 else 750 else
752#endif 751#endif
753#endif 752#endif
754#ifndef OPENSSL_NO_WHIRLPOOL 753#ifndef OPENSSL_NO_WHIRLPOOL
755 if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1; 754 if (strcmp(*argv, "whirlpool") == 0)
755 doit[D_WHIRLPOOL] = 1;
756 else 756 else
757#endif 757#endif
758#ifndef OPENSSL_NO_RIPEMD 758#ifndef OPENSSL_NO_RIPEMD
759 if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; 759 if (strcmp(*argv, "ripemd") == 0)
760 else 760 doit[D_RMD160] = 1;
761 if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1; 761 else if (strcmp(*argv, "rmd160") == 0)
762 else 762 doit[D_RMD160] = 1;
763 if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1; 763 else if (strcmp(*argv, "ripemd160") == 0)
764 doit[D_RMD160] = 1;
764 else 765 else
765#endif 766#endif
766#ifndef OPENSSL_NO_RC4 767#ifndef OPENSSL_NO_RC4
767 if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1; 768 if (strcmp(*argv, "rc4") == 0)
768 else 769 doit[D_RC4] = 1;
770 else
769#endif 771#endif
770#ifndef OPENSSL_NO_DES 772#ifndef OPENSSL_NO_DES
771 if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1; 773 if (strcmp(*argv, "des-cbc") == 0)
772 else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1; 774 doit[D_CBC_DES] = 1;
775 else if (strcmp(*argv, "des-ede3") == 0)
776 doit[D_EDE3_DES] = 1;
773 else 777 else
774#endif 778#endif
775#ifndef OPENSSL_NO_AES 779#ifndef OPENSSL_NO_AES
776 if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; 780 if (strcmp(*argv, "aes-128-cbc") == 0)
777 else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; 781 doit[D_CBC_128_AES] = 1;
778 else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; 782 else if (strcmp(*argv, "aes-192-cbc") == 0)
779 else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1; 783 doit[D_CBC_192_AES] = 1;
780 else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1; 784 else if (strcmp(*argv, "aes-256-cbc") == 0)
781 else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1; 785 doit[D_CBC_256_AES] = 1;
782 else 786 else if (strcmp(*argv, "aes-128-ige") == 0)
787 doit[D_IGE_128_AES] = 1;
788 else if (strcmp(*argv, "aes-192-ige") == 0)
789 doit[D_IGE_192_AES] = 1;
790 else if (strcmp(*argv, "aes-256-ige") == 0)
791 doit[D_IGE_256_AES] = 1;
792 else
783#endif 793#endif
784#ifndef OPENSSL_NO_CAMELLIA 794#ifndef OPENSSL_NO_CAMELLIA
785 if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; 795 if (strcmp(*argv, "camellia-128-cbc") == 0)
786 else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1; 796 doit[D_CBC_128_CML] = 1;
787 else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1; 797 else if (strcmp(*argv, "camellia-192-cbc") == 0)
798 doit[D_CBC_192_CML] = 1;
799 else if (strcmp(*argv, "camellia-256-cbc") == 0)
800 doit[D_CBC_256_CML] = 1;
788 else 801 else
789#endif 802#endif
790#ifndef OPENSSL_NO_RSA 803#ifndef OPENSSL_NO_RSA
791#if 0 /* was: #ifdef RSAref */ 804#if 0 /* was: #ifdef RSAref */
792 if (strcmp(*argv,"rsaref") == 0) 805 if (strcmp(*argv, "rsaref") == 0) {
793 {
794 RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); 806 RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
795 j--; 807 j--;
796 } 808 } else
797 else
798#endif 809#endif
799#ifndef RSA_NULL 810#ifndef RSA_NULL
800 if (strcmp(*argv,"openssl") == 0) 811 if (strcmp(*argv, "openssl") == 0) {
801 {
802 RSA_set_default_method(RSA_PKCS1_SSLeay()); 812 RSA_set_default_method(RSA_PKCS1_SSLeay());
803 j--; 813 j--;
804 } 814 } else
805 else 815#endif
806#endif 816#endif /* !OPENSSL_NO_RSA */
807#endif /* !OPENSSL_NO_RSA */ 817 if (strcmp(*argv, "dsa512") == 0)
808 if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2; 818 dsa_doit[R_DSA_512] = 2;
809 else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2; 819 else if (strcmp(*argv, "dsa1024") == 0)
810 else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2; 820 dsa_doit[R_DSA_1024] = 2;
811 else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2; 821 else if (strcmp(*argv, "dsa2048") == 0)
812 else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2; 822 dsa_doit[R_DSA_2048] = 2;
813 else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2; 823 else if (strcmp(*argv, "rsa512") == 0)
814 else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2; 824 rsa_doit[R_RSA_512] = 2;
825 else if (strcmp(*argv, "rsa1024") == 0)
826 rsa_doit[R_RSA_1024] = 2;
827 else if (strcmp(*argv, "rsa2048") == 0)
828 rsa_doit[R_RSA_2048] = 2;
829 else if (strcmp(*argv, "rsa4096") == 0)
830 rsa_doit[R_RSA_4096] = 2;
815 else 831 else
816#ifndef OPENSSL_NO_RC2 832#ifndef OPENSSL_NO_RC2
817 if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1; 833 if (strcmp(*argv, "rc2-cbc") == 0)
818 else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1; 834 doit[D_CBC_RC2] = 1;
835 else if (strcmp(*argv, "rc2") == 0)
836 doit[D_CBC_RC2] = 1;
819 else 837 else
820#endif 838#endif
821#ifndef OPENSSL_NO_RC5 839#ifndef OPENSSL_NO_RC5
822 if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1; 840 if (strcmp(*argv, "rc5-cbc") == 0)
823 else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1; 841 doit[D_CBC_RC5] = 1;
842 else if (strcmp(*argv, "rc5") == 0)
843 doit[D_CBC_RC5] = 1;
824 else 844 else
825#endif 845#endif
826#ifndef OPENSSL_NO_IDEA 846#ifndef OPENSSL_NO_IDEA
827 if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1; 847 if (strcmp(*argv, "idea-cbc") == 0)
828 else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; 848 doit[D_CBC_IDEA] = 1;
849 else if (strcmp(*argv, "idea") == 0)
850 doit[D_CBC_IDEA] = 1;
829 else 851 else
830#endif 852#endif
831#ifndef OPENSSL_NO_SEED 853#ifndef OPENSSL_NO_SEED
832 if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1; 854 if (strcmp(*argv, "seed-cbc") == 0)
833 else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1; 855 doit[D_CBC_SEED] = 1;
856 else if (strcmp(*argv, "seed") == 0)
857 doit[D_CBC_SEED] = 1;
834 else 858 else
835#endif 859#endif
836#ifndef OPENSSL_NO_BF 860#ifndef OPENSSL_NO_BF
837 if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; 861 if (strcmp(*argv, "bf-cbc") == 0)
838 else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; 862 doit[D_CBC_BF] = 1;
839 else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1; 863 else if (strcmp(*argv, "blowfish") == 0)
864 doit[D_CBC_BF] = 1;
865 else if (strcmp(*argv, "bf") == 0)
866 doit[D_CBC_BF] = 1;
840 else 867 else
841#endif 868#endif
842#ifndef OPENSSL_NO_CAST 869#ifndef OPENSSL_NO_CAST
843 if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1; 870 if (strcmp(*argv, "cast-cbc") == 0)
844 else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1; 871 doit[D_CBC_CAST] = 1;
845 else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1; 872 else if (strcmp(*argv, "cast") == 0)
873 doit[D_CBC_CAST] = 1;
874 else if (strcmp(*argv, "cast5") == 0)
875 doit[D_CBC_CAST] = 1;
846 else 876 else
847#endif 877#endif
848#ifndef OPENSSL_NO_DES 878#ifndef OPENSSL_NO_DES
849 if (strcmp(*argv,"des") == 0) 879 if (strcmp(*argv, "des") == 0) {
850 { 880 doit[D_CBC_DES] = 1;
851 doit[D_CBC_DES]=1; 881 doit[D_EDE3_DES] = 1;
852 doit[D_EDE3_DES]=1; 882 } else
853 }
854 else
855#endif 883#endif
856#ifndef OPENSSL_NO_AES 884#ifndef OPENSSL_NO_AES
857 if (strcmp(*argv,"aes") == 0) 885 if (strcmp(*argv, "aes") == 0) {
858 { 886 doit[D_CBC_128_AES] = 1;
859 doit[D_CBC_128_AES]=1; 887 doit[D_CBC_192_AES] = 1;
860 doit[D_CBC_192_AES]=1; 888 doit[D_CBC_256_AES] = 1;
861 doit[D_CBC_256_AES]=1; 889 } else if (strcmp(*argv, "ghash") == 0) {
862 } 890 doit[D_GHASH] = 1;
863 else if (strcmp(*argv,"ghash") == 0) 891 } else
864 {
865 doit[D_GHASH]=1;
866 }
867 else
868#endif 892#endif
869#ifndef OPENSSL_NO_CAMELLIA 893#ifndef OPENSSL_NO_CAMELLIA
870 if (strcmp(*argv,"camellia") == 0) 894 if (strcmp(*argv, "camellia") == 0) {
871 { 895 doit[D_CBC_128_CML] = 1;
872 doit[D_CBC_128_CML]=1; 896 doit[D_CBC_192_CML] = 1;
873 doit[D_CBC_192_CML]=1; 897 doit[D_CBC_256_CML] = 1;
874 doit[D_CBC_256_CML]=1; 898 } else
875 }
876 else
877#endif 899#endif
878#ifndef OPENSSL_NO_RSA 900#ifndef OPENSSL_NO_RSA
879 if (strcmp(*argv,"rsa") == 0) 901 if (strcmp(*argv, "rsa") == 0) {
880 { 902 rsa_doit[R_RSA_512] = 1;
881 rsa_doit[R_RSA_512]=1; 903 rsa_doit[R_RSA_1024] = 1;
882 rsa_doit[R_RSA_1024]=1; 904 rsa_doit[R_RSA_2048] = 1;
883 rsa_doit[R_RSA_2048]=1; 905 rsa_doit[R_RSA_4096] = 1;
884 rsa_doit[R_RSA_4096]=1; 906 } else
885 }
886 else
887#endif 907#endif
888#ifndef OPENSSL_NO_DSA 908#ifndef OPENSSL_NO_DSA
889 if (strcmp(*argv,"dsa") == 0) 909 if (strcmp(*argv, "dsa") == 0) {
890 { 910 dsa_doit[R_DSA_512] = 1;
891 dsa_doit[R_DSA_512]=1; 911 dsa_doit[R_DSA_1024] = 1;
892 dsa_doit[R_DSA_1024]=1; 912 dsa_doit[R_DSA_2048] = 1;
893 dsa_doit[R_DSA_2048]=1; 913 } else
894 }
895 else
896#endif 914#endif
897#ifndef OPENSSL_NO_ECDSA 915#ifndef OPENSSL_NO_ECDSA
898 if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2; 916 if (strcmp(*argv, "ecdsap160") == 0)
899 else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2; 917 ecdsa_doit[R_EC_P160] = 2;
900 else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2; 918 else if (strcmp(*argv, "ecdsap192") == 0)
901 else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; 919 ecdsa_doit[R_EC_P192] = 2;
902 else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2; 920 else if (strcmp(*argv, "ecdsap224") == 0)
903 else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2; 921 ecdsa_doit[R_EC_P224] = 2;
904 else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2; 922 else if (strcmp(*argv, "ecdsap256") == 0)
905 else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2; 923 ecdsa_doit[R_EC_P256] = 2;
906 else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2; 924 else if (strcmp(*argv, "ecdsap384") == 0)
907 else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2; 925 ecdsa_doit[R_EC_P384] = 2;
908 else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2; 926 else if (strcmp(*argv, "ecdsap521") == 0)
909 else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2; 927 ecdsa_doit[R_EC_P521] = 2;
910 else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2; 928 else if (strcmp(*argv, "ecdsak163") == 0)
911 else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2; 929 ecdsa_doit[R_EC_K163] = 2;
912 else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2; 930 else if (strcmp(*argv, "ecdsak233") == 0)
913 else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2; 931 ecdsa_doit[R_EC_K233] = 2;
914 else if (strcmp(*argv,"ecdsa") == 0) 932 else if (strcmp(*argv, "ecdsak283") == 0)
915 { 933 ecdsa_doit[R_EC_K283] = 2;
916 for (i=0; i < EC_NUM; i++) 934 else if (strcmp(*argv, "ecdsak409") == 0)
917 ecdsa_doit[i]=1; 935 ecdsa_doit[R_EC_K409] = 2;
918 } 936 else if (strcmp(*argv, "ecdsak571") == 0)
919 else 937 ecdsa_doit[R_EC_K571] = 2;
938 else if (strcmp(*argv, "ecdsab163") == 0)
939 ecdsa_doit[R_EC_B163] = 2;
940 else if (strcmp(*argv, "ecdsab233") == 0)
941 ecdsa_doit[R_EC_B233] = 2;
942 else if (strcmp(*argv, "ecdsab283") == 0)
943 ecdsa_doit[R_EC_B283] = 2;
944 else if (strcmp(*argv, "ecdsab409") == 0)
945 ecdsa_doit[R_EC_B409] = 2;
946 else if (strcmp(*argv, "ecdsab571") == 0)
947 ecdsa_doit[R_EC_B571] = 2;
948 else if (strcmp(*argv, "ecdsa") == 0) {
949 for (i = 0; i < EC_NUM; i++)
950 ecdsa_doit[i] = 1;
951 } else
920#endif 952#endif
921#ifndef OPENSSL_NO_ECDH 953#ifndef OPENSSL_NO_ECDH
922 if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; 954 if (strcmp(*argv, "ecdhp160") == 0)
923 else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2; 955 ecdh_doit[R_EC_P160] = 2;
924 else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2; 956 else if (strcmp(*argv, "ecdhp192") == 0)
925 else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; 957 ecdh_doit[R_EC_P192] = 2;
926 else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2; 958 else if (strcmp(*argv, "ecdhp224") == 0)
927 else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2; 959 ecdh_doit[R_EC_P224] = 2;
928 else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2; 960 else if (strcmp(*argv, "ecdhp256") == 0)
929 else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2; 961 ecdh_doit[R_EC_P256] = 2;
930 else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2; 962 else if (strcmp(*argv, "ecdhp384") == 0)
931 else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2; 963 ecdh_doit[R_EC_P384] = 2;
932 else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2; 964 else if (strcmp(*argv, "ecdhp521") == 0)
933 else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2; 965 ecdh_doit[R_EC_P521] = 2;
934 else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2; 966 else if (strcmp(*argv, "ecdhk163") == 0)
935 else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2; 967 ecdh_doit[R_EC_K163] = 2;
936 else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2; 968 else if (strcmp(*argv, "ecdhk233") == 0)
937 else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2; 969 ecdh_doit[R_EC_K233] = 2;
938 else if (strcmp(*argv,"ecdh") == 0) 970 else if (strcmp(*argv, "ecdhk283") == 0)
939 { 971 ecdh_doit[R_EC_K283] = 2;
940 for (i=0; i < EC_NUM; i++) 972 else if (strcmp(*argv, "ecdhk409") == 0)
941 ecdh_doit[i]=1; 973 ecdh_doit[R_EC_K409] = 2;
942 } 974 else if (strcmp(*argv, "ecdhk571") == 0)
943 else 975 ecdh_doit[R_EC_K571] = 2;
976 else if (strcmp(*argv, "ecdhb163") == 0)
977 ecdh_doit[R_EC_B163] = 2;
978 else if (strcmp(*argv, "ecdhb233") == 0)
979 ecdh_doit[R_EC_B233] = 2;
980 else if (strcmp(*argv, "ecdhb283") == 0)
981 ecdh_doit[R_EC_B283] = 2;
982 else if (strcmp(*argv, "ecdhb409") == 0)
983 ecdh_doit[R_EC_B409] = 2;
984 else if (strcmp(*argv, "ecdhb571") == 0)
985 ecdh_doit[R_EC_B571] = 2;
986 else if (strcmp(*argv, "ecdh") == 0) {
987 for (i = 0; i < EC_NUM; i++)
988 ecdh_doit[i] = 1;
989 } else
944#endif 990#endif
945 { 991 {
946 BIO_printf(bio_err,"Error: bad option or value\n"); 992 BIO_printf(bio_err, "Error: bad option or value\n");
947 BIO_printf(bio_err,"\n"); 993 BIO_printf(bio_err, "\n");
948 BIO_printf(bio_err,"Available values:\n"); 994 BIO_printf(bio_err, "Available values:\n");
949#ifndef OPENSSL_NO_MD2 995#ifndef OPENSSL_NO_MD2
950 BIO_printf(bio_err,"md2 "); 996 BIO_printf(bio_err, "md2 ");
951#endif 997#endif
952#ifndef OPENSSL_NO_MDC2 998#ifndef OPENSSL_NO_MDC2
953 BIO_printf(bio_err,"mdc2 "); 999 BIO_printf(bio_err, "mdc2 ");
954#endif 1000#endif
955#ifndef OPENSSL_NO_MD4 1001#ifndef OPENSSL_NO_MD4
956 BIO_printf(bio_err,"md4 "); 1002 BIO_printf(bio_err, "md4 ");
957#endif 1003#endif
958#ifndef OPENSSL_NO_MD5 1004#ifndef OPENSSL_NO_MD5
959 BIO_printf(bio_err,"md5 "); 1005 BIO_printf(bio_err, "md5 ");
960#ifndef OPENSSL_NO_HMAC 1006#ifndef OPENSSL_NO_HMAC
961 BIO_printf(bio_err,"hmac "); 1007 BIO_printf(bio_err, "hmac ");
962#endif 1008#endif
963#endif 1009#endif
964#ifndef OPENSSL_NO_SHA1 1010#ifndef OPENSSL_NO_SHA1
965 BIO_printf(bio_err,"sha1 "); 1011 BIO_printf(bio_err, "sha1 ");
966#endif 1012#endif
967#ifndef OPENSSL_NO_SHA256 1013#ifndef OPENSSL_NO_SHA256
968 BIO_printf(bio_err,"sha256 "); 1014 BIO_printf(bio_err, "sha256 ");
969#endif 1015#endif
970#ifndef OPENSSL_NO_SHA512 1016#ifndef OPENSSL_NO_SHA512
971 BIO_printf(bio_err,"sha512 "); 1017 BIO_printf(bio_err, "sha512 ");
972#endif 1018#endif
973#ifndef OPENSSL_NO_WHIRLPOOL 1019#ifndef OPENSSL_NO_WHIRLPOOL
974 BIO_printf(bio_err,"whirlpool"); 1020 BIO_printf(bio_err, "whirlpool");
975#endif 1021#endif
976#ifndef OPENSSL_NO_RIPEMD160 1022#ifndef OPENSSL_NO_RIPEMD160
977 BIO_printf(bio_err,"rmd160"); 1023 BIO_printf(bio_err, "rmd160");
978#endif 1024#endif
979#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ 1025#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
980 !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ 1026 !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
981 !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \ 1027 !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
982 !defined(OPENSSL_NO_WHIRLPOOL) 1028 !defined(OPENSSL_NO_WHIRLPOOL)
983 BIO_printf(bio_err,"\n"); 1029 BIO_printf(bio_err, "\n");
984#endif 1030#endif
985 1031
986#ifndef OPENSSL_NO_IDEA 1032#ifndef OPENSSL_NO_IDEA
987 BIO_printf(bio_err,"idea-cbc "); 1033 BIO_printf(bio_err, "idea-cbc ");
988#endif 1034#endif
989#ifndef OPENSSL_NO_SEED 1035#ifndef OPENSSL_NO_SEED
990 BIO_printf(bio_err,"seed-cbc "); 1036 BIO_printf(bio_err, "seed-cbc ");
991#endif 1037#endif
992#ifndef OPENSSL_NO_RC2 1038#ifndef OPENSSL_NO_RC2
993 BIO_printf(bio_err,"rc2-cbc "); 1039 BIO_printf(bio_err, "rc2-cbc ");
994#endif 1040#endif
995#ifndef OPENSSL_NO_RC5 1041#ifndef OPENSSL_NO_RC5
996 BIO_printf(bio_err,"rc5-cbc "); 1042 BIO_printf(bio_err, "rc5-cbc ");
997#endif 1043#endif
998#ifndef OPENSSL_NO_BF 1044#ifndef OPENSSL_NO_BF
999 BIO_printf(bio_err,"bf-cbc"); 1045 BIO_printf(bio_err, "bf-cbc");
1000#endif 1046#endif
1001#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \ 1047#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
1002 !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) 1048 !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
1003 BIO_printf(bio_err,"\n"); 1049 BIO_printf(bio_err, "\n");
1004#endif 1050#endif
1005#ifndef OPENSSL_NO_DES 1051#ifndef OPENSSL_NO_DES
1006 BIO_printf(bio_err,"des-cbc des-ede3 "); 1052 BIO_printf(bio_err, "des-cbc des-ede3 ");
1007#endif 1053#endif
1008#ifndef OPENSSL_NO_AES 1054#ifndef OPENSSL_NO_AES
1009 BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); 1055 BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
1010 BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige "); 1056 BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
1011#endif 1057#endif
1012#ifndef OPENSSL_NO_CAMELLIA 1058#ifndef OPENSSL_NO_CAMELLIA
1013 BIO_printf(bio_err,"\n"); 1059 BIO_printf(bio_err, "\n");
1014 BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc "); 1060 BIO_printf(bio_err, "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
1015#endif 1061#endif
1016#ifndef OPENSSL_NO_RC4 1062#ifndef OPENSSL_NO_RC4
1017 BIO_printf(bio_err,"rc4"); 1063 BIO_printf(bio_err, "rc4");
1018#endif 1064#endif
1019 BIO_printf(bio_err,"\n"); 1065 BIO_printf(bio_err, "\n");
1020 1066
1021#ifndef OPENSSL_NO_RSA 1067#ifndef OPENSSL_NO_RSA
1022 BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n"); 1068 BIO_printf(bio_err, "rsa512 rsa1024 rsa2048 rsa4096\n");
1023#endif 1069#endif
1024 1070
1025#ifndef OPENSSL_NO_DSA 1071#ifndef OPENSSL_NO_DSA
1026 BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); 1072 BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
1027#endif 1073#endif
1028#ifndef OPENSSL_NO_ECDSA 1074#ifndef OPENSSL_NO_ECDSA
1029 BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); 1075 BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
1030 BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); 1076 BIO_printf(bio_err, "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
1031 BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); 1077 BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
1032 BIO_printf(bio_err,"ecdsa\n"); 1078 BIO_printf(bio_err, "ecdsa\n");
1033#endif 1079#endif
1034#ifndef OPENSSL_NO_ECDH 1080#ifndef OPENSSL_NO_ECDH
1035 BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); 1081 BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
1036 BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); 1082 BIO_printf(bio_err, "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
1037 BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); 1083 BIO_printf(bio_err, "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
1038 BIO_printf(bio_err,"ecdh\n"); 1084 BIO_printf(bio_err, "ecdh\n");
1039#endif 1085#endif
1040 1086
1041#ifndef OPENSSL_NO_IDEA 1087#ifndef OPENSSL_NO_IDEA
1042 BIO_printf(bio_err,"idea "); 1088 BIO_printf(bio_err, "idea ");
1043#endif 1089#endif
1044#ifndef OPENSSL_NO_SEED 1090#ifndef OPENSSL_NO_SEED
1045 BIO_printf(bio_err,"seed "); 1091 BIO_printf(bio_err, "seed ");
1046#endif 1092#endif
1047#ifndef OPENSSL_NO_RC2 1093#ifndef OPENSSL_NO_RC2
1048 BIO_printf(bio_err,"rc2 "); 1094 BIO_printf(bio_err, "rc2 ");
1049#endif 1095#endif
1050#ifndef OPENSSL_NO_DES 1096#ifndef OPENSSL_NO_DES
1051 BIO_printf(bio_err,"des "); 1097 BIO_printf(bio_err, "des ");
1052#endif 1098#endif
1053#ifndef OPENSSL_NO_AES 1099#ifndef OPENSSL_NO_AES
1054 BIO_printf(bio_err,"aes "); 1100 BIO_printf(bio_err, "aes ");
1055#endif 1101#endif
1056#ifndef OPENSSL_NO_CAMELLIA 1102#ifndef OPENSSL_NO_CAMELLIA
1057 BIO_printf(bio_err,"camellia "); 1103 BIO_printf(bio_err, "camellia ");
1058#endif 1104#endif
1059#ifndef OPENSSL_NO_RSA 1105#ifndef OPENSSL_NO_RSA
1060 BIO_printf(bio_err,"rsa "); 1106 BIO_printf(bio_err, "rsa ");
1061#endif 1107#endif
1062#ifndef OPENSSL_NO_BF 1108#ifndef OPENSSL_NO_BF
1063 BIO_printf(bio_err,"blowfish"); 1109 BIO_printf(bio_err, "blowfish");
1064#endif 1110#endif
1065#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \ 1111#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
1066 !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \ 1112 !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
1067 !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \ 1113 !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
1068 !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA) 1114 !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
1069 BIO_printf(bio_err,"\n"); 1115 BIO_printf(bio_err, "\n");
1070#endif 1116#endif
1071 1117
1072 BIO_printf(bio_err,"\n"); 1118 BIO_printf(bio_err, "\n");
1073 BIO_printf(bio_err,"Available options:\n"); 1119 BIO_printf(bio_err, "Available options:\n");
1074#if defined(TIMES) || defined(USE_TOD) 1120#if defined(TIMES) || defined(USE_TOD)
1075 BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); 1121 BIO_printf(bio_err, "-elapsed measure time in real time instead of CPU user time.\n");
1076#endif 1122#endif
1077#ifndef OPENSSL_NO_ENGINE 1123#ifndef OPENSSL_NO_ENGINE
1078 BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); 1124 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
1079#endif 1125#endif
1080 BIO_printf(bio_err,"-evp e use EVP e.\n"); 1126 BIO_printf(bio_err, "-evp e use EVP e.\n");
1081 BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); 1127 BIO_printf(bio_err, "-decrypt time decryption instead of encryption (only EVP).\n");
1082 BIO_printf(bio_err,"-mr produce machine readable output.\n"); 1128 BIO_printf(bio_err, "-mr produce machine readable output.\n");
1083#ifndef NO_FORK 1129#ifndef NO_FORK
1084 BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n"); 1130 BIO_printf(bio_err, "-multi n run n benchmarks in parallel.\n");
1085#endif 1131#endif
1086 goto end; 1132 goto end;
1087 } 1133 }
1088 argc--; 1134 argc--;
1089 argv++; 1135 argv++;
1090 j++; 1136 j++;
1091 } 1137 }
1092 1138
1093#ifndef NO_FORK 1139#ifndef NO_FORK
1094 if(multi && do_multi(multi)) 1140 if (multi && do_multi(multi))
1095 goto show_res; 1141 goto show_res;
1096#endif 1142#endif
1097 1143
1098 if (j == 0) 1144 if (j == 0) {
1099 { 1145 for (i = 0; i < ALGOR_NUM; i++) {
1100 for (i=0; i<ALGOR_NUM; i++)
1101 {
1102 if (i != D_EVP) 1146 if (i != D_EVP)
1103 doit[i]=1; 1147 doit[i] = 1;
1104 } 1148 }
1105 for (i=0; i<RSA_NUM; i++) 1149 for (i = 0; i < RSA_NUM; i++)
1106 rsa_doit[i]=1; 1150 rsa_doit[i] = 1;
1107 for (i=0; i<DSA_NUM; i++) 1151 for (i = 0; i < DSA_NUM; i++)
1108 dsa_doit[i]=1; 1152 dsa_doit[i] = 1;
1109#ifndef OPENSSL_NO_ECDSA 1153#ifndef OPENSSL_NO_ECDSA
1110 for (i=0; i<EC_NUM; i++) 1154 for (i = 0; i < EC_NUM; i++)
1111 ecdsa_doit[i]=1; 1155 ecdsa_doit[i] = 1;
1112#endif 1156#endif
1113#ifndef OPENSSL_NO_ECDH 1157#ifndef OPENSSL_NO_ECDH
1114 for (i=0; i<EC_NUM; i++) 1158 for (i = 0; i < EC_NUM; i++)
1115 ecdh_doit[i]=1; 1159 ecdh_doit[i] = 1;
1116#endif 1160#endif
1117 } 1161 }
1118 for (i=0; i<ALGOR_NUM; i++) 1162 for (i = 0; i < ALGOR_NUM; i++)
1119 if (doit[i]) pr_header++; 1163 if (doit[i])
1164 pr_header++;
1120 1165
1121 if (usertime == 0 && !mr) 1166 if (usertime == 0 && !mr)
1122 BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n"); 1167 BIO_printf(bio_err, "You have chosen to measure elapsed time instead of user CPU time.\n");
1123 1168
1124#ifndef OPENSSL_NO_RSA 1169#ifndef OPENSSL_NO_RSA
1125 for (i=0; i<RSA_NUM; i++) 1170 for (i = 0; i < RSA_NUM; i++) {
1126 {
1127 const unsigned char *p; 1171 const unsigned char *p;
1128 1172
1129 p=rsa_data[i]; 1173 p = rsa_data[i];
1130 rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]); 1174 rsa_key[i] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[i]);
1131 if (rsa_key[i] == NULL) 1175 if (rsa_key[i] == NULL) {
1132 { 1176 BIO_printf(bio_err, "internal error loading RSA key number %d\n", i);
1133 BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
1134 goto end; 1177 goto end;
1135 } 1178 }
1136#if 0 1179#if 0
1137 else 1180 else {
1138 { 1181 BIO_printf(bio_err, mr ? "+RK:%d:"
1139 BIO_printf(bio_err,mr ? "+RK:%d:" 1182 : "Loaded RSA key, %d bit modulus and e= 0x",
1140 : "Loaded RSA key, %d bit modulus and e= 0x", 1183 BN_num_bits(rsa_key[i]->n));
1141 BN_num_bits(rsa_key[i]->n)); 1184 BN_print(bio_err, rsa_key[i]->e);
1142 BN_print(bio_err,rsa_key[i]->e); 1185 BIO_printf(bio_err, "\n");
1143 BIO_printf(bio_err,"\n");
1144 }
1145#endif
1146 } 1186 }
1147#endif 1187#endif
1188 }
1189#endif
1148 1190
1149#ifndef OPENSSL_NO_DSA 1191#ifndef OPENSSL_NO_DSA
1150 dsa_key[0]=get_dsa512(); 1192 dsa_key[0] = get_dsa512();
1151 dsa_key[1]=get_dsa1024(); 1193 dsa_key[1] = get_dsa1024();
1152 dsa_key[2]=get_dsa2048(); 1194 dsa_key[2] = get_dsa2048();
1153#endif 1195#endif
1154 1196
1155#ifndef OPENSSL_NO_DES 1197#ifndef OPENSSL_NO_DES
1156 DES_set_key_unchecked(&key,&sch); 1198 DES_set_key_unchecked(&key, &sch);
1157 DES_set_key_unchecked(&key2,&sch2); 1199 DES_set_key_unchecked(&key2, &sch2);
1158 DES_set_key_unchecked(&key3,&sch3); 1200 DES_set_key_unchecked(&key3, &sch3);
1159#endif 1201#endif
1160#ifndef OPENSSL_NO_AES 1202#ifndef OPENSSL_NO_AES
1161 AES_set_encrypt_key(key16,128,&aes_ks1); 1203 AES_set_encrypt_key(key16, 128, &aes_ks1);
1162 AES_set_encrypt_key(key24,192,&aes_ks2); 1204 AES_set_encrypt_key(key24, 192, &aes_ks2);
1163 AES_set_encrypt_key(key32,256,&aes_ks3); 1205 AES_set_encrypt_key(key32, 256, &aes_ks3);
1164#endif 1206#endif
1165#ifndef OPENSSL_NO_CAMELLIA 1207#ifndef OPENSSL_NO_CAMELLIA
1166 Camellia_set_key(key16,128,&camellia_ks1); 1208 Camellia_set_key(key16, 128, &camellia_ks1);
1167 Camellia_set_key(ckey24,192,&camellia_ks2); 1209 Camellia_set_key(ckey24, 192, &camellia_ks2);
1168 Camellia_set_key(ckey32,256,&camellia_ks3); 1210 Camellia_set_key(ckey32, 256, &camellia_ks3);
1169#endif 1211#endif
1170#ifndef OPENSSL_NO_IDEA 1212#ifndef OPENSSL_NO_IDEA
1171 idea_set_encrypt_key(key16,&idea_ks); 1213 idea_set_encrypt_key(key16, &idea_ks);
1172#endif 1214#endif
1173#ifndef OPENSSL_NO_SEED 1215#ifndef OPENSSL_NO_SEED
1174 SEED_set_key(key16,&seed_ks); 1216 SEED_set_key(key16, &seed_ks);
1175#endif 1217#endif
1176#ifndef OPENSSL_NO_RC4 1218#ifndef OPENSSL_NO_RC4
1177 RC4_set_key(&rc4_ks,16,key16); 1219 RC4_set_key(&rc4_ks, 16, key16);
1178#endif 1220#endif
1179#ifndef OPENSSL_NO_RC2 1221#ifndef OPENSSL_NO_RC2
1180 RC2_set_key(&rc2_ks,16,key16,128); 1222 RC2_set_key(&rc2_ks, 16, key16, 128);
1181#endif 1223#endif
1182#ifndef OPENSSL_NO_RC5 1224#ifndef OPENSSL_NO_RC5
1183 RC5_32_set_key(&rc5_ks,16,key16,12); 1225 RC5_32_set_key(&rc5_ks, 16, key16, 12);
1184#endif 1226#endif
1185#ifndef OPENSSL_NO_BF 1227#ifndef OPENSSL_NO_BF
1186 BF_set_key(&bf_ks,16,key16); 1228 BF_set_key(&bf_ks, 16, key16);
1187#endif 1229#endif
1188#ifndef OPENSSL_NO_CAST 1230#ifndef OPENSSL_NO_CAST
1189 CAST_set_key(&cast_ks,16,key16); 1231 CAST_set_key(&cast_ks, 16, key16);
1190#endif 1232#endif
1191#ifndef OPENSSL_NO_RSA 1233#ifndef OPENSSL_NO_RSA
1192 memset(rsa_c,0,sizeof(rsa_c)); 1234 memset(rsa_c, 0, sizeof(rsa_c));
1193#endif 1235#endif
1194#ifndef SIGALRM 1236#ifndef SIGALRM
1195#ifndef OPENSSL_NO_DES 1237#ifndef OPENSSL_NO_DES
1196 BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); 1238 BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
1197 count=10; 1239 count = 10;
1198 do { 1240 do {
1199 long it; 1241 long it;
1200 count*=2; 1242 count *= 2;
1201 Time_F(START); 1243 Time_F(START);
1202 for (it=count; it; it--) 1244 for (it = count; it; it--)
1203 DES_ecb_encrypt((DES_cblock *)buf, 1245 DES_ecb_encrypt((DES_cblock *) buf,
1204 (DES_cblock *)buf, 1246 (DES_cblock *) buf,
1205 &sch,DES_ENCRYPT); 1247 &sch, DES_ENCRYPT);
1206 d=Time_F(STOP); 1248 d = Time_F(STOP);
1207 } while (d <3); 1249 } while (d < 3);
1208 save_count=count; 1250 save_count = count;
1209 c[D_MD2][0]=count/10; 1251 c[D_MD2][0] = count / 10;
1210 c[D_MDC2][0]=count/10; 1252 c[D_MDC2][0] = count / 10;
1211 c[D_MD4][0]=count; 1253 c[D_MD4][0] = count;
1212 c[D_MD5][0]=count; 1254 c[D_MD5][0] = count;
1213 c[D_HMAC][0]=count; 1255 c[D_HMAC][0] = count;
1214 c[D_SHA1][0]=count; 1256 c[D_SHA1][0] = count;
1215 c[D_RMD160][0]=count; 1257 c[D_RMD160][0] = count;
1216 c[D_RC4][0]=count*5; 1258 c[D_RC4][0] = count * 5;
1217 c[D_CBC_DES][0]=count; 1259 c[D_CBC_DES][0] = count;
1218 c[D_EDE3_DES][0]=count/3; 1260 c[D_EDE3_DES][0] = count / 3;
1219 c[D_CBC_IDEA][0]=count; 1261 c[D_CBC_IDEA][0] = count;
1220 c[D_CBC_SEED][0]=count; 1262 c[D_CBC_SEED][0] = count;
1221 c[D_CBC_RC2][0]=count; 1263 c[D_CBC_RC2][0] = count;
1222 c[D_CBC_RC5][0]=count; 1264 c[D_CBC_RC5][0] = count;
1223 c[D_CBC_BF][0]=count; 1265 c[D_CBC_BF][0] = count;
1224 c[D_CBC_CAST][0]=count; 1266 c[D_CBC_CAST][0] = count;
1225 c[D_CBC_128_AES][0]=count; 1267 c[D_CBC_128_AES][0] = count;
1226 c[D_CBC_192_AES][0]=count; 1268 c[D_CBC_192_AES][0] = count;
1227 c[D_CBC_256_AES][0]=count; 1269 c[D_CBC_256_AES][0] = count;
1228 c[D_CBC_128_CML][0]=count; 1270 c[D_CBC_128_CML][0] = count;
1229 c[D_CBC_192_CML][0]=count; 1271 c[D_CBC_192_CML][0] = count;
1230 c[D_CBC_256_CML][0]=count; 1272 c[D_CBC_256_CML][0] = count;
1231 c[D_SHA256][0]=count; 1273 c[D_SHA256][0] = count;
1232 c[D_SHA512][0]=count; 1274 c[D_SHA512][0] = count;
1233 c[D_WHIRLPOOL][0]=count; 1275 c[D_WHIRLPOOL][0] = count;
1234 c[D_IGE_128_AES][0]=count; 1276 c[D_IGE_128_AES][0] = count;
1235 c[D_IGE_192_AES][0]=count; 1277 c[D_IGE_192_AES][0] = count;
1236 c[D_IGE_256_AES][0]=count; 1278 c[D_IGE_256_AES][0] = count;
1237 c[D_GHASH][0]=count; 1279 c[D_GHASH][0] = count;
1238 1280
1239 for (i=1; i<SIZE_NUM; i++) 1281 for (i = 1; i < SIZE_NUM; i++) {
1240 { 1282 c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
1241 c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i]; 1283 c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
1242 c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i]; 1284 c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
1243 c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i]; 1285 c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
1244 c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i]; 1286 c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
1245 c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; 1287 c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
1246 c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; 1288 c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
1247 c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; 1289 c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
1248 c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; 1290 c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
1249 c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; 1291 c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * lengths[0] / lengths[i];
1250 c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i]; 1292 }
1251 } 1293 for (i = 1; i < SIZE_NUM; i++) {
1252 for (i=1; i<SIZE_NUM; i++) 1294 long l0, l1;
1253 { 1295
1254 long l0,l1; 1296 l0 = (long) lengths[i - 1];
1255 1297 l1 = (long) lengths[i];
1256 l0=(long)lengths[i-1]; 1298 c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
1257 l1=(long)lengths[i]; 1299 c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
1258 c[D_RC4][i]=c[D_RC4][i-1]*l0/l1; 1300 c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
1259 c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1; 1301 c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
1260 c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1; 1302 c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
1261 c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1; 1303 c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
1262 c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1; 1304 c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
1263 c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1; 1305 c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
1264 c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; 1306 c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
1265 c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; 1307 c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
1266 c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; 1308 c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
1267 c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; 1309 c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
1268 c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; 1310 c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
1269 c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; 1311 c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
1270 c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1; 1312 c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
1271 c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1; 1313 c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
1272 c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1; 1314 c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
1273 c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1; 1315 c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
1274 c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1; 1316 }
1275 c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
1276 }
1277#ifndef OPENSSL_NO_RSA 1317#ifndef OPENSSL_NO_RSA
1278 rsa_c[R_RSA_512][0]=count/2000; 1318 rsa_c[R_RSA_512][0] = count / 2000;
1279 rsa_c[R_RSA_512][1]=count/400; 1319 rsa_c[R_RSA_512][1] = count / 400;
1280 for (i=1; i<RSA_NUM; i++) 1320 for (i = 1; i < RSA_NUM; i++) {
1281 { 1321 rsa_c[i][0] = rsa_c[i - 1][0] / 8;
1282 rsa_c[i][0]=rsa_c[i-1][0]/8; 1322 rsa_c[i][1] = rsa_c[i - 1][1] / 4;
1283 rsa_c[i][1]=rsa_c[i-1][1]/4;
1284 if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0)) 1323 if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
1285 rsa_doit[i]=0; 1324 rsa_doit[i] = 0;
1286 else 1325 else {
1287 { 1326 if (rsa_c[i][0] == 0) {
1288 if (rsa_c[i][0] == 0) 1327 rsa_c[i][0] = 1;
1289 { 1328 rsa_c[i][1] = 20;
1290 rsa_c[i][0]=1; 1329 }
1291 rsa_c[i][1]=20;
1292 }
1293 }
1294 } 1330 }
1331 }
1295#endif 1332#endif
1296 1333
1297#ifndef OPENSSL_NO_DSA 1334#ifndef OPENSSL_NO_DSA
1298 dsa_c[R_DSA_512][0]=count/1000; 1335 dsa_c[R_DSA_512][0] = count / 1000;
1299 dsa_c[R_DSA_512][1]=count/1000/2; 1336 dsa_c[R_DSA_512][1] = count / 1000 / 2;
1300 for (i=1; i<DSA_NUM; i++) 1337 for (i = 1; i < DSA_NUM; i++) {
1301 { 1338 dsa_c[i][0] = dsa_c[i - 1][0] / 4;
1302 dsa_c[i][0]=dsa_c[i-1][0]/4; 1339 dsa_c[i][1] = dsa_c[i - 1][1] / 4;
1303 dsa_c[i][1]=dsa_c[i-1][1]/4;
1304 if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0)) 1340 if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
1305 dsa_doit[i]=0; 1341 dsa_doit[i] = 0;
1306 else 1342 else {
1307 { 1343 if (dsa_c[i] == 0) {
1308 if (dsa_c[i] == 0) 1344 dsa_c[i][0] = 1;
1309 { 1345 dsa_c[i][1] = 1;
1310 dsa_c[i][0]=1; 1346 }
1311 dsa_c[i][1]=1;
1312 }
1313 }
1314 } 1347 }
1348 }
1315#endif 1349#endif
1316 1350
1317#ifndef OPENSSL_NO_ECDSA 1351#ifndef OPENSSL_NO_ECDSA
1318 ecdsa_c[R_EC_P160][0]=count/1000; 1352 ecdsa_c[R_EC_P160][0] = count / 1000;
1319 ecdsa_c[R_EC_P160][1]=count/1000/2; 1353 ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
1320 for (i=R_EC_P192; i<=R_EC_P521; i++) 1354 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1321 { 1355 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1322 ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; 1356 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1323 ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
1324 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) 1357 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
1325 ecdsa_doit[i]=0; 1358 ecdsa_doit[i] = 0;
1326 else 1359 else {
1327 { 1360 if (ecdsa_c[i] == 0) {
1328 if (ecdsa_c[i] == 0) 1361 ecdsa_c[i][0] = 1;
1329 { 1362 ecdsa_c[i][1] = 1;
1330 ecdsa_c[i][0]=1;
1331 ecdsa_c[i][1]=1;
1332 }
1333 } 1363 }
1334 } 1364 }
1335 ecdsa_c[R_EC_K163][0]=count/1000; 1365 }
1336 ecdsa_c[R_EC_K163][1]=count/1000/2; 1366 ecdsa_c[R_EC_K163][0] = count / 1000;
1337 for (i=R_EC_K233; i<=R_EC_K571; i++) 1367 ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
1338 { 1368 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1339 ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; 1369 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1340 ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; 1370 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1341 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) 1371 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
1342 ecdsa_doit[i]=0; 1372 ecdsa_doit[i] = 0;
1343 else 1373 else {
1344 { 1374 if (ecdsa_c[i] == 0) {
1345 if (ecdsa_c[i] == 0) 1375 ecdsa_c[i][0] = 1;
1346 { 1376 ecdsa_c[i][1] = 1;
1347 ecdsa_c[i][0]=1;
1348 ecdsa_c[i][1]=1;
1349 }
1350 } 1377 }
1351 } 1378 }
1352 ecdsa_c[R_EC_B163][0]=count/1000; 1379 }
1353 ecdsa_c[R_EC_B163][1]=count/1000/2; 1380 ecdsa_c[R_EC_B163][0] = count / 1000;
1354 for (i=R_EC_B233; i<=R_EC_B571; i++) 1381 ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
1355 { 1382 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1356 ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; 1383 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1357 ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; 1384 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1358 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) 1385 if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
1359 ecdsa_doit[i]=0; 1386 ecdsa_doit[i] = 0;
1360 else 1387 else {
1361 { 1388 if (ecdsa_c[i] == 0) {
1362 if (ecdsa_c[i] == 0) 1389 ecdsa_c[i][0] = 1;
1363 { 1390 ecdsa_c[i][1] = 1;
1364 ecdsa_c[i][0]=1;
1365 ecdsa_c[i][1]=1;
1366 }
1367 } 1391 }
1368 } 1392 }
1393 }
1369#endif 1394#endif
1370 1395
1371#ifndef OPENSSL_NO_ECDH 1396#ifndef OPENSSL_NO_ECDH
1372 ecdh_c[R_EC_P160][0]=count/1000; 1397 ecdh_c[R_EC_P160][0] = count / 1000;
1373 ecdh_c[R_EC_P160][1]=count/1000; 1398 ecdh_c[R_EC_P160][1] = count / 1000;
1374 for (i=R_EC_P192; i<=R_EC_P521; i++) 1399 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1375 { 1400 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1376 ecdh_c[i][0]=ecdh_c[i-1][0]/2; 1401 ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
1377 ecdh_c[i][1]=ecdh_c[i-1][1]/2;
1378 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) 1402 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
1379 ecdh_doit[i]=0; 1403 ecdh_doit[i] = 0;
1380 else 1404 else {
1381 { 1405 if (ecdh_c[i] == 0) {
1382 if (ecdh_c[i] == 0) 1406 ecdh_c[i][0] = 1;
1383 { 1407 ecdh_c[i][1] = 1;
1384 ecdh_c[i][0]=1;
1385 ecdh_c[i][1]=1;
1386 }
1387 } 1408 }
1388 } 1409 }
1389 ecdh_c[R_EC_K163][0]=count/1000; 1410 }
1390 ecdh_c[R_EC_K163][1]=count/1000; 1411 ecdh_c[R_EC_K163][0] = count / 1000;
1391 for (i=R_EC_K233; i<=R_EC_K571; i++) 1412 ecdh_c[R_EC_K163][1] = count / 1000;
1392 { 1413 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1393 ecdh_c[i][0]=ecdh_c[i-1][0]/2; 1414 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1394 ecdh_c[i][1]=ecdh_c[i-1][1]/2; 1415 ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
1395 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) 1416 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
1396 ecdh_doit[i]=0; 1417 ecdh_doit[i] = 0;
1397 else 1418 else {
1398 { 1419 if (ecdh_c[i] == 0) {
1399 if (ecdh_c[i] == 0) 1420 ecdh_c[i][0] = 1;
1400 { 1421 ecdh_c[i][1] = 1;
1401 ecdh_c[i][0]=1;
1402 ecdh_c[i][1]=1;
1403 }
1404 } 1422 }
1405 } 1423 }
1406 ecdh_c[R_EC_B163][0]=count/1000; 1424 }
1407 ecdh_c[R_EC_B163][1]=count/1000; 1425 ecdh_c[R_EC_B163][0] = count / 1000;
1408 for (i=R_EC_B233; i<=R_EC_B571; i++) 1426 ecdh_c[R_EC_B163][1] = count / 1000;
1409 { 1427 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1410 ecdh_c[i][0]=ecdh_c[i-1][0]/2; 1428 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1411 ecdh_c[i][1]=ecdh_c[i-1][1]/2; 1429 ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
1412 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) 1430 if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
1413 ecdh_doit[i]=0; 1431 ecdh_doit[i] = 0;
1414 else 1432 else {
1415 { 1433 if (ecdh_c[i] == 0) {
1416 if (ecdh_c[i] == 0) 1434 ecdh_c[i][0] = 1;
1417 { 1435 ecdh_c[i][1] = 1;
1418 ecdh_c[i][0]=1;
1419 ecdh_c[i][1]=1;
1420 }
1421 } 1436 }
1422 } 1437 }
1438 }
1423#endif 1439#endif
1424 1440
1425#define COND(d) (count < (d)) 1441#define COND(d) (count < (d))
1426#define COUNT(d) (d) 1442#define COUNT(d) (d)
1427#else 1443#else
1428/* not worth fixing */ 1444/* not worth fixing */
1429# error "You cannot disable DES on systems without SIGALRM." 1445#error "You cannot disable DES on systems without SIGALRM."
1430#endif /* OPENSSL_NO_DES */ 1446#endif /* OPENSSL_NO_DES */
1431#else 1447#else
1432#define COND(c) (run && count<0x7fffffff) 1448#define COND(c) (run && count<0x7fffffff)
1433#define COUNT(d) (count) 1449#define COUNT(d) (count)
1434 signal(SIGALRM,sig_done); 1450 signal(SIGALRM, sig_done);
1435#endif /* SIGALRM */ 1451#endif /* SIGALRM */
1436 1452
1437#ifndef OPENSSL_NO_MD2 1453#ifndef OPENSSL_NO_MD2
1438 if (doit[D_MD2]) 1454 if (doit[D_MD2]) {
1439 { 1455 for (j = 0; j < SIZE_NUM; j++) {
1440 for (j=0; j<SIZE_NUM; j++) 1456 print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
1441 {
1442 print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
1443 Time_F(START); 1457 Time_F(START);
1444 for (count=0,run=1; COND(c[D_MD2][j]); count++) 1458 for (count = 0, run = 1; COND(c[D_MD2][j]); count++)
1445 EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL); 1459 EVP_Digest(buf, (unsigned long) lengths[j], &(md2[0]), NULL, EVP_md2(), NULL);
1446 d=Time_F(STOP); 1460 d = Time_F(STOP);
1447 print_result(D_MD2,j,count,d); 1461 print_result(D_MD2, j, count, d);
1448 }
1449 } 1462 }
1463 }
1450#endif 1464#endif
1451#ifndef OPENSSL_NO_MDC2 1465#ifndef OPENSSL_NO_MDC2
1452 if (doit[D_MDC2]) 1466 if (doit[D_MDC2]) {
1453 { 1467 for (j = 0; j < SIZE_NUM; j++) {
1454 for (j=0; j<SIZE_NUM; j++) 1468 print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
1455 {
1456 print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
1457 Time_F(START); 1469 Time_F(START);
1458 for (count=0,run=1; COND(c[D_MDC2][j]); count++) 1470 for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
1459 EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL); 1471 EVP_Digest(buf, (unsigned long) lengths[j], &(mdc2[0]), NULL, EVP_mdc2(), NULL);
1460 d=Time_F(STOP); 1472 d = Time_F(STOP);
1461 print_result(D_MDC2,j,count,d); 1473 print_result(D_MDC2, j, count, d);
1462 }
1463 } 1474 }
1475 }
1464#endif 1476#endif
1465 1477
1466#ifndef OPENSSL_NO_MD4 1478#ifndef OPENSSL_NO_MD4
1467 if (doit[D_MD4]) 1479 if (doit[D_MD4]) {
1468 { 1480 for (j = 0; j < SIZE_NUM; j++) {
1469 for (j=0; j<SIZE_NUM; j++) 1481 print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
1470 {
1471 print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
1472 Time_F(START); 1482 Time_F(START);
1473 for (count=0,run=1; COND(c[D_MD4][j]); count++) 1483 for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
1474 EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL); 1484 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL);
1475 d=Time_F(STOP); 1485 d = Time_F(STOP);
1476 print_result(D_MD4,j,count,d); 1486 print_result(D_MD4, j, count, d);
1477 }
1478 } 1487 }
1488 }
1479#endif 1489#endif
1480 1490
1481#ifndef OPENSSL_NO_MD5 1491#ifndef OPENSSL_NO_MD5
1482 if (doit[D_MD5]) 1492 if (doit[D_MD5]) {
1483 { 1493 for (j = 0; j < SIZE_NUM; j++) {
1484 for (j=0; j<SIZE_NUM; j++) 1494 print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
1485 {
1486 print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
1487 Time_F(START); 1495 Time_F(START);
1488 for (count=0,run=1; COND(c[D_MD5][j]); count++) 1496 for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
1489 EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL); 1497 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md5[0]), NULL, EVP_get_digestbyname("md5"), NULL);
1490 d=Time_F(STOP); 1498 d = Time_F(STOP);
1491 print_result(D_MD5,j,count,d); 1499 print_result(D_MD5, j, count, d);
1492 }
1493 } 1500 }
1501 }
1494#endif 1502#endif
1495 1503
1496#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) 1504#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
1497 if (doit[D_HMAC]) 1505 if (doit[D_HMAC]) {
1498 {
1499 HMAC_CTX hctx; 1506 HMAC_CTX hctx;
1500 1507
1501 HMAC_CTX_init(&hctx); 1508 HMAC_CTX_init(&hctx);
1502 HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 1509 HMAC_Init_ex(&hctx, (unsigned char *) "This is a key...",
1503 16,EVP_md5(), NULL); 1510 16, EVP_md5(), NULL);
1504 1511
1505 for (j=0; j<SIZE_NUM; j++) 1512 for (j = 0; j < SIZE_NUM; j++) {
1506 { 1513 print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
1507 print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
1508 Time_F(START); 1514 Time_F(START);
1509 for (count=0,run=1; COND(c[D_HMAC][j]); count++) 1515 for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
1510 { 1516 HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
1511 HMAC_Init_ex(&hctx,NULL,0,NULL,NULL); 1517 HMAC_Update(&hctx, buf, lengths[j]);
1512 HMAC_Update(&hctx,buf,lengths[j]); 1518 HMAC_Final(&hctx, &(hmac[0]), NULL);
1513 HMAC_Final(&hctx,&(hmac[0]),NULL);
1514 }
1515 d=Time_F(STOP);
1516 print_result(D_HMAC,j,count,d);
1517 } 1519 }
1518 HMAC_CTX_cleanup(&hctx); 1520 d = Time_F(STOP);
1521 print_result(D_HMAC, j, count, d);
1519 } 1522 }
1523 HMAC_CTX_cleanup(&hctx);
1524 }
1520#endif 1525#endif
1521#ifndef OPENSSL_NO_SHA 1526#ifndef OPENSSL_NO_SHA
1522 if (doit[D_SHA1]) 1527 if (doit[D_SHA1]) {
1523 { 1528 for (j = 0; j < SIZE_NUM; j++) {
1524 for (j=0; j<SIZE_NUM; j++) 1529 print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
1525 {
1526 print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
1527 Time_F(START); 1530 Time_F(START);
1528 for (count=0,run=1; COND(c[D_SHA1][j]); count++) 1531 for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
1529 EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); 1532 EVP_Digest(buf, (unsigned long) lengths[j], &(sha[0]), NULL, EVP_sha1(), NULL);
1530 d=Time_F(STOP); 1533 d = Time_F(STOP);
1531 print_result(D_SHA1,j,count,d); 1534 print_result(D_SHA1, j, count, d);
1532 }
1533 } 1535 }
1534 1536 }
1535#ifndef OPENSSL_NO_SHA256 1537#ifndef OPENSSL_NO_SHA256
1536 if (doit[D_SHA256]) 1538 if (doit[D_SHA256]) {
1537 { 1539 for (j = 0; j < SIZE_NUM; j++) {
1538 for (j=0; j<SIZE_NUM; j++) 1540 print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
1539 {
1540 print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
1541 Time_F(START); 1541 Time_F(START);
1542 for (count=0,run=1; COND(c[D_SHA256][j]); count++) 1542 for (count = 0, run = 1; COND(c[D_SHA256][j]); count++)
1543 SHA256(buf,lengths[j],sha256); 1543 SHA256(buf, lengths[j], sha256);
1544 d=Time_F(STOP); 1544 d = Time_F(STOP);
1545 print_result(D_SHA256,j,count,d); 1545 print_result(D_SHA256, j, count, d);
1546 }
1547 } 1546 }
1547 }
1548#endif 1548#endif
1549 1549
1550#ifndef OPENSSL_NO_SHA512 1550#ifndef OPENSSL_NO_SHA512
1551 if (doit[D_SHA512]) 1551 if (doit[D_SHA512]) {
1552 { 1552 for (j = 0; j < SIZE_NUM; j++) {
1553 for (j=0; j<SIZE_NUM; j++) 1553 print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
1554 {
1555 print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
1556 Time_F(START); 1554 Time_F(START);
1557 for (count=0,run=1; COND(c[D_SHA512][j]); count++) 1555 for (count = 0, run = 1; COND(c[D_SHA512][j]); count++)
1558 SHA512(buf,lengths[j],sha512); 1556 SHA512(buf, lengths[j], sha512);
1559 d=Time_F(STOP); 1557 d = Time_F(STOP);
1560 print_result(D_SHA512,j,count,d); 1558 print_result(D_SHA512, j, count, d);
1561 }
1562 } 1559 }
1560 }
1563#endif 1561#endif
1564#endif 1562#endif
1565 1563
1566#ifndef OPENSSL_NO_WHIRLPOOL 1564#ifndef OPENSSL_NO_WHIRLPOOL
1567 if (doit[D_WHIRLPOOL]) 1565 if (doit[D_WHIRLPOOL]) {
1568 { 1566 for (j = 0; j < SIZE_NUM; j++) {
1569 for (j=0; j<SIZE_NUM; j++) 1567 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
1570 {
1571 print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
1572 Time_F(START); 1568 Time_F(START);
1573 for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++) 1569 for (count = 0, run = 1; COND(c[D_WHIRLPOOL][j]); count++)
1574 WHIRLPOOL(buf,lengths[j],whirlpool); 1570 WHIRLPOOL(buf, lengths[j], whirlpool);
1575 d=Time_F(STOP); 1571 d = Time_F(STOP);
1576 print_result(D_WHIRLPOOL,j,count,d); 1572 print_result(D_WHIRLPOOL, j, count, d);
1577 }
1578 } 1573 }
1574 }
1579#endif 1575#endif
1580 1576
1581#ifndef OPENSSL_NO_RIPEMD 1577#ifndef OPENSSL_NO_RIPEMD
1582 if (doit[D_RMD160]) 1578 if (doit[D_RMD160]) {
1583 { 1579 for (j = 0; j < SIZE_NUM; j++) {
1584 for (j=0; j<SIZE_NUM; j++) 1580 print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
1585 {
1586 print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
1587 Time_F(START); 1581 Time_F(START);
1588 for (count=0,run=1; COND(c[D_RMD160][j]); count++) 1582 for (count = 0, run = 1; COND(c[D_RMD160][j]); count++)
1589 EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL); 1583 EVP_Digest(buf, (unsigned long) lengths[j], &(rmd160[0]), NULL, EVP_ripemd160(), NULL);
1590 d=Time_F(STOP); 1584 d = Time_F(STOP);
1591 print_result(D_RMD160,j,count,d); 1585 print_result(D_RMD160, j, count, d);
1592 }
1593 } 1586 }
1587 }
1594#endif 1588#endif
1595#ifndef OPENSSL_NO_RC4 1589#ifndef OPENSSL_NO_RC4
1596 if (doit[D_RC4]) 1590 if (doit[D_RC4]) {
1597 { 1591 for (j = 0; j < SIZE_NUM; j++) {
1598 for (j=0; j<SIZE_NUM; j++) 1592 print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
1599 {
1600 print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
1601 Time_F(START); 1593 Time_F(START);
1602 for (count=0,run=1; COND(c[D_RC4][j]); count++) 1594 for (count = 0, run = 1; COND(c[D_RC4][j]); count++)
1603 RC4(&rc4_ks,(unsigned int)lengths[j], 1595 RC4(&rc4_ks, (unsigned int) lengths[j],
1604 buf,buf); 1596 buf, buf);
1605 d=Time_F(STOP); 1597 d = Time_F(STOP);
1606 print_result(D_RC4,j,count,d); 1598 print_result(D_RC4, j, count, d);
1607 }
1608 } 1599 }
1600 }
1609#endif 1601#endif
1610#ifndef OPENSSL_NO_DES 1602#ifndef OPENSSL_NO_DES
1611 if (doit[D_CBC_DES]) 1603 if (doit[D_CBC_DES]) {
1612 { 1604 for (j = 0; j < SIZE_NUM; j++) {
1613 for (j=0; j<SIZE_NUM; j++) 1605 print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
1614 {
1615 print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
1616 Time_F(START); 1606 Time_F(START);
1617 for (count=0,run=1; COND(c[D_CBC_DES][j]); count++) 1607 for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++)
1618 DES_ncbc_encrypt(buf,buf,lengths[j],&sch, 1608 DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
1619 &DES_iv,DES_ENCRYPT); 1609 &DES_iv, DES_ENCRYPT);
1620 d=Time_F(STOP); 1610 d = Time_F(STOP);
1621 print_result(D_CBC_DES,j,count,d); 1611 print_result(D_CBC_DES, j, count, d);
1622 }
1623 } 1612 }
1624 1613 }
1625 if (doit[D_EDE3_DES]) 1614 if (doit[D_EDE3_DES]) {
1626 { 1615 for (j = 0; j < SIZE_NUM; j++) {
1627 for (j=0; j<SIZE_NUM; j++) 1616 print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]);
1628 {
1629 print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
1630 Time_F(START); 1617 Time_F(START);
1631 for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++) 1618 for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++)
1632 DES_ede3_cbc_encrypt(buf,buf,lengths[j], 1619 DES_ede3_cbc_encrypt(buf, buf, lengths[j],
1633 &sch,&sch2,&sch3, 1620 &sch, &sch2, &sch3,
1634 &DES_iv,DES_ENCRYPT); 1621 &DES_iv, DES_ENCRYPT);
1635 d=Time_F(STOP); 1622 d = Time_F(STOP);
1636 print_result(D_EDE3_DES,j,count,d); 1623 print_result(D_EDE3_DES, j, count, d);
1637 }
1638 } 1624 }
1625 }
1639#endif 1626#endif
1640#ifndef OPENSSL_NO_AES 1627#ifndef OPENSSL_NO_AES
1641 if (doit[D_CBC_128_AES]) 1628 if (doit[D_CBC_128_AES]) {
1642 { 1629 for (j = 0; j < SIZE_NUM; j++) {
1643 for (j=0; j<SIZE_NUM; j++) 1630 print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j], lengths[j]);
1644 {
1645 print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
1646 Time_F(START); 1631 Time_F(START);
1647 for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++) 1632 for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++)
1648 AES_cbc_encrypt(buf,buf, 1633 AES_cbc_encrypt(buf, buf,
1649 (unsigned long)lengths[j],&aes_ks1, 1634 (unsigned long) lengths[j], &aes_ks1,
1650 iv,AES_ENCRYPT); 1635 iv, AES_ENCRYPT);
1651 d=Time_F(STOP); 1636 d = Time_F(STOP);
1652 print_result(D_CBC_128_AES,j,count,d); 1637 print_result(D_CBC_128_AES, j, count, d);
1653 }
1654 } 1638 }
1655 if (doit[D_CBC_192_AES]) 1639 }
1656 { 1640 if (doit[D_CBC_192_AES]) {
1657 for (j=0; j<SIZE_NUM; j++) 1641 for (j = 0; j < SIZE_NUM; j++) {
1658 { 1642 print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j], lengths[j]);
1659 print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
1660 Time_F(START); 1643 Time_F(START);
1661 for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++) 1644 for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++)
1662 AES_cbc_encrypt(buf,buf, 1645 AES_cbc_encrypt(buf, buf,
1663 (unsigned long)lengths[j],&aes_ks2, 1646 (unsigned long) lengths[j], &aes_ks2,
1664 iv,AES_ENCRYPT); 1647 iv, AES_ENCRYPT);
1665 d=Time_F(STOP); 1648 d = Time_F(STOP);
1666 print_result(D_CBC_192_AES,j,count,d); 1649 print_result(D_CBC_192_AES, j, count, d);
1667 }
1668 } 1650 }
1669 if (doit[D_CBC_256_AES]) 1651 }
1670 { 1652 if (doit[D_CBC_256_AES]) {
1671 for (j=0; j<SIZE_NUM; j++) 1653 for (j = 0; j < SIZE_NUM; j++) {
1672 { 1654 print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j], lengths[j]);
1673 print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
1674 Time_F(START); 1655 Time_F(START);
1675 for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++) 1656 for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++)
1676 AES_cbc_encrypt(buf,buf, 1657 AES_cbc_encrypt(buf, buf,
1677 (unsigned long)lengths[j],&aes_ks3, 1658 (unsigned long) lengths[j], &aes_ks3,
1678 iv,AES_ENCRYPT); 1659 iv, AES_ENCRYPT);
1679 d=Time_F(STOP); 1660 d = Time_F(STOP);
1680 print_result(D_CBC_256_AES,j,count,d); 1661 print_result(D_CBC_256_AES, j, count, d);
1681 }
1682 } 1662 }
1683 1663 }
1684 if (doit[D_IGE_128_AES]) 1664 if (doit[D_IGE_128_AES]) {
1685 { 1665 for (j = 0; j < SIZE_NUM; j++) {
1686 for (j=0; j<SIZE_NUM; j++) 1666 print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j], lengths[j]);
1687 {
1688 print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
1689 Time_F(START); 1667 Time_F(START);
1690 for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++) 1668 for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++)
1691 AES_ige_encrypt(buf,buf2, 1669 AES_ige_encrypt(buf, buf2,
1692 (unsigned long)lengths[j],&aes_ks1, 1670 (unsigned long) lengths[j], &aes_ks1,
1693 iv,AES_ENCRYPT); 1671 iv, AES_ENCRYPT);
1694 d=Time_F(STOP); 1672 d = Time_F(STOP);
1695 print_result(D_IGE_128_AES,j,count,d); 1673 print_result(D_IGE_128_AES, j, count, d);
1696 }
1697 } 1674 }
1698 if (doit[D_IGE_192_AES]) 1675 }
1699 { 1676 if (doit[D_IGE_192_AES]) {
1700 for (j=0; j<SIZE_NUM; j++) 1677 for (j = 0; j < SIZE_NUM; j++) {
1701 { 1678 print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j], lengths[j]);
1702 print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
1703 Time_F(START); 1679 Time_F(START);
1704 for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++) 1680 for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++)
1705 AES_ige_encrypt(buf,buf2, 1681 AES_ige_encrypt(buf, buf2,
1706 (unsigned long)lengths[j],&aes_ks2, 1682 (unsigned long) lengths[j], &aes_ks2,
1707 iv,AES_ENCRYPT); 1683 iv, AES_ENCRYPT);
1708 d=Time_F(STOP); 1684 d = Time_F(STOP);
1709 print_result(D_IGE_192_AES,j,count,d); 1685 print_result(D_IGE_192_AES, j, count, d);
1710 }
1711 } 1686 }
1712 if (doit[D_IGE_256_AES]) 1687 }
1713 { 1688 if (doit[D_IGE_256_AES]) {
1714 for (j=0; j<SIZE_NUM; j++) 1689 for (j = 0; j < SIZE_NUM; j++) {
1715 { 1690 print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j], lengths[j]);
1716 print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
1717 Time_F(START); 1691 Time_F(START);
1718 for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++) 1692 for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++)
1719 AES_ige_encrypt(buf,buf2, 1693 AES_ige_encrypt(buf, buf2,
1720 (unsigned long)lengths[j],&aes_ks3, 1694 (unsigned long) lengths[j], &aes_ks3,
1721 iv,AES_ENCRYPT); 1695 iv, AES_ENCRYPT);
1722 d=Time_F(STOP); 1696 d = Time_F(STOP);
1723 print_result(D_IGE_256_AES,j,count,d); 1697 print_result(D_IGE_256_AES, j, count, d);
1724 }
1725 } 1698 }
1726 if (doit[D_GHASH]) 1699 }
1727 { 1700 if (doit[D_GHASH]) {
1728 GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1,(block128_f)AES_encrypt); 1701 GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
1729 CRYPTO_gcm128_setiv (ctx,(unsigned char *)"0123456789ab",12); 1702 CRYPTO_gcm128_setiv(ctx, (unsigned char *) "0123456789ab", 12);
1730 1703
1731 for (j=0; j<SIZE_NUM; j++) 1704 for (j = 0; j < SIZE_NUM; j++) {
1732 { 1705 print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]);
1733 print_message(names[D_GHASH],c[D_GHASH][j],lengths[j]);
1734 Time_F(START); 1706 Time_F(START);
1735 for (count=0,run=1; COND(c[D_GHASH][j]); count++) 1707 for (count = 0, run = 1; COND(c[D_GHASH][j]); count++)
1736 CRYPTO_gcm128_aad(ctx,buf,lengths[j]); 1708 CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
1737 d=Time_F(STOP); 1709 d = Time_F(STOP);
1738 print_result(D_GHASH,j,count,d); 1710 print_result(D_GHASH, j, count, d);
1739 }
1740 CRYPTO_gcm128_release(ctx);
1741 } 1711 }
1742 1712 CRYPTO_gcm128_release(ctx);
1713 }
1743#endif 1714#endif
1744#ifndef OPENSSL_NO_CAMELLIA 1715#ifndef OPENSSL_NO_CAMELLIA
1745 if (doit[D_CBC_128_CML]) 1716 if (doit[D_CBC_128_CML]) {
1746 { 1717 for (j = 0; j < SIZE_NUM; j++) {
1747 for (j=0; j<SIZE_NUM; j++) 1718 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j], lengths[j]);
1748 {
1749 print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
1750 Time_F(START); 1719 Time_F(START);
1751 for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++) 1720 for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++)
1752 Camellia_cbc_encrypt(buf,buf, 1721 Camellia_cbc_encrypt(buf, buf,
1753 (unsigned long)lengths[j],&camellia_ks1, 1722 (unsigned long) lengths[j], &camellia_ks1,
1754 iv,CAMELLIA_ENCRYPT); 1723 iv, CAMELLIA_ENCRYPT);
1755 d=Time_F(STOP); 1724 d = Time_F(STOP);
1756 print_result(D_CBC_128_CML,j,count,d); 1725 print_result(D_CBC_128_CML, j, count, d);
1757 }
1758 } 1726 }
1759 if (doit[D_CBC_192_CML]) 1727 }
1760 { 1728 if (doit[D_CBC_192_CML]) {
1761 for (j=0; j<SIZE_NUM; j++) 1729 for (j = 0; j < SIZE_NUM; j++) {
1762 { 1730 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j], lengths[j]);
1763 print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
1764 Time_F(START); 1731 Time_F(START);
1765 for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++) 1732 for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++)
1766 Camellia_cbc_encrypt(buf,buf, 1733 Camellia_cbc_encrypt(buf, buf,
1767 (unsigned long)lengths[j],&camellia_ks2, 1734 (unsigned long) lengths[j], &camellia_ks2,
1768 iv,CAMELLIA_ENCRYPT); 1735 iv, CAMELLIA_ENCRYPT);
1769 d=Time_F(STOP); 1736 d = Time_F(STOP);
1770 print_result(D_CBC_192_CML,j,count,d); 1737 print_result(D_CBC_192_CML, j, count, d);
1771 }
1772 } 1738 }
1773 if (doit[D_CBC_256_CML]) 1739 }
1774 { 1740 if (doit[D_CBC_256_CML]) {
1775 for (j=0; j<SIZE_NUM; j++) 1741 for (j = 0; j < SIZE_NUM; j++) {
1776 { 1742 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j], lengths[j]);
1777 print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
1778 Time_F(START); 1743 Time_F(START);
1779 for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++) 1744 for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++)
1780 Camellia_cbc_encrypt(buf,buf, 1745 Camellia_cbc_encrypt(buf, buf,
1781 (unsigned long)lengths[j],&camellia_ks3, 1746 (unsigned long) lengths[j], &camellia_ks3,
1782 iv,CAMELLIA_ENCRYPT); 1747 iv, CAMELLIA_ENCRYPT);
1783 d=Time_F(STOP); 1748 d = Time_F(STOP);
1784 print_result(D_CBC_256_CML,j,count,d); 1749 print_result(D_CBC_256_CML, j, count, d);
1785 }
1786 } 1750 }
1787 1751 }
1788#endif 1752#endif
1789#ifndef OPENSSL_NO_IDEA 1753#ifndef OPENSSL_NO_IDEA
1790 if (doit[D_CBC_IDEA]) 1754 if (doit[D_CBC_IDEA]) {
1791 { 1755 for (j = 0; j < SIZE_NUM; j++) {
1792 for (j=0; j<SIZE_NUM; j++) 1756 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
1793 {
1794 print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
1795 Time_F(START); 1757 Time_F(START);
1796 for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++) 1758 for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++)
1797 idea_cbc_encrypt(buf,buf, 1759 idea_cbc_encrypt(buf, buf,
1798 (unsigned long)lengths[j],&idea_ks, 1760 (unsigned long) lengths[j], &idea_ks,
1799 iv,IDEA_ENCRYPT); 1761 iv, IDEA_ENCRYPT);
1800 d=Time_F(STOP); 1762 d = Time_F(STOP);
1801 print_result(D_CBC_IDEA,j,count,d); 1763 print_result(D_CBC_IDEA, j, count, d);
1802 }
1803 } 1764 }
1765 }
1804#endif 1766#endif
1805#ifndef OPENSSL_NO_SEED 1767#ifndef OPENSSL_NO_SEED
1806 if (doit[D_CBC_SEED]) 1768 if (doit[D_CBC_SEED]) {
1807 { 1769 for (j = 0; j < SIZE_NUM; j++) {
1808 for (j=0; j<SIZE_NUM; j++) 1770 print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
1809 {
1810 print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
1811 Time_F(START); 1771 Time_F(START);
1812 for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++) 1772 for (count = 0, run = 1; COND(c[D_CBC_SEED][j]); count++)
1813 SEED_cbc_encrypt(buf,buf, 1773 SEED_cbc_encrypt(buf, buf,
1814 (unsigned long)lengths[j],&seed_ks,iv,1); 1774 (unsigned long) lengths[j], &seed_ks, iv, 1);
1815 d=Time_F(STOP); 1775 d = Time_F(STOP);
1816 print_result(D_CBC_SEED,j,count,d); 1776 print_result(D_CBC_SEED, j, count, d);
1817 }
1818 } 1777 }
1778 }
1819#endif 1779#endif
1820#ifndef OPENSSL_NO_RC2 1780#ifndef OPENSSL_NO_RC2
1821 if (doit[D_CBC_RC2]) 1781 if (doit[D_CBC_RC2]) {
1822 { 1782 for (j = 0; j < SIZE_NUM; j++) {
1823 for (j=0; j<SIZE_NUM; j++) 1783 print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
1824 {
1825 print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
1826 Time_F(START); 1784 Time_F(START);
1827 for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++) 1785 for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++)
1828 RC2_cbc_encrypt(buf,buf, 1786 RC2_cbc_encrypt(buf, buf,
1829 (unsigned long)lengths[j],&rc2_ks, 1787 (unsigned long) lengths[j], &rc2_ks,
1830 iv,RC2_ENCRYPT); 1788 iv, RC2_ENCRYPT);
1831 d=Time_F(STOP); 1789 d = Time_F(STOP);
1832 print_result(D_CBC_RC2,j,count,d); 1790 print_result(D_CBC_RC2, j, count, d);
1833 }
1834 } 1791 }
1792 }
1835#endif 1793#endif
1836#ifndef OPENSSL_NO_RC5 1794#ifndef OPENSSL_NO_RC5
1837 if (doit[D_CBC_RC5]) 1795 if (doit[D_CBC_RC5]) {
1838 { 1796 for (j = 0; j < SIZE_NUM; j++) {
1839 for (j=0; j<SIZE_NUM; j++) 1797 print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
1840 {
1841 print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
1842 Time_F(START); 1798 Time_F(START);
1843 for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++) 1799 for (count = 0, run = 1; COND(c[D_CBC_RC5][j]); count++)
1844 RC5_32_cbc_encrypt(buf,buf, 1800 RC5_32_cbc_encrypt(buf, buf,
1845 (unsigned long)lengths[j],&rc5_ks, 1801 (unsigned long) lengths[j], &rc5_ks,
1846 iv,RC5_ENCRYPT); 1802 iv, RC5_ENCRYPT);
1847 d=Time_F(STOP); 1803 d = Time_F(STOP);
1848 print_result(D_CBC_RC5,j,count,d); 1804 print_result(D_CBC_RC5, j, count, d);
1849 }
1850 } 1805 }
1806 }
1851#endif 1807#endif
1852#ifndef OPENSSL_NO_BF 1808#ifndef OPENSSL_NO_BF
1853 if (doit[D_CBC_BF]) 1809 if (doit[D_CBC_BF]) {
1854 { 1810 for (j = 0; j < SIZE_NUM; j++) {
1855 for (j=0; j<SIZE_NUM; j++) 1811 print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
1856 {
1857 print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
1858 Time_F(START); 1812 Time_F(START);
1859 for (count=0,run=1; COND(c[D_CBC_BF][j]); count++) 1813 for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++)
1860 BF_cbc_encrypt(buf,buf, 1814 BF_cbc_encrypt(buf, buf,
1861 (unsigned long)lengths[j],&bf_ks, 1815 (unsigned long) lengths[j], &bf_ks,
1862 iv,BF_ENCRYPT); 1816 iv, BF_ENCRYPT);
1863 d=Time_F(STOP); 1817 d = Time_F(STOP);
1864 print_result(D_CBC_BF,j,count,d); 1818 print_result(D_CBC_BF, j, count, d);
1865 }
1866 } 1819 }
1820 }
1867#endif 1821#endif
1868#ifndef OPENSSL_NO_CAST 1822#ifndef OPENSSL_NO_CAST
1869 if (doit[D_CBC_CAST]) 1823 if (doit[D_CBC_CAST]) {
1870 { 1824 for (j = 0; j < SIZE_NUM; j++) {
1871 for (j=0; j<SIZE_NUM; j++) 1825 print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
1872 {
1873 print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
1874 Time_F(START); 1826 Time_F(START);
1875 for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++) 1827 for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++)
1876 CAST_cbc_encrypt(buf,buf, 1828 CAST_cbc_encrypt(buf, buf,
1877 (unsigned long)lengths[j],&cast_ks, 1829 (unsigned long) lengths[j], &cast_ks,
1878 iv,CAST_ENCRYPT); 1830 iv, CAST_ENCRYPT);
1879 d=Time_F(STOP); 1831 d = Time_F(STOP);
1880 print_result(D_CBC_CAST,j,count,d); 1832 print_result(D_CBC_CAST, j, count, d);
1881 }
1882 } 1833 }
1834 }
1883#endif 1835#endif
1884 1836
1885 if (doit[D_EVP]) 1837 if (doit[D_EVP]) {
1886 { 1838 for (j = 0; j < SIZE_NUM; j++) {
1887 for (j=0; j<SIZE_NUM; j++) 1839 if (evp_cipher) {
1888 {
1889 if (evp_cipher)
1890 {
1891 EVP_CIPHER_CTX ctx; 1840 EVP_CIPHER_CTX ctx;
1892 int outl; 1841 int outl;
1893 1842
1894 names[D_EVP]=OBJ_nid2ln(evp_cipher->nid); 1843 names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
1895 /* -O3 -fschedule-insns messes up an 1844 /*
1896 * optimization here! names[D_EVP] 1845 * -O3 -fschedule-insns messes up an
1897 * somehow becomes NULL */ 1846 * optimization here! names[D_EVP] somehow
1898 print_message(names[D_EVP],save_count, 1847 * becomes NULL
1899 lengths[j]); 1848 */
1849 print_message(names[D_EVP], save_count,
1850 lengths[j]);
1900 1851
1901 EVP_CIPHER_CTX_init(&ctx); 1852 EVP_CIPHER_CTX_init(&ctx);
1902 if(decrypt) 1853 if (decrypt)
1903 EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); 1854 EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
1904 else 1855 else
1905 EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); 1856 EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
1906 EVP_CIPHER_CTX_set_padding(&ctx, 0); 1857 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1907 1858
1908 Time_F(START); 1859 Time_F(START);
1909 if(decrypt) 1860 if (decrypt)
1910 for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) 1861 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
1911 EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]); 1862 EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
1912 else 1863 else
1913 for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) 1864 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
1914 EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]); 1865 EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
1915 if(decrypt) 1866 if (decrypt)
1916 EVP_DecryptFinal_ex(&ctx,buf,&outl); 1867 EVP_DecryptFinal_ex(&ctx, buf, &outl);
1917 else 1868 else
1918 EVP_EncryptFinal_ex(&ctx,buf,&outl); 1869 EVP_EncryptFinal_ex(&ctx, buf, &outl);
1919 d=Time_F(STOP); 1870 d = Time_F(STOP);
1920 EVP_CIPHER_CTX_cleanup(&ctx); 1871 EVP_CIPHER_CTX_cleanup(&ctx);
1921 } 1872 }
1922 if (evp_md) 1873 if (evp_md) {
1923 { 1874 names[D_EVP] = OBJ_nid2ln(evp_md->type);
1924 names[D_EVP]=OBJ_nid2ln(evp_md->type); 1875 print_message(names[D_EVP], save_count,
1925 print_message(names[D_EVP],save_count, 1876 lengths[j]);
1926 lengths[j]);
1927 1877
1928 Time_F(START); 1878 Time_F(START);
1929 for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) 1879 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
1930 EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL); 1880 EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
1931 1881
1932 d=Time_F(STOP); 1882 d = Time_F(STOP);
1933 }
1934 print_result(D_EVP,j,count,d);
1935 } 1883 }
1884 print_result(D_EVP, j, count, d);
1936 } 1885 }
1937 1886 }
1938 RAND_pseudo_bytes(buf,36); 1887 RAND_pseudo_bytes(buf, 36);
1939#ifndef OPENSSL_NO_RSA 1888#ifndef OPENSSL_NO_RSA
1940 for (j=0; j<RSA_NUM; j++) 1889 for (j = 0; j < RSA_NUM; j++) {
1941 {
1942 int ret; 1890 int ret;
1943 if (!rsa_doit[j]) continue; 1891 if (!rsa_doit[j])
1944 ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]); 1892 continue;
1945 if (ret == 0) 1893 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, &rsa_num, rsa_key[j]);
1946 { 1894 if (ret == 0) {
1947 BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n"); 1895 BIO_printf(bio_err, "RSA sign failure. No RSA sign will be done.\n");
1948 ERR_print_errors(bio_err); 1896 ERR_print_errors(bio_err);
1949 rsa_count=1; 1897 rsa_count = 1;
1950 } 1898 } else {
1951 else 1899 pkey_print_message("private", "rsa",
1952 { 1900 rsa_c[j][0], rsa_bits[j],
1953 pkey_print_message("private","rsa", 1901 RSA_SECONDS);
1954 rsa_c[j][0],rsa_bits[j],
1955 RSA_SECONDS);
1956/* RSA_blinding_on(rsa_key[j],NULL); */ 1902/* RSA_blinding_on(rsa_key[j],NULL); */
1957 Time_F(START); 1903 Time_F(START);
1958 for (count=0,run=1; COND(rsa_c[j][0]); count++) 1904 for (count = 0, run = 1; COND(rsa_c[j][0]); count++) {
1959 { 1905 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
1960 ret=RSA_sign(NID_md5_sha1, buf,36, buf2, 1906 &rsa_num, rsa_key[j]);
1961 &rsa_num, rsa_key[j]); 1907 if (ret == 0) {
1962 if (ret == 0)
1963 {
1964 BIO_printf(bio_err, 1908 BIO_printf(bio_err,
1965 "RSA sign failure\n"); 1909 "RSA sign failure\n");
1966 ERR_print_errors(bio_err); 1910 ERR_print_errors(bio_err);
1967 count=1; 1911 count = 1;
1968 break; 1912 break;
1969 }
1970 } 1913 }
1971 d=Time_F(STOP);
1972 BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
1973 : "%ld %d bit private RSA's in %.2fs\n",
1974 count,rsa_bits[j],d);
1975 rsa_results[j][0]=d/(double)count;
1976 rsa_count=count;
1977 } 1914 }
1915 d = Time_F(STOP);
1916 BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n"
1917 : "%ld %d bit private RSA's in %.2fs\n",
1918 count, rsa_bits[j], d);
1919 rsa_results[j][0] = d / (double) count;
1920 rsa_count = count;
1921 }
1978 1922
1979#if 1 1923#if 1
1980 ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); 1924 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
1981 if (ret <= 0) 1925 if (ret <= 0) {
1982 { 1926 BIO_printf(bio_err, "RSA verify failure. No RSA verify will be done.\n");
1983 BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
1984 ERR_print_errors(bio_err); 1927 ERR_print_errors(bio_err);
1985 rsa_doit[j] = 0; 1928 rsa_doit[j] = 0;
1986 } 1929 } else {
1987 else 1930 pkey_print_message("public", "rsa",
1988 { 1931 rsa_c[j][1], rsa_bits[j],
1989 pkey_print_message("public","rsa", 1932 RSA_SECONDS);
1990 rsa_c[j][1],rsa_bits[j],
1991 RSA_SECONDS);
1992 Time_F(START); 1933 Time_F(START);
1993 for (count=0,run=1; COND(rsa_c[j][1]); count++) 1934 for (count = 0, run = 1; COND(rsa_c[j][1]); count++) {
1994 { 1935 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
1995 ret=RSA_verify(NID_md5_sha1, buf,36, buf2, 1936 rsa_num, rsa_key[j]);
1996 rsa_num, rsa_key[j]); 1937 if (ret <= 0) {
1997 if (ret <= 0)
1998 {
1999 BIO_printf(bio_err, 1938 BIO_printf(bio_err,
2000 "RSA verify failure\n"); 1939 "RSA verify failure\n");
2001 ERR_print_errors(bio_err); 1940 ERR_print_errors(bio_err);
2002 count=1; 1941 count = 1;
2003 break; 1942 break;
2004 }
2005 } 1943 }
2006 d=Time_F(STOP);
2007 BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
2008 : "%ld %d bit public RSA's in %.2fs\n",
2009 count,rsa_bits[j],d);
2010 rsa_results[j][1]=d/(double)count;
2011 } 1944 }
1945 d = Time_F(STOP);
1946 BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n"
1947 : "%ld %d bit public RSA's in %.2fs\n",
1948 count, rsa_bits[j], d);
1949 rsa_results[j][1] = d / (double) count;
1950 }
2012#endif 1951#endif
2013 1952
2014 if (rsa_count <= 1) 1953 if (rsa_count <= 1) {
2015 {
2016 /* if longer than 10s, don't do any more */ 1954 /* if longer than 10s, don't do any more */
2017 for (j++; j<RSA_NUM; j++) 1955 for (j++; j < RSA_NUM; j++)
2018 rsa_doit[j]=0; 1956 rsa_doit[j] = 0;
2019 }
2020 } 1957 }
1958 }
2021#endif 1959#endif
2022 1960
2023 RAND_pseudo_bytes(buf,20); 1961 RAND_pseudo_bytes(buf, 20);
2024#ifndef OPENSSL_NO_DSA 1962#ifndef OPENSSL_NO_DSA
2025 if (RAND_status() != 1) 1963 if (RAND_status() != 1) {
2026 {
2027 RAND_seed(rnd_seed, sizeof rnd_seed); 1964 RAND_seed(rnd_seed, sizeof rnd_seed);
2028 rnd_fake = 1; 1965 rnd_fake = 1;
2029 } 1966 }
2030 for (j=0; j<DSA_NUM; j++) 1967 for (j = 0; j < DSA_NUM; j++) {
2031 {
2032 unsigned int kk; 1968 unsigned int kk;
2033 int ret; 1969 int ret;
2034 1970
2035 if (!dsa_doit[j]) continue; 1971 if (!dsa_doit[j])
1972 continue;
2036/* DSA_generate_key(dsa_key[j]); */ 1973/* DSA_generate_key(dsa_key[j]); */
2037/* DSA_sign_setup(dsa_key[j],NULL); */ 1974/* DSA_sign_setup(dsa_key[j],NULL); */
2038 ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, 1975 ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2,
2039 &kk,dsa_key[j]); 1976 &kk, dsa_key[j]);
2040 if (ret == 0) 1977 if (ret == 0) {
2041 { 1978 BIO_printf(bio_err, "DSA sign failure. No DSA sign will be done.\n");
2042 BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
2043 ERR_print_errors(bio_err); 1979 ERR_print_errors(bio_err);
2044 rsa_count=1; 1980 rsa_count = 1;
2045 } 1981 } else {
2046 else 1982 pkey_print_message("sign", "dsa",
2047 { 1983 dsa_c[j][0], dsa_bits[j],
2048 pkey_print_message("sign","dsa", 1984 DSA_SECONDS);
2049 dsa_c[j][0],dsa_bits[j],
2050 DSA_SECONDS);
2051 Time_F(START); 1985 Time_F(START);
2052 for (count=0,run=1; COND(dsa_c[j][0]); count++) 1986 for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
2053 { 1987 ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2,
2054 ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, 1988 &kk, dsa_key[j]);
2055 &kk,dsa_key[j]); 1989 if (ret == 0) {
2056 if (ret == 0)
2057 {
2058 BIO_printf(bio_err, 1990 BIO_printf(bio_err,
2059 "DSA sign failure\n"); 1991 "DSA sign failure\n");
2060 ERR_print_errors(bio_err); 1992 ERR_print_errors(bio_err);
2061 count=1; 1993 count = 1;
2062 break; 1994 break;
2063 }
2064 } 1995 }
2065 d=Time_F(STOP);
2066 BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
2067 : "%ld %d bit DSA signs in %.2fs\n",
2068 count,dsa_bits[j],d);
2069 dsa_results[j][0]=d/(double)count;
2070 rsa_count=count;
2071 } 1996 }
1997 d = Time_F(STOP);
1998 BIO_printf(bio_err, mr ? "+R3:%ld:%d:%.2f\n"
1999 : "%ld %d bit DSA signs in %.2fs\n",
2000 count, dsa_bits[j], d);
2001 dsa_results[j][0] = d / (double) count;
2002 rsa_count = count;
2003 }
2072 2004
2073 ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, 2005 ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2,
2074 kk,dsa_key[j]); 2006 kk, dsa_key[j]);
2075 if (ret <= 0) 2007 if (ret <= 0) {
2076 { 2008 BIO_printf(bio_err, "DSA verify failure. No DSA verify will be done.\n");
2077 BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
2078 ERR_print_errors(bio_err); 2009 ERR_print_errors(bio_err);
2079 dsa_doit[j] = 0; 2010 dsa_doit[j] = 0;
2080 } 2011 } else {
2081 else 2012 pkey_print_message("verify", "dsa",
2082 { 2013 dsa_c[j][1], dsa_bits[j],
2083 pkey_print_message("verify","dsa", 2014 DSA_SECONDS);
2084 dsa_c[j][1],dsa_bits[j],
2085 DSA_SECONDS);
2086 Time_F(START); 2015 Time_F(START);
2087 for (count=0,run=1; COND(dsa_c[j][1]); count++) 2016 for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
2088 { 2017 ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2,
2089 ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, 2018 kk, dsa_key[j]);
2090 kk,dsa_key[j]); 2019 if (ret <= 0) {
2091 if (ret <= 0)
2092 {
2093 BIO_printf(bio_err, 2020 BIO_printf(bio_err,
2094 "DSA verify failure\n"); 2021 "DSA verify failure\n");
2095 ERR_print_errors(bio_err); 2022 ERR_print_errors(bio_err);
2096 count=1; 2023 count = 1;
2097 break; 2024 break;
2098 }
2099 } 2025 }
2100 d=Time_F(STOP);
2101 BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
2102 : "%ld %d bit DSA verify in %.2fs\n",
2103 count,dsa_bits[j],d);
2104 dsa_results[j][1]=d/(double)count;
2105 } 2026 }
2027 d = Time_F(STOP);
2028 BIO_printf(bio_err, mr ? "+R4:%ld:%d:%.2f\n"
2029 : "%ld %d bit DSA verify in %.2fs\n",
2030 count, dsa_bits[j], d);
2031 dsa_results[j][1] = d / (double) count;
2032 }
2106 2033
2107 if (rsa_count <= 1) 2034 if (rsa_count <= 1) {
2108 {
2109 /* if longer than 10s, don't do any more */ 2035 /* if longer than 10s, don't do any more */
2110 for (j++; j<DSA_NUM; j++) 2036 for (j++; j < DSA_NUM; j++)
2111 dsa_doit[j]=0; 2037 dsa_doit[j] = 0;
2112 }
2113 } 2038 }
2114 if (rnd_fake) RAND_cleanup(); 2039 }
2040 if (rnd_fake)
2041 RAND_cleanup();
2115#endif 2042#endif
2116 2043
2117#ifndef OPENSSL_NO_ECDSA 2044#ifndef OPENSSL_NO_ECDSA
2118 if (RAND_status() != 1) 2045 if (RAND_status() != 1) {
2119 {
2120 RAND_seed(rnd_seed, sizeof rnd_seed); 2046 RAND_seed(rnd_seed, sizeof rnd_seed);
2121 rnd_fake = 1; 2047 rnd_fake = 1;
2122 } 2048 }
2123 for (j=0; j<EC_NUM; j++) 2049 for (j = 0; j < EC_NUM; j++) {
2124 {
2125 int ret; 2050 int ret;
2126 2051
2127 if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 2052 if (!ecdsa_doit[j])
2053 continue; /* Ignore Curve */
2128 ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]); 2054 ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
2129 if (ecdsa[j] == NULL) 2055 if (ecdsa[j] == NULL) {
2130 { 2056 BIO_printf(bio_err, "ECDSA failure.\n");
2131 BIO_printf(bio_err,"ECDSA failure.\n");
2132 ERR_print_errors(bio_err); 2057 ERR_print_errors(bio_err);
2133 rsa_count=1; 2058 rsa_count = 1;
2134 } 2059 } else {
2135 else
2136 {
2137#if 1 2060#if 1
2138 EC_KEY_precompute_mult(ecdsa[j], NULL); 2061 EC_KEY_precompute_mult(ecdsa[j], NULL);
2139#endif 2062#endif
2140 /* Perform ECDSA signature test */ 2063 /* Perform ECDSA signature test */
2141 EC_KEY_generate_key(ecdsa[j]); 2064 EC_KEY_generate_key(ecdsa[j]);
2142 ret = ECDSA_sign(0, buf, 20, ecdsasig, 2065 ret = ECDSA_sign(0, buf, 20, ecdsasig,
2143 &ecdsasiglen, ecdsa[j]); 2066 &ecdsasiglen, ecdsa[j]);
2144 if (ret == 0) 2067 if (ret == 0) {
2145 { 2068 BIO_printf(bio_err, "ECDSA sign failure. No ECDSA sign will be done.\n");
2146 BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
2147 ERR_print_errors(bio_err); 2069 ERR_print_errors(bio_err);
2148 rsa_count=1; 2070 rsa_count = 1;
2149 } 2071 } else {
2150 else 2072 pkey_print_message("sign", "ecdsa",
2151 { 2073 ecdsa_c[j][0],
2152 pkey_print_message("sign","ecdsa", 2074 test_curves_bits[j],
2153 ecdsa_c[j][0], 2075 ECDSA_SECONDS);
2154 test_curves_bits[j],
2155 ECDSA_SECONDS);
2156 2076
2157 Time_F(START); 2077 Time_F(START);
2158 for (count=0,run=1; COND(ecdsa_c[j][0]); 2078 for (count = 0, run = 1; COND(ecdsa_c[j][0]);
2159 count++) 2079 count++) {
2160 { 2080 ret = ECDSA_sign(0, buf, 20,
2161 ret=ECDSA_sign(0, buf, 20, 2081 ecdsasig, &ecdsasiglen,
2162 ecdsasig, &ecdsasiglen, 2082 ecdsa[j]);
2163 ecdsa[j]); 2083 if (ret == 0) {
2164 if (ret == 0)
2165 {
2166 BIO_printf(bio_err, "ECDSA sign failure\n"); 2084 BIO_printf(bio_err, "ECDSA sign failure\n");
2167 ERR_print_errors(bio_err); 2085 ERR_print_errors(bio_err);
2168 count=1; 2086 count = 1;
2169 break; 2087 break;
2170 }
2171 } 2088 }
2172 d=Time_F(STOP); 2089 }
2090 d = Time_F(STOP);
2173 2091
2174 BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : 2092 BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
2175 "%ld %d bit ECDSA signs in %.2fs \n", 2093 "%ld %d bit ECDSA signs in %.2fs \n",
2176 count, test_curves_bits[j], d); 2094 count, test_curves_bits[j], d);
2177 ecdsa_results[j][0]=d/(double)count; 2095 ecdsa_results[j][0] = d / (double) count;
2178 rsa_count=count; 2096 rsa_count = count;
2179 } 2097 }
2180 2098
2181 /* Perform ECDSA verification test */ 2099 /* Perform ECDSA verification test */
2182 ret=ECDSA_verify(0, buf, 20, ecdsasig, 2100 ret = ECDSA_verify(0, buf, 20, ecdsasig,
2183 ecdsasiglen, ecdsa[j]); 2101 ecdsasiglen, ecdsa[j]);
2184 if (ret != 1) 2102 if (ret != 1) {
2185 { 2103 BIO_printf(bio_err, "ECDSA verify failure. No ECDSA verify will be done.\n");
2186 BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
2187 ERR_print_errors(bio_err); 2104 ERR_print_errors(bio_err);
2188 ecdsa_doit[j] = 0; 2105 ecdsa_doit[j] = 0;
2189 } 2106 } else {
2190 else 2107 pkey_print_message("verify", "ecdsa",
2191 { 2108 ecdsa_c[j][1],
2192 pkey_print_message("verify","ecdsa", 2109 test_curves_bits[j],
2193 ecdsa_c[j][1], 2110 ECDSA_SECONDS);
2194 test_curves_bits[j],
2195 ECDSA_SECONDS);
2196 Time_F(START); 2111 Time_F(START);
2197 for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 2112 for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) {
2198 { 2113 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
2199 ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); 2114 if (ret != 1) {
2200 if (ret != 1)
2201 {
2202 BIO_printf(bio_err, "ECDSA verify failure\n"); 2115 BIO_printf(bio_err, "ECDSA verify failure\n");
2203 ERR_print_errors(bio_err); 2116 ERR_print_errors(bio_err);
2204 count=1; 2117 count = 1;
2205 break; 2118 break;
2206 }
2207 } 2119 }
2208 d=Time_F(STOP);
2209 BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
2210 : "%ld %d bit ECDSA verify in %.2fs\n",
2211 count, test_curves_bits[j], d);
2212 ecdsa_results[j][1]=d/(double)count;
2213 } 2120 }
2121 d = Time_F(STOP);
2122 BIO_printf(bio_err, mr ? "+R6:%ld:%d:%.2f\n"
2123 : "%ld %d bit ECDSA verify in %.2fs\n",
2124 count, test_curves_bits[j], d);
2125 ecdsa_results[j][1] = d / (double) count;
2126 }
2214 2127
2215 if (rsa_count <= 1) 2128 if (rsa_count <= 1) {
2216 {
2217 /* if longer than 10s, don't do any more */ 2129 /* if longer than 10s, don't do any more */
2218 for (j++; j<EC_NUM; j++) 2130 for (j++; j < EC_NUM; j++)
2219 ecdsa_doit[j]=0; 2131 ecdsa_doit[j] = 0;
2220 }
2221 } 2132 }
2222 } 2133 }
2223 if (rnd_fake) RAND_cleanup(); 2134 }
2135 if (rnd_fake)
2136 RAND_cleanup();
2224#endif 2137#endif
2225 2138
2226#ifndef OPENSSL_NO_ECDH 2139#ifndef OPENSSL_NO_ECDH
2227 if (RAND_status() != 1) 2140 if (RAND_status() != 1) {
2228 {
2229 RAND_seed(rnd_seed, sizeof rnd_seed); 2141 RAND_seed(rnd_seed, sizeof rnd_seed);
2230 rnd_fake = 1; 2142 rnd_fake = 1;
2231 } 2143 }
2232 for (j=0; j<EC_NUM; j++) 2144 for (j = 0; j < EC_NUM; j++) {
2233 { 2145 if (!ecdh_doit[j])
2234 if (!ecdh_doit[j]) continue; 2146 continue;
2235 ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]); 2147 ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
2236 ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]); 2148 ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
2237 if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) 2149 if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) {
2238 { 2150 BIO_printf(bio_err, "ECDH failure.\n");
2239 BIO_printf(bio_err,"ECDH failure.\n");
2240 ERR_print_errors(bio_err); 2151 ERR_print_errors(bio_err);
2241 rsa_count=1; 2152 rsa_count = 1;
2242 } 2153 } else {
2243 else
2244 {
2245 /* generate two ECDH key pairs */ 2154 /* generate two ECDH key pairs */
2246 if (!EC_KEY_generate_key(ecdh_a[j]) || 2155 if (!EC_KEY_generate_key(ecdh_a[j]) ||
2247 !EC_KEY_generate_key(ecdh_b[j])) 2156 !EC_KEY_generate_key(ecdh_b[j])) {
2248 { 2157 BIO_printf(bio_err, "ECDH key generation failure.\n");
2249 BIO_printf(bio_err,"ECDH key generation failure.\n");
2250 ERR_print_errors(bio_err); 2158 ERR_print_errors(bio_err);
2251 rsa_count=1; 2159 rsa_count = 1;
2252 } 2160 } else {
2253 else 2161 /*
2254 { 2162 * If field size is not more than 24 octets,
2255 /* If field size is not more than 24 octets, then use SHA-1 hash of result; 2163 * then use SHA-1 hash of result; otherwise,
2256 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). 2164 * use result (see section 4.8 of
2165 * draft-ietf-tls-ecc-03.txt).
2257 */ 2166 */
2258 int field_size, outlen; 2167 int field_size, outlen;
2259 void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); 2168 void *(*kdf) (const void *in, size_t inlen, void *out, size_t * xoutlen);
2260 field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j])); 2169 field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
2261 if (field_size <= 24 * 8) 2170 if (field_size <= 24 * 8) {
2262 {
2263 outlen = KDF1_SHA1_len; 2171 outlen = KDF1_SHA1_len;
2264 kdf = KDF1_SHA1; 2172 kdf = KDF1_SHA1;
2265 } 2173 } else {
2266 else 2174 outlen = (field_size + 7) / 8;
2267 {
2268 outlen = (field_size+7)/8;
2269 kdf = NULL; 2175 kdf = NULL;
2270 } 2176 }
2271 secret_size_a = ECDH_compute_key(secret_a, outlen, 2177 secret_size_a = ECDH_compute_key(secret_a, outlen,
2272 EC_KEY_get0_public_key(ecdh_b[j]), 2178 EC_KEY_get0_public_key(ecdh_b[j]),
2273 ecdh_a[j], kdf); 2179 ecdh_a[j], kdf);
2274 secret_size_b = ECDH_compute_key(secret_b, outlen, 2180 secret_size_b = ECDH_compute_key(secret_b, outlen,
2275 EC_KEY_get0_public_key(ecdh_a[j]), 2181 EC_KEY_get0_public_key(ecdh_a[j]),
2276 ecdh_b[j], kdf); 2182 ecdh_b[j], kdf);
2277 if (secret_size_a != secret_size_b) 2183 if (secret_size_a != secret_size_b)
2278 ecdh_checks = 0; 2184 ecdh_checks = 0;
2279 else 2185 else
2280 ecdh_checks = 1; 2186 ecdh_checks = 1;
2281 2187
2282 for (secret_idx = 0; 2188 for (secret_idx = 0;
2283 (secret_idx < secret_size_a) 2189 (secret_idx < secret_size_a)
2284 && (ecdh_checks == 1); 2190 && (ecdh_checks == 1);
2285 secret_idx++) 2191 secret_idx++) {
2286 {
2287 if (secret_a[secret_idx] != secret_b[secret_idx]) 2192 if (secret_a[secret_idx] != secret_b[secret_idx])
2288 ecdh_checks = 0; 2193 ecdh_checks = 0;
2289 } 2194 }
2290 2195
2291 if (ecdh_checks == 0) 2196 if (ecdh_checks == 0) {
2292 { 2197 BIO_printf(bio_err, "ECDH computations don't match.\n");
2293 BIO_printf(bio_err,"ECDH computations don't match.\n");
2294 ERR_print_errors(bio_err); 2198 ERR_print_errors(bio_err);
2295 rsa_count=1; 2199 rsa_count = 1;
2296 } 2200 }
2297 2201 pkey_print_message("", "ecdh",
2298 pkey_print_message("","ecdh", 2202 ecdh_c[j][0],
2299 ecdh_c[j][0], 2203 test_curves_bits[j],
2300 test_curves_bits[j], 2204 ECDH_SECONDS);
2301 ECDH_SECONDS);
2302 Time_F(START); 2205 Time_F(START);
2303 for (count=0,run=1; COND(ecdh_c[j][0]); count++) 2206 for (count = 0, run = 1; COND(ecdh_c[j][0]); count++) {
2304 {
2305 ECDH_compute_key(secret_a, outlen, 2207 ECDH_compute_key(secret_a, outlen,
2306 EC_KEY_get0_public_key(ecdh_b[j]), 2208 EC_KEY_get0_public_key(ecdh_b[j]),
2307 ecdh_a[j], kdf); 2209 ecdh_a[j], kdf);
2308 }
2309 d=Time_F(STOP);
2310 BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
2311 count, test_curves_bits[j], d);
2312 ecdh_results[j][0]=d/(double)count;
2313 rsa_count=count;
2314 } 2210 }
2211 d = Time_F(STOP);
2212 BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" : "%ld %d-bit ECDH ops in %.2fs\n",
2213 count, test_curves_bits[j], d);
2214 ecdh_results[j][0] = d / (double) count;
2215 rsa_count = count;
2315 } 2216 }
2217 }
2316 2218
2317 2219
2318 if (rsa_count <= 1) 2220 if (rsa_count <= 1) {
2319 {
2320 /* if longer than 10s, don't do any more */ 2221 /* if longer than 10s, don't do any more */
2321 for (j++; j<EC_NUM; j++) 2222 for (j++; j < EC_NUM; j++)
2322 ecdh_doit[j]=0; 2223 ecdh_doit[j] = 0;
2323 }
2324 } 2224 }
2325 if (rnd_fake) RAND_cleanup(); 2225 }
2226 if (rnd_fake)
2227 RAND_cleanup();
2326#endif 2228#endif
2327#ifndef NO_FORK 2229#ifndef NO_FORK
2328show_res: 2230show_res:
2329#endif 2231#endif
2330 if(!mr) 2232 if (!mr) {
2331 { 2233 fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
2332 fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); 2234 fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
2333 fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
2334 printf("options:"); 2235 printf("options:");
2335 printf("%s ",BN_options()); 2236 printf("%s ", BN_options());
2336#ifndef OPENSSL_NO_MD2 2237#ifndef OPENSSL_NO_MD2
2337 printf("%s ",MD2_options()); 2238 printf("%s ", MD2_options());
2338#endif 2239#endif
2339#ifndef OPENSSL_NO_RC4 2240#ifndef OPENSSL_NO_RC4
2340 printf("%s ",RC4_options()); 2241 printf("%s ", RC4_options());
2341#endif 2242#endif
2342#ifndef OPENSSL_NO_DES 2243#ifndef OPENSSL_NO_DES
2343 printf("%s ",DES_options()); 2244 printf("%s ", DES_options());
2344#endif 2245#endif
2345#ifndef OPENSSL_NO_AES 2246#ifndef OPENSSL_NO_AES
2346 printf("%s ",AES_options()); 2247 printf("%s ", AES_options());
2347#endif 2248#endif
2348#ifndef OPENSSL_NO_IDEA 2249#ifndef OPENSSL_NO_IDEA
2349 printf("%s ",idea_options()); 2250 printf("%s ", idea_options());
2350#endif 2251#endif
2351#ifndef OPENSSL_NO_BF 2252#ifndef OPENSSL_NO_BF
2352 printf("%s ",BF_options()); 2253 printf("%s ", BF_options());
2353#endif 2254#endif
2354 fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); 2255 fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
2355 } 2256 }
2356 2257 if (pr_header) {
2357 if (pr_header) 2258 if (mr)
2358 { 2259 fprintf(stdout, "+H");
2359 if(mr) 2260 else {
2360 fprintf(stdout,"+H"); 2261 fprintf(stdout, "The 'numbers' are in 1000s of bytes per second processed.\n");
2361 else 2262 fprintf(stdout, "type ");
2362 {
2363 fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
2364 fprintf(stdout,"type ");
2365 }
2366 for (j=0; j<SIZE_NUM; j++)
2367 fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
2368 fprintf(stdout,"\n");
2369 } 2263 }
2370 2264 for (j = 0; j < SIZE_NUM; j++)
2371 for (k=0; k<ALGOR_NUM; k++) 2265 fprintf(stdout, mr ? ":%d" : "%7d bytes", lengths[j]);
2372 { 2266 fprintf(stdout, "\n");
2373 if (!doit[k]) continue; 2267 }
2374 if(mr) 2268 for (k = 0; k < ALGOR_NUM; k++) {
2375 fprintf(stdout,"+F:%d:%s",k,names[k]); 2269 if (!doit[k])
2270 continue;
2271 if (mr)
2272 fprintf(stdout, "+F:%d:%s", k, names[k]);
2376 else 2273 else
2377 fprintf(stdout,"%-13s",names[k]); 2274 fprintf(stdout, "%-13s", names[k]);
2378 for (j=0; j<SIZE_NUM; j++) 2275 for (j = 0; j < SIZE_NUM; j++) {
2379 {
2380 if (results[k][j] > 10000 && !mr) 2276 if (results[k][j] > 10000 && !mr)
2381 fprintf(stdout," %11.2fk",results[k][j]/1e3); 2277 fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
2382 else 2278 else
2383 fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]); 2279 fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
2384 }
2385 fprintf(stdout,"\n");
2386 } 2280 }
2281 fprintf(stdout, "\n");
2282 }
2387#ifndef OPENSSL_NO_RSA 2283#ifndef OPENSSL_NO_RSA
2388 j=1; 2284 j = 1;
2389 for (k=0; k<RSA_NUM; k++) 2285 for (k = 0; k < RSA_NUM; k++) {
2390 { 2286 if (!rsa_doit[k])
2391 if (!rsa_doit[k]) continue; 2287 continue;
2392 if (j && !mr) 2288 if (j && !mr) {
2393 { 2289 printf("%18ssign verify sign/s verify/s\n", " ");
2394 printf("%18ssign verify sign/s verify/s\n"," "); 2290 j = 0;
2395 j=0;
2396 }
2397 if(mr)
2398 fprintf(stdout,"+F2:%u:%u:%f:%f\n",
2399 k,rsa_bits[k],rsa_results[k][0],
2400 rsa_results[k][1]);
2401 else
2402 fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
2403 rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
2404 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
2405 } 2291 }
2292 if (mr)
2293 fprintf(stdout, "+F2:%u:%u:%f:%f\n",
2294 k, rsa_bits[k], rsa_results[k][0],
2295 rsa_results[k][1]);
2296 else
2297 fprintf(stdout, "rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
2298 rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
2299 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
2300 }
2406#endif 2301#endif
2407#ifndef OPENSSL_NO_DSA 2302#ifndef OPENSSL_NO_DSA
2408 j=1; 2303 j = 1;
2409 for (k=0; k<DSA_NUM; k++) 2304 for (k = 0; k < DSA_NUM; k++) {
2410 { 2305 if (!dsa_doit[k])
2411 if (!dsa_doit[k]) continue; 2306 continue;
2412 if (j && !mr) 2307 if (j && !mr) {
2413 { 2308 printf("%18ssign verify sign/s verify/s\n", " ");
2414 printf("%18ssign verify sign/s verify/s\n"," "); 2309 j = 0;
2415 j=0;
2416 }
2417 if(mr)
2418 fprintf(stdout,"+F3:%u:%u:%f:%f\n",
2419 k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
2420 else
2421 fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
2422 dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
2423 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
2424 } 2310 }
2311 if (mr)
2312 fprintf(stdout, "+F3:%u:%u:%f:%f\n",
2313 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
2314 else
2315 fprintf(stdout, "dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
2316 dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
2317 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
2318 }
2425#endif 2319#endif
2426#ifndef OPENSSL_NO_ECDSA 2320#ifndef OPENSSL_NO_ECDSA
2427 j=1; 2321 j = 1;
2428 for (k=0; k<EC_NUM; k++) 2322 for (k = 0; k < EC_NUM; k++) {
2429 { 2323 if (!ecdsa_doit[k])
2430 if (!ecdsa_doit[k]) continue; 2324 continue;
2431 if (j && !mr) 2325 if (j && !mr) {
2432 { 2326 printf("%30ssign verify sign/s verify/s\n", " ");
2433 printf("%30ssign verify sign/s verify/s\n"," "); 2327 j = 0;
2434 j=0; 2328 }
2435 }
2436
2437 if (mr) 2329 if (mr)
2438 fprintf(stdout,"+F4:%u:%u:%f:%f\n", 2330 fprintf(stdout, "+F4:%u:%u:%f:%f\n",
2439 k, test_curves_bits[k], 2331 k, test_curves_bits[k],
2440 ecdsa_results[k][0],ecdsa_results[k][1]); 2332 ecdsa_results[k][0], ecdsa_results[k][1]);
2441 else 2333 else
2442 fprintf(stdout, 2334 fprintf(stdout,
2443 "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", 2335 "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
2444 test_curves_bits[k], 2336 test_curves_bits[k],
2445 test_curves_names[k], 2337 test_curves_names[k],
2446 ecdsa_results[k][0],ecdsa_results[k][1], 2338 ecdsa_results[k][0], ecdsa_results[k][1],
2447 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]); 2339 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
2448 } 2340 }
2449#endif 2341#endif
2450 2342
2451 2343
2452#ifndef OPENSSL_NO_ECDH 2344#ifndef OPENSSL_NO_ECDH
2453 j=1; 2345 j = 1;
2454 for (k=0; k<EC_NUM; k++) 2346 for (k = 0; k < EC_NUM; k++) {
2455 { 2347 if (!ecdh_doit[k])
2456 if (!ecdh_doit[k]) continue; 2348 continue;
2457 if (j && !mr) 2349 if (j && !mr) {
2458 { 2350 printf("%30sop op/s\n", " ");
2459 printf("%30sop op/s\n"," "); 2351 j = 0;
2460 j=0; 2352 }
2461 }
2462 if (mr) 2353 if (mr)
2463 fprintf(stdout,"+F5:%u:%u:%f:%f\n", 2354 fprintf(stdout, "+F5:%u:%u:%f:%f\n",
2464 k, test_curves_bits[k], 2355 k, test_curves_bits[k],
2465 ecdh_results[k][0], 1.0/ecdh_results[k][0]); 2356 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
2466 2357
2467 else 2358 else
2468 fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n", 2359 fprintf(stdout, "%4u bit ecdh (%s) %8.4fs %8.1f\n",
2469 test_curves_bits[k], 2360 test_curves_bits[k],
2470 test_curves_names[k], 2361 test_curves_names[k],
2471 ecdh_results[k][0], 1.0/ecdh_results[k][0]); 2362 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
2472 } 2363 }
2473#endif 2364#endif
2474 2365
2475 mret=0; 2366 mret = 0;
2476 2367
2477end: 2368end:
2478 ERR_print_errors(bio_err); 2369 ERR_print_errors(bio_err);
2479 if (buf != NULL) free(buf); 2370 if (buf != NULL)
2480 if (buf2 != NULL) free(buf2); 2371 free(buf);
2372 if (buf2 != NULL)
2373 free(buf2);
2481#ifndef OPENSSL_NO_RSA 2374#ifndef OPENSSL_NO_RSA
2482 for (i=0; i<RSA_NUM; i++) 2375 for (i = 0; i < RSA_NUM; i++)
2483 if (rsa_key[i] != NULL) 2376 if (rsa_key[i] != NULL)
2484 RSA_free(rsa_key[i]); 2377 RSA_free(rsa_key[i]);
2485#endif 2378#endif
2486#ifndef OPENSSL_NO_DSA 2379#ifndef OPENSSL_NO_DSA
2487 for (i=0; i<DSA_NUM; i++) 2380 for (i = 0; i < DSA_NUM; i++)
2488 if (dsa_key[i] != NULL) 2381 if (dsa_key[i] != NULL)
2489 DSA_free(dsa_key[i]); 2382 DSA_free(dsa_key[i]);
2490#endif 2383#endif
2491 2384
2492#ifndef OPENSSL_NO_ECDSA 2385#ifndef OPENSSL_NO_ECDSA
2493 for (i=0; i<EC_NUM; i++) 2386 for (i = 0; i < EC_NUM; i++)
2494 if (ecdsa[i] != NULL) 2387 if (ecdsa[i] != NULL)
2495 EC_KEY_free(ecdsa[i]); 2388 EC_KEY_free(ecdsa[i]);
2496#endif 2389#endif
2497#ifndef OPENSSL_NO_ECDH 2390#ifndef OPENSSL_NO_ECDH
2498 for (i=0; i<EC_NUM; i++) 2391 for (i = 0; i < EC_NUM; i++) {
2499 {
2500 if (ecdh_a[i] != NULL) 2392 if (ecdh_a[i] != NULL)
2501 EC_KEY_free(ecdh_a[i]); 2393 EC_KEY_free(ecdh_a[i]);
2502 if (ecdh_b[i] != NULL) 2394 if (ecdh_b[i] != NULL)
@@ -2505,273 +2397,255 @@ end:
2505#endif 2397#endif
2506 2398
2507 apps_shutdown(); 2399 apps_shutdown();
2508 return(mret); 2400 return (mret);
2509 } 2401}
2510 2402
2511static void print_message(const char *s, long num, int length) 2403static void
2512 { 2404print_message(const char *s, long num, int length)
2405{
2513#ifdef SIGALRM 2406#ifdef SIGALRM
2514 BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n" 2407 BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n"
2515 : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length); 2408 : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
2516 (void)BIO_flush(bio_err); 2409 (void) BIO_flush(bio_err);
2517 alarm(SECONDS); 2410 alarm(SECONDS);
2518#else 2411#else
2519 BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n" 2412 BIO_printf(bio_err, mr ? "+DN:%s:%ld:%d\n"
2520 : "Doing %s %ld times on %d size blocks: ",s,num,length); 2413 : "Doing %s %ld times on %d size blocks: ", s, num, length);
2521 (void)BIO_flush(bio_err); 2414 (void) BIO_flush(bio_err);
2522#endif 2415#endif
2523#ifdef LINT 2416#ifdef LINT
2524 num=num; 2417 num = num;
2525#endif 2418#endif
2526 } 2419}
2527 2420
2528static void pkey_print_message(const char *str, const char *str2, long num, 2421static void
2529 int bits, int tm) 2422pkey_print_message(const char *str, const char *str2, long num,
2530 { 2423 int bits, int tm)
2424{
2531#ifdef SIGALRM 2425#ifdef SIGALRM
2532 BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" 2426 BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n"
2533 : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); 2427 : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
2534 (void)BIO_flush(bio_err); 2428 (void) BIO_flush(bio_err);
2535 alarm(tm); 2429 alarm(tm);
2536#else 2430#else
2537 BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n" 2431 BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n"
2538 : "Doing %ld %d bit %s %s's: ",num,bits,str,str2); 2432 : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
2539 (void)BIO_flush(bio_err); 2433 (void) BIO_flush(bio_err);
2540#endif 2434#endif
2541#ifdef LINT 2435#ifdef LINT
2542 num=num; 2436 num = num;
2543#endif 2437#endif
2438}
2439
2440static void
2441print_result(int alg, int run_no, int count, double time_used)
2442{
2443 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
2444 : "%d %s's in %.2fs\n", count, names[alg], time_used);
2445 results[alg][run_no] = ((double) count) / time_used * lengths[run_no];
2446}
2447
2448#ifndef NO_FORK
2449static char *
2450sstrsep(char **string, const char *delim)
2451{
2452 char isdelim[256];
2453 char *token = *string;
2454
2455 if (**string == 0)
2456 return NULL;
2457
2458 memset(isdelim, 0, sizeof isdelim);
2459 isdelim[0] = 1;
2460
2461 while (*delim) {
2462 isdelim[(unsigned char) (*delim)] = 1;
2463 delim++;
2544 } 2464 }
2545 2465
2546static void print_result(int alg,int run_no,int count,double time_used) 2466 while (!isdelim[(unsigned char) (**string)]) {
2547 { 2467 (*string)++;
2548 BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
2549 : "%d %s's in %.2fs\n",count,names[alg],time_used);
2550 results[alg][run_no]=((double)count)/time_used*lengths[run_no];
2551 } 2468 }
2552 2469
2553#ifndef NO_FORK 2470 if (**string) {
2554static char *sstrsep(char **string, const char *delim) 2471 **string = 0;
2555 { 2472 (*string)++;
2556 char isdelim[256]; 2473 }
2557 char *token = *string; 2474 return token;
2558 2475}
2559 if (**string == 0) 2476
2560 return NULL; 2477static int
2561 2478do_multi(int multi)
2562 memset(isdelim, 0, sizeof isdelim); 2479{
2563 isdelim[0] = 1;
2564
2565 while (*delim)
2566 {
2567 isdelim[(unsigned char)(*delim)] = 1;
2568 delim++;
2569 }
2570
2571 while (!isdelim[(unsigned char)(**string)])
2572 {
2573 (*string)++;
2574 }
2575
2576 if (**string)
2577 {
2578 **string = 0;
2579 (*string)++;
2580 }
2581
2582 return token;
2583 }
2584
2585static int do_multi(int multi)
2586 {
2587 int n; 2480 int n;
2588 int fd[2]; 2481 int fd[2];
2589 int *fds; 2482 int *fds;
2590 static char sep[]=":"; 2483 static char sep[] = ":";
2591 2484
2592 fds=malloc(multi*sizeof *fds); 2485 fds = malloc(multi * sizeof *fds);
2593 for(n=0 ; n < multi ; ++n) 2486 for (n = 0; n < multi; ++n) {
2594 { 2487 if (pipe(fd) == -1) {
2595 if (pipe(fd) == -1)
2596 {
2597 fprintf(stderr, "pipe failure\n"); 2488 fprintf(stderr, "pipe failure\n");
2598 exit(1); 2489 exit(1);
2599 } 2490 }
2600 fflush(stdout); 2491 fflush(stdout);
2601 fflush(stderr); 2492 fflush(stderr);
2602 if(fork()) 2493 if (fork()) {
2603 {
2604 close(fd[1]); 2494 close(fd[1]);
2605 fds[n]=fd[0]; 2495 fds[n] = fd[0];
2606 } 2496 } else {
2607 else
2608 {
2609 close(fd[0]); 2497 close(fd[0]);
2610 close(1); 2498 close(1);
2611 if (dup(fd[1]) == -1) 2499 if (dup(fd[1]) == -1) {
2612 {
2613 fprintf(stderr, "dup failed\n"); 2500 fprintf(stderr, "dup failed\n");
2614 exit(1); 2501 exit(1);
2615 } 2502 }
2616 close(fd[1]); 2503 close(fd[1]);
2617 mr=1; 2504 mr = 1;
2618 usertime=0; 2505 usertime = 0;
2619 free(fds); 2506 free(fds);
2620 return 0; 2507 return 0;
2621 }
2622 printf("Forked child %d\n",n);
2623 } 2508 }
2509 printf("Forked child %d\n", n);
2510 }
2624 2511
2625 /* for now, assume the pipe is long enough to take all the output */ 2512 /* for now, assume the pipe is long enough to take all the output */
2626 for(n=0 ; n < multi ; ++n) 2513 for (n = 0; n < multi; ++n) {
2627 {
2628 FILE *f; 2514 FILE *f;
2629 char buf[1024]; 2515 char buf[1024];
2630 char *p; 2516 char *p;
2631 2517
2632 f=fdopen(fds[n],"r"); 2518 f = fdopen(fds[n], "r");
2633 while(fgets(buf,sizeof buf,f)) 2519 while (fgets(buf, sizeof buf, f)) {
2634 { 2520 p = strchr(buf, '\n');
2635 p=strchr(buf,'\n'); 2521 if (p)
2636 if(p) 2522 *p = '\0';
2637 *p='\0'; 2523 if (buf[0] != '+') {
2638 if(buf[0] != '+') 2524 fprintf(stderr, "Don't understand line '%s' from child %d\n",
2639 { 2525 buf, n);
2640 fprintf(stderr,"Don't understand line '%s' from child %d\n",
2641 buf,n);
2642 continue; 2526 continue;
2643 } 2527 }
2644 printf("Got: %s from %d\n",buf,n); 2528 printf("Got: %s from %d\n", buf, n);
2645 if(!strncmp(buf,"+F:",3)) 2529 if (!strncmp(buf, "+F:", 3)) {
2646 {
2647 int alg; 2530 int alg;
2648 int j; 2531 int j;
2649 2532
2650 p=buf+3; 2533 p = buf + 3;
2651 alg=atoi(sstrsep(&p,sep)); 2534 alg = atoi(sstrsep(&p, sep));
2652 sstrsep(&p,sep); 2535 sstrsep(&p, sep);
2653 for(j=0 ; j < SIZE_NUM ; ++j) 2536 for (j = 0; j < SIZE_NUM; ++j)
2654 results[alg][j]+=atof(sstrsep(&p,sep)); 2537 results[alg][j] += atof(sstrsep(&p, sep));
2655 } 2538 } else if (!strncmp(buf, "+F2:", 4)) {
2656 else if(!strncmp(buf,"+F2:",4))
2657 {
2658 int k; 2539 int k;
2659 double d; 2540 double d;
2660 2541
2661 p=buf+4; 2542 p = buf + 4;
2662 k=atoi(sstrsep(&p,sep)); 2543 k = atoi(sstrsep(&p, sep));
2663 sstrsep(&p,sep); 2544 sstrsep(&p, sep);
2664 2545
2665 d=atof(sstrsep(&p,sep)); 2546 d = atof(sstrsep(&p, sep));
2666 if(n) 2547 if (n)
2667 rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); 2548 rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
2668 else 2549 else
2669 rsa_results[k][0]=d; 2550 rsa_results[k][0] = d;
2670 2551
2671 d=atof(sstrsep(&p,sep)); 2552 d = atof(sstrsep(&p, sep));
2672 if(n) 2553 if (n)
2673 rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); 2554 rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
2674 else 2555 else
2675 rsa_results[k][1]=d; 2556 rsa_results[k][1] = d;
2676 } 2557 } else if (!strncmp(buf, "+F2:", 4)) {
2677 else if(!strncmp(buf,"+F2:",4))
2678 {
2679 int k; 2558 int k;
2680 double d; 2559 double d;
2681 2560
2682 p=buf+4; 2561 p = buf + 4;
2683 k=atoi(sstrsep(&p,sep)); 2562 k = atoi(sstrsep(&p, sep));
2684 sstrsep(&p,sep); 2563 sstrsep(&p, sep);
2685 2564
2686 d=atof(sstrsep(&p,sep)); 2565 d = atof(sstrsep(&p, sep));
2687 if(n) 2566 if (n)
2688 rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); 2567 rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
2689 else 2568 else
2690 rsa_results[k][0]=d; 2569 rsa_results[k][0] = d;
2691 2570
2692 d=atof(sstrsep(&p,sep)); 2571 d = atof(sstrsep(&p, sep));
2693 if(n) 2572 if (n)
2694 rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); 2573 rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
2695 else 2574 else
2696 rsa_results[k][1]=d; 2575 rsa_results[k][1] = d;
2697 } 2576 }
2698#ifndef OPENSSL_NO_DSA 2577#ifndef OPENSSL_NO_DSA
2699 else if(!strncmp(buf,"+F3:",4)) 2578 else if (!strncmp(buf, "+F3:", 4)) {
2700 {
2701 int k; 2579 int k;
2702 double d; 2580 double d;
2703 2581
2704 p=buf+4; 2582 p = buf + 4;
2705 k=atoi(sstrsep(&p,sep)); 2583 k = atoi(sstrsep(&p, sep));
2706 sstrsep(&p,sep); 2584 sstrsep(&p, sep);
2707 2585
2708 d=atof(sstrsep(&p,sep)); 2586 d = atof(sstrsep(&p, sep));
2709 if(n) 2587 if (n)
2710 dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d); 2588 dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
2711 else 2589 else
2712 dsa_results[k][0]=d; 2590 dsa_results[k][0] = d;
2713 2591
2714 d=atof(sstrsep(&p,sep)); 2592 d = atof(sstrsep(&p, sep));
2715 if(n) 2593 if (n)
2716 dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d); 2594 dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
2717 else 2595 else
2718 dsa_results[k][1]=d; 2596 dsa_results[k][1] = d;
2719 } 2597 }
2720#endif 2598#endif
2721#ifndef OPENSSL_NO_ECDSA 2599#ifndef OPENSSL_NO_ECDSA
2722 else if(!strncmp(buf,"+F4:",4)) 2600 else if (!strncmp(buf, "+F4:", 4)) {
2723 {
2724 int k; 2601 int k;
2725 double d; 2602 double d;
2726 2603
2727 p=buf+4; 2604 p = buf + 4;
2728 k=atoi(sstrsep(&p,sep)); 2605 k = atoi(sstrsep(&p, sep));
2729 sstrsep(&p,sep); 2606 sstrsep(&p, sep);
2730 2607
2731 d=atof(sstrsep(&p,sep)); 2608 d = atof(sstrsep(&p, sep));
2732 if(n) 2609 if (n)
2733 ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d); 2610 ecdsa_results[k][0] = 1 / (1 / ecdsa_results[k][0] + 1 / d);
2734 else 2611 else
2735 ecdsa_results[k][0]=d; 2612 ecdsa_results[k][0] = d;
2736 2613
2737 d=atof(sstrsep(&p,sep)); 2614 d = atof(sstrsep(&p, sep));
2738 if(n) 2615 if (n)
2739 ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d); 2616 ecdsa_results[k][1] = 1 / (1 / ecdsa_results[k][1] + 1 / d);
2740 else 2617 else
2741 ecdsa_results[k][1]=d; 2618 ecdsa_results[k][1] = d;
2742 } 2619 }
2743#endif 2620#endif
2744 2621
2745#ifndef OPENSSL_NO_ECDH 2622#ifndef OPENSSL_NO_ECDH
2746 else if(!strncmp(buf,"+F5:",4)) 2623 else if (!strncmp(buf, "+F5:", 4)) {
2747 {
2748 int k; 2624 int k;
2749 double d; 2625 double d;
2750 2626
2751 p=buf+4; 2627 p = buf + 4;
2752 k=atoi(sstrsep(&p,sep)); 2628 k = atoi(sstrsep(&p, sep));
2753 sstrsep(&p,sep); 2629 sstrsep(&p, sep);
2754 2630
2755 d=atof(sstrsep(&p,sep)); 2631 d = atof(sstrsep(&p, sep));
2756 if(n) 2632 if (n)
2757 ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d); 2633 ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
2758 else 2634 else
2759 ecdh_results[k][0]=d; 2635 ecdh_results[k][0] = d;
2760 2636
2761 } 2637 }
2762#endif 2638#endif
2763 2639
2764 else if(!strncmp(buf,"+H:",3)) 2640 else if (!strncmp(buf, "+H:", 3)) {
2765 { 2641 } else
2766 } 2642 fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n);
2767 else 2643 }
2768 fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
2769 }
2770 2644
2771 fclose(f); 2645 fclose(f);
2772 } 2646 }
2773 free(fds); 2647 free(fds);
2774 return 1; 2648 return 1;
2775 } 2649}
2776#endif 2650#endif
2777#endif 2651#endif
diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c
index 3caf5c04bd..33ca993361 100644
--- a/src/lib/libssl/src/apps/spkac.c
+++ b/src/lib/libssl/src/apps/spkac.c
@@ -12,7 +12,7 @@
12 * are met: 12 * are met:
13 * 13 *
14 * 1. Redistributions of source code must retain the above copyright 14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer. 15 * notice, this list of conditions and the following disclaimer.
16 * 16 *
17 * 2. Redistributions in binary form must reproduce the above copyright 17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in 18 * notice, this list of conditions and the following disclaimer in
@@ -79,13 +79,14 @@
79 79
80int MAIN(int, char **); 80int MAIN(int, char **);
81 81
82int MAIN(int argc, char **argv) 82int
83 { 83MAIN(int argc, char **argv)
84{
84 ENGINE *e = NULL; 85 ENGINE *e = NULL;
85 int i,badops=0, ret = 1; 86 int i, badops = 0, ret = 1;
86 BIO *in = NULL,*out = NULL; 87 BIO *in = NULL, *out = NULL;
87 int verify=0,noout=0,pubkey=0; 88 int verify = 0, noout = 0, pubkey = 0;
88 char *infile = NULL,*outfile = NULL,*prog; 89 char *infile = NULL, *outfile = NULL, *prog;
89 char *passargin = NULL, *passin = NULL; 90 char *passargin = NULL, *passin = NULL;
90 const char *spkac = "SPKAC", *spksect = "default"; 91 const char *spkac = "SPKAC", *spksect = "default";
91 char *spkstr = NULL; 92 char *spkstr = NULL;
@@ -94,124 +95,118 @@ int MAIN(int argc, char **argv)
94 NETSCAPE_SPKI *spki = NULL; 95 NETSCAPE_SPKI *spki = NULL;
95 EVP_PKEY *pkey = NULL; 96 EVP_PKEY *pkey = NULL;
96#ifndef OPENSSL_NO_ENGINE 97#ifndef OPENSSL_NO_ENGINE
97 char *engine=NULL; 98 char *engine = NULL;
98#endif 99#endif
99 100
100 apps_startup(); 101 apps_startup();
101 102
102 if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 103 if (!bio_err)
104 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
103 105
104 if (!load_config(bio_err, NULL)) 106 if (!load_config(bio_err, NULL))
105 goto end; 107 goto end;
106 108
107 prog=argv[0]; 109 prog = argv[0];
108 argc--; 110 argc--;
109 argv++; 111 argv++;
110 while (argc >= 1) 112 while (argc >= 1) {
111 { 113 if (strcmp(*argv, "-in") == 0) {
112 if (strcmp(*argv,"-in") == 0) 114 if (--argc < 1)
113 { 115 goto bad;
114 if (--argc < 1) goto bad; 116 infile = *(++argv);
115 infile= *(++argv); 117 } else if (strcmp(*argv, "-out") == 0) {
116 } 118 if (--argc < 1)
117 else if (strcmp(*argv,"-out") == 0) 119 goto bad;
118 { 120 outfile = *(++argv);
119 if (--argc < 1) goto bad; 121 } else if (strcmp(*argv, "-passin") == 0) {
120 outfile= *(++argv); 122 if (--argc < 1)
121 } 123 goto bad;
122 else if (strcmp(*argv,"-passin") == 0) 124 passargin = *(++argv);
123 { 125 } else if (strcmp(*argv, "-key") == 0) {
124 if (--argc < 1) goto bad; 126 if (--argc < 1)
125 passargin= *(++argv); 127 goto bad;
126 } 128 keyfile = *(++argv);
127 else if (strcmp(*argv,"-key") == 0) 129 } else if (strcmp(*argv, "-challenge") == 0) {
128 { 130 if (--argc < 1)
129 if (--argc < 1) goto bad; 131 goto bad;
130 keyfile= *(++argv); 132 challenge = *(++argv);
131 } 133 } else if (strcmp(*argv, "-spkac") == 0) {
132 else if (strcmp(*argv,"-challenge") == 0) 134 if (--argc < 1)
133 { 135 goto bad;
134 if (--argc < 1) goto bad; 136 spkac = *(++argv);
135 challenge= *(++argv); 137 } else if (strcmp(*argv, "-spksect") == 0) {
136 } 138 if (--argc < 1)
137 else if (strcmp(*argv,"-spkac") == 0) 139 goto bad;
138 { 140 spksect = *(++argv);
139 if (--argc < 1) goto bad; 141 }
140 spkac= *(++argv);
141 }
142 else if (strcmp(*argv,"-spksect") == 0)
143 {
144 if (--argc < 1) goto bad;
145 spksect= *(++argv);
146 }
147#ifndef OPENSSL_NO_ENGINE 142#ifndef OPENSSL_NO_ENGINE
148 else if (strcmp(*argv,"-engine") == 0) 143 else if (strcmp(*argv, "-engine") == 0) {
149 { 144 if (--argc < 1)
150 if (--argc < 1) goto bad; 145 goto bad;
151 engine= *(++argv); 146 engine = *(++argv);
152 } 147 }
153#endif 148#endif
154 else if (strcmp(*argv,"-noout") == 0) 149 else if (strcmp(*argv, "-noout") == 0)
155 noout=1; 150 noout = 1;
156 else if (strcmp(*argv,"-pubkey") == 0) 151 else if (strcmp(*argv, "-pubkey") == 0)
157 pubkey=1; 152 pubkey = 1;
158 else if (strcmp(*argv,"-verify") == 0) 153 else if (strcmp(*argv, "-verify") == 0)
159 verify=1; 154 verify = 1;
160 else badops = 1; 155 else
156 badops = 1;
161 argc--; 157 argc--;
162 argv++; 158 argv++;
163 } 159 }
164 160
165 if (badops) 161 if (badops) {
166 {
167bad: 162bad:
168 BIO_printf(bio_err,"%s [options]\n",prog); 163 BIO_printf(bio_err, "%s [options]\n", prog);
169 BIO_printf(bio_err,"where options are\n"); 164 BIO_printf(bio_err, "where options are\n");
170 BIO_printf(bio_err," -in arg input file\n"); 165 BIO_printf(bio_err, " -in arg input file\n");
171 BIO_printf(bio_err," -out arg output file\n"); 166 BIO_printf(bio_err, " -out arg output file\n");
172 BIO_printf(bio_err," -key arg create SPKAC using private key\n"); 167 BIO_printf(bio_err, " -key arg create SPKAC using private key\n");
173 BIO_printf(bio_err," -passin arg input file pass phrase source\n"); 168 BIO_printf(bio_err, " -passin arg input file pass phrase source\n");
174 BIO_printf(bio_err," -challenge arg challenge string\n"); 169 BIO_printf(bio_err, " -challenge arg challenge string\n");
175 BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); 170 BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
176 BIO_printf(bio_err," -noout don't print SPKAC\n"); 171 BIO_printf(bio_err, " -noout don't print SPKAC\n");
177 BIO_printf(bio_err," -pubkey output public key\n"); 172 BIO_printf(bio_err, " -pubkey output public key\n");
178 BIO_printf(bio_err," -verify verify SPKAC signature\n"); 173 BIO_printf(bio_err, " -verify verify SPKAC signature\n");
179#ifndef OPENSSL_NO_ENGINE 174#ifndef OPENSSL_NO_ENGINE
180 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); 175 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
181#endif 176#endif
182 goto end; 177 goto end;
183 } 178 }
184
185 ERR_load_crypto_strings(); 179 ERR_load_crypto_strings();
186 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 180 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
187 BIO_printf(bio_err, "Error getting password\n"); 181 BIO_printf(bio_err, "Error getting password\n");
188 goto end; 182 goto end;
189 } 183 }
190
191#ifndef OPENSSL_NO_ENGINE 184#ifndef OPENSSL_NO_ENGINE
192 e = setup_engine(bio_err, engine, 0); 185 e = setup_engine(bio_err, engine, 0);
193#endif 186#endif
194 187
195 if(keyfile) { 188 if (keyfile) {
196 pkey = load_key(bio_err, 189 pkey = load_key(bio_err,
197 strcmp(keyfile, "-") ? keyfile : NULL, 190 strcmp(keyfile, "-") ? keyfile : NULL,
198 FORMAT_PEM, 1, passin, e, "private key"); 191 FORMAT_PEM, 1, passin, e, "private key");
199 if(!pkey) { 192 if (!pkey) {
200 goto end; 193 goto end;
201 } 194 }
202 spki = NETSCAPE_SPKI_new(); 195 spki = NETSCAPE_SPKI_new();
203 if(challenge) ASN1_STRING_set(spki->spkac->challenge, 196 if (challenge)
204 challenge, (int)strlen(challenge)); 197 ASN1_STRING_set(spki->spkac->challenge,
198 challenge, (int) strlen(challenge));
205 NETSCAPE_SPKI_set_pubkey(spki, pkey); 199 NETSCAPE_SPKI_set_pubkey(spki, pkey);
206 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 200 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
207 spkstr = NETSCAPE_SPKI_b64_encode(spki); 201 spkstr = NETSCAPE_SPKI_b64_encode(spki);
208 202
209 if (outfile) out = BIO_new_file(outfile, "w"); 203 if (outfile)
204 out = BIO_new_file(outfile, "w");
210 else { 205 else {
211 out = BIO_new_fp(stdout, BIO_NOCLOSE); 206 out = BIO_new_fp(stdout, BIO_NOCLOSE);
212 } 207 }
213 208
214 if(!out) { 209 if (!out) {
215 BIO_printf(bio_err, "Error opening output file\n"); 210 BIO_printf(bio_err, "Error opening output file\n");
216 ERR_print_errors(bio_err); 211 ERR_print_errors(bio_err);
217 goto end; 212 goto end;
@@ -221,66 +216,64 @@ bad:
221 ret = 0; 216 ret = 0;
222 goto end; 217 goto end;
223 } 218 }
219 if (infile)
220 in = BIO_new_file(infile, "r");
221 else
222 in = BIO_new_fp(stdin, BIO_NOCLOSE);
224 223
225 224 if (!in) {
226
227 if (infile) in = BIO_new_file(infile, "r");
228 else in = BIO_new_fp(stdin, BIO_NOCLOSE);
229
230 if(!in) {
231 BIO_printf(bio_err, "Error opening input file\n"); 225 BIO_printf(bio_err, "Error opening input file\n");
232 ERR_print_errors(bio_err); 226 ERR_print_errors(bio_err);
233 goto end; 227 goto end;
234 } 228 }
235
236 conf = NCONF_new(NULL); 229 conf = NCONF_new(NULL);
237 i = NCONF_load_bio(conf, in, NULL); 230 i = NCONF_load_bio(conf, in, NULL);
238 231
239 if(!i) { 232 if (!i) {
240 BIO_printf(bio_err, "Error parsing config file\n"); 233 BIO_printf(bio_err, "Error parsing config file\n");
241 ERR_print_errors(bio_err); 234 ERR_print_errors(bio_err);
242 goto end; 235 goto end;
243 } 236 }
244
245 spkstr = NCONF_get_string(conf, spksect, spkac); 237 spkstr = NCONF_get_string(conf, spksect, spkac);
246 238
247 if(!spkstr) { 239 if (!spkstr) {
248 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 240 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
249 ERR_print_errors(bio_err); 241 ERR_print_errors(bio_err);
250 goto end; 242 goto end;
251 } 243 }
252
253 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 244 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
254 245
255 if(!spki) { 246 if (!spki) {
256 BIO_printf(bio_err, "Error loading SPKAC\n"); 247 BIO_printf(bio_err, "Error loading SPKAC\n");
257 ERR_print_errors(bio_err); 248 ERR_print_errors(bio_err);
258 goto end; 249 goto end;
259 } 250 }
260 251 if (outfile)
261 if (outfile) out = BIO_new_file(outfile, "w"); 252 out = BIO_new_file(outfile, "w");
262 else { 253 else {
263 out = BIO_new_fp(stdout, BIO_NOCLOSE); 254 out = BIO_new_fp(stdout, BIO_NOCLOSE);
264 } 255 }
265 256
266 if(!out) { 257 if (!out) {
267 BIO_printf(bio_err, "Error opening output file\n"); 258 BIO_printf(bio_err, "Error opening output file\n");
268 ERR_print_errors(bio_err); 259 ERR_print_errors(bio_err);
269 goto end; 260 goto end;
270 } 261 }
271 262 if (!noout)
272 if(!noout) NETSCAPE_SPKI_print(out, spki); 263 NETSCAPE_SPKI_print(out, spki);
273 pkey = NETSCAPE_SPKI_get_pubkey(spki); 264 pkey = NETSCAPE_SPKI_get_pubkey(spki);
274 if(verify) { 265 if (verify) {
275 i = NETSCAPE_SPKI_verify(spki, pkey); 266 i = NETSCAPE_SPKI_verify(spki, pkey);
276 if (i > 0) BIO_printf(bio_err, "Signature OK\n"); 267 if (i > 0)
268 BIO_printf(bio_err, "Signature OK\n");
277 else { 269 else {
278 BIO_printf(bio_err, "Signature Failure\n"); 270 BIO_printf(bio_err, "Signature Failure\n");
279 ERR_print_errors(bio_err); 271 ERR_print_errors(bio_err);
280 goto end; 272 goto end;
281 } 273 }
282 } 274 }
283 if(pubkey) PEM_write_bio_PUBKEY(out, pkey); 275 if (pubkey)
276 PEM_write_bio_PUBKEY(out, pkey);
284 277
285 ret = 0; 278 ret = 0;
286 279
@@ -290,7 +283,8 @@ end:
290 BIO_free(in); 283 BIO_free(in);
291 BIO_free_all(out); 284 BIO_free_all(out);
292 EVP_PKEY_free(pkey); 285 EVP_PKEY_free(pkey);
293 if(passin) free(passin); 286 if (passin)
287 free(passin);
294 apps_shutdown(); 288 apps_shutdown();
295 return(ret); 289 return (ret);
296 } 290}
diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c
index 2ce1d40831..1a874fbd6c 100644
--- a/src/lib/libssl/src/apps/srp.c
+++ b/src/lib/libssl/src/apps/srp.c
@@ -1,5 +1,5 @@
1/* apps/srp.c */ 1/* apps/srp.c */
2/* Written by Peter Sylvester (peter.sylvester@edelweb.fr) 2/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
3 * for the EdelKey project and contributed to the OpenSSL project 2004. 3 * for the EdelKey project and contributed to the OpenSSL project 2004.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -81,25 +81,25 @@
81#define ENV_DATABASE "srpvfile" 81#define ENV_DATABASE "srpvfile"
82#define ENV_DEFAULT_SRP "default_srp" 82#define ENV_DEFAULT_SRP "default_srp"
83 83
84static char *srp_usage[]={ 84static char *srp_usage[] = {
85"usage: srp [args] [user] \n", 85 "usage: srp [args] [user] \n",
86"\n", 86 "\n",
87" -verbose Talk alot while doing things\n", 87 " -verbose Talk alot while doing things\n",
88" -config file A config file\n", 88 " -config file A config file\n",
89" -name arg The particular srp definition to use\n", 89 " -name arg The particular srp definition to use\n",
90" -srpvfile arg The srp verifier file name\n", 90 " -srpvfile arg The srp verifier file name\n",
91" -add add an user and srp verifier\n", 91 " -add add an user and srp verifier\n",
92" -modify modify the srp verifier of an existing user\n", 92 " -modify modify the srp verifier of an existing user\n",
93" -delete delete user from verifier file\n", 93 " -delete delete user from verifier file\n",
94" -list list user\n", 94 " -list list user\n",
95" -gn arg g and N values to be used for new verifier\n", 95 " -gn arg g and N values to be used for new verifier\n",
96" -userinfo arg additional info to be set for user\n", 96 " -userinfo arg additional info to be set for user\n",
97" -passin arg input file pass phrase source\n", 97 " -passin arg input file pass phrase source\n",
98" -passout arg output file pass phrase source\n", 98 " -passout arg output file pass phrase source\n",
99#ifndef OPENSSL_NO_ENGINE 99#ifndef OPENSSL_NO_ENGINE
100" -engine e - use engine e, possibly a hardware device.\n", 100 " -engine e - use engine e, possibly a hardware device.\n",
101#endif 101#endif
102NULL 102 NULL
103}; 103};
104 104
105#ifdef EFENCE 105#ifdef EFENCE
@@ -108,110 +108,108 @@ extern int EF_PROTECT_BELOW;
108extern int EF_ALIGNMENT; 108extern int EF_ALIGNMENT;
109#endif 109#endif
110 110
111static CONF *conf=NULL; 111static CONF *conf = NULL;
112static char *section=NULL; 112static char *section = NULL;
113 113
114#define VERBOSE if (verbose) 114#define VERBOSE if (verbose)
115#define VVERBOSE if (verbose>1) 115#define VVERBOSE if (verbose>1)
116 116
117 117
118int MAIN(int, char **); 118int MAIN(int, char **);
119 119
120static int get_index(CA_DB *db, char* id, char type) 120static int
121 { 121get_index(CA_DB * db, char *id, char type)
122 char ** pp; 122{
123 char **pp;
123 int i; 124 int i;
124 if (id == NULL) return -1; 125 if (id == NULL)
125 if (type == DB_SRP_INDEX) 126 return -1;
126 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 127 if (type == DB_SRP_INDEX)
127 { 128 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
128 pp = sk_OPENSSL_PSTRING_value(db->db->data,i); 129 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
129 if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 130 if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
130 return i; 131 return i;
131 } 132 }
132 else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 133 else
133 { 134 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
134 pp = sk_OPENSSL_PSTRING_value(db->db->data,i); 135 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
135 136
136 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 137 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
137 return i; 138 return i;
138 } 139 }
139 140
140 return -1 ; 141 return -1;
141 } 142}
142 143
143static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) 144static void
144 { 145print_entry(CA_DB * db, BIO * bio, int indx, int verbose, char *s)
145 if (indx >= 0 && verbose) 146{
146 { 147 if (indx >= 0 && verbose) {
147 int j; 148 int j;
148 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); 149 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
149 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); 150 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
150 for (j = 0; j < DB_NUMBER; j++) 151 for (j = 0; j < DB_NUMBER; j++) {
151 { 152 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
152 BIO_printf(bio_err," %d = \"%s\"\n", j, pp[j]);
153 }
154 } 153 }
155 } 154 }
155}
156 156
157static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) 157static void
158 { 158print_index(CA_DB * db, BIO * bio, int indexindex, int verbose)
159 print_entry(db, bio, indexindex, verbose, "g N entry") ; 159{
160 } 160 print_entry(db, bio, indexindex, verbose, "g N entry");
161}
161 162
162static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) 163static void
163 { 164print_user(CA_DB * db, BIO * bio, int userindex, int verbose)
164 if (verbose > 0) 165{
165 { 166 if (verbose > 0) {
166 char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); 167 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
167 168
168 if (pp[DB_srptype][0] != 'I') 169 if (pp[DB_srptype][0] != 'I') {
169 {
170 print_entry(db, bio, userindex, verbose, "User entry"); 170 print_entry(db, bio, userindex, verbose, "User entry");
171 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry"); 171 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
172 }
173
174 } 172 }
175 } 173 }
174}
176 175
177static int update_index(CA_DB *db, BIO *bio, char **row) 176static int
178 { 177update_index(CA_DB * db, BIO * bio, char **row)
179 char ** irow; 178{
179 char **irow;
180 int i; 180 int i;
181 181
182 if ((irow=(char **)malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) 182 if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
183 { 183 BIO_printf(bio_err, "Memory allocation failure\n");
184 BIO_printf(bio_err,"Memory allocation failure\n");
185 return 0; 184 return 0;
186 } 185 }
187 186 for (i = 0; i < DB_NUMBER; i++) {
188 for (i=0; i<DB_NUMBER; i++) 187 irow[i] = row[i];
189 { 188 row[i] = NULL;
190 irow[i]=row[i]; 189 }
191 row[i]=NULL; 190 irow[DB_NUMBER] = NULL;
192 }
193 irow[DB_NUMBER]=NULL;
194 191
195 if (!TXT_DB_insert(db->db,irow)) 192 if (!TXT_DB_insert(db->db, irow)) {
196 { 193 BIO_printf(bio, "failed to update srpvfile\n");
197 BIO_printf(bio,"failed to update srpvfile\n"); 194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
198 BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
199 free(irow); 195 free(irow);
200 return 0; 196 return 0;
201 }
202 return 1;
203 } 197 }
198 return 1;
199}
204 200
205static void lookup_fail(const char *name, char *tag) 201static void
206 { 202lookup_fail(const char *name, char *tag)
207 BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); 203{
208 } 204 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
205}
209 206
210 207
211static char *srp_verify_user(const char *user, const char *srp_verifier, 208static char *
212 char *srp_usersalt, const char *g, const char *N, 209srp_verify_user(const char *user, const char *srp_verifier,
213 const char *passin, BIO *bio, int verbose) 210 char *srp_usersalt, const char *g, const char *N,
214 { 211 const char *passin, BIO * bio, int verbose)
212{
215 char password[1024]; 213 char password[1024];
216 PW_CB_DATA cb_tmp; 214 PW_CB_DATA cb_tmp;
217 char *verifier = NULL; 215 char *verifier = NULL;
@@ -220,90 +218,85 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
220 cb_tmp.prompt_info = user; 218 cb_tmp.prompt_info = user;
221 cb_tmp.password = passin; 219 cb_tmp.password = passin;
222 220
223 if (password_callback(password, 1024, 0, &cb_tmp) >0) 221 if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
224 { 222 VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N);
225 VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
226 BIO_printf(bio, "Pass %s\n", password); 223 BIO_printf(bio, "Pass %s\n", password);
227 224
228 if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) 225 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) {
229 {
230 BIO_printf(bio, "Internal error validating SRP verifier\n"); 226 BIO_printf(bio, "Internal error validating SRP verifier\n");
231 } 227 } else {
232 else
233 {
234 if (strcmp(verifier, srp_verifier)) 228 if (strcmp(verifier, srp_verifier))
235 gNid = NULL; 229 gNid = NULL;
236 free(verifier); 230 free(verifier);
237 }
238 } 231 }
239 return gNid;
240 } 232 }
233 return gNid;
234}
241 235
242static char *srp_create_user(char *user, char **srp_verifier, 236static char *
243 char **srp_usersalt, char *g, char *N, 237srp_create_user(char *user, char **srp_verifier,
244 char *passout, BIO *bio, int verbose) 238 char **srp_usersalt, char *g, char *N,
245 { 239 char *passout, BIO * bio, int verbose)
246 char password[1024]; 240{
247 PW_CB_DATA cb_tmp; 241 char password[1024];
242 PW_CB_DATA cb_tmp;
248 char *gNid = NULL; 243 char *gNid = NULL;
249 char *salt = NULL; 244 char *salt = NULL;
250 cb_tmp.prompt_info = user; 245 cb_tmp.prompt_info = user;
251 cb_tmp.password = passout; 246 cb_tmp.password = passout;
252 247
253 if (password_callback(password,1024,1,&cb_tmp) >0) 248 if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
254 { 249 VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N);
255 VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N); 250 if (!(gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) {
256 if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) 251 BIO_printf(bio, "Internal error creating SRP verifier\n");
257 { 252 } else
258 BIO_printf(bio,"Internal error creating SRP verifier\n");
259 }
260 else
261 *srp_usersalt = salt; 253 *srp_usersalt = salt;
262 VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier); 254 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier);
263 255
264 }
265 return gNid;
266 } 256 }
257 return gNid;
258}
267 259
268int MAIN(int argc, char **argv) 260int
269 { 261MAIN(int argc, char **argv)
262{
270 int add_user = 0; 263 int add_user = 0;
271 int list_user= 0; 264 int list_user = 0;
272 int delete_user= 0; 265 int delete_user = 0;
273 int modify_user= 0; 266 int modify_user = 0;
274 char * user = NULL; 267 char *user = NULL;
275 268
276 char *passargin = NULL, *passargout = NULL; 269 char *passargin = NULL, *passargout = NULL;
277 char *passin = NULL, *passout = NULL; 270 char *passin = NULL, *passout = NULL;
278 char * gN = NULL; 271 char *gN = NULL;
279 int gNindex = -1; 272 int gNindex = -1;
280 char ** gNrow = NULL; 273 char **gNrow = NULL;
281 int maxgN = -1; 274 int maxgN = -1;
282 275
283 char * userinfo = NULL; 276 char *userinfo = NULL;
284 277
285 int badops=0; 278 int badops = 0;
286 int ret=1; 279 int ret = 1;
287 int errors=0; 280 int errors = 0;
288 int verbose=0; 281 int verbose = 0;
289 int doupdatedb=0; 282 int doupdatedb = 0;
290 char *configfile=NULL; 283 char *configfile = NULL;
291 char *dbfile=NULL; 284 char *dbfile = NULL;
292 CA_DB *db=NULL; 285 CA_DB *db = NULL;
293 char **pp ; 286 char **pp;
294 int i; 287 int i;
295 long errorline = -1; 288 long errorline = -1;
296 char *randfile=NULL; 289 char *randfile = NULL;
297#ifndef OPENSSL_NO_ENGINE 290#ifndef OPENSSL_NO_ENGINE
298 char *engine = NULL; 291 char *engine = NULL;
299#endif 292#endif
300 char *tofree=NULL; 293 char *tofree = NULL;
301 DB_ATTR db_attr; 294 DB_ATTR db_attr;
302 295
303#ifdef EFENCE 296#ifdef EFENCE
304EF_PROTECT_FREE=1; 297 EF_PROTECT_FREE = 1;
305EF_PROTECT_BELOW=1; 298 EF_PROTECT_BELOW = 1;
306EF_ALIGNMENT=0; 299 EF_ALIGNMENT = 0;
307#endif 300#endif
308 301
309 apps_startup(); 302 apps_startup();
@@ -312,439 +305,381 @@ EF_ALIGNMENT=0;
312 section = NULL; 305 section = NULL;
313 306
314 if (bio_err == NULL) 307 if (bio_err == NULL)
315 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 308 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
316 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 309 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
317 310
318 argc--; 311 argc--;
319 argv++; 312 argv++;
320 while (argc >= 1 && badops == 0) 313 while (argc >= 1 && badops == 0) {
321 { 314 if (strcmp(*argv, "-verbose") == 0)
322 if (strcmp(*argv,"-verbose") == 0)
323 verbose++; 315 verbose++;
324 else if (strcmp(*argv,"-config") == 0) 316 else if (strcmp(*argv, "-config") == 0) {
325 { 317 if (--argc < 1)
326 if (--argc < 1) goto bad; 318 goto bad;
327 configfile= *(++argv); 319 configfile = *(++argv);
328 } 320 } else if (strcmp(*argv, "-name") == 0) {
329 else if (strcmp(*argv,"-name") == 0) 321 if (--argc < 1)
330 { 322 goto bad;
331 if (--argc < 1) goto bad; 323 section = *(++argv);
332 section= *(++argv); 324 } else if (strcmp(*argv, "-srpvfile") == 0) {
333 } 325 if (--argc < 1)
334 else if (strcmp(*argv,"-srpvfile") == 0) 326 goto bad;
335 { 327 dbfile = *(++argv);
336 if (--argc < 1) goto bad; 328 } else if (strcmp(*argv, "-add") == 0)
337 dbfile= *(++argv); 329 add_user = 1;
338 } 330 else if (strcmp(*argv, "-delete") == 0)
339 else if (strcmp(*argv,"-add") == 0) 331 delete_user = 1;
340 add_user=1; 332 else if (strcmp(*argv, "-modify") == 0)
341 else if (strcmp(*argv,"-delete") == 0) 333 modify_user = 1;
342 delete_user=1; 334 else if (strcmp(*argv, "-list") == 0)
343 else if (strcmp(*argv,"-modify") == 0) 335 list_user = 1;
344 modify_user=1; 336 else if (strcmp(*argv, "-gn") == 0) {
345 else if (strcmp(*argv,"-list") == 0) 337 if (--argc < 1)
346 list_user=1; 338 goto bad;
347 else if (strcmp(*argv,"-gn") == 0) 339 gN = *(++argv);
348 { 340 } else if (strcmp(*argv, "-userinfo") == 0) {
349 if (--argc < 1) goto bad; 341 if (--argc < 1)
350 gN= *(++argv); 342 goto bad;
351 } 343 userinfo = *(++argv);
352 else if (strcmp(*argv,"-userinfo") == 0) 344 } else if (strcmp(*argv, "-passin") == 0) {
353 { 345 if (--argc < 1)
354 if (--argc < 1) goto bad; 346 goto bad;
355 userinfo= *(++argv); 347 passargin = *(++argv);
356 } 348 } else if (strcmp(*argv, "-passout") == 0) {
357 else if (strcmp(*argv,"-passin") == 0) 349 if (--argc < 1)
358 { 350 goto bad;
359 if (--argc < 1) goto bad; 351 passargout = *(++argv);
360 passargin= *(++argv); 352 }
361 }
362 else if (strcmp(*argv,"-passout") == 0)
363 {
364 if (--argc < 1) goto bad;
365 passargout= *(++argv);
366 }
367#ifndef OPENSSL_NO_ENGINE 353#ifndef OPENSSL_NO_ENGINE
368 else if (strcmp(*argv,"-engine") == 0) 354 else if (strcmp(*argv, "-engine") == 0) {
369 { 355 if (--argc < 1)
370 if (--argc < 1) goto bad; 356 goto bad;
371 engine= *(++argv); 357 engine = *(++argv);
372 } 358 }
373#endif 359#endif
374 360
375 else if (**argv == '-') 361 else if (**argv == '-') {
376 { 362 bad:
377bad: 363 BIO_printf(bio_err, "unknown option %s\n", *argv);
378 BIO_printf(bio_err,"unknown option %s\n",*argv); 364 badops = 1;
379 badops=1;
380 break; 365 break;
381 } 366 } else
382 else
383 break; 367 break;
384 368
385 argc--; 369 argc--;
386 argv++; 370 argv++;
387 } 371 }
388 372
389 if (dbfile && configfile) 373 if (dbfile && configfile) {
390 { 374 BIO_printf(bio_err, "-dbfile and -configfile cannot be specified together.\n");
391 BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
392 badops = 1; 375 badops = 1;
393 } 376 }
394 if (add_user+delete_user+modify_user+list_user != 1) 377 if (add_user + delete_user + modify_user + list_user != 1) {
395 { 378 BIO_printf(bio_err, "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
396 BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
397 badops = 1; 379 badops = 1;
398 } 380 }
399 if (delete_user+modify_user+delete_user== 1 && argc <= 0) 381 if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
400 { 382 BIO_printf(bio_err, "Need at least one user for options -add, -delete, -modify. \n");
401 BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
402 badops = 1; 383 badops = 1;
403 } 384 }
404 if ((passin || passout) && argc != 1 ) 385 if ((passin || passout) && argc != 1) {
405 { 386 BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n");
406 BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
407 badops = 1; 387 badops = 1;
408 } 388 }
409 389 if (badops) {
410 if (badops) 390 for (pp = srp_usage; (*pp != NULL); pp++)
411 { 391 BIO_printf(bio_err, "%s", *pp);
412 for (pp=srp_usage; (*pp != NULL); pp++)
413 BIO_printf(bio_err,"%s",*pp);
414 392
415 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 393 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
416 BIO_printf(bio_err," load the file (or the files in the directory) into\n"); 394 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
417 BIO_printf(bio_err," the random number generator\n"); 395 BIO_printf(bio_err, " the random number generator\n");
418 goto err; 396 goto err;
419 } 397 }
420
421 ERR_load_crypto_strings(); 398 ERR_load_crypto_strings();
422 399
423#ifndef OPENSSL_NO_ENGINE 400#ifndef OPENSSL_NO_ENGINE
424 setup_engine(bio_err, engine, 0); 401 setup_engine(bio_err, engine, 0);
425#endif 402#endif
426 403
427 if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 404 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
428 {
429 BIO_printf(bio_err, "Error getting passwords\n"); 405 BIO_printf(bio_err, "Error getting passwords\n");
430 goto err; 406 goto err;
431 } 407 }
432 408 if (!dbfile) {
433 if (!dbfile)
434 {
435 409
436 410
437 /*****************************************************************/ 411 /*****************************************************************/
438 tofree=NULL; 412 tofree = NULL;
439 if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); 413 if (configfile == NULL)
440 if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); 414 configfile = getenv("OPENSSL_CONF");
441 if (configfile == NULL) 415 if (configfile == NULL)
442 { 416 configfile = getenv("SSLEAY_CONF");
443 const char *s=X509_get_default_cert_area(); 417 if (configfile == NULL) {
418 const char *s = X509_get_default_cert_area();
444 size_t len; 419 size_t len;
445 420
446 len = strlen(s)+sizeof(CONFIG_FILE)+1; 421 len = strlen(s) + sizeof(CONFIG_FILE) + 1;
447 tofree=malloc(len); 422 tofree = malloc(len);
448 BUF_strlcpy(tofree,s,len); 423 BUF_strlcpy(tofree, s, len);
449 BUF_strlcat(tofree,"/",len); 424 BUF_strlcat(tofree, "/", len);
450 BUF_strlcat(tofree,CONFIG_FILE,len); 425 BUF_strlcat(tofree, CONFIG_FILE, len);
451 configfile=tofree; 426 configfile = tofree;
452 } 427 }
453 428 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", configfile);
454 VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
455 conf = NCONF_new(NULL); 429 conf = NCONF_new(NULL);
456 if (NCONF_load(conf,configfile,&errorline) <= 0) 430 if (NCONF_load(conf, configfile, &errorline) <= 0) {
457 {
458 if (errorline <= 0) 431 if (errorline <= 0)
459 BIO_printf(bio_err,"error loading the config file '%s'\n", 432 BIO_printf(bio_err, "error loading the config file '%s'\n",
460 configfile); 433 configfile);
461 else 434 else
462 BIO_printf(bio_err,"error on line %ld of config file '%s'\n" 435 BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
463 ,errorline,configfile); 436 ,errorline, configfile);
464 goto err; 437 goto err;
465 } 438 }
466 if(tofree) 439 if (tofree) {
467 {
468 free(tofree); 440 free(tofree);
469 tofree = NULL; 441 tofree = NULL;
470 } 442 }
471
472 if (!load_config(bio_err, conf)) 443 if (!load_config(bio_err, conf))
473 goto err; 444 goto err;
474 445
475 /* Lets get the config section we are using */ 446 /* Lets get the config section we are using */
476 if (section == NULL) 447 if (section == NULL) {
477 { 448 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
478 VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
479 449
480 section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP); 450 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
481 if (section == NULL) 451 if (section == NULL) {
482 { 452 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
483 lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
484 goto err; 453 goto err;
485 }
486 } 454 }
487 455 }
488 if (randfile == NULL && conf) 456 if (randfile == NULL && conf)
489 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 457 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
490 458
491
492 VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
493 459
494 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 460 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
495 {
496 lookup_fail(section,ENV_DATABASE);
497 goto err;
498 }
499 461
500 } 462 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
463 lookup_fail(section, ENV_DATABASE);
464 goto err;
465 }
466 }
501 if (randfile == NULL) 467 if (randfile == NULL)
502 ERR_clear_error(); 468 ERR_clear_error();
503 else 469 else
504 app_RAND_load_file(randfile, bio_err, 0); 470 app_RAND_load_file(randfile, bio_err, 0);
505 471
506 VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile); 472 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
507 473
508 db = load_index(dbfile, &db_attr); 474 db = load_index(dbfile, &db_attr);
509 if (db == NULL) goto err; 475 if (db == NULL)
476 goto err;
510 477
511 /* Lets check some fields */ 478 /* Lets check some fields */
512 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 479 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
513 {
514 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 480 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
515 481
516 if (pp[DB_srptype][0] == DB_SRP_INDEX) 482 if (pp[DB_srptype][0] == DB_SRP_INDEX) {
517 {
518 maxgN = i; 483 maxgN = i;
519 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) 484 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
520 gNindex = i; 485 gNindex = i;
521 486
522 print_index(db, bio_err, i, verbose > 1); 487 print_index(db, bio_err, i, verbose > 1);
523 }
524 } 488 }
525 489 }
490
526 VERBOSE BIO_printf(bio_err, "Database initialised\n"); 491 VERBOSE BIO_printf(bio_err, "Database initialised\n");
527 492
528 if (gNindex >= 0) 493 if (gNindex >= 0) {
529 { 494 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
530 gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
531 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); 495 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
532 } 496 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
533 else if (maxgN > 0 && !SRP_get_default_gN(gN))
534 {
535 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); 497 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
536 goto err; 498 goto err;
537 } 499 } else {
538 else
539 {
540 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n"); 500 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
541 gNrow = NULL; 501 gNrow = NULL;
542 } 502 }
543 503
544 504
545 VVERBOSE BIO_printf(bio_err,"Starting user processing\n"); 505 VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
546 506
547 if (argc > 0) 507 if (argc > 0)
548 user = *(argv++) ; 508 user = *(argv++);
549 509
550 while (list_user || user) 510 while (list_user || user) {
551 {
552 int userindex = -1; 511 int userindex = -1;
553 if (user) 512 if (user)
554 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user); 513 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
555 if ((userindex = get_index(db, user, 'U')) >= 0) 514 if ((userindex = get_index(db, user, 'U')) >= 0) {
556 {
557 print_user(db, bio_err, userindex, (verbose > 0) || list_user); 515 print_user(db, bio_err, userindex, (verbose > 0) || list_user);
558 } 516 }
559 517 if (list_user) {
560 if (list_user) 518 if (user == NULL) {
561 { 519 BIO_printf(bio_err, "List all users\n");
562 if (user == NULL) 520
563 { 521 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
564 BIO_printf(bio_err,"List all users\n"); 522 print_user(db, bio_err, i, 1);
565
566 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
567 {
568 print_user(db,bio_err, i, 1);
569 }
570 list_user = 0;
571 } 523 }
572 else if (userindex < 0) 524 list_user = 0;
573 { 525 } else if (userindex < 0) {
574 BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n", 526 BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
575 user); 527 user);
576 errors++; 528 errors++;
577 }
578 } 529 }
579 else if (add_user) 530 } else if (add_user) {
580 { 531 if (userindex >= 0) {
581 if (userindex >= 0)
582 {
583 /* reactivation of a new user */ 532 /* reactivation of a new user */
584 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 533 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
585 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 534 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
586 row[DB_srptype][0] = 'V'; 535 row[DB_srptype][0] = 'V';
587 536
588 doupdatedb = 1; 537 doupdatedb = 1;
589 } 538 } else {
590 else 539 char *row[DB_NUMBER];
591 { 540 char *gNid;
592 char *row[DB_NUMBER] ; char *gNid;
593 row[DB_srpverifier] = NULL; 541 row[DB_srpverifier] = NULL;
594 row[DB_srpsalt] = NULL; 542 row[DB_srpsalt] = NULL;
595 row[DB_srpinfo] = NULL; 543 row[DB_srpinfo] = NULL;
596 if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) 544 if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
597 { 545 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
598 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user); 546 errors++;
599 errors++; 547 goto err;
600 goto err; 548 }
601 }
602 row[DB_srpid] = BUF_strdup(user); 549 row[DB_srpid] = BUF_strdup(user);
603 row[DB_srptype] = BUF_strdup("v"); 550 row[DB_srptype] = BUF_strdup("v");
604 row[DB_srpgN] = BUF_strdup(gNid); 551 row[DB_srpgN] = BUF_strdup(gNid);
605 552
606 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] || 553 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
607 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 554 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
608 !update_index(db, bio_err, row)) 555 !update_index(db, bio_err, row)) {
609 { 556 if (row[DB_srpid])
610 if (row[DB_srpid]) free(row[DB_srpid]); 557 free(row[DB_srpid]);
611 if (row[DB_srpgN]) free(row[DB_srpgN]); 558 if (row[DB_srpgN])
612 if (row[DB_srpinfo]) free(row[DB_srpinfo]); 559 free(row[DB_srpgN]);
613 if (row[DB_srptype]) free(row[DB_srptype]); 560 if (row[DB_srpinfo])
614 if (row[DB_srpverifier]) free(row[DB_srpverifier]); 561 free(row[DB_srpinfo]);
615 if (row[DB_srpsalt]) free(row[DB_srpsalt]); 562 if (row[DB_srptype])
563 free(row[DB_srptype]);
564 if (row[DB_srpverifier])
565 free(row[DB_srpverifier]);
566 if (row[DB_srpsalt])
567 free(row[DB_srpsalt]);
616 goto err; 568 goto err;
617 }
618 doupdatedb = 1;
619 } 569 }
570 doupdatedb = 1;
620 } 571 }
621 else if (modify_user) 572 } else if (modify_user) {
622 { 573 if (userindex < 0) {
623 if (userindex < 0) 574 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored.\n", user);
624 {
625 BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
626 errors++; 575 errors++;
627 } 576 } else {
628 else
629 {
630 577
631 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 578 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
632 char type = row[DB_srptype][0]; 579 char type = row[DB_srptype][0];
633 if (type == 'v') 580 if (type == 'v') {
634 { 581 BIO_printf(bio_err, "user \"%s\" already updated, operation ignored.\n", user);
635 BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
636 errors++; 582 errors++;
637 } 583 } else {
638 else
639 {
640 char *gNid; 584 char *gNid;
641 585
642 if (row[DB_srptype][0] == 'V') 586 if (row[DB_srptype][0] == 'V') {
643 {
644 int user_gN; 587 int user_gN;
645 char **irow = NULL; 588 char **irow = NULL;
646 VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user); 589 VERBOSE BIO_printf(bio_err, "Verifying password for user \"%s\"\n", user);
647 if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 590 if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
648 irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); 591 irow = (char **) sk_OPENSSL_PSTRING_value(db->db->data, userindex);
649 592
650 if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose)) 593 if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose)) {
651 {
652 BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user); 594 BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
653 errors++; 595 errors++;
654 goto err; 596 goto err;
655 } 597 }
656 } 598 }
657 VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user); 599 VERBOSE BIO_printf(bio_err, "Password for user \"%s\" ok.\n", user);
658 600
659 if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) 601 if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
660 {
661 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); 602 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
662 errors++; 603 errors++;
663 goto err; 604 goto err;
664 } 605 }
665
666 row[DB_srptype][0] = 'v'; 606 row[DB_srptype][0] = 'v';
667 row[DB_srpgN] = BUF_strdup(gNid); 607 row[DB_srpgN] = BUF_strdup(gNid);
668 608
669 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] || 609 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
670 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) 610 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
671 goto err; 611 goto err;
672 612
673 doupdatedb = 1; 613 doupdatedb = 1;
674 }
675 } 614 }
676 } 615 }
677 else if (delete_user) 616 } else if (delete_user) {
678 { 617 if (userindex < 0) {
679 if (userindex < 0)
680 {
681 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user); 618 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
682 errors++; 619 errors++;
683 } 620 } else {
684 else 621 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
685 {
686 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
687 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); 622 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
688 623
689 xpp[DB_srptype][0] = 'R'; 624 xpp[DB_srptype][0] = 'R';
690 625
691 doupdatedb = 1; 626 doupdatedb = 1;
692 }
693 } 627 }
628 }
694 if (--argc > 0) 629 if (--argc > 0)
695 user = *(argv++) ; 630 user = *(argv++);
696 else 631 else {
697 {
698 user = NULL; 632 user = NULL;
699 list_user = 0; 633 list_user = 0;
700 }
701 } 634 }
635 }
702 636
703 VERBOSE BIO_printf(bio_err,"User procession done.\n"); 637 VERBOSE BIO_printf(bio_err, "User procession done.\n");
704 638
705 639
706 if (doupdatedb) 640 if (doupdatedb) {
707 {
708 /* Lets check some fields */ 641 /* Lets check some fields */
709 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 642 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
710 { 643 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
711 pp = sk_OPENSSL_PSTRING_value(db->db->data,i); 644
712 645 if (pp[DB_srptype][0] == 'v') {
713 if (pp[DB_srptype][0] == 'v')
714 {
715 pp[DB_srptype][0] = 'V'; 646 pp[DB_srptype][0] = 'V';
716 print_user(db, bio_err, i, verbose); 647 print_user(db, bio_err, i, verbose);
717 }
718 } 648 }
649 }
719 650
720 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); 651 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
721 if (!save_index(dbfile, "new", db)) goto err; 652 if (!save_index(dbfile, "new", db))
722 653 goto err;
654
723 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); 655 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
724 if (!rotate_index(dbfile, "new", "old")) goto err; 656 if (!rotate_index(dbfile, "new", "old"))
657 goto err;
725 658
726 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n"); 659 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
727 } 660 }
728
729 ret = (errors != 0); 661 ret = (errors != 0);
730err: 662err:
731 if (errors != 0) 663 if (errors != 0)
732 VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors); 664 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
733 665
734 VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret); 666 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
735 if(tofree) 667 if (tofree)
736 free(tofree); 668 free(tofree);
737 if (ret) ERR_print_errors(bio_err); 669 if (ret)
738 if (randfile) app_RAND_write_file(randfile, bio_err); 670 ERR_print_errors(bio_err);
739 if (conf) NCONF_free(conf); 671 if (randfile)
740 if (db) free_index(db); 672 app_RAND_write_file(randfile, bio_err);
673 if (conf)
674 NCONF_free(conf);
675 if (db)
676 free_index(db);
741 677
742 OBJ_cleanup(); 678 OBJ_cleanup();
743 apps_shutdown(); 679 apps_shutdown();
744 return(ret); 680 return (ret);
745 } 681}
746 682
747 683
748 684
749#endif 685#endif
750
diff --git a/src/lib/libssl/src/apps/ts.c b/src/lib/libssl/src/apps/ts.c
index 799c5b3532..627e37549d 100644
--- a/src/lib/libssl/src/apps/ts.c
+++ b/src/lib/libssl/src/apps/ts.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -82,53 +82,62 @@ static ASN1_OBJECT *txt2obj(const char *oid);
82static CONF *load_config_file(const char *configfile); 82static CONF *load_config_file(const char *configfile);
83 83
84/* Query related functions. */ 84/* Query related functions. */
85static int query_command(const char *data, char *digest, 85static int
86 const EVP_MD *md, const char *policy, int no_nonce, 86query_command(const char *data, char *digest,
87 int cert, const char *in, const char *out, int text); 87 const EVP_MD * md, const char *policy, int no_nonce,
88static BIO *BIO_open_with_default(const char *file, const char *mode, 88 int cert, const char *in, const char *out, int text);
89 FILE *default_fp); 89static BIO *
90static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, 90BIO_open_with_default(const char *file, const char *mode,
91 const char *policy, int no_nonce, int cert); 91 FILE * default_fp);
92static int create_digest(BIO *input, char *digest, 92static TS_REQ *
93 const EVP_MD *md, unsigned char **md_value); 93create_query(BIO * data_bio, char *digest, const EVP_MD * md,
94 const char *policy, int no_nonce, int cert);
95static int
96create_digest(BIO * input, char *digest,
97 const EVP_MD * md, unsigned char **md_value);
94static ASN1_INTEGER *create_nonce(int bits); 98static ASN1_INTEGER *create_nonce(int bits);
95 99
96/* Reply related functions. */ 100/* Reply related functions. */
97static int reply_command(CONF *conf, char *section, char *engine, 101static int
98 char *queryfile, char *passin, char *inkey, 102reply_command(CONF * conf, char *section, char *engine,
99 char *signer, char *chain, const char *policy, 103 char *queryfile, char *passin, char *inkey,
100 char *in, int token_in, char *out, int token_out, 104 char *signer, char *chain, const char *policy,
101 int text); 105 char *in, int token_in, char *out, int token_out,
102static TS_RESP *read_PKCS7(BIO *in_bio); 106 int text);
103static TS_RESP *create_response(CONF *conf, const char *section, char *engine, 107static TS_RESP *read_PKCS7(BIO * in_bio);
104 char *queryfile, char *passin, char *inkey, 108static TS_RESP *
105 char *signer, char *chain, const char *policy); 109create_response(CONF * conf, const char *section, char *engine,
106static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data); 110 char *queryfile, char *passin, char *inkey,
111 char *signer, char *chain, const char *policy);
112static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data);
107static ASN1_INTEGER *next_serial(const char *serialfile); 113static ASN1_INTEGER *next_serial(const char *serialfile);
108static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); 114static int save_ts_serial(const char *serialfile, ASN1_INTEGER * serial);
109 115
110/* Verify related functions. */ 116/* Verify related functions. */
111static int verify_command(char *data, char *digest, char *queryfile, 117static int
112 char *in, int token_in, 118verify_command(char *data, char *digest, char *queryfile,
113 char *ca_path, char *ca_file, char *untrusted); 119 char *in, int token_in,
114static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, 120 char *ca_path, char *ca_file, char *untrusted);
115 char *queryfile, 121static TS_VERIFY_CTX *
116 char *ca_path, char *ca_file, 122create_verify_ctx(char *data, char *digest,
117 char *untrusted); 123 char *queryfile,
124 char *ca_path, char *ca_file,
125 char *untrusted);
118static X509_STORE *create_cert_store(char *ca_path, char *ca_file); 126static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
119static int verify_cb(int ok, X509_STORE_CTX *ctx); 127static int verify_cb(int ok, X509_STORE_CTX * ctx);
120 128
121/* Main function definition. */ 129/* Main function definition. */
122int MAIN(int, char **); 130int MAIN(int, char **);
123 131
124int MAIN(int argc, char **argv) 132int
125 { 133MAIN(int argc, char **argv)
134{
126 int ret = 1; 135 int ret = 1;
127 char *configfile = NULL; 136 char *configfile = NULL;
128 char *section = NULL; 137 char *section = NULL;
129 CONF *conf = NULL; 138 CONF *conf = NULL;
130 enum mode { 139 enum mode {
131 CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY 140 CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
132 } mode = CMD_NONE; 141 } mode = CMD_NONE;
133 char *data = NULL; 142 char *data = NULL;
134 char *digest = NULL; 143 char *digest = NULL;
@@ -142,7 +151,7 @@ int MAIN(int argc, char **argv)
142 int text = 0; 151 int text = 0;
143 char *queryfile = NULL; 152 char *queryfile = NULL;
144 char *passin = NULL; /* Password source. */ 153 char *passin = NULL; /* Password source. */
145 char *password =NULL; /* Password itself. */ 154 char *password = NULL; /* Password itself. */
146 char *inkey = NULL; 155 char *inkey = NULL;
147 char *signer = NULL; 156 char *signer = NULL;
148 char *chain = NULL; 157 char *chain = NULL;
@@ -151,7 +160,7 @@ int MAIN(int argc, char **argv)
151 char *untrusted = NULL; 160 char *untrusted = NULL;
152 char *engine = NULL; 161 char *engine = NULL;
153 /* Input is ContentInfo instead of TimeStampResp. */ 162 /* Input is ContentInfo instead of TimeStampResp. */
154 int token_in = 0; 163 int token_in = 0;
155 /* Output is ContentInfo instead of TimeStampResp. */ 164 /* Output is ContentInfo instead of TimeStampResp. */
156 int token_out = 0; 165 int token_out = 0;
157 int free_bio_err = 0; 166 int free_bio_err = 0;
@@ -159,314 +168,276 @@ int MAIN(int argc, char **argv)
159 ERR_load_crypto_strings(); 168 ERR_load_crypto_strings();
160 apps_startup(); 169 apps_startup();
161 170
162 if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) 171 if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) {
163 {
164 free_bio_err = 1; 172 free_bio_err = 1;
165 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); 173 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
166 } 174 }
167
168 if (!load_config(bio_err, NULL)) 175 if (!load_config(bio_err, NULL))
169 goto cleanup; 176 goto cleanup;
170 177
171 for (argc--, argv++; argc > 0; argc--, argv++) 178 for (argc--, argv++; argc > 0; argc--, argv++) {
172 { 179 if (strcmp(*argv, "-config") == 0) {
173 if (strcmp(*argv, "-config") == 0) 180 if (argc-- < 1)
174 { 181 goto usage;
175 if (argc-- < 1) goto usage;
176 configfile = *++argv; 182 configfile = *++argv;
177 } 183 } else if (strcmp(*argv, "-section") == 0) {
178 else if (strcmp(*argv, "-section") == 0) 184 if (argc-- < 1)
179 { 185 goto usage;
180 if (argc-- < 1) goto usage;
181 section = *++argv; 186 section = *++argv;
182 } 187 } else if (strcmp(*argv, "-query") == 0) {
183 else if (strcmp(*argv, "-query") == 0) 188 if (mode != CMD_NONE)
184 { 189 goto usage;
185 if (mode != CMD_NONE) goto usage;
186 mode = CMD_QUERY; 190 mode = CMD_QUERY;
187 } 191 } else if (strcmp(*argv, "-data") == 0) {
188 else if (strcmp(*argv, "-data") == 0) 192 if (argc-- < 1)
189 { 193 goto usage;
190 if (argc-- < 1) goto usage;
191 data = *++argv; 194 data = *++argv;
192 } 195 } else if (strcmp(*argv, "-digest") == 0) {
193 else if (strcmp(*argv, "-digest") == 0) 196 if (argc-- < 1)
194 { 197 goto usage;
195 if (argc-- < 1) goto usage;
196 digest = *++argv; 198 digest = *++argv;
197 } 199 } else if (strcmp(*argv, "-rand") == 0) {
198 else if (strcmp(*argv, "-rand") == 0) 200 if (argc-- < 1)
199 { 201 goto usage;
200 if (argc-- < 1) goto usage;
201 rnd = *++argv; 202 rnd = *++argv;
202 } 203 } else if (strcmp(*argv, "-policy") == 0) {
203 else if (strcmp(*argv, "-policy") == 0) 204 if (argc-- < 1)
204 { 205 goto usage;
205 if (argc-- < 1) goto usage;
206 policy = *++argv; 206 policy = *++argv;
207 } 207 } else if (strcmp(*argv, "-no_nonce") == 0) {
208 else if (strcmp(*argv, "-no_nonce") == 0)
209 {
210 no_nonce = 1; 208 no_nonce = 1;
211 } 209 } else if (strcmp(*argv, "-cert") == 0) {
212 else if (strcmp(*argv, "-cert") == 0)
213 {
214 cert = 1; 210 cert = 1;
215 } 211 } else if (strcmp(*argv, "-in") == 0) {
216 else if (strcmp(*argv, "-in") == 0) 212 if (argc-- < 1)
217 { 213 goto usage;
218 if (argc-- < 1) goto usage;
219 in = *++argv; 214 in = *++argv;
220 } 215 } else if (strcmp(*argv, "-token_in") == 0) {
221 else if (strcmp(*argv, "-token_in") == 0)
222 {
223 token_in = 1; 216 token_in = 1;
224 } 217 } else if (strcmp(*argv, "-out") == 0) {
225 else if (strcmp(*argv, "-out") == 0) 218 if (argc-- < 1)
226 { 219 goto usage;
227 if (argc-- < 1) goto usage;
228 out = *++argv; 220 out = *++argv;
229 } 221 } else if (strcmp(*argv, "-token_out") == 0) {
230 else if (strcmp(*argv, "-token_out") == 0)
231 {
232 token_out = 1; 222 token_out = 1;
233 } 223 } else if (strcmp(*argv, "-text") == 0) {
234 else if (strcmp(*argv, "-text") == 0)
235 {
236 text = 1; 224 text = 1;
237 } 225 } else if (strcmp(*argv, "-reply") == 0) {
238 else if (strcmp(*argv, "-reply") == 0) 226 if (mode != CMD_NONE)
239 { 227 goto usage;
240 if (mode != CMD_NONE) goto usage;
241 mode = CMD_REPLY; 228 mode = CMD_REPLY;
242 } 229 } else if (strcmp(*argv, "-queryfile") == 0) {
243 else if (strcmp(*argv, "-queryfile") == 0) 230 if (argc-- < 1)
244 { 231 goto usage;
245 if (argc-- < 1) goto usage;
246 queryfile = *++argv; 232 queryfile = *++argv;
247 } 233 } else if (strcmp(*argv, "-passin") == 0) {
248 else if (strcmp(*argv, "-passin") == 0) 234 if (argc-- < 1)
249 { 235 goto usage;
250 if (argc-- < 1) goto usage;
251 passin = *++argv; 236 passin = *++argv;
252 } 237 } else if (strcmp(*argv, "-inkey") == 0) {
253 else if (strcmp(*argv, "-inkey") == 0) 238 if (argc-- < 1)
254 { 239 goto usage;
255 if (argc-- < 1) goto usage;
256 inkey = *++argv; 240 inkey = *++argv;
257 } 241 } else if (strcmp(*argv, "-signer") == 0) {
258 else if (strcmp(*argv, "-signer") == 0) 242 if (argc-- < 1)
259 { 243 goto usage;
260 if (argc-- < 1) goto usage;
261 signer = *++argv; 244 signer = *++argv;
262 } 245 } else if (strcmp(*argv, "-chain") == 0) {
263 else if (strcmp(*argv, "-chain") == 0) 246 if (argc-- < 1)
264 { 247 goto usage;
265 if (argc-- < 1) goto usage;
266 chain = *++argv; 248 chain = *++argv;
267 } 249 } else if (strcmp(*argv, "-verify") == 0) {
268 else if (strcmp(*argv, "-verify") == 0) 250 if (mode != CMD_NONE)
269 { 251 goto usage;
270 if (mode != CMD_NONE) goto usage;
271 mode = CMD_VERIFY; 252 mode = CMD_VERIFY;
272 } 253 } else if (strcmp(*argv, "-CApath") == 0) {
273 else if (strcmp(*argv, "-CApath") == 0) 254 if (argc-- < 1)
274 { 255 goto usage;
275 if (argc-- < 1) goto usage;
276 ca_path = *++argv; 256 ca_path = *++argv;
277 } 257 } else if (strcmp(*argv, "-CAfile") == 0) {
278 else if (strcmp(*argv, "-CAfile") == 0) 258 if (argc-- < 1)
279 { 259 goto usage;
280 if (argc-- < 1) goto usage;
281 ca_file = *++argv; 260 ca_file = *++argv;
282 } 261 } else if (strcmp(*argv, "-untrusted") == 0) {
283 else if (strcmp(*argv, "-untrusted") == 0) 262 if (argc-- < 1)
284 { 263 goto usage;
285 if (argc-- < 1) goto usage;
286 untrusted = *++argv; 264 untrusted = *++argv;
287 } 265 } else if (strcmp(*argv, "-engine") == 0) {
288 else if (strcmp(*argv, "-engine") == 0) 266 if (argc-- < 1)
289 { 267 goto usage;
290 if (argc-- < 1) goto usage;
291 engine = *++argv; 268 engine = *++argv;
292 } 269 } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) {
293 else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
294 {
295 /* empty. */ 270 /* empty. */
296 } 271 } else
297 else
298 goto usage; 272 goto usage;
299 } 273 }
300 274
301 /* Seed the random number generator if it is going to be used. */ 275 /* Seed the random number generator if it is going to be used. */
302 if (mode == CMD_QUERY && !no_nonce) 276 if (mode == CMD_QUERY && !no_nonce) {
303 {
304 if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL) 277 if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
305 BIO_printf(bio_err, "warning, not much extra random " 278 BIO_printf(bio_err, "warning, not much extra random "
306 "data, consider using the -rand option\n"); 279 "data, consider using the -rand option\n");
307 if (rnd != NULL) 280 if (rnd != NULL)
308 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 281 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
309 app_RAND_load_files(rnd)); 282 app_RAND_load_files(rnd));
310 } 283 }
311
312 /* Get the password if required. */ 284 /* Get the password if required. */
313 if(mode == CMD_REPLY && passin && 285 if (mode == CMD_REPLY && passin &&
314 !app_passwd(bio_err, passin, NULL, &password, NULL)) 286 !app_passwd(bio_err, passin, NULL, &password, NULL)) {
315 { 287 BIO_printf(bio_err, "Error getting password.\n");
316 BIO_printf(bio_err,"Error getting password.\n");
317 goto cleanup; 288 goto cleanup;
318 } 289 }
319 290 /*
320 /* Check consistency of parameters and execute 291 * Check consistency of parameters and execute the appropriate
321 the appropriate function. */ 292 * function.
322 switch (mode) 293 */
323 { 294 switch (mode) {
324 case CMD_NONE: 295 case CMD_NONE:
325 goto usage; 296 goto usage;
326 case CMD_QUERY: 297 case CMD_QUERY:
327 /* Data file and message imprint cannot be specified 298 /*
328 at the same time. */ 299 * Data file and message imprint cannot be specified at the
300 * same time.
301 */
329 ret = data != NULL && digest != NULL; 302 ret = data != NULL && digest != NULL;
330 if (ret) goto usage; 303 if (ret)
304 goto usage;
331 /* Load the config file for possible policy OIDs. */ 305 /* Load the config file for possible policy OIDs. */
332 conf = load_config_file(configfile); 306 conf = load_config_file(configfile);
333 ret = !query_command(data, digest, md, policy, no_nonce, cert, 307 ret = !query_command(data, digest, md, policy, no_nonce, cert,
334 in, out, text); 308 in, out, text);
335 break; 309 break;
336 case CMD_REPLY: 310 case CMD_REPLY:
337 conf = load_config_file(configfile); 311 conf = load_config_file(configfile);
338 if (in == NULL) 312 if (in == NULL) {
339 {
340 ret = !(queryfile != NULL && conf != NULL && !token_in); 313 ret = !(queryfile != NULL && conf != NULL && !token_in);
341 if (ret) goto usage; 314 if (ret)
342 } 315 goto usage;
343 else 316 } else {
344 {
345 /* 'in' and 'queryfile' are exclusive. */ 317 /* 'in' and 'queryfile' are exclusive. */
346 ret = !(queryfile == NULL); 318 ret = !(queryfile == NULL);
347 if (ret) goto usage; 319 if (ret)
348 } 320 goto usage;
321 }
349 322
350 ret = !reply_command(conf, section, engine, queryfile, 323 ret = !reply_command(conf, section, engine, queryfile,
351 password, inkey, signer, chain, policy, 324 password, inkey, signer, chain, policy,
352 in, token_in, out, token_out, text); 325 in, token_in, out, token_out, text);
353 break; 326 break;
354 case CMD_VERIFY: 327 case CMD_VERIFY:
355 ret = !(((queryfile && !data && !digest) 328 ret = !(((queryfile && !data && !digest)
356 || (!queryfile && data && !digest) 329 || (!queryfile && data && !digest)
357 || (!queryfile && !data && digest)) 330 || (!queryfile && !data && digest))
358 && in != NULL); 331 && in != NULL);
359 if (ret) goto usage; 332 if (ret)
333 goto usage;
360 334
361 ret = !verify_command(data, digest, queryfile, in, token_in, 335 ret = !verify_command(data, digest, queryfile, in, token_in,
362 ca_path, ca_file, untrusted); 336 ca_path, ca_file, untrusted);
363 } 337 }
364 338
365 goto cleanup; 339 goto cleanup;
366 340
367 usage: 341usage:
368 BIO_printf(bio_err, "usage:\n" 342 BIO_printf(bio_err, "usage:\n"
369 "ts -query [-rand file%cfile%c...] [-config configfile] " 343 "ts -query [-rand file%cfile%c...] [-config configfile] "
370 "[-data file_to_hash] [-digest digest_bytes]" 344 "[-data file_to_hash] [-digest digest_bytes]"
371 "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " 345 "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
372 "[-policy object_id] [-no_nonce] [-cert] " 346 "[-policy object_id] [-no_nonce] [-cert] "
373 "[-in request.tsq] [-out request.tsq] [-text]\n", 347 "[-in request.tsq] [-out request.tsq] [-text]\n",
374 ':', ':'); 348 ':', ':');
375 BIO_printf(bio_err, "or\n" 349 BIO_printf(bio_err, "or\n"
376 "ts -reply [-config configfile] [-section tsa_section] " 350 "ts -reply [-config configfile] [-section tsa_section] "
377 "[-queryfile request.tsq] [-passin password] " 351 "[-queryfile request.tsq] [-passin password] "
378 "[-signer tsa_cert.pem] [-inkey private_key.pem] " 352 "[-signer tsa_cert.pem] [-inkey private_key.pem] "
379 "[-chain certs_file.pem] [-policy object_id] " 353 "[-chain certs_file.pem] [-policy object_id] "
380 "[-in response.tsr] [-token_in] " 354 "[-in response.tsr] [-token_in] "
381 "[-out response.tsr] [-token_out] [-text] [-engine id]\n"); 355 "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
382 BIO_printf(bio_err, "or\n" 356 BIO_printf(bio_err, "or\n"
383 "ts -verify [-data file_to_hash] [-digest digest_bytes] " 357 "ts -verify [-data file_to_hash] [-digest digest_bytes] "
384 "[-queryfile request.tsq] " 358 "[-queryfile request.tsq] "
385 "-in response.tsr [-token_in] " 359 "-in response.tsr [-token_in] "
386 "-CApath ca_path -CAfile ca_file.pem " 360 "-CApath ca_path -CAfile ca_file.pem "
387 "-untrusted cert_file.pem\n"); 361 "-untrusted cert_file.pem\n");
388 cleanup: 362cleanup:
389 /* Clean up. */ 363 /* Clean up. */
390 app_RAND_write_file(NULL, bio_err); 364 app_RAND_write_file(NULL, bio_err);
391 NCONF_free(conf); 365 NCONF_free(conf);
392 free(password); 366 free(password);
393 OBJ_cleanup(); 367 OBJ_cleanup();
394 if (free_bio_err) 368 if (free_bio_err) {
395 {
396 BIO_free_all(bio_err); 369 BIO_free_all(bio_err);
397 bio_err = NULL; 370 bio_err = NULL;
398 }
399
400 return(ret);
401 } 371 }
372 return (ret);
373}
402 374
403/* 375/*
404 * Configuration file-related function definitions. 376 * Configuration file-related function definitions.
405 */ 377 */
406 378
407static ASN1_OBJECT *txt2obj(const char *oid) 379static ASN1_OBJECT *
408 { 380txt2obj(const char *oid)
381{
409 ASN1_OBJECT *oid_obj = NULL; 382 ASN1_OBJECT *oid_obj = NULL;
410 383
411 if (!(oid_obj = OBJ_txt2obj(oid, 0))) 384 if (!(oid_obj = OBJ_txt2obj(oid, 0)))
412 BIO_printf(bio_err, "cannot convert %s to OID\n", oid); 385 BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
413 386
414 return oid_obj; 387 return oid_obj;
415 } 388}
416 389
417static CONF *load_config_file(const char *configfile) 390static CONF *
418 { 391load_config_file(const char *configfile)
392{
419 CONF *conf = NULL; 393 CONF *conf = NULL;
420 long errorline = -1; 394 long errorline = -1;
421 395
422 if (!configfile) configfile = getenv("OPENSSL_CONF"); 396 if (!configfile)
423 if (!configfile) configfile = getenv("SSLEAY_CONF"); 397 configfile = getenv("OPENSSL_CONF");
398 if (!configfile)
399 configfile = getenv("SSLEAY_CONF");
424 400
425 if (configfile && 401 if (configfile &&
426 (!(conf = NCONF_new(NULL)) || 402 (!(conf = NCONF_new(NULL)) ||
427 NCONF_load(conf, configfile, &errorline) <= 0)) 403 NCONF_load(conf, configfile, &errorline) <= 0)) {
428 {
429 if (errorline <= 0) 404 if (errorline <= 0)
430 BIO_printf(bio_err, "error loading the config file " 405 BIO_printf(bio_err, "error loading the config file "
431 "'%s'\n", configfile); 406 "'%s'\n", configfile);
432 else 407 else
433 BIO_printf(bio_err, "error on line %ld of config file " 408 BIO_printf(bio_err, "error on line %ld of config file "
434 "'%s'\n", errorline, configfile); 409 "'%s'\n", errorline, configfile);
435 } 410 }
436 411 if (conf != NULL) {
437 if (conf != NULL)
438 {
439 const char *p; 412 const char *p;
440 413
441 BIO_printf(bio_err,"Using configuration from %s\n", configfile); 414 BIO_printf(bio_err, "Using configuration from %s\n", configfile);
442 p = NCONF_get_string(conf, NULL, ENV_OID_FILE); 415 p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
443 if (p != NULL) 416 if (p != NULL) {
444 {
445 BIO *oid_bio = BIO_new_file(p, "r"); 417 BIO *oid_bio = BIO_new_file(p, "r");
446 if (!oid_bio) 418 if (!oid_bio)
447 ERR_print_errors(bio_err); 419 ERR_print_errors(bio_err);
448 else 420 else {
449 {
450 OBJ_create_objects(oid_bio); 421 OBJ_create_objects(oid_bio);
451 BIO_free_all(oid_bio); 422 BIO_free_all(oid_bio);
452 }
453 } 423 }
454 else 424 } else
455 ERR_clear_error(); 425 ERR_clear_error();
456 if(!add_oid_section(bio_err, conf)) 426 if (!add_oid_section(bio_err, conf))
457 ERR_print_errors(bio_err); 427 ERR_print_errors(bio_err);
458 }
459 return conf;
460 } 428 }
429 return conf;
430}
461 431
462/* 432/*
463 * Query-related method definitions. 433 * Query-related method definitions.
464 */ 434 */
465 435
466static int query_command(const char *data, char *digest, const EVP_MD *md, 436static int
467 const char *policy, int no_nonce, 437query_command(const char *data, char *digest, const EVP_MD * md,
468 int cert, const char *in, const char *out, int text) 438 const char *policy, int no_nonce,
469 { 439 int cert, const char *in, const char *out, int text)
440{
470 int ret = 0; 441 int ret = 0;
471 TS_REQ *query = NULL; 442 TS_REQ *query = NULL;
472 BIO *in_bio = NULL; 443 BIO *in_bio = NULL;
@@ -474,43 +445,39 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
474 BIO *out_bio = NULL; 445 BIO *out_bio = NULL;
475 446
476 /* Build query object either from file or from scratch. */ 447 /* Build query object either from file or from scratch. */
477 if (in != NULL) 448 if (in != NULL) {
478 { 449 if ((in_bio = BIO_new_file(in, "rb")) == NULL)
479 if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; 450 goto end;
480 query = d2i_TS_REQ_bio(in_bio, NULL); 451 query = d2i_TS_REQ_bio(in_bio, NULL);
481 } 452 } else {
482 else
483 {
484 /* Open the file if no explicit digest bytes were specified. */ 453 /* Open the file if no explicit digest bytes were specified. */
485 if (!digest 454 if (!digest
486 && !(data_bio = BIO_open_with_default(data, "rb", stdin))) 455 && !(data_bio = BIO_open_with_default(data, "rb", stdin)))
487 goto end; 456 goto end;
488 /* Creating the query object. */ 457 /* Creating the query object. */
489 query = create_query(data_bio, digest, md, 458 query = create_query(data_bio, digest, md,
490 policy, no_nonce, cert); 459 policy, no_nonce, cert);
491 /* Saving the random number generator state. */ 460 /* Saving the random number generator state. */
492 } 461 }
493 if (query == NULL) goto end; 462 if (query == NULL)
463 goto end;
494 464
495 /* Write query either in ASN.1 or in text format. */ 465 /* Write query either in ASN.1 or in text format. */
496 if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL) 466 if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
497 goto end; 467 goto end;
498 if (text) 468 if (text) {
499 {
500 /* Text output. */ 469 /* Text output. */
501 if (!TS_REQ_print_bio(out_bio, query)) 470 if (!TS_REQ_print_bio(out_bio, query))
502 goto end; 471 goto end;
503 } 472 } else {
504 else
505 {
506 /* ASN.1 output. */ 473 /* ASN.1 output. */
507 if (!i2d_TS_REQ_bio(out_bio, query)) 474 if (!i2d_TS_REQ_bio(out_bio, query))
508 goto end; 475 goto end;
509 } 476 }
510 477
511 ret = 1; 478 ret = 1;
512 479
513 end: 480end:
514 ERR_print_errors(bio_err); 481 ERR_print_errors(bio_err);
515 482
516 /* Clean up. */ 483 /* Clean up. */
@@ -520,19 +487,21 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
520 TS_REQ_free(query); 487 TS_REQ_free(query);
521 488
522 return ret; 489 return ret;
523 } 490}
524 491
525static BIO *BIO_open_with_default(const char *file, const char *mode, 492static BIO *
526 FILE *default_fp) 493BIO_open_with_default(const char *file, const char *mode,
527 { 494 FILE * default_fp)
528 return file == NULL ? 495{
529 BIO_new_fp(default_fp, BIO_NOCLOSE) 496 return file == NULL ?
530 : BIO_new_file(file, mode); 497 BIO_new_fp(default_fp, BIO_NOCLOSE)
531 } 498 : BIO_new_file(file, mode);
532 499}
533static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, 500
534 const char *policy, int no_nonce, int cert) 501static TS_REQ *
535 { 502create_query(BIO * data_bio, char *digest, const EVP_MD * md,
503 const char *policy, int no_nonce, int cert)
504{
536 int ret = 0; 505 int ret = 0;
537 TS_REQ *ts_req = NULL; 506 TS_REQ *ts_req = NULL;
538 int len; 507 int len;
@@ -543,139 +512,156 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
543 ASN1_INTEGER *nonce_asn1 = NULL; 512 ASN1_INTEGER *nonce_asn1 = NULL;
544 513
545 /* Setting default message digest. */ 514 /* Setting default message digest. */
546 if (!md && !(md = EVP_get_digestbyname("sha1"))) goto err; 515 if (!md && !(md = EVP_get_digestbyname("sha1")))
516 goto err;
547 517
548 /* Creating request object. */ 518 /* Creating request object. */
549 if (!(ts_req = TS_REQ_new())) goto err; 519 if (!(ts_req = TS_REQ_new()))
520 goto err;
550 521
551 /* Setting version. */ 522 /* Setting version. */
552 if (!TS_REQ_set_version(ts_req, 1)) goto err; 523 if (!TS_REQ_set_version(ts_req, 1))
524 goto err;
553 525
554 /* Creating and adding MSG_IMPRINT object. */ 526 /* Creating and adding MSG_IMPRINT object. */
555 if (!(msg_imprint = TS_MSG_IMPRINT_new())) goto err; 527 if (!(msg_imprint = TS_MSG_IMPRINT_new()))
528 goto err;
556 529
557 /* Adding algorithm. */ 530 /* Adding algorithm. */
558 if (!(algo = X509_ALGOR_new())) goto err; 531 if (!(algo = X509_ALGOR_new()))
559 if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) goto err; 532 goto err;
560 if (!(algo->parameter = ASN1_TYPE_new())) goto err; 533 if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))))
534 goto err;
535 if (!(algo->parameter = ASN1_TYPE_new()))
536 goto err;
561 algo->parameter->type = V_ASN1_NULL; 537 algo->parameter->type = V_ASN1_NULL;
562 if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err; 538 if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
539 goto err;
563 540
564 /* Adding message digest. */ 541 /* Adding message digest. */
565 if ((len = create_digest(data_bio, digest, md, &data)) == 0) 542 if ((len = create_digest(data_bio, digest, md, &data)) == 0)
566 goto err; 543 goto err;
567 if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) goto err; 544 if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
545 goto err;
546
547 if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
548 goto err;
568 549
569 if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err;
570
571 /* Setting policy if requested. */ 550 /* Setting policy if requested. */
572 if (policy && !(policy_obj = txt2obj(policy))) goto err; 551 if (policy && !(policy_obj = txt2obj(policy)))
573 if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err; 552 goto err;
553 if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
554 goto err;
574 555
575 /* Setting nonce if requested. */ 556 /* Setting nonce if requested. */
576 if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) goto err; 557 if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH)))
577 if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err; 558 goto err;
559 if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
560 goto err;
578 561
579 /* Setting certificate request flag if requested. */ 562 /* Setting certificate request flag if requested. */
580 if (!TS_REQ_set_cert_req(ts_req, cert)) goto err; 563 if (!TS_REQ_set_cert_req(ts_req, cert))
564 goto err;
581 565
582 ret = 1; 566 ret = 1;
583 err: 567err:
584 if (!ret) 568 if (!ret) {
585 {
586 TS_REQ_free(ts_req); 569 TS_REQ_free(ts_req);
587 ts_req = NULL; 570 ts_req = NULL;
588 BIO_printf(bio_err, "could not create query\n"); 571 BIO_printf(bio_err, "could not create query\n");
589 } 572 }
590 TS_MSG_IMPRINT_free(msg_imprint); 573 TS_MSG_IMPRINT_free(msg_imprint);
591 X509_ALGOR_free(algo); 574 X509_ALGOR_free(algo);
592 free(data); 575 free(data);
593 ASN1_OBJECT_free(policy_obj); 576 ASN1_OBJECT_free(policy_obj);
594 ASN1_INTEGER_free(nonce_asn1); 577 ASN1_INTEGER_free(nonce_asn1);
595 return ts_req; 578 return ts_req;
596 } 579}
597 580
598static int create_digest(BIO *input, char *digest, const EVP_MD *md, 581static int
599 unsigned char **md_value) 582create_digest(BIO * input, char *digest, const EVP_MD * md,
600 { 583 unsigned char **md_value)
584{
601 int md_value_len; 585 int md_value_len;
602 586
603 md_value_len = EVP_MD_size(md); 587 md_value_len = EVP_MD_size(md);
604 if (md_value_len < 0) 588 if (md_value_len < 0)
605 goto err; 589 goto err;
606 if (input) 590 if (input) {
607 {
608 /* Digest must be computed from an input file. */ 591 /* Digest must be computed from an input file. */
609 EVP_MD_CTX md_ctx; 592 EVP_MD_CTX md_ctx;
610 unsigned char buffer[4096]; 593 unsigned char buffer[4096];
611 int length; 594 int length;
612 595
613 *md_value = malloc(md_value_len); 596 *md_value = malloc(md_value_len);
614 if (*md_value == 0) goto err; 597 if (*md_value == 0)
598 goto err;
615 599
616 EVP_DigestInit(&md_ctx, md); 600 EVP_DigestInit(&md_ctx, md);
617 while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) 601 while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
618 {
619 EVP_DigestUpdate(&md_ctx, buffer, length); 602 EVP_DigestUpdate(&md_ctx, buffer, length);
620 }
621 EVP_DigestFinal(&md_ctx, *md_value, NULL);
622 } 603 }
623 else 604 EVP_DigestFinal(&md_ctx, *md_value, NULL);
624 { 605 } else {
625 /* Digest bytes are specified with digest. */ 606 /* Digest bytes are specified with digest. */
626 long digest_len; 607 long digest_len;
627 *md_value = string_to_hex(digest, &digest_len); 608 *md_value = string_to_hex(digest, &digest_len);
628 if (!*md_value || md_value_len != digest_len) 609 if (!*md_value || md_value_len != digest_len) {
629 {
630 free(*md_value); 610 free(*md_value);
631 *md_value = NULL; 611 *md_value = NULL;
632 BIO_printf(bio_err, "bad digest, %d bytes " 612 BIO_printf(bio_err, "bad digest, %d bytes "
633 "must be specified\n", md_value_len); 613 "must be specified\n", md_value_len);
634 goto err; 614 goto err;
635 }
636 } 615 }
616 }
637 617
638 return md_value_len; 618 return md_value_len;
639 err: 619err:
640 return 0; 620 return 0;
641 } 621}
642 622
643static ASN1_INTEGER *create_nonce(int bits) 623static ASN1_INTEGER *
644 { 624create_nonce(int bits)
625{
645 unsigned char buf[20]; 626 unsigned char buf[20];
646 ASN1_INTEGER *nonce = NULL; 627 ASN1_INTEGER *nonce = NULL;
647 int len = (bits - 1) / 8 + 1; 628 int len = (bits - 1) / 8 + 1;
648 int i; 629 int i;
649 630
650 /* Generating random byte sequence. */ 631 /* Generating random byte sequence. */
651 if (len > (int)sizeof(buf)) goto err; 632 if (len > (int) sizeof(buf))
652 if (RAND_bytes(buf, len) <= 0) goto err; 633 goto err;
634 if (RAND_bytes(buf, len) <= 0)
635 goto err;
653 636
654 /* Find the first non-zero byte and creating ASN1_INTEGER object. */ 637 /* Find the first non-zero byte and creating ASN1_INTEGER object. */
655 for (i = 0; i < len && !buf[i]; ++i); 638 for (i = 0; i < len && !buf[i]; ++i);
656 if (!(nonce = ASN1_INTEGER_new())) goto err; 639 if (!(nonce = ASN1_INTEGER_new()))
640 goto err;
657 free(nonce->data); 641 free(nonce->data);
658 /* Allocate at least one byte. */ 642 /* Allocate at least one byte. */
659 nonce->length = len - i; 643 nonce->length = len - i;
660 if (!(nonce->data = malloc(nonce->length + 1))) goto err; 644 if (!(nonce->data = malloc(nonce->length + 1)))
645 goto err;
661 memcpy(nonce->data, buf + i, nonce->length); 646 memcpy(nonce->data, buf + i, nonce->length);
662 647
663 return nonce; 648 return nonce;
664 err: 649err:
665 BIO_printf(bio_err, "could not create nonce\n"); 650 BIO_printf(bio_err, "could not create nonce\n");
666 ASN1_INTEGER_free(nonce); 651 ASN1_INTEGER_free(nonce);
667 return NULL; 652 return NULL;
668 } 653}
669/* 654/*
670 * Reply-related method definitions. 655 * Reply-related method definitions.
671 */ 656 */
672 657
673static int reply_command(CONF *conf, char *section, char *engine, 658static int
674 char *queryfile, char *passin, char *inkey, 659reply_command(CONF * conf, char *section, char *engine,
675 char *signer, char *chain, const char *policy, 660 char *queryfile, char *passin, char *inkey,
676 char *in, int token_in, 661 char *signer, char *chain, const char *policy,
677 char *out, int token_out, int text) 662 char *in, int token_in,
678 { 663 char *out, int token_out, int text)
664{
679 int ret = 0; 665 int ret = 0;
680 TS_RESP *response = NULL; 666 TS_RESP *response = NULL;
681 BIO *in_bio = NULL; 667 BIO *in_bio = NULL;
@@ -685,66 +671,59 @@ static int reply_command(CONF *conf, char *section, char *engine,
685 BIO *out_bio = NULL; 671 BIO *out_bio = NULL;
686 672
687 /* Build response object either from response or query. */ 673 /* Build response object either from response or query. */
688 if (in != NULL) 674 if (in != NULL) {
689 { 675 if ((in_bio = BIO_new_file(in, "rb")) == NULL)
690 if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; 676 goto end;
691 if (token_in) 677 if (token_in) {
692 { 678 /*
693 /* We have a ContentInfo (PKCS7) object, add 679 * We have a ContentInfo (PKCS7) object, add
694 'granted' status info around it. */ 680 * 'granted' status info around it.
681 */
695 response = read_PKCS7(in_bio); 682 response = read_PKCS7(in_bio);
696 } 683 } else {
697 else
698 {
699 /* We have a ready-made TS_RESP object. */ 684 /* We have a ready-made TS_RESP object. */
700 response = d2i_TS_RESP_bio(in_bio, NULL); 685 response = d2i_TS_RESP_bio(in_bio, NULL);
701 }
702 } 686 }
703 else 687 } else {
704 {
705 response = create_response(conf, section, engine, queryfile, 688 response = create_response(conf, section, engine, queryfile,
706 passin, inkey, signer, chain, 689 passin, inkey, signer, chain,
707 policy); 690 policy);
708 if (response) 691 if (response)
709 BIO_printf(bio_err, "Response has been generated.\n"); 692 BIO_printf(bio_err, "Response has been generated.\n");
710 else 693 else
711 BIO_printf(bio_err, "Response is not generated.\n"); 694 BIO_printf(bio_err, "Response is not generated.\n");
712 } 695 }
713 if (response == NULL) goto end; 696 if (response == NULL)
697 goto end;
714 698
715 /* Write response either in ASN.1 or text format. */ 699 /* Write response either in ASN.1 or text format. */
716 if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL) 700 if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
717 goto end; 701 goto end;
718 if (text) 702 if (text) {
719 {
720 /* Text output. */ 703 /* Text output. */
721 if (token_out) 704 if (token_out) {
722 {
723 TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); 705 TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
724 if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end; 706 if (!TS_TST_INFO_print_bio(out_bio, tst_info))
725 } 707 goto end;
726 else 708 } else {
727 { 709 if (!TS_RESP_print_bio(out_bio, response))
728 if (!TS_RESP_print_bio(out_bio, response)) goto end; 710 goto end;
729 }
730 } 711 }
731 else 712 } else {
732 {
733 /* ASN.1 DER output. */ 713 /* ASN.1 DER output. */
734 if (token_out) 714 if (token_out) {
735 {
736 PKCS7 *token = TS_RESP_get_token(response); 715 PKCS7 *token = TS_RESP_get_token(response);
737 if (!i2d_PKCS7_bio(out_bio, token)) goto end; 716 if (!i2d_PKCS7_bio(out_bio, token))
738 } 717 goto end;
739 else 718 } else {
740 { 719 if (!i2d_TS_RESP_bio(out_bio, response))
741 if (!i2d_TS_RESP_bio(out_bio, response)) goto end; 720 goto end;
742 }
743 } 721 }
722 }
744 723
745 ret = 1; 724 ret = 1;
746 725
747 end: 726end:
748 ERR_print_errors(bio_err); 727 ERR_print_errors(bio_err);
749 728
750 /* Clean up. */ 729 /* Clean up. */
@@ -756,11 +735,12 @@ static int reply_command(CONF *conf, char *section, char *engine,
756 TS_RESP_free(response); 735 TS_RESP_free(response);
757 736
758 return ret; 737 return ret;
759 } 738}
760 739
761/* Reads a PKCS7 token and adds default 'granted' status info to it. */ 740/* Reads a PKCS7 token and adds default 'granted' status info to it. */
762static TS_RESP *read_PKCS7(BIO *in_bio) 741static TS_RESP *
763 { 742read_PKCS7(BIO * in_bio)
743{
764 int ret = 0; 744 int ret = 0;
765 PKCS7 *token = NULL; 745 PKCS7 *token = NULL;
766 TS_TST_INFO *tst_info = NULL; 746 TS_TST_INFO *tst_info = NULL;
@@ -768,16 +748,22 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
768 TS_STATUS_INFO *si = NULL; 748 TS_STATUS_INFO *si = NULL;
769 749
770 /* Read PKCS7 object and extract the signed time stamp info. */ 750 /* Read PKCS7 object and extract the signed time stamp info. */
771 if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end; 751 if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
772 if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) goto end; 752 goto end;
753 if (!(tst_info = PKCS7_to_TS_TST_INFO(token)))
754 goto end;
773 755
774 /* Creating response object. */ 756 /* Creating response object. */
775 if (!(resp = TS_RESP_new())) goto end; 757 if (!(resp = TS_RESP_new()))
758 goto end;
776 759
777 /* Create granted status info. */ 760 /* Create granted status info. */
778 if (!(si = TS_STATUS_INFO_new())) goto end; 761 if (!(si = TS_STATUS_INFO_new()))
779 if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) goto end; 762 goto end;
780 if (!TS_RESP_set_status_info(resp, si)) goto end; 763 if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED)))
764 goto end;
765 if (!TS_RESP_set_status_info(resp, si))
766 goto end;
781 767
782 /* Setting encapsulated token. */ 768 /* Setting encapsulated token. */
783 TS_RESP_set_tst_info(resp, token, tst_info); 769 TS_RESP_set_tst_info(resp, token, tst_info);
@@ -785,22 +771,22 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
785 tst_info = NULL; /* Ownership is lost. */ 771 tst_info = NULL; /* Ownership is lost. */
786 772
787 ret = 1; 773 ret = 1;
788 end: 774end:
789 PKCS7_free(token); 775 PKCS7_free(token);
790 TS_TST_INFO_free(tst_info); 776 TS_TST_INFO_free(tst_info);
791 if (!ret) 777 if (!ret) {
792 {
793 TS_RESP_free(resp); 778 TS_RESP_free(resp);
794 resp = NULL; 779 resp = NULL;
795 } 780 }
796 TS_STATUS_INFO_free(si); 781 TS_STATUS_INFO_free(si);
797 return resp; 782 return resp;
798 } 783}
799 784
800static TS_RESP *create_response(CONF *conf, const char *section, char *engine, 785static TS_RESP *
801 char *queryfile, char *passin, char *inkey, 786create_response(CONF * conf, const char *section, char *engine,
802 char *signer, char *chain, const char *policy) 787 char *queryfile, char *passin, char *inkey,
803 { 788 char *signer, char *chain, const char *policy)
789{
804 int ret = 0; 790 int ret = 0;
805 TS_RESP *response = NULL; 791 TS_RESP *response = NULL;
806 BIO *query_bio = NULL; 792 BIO *query_bio = NULL;
@@ -814,154 +800,170 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
814 goto end; 800 goto end;
815 801
816 /* Setting up response generation context. */ 802 /* Setting up response generation context. */
817 if (!(resp_ctx = TS_RESP_CTX_new())) goto end; 803 if (!(resp_ctx = TS_RESP_CTX_new()))
804 goto end;
818 805
819 /* Setting serial number provider callback. */ 806 /* Setting serial number provider callback. */
820 if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end; 807 if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
808 goto end;
821#ifndef OPENSSL_NO_ENGINE 809#ifndef OPENSSL_NO_ENGINE
822 /* Setting default OpenSSL engine. */ 810 /* Setting default OpenSSL engine. */
823 if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end; 811 if (!TS_CONF_set_crypto_device(conf, section, engine))
812 goto end;
824#endif 813#endif
825 814
826 /* Setting TSA signer certificate. */ 815 /* Setting TSA signer certificate. */
827 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end; 816 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
817 goto end;
828 818
829 /* Setting TSA signer certificate chain. */ 819 /* Setting TSA signer certificate chain. */
830 if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) goto end; 820 if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
821 goto end;
831 822
832 /* Setting TSA signer private key. */ 823 /* Setting TSA signer private key. */
833 if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) 824 if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
834 goto end; 825 goto end;
835 826
836 /* Setting default policy OID. */ 827 /* Setting default policy OID. */
837 if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end; 828 if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
829 goto end;
838 830
839 /* Setting acceptable policy OIDs. */ 831 /* Setting acceptable policy OIDs. */
840 if (!TS_CONF_set_policies(conf, section, resp_ctx)) goto end; 832 if (!TS_CONF_set_policies(conf, section, resp_ctx))
833 goto end;
841 834
842 /* Setting the acceptable one-way hash algorithms. */ 835 /* Setting the acceptable one-way hash algorithms. */
843 if (!TS_CONF_set_digests(conf, section, resp_ctx)) goto end; 836 if (!TS_CONF_set_digests(conf, section, resp_ctx))
837 goto end;
844 838
845 /* Setting guaranteed time stamp accuracy. */ 839 /* Setting guaranteed time stamp accuracy. */
846 if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) goto end; 840 if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
841 goto end;
847 842
848 /* Setting the precision of the time. */ 843 /* Setting the precision of the time. */
849 if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx)) 844 if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
850 goto end; 845 goto end;
851 846
852 /* Setting the ordering flaf if requested. */ 847 /* Setting the ordering flaf if requested. */
853 if (!TS_CONF_set_ordering(conf, section, resp_ctx)) goto end; 848 if (!TS_CONF_set_ordering(conf, section, resp_ctx))
849 goto end;
854 850
855 /* Setting the TSA name required flag if requested. */ 851 /* Setting the TSA name required flag if requested. */
856 if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) goto end; 852 if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
853 goto end;
857 854
858 /* Setting the ESS cert id chain flag if requested. */ 855 /* Setting the ESS cert id chain flag if requested. */
859 if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) goto end; 856 if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
857 goto end;
860 858
861 /* Creating the response. */ 859 /* Creating the response. */
862 if (!(response = TS_RESP_create_response(resp_ctx, query_bio))) 860 if (!(response = TS_RESP_create_response(resp_ctx, query_bio)))
863 goto end; 861 goto end;
864 862
865 ret = 1; 863 ret = 1;
866 end: 864end:
867 if (!ret) 865 if (!ret) {
868 {
869 TS_RESP_free(response); 866 TS_RESP_free(response);
870 response = NULL; 867 response = NULL;
871 } 868 }
872 TS_RESP_CTX_free(resp_ctx); 869 TS_RESP_CTX_free(resp_ctx);
873 BIO_free_all(query_bio); 870 BIO_free_all(query_bio);
874 871
875 return response; 872 return response;
876 } 873}
877 874
878static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data) 875static ASN1_INTEGER *
879 { 876serial_cb(TS_RESP_CTX * ctx, void *data)
877{
880 const char *serial_file = (const char *) data; 878 const char *serial_file = (const char *) data;
881 ASN1_INTEGER *serial = next_serial(serial_file); 879 ASN1_INTEGER *serial = next_serial(serial_file);
882 880
883 if (!serial) 881 if (!serial) {
884 {
885 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 882 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
886 "Error during serial number " 883 "Error during serial number "
887 "generation."); 884 "generation.");
888 TS_RESP_CTX_add_failure_info(ctx, 885 TS_RESP_CTX_add_failure_info(ctx,
889 TS_INFO_ADD_INFO_NOT_AVAILABLE); 886 TS_INFO_ADD_INFO_NOT_AVAILABLE);
890 } 887 } else
891 else
892 save_ts_serial(serial_file, serial); 888 save_ts_serial(serial_file, serial);
893 889
894 return serial; 890 return serial;
895 } 891}
896 892
897static ASN1_INTEGER *next_serial(const char *serialfile) 893static ASN1_INTEGER *
898 { 894next_serial(const char *serialfile)
895{
899 int ret = 0; 896 int ret = 0;
900 BIO *in = NULL; 897 BIO *in = NULL;
901 ASN1_INTEGER *serial = NULL; 898 ASN1_INTEGER *serial = NULL;
902 BIGNUM *bn = NULL; 899 BIGNUM *bn = NULL;
903 900
904 if (!(serial = ASN1_INTEGER_new())) goto err; 901 if (!(serial = ASN1_INTEGER_new()))
902 goto err;
905 903
906 if (!(in = BIO_new_file(serialfile, "r"))) 904 if (!(in = BIO_new_file(serialfile, "r"))) {
907 {
908 ERR_clear_error(); 905 ERR_clear_error();
909 BIO_printf(bio_err, "Warning: could not open file %s for " 906 BIO_printf(bio_err, "Warning: could not open file %s for "
910 "reading, using serial number: 1\n", serialfile); 907 "reading, using serial number: 1\n", serialfile);
911 if (!ASN1_INTEGER_set(serial, 1)) goto err; 908 if (!ASN1_INTEGER_set(serial, 1))
912 } 909 goto err;
913 else 910 } else {
914 {
915 char buf[1024]; 911 char buf[1024];
916 if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) 912 if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
917 {
918 BIO_printf(bio_err, "unable to load number from %s\n", 913 BIO_printf(bio_err, "unable to load number from %s\n",
919 serialfile); 914 serialfile);
915 goto err;
916 }
917 if (!(bn = ASN1_INTEGER_to_BN(serial, NULL)))
920 goto err; 918 goto err;
921 }
922 if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) goto err;
923 ASN1_INTEGER_free(serial); 919 ASN1_INTEGER_free(serial);
924 serial = NULL; 920 serial = NULL;
925 if (!BN_add_word(bn, 1)) goto err; 921 if (!BN_add_word(bn, 1))
926 if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) goto err; 922 goto err;
927 } 923 if (!(serial = BN_to_ASN1_INTEGER(bn, NULL)))
924 goto err;
925 }
928 ret = 1; 926 ret = 1;
929 err: 927err:
930 if (!ret) 928 if (!ret) {
931 {
932 ASN1_INTEGER_free(serial); 929 ASN1_INTEGER_free(serial);
933 serial = NULL; 930 serial = NULL;
934 } 931 }
935 BIO_free_all(in); 932 BIO_free_all(in);
936 BN_free(bn); 933 BN_free(bn);
937 return serial; 934 return serial;
938 } 935}
939 936
940static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) 937static int
941 { 938save_ts_serial(const char *serialfile, ASN1_INTEGER * serial)
939{
942 int ret = 0; 940 int ret = 0;
943 BIO *out = NULL; 941 BIO *out = NULL;
944 942
945 if (!(out = BIO_new_file(serialfile, "w"))) goto err; 943 if (!(out = BIO_new_file(serialfile, "w")))
946 if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err; 944 goto err;
947 if (BIO_puts(out, "\n") <= 0) goto err; 945 if (i2a_ASN1_INTEGER(out, serial) <= 0)
946 goto err;
947 if (BIO_puts(out, "\n") <= 0)
948 goto err;
948 ret = 1; 949 ret = 1;
949 err: 950err:
950 if (!ret) 951 if (!ret)
951 BIO_printf(bio_err, "could not save serial number to %s\n", 952 BIO_printf(bio_err, "could not save serial number to %s\n",
952 serialfile); 953 serialfile);
953 BIO_free_all(out); 954 BIO_free_all(out);
954 return ret; 955 return ret;
955 } 956}
956 957
957/* 958/*
958 * Verify-related method definitions. 959 * Verify-related method definitions.
959 */ 960 */
960 961
961static int verify_command(char *data, char *digest, char *queryfile, 962static int
962 char *in, int token_in, 963verify_command(char *data, char *digest, char *queryfile,
963 char *ca_path, char *ca_file, char *untrusted) 964 char *in, int token_in,
964 { 965 char *ca_path, char *ca_file, char *untrusted)
966{
965 BIO *in_bio = NULL; 967 BIO *in_bio = NULL;
966 PKCS7 *token = NULL; 968 PKCS7 *token = NULL;
967 TS_RESP *response = NULL; 969 TS_RESP *response = NULL;
@@ -969,112 +971,111 @@ static int verify_command(char *data, char *digest, char *queryfile,
969 int ret = 0; 971 int ret = 0;
970 972
971 /* Decode the token (PKCS7) or response (TS_RESP) files. */ 973 /* Decode the token (PKCS7) or response (TS_RESP) files. */
972 if (!(in_bio = BIO_new_file(in, "rb"))) goto end; 974 if (!(in_bio = BIO_new_file(in, "rb")))
973 if (token_in) 975 goto end;
974 { 976 if (token_in) {
975 if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end; 977 if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
976 } 978 goto end;
977 else 979 } else {
978 { 980 if (!(response = d2i_TS_RESP_bio(in_bio, NULL)))
979 if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end; 981 goto end;
980 } 982 }
981 983
982 if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, 984 if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
983 ca_path, ca_file, untrusted))) 985 ca_path, ca_file, untrusted)))
984 goto end; 986 goto end;
985 987
986 /* Checking the token or response against the request. */ 988 /* Checking the token or response against the request. */
987 ret = token_in ? 989 ret = token_in ?
988 TS_RESP_verify_token(verify_ctx, token) : 990 TS_RESP_verify_token(verify_ctx, token) :
989 TS_RESP_verify_response(verify_ctx, response); 991 TS_RESP_verify_response(verify_ctx, response);
990 992
991 end: 993end:
992 printf("Verification: "); 994 printf("Verification: ");
993 if (ret) 995 if (ret)
994 printf("OK\n"); 996 printf("OK\n");
995 else 997 else {
996 {
997 printf("FAILED\n"); 998 printf("FAILED\n");
998 /* Print errors, if there are any. */ 999 /* Print errors, if there are any. */
999 ERR_print_errors(bio_err); 1000 ERR_print_errors(bio_err);
1000 } 1001 }
1001 1002
1002 /* Clean up. */ 1003 /* Clean up. */
1003 BIO_free_all(in_bio); 1004 BIO_free_all(in_bio);
1004 PKCS7_free(token); 1005 PKCS7_free(token);
1005 TS_RESP_free(response); 1006 TS_RESP_free(response);
1006 TS_VERIFY_CTX_free(verify_ctx); 1007 TS_VERIFY_CTX_free(verify_ctx);
1007 return ret; 1008 return ret;
1008 } 1009}
1009 1010
1010static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, 1011static TS_VERIFY_CTX *
1011 char *queryfile, 1012create_verify_ctx(char *data, char *digest,
1012 char *ca_path, char *ca_file, 1013 char *queryfile,
1013 char *untrusted) 1014 char *ca_path, char *ca_file,
1014 { 1015 char *untrusted)
1016{
1015 TS_VERIFY_CTX *ctx = NULL; 1017 TS_VERIFY_CTX *ctx = NULL;
1016 BIO *input = NULL; 1018 BIO *input = NULL;
1017 TS_REQ *request = NULL; 1019 TS_REQ *request = NULL;
1018 int ret = 0; 1020 int ret = 0;
1019 1021
1020 if (data != NULL || digest != NULL) 1022 if (data != NULL || digest != NULL) {
1021 { 1023 if (!(ctx = TS_VERIFY_CTX_new()))
1022 if (!(ctx = TS_VERIFY_CTX_new())) goto err; 1024 goto err;
1023 ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; 1025 ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
1024 if (data != NULL) 1026 if (data != NULL) {
1025 {
1026 ctx->flags |= TS_VFY_DATA; 1027 ctx->flags |= TS_VFY_DATA;
1027 if (!(ctx->data = BIO_new_file(data, "rb"))) goto err; 1028 if (!(ctx->data = BIO_new_file(data, "rb")))
1028 } 1029 goto err;
1029 else if (digest != NULL) 1030 } else if (digest != NULL) {
1030 {
1031 long imprint_len; 1031 long imprint_len;
1032 ctx->flags |= TS_VFY_IMPRINT; 1032 ctx->flags |= TS_VFY_IMPRINT;
1033 if (!(ctx->imprint = string_to_hex(digest, 1033 if (!(ctx->imprint = string_to_hex(digest,
1034 &imprint_len))) 1034 &imprint_len))) {
1035 {
1036 BIO_printf(bio_err, "invalid digest string\n"); 1035 BIO_printf(bio_err, "invalid digest string\n");
1037 goto err; 1036 goto err;
1038 }
1039 ctx->imprint_len = imprint_len;
1040 } 1037 }
1041 1038 ctx->imprint_len = imprint_len;
1042 }
1043 else if (queryfile != NULL)
1044 {
1045 /* The request has just to be read, decoded and converted to
1046 a verify context object. */
1047 if (!(input = BIO_new_file(queryfile, "rb"))) goto err;
1048 if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
1049 if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
1050 } 1039 }
1051 else 1040 } else if (queryfile != NULL) {
1041 /*
1042 * The request has just to be read, decoded and converted to
1043 * a verify context object.
1044 */
1045 if (!(input = BIO_new_file(queryfile, "rb")))
1046 goto err;
1047 if (!(request = d2i_TS_REQ_bio(input, NULL)))
1048 goto err;
1049 if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)))
1050 goto err;
1051 } else
1052 return NULL; 1052 return NULL;
1053 1053
1054 /* Add the signature verification flag and arguments. */ 1054 /* Add the signature verification flag and arguments. */
1055 ctx->flags |= TS_VFY_SIGNATURE; 1055 ctx->flags |= TS_VFY_SIGNATURE;
1056 1056
1057 /* Initialising the X509_STORE object. */ 1057 /* Initialising the X509_STORE object. */
1058 if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err; 1058 if (!(ctx->store = create_cert_store(ca_path, ca_file)))
1059 goto err;
1059 1060
1060 /* Loading untrusted certificates. */ 1061 /* Loading untrusted certificates. */
1061 if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) 1062 if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
1062 goto err; 1063 goto err;
1063 1064
1064 ret = 1; 1065 ret = 1;
1065 err: 1066err:
1066 if (!ret) 1067 if (!ret) {
1067 {
1068 TS_VERIFY_CTX_free(ctx); 1068 TS_VERIFY_CTX_free(ctx);
1069 ctx = NULL; 1069 ctx = NULL;
1070 } 1070 }
1071 BIO_free_all(input); 1071 BIO_free_all(input);
1072 TS_REQ_free(request); 1072 TS_REQ_free(request);
1073 return ctx; 1073 return ctx;
1074 } 1074}
1075 1075
1076static X509_STORE *create_cert_store(char *ca_path, char *ca_file) 1076static X509_STORE *
1077 { 1077create_cert_store(char *ca_path, char *ca_file)
1078{
1078 X509_STORE *cert_ctx = NULL; 1079 X509_STORE *cert_ctx = NULL;
1079 X509_LOOKUP *lookup = NULL; 1080 X509_LOOKUP *lookup = NULL;
1080 int i; 1081 int i;
@@ -1086,49 +1087,42 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
1086 X509_STORE_set_verify_cb(cert_ctx, verify_cb); 1087 X509_STORE_set_verify_cb(cert_ctx, verify_cb);
1087 1088
1088 /* Adding a trusted certificate directory source. */ 1089 /* Adding a trusted certificate directory source. */
1089 if (ca_path) 1090 if (ca_path) {
1090 {
1091 lookup = X509_STORE_add_lookup(cert_ctx, 1091 lookup = X509_STORE_add_lookup(cert_ctx,
1092 X509_LOOKUP_hash_dir()); 1092 X509_LOOKUP_hash_dir());
1093 if (lookup == NULL) 1093 if (lookup == NULL) {
1094 {
1095 BIO_printf(bio_err, "memory allocation failure\n"); 1094 BIO_printf(bio_err, "memory allocation failure\n");
1096 goto err; 1095 goto err;
1097 } 1096 }
1098 i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM); 1097 i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM);
1099 if (!i) 1098 if (!i) {
1100 {
1101 BIO_printf(bio_err, "Error loading directory %s\n", 1099 BIO_printf(bio_err, "Error loading directory %s\n",
1102 ca_path); 1100 ca_path);
1103 goto err; 1101 goto err;
1104 }
1105 } 1102 }
1106 1103 }
1107 /* Adding a trusted certificate file source. */ 1104 /* Adding a trusted certificate file source. */
1108 if (ca_file) 1105 if (ca_file) {
1109 {
1110 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); 1106 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
1111 if (lookup == NULL) 1107 if (lookup == NULL) {
1112 {
1113 BIO_printf(bio_err, "memory allocation failure\n"); 1108 BIO_printf(bio_err, "memory allocation failure\n");
1114 goto err; 1109 goto err;
1115 } 1110 }
1116 i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM); 1111 i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM);
1117 if (!i) 1112 if (!i) {
1118 {
1119 BIO_printf(bio_err, "Error loading file %s\n", ca_file); 1113 BIO_printf(bio_err, "Error loading file %s\n", ca_file);
1120 goto err; 1114 goto err;
1121 }
1122 } 1115 }
1123 1116 }
1124 return cert_ctx; 1117 return cert_ctx;
1125 err: 1118err:
1126 X509_STORE_free(cert_ctx); 1119 X509_STORE_free(cert_ctx);
1127 return NULL; 1120 return NULL;
1128 } 1121}
1129 1122
1130static int verify_cb(int ok, X509_STORE_CTX *ctx) 1123static int
1131 { 1124verify_cb(int ok, X509_STORE_CTX * ctx)
1125{
1132 /* 1126 /*
1133 char buf[256]; 1127 char buf[256];
1134 1128
@@ -1144,4 +1138,4 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
1144 */ 1138 */
1145 1139
1146 return ok; 1140 return ok;
1147 } 1141}
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
index ebd314d7cc..3bb746a25e 100644
--- a/src/lib/libssl/src/apps/verify.c
+++ b/src/lib/libssl/src/apps/verify.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,294 +69,281 @@
69#undef PROG 69#undef PROG
70#define PROG verify_main 70#define PROG verify_main
71 71
72static int cb(int ok, X509_STORE_CTX *ctx); 72static int cb(int ok, X509_STORE_CTX * ctx);
73static int check(X509_STORE *ctx, char *file, 73static int
74 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, 74check(X509_STORE * ctx, char *file,
75 STACK_OF(X509_CRL) *crls, ENGINE *e); 75 STACK_OF(X509) * uchain, STACK_OF(X509) * tchain,
76static int v_verbose=0, vflags = 0; 76 STACK_OF(X509_CRL) * crls, ENGINE * e);
77 static int v_verbose = 0, vflags = 0;
77 78
78int MAIN(int, char **); 79 int MAIN(int, char **);
79 80
80int MAIN(int argc, char **argv) 81 int MAIN(int argc, char **argv)
81 { 82{
82 ENGINE *e = NULL; 83 ENGINE *e = NULL;
83 int i,ret=1, badarg = 0; 84 int i, ret = 1, badarg = 0;
84 char *CApath=NULL,*CAfile=NULL; 85 char *CApath = NULL, *CAfile = NULL;
85 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; 86 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
86 STACK_OF(X509) *untrusted = NULL, *trusted = NULL; 87 STACK_OF(X509) * untrusted = NULL, *trusted = NULL;
87 STACK_OF(X509_CRL) *crls = NULL; 88 STACK_OF(X509_CRL) * crls = NULL;
88 X509_STORE *cert_ctx=NULL; 89 X509_STORE *cert_ctx = NULL;
89 X509_LOOKUP *lookup=NULL; 90 X509_LOOKUP *lookup = NULL;
90 X509_VERIFY_PARAM *vpm = NULL; 91 X509_VERIFY_PARAM *vpm = NULL;
91#ifndef OPENSSL_NO_ENGINE 92#ifndef OPENSSL_NO_ENGINE
92 char *engine=NULL; 93 char *engine = NULL;
93#endif 94#endif
94 95
95 cert_ctx=X509_STORE_new(); 96 cert_ctx = X509_STORE_new();
96 if (cert_ctx == NULL) goto end; 97 if (cert_ctx == NULL)
97 X509_STORE_set_verify_cb(cert_ctx,cb); 98 goto end;
99 X509_STORE_set_verify_cb(cert_ctx, cb);
98 100
99 ERR_load_crypto_strings(); 101 ERR_load_crypto_strings();
100 102
101 apps_startup(); 103 apps_startup();
102 104
103 if (bio_err == NULL) 105 if (bio_err == NULL)
104 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 106 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
105 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 107 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
106 108
107 if (!load_config(bio_err, NULL)) 109 if (!load_config(bio_err, NULL))
108 goto end; 110 goto end;
109 111
110 argc--; 112 argc--;
111 argv++; 113 argv++;
112 for (;;) 114 for (;;) {
113 { 115 if (argc >= 1) {
114 if (argc >= 1) 116 if (strcmp(*argv, "-CApath") == 0) {
115 { 117 if (argc-- < 1)
116 if (strcmp(*argv,"-CApath") == 0) 118 goto end;
117 { 119 CApath = *(++argv);
118 if (argc-- < 1) goto end; 120 } else if (strcmp(*argv, "-CAfile") == 0) {
119 CApath= *(++argv); 121 if (argc-- < 1)
120 } 122 goto end;
121 else if (strcmp(*argv,"-CAfile") == 0) 123 CAfile = *(++argv);
122 { 124 } else if (args_verify(&argv, &argc, &badarg, bio_err,
123 if (argc-- < 1) goto end; 125 &vpm)) {
124 CAfile= *(++argv);
125 }
126 else if (args_verify(&argv, &argc, &badarg, bio_err,
127 &vpm))
128 {
129 if (badarg) 126 if (badarg)
130 goto end; 127 goto end;
131 continue; 128 continue;
132 } 129 } else if (strcmp(*argv, "-untrusted") == 0) {
133 else if (strcmp(*argv,"-untrusted") == 0) 130 if (argc-- < 1)
134 { 131 goto end;
135 if (argc-- < 1) goto end; 132 untfile = *(++argv);
136 untfile= *(++argv); 133 } else if (strcmp(*argv, "-trusted") == 0) {
137 } 134 if (argc-- < 1)
138 else if (strcmp(*argv,"-trusted") == 0) 135 goto end;
139 { 136 trustfile = *(++argv);
140 if (argc-- < 1) goto end; 137 } else if (strcmp(*argv, "-CRLfile") == 0) {
141 trustfile= *(++argv); 138 if (argc-- < 1)
142 } 139 goto end;
143 else if (strcmp(*argv,"-CRLfile") == 0) 140 crlfile = *(++argv);
144 { 141 }
145 if (argc-- < 1) goto end;
146 crlfile= *(++argv);
147 }
148#ifndef OPENSSL_NO_ENGINE 142#ifndef OPENSSL_NO_ENGINE
149 else if (strcmp(*argv,"-engine") == 0) 143 else if (strcmp(*argv, "-engine") == 0) {
150 { 144 if (--argc < 1)
151 if (--argc < 1) goto end; 145 goto end;
152 engine= *(++argv); 146 engine = *(++argv);
153 } 147 }
154#endif 148#endif
155 else if (strcmp(*argv,"-help") == 0) 149 else if (strcmp(*argv, "-help") == 0)
156 goto end; 150 goto end;
157 else if (strcmp(*argv,"-verbose") == 0) 151 else if (strcmp(*argv, "-verbose") == 0)
158 v_verbose=1; 152 v_verbose = 1;
159 else if (argv[0][0] == '-') 153 else if (argv[0][0] == '-')
160 goto end; 154 goto end;
161 else 155 else
162 break; 156 break;
163 argc--; 157 argc--;
164 argv++; 158 argv++;
165 } 159 } else
166 else
167 break; 160 break;
168 } 161 }
169 162
170#ifndef OPENSSL_NO_ENGINE 163#ifndef OPENSSL_NO_ENGINE
171 e = setup_engine(bio_err, engine, 0); 164 e = setup_engine(bio_err, engine, 0);
172#endif 165#endif
173 166
174 if (vpm) 167 if (vpm)
175 X509_STORE_set1_param(cert_ctx, vpm); 168 X509_STORE_set1_param(cert_ctx, vpm);
176 169
177 lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); 170 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
178 if (lookup == NULL) abort(); 171 if (lookup == NULL)
172 abort();
179 if (CAfile) { 173 if (CAfile) {
180 i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM); 174 i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
181 if(!i) { 175 if (!i) {
182 BIO_printf(bio_err, "Error loading file %s\n", CAfile); 176 BIO_printf(bio_err, "Error loading file %s\n", CAfile);
183 ERR_print_errors(bio_err); 177 ERR_print_errors(bio_err);
184 goto end; 178 goto end;
185 } 179 }
186 } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); 180 } else
187 181 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
188 lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()); 182
189 if (lookup == NULL) abort(); 183 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
184 if (lookup == NULL)
185 abort();
190 if (CApath) { 186 if (CApath) {
191 i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM); 187 i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
192 if(!i) { 188 if (!i) {
193 BIO_printf(bio_err, "Error loading directory %s\n", CApath); 189 BIO_printf(bio_err, "Error loading directory %s\n", CApath);
194 ERR_print_errors(bio_err); 190 ERR_print_errors(bio_err);
195 goto end; 191 goto end;
196 } 192 }
197 } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); 193 } else
194 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
198 195
199 ERR_clear_error(); 196 ERR_clear_error();
200 197
201 if(untfile) 198 if (untfile) {
202 {
203 untrusted = load_certs(bio_err, untfile, FORMAT_PEM, 199 untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
204 NULL, e, "untrusted certificates"); 200 NULL, e, "untrusted certificates");
205 if(!untrusted) 201 if (!untrusted)
206 goto end; 202 goto end;
207 } 203 }
208 204 if (trustfile) {
209 if(trustfile)
210 {
211 trusted = load_certs(bio_err, trustfile, FORMAT_PEM, 205 trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
212 NULL, e, "trusted certificates"); 206 NULL, e, "trusted certificates");
213 if(!trusted) 207 if (!trusted)
214 goto end; 208 goto end;
215 } 209 }
216 210 if (crlfile) {
217 if(crlfile)
218 {
219 crls = load_crls(bio_err, crlfile, FORMAT_PEM, 211 crls = load_crls(bio_err, crlfile, FORMAT_PEM,
220 NULL, e, "other CRLs"); 212 NULL, e, "other CRLs");
221 if(!crls) 213 if (!crls)
222 goto end; 214 goto end;
223 } 215 }
224
225 ret = 0; 216 ret = 0;
226 if (argc < 1) 217 if (argc < 1) {
227 {
228 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) 218 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
229 ret = -1; 219 ret = -1;
230 } 220 } else {
231 else 221 for (i = 0; i < argc; i++)
232 { 222 if (1 != check(cert_ctx, argv[i], untrusted, trusted, crls, e))
233 for (i=0; i<argc; i++)
234 if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
235 ret = -1; 223 ret = -1;
236 } 224 }
237 225
238end: 226end:
239 if (ret == 1) { 227 if (ret == 1) {
240 BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); 228 BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
241 BIO_printf(bio_err," [-attime timestamp]"); 229 BIO_printf(bio_err, " [-attime timestamp]");
242#ifndef OPENSSL_NO_ENGINE 230#ifndef OPENSSL_NO_ENGINE
243 BIO_printf(bio_err," [-engine e]"); 231 BIO_printf(bio_err, " [-engine e]");
244#endif 232#endif
245 BIO_printf(bio_err," cert1 cert2 ...\n"); 233 BIO_printf(bio_err, " cert1 cert2 ...\n");
246 234
247 BIO_printf(bio_err,"recognized usages:\n"); 235 BIO_printf(bio_err, "recognized usages:\n");
248 for(i = 0; i < X509_PURPOSE_get_count(); i++) 236 for (i = 0; i < X509_PURPOSE_get_count(); i++) {
249 {
250 X509_PURPOSE *ptmp; 237 X509_PURPOSE *ptmp;
251 ptmp = X509_PURPOSE_get0(i); 238 ptmp = X509_PURPOSE_get0(i);
252 BIO_printf(bio_err, "\t%-10s\t%s\n", 239 BIO_printf(bio_err, "\t%-10s\t%s\n",
253 X509_PURPOSE_get0_sname(ptmp), 240 X509_PURPOSE_get0_sname(ptmp),
254 X509_PURPOSE_get0_name(ptmp)); 241 X509_PURPOSE_get0_name(ptmp));
255 } 242 }
256 } 243 }
257 if (vpm) X509_VERIFY_PARAM_free(vpm); 244 if (vpm)
258 if (cert_ctx != NULL) X509_STORE_free(cert_ctx); 245 X509_VERIFY_PARAM_free(vpm);
246 if (cert_ctx != NULL)
247 X509_STORE_free(cert_ctx);
259 sk_X509_pop_free(untrusted, X509_free); 248 sk_X509_pop_free(untrusted, X509_free);
260 sk_X509_pop_free(trusted, X509_free); 249 sk_X509_pop_free(trusted, X509_free);
261 sk_X509_CRL_pop_free(crls, X509_CRL_free); 250 sk_X509_CRL_pop_free(crls, X509_CRL_free);
262 apps_shutdown(); 251 apps_shutdown();
263 return(ret < 0 ? 2 : ret); 252 return (ret < 0 ? 2 : ret);
264 } 253}
265 254
266static int check(X509_STORE *ctx, char *file, 255static int
267 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, 256check(X509_STORE * ctx, char *file,
268 STACK_OF(X509_CRL) *crls, ENGINE *e) 257 STACK_OF(X509) * uchain, STACK_OF(X509) * tchain,
269 { 258 STACK_OF(X509_CRL) * crls, ENGINE * e)
270 X509 *x=NULL; 259{
271 int i=0,ret=0; 260 X509 *x = NULL;
261 int i = 0, ret = 0;
272 X509_STORE_CTX *csc; 262 X509_STORE_CTX *csc;
273 263
274 x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); 264 x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
275 if (x == NULL) 265 if (x == NULL)
276 goto end; 266 goto end;
277 fprintf(stdout,"%s: ",(file == NULL)?"stdin":file); 267 fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
278 268
279 csc = X509_STORE_CTX_new(); 269 csc = X509_STORE_CTX_new();
280 if (csc == NULL) 270 if (csc == NULL) {
281 {
282 ERR_print_errors(bio_err); 271 ERR_print_errors(bio_err);
283 goto end; 272 goto end;
284 } 273 }
285 X509_STORE_set_flags(ctx, vflags); 274 X509_STORE_set_flags(ctx, vflags);
286 if(!X509_STORE_CTX_init(csc,ctx,x,uchain)) 275 if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
287 {
288 ERR_print_errors(bio_err); 276 ERR_print_errors(bio_err);
289 goto end; 277 goto end;
290 } 278 }
291 if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain); 279 if (tchain)
280 X509_STORE_CTX_trusted_stack(csc, tchain);
292 if (crls) 281 if (crls)
293 X509_STORE_CTX_set0_crls(csc, crls); 282 X509_STORE_CTX_set0_crls(csc, crls);
294 i=X509_verify_cert(csc); 283 i = X509_verify_cert(csc);
295 X509_STORE_CTX_free(csc); 284 X509_STORE_CTX_free(csc);
296 285
297 ret=0; 286 ret = 0;
298end: 287end:
299 if (i > 0) 288 if (i > 0) {
300 { 289 fprintf(stdout, "OK\n");
301 fprintf(stdout,"OK\n"); 290 ret = 1;
302 ret=1; 291 } else
303 }
304 else
305 ERR_print_errors(bio_err); 292 ERR_print_errors(bio_err);
306 if (x != NULL) X509_free(x); 293 if (x != NULL)
294 X509_free(x);
307 295
308 return(ret); 296 return (ret);
309 } 297}
310 298
311static int cb(int ok, X509_STORE_CTX *ctx) 299static int
312 { 300cb(int ok, X509_STORE_CTX * ctx)
301{
313 int cert_error = X509_STORE_CTX_get_error(ctx); 302 int cert_error = X509_STORE_CTX_get_error(ctx);
314 X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); 303 X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
315 304
316 if (!ok) 305 if (!ok) {
317 { 306 if (current_cert) {
318 if (current_cert)
319 {
320 X509_NAME_print_ex_fp(stdout, 307 X509_NAME_print_ex_fp(stdout,
321 X509_get_subject_name(current_cert), 308 X509_get_subject_name(current_cert),
322 0, XN_FLAG_ONELINE); 309 0, XN_FLAG_ONELINE);
323 printf("\n"); 310 printf("\n");
324 } 311 }
325 printf("%serror %d at %d depth lookup:%s\n", 312 printf("%serror %d at %d depth lookup:%s\n",
326 X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", 313 X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
327 cert_error, 314 cert_error,
328 X509_STORE_CTX_get_error_depth(ctx), 315 X509_STORE_CTX_get_error_depth(ctx),
329 X509_verify_cert_error_string(cert_error)); 316 X509_verify_cert_error_string(cert_error));
330 switch(cert_error) 317 switch (cert_error) {
331 { 318 case X509_V_ERR_NO_EXPLICIT_POLICY:
332 case X509_V_ERR_NO_EXPLICIT_POLICY: 319 policies_print(NULL, ctx);
333 policies_print(NULL, ctx); 320 case X509_V_ERR_CERT_HAS_EXPIRED:
334 case X509_V_ERR_CERT_HAS_EXPIRED: 321
335 322 /*
336 /* since we are just checking the certificates, it is 323 * since we are just checking the certificates, it is
337 * ok if they are self signed. But we should still warn 324 * ok if they are self signed. But we should still
338 * the user. 325 * warn the user.
339 */ 326 */
340 327
341 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 328 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
342 /* Continue after extension errors too */ 329 /* Continue after extension errors too */
343 case X509_V_ERR_INVALID_CA: 330 case X509_V_ERR_INVALID_CA:
344 case X509_V_ERR_INVALID_NON_CA: 331 case X509_V_ERR_INVALID_NON_CA:
345 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 332 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
346 case X509_V_ERR_INVALID_PURPOSE: 333 case X509_V_ERR_INVALID_PURPOSE:
347 case X509_V_ERR_CRL_HAS_EXPIRED: 334 case X509_V_ERR_CRL_HAS_EXPIRED:
348 case X509_V_ERR_CRL_NOT_YET_VALID: 335 case X509_V_ERR_CRL_NOT_YET_VALID:
349 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 336 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
350 ok = 1; 337 ok = 1;
351 338
352 } 339 }
353 340
354 return ok; 341 return ok;
355 342
356 } 343 }
357 if (cert_error == X509_V_OK && ok == 2) 344 if (cert_error == X509_V_OK && ok == 2)
358 policies_print(NULL, ctx); 345 policies_print(NULL, ctx);
359 if (!v_verbose) 346 if (!v_verbose)
360 ERR_clear_error(); 347 ERR_clear_error();
361 return(ok); 348 return (ok);
362 } 349}
diff --git a/src/lib/libssl/src/apps/version.c b/src/lib/libssl/src/apps/version.c
index 811ac26fc1..42920fc9f1 100644
--- a/src/lib/libssl/src/apps/version.c
+++ b/src/lib/libssl/src/apps/version.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -117,19 +117,19 @@
117#include <openssl/crypto.h> 117#include <openssl/crypto.h>
118#include <openssl/bn.h> 118#include <openssl/bn.h>
119#ifndef OPENSSL_NO_MD2 119#ifndef OPENSSL_NO_MD2
120# include <openssl/md2.h> 120#include <openssl/md2.h>
121#endif 121#endif
122#ifndef OPENSSL_NO_RC4 122#ifndef OPENSSL_NO_RC4
123# include <openssl/rc4.h> 123#include <openssl/rc4.h>
124#endif 124#endif
125#ifndef OPENSSL_NO_DES 125#ifndef OPENSSL_NO_DES
126# include <openssl/des.h> 126#include <openssl/des.h>
127#endif 127#endif
128#ifndef OPENSSL_NO_IDEA 128#ifndef OPENSSL_NO_IDEA
129# include <openssl/idea.h> 129#include <openssl/idea.h>
130#endif 130#endif
131#ifndef OPENSSL_NO_BF 131#ifndef OPENSSL_NO_BF
132# include <openssl/blowfish.h> 132#include <openssl/blowfish.h>
133#endif 133#endif
134 134
135#undef PROG 135#undef PROG
@@ -137,81 +137,81 @@
137 137
138int MAIN(int, char **); 138int MAIN(int, char **);
139 139
140int MAIN(int argc, char **argv) 140int
141 { 141MAIN(int argc, char **argv)
142 int i,ret=0; 142{
143 int cflags=0,version=0,date=0,options=0,platform=0,dir=0; 143 int i, ret = 0;
144 int cflags = 0, version = 0, date = 0, options = 0, platform = 0,
145 dir = 0;
144 146
145 apps_startup(); 147 apps_startup();
146 148
147 if (bio_err == NULL) 149 if (bio_err == NULL)
148 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 150 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
149 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 151 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
150 152
151 if (argc == 1) version=1; 153 if (argc == 1)
152 for (i=1; i<argc; i++) 154 version = 1;
153 { 155 for (i = 1; i < argc; i++) {
154 if (strcmp(argv[i],"-v") == 0) 156 if (strcmp(argv[i], "-v") == 0)
155 version=1; 157 version = 1;
156 else if (strcmp(argv[i],"-b") == 0) 158 else if (strcmp(argv[i], "-b") == 0)
157 date=1; 159 date = 1;
158 else if (strcmp(argv[i],"-f") == 0) 160 else if (strcmp(argv[i], "-f") == 0)
159 cflags=1; 161 cflags = 1;
160 else if (strcmp(argv[i],"-o") == 0) 162 else if (strcmp(argv[i], "-o") == 0)
161 options=1; 163 options = 1;
162 else if (strcmp(argv[i],"-p") == 0) 164 else if (strcmp(argv[i], "-p") == 0)
163 platform=1; 165 platform = 1;
164 else if (strcmp(argv[i],"-d") == 0) 166 else if (strcmp(argv[i], "-d") == 0)
165 dir=1; 167 dir = 1;
166 else if (strcmp(argv[i],"-a") == 0) 168 else if (strcmp(argv[i], "-a") == 0)
167 date=version=cflags=options=platform=dir=1; 169 date = version = cflags = options = platform = dir = 1;
168 else 170 else {
169 { 171 BIO_printf(bio_err, "usage:version -[avbofpd]\n");
170 BIO_printf(bio_err,"usage:version -[avbofpd]\n"); 172 ret = 1;
171 ret=1;
172 goto end; 173 goto end;
173 }
174 } 174 }
175 }
175 176
176 if (version) 177 if (version) {
177 { 178 if (SSLeay() == SSLEAY_VERSION_NUMBER) {
178 if (SSLeay() == SSLEAY_VERSION_NUMBER) 179 printf("%s\n", SSLeay_version(SSLEAY_VERSION));
179 { 180 } else {
180 printf("%s\n",SSLeay_version(SSLEAY_VERSION));
181 }
182 else
183 {
184 printf("%s (Library: %s)\n", 181 printf("%s (Library: %s)\n",
185 OPENSSL_VERSION_TEXT, 182 OPENSSL_VERSION_TEXT,
186 SSLeay_version(SSLEAY_VERSION)); 183 SSLeay_version(SSLEAY_VERSION));
187 }
188 } 184 }
189 if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); 185 }
190 if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); 186 if (date)
191 if (options) 187 printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
192 { 188 if (platform)
189 printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
190 if (options) {
193 printf("options: "); 191 printf("options: ");
194 printf("%s ",BN_options()); 192 printf("%s ", BN_options());
195#ifndef OPENSSL_NO_MD2 193#ifndef OPENSSL_NO_MD2
196 printf("%s ",MD2_options()); 194 printf("%s ", MD2_options());
197#endif 195#endif
198#ifndef OPENSSL_NO_RC4 196#ifndef OPENSSL_NO_RC4
199 printf("%s ",RC4_options()); 197 printf("%s ", RC4_options());
200#endif 198#endif
201#ifndef OPENSSL_NO_DES 199#ifndef OPENSSL_NO_DES
202 printf("%s ",DES_options()); 200 printf("%s ", DES_options());
203#endif 201#endif
204#ifndef OPENSSL_NO_IDEA 202#ifndef OPENSSL_NO_IDEA
205 printf("%s ",idea_options()); 203 printf("%s ", idea_options());
206#endif 204#endif
207#ifndef OPENSSL_NO_BF 205#ifndef OPENSSL_NO_BF
208 printf("%s ",BF_options()); 206 printf("%s ", BF_options());
209#endif 207#endif
210 printf("\n"); 208 printf("\n");
211 } 209 }
212 if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); 210 if (cflags)
213 if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); 211 printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
212 if (dir)
213 printf("%s\n", SSLeay_version(SSLEAY_DIR));
214end: 214end:
215 apps_shutdown(); 215 apps_shutdown();
216 return(ret); 216 return (ret);
217 } 217}
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 0026793a43..cdeff65109 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -87,411 +87,384 @@
87#define POSTFIX ".srl" 87#define POSTFIX ".srl"
88#define DEF_DAYS 30 88#define DEF_DAYS 30
89 89
90static const char *x509_usage[]={ 90static const char *x509_usage[] = {
91"usage: x509 args\n", 91 "usage: x509 args\n",
92" -inform arg - input format - default PEM (one of DER, NET or PEM)\n", 92 " -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
93" -outform arg - output format - default PEM (one of DER, NET or PEM)\n", 93 " -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
94" -keyform arg - private key format - default PEM\n", 94 " -keyform arg - private key format - default PEM\n",
95" -CAform arg - CA format - default PEM\n", 95 " -CAform arg - CA format - default PEM\n",
96" -CAkeyform arg - CA key format - default PEM\n", 96 " -CAkeyform arg - CA key format - default PEM\n",
97" -in arg - input file - default stdin\n", 97 " -in arg - input file - default stdin\n",
98" -out arg - output file - default stdout\n", 98 " -out arg - output file - default stdout\n",
99" -passin arg - private key password source\n", 99 " -passin arg - private key password source\n",
100" -serial - print serial number value\n", 100 " -serial - print serial number value\n",
101" -subject_hash - print subject hash value\n", 101 " -subject_hash - print subject hash value\n",
102#ifndef OPENSSL_NO_MD5 102#ifndef OPENSSL_NO_MD5
103" -subject_hash_old - print old-style (MD5) subject hash value\n", 103 " -subject_hash_old - print old-style (MD5) subject hash value\n",
104#endif 104#endif
105" -issuer_hash - print issuer hash value\n", 105 " -issuer_hash - print issuer hash value\n",
106#ifndef OPENSSL_NO_MD5 106#ifndef OPENSSL_NO_MD5
107" -issuer_hash_old - print old-style (MD5) issuer hash value\n", 107 " -issuer_hash_old - print old-style (MD5) issuer hash value\n",
108#endif 108#endif
109" -hash - synonym for -subject_hash\n", 109 " -hash - synonym for -subject_hash\n",
110" -subject - print subject DN\n", 110 " -subject - print subject DN\n",
111" -issuer - print issuer DN\n", 111 " -issuer - print issuer DN\n",
112" -email - print email address(es)\n", 112 " -email - print email address(es)\n",
113" -startdate - notBefore field\n", 113 " -startdate - notBefore field\n",
114" -enddate - notAfter field\n", 114 " -enddate - notAfter field\n",
115" -purpose - print out certificate purposes\n", 115 " -purpose - print out certificate purposes\n",
116" -dates - both Before and After dates\n", 116 " -dates - both Before and After dates\n",
117" -modulus - print the RSA key modulus\n", 117 " -modulus - print the RSA key modulus\n",
118" -pubkey - output the public key\n", 118 " -pubkey - output the public key\n",
119" -fingerprint - print the certificate fingerprint\n", 119 " -fingerprint - print the certificate fingerprint\n",
120" -alias - output certificate alias\n", 120 " -alias - output certificate alias\n",
121" -noout - no certificate output\n", 121 " -noout - no certificate output\n",
122" -ocspid - print OCSP hash values for the subject name and public key\n", 122 " -ocspid - print OCSP hash values for the subject name and public key\n",
123" -ocsp_uri - print OCSP Responder URL(s)\n", 123 " -ocsp_uri - print OCSP Responder URL(s)\n",
124" -trustout - output a \"trusted\" certificate\n", 124 " -trustout - output a \"trusted\" certificate\n",
125" -clrtrust - clear all trusted purposes\n", 125 " -clrtrust - clear all trusted purposes\n",
126" -clrreject - clear all rejected purposes\n", 126 " -clrreject - clear all rejected purposes\n",
127" -addtrust arg - trust certificate for a given purpose\n", 127 " -addtrust arg - trust certificate for a given purpose\n",
128" -addreject arg - reject certificate for a given purpose\n", 128 " -addreject arg - reject certificate for a given purpose\n",
129" -setalias arg - set certificate alias\n", 129 " -setalias arg - set certificate alias\n",
130" -days arg - How long till expiry of a signed certificate - def 30 days\n", 130 " -days arg - How long till expiry of a signed certificate - def 30 days\n",
131" -checkend arg - check whether the cert expires in the next arg seconds\n", 131 " -checkend arg - check whether the cert expires in the next arg seconds\n",
132" exit 1 if so, 0 if not\n", 132 " exit 1 if so, 0 if not\n",
133" -signkey arg - self sign cert with arg\n", 133 " -signkey arg - self sign cert with arg\n",
134" -x509toreq - output a certification request object\n", 134 " -x509toreq - output a certification request object\n",
135" -req - input is a certificate request, sign and output.\n", 135 " -req - input is a certificate request, sign and output.\n",
136" -CA arg - set the CA certificate, must be PEM format.\n", 136 " -CA arg - set the CA certificate, must be PEM format.\n",
137" -CAkey arg - set the CA key, must be PEM format\n", 137 " -CAkey arg - set the CA key, must be PEM format\n",
138" missing, it is assumed to be in the CA file.\n", 138 " missing, it is assumed to be in the CA file.\n",
139" -CAcreateserial - create serial number file if it does not exist\n", 139 " -CAcreateserial - create serial number file if it does not exist\n",
140" -CAserial arg - serial file\n", 140 " -CAserial arg - serial file\n",
141" -set_serial - serial number to use\n", 141 " -set_serial - serial number to use\n",
142" -text - print the certificate in text form\n", 142 " -text - print the certificate in text form\n",
143" -C - print out C code forms\n", 143 " -C - print out C code forms\n",
144" -md2/-md5/-sha1/-mdc2 - digest to use\n", 144 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
145" -extfile - configuration file with X509V3 extensions to add\n", 145 " -extfile - configuration file with X509V3 extensions to add\n",
146" -extensions - section from config file with X509V3 extensions to add\n", 146 " -extensions - section from config file with X509V3 extensions to add\n",
147" -clrext - delete extensions before signing and input certificate\n", 147 " -clrext - delete extensions before signing and input certificate\n",
148" -nameopt arg - various certificate name options\n", 148 " -nameopt arg - various certificate name options\n",
149#ifndef OPENSSL_NO_ENGINE 149#ifndef OPENSSL_NO_ENGINE
150" -engine e - use engine e, possibly a hardware device.\n", 150 " -engine e - use engine e, possibly a hardware device.\n",
151#endif 151#endif
152" -certopt arg - various certificate text options\n", 152 " -certopt arg - various certificate text options\n",
153NULL 153 NULL
154}; 154};
155 155
156static int callb(int ok, X509_STORE_CTX *ctx); 156static int callb(int ok, X509_STORE_CTX * ctx);
157static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, 157static int
158 CONF *conf, char *section); 158sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
159static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, 159 CONF * conf, char *section);
160 X509 *x,X509 *xca,EVP_PKEY *pkey, 160static int
161 STACK_OF(OPENSSL_STRING) *sigopts, 161x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest,
162 char *serial, int create ,int days, int clrext, 162 X509 * x, X509 * xca, EVP_PKEY * pkey,
163 CONF *conf, char *section, ASN1_INTEGER *sno); 163 STACK_OF(OPENSSL_STRING) * sigopts,
164static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); 164 char *serial, int create, int days, int clrext,
165static int reqfile=0; 165 CONF * conf, char *section, ASN1_INTEGER * sno);
166 166 static int purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt);
167int MAIN(int, char **); 167 static int reqfile = 0;
168 168
169int MAIN(int argc, char **argv) 169 int MAIN(int, char **);
170 { 170
171 int MAIN(int argc, char **argv)
172{
171 ENGINE *e = NULL; 173 ENGINE *e = NULL;
172 int ret=1; 174 int ret = 1;
173 X509_REQ *req=NULL; 175 X509_REQ *req = NULL;
174 X509 *x=NULL,*xca=NULL; 176 X509 *x = NULL, *xca = NULL;
175 ASN1_OBJECT *objtmp; 177 ASN1_OBJECT *objtmp;
176 STACK_OF(OPENSSL_STRING) *sigopts = NULL; 178 STACK_OF(OPENSSL_STRING) * sigopts = NULL;
177 EVP_PKEY *Upkey=NULL,*CApkey=NULL; 179 EVP_PKEY *Upkey = NULL, *CApkey = NULL;
178 ASN1_INTEGER *sno = NULL; 180 ASN1_INTEGER *sno = NULL;
179 int i,num,badops=0; 181 int i, num, badops = 0;
180 BIO *out=NULL; 182 BIO *out = NULL;
181 BIO *STDout=NULL; 183 BIO *STDout = NULL;
182 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; 184 STACK_OF(ASN1_OBJECT) * trust = NULL, *reject = NULL;
183 int informat,outformat,keyformat,CAformat,CAkeyformat; 185 int informat, outformat, keyformat, CAformat, CAkeyformat;
184 char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; 186 char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
185 char *CAkeyfile=NULL,*CAserial=NULL; 187 char *CAkeyfile = NULL, *CAserial = NULL;
186 char *alias=NULL; 188 char *alias = NULL;
187 int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; 189 int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0,
188 int next_serial=0; 190 enddate = 0;
189 int subject_hash=0,issuer_hash=0,ocspid=0; 191 int next_serial = 0;
192 int subject_hash = 0, issuer_hash = 0, ocspid = 0;
190#ifndef OPENSSL_NO_MD5 193#ifndef OPENSSL_NO_MD5
191 int subject_hash_old=0,issuer_hash_old=0; 194 int subject_hash_old = 0, issuer_hash_old = 0;
192#endif 195#endif
193 int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; 196 int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0,
194 int ocsp_uri=0; 197 email = 0;
195 int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; 198 int ocsp_uri = 0;
196 int C=0; 199 int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
197 int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; 200 int C = 0;
201 int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
198 int pprint = 0; 202 int pprint = 0;
199 const char **pp; 203 const char **pp;
200 X509_STORE *ctx=NULL; 204 X509_STORE *ctx = NULL;
201 X509_REQ *rq=NULL; 205 X509_REQ *rq = NULL;
202 int fingerprint=0; 206 int fingerprint = 0;
203 char buf[256]; 207 char buf[256];
204 const EVP_MD *md_alg,*digest=NULL; 208 const EVP_MD *md_alg, *digest = NULL;
205 CONF *extconf = NULL; 209 CONF *extconf = NULL;
206 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; 210 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
207 int need_rand = 0; 211 int need_rand = 0;
208 int checkend=0,checkoffset=0; 212 int checkend = 0, checkoffset = 0;
209 unsigned long nmflag = 0, certflag = 0; 213 unsigned long nmflag = 0, certflag = 0;
210#ifndef OPENSSL_NO_ENGINE 214#ifndef OPENSSL_NO_ENGINE
211 char *engine=NULL; 215 char *engine = NULL;
212#endif 216#endif
213 217
214 reqfile=0; 218 reqfile = 0;
215 219
216 apps_startup(); 220 apps_startup();
217 221
218 if (bio_err == NULL) 222 if (bio_err == NULL)
219 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 223 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
220 224
221 if (!load_config(bio_err, NULL)) 225 if (!load_config(bio_err, NULL))
222 goto end; 226 goto end;
223 STDout=BIO_new_fp(stdout,BIO_NOCLOSE); 227 STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
224 228
225 informat=FORMAT_PEM; 229 informat = FORMAT_PEM;
226 outformat=FORMAT_PEM; 230 outformat = FORMAT_PEM;
227 keyformat=FORMAT_PEM; 231 keyformat = FORMAT_PEM;
228 CAformat=FORMAT_PEM; 232 CAformat = FORMAT_PEM;
229 CAkeyformat=FORMAT_PEM; 233 CAkeyformat = FORMAT_PEM;
230 234
231 ctx=X509_STORE_new(); 235 ctx = X509_STORE_new();
232 if (ctx == NULL) goto end; 236 if (ctx == NULL)
233 X509_STORE_set_verify_cb(ctx,callb); 237 goto end;
238 X509_STORE_set_verify_cb(ctx, callb);
234 239
235 argc--; 240 argc--;
236 argv++; 241 argv++;
237 num=0; 242 num = 0;
238 while (argc >= 1) 243 while (argc >= 1) {
239 { 244 if (strcmp(*argv, "-inform") == 0) {
240 if (strcmp(*argv,"-inform") == 0) 245 if (--argc < 1)
241 { 246 goto bad;
242 if (--argc < 1) goto bad; 247 informat = str2fmt(*(++argv));
243 informat=str2fmt(*(++argv)); 248 } else if (strcmp(*argv, "-outform") == 0) {
244 } 249 if (--argc < 1)
245 else if (strcmp(*argv,"-outform") == 0) 250 goto bad;
246 { 251 outformat = str2fmt(*(++argv));
247 if (--argc < 1) goto bad; 252 } else if (strcmp(*argv, "-keyform") == 0) {
248 outformat=str2fmt(*(++argv)); 253 if (--argc < 1)
249 } 254 goto bad;
250 else if (strcmp(*argv,"-keyform") == 0) 255 keyformat = str2fmt(*(++argv));
251 { 256 } else if (strcmp(*argv, "-req") == 0) {
252 if (--argc < 1) goto bad; 257 reqfile = 1;
253 keyformat=str2fmt(*(++argv));
254 }
255 else if (strcmp(*argv,"-req") == 0)
256 {
257 reqfile=1;
258 need_rand = 1; 258 need_rand = 1;
259 } 259 } else if (strcmp(*argv, "-CAform") == 0) {
260 else if (strcmp(*argv,"-CAform") == 0) 260 if (--argc < 1)
261 { 261 goto bad;
262 if (--argc < 1) goto bad; 262 CAformat = str2fmt(*(++argv));
263 CAformat=str2fmt(*(++argv)); 263 } else if (strcmp(*argv, "-CAkeyform") == 0) {
264 } 264 if (--argc < 1)
265 else if (strcmp(*argv,"-CAkeyform") == 0) 265 goto bad;
266 { 266 CAkeyformat = str2fmt(*(++argv));
267 if (--argc < 1) goto bad; 267 } else if (strcmp(*argv, "-sigopt") == 0) {
268 CAkeyformat=str2fmt(*(++argv));
269 }
270 else if (strcmp(*argv,"-sigopt") == 0)
271 {
272 if (--argc < 1) 268 if (--argc < 1)
273 goto bad; 269 goto bad;
274 if (!sigopts) 270 if (!sigopts)
275 sigopts = sk_OPENSSL_STRING_new_null(); 271 sigopts = sk_OPENSSL_STRING_new_null();
276 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) 272 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
277 goto bad; 273 goto bad;
278 } 274 } else if (strcmp(*argv, "-days") == 0) {
279 else if (strcmp(*argv,"-days") == 0) 275 if (--argc < 1)
280 { 276 goto bad;
281 if (--argc < 1) goto bad; 277 days = atoi(*(++argv));
282 days=atoi(*(++argv)); 278 if (days == 0) {
283 if (days == 0) 279 BIO_printf(bio_err, "bad number of days\n");
284 {
285 BIO_printf(bio_err,"bad number of days\n");
286 goto bad; 280 goto bad;
287 }
288 }
289 else if (strcmp(*argv,"-passin") == 0)
290 {
291 if (--argc < 1) goto bad;
292 passargin= *(++argv);
293 }
294 else if (strcmp(*argv,"-extfile") == 0)
295 {
296 if (--argc < 1) goto bad;
297 extfile= *(++argv);
298 }
299 else if (strcmp(*argv,"-extensions") == 0)
300 {
301 if (--argc < 1) goto bad;
302 extsect= *(++argv);
303 }
304 else if (strcmp(*argv,"-in") == 0)
305 {
306 if (--argc < 1) goto bad;
307 infile= *(++argv);
308 }
309 else if (strcmp(*argv,"-out") == 0)
310 {
311 if (--argc < 1) goto bad;
312 outfile= *(++argv);
313 } 281 }
314 else if (strcmp(*argv,"-signkey") == 0) 282 } else if (strcmp(*argv, "-passin") == 0) {
315 { 283 if (--argc < 1)
316 if (--argc < 1) goto bad; 284 goto bad;
317 keyfile= *(++argv); 285 passargin = *(++argv);
318 sign_flag= ++num; 286 } else if (strcmp(*argv, "-extfile") == 0) {
287 if (--argc < 1)
288 goto bad;
289 extfile = *(++argv);
290 } else if (strcmp(*argv, "-extensions") == 0) {
291 if (--argc < 1)
292 goto bad;
293 extsect = *(++argv);
294 } else if (strcmp(*argv, "-in") == 0) {
295 if (--argc < 1)
296 goto bad;
297 infile = *(++argv);
298 } else if (strcmp(*argv, "-out") == 0) {
299 if (--argc < 1)
300 goto bad;
301 outfile = *(++argv);
302 } else if (strcmp(*argv, "-signkey") == 0) {
303 if (--argc < 1)
304 goto bad;
305 keyfile = *(++argv);
306 sign_flag = ++num;
319 need_rand = 1; 307 need_rand = 1;
320 } 308 } else if (strcmp(*argv, "-CA") == 0) {
321 else if (strcmp(*argv,"-CA") == 0) 309 if (--argc < 1)
322 { 310 goto bad;
323 if (--argc < 1) goto bad; 311 CAfile = *(++argv);
324 CAfile= *(++argv); 312 CA_flag = ++num;
325 CA_flag= ++num;
326 need_rand = 1; 313 need_rand = 1;
327 } 314 } else if (strcmp(*argv, "-CAkey") == 0) {
328 else if (strcmp(*argv,"-CAkey") == 0) 315 if (--argc < 1)
329 { 316 goto bad;
330 if (--argc < 1) goto bad; 317 CAkeyfile = *(++argv);
331 CAkeyfile= *(++argv); 318 } else if (strcmp(*argv, "-CAserial") == 0) {
332 } 319 if (--argc < 1)
333 else if (strcmp(*argv,"-CAserial") == 0) 320 goto bad;
334 { 321 CAserial = *(++argv);
335 if (--argc < 1) goto bad; 322 } else if (strcmp(*argv, "-set_serial") == 0) {
336 CAserial= *(++argv); 323 if (--argc < 1)
337 } 324 goto bad;
338 else if (strcmp(*argv,"-set_serial") == 0)
339 {
340 if (--argc < 1) goto bad;
341 if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) 325 if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
342 goto bad; 326 goto bad;
343 } 327 } else if (strcmp(*argv, "-addtrust") == 0) {
344 else if (strcmp(*argv,"-addtrust") == 0) 328 if (--argc < 1)
345 { 329 goto bad;
346 if (--argc < 1) goto bad; 330 if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
347 if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
348 {
349 BIO_printf(bio_err, 331 BIO_printf(bio_err,
350 "Invalid trust object value %s\n", *argv); 332 "Invalid trust object value %s\n", *argv);
351 goto bad; 333 goto bad;
352 } 334 }
353 if (!trust) trust = sk_ASN1_OBJECT_new_null(); 335 if (!trust)
336 trust = sk_ASN1_OBJECT_new_null();
354 sk_ASN1_OBJECT_push(trust, objtmp); 337 sk_ASN1_OBJECT_push(trust, objtmp);
355 trustout = 1; 338 trustout = 1;
356 } 339 } else if (strcmp(*argv, "-addreject") == 0) {
357 else if (strcmp(*argv,"-addreject") == 0) 340 if (--argc < 1)
358 { 341 goto bad;
359 if (--argc < 1) goto bad; 342 if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
360 if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
361 {
362 BIO_printf(bio_err, 343 BIO_printf(bio_err,
363 "Invalid reject object value %s\n", *argv); 344 "Invalid reject object value %s\n", *argv);
364 goto bad; 345 goto bad;
365 } 346 }
366 if (!reject) reject = sk_ASN1_OBJECT_new_null(); 347 if (!reject)
348 reject = sk_ASN1_OBJECT_new_null();
367 sk_ASN1_OBJECT_push(reject, objtmp); 349 sk_ASN1_OBJECT_push(reject, objtmp);
368 trustout = 1; 350 trustout = 1;
369 } 351 } else if (strcmp(*argv, "-setalias") == 0) {
370 else if (strcmp(*argv,"-setalias") == 0) 352 if (--argc < 1)
371 { 353 goto bad;
372 if (--argc < 1) goto bad; 354 alias = *(++argv);
373 alias= *(++argv);
374 trustout = 1; 355 trustout = 1;
375 } 356 } else if (strcmp(*argv, "-certopt") == 0) {
376 else if (strcmp(*argv,"-certopt") == 0) 357 if (--argc < 1)
377 { 358 goto bad;
378 if (--argc < 1) goto bad; 359 if (!set_cert_ex(&certflag, *(++argv)))
379 if (!set_cert_ex(&certflag, *(++argv))) goto bad; 360 goto bad;
380 } 361 } else if (strcmp(*argv, "-nameopt") == 0) {
381 else if (strcmp(*argv,"-nameopt") == 0) 362 if (--argc < 1)
382 { 363 goto bad;
383 if (--argc < 1) goto bad; 364 if (!set_name_ex(&nmflag, *(++argv)))
384 if (!set_name_ex(&nmflag, *(++argv))) goto bad; 365 goto bad;
385 } 366 }
386#ifndef OPENSSL_NO_ENGINE 367#ifndef OPENSSL_NO_ENGINE
387 else if (strcmp(*argv,"-engine") == 0) 368 else if (strcmp(*argv, "-engine") == 0) {
388 { 369 if (--argc < 1)
389 if (--argc < 1) goto bad; 370 goto bad;
390 engine= *(++argv); 371 engine = *(++argv);
391 } 372 }
392#endif 373#endif
393 else if (strcmp(*argv,"-C") == 0) 374 else if (strcmp(*argv, "-C") == 0)
394 C= ++num; 375 C = ++num;
395 else if (strcmp(*argv,"-email") == 0) 376 else if (strcmp(*argv, "-email") == 0)
396 email= ++num; 377 email = ++num;
397 else if (strcmp(*argv,"-ocsp_uri") == 0) 378 else if (strcmp(*argv, "-ocsp_uri") == 0)
398 ocsp_uri= ++num; 379 ocsp_uri = ++num;
399 else if (strcmp(*argv,"-serial") == 0) 380 else if (strcmp(*argv, "-serial") == 0)
400 serial= ++num; 381 serial = ++num;
401 else if (strcmp(*argv,"-next_serial") == 0) 382 else if (strcmp(*argv, "-next_serial") == 0)
402 next_serial= ++num; 383 next_serial = ++num;
403 else if (strcmp(*argv,"-modulus") == 0) 384 else if (strcmp(*argv, "-modulus") == 0)
404 modulus= ++num; 385 modulus = ++num;
405 else if (strcmp(*argv,"-pubkey") == 0) 386 else if (strcmp(*argv, "-pubkey") == 0)
406 pubkey= ++num; 387 pubkey = ++num;
407 else if (strcmp(*argv,"-x509toreq") == 0) 388 else if (strcmp(*argv, "-x509toreq") == 0)
408 x509req= ++num; 389 x509req = ++num;
409 else if (strcmp(*argv,"-text") == 0) 390 else if (strcmp(*argv, "-text") == 0)
410 text= ++num; 391 text = ++num;
411 else if (strcmp(*argv,"-hash") == 0 392 else if (strcmp(*argv, "-hash") == 0
412 || strcmp(*argv,"-subject_hash") == 0) 393 || strcmp(*argv, "-subject_hash") == 0)
413 subject_hash= ++num; 394 subject_hash = ++num;
414#ifndef OPENSSL_NO_MD5 395#ifndef OPENSSL_NO_MD5
415 else if (strcmp(*argv,"-subject_hash_old") == 0) 396 else if (strcmp(*argv, "-subject_hash_old") == 0)
416 subject_hash_old= ++num; 397 subject_hash_old = ++num;
417#endif 398#endif
418 else if (strcmp(*argv,"-issuer_hash") == 0) 399 else if (strcmp(*argv, "-issuer_hash") == 0)
419 issuer_hash= ++num; 400 issuer_hash = ++num;
420#ifndef OPENSSL_NO_MD5 401#ifndef OPENSSL_NO_MD5
421 else if (strcmp(*argv,"-issuer_hash_old") == 0) 402 else if (strcmp(*argv, "-issuer_hash_old") == 0)
422 issuer_hash_old= ++num; 403 issuer_hash_old = ++num;
423#endif 404#endif
424 else if (strcmp(*argv,"-subject") == 0) 405 else if (strcmp(*argv, "-subject") == 0)
425 subject= ++num; 406 subject = ++num;
426 else if (strcmp(*argv,"-issuer") == 0) 407 else if (strcmp(*argv, "-issuer") == 0)
427 issuer= ++num; 408 issuer = ++num;
428 else if (strcmp(*argv,"-fingerprint") == 0) 409 else if (strcmp(*argv, "-fingerprint") == 0)
429 fingerprint= ++num; 410 fingerprint = ++num;
430 else if (strcmp(*argv,"-dates") == 0) 411 else if (strcmp(*argv, "-dates") == 0) {
431 { 412 startdate = ++num;
432 startdate= ++num; 413 enddate = ++num;
433 enddate= ++num; 414 } else if (strcmp(*argv, "-purpose") == 0)
434 } 415 pprint = ++num;
435 else if (strcmp(*argv,"-purpose") == 0) 416 else if (strcmp(*argv, "-startdate") == 0)
436 pprint= ++num; 417 startdate = ++num;
437 else if (strcmp(*argv,"-startdate") == 0) 418 else if (strcmp(*argv, "-enddate") == 0)
438 startdate= ++num; 419 enddate = ++num;
439 else if (strcmp(*argv,"-enddate") == 0) 420 else if (strcmp(*argv, "-checkend") == 0) {
440 enddate= ++num; 421 if (--argc < 1)
441 else if (strcmp(*argv,"-checkend") == 0) 422 goto bad;
442 { 423 checkoffset = atoi(*(++argv));
443 if (--argc < 1) goto bad; 424 checkend = 1;
444 checkoffset=atoi(*(++argv)); 425 } else if (strcmp(*argv, "-noout") == 0)
445 checkend=1; 426 noout = ++num;
446 } 427 else if (strcmp(*argv, "-trustout") == 0)
447 else if (strcmp(*argv,"-noout") == 0) 428 trustout = 1;
448 noout= ++num; 429 else if (strcmp(*argv, "-clrtrust") == 0)
449 else if (strcmp(*argv,"-trustout") == 0) 430 clrtrust = ++num;
450 trustout= 1; 431 else if (strcmp(*argv, "-clrreject") == 0)
451 else if (strcmp(*argv,"-clrtrust") == 0) 432 clrreject = ++num;
452 clrtrust= ++num; 433 else if (strcmp(*argv, "-alias") == 0)
453 else if (strcmp(*argv,"-clrreject") == 0) 434 aliasout = ++num;
454 clrreject= ++num; 435 else if (strcmp(*argv, "-CAcreateserial") == 0)
455 else if (strcmp(*argv,"-alias") == 0) 436 CA_createserial = ++num;
456 aliasout= ++num; 437 else if (strcmp(*argv, "-clrext") == 0)
457 else if (strcmp(*argv,"-CAcreateserial") == 0)
458 CA_createserial= ++num;
459 else if (strcmp(*argv,"-clrext") == 0)
460 clrext = 1; 438 clrext = 1;
461#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */ 439#if 1 /* stay backwards-compatible with 0.9.5; this
462 else if (strcmp(*argv,"-crlext") == 0) 440 * should go away soon */
463 { 441 else if (strcmp(*argv, "-crlext") == 0) {
464 BIO_printf(bio_err,"use -clrext instead of -crlext\n"); 442 BIO_printf(bio_err, "use -clrext instead of -crlext\n");
465 clrext = 1; 443 clrext = 1;
466 } 444 }
467#endif 445#endif
468 else if (strcmp(*argv,"-ocspid") == 0) 446 else if (strcmp(*argv, "-ocspid") == 0)
469 ocspid= ++num; 447 ocspid = ++num;
470 else if ((md_alg=EVP_get_digestbyname(*argv + 1))) 448 else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
471 {
472 /* ok */ 449 /* ok */
473 digest=md_alg; 450 digest = md_alg;
474 } 451 } else {
475 else 452 BIO_printf(bio_err, "unknown option %s\n", *argv);
476 { 453 badops = 1;
477 BIO_printf(bio_err,"unknown option %s\n",*argv);
478 badops=1;
479 break; 454 break;
480 } 455 }
481 argc--; 456 argc--;
482 argv++; 457 argv++;
483 } 458 }
484 459
485 if (badops) 460 if (badops) {
486 {
487bad: 461bad:
488 for (pp=x509_usage; (*pp != NULL); pp++) 462 for (pp = x509_usage; (*pp != NULL); pp++)
489 BIO_printf(bio_err,"%s",*pp); 463 BIO_printf(bio_err, "%s", *pp);
490 goto end; 464 goto end;
491 } 465 }
492
493#ifndef OPENSSL_NO_ENGINE 466#ifndef OPENSSL_NO_ENGINE
494 e = setup_engine(bio_err, engine, 0); 467 e = setup_engine(bio_err, engine, 0);
495#endif 468#endif
496 469
497 if (need_rand) 470 if (need_rand)
@@ -499,240 +472,195 @@ bad:
499 472
500 ERR_load_crypto_strings(); 473 ERR_load_crypto_strings();
501 474
502 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 475 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
503 {
504 BIO_printf(bio_err, "Error getting password\n"); 476 BIO_printf(bio_err, "Error getting password\n");
505 goto end; 477 goto end;
506 } 478 }
507 479 if (!X509_STORE_set_default_paths(ctx)) {
508 if (!X509_STORE_set_default_paths(ctx))
509 {
510 ERR_print_errors(bio_err); 480 ERR_print_errors(bio_err);
511 goto end; 481 goto end;
512 } 482 }
513 483 if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
514 if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) 484 CAkeyfile = CAfile;
515 { CAkeyfile=CAfile; } 485 } else if ((CA_flag) && (CAkeyfile == NULL)) {
516 else if ((CA_flag) && (CAkeyfile == NULL)) 486 BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n");
517 {
518 BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
519 goto end; 487 goto end;
520 } 488 }
521 489 if (extfile) {
522 if (extfile)
523 {
524 long errorline = -1; 490 long errorline = -1;
525 X509V3_CTX ctx2; 491 X509V3_CTX ctx2;
526 extconf = NCONF_new(NULL); 492 extconf = NCONF_new(NULL);
527 if (!NCONF_load(extconf, extfile,&errorline)) 493 if (!NCONF_load(extconf, extfile, &errorline)) {
528 {
529 if (errorline <= 0) 494 if (errorline <= 0)
530 BIO_printf(bio_err, 495 BIO_printf(bio_err,
531 "error loading the config file '%s'\n", 496 "error loading the config file '%s'\n",
532 extfile); 497 extfile);
533 else 498 else
534 BIO_printf(bio_err, 499 BIO_printf(bio_err,
535 "error on line %ld of config file '%s'\n" 500 "error on line %ld of config file '%s'\n"
536 ,errorline,extfile); 501 ,errorline, extfile);
537 goto end; 502 goto end;
538 } 503 }
539 if (!extsect) 504 if (!extsect) {
540 {
541 extsect = NCONF_get_string(extconf, "default", "extensions"); 505 extsect = NCONF_get_string(extconf, "default", "extensions");
542 if (!extsect) 506 if (!extsect) {
543 {
544 ERR_clear_error(); 507 ERR_clear_error();
545 extsect = "default"; 508 extsect = "default";
546 }
547 } 509 }
510 }
548 X509V3_set_ctx_test(&ctx2); 511 X509V3_set_ctx_test(&ctx2);
549 X509V3_set_nconf(&ctx2, extconf); 512 X509V3_set_nconf(&ctx2, extconf);
550 if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) 513 if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
551 {
552 BIO_printf(bio_err, 514 BIO_printf(bio_err,
553 "Error Loading extension section %s\n", 515 "Error Loading extension section %s\n",
554 extsect); 516 extsect);
555 ERR_print_errors(bio_err); 517 ERR_print_errors(bio_err);
556 goto end; 518 goto end;
557 }
558 } 519 }
559 520 }
560 521 if (reqfile) {
561 if (reqfile)
562 {
563 EVP_PKEY *pkey; 522 EVP_PKEY *pkey;
564 BIO *in; 523 BIO *in;
565 524
566 if (!sign_flag && !CA_flag) 525 if (!sign_flag && !CA_flag) {
567 { 526 BIO_printf(bio_err, "We need a private key to sign with\n");
568 BIO_printf(bio_err,"We need a private key to sign with\n");
569 goto end; 527 goto end;
570 } 528 }
571 in=BIO_new(BIO_s_file()); 529 in = BIO_new(BIO_s_file());
572 if (in == NULL) 530 if (in == NULL) {
573 {
574 ERR_print_errors(bio_err); 531 ERR_print_errors(bio_err);
575 goto end; 532 goto end;
576 } 533 }
577
578 if (infile == NULL) 534 if (infile == NULL)
579 BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT); 535 BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
580 else 536 else {
581 { 537 if (BIO_read_filename(in, infile) <= 0) {
582 if (BIO_read_filename(in,infile) <= 0)
583 {
584 perror(infile); 538 perror(infile);
585 BIO_free(in); 539 BIO_free(in);
586 goto end; 540 goto end;
587 }
588 } 541 }
589 req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); 542 }
543 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
590 BIO_free(in); 544 BIO_free(in);
591 545
592 if (req == NULL) 546 if (req == NULL) {
593 {
594 ERR_print_errors(bio_err); 547 ERR_print_errors(bio_err);
595 goto end; 548 goto end;
596 } 549 }
597 550 if ((req->req_info == NULL) ||
598 if ( (req->req_info == NULL) || 551 (req->req_info->pubkey == NULL) ||
599 (req->req_info->pubkey == NULL) || 552 (req->req_info->pubkey->public_key == NULL) ||
600 (req->req_info->pubkey->public_key == NULL) || 553 (req->req_info->pubkey->public_key->data == NULL)) {
601 (req->req_info->pubkey->public_key->data == NULL)) 554 BIO_printf(bio_err, "The certificate request appears to corrupted\n");
602 { 555 BIO_printf(bio_err, "It does not contain a public key\n");
603 BIO_printf(bio_err,"The certificate request appears to corrupted\n");
604 BIO_printf(bio_err,"It does not contain a public key\n");
605 goto end; 556 goto end;
606 } 557 }
607 if ((pkey=X509_REQ_get_pubkey(req)) == NULL) 558 if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
608 { 559 BIO_printf(bio_err, "error unpacking public key\n");
609 BIO_printf(bio_err,"error unpacking public key\n"); 560 goto end;
610 goto end; 561 }
611 } 562 i = X509_REQ_verify(req, pkey);
612 i=X509_REQ_verify(req,pkey);
613 EVP_PKEY_free(pkey); 563 EVP_PKEY_free(pkey);
614 if (i < 0) 564 if (i < 0) {
615 { 565 BIO_printf(bio_err, "Signature verification error\n");
616 BIO_printf(bio_err,"Signature verification error\n");
617 ERR_print_errors(bio_err); 566 ERR_print_errors(bio_err);
618 goto end; 567 goto end;
619 } 568 }
620 if (i == 0) 569 if (i == 0) {
621 { 570 BIO_printf(bio_err, "Signature did not match the certificate request\n");
622 BIO_printf(bio_err,"Signature did not match the certificate request\n");
623 goto end; 571 goto end;
624 } 572 } else
625 else 573 BIO_printf(bio_err, "Signature ok\n");
626 BIO_printf(bio_err,"Signature ok\n");
627 574
628 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); 575 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
629 576
630 if ((x=X509_new()) == NULL) goto end; 577 if ((x = X509_new()) == NULL)
578 goto end;
631 579
632 if (sno == NULL) 580 if (sno == NULL) {
633 {
634 sno = ASN1_INTEGER_new(); 581 sno = ASN1_INTEGER_new();
635 if (!sno || !rand_serial(NULL, sno)) 582 if (!sno || !rand_serial(NULL, sno))
636 goto end; 583 goto end;
637 if (!X509_set_serialNumber(x, sno)) 584 if (!X509_set_serialNumber(x, sno))
638 goto end; 585 goto end;
639 ASN1_INTEGER_free(sno); 586 ASN1_INTEGER_free(sno);
640 sno = NULL; 587 sno = NULL;
641 } 588 } else if (!X509_set_serialNumber(x, sno))
642 else if (!X509_set_serialNumber(x, sno))
643 goto end; 589 goto end;
644 590
645 if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; 591 if (!X509_set_issuer_name(x, req->req_info->subject))
646 if (!X509_set_subject_name(x,req->req_info->subject)) goto end; 592 goto end;
593 if (!X509_set_subject_name(x, req->req_info->subject))
594 goto end;
647 595
648 X509_gmtime_adj(X509_get_notBefore(x),0); 596 X509_gmtime_adj(X509_get_notBefore(x), 0);
649 X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); 597 X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
650 598
651 pkey = X509_REQ_get_pubkey(req); 599 pkey = X509_REQ_get_pubkey(req);
652 X509_set_pubkey(x,pkey); 600 X509_set_pubkey(x, pkey);
653 EVP_PKEY_free(pkey); 601 EVP_PKEY_free(pkey);
654 } 602 } else
655 else 603 x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
656 x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
657
658 if (x == NULL) goto end;
659 if (CA_flag)
660 {
661 xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
662 if (xca == NULL) goto end;
663 }
664 604
665 if (!noout || text || next_serial) 605 if (x == NULL)
666 { 606 goto end;
607 if (CA_flag) {
608 xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
609 if (xca == NULL)
610 goto end;
611 }
612 if (!noout || text || next_serial) {
667 OBJ_create("2.99999.3", 613 OBJ_create("2.99999.3",
668 "SET.ex3","SET x509v3 extension 3"); 614 "SET.ex3", "SET x509v3 extension 3");
669 615
670 out=BIO_new(BIO_s_file()); 616 out = BIO_new(BIO_s_file());
671 if (out == NULL) 617 if (out == NULL) {
672 {
673 ERR_print_errors(bio_err); 618 ERR_print_errors(bio_err);
674 goto end; 619 goto end;
675 } 620 }
676 if (outfile == NULL) 621 if (outfile == NULL) {
677 { 622 BIO_set_fp(out, stdout, BIO_NOCLOSE);
678 BIO_set_fp(out,stdout,BIO_NOCLOSE); 623 } else {
679 } 624 if (BIO_write_filename(out, outfile) <= 0) {
680 else
681 {
682 if (BIO_write_filename(out,outfile) <= 0)
683 {
684 perror(outfile); 625 perror(outfile);
685 goto end; 626 goto end;
686 }
687 } 627 }
688 } 628 }
629 }
630 if (alias)
631 X509_alias_set1(x, (unsigned char *) alias, -1);
689 632
690 if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); 633 if (clrtrust)
691 634 X509_trust_clear(x);
692 if (clrtrust) X509_trust_clear(x); 635 if (clrreject)
693 if (clrreject) X509_reject_clear(x); 636 X509_reject_clear(x);
694 637
695 if (trust) 638 if (trust) {
696 { 639 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
697 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
698 {
699 objtmp = sk_ASN1_OBJECT_value(trust, i); 640 objtmp = sk_ASN1_OBJECT_value(trust, i);
700 X509_add1_trust_object(x, objtmp); 641 X509_add1_trust_object(x, objtmp);
701 }
702 } 642 }
703 643 }
704 if (reject) 644 if (reject) {
705 { 645 for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
706 for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
707 {
708 objtmp = sk_ASN1_OBJECT_value(reject, i); 646 objtmp = sk_ASN1_OBJECT_value(reject, i);
709 X509_add1_reject_object(x, objtmp); 647 X509_add1_reject_object(x, objtmp);
710 }
711 } 648 }
712 649 }
713 if (num) 650 if (num) {
714 { 651 for (i = 1; i <= num; i++) {
715 for (i=1; i<=num; i++) 652 if (issuer == i) {
716 {
717 if (issuer == i)
718 {
719 print_name(STDout, "issuer= ", 653 print_name(STDout, "issuer= ",
720 X509_get_issuer_name(x), nmflag); 654 X509_get_issuer_name(x), nmflag);
721 } 655 } else if (subject == i) {
722 else if (subject == i)
723 {
724 print_name(STDout, "subject= ", 656 print_name(STDout, "subject= ",
725 X509_get_subject_name(x), nmflag); 657 X509_get_subject_name(x), nmflag);
726 } 658 } else if (serial == i) {
727 else if (serial == i) 659 BIO_printf(STDout, "serial=");
728 {
729 BIO_printf(STDout,"serial=");
730 i2a_ASN1_INTEGER(STDout, 660 i2a_ASN1_INTEGER(STDout,
731 X509_get_serialNumber(x)); 661 X509_get_serialNumber(x));
732 BIO_printf(STDout,"\n"); 662 BIO_printf(STDout, "\n");
733 } 663 } else if (next_serial == i) {
734 else if (next_serial == i)
735 {
736 BIGNUM *bnser; 664 BIGNUM *bnser;
737 ASN1_INTEGER *ser; 665 ASN1_INTEGER *ser;
738 ser = X509_get_serialNumber(x); 666 ser = X509_get_serialNumber(x);
@@ -748,174 +676,147 @@ bad:
748 i2a_ASN1_INTEGER(out, ser); 676 i2a_ASN1_INTEGER(out, ser);
749 ASN1_INTEGER_free(ser); 677 ASN1_INTEGER_free(ser);
750 BIO_puts(out, "\n"); 678 BIO_puts(out, "\n");
751 } 679 } else if ((email == i) || (ocsp_uri == i)) {
752 else if ((email == i) || (ocsp_uri == i))
753 {
754 int j; 680 int j;
755 STACK_OF(OPENSSL_STRING) *emlst; 681 STACK_OF(OPENSSL_STRING) * emlst;
756 if (email == i) 682 if (email == i)
757 emlst = X509_get1_email(x); 683 emlst = X509_get1_email(x);
758 else 684 else
759 emlst = X509_get1_ocsp(x); 685 emlst = X509_get1_ocsp(x);
760 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) 686 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
761 BIO_printf(STDout, "%s\n", 687 BIO_printf(STDout, "%s\n",
762 sk_OPENSSL_STRING_value(emlst, j)); 688 sk_OPENSSL_STRING_value(emlst, j));
763 X509_email_free(emlst); 689 X509_email_free(emlst);
764 } 690 } else if (aliasout == i) {
765 else if (aliasout == i)
766 {
767 unsigned char *alstr; 691 unsigned char *alstr;
768 alstr = X509_alias_get0(x, NULL); 692 alstr = X509_alias_get0(x, NULL);
769 if (alstr) BIO_printf(STDout,"%s\n", alstr); 693 if (alstr)
770 else BIO_puts(STDout,"<No Alias>\n"); 694 BIO_printf(STDout, "%s\n", alstr);
771 } 695 else
772 else if (subject_hash == i) 696 BIO_puts(STDout, "<No Alias>\n");
773 { 697 } else if (subject_hash == i) {
774 BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); 698 BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
775 } 699 }
776#ifndef OPENSSL_NO_MD5 700#ifndef OPENSSL_NO_MD5
777 else if (subject_hash_old == i) 701 else if (subject_hash_old == i) {
778 { 702 BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
779 BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x)); 703 }
780 }
781#endif 704#endif
782 else if (issuer_hash == i) 705 else if (issuer_hash == i) {
783 { 706 BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
784 BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); 707 }
785 }
786#ifndef OPENSSL_NO_MD5 708#ifndef OPENSSL_NO_MD5
787 else if (issuer_hash_old == i) 709 else if (issuer_hash_old == i) {
788 { 710 BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x));
789 BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x)); 711 }
790 }
791#endif 712#endif
792 else if (pprint == i) 713 else if (pprint == i) {
793 {
794 X509_PURPOSE *ptmp; 714 X509_PURPOSE *ptmp;
795 int j; 715 int j;
796 BIO_printf(STDout, "Certificate purposes:\n"); 716 BIO_printf(STDout, "Certificate purposes:\n");
797 for (j = 0; j < X509_PURPOSE_get_count(); j++) 717 for (j = 0; j < X509_PURPOSE_get_count(); j++) {
798 {
799 ptmp = X509_PURPOSE_get0(j); 718 ptmp = X509_PURPOSE_get0(j);
800 purpose_print(STDout, x, ptmp); 719 purpose_print(STDout, x, ptmp);
801 }
802 } 720 }
803 else 721 } else if (modulus == i) {
804 if (modulus == i)
805 {
806 EVP_PKEY *pkey; 722 EVP_PKEY *pkey;
807 723
808 pkey=X509_get_pubkey(x); 724 pkey = X509_get_pubkey(x);
809 if (pkey == NULL) 725 if (pkey == NULL) {
810 { 726 BIO_printf(bio_err, "Modulus=unavailable\n");
811 BIO_printf(bio_err,"Modulus=unavailable\n");
812 ERR_print_errors(bio_err); 727 ERR_print_errors(bio_err);
813 goto end; 728 goto end;
814 } 729 }
815 BIO_printf(STDout,"Modulus="); 730 BIO_printf(STDout, "Modulus=");
816#ifndef OPENSSL_NO_RSA 731#ifndef OPENSSL_NO_RSA
817 if (pkey->type == EVP_PKEY_RSA) 732 if (pkey->type == EVP_PKEY_RSA)
818 BN_print(STDout,pkey->pkey.rsa->n); 733 BN_print(STDout, pkey->pkey.rsa->n);
819 else 734 else
820#endif 735#endif
821#ifndef OPENSSL_NO_DSA 736#ifndef OPENSSL_NO_DSA
822 if (pkey->type == EVP_PKEY_DSA) 737 if (pkey->type == EVP_PKEY_DSA)
823 BN_print(STDout,pkey->pkey.dsa->pub_key); 738 BN_print(STDout, pkey->pkey.dsa->pub_key);
824 else 739 else
825#endif 740#endif
826 BIO_printf(STDout,"Wrong Algorithm type"); 741 BIO_printf(STDout, "Wrong Algorithm type");
827 BIO_printf(STDout,"\n"); 742 BIO_printf(STDout, "\n");
828 EVP_PKEY_free(pkey); 743 EVP_PKEY_free(pkey);
829 } 744 } else if (pubkey == i) {
830 else
831 if (pubkey == i)
832 {
833 EVP_PKEY *pkey; 745 EVP_PKEY *pkey;
834 746
835 pkey=X509_get_pubkey(x); 747 pkey = X509_get_pubkey(x);
836 if (pkey == NULL) 748 if (pkey == NULL) {
837 { 749 BIO_printf(bio_err, "Error getting public key\n");
838 BIO_printf(bio_err,"Error getting public key\n");
839 ERR_print_errors(bio_err); 750 ERR_print_errors(bio_err);
840 goto end; 751 goto end;
841 } 752 }
842 PEM_write_bio_PUBKEY(STDout, pkey); 753 PEM_write_bio_PUBKEY(STDout, pkey);
843 EVP_PKEY_free(pkey); 754 EVP_PKEY_free(pkey);
844 } 755 } else if (C == i) {
845 else
846 if (C == i)
847 {
848 unsigned char *d; 756 unsigned char *d;
849 char *m; 757 char *m;
850 int y,z; 758 int y, z;
851 759
852 X509_NAME_oneline(X509_get_subject_name(x), 760 X509_NAME_oneline(X509_get_subject_name(x),
853 buf,sizeof buf); 761 buf, sizeof buf);
854 BIO_printf(STDout,"/* subject:%s */\n",buf); 762 BIO_printf(STDout, "/* subject:%s */\n", buf);
855 m=X509_NAME_oneline( 763 m = X509_NAME_oneline(
856 X509_get_issuer_name(x),buf, 764 X509_get_issuer_name(x), buf,
857 sizeof buf); 765 sizeof buf);
858 BIO_printf(STDout,"/* issuer :%s */\n",buf); 766 BIO_printf(STDout, "/* issuer :%s */\n", buf);
859 767
860 z=i2d_X509(x,NULL); 768 z = i2d_X509(x, NULL);
861 m=malloc(z); 769 m = malloc(z);
862 770
863 d=(unsigned char *)m; 771 d = (unsigned char *) m;
864 z=i2d_X509_NAME(X509_get_subject_name(x),&d); 772 z = i2d_X509_NAME(X509_get_subject_name(x), &d);
865 BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); 773 BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n", z);
866 d=(unsigned char *)m; 774 d = (unsigned char *) m;
867 for (y=0; y<z; y++) 775 for (y = 0; y < z; y++) {
868 { 776 BIO_printf(STDout, "0x%02X,", d[y]);
869 BIO_printf(STDout,"0x%02X,",d[y]);
870 if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
871 }
872 if (y%16 != 0) BIO_printf(STDout,"\n");
873 BIO_printf(STDout,"};\n");
874
875 z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
876 BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
877 d=(unsigned char *)m;
878 for (y=0; y<z; y++)
879 {
880 BIO_printf(STDout,"0x%02X,",d[y]);
881 if ((y & 0x0f) == 0x0f) 777 if ((y & 0x0f) == 0x0f)
882 BIO_printf(STDout,"\n"); 778 BIO_printf(STDout, "\n");
883 }
884 if (y%16 != 0) BIO_printf(STDout,"\n");
885 BIO_printf(STDout,"};\n");
886
887 z=i2d_X509(x,&d);
888 BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
889 d=(unsigned char *)m;
890 for (y=0; y<z; y++)
891 {
892 BIO_printf(STDout,"0x%02X,",d[y]);
893 if ((y & 0x0f) == 0x0f)
894 BIO_printf(STDout,"\n");
895 }
896 if (y%16 != 0) BIO_printf(STDout,"\n");
897 BIO_printf(STDout,"};\n");
898
899 free(m);
900 }
901 else if (text == i)
902 {
903 X509_print_ex(STDout,x,nmflag, certflag);
904 } 779 }
905 else if (startdate == i) 780 if (y % 16 != 0)
906 { 781 BIO_printf(STDout, "\n");
907 BIO_puts(STDout,"notBefore="); 782 BIO_printf(STDout, "};\n");
908 ASN1_TIME_print(STDout,X509_get_notBefore(x)); 783
909 BIO_puts(STDout,"\n"); 784 z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
785 BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z);
786 d = (unsigned char *) m;
787 for (y = 0; y < z; y++) {
788 BIO_printf(STDout, "0x%02X,", d[y]);
789 if ((y & 0x0f) == 0x0f)
790 BIO_printf(STDout, "\n");
910 } 791 }
911 else if (enddate == i) 792 if (y % 16 != 0)
912 { 793 BIO_printf(STDout, "\n");
913 BIO_puts(STDout,"notAfter="); 794 BIO_printf(STDout, "};\n");
914 ASN1_TIME_print(STDout,X509_get_notAfter(x)); 795
915 BIO_puts(STDout,"\n"); 796 z = i2d_X509(x, &d);
797 BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n", z);
798 d = (unsigned char *) m;
799 for (y = 0; y < z; y++) {
800 BIO_printf(STDout, "0x%02X,", d[y]);
801 if ((y & 0x0f) == 0x0f)
802 BIO_printf(STDout, "\n");
916 } 803 }
917 else if (fingerprint == i) 804 if (y % 16 != 0)
918 { 805 BIO_printf(STDout, "\n");
806 BIO_printf(STDout, "};\n");
807
808 free(m);
809 } else if (text == i) {
810 X509_print_ex(STDout, x, nmflag, certflag);
811 } else if (startdate == i) {
812 BIO_puts(STDout, "notBefore=");
813 ASN1_TIME_print(STDout, X509_get_notBefore(x));
814 BIO_puts(STDout, "\n");
815 } else if (enddate == i) {
816 BIO_puts(STDout, "notAfter=");
817 ASN1_TIME_print(STDout, X509_get_notAfter(x));
818 BIO_puts(STDout, "\n");
819 } else if (fingerprint == i) {
919 int j; 820 int j;
920 unsigned int n; 821 unsigned int n;
921 unsigned char md[EVP_MAX_MD_SIZE]; 822 unsigned char md[EVP_MAX_MD_SIZE];
@@ -924,150 +825,124 @@ bad:
924 if (!fdig) 825 if (!fdig)
925 fdig = EVP_sha1(); 826 fdig = EVP_sha1();
926 827
927 if (!X509_digest(x,fdig,md,&n)) 828 if (!X509_digest(x, fdig, md, &n)) {
928 { 829 BIO_printf(bio_err, "out of memory\n");
929 BIO_printf(bio_err,"out of memory\n");
930 goto end; 830 goto end;
931 }
932 BIO_printf(STDout,"%s Fingerprint=",
933 OBJ_nid2sn(EVP_MD_type(fdig)));
934 for (j=0; j<(int)n; j++)
935 {
936 BIO_printf(STDout,"%02X%c",md[j],
937 (j+1 == (int)n)
938 ?'\n':':');
939 }
940 } 831 }
941 832 BIO_printf(STDout, "%s Fingerprint=",
833 OBJ_nid2sn(EVP_MD_type(fdig)));
834 for (j = 0; j < (int) n; j++) {
835 BIO_printf(STDout, "%02X%c", md[j],
836 (j + 1 == (int) n)
837 ? '\n' : ':');
838 }
839 }
942 /* should be in the library */ 840 /* should be in the library */
943 else if ((sign_flag == i) && (x509req == 0)) 841 else if ((sign_flag == i) && (x509req == 0)) {
944 { 842 BIO_printf(bio_err, "Getting Private key\n");
945 BIO_printf(bio_err,"Getting Private key\n"); 843 if (Upkey == NULL) {
946 if (Upkey == NULL) 844 Upkey = load_key(bio_err,
947 { 845 keyfile, keyformat, 0,
948 Upkey=load_key(bio_err, 846 passin, e, "Private key");
949 keyfile, keyformat, 0, 847 if (Upkey == NULL)
950 passin, e, "Private key"); 848 goto end;
951 if (Upkey == NULL) goto end; 849 }
952 }
953
954 assert(need_rand); 850 assert(need_rand);
955 if (!sign(x,Upkey,days,clrext,digest, 851 if (!sign(x, Upkey, days, clrext, digest,
956 extconf, extsect)) goto end; 852 extconf, extsect))
853 goto end;
854 } else if (CA_flag == i) {
855 BIO_printf(bio_err, "Getting CA Private Key\n");
856 if (CAkeyfile != NULL) {
857 CApkey = load_key(bio_err,
858 CAkeyfile, CAkeyformat,
859 0, passin, e,
860 "CA Private Key");
861 if (CApkey == NULL)
862 goto end;
957 } 863 }
958 else if (CA_flag == i)
959 {
960 BIO_printf(bio_err,"Getting CA Private Key\n");
961 if (CAkeyfile != NULL)
962 {
963 CApkey=load_key(bio_err,
964 CAkeyfile, CAkeyformat,
965 0, passin, e,
966 "CA Private Key");
967 if (CApkey == NULL) goto end;
968 }
969
970 assert(need_rand); 864 assert(need_rand);
971 if (!x509_certify(ctx,CAfile,digest,x,xca, 865 if (!x509_certify(ctx, CAfile, digest, x, xca,
972 CApkey, sigopts, 866 CApkey, sigopts,
973 CAserial,CA_createserial,days, clrext, 867 CAserial, CA_createserial, days, clrext,
974 extconf, extsect, sno)) 868 extconf, extsect, sno))
975 goto end; 869 goto end;
976 } 870 } else if (x509req == i) {
977 else if (x509req == i)
978 {
979 EVP_PKEY *pk; 871 EVP_PKEY *pk;
980 872
981 BIO_printf(bio_err,"Getting request Private Key\n"); 873 BIO_printf(bio_err, "Getting request Private Key\n");
982 if (keyfile == NULL) 874 if (keyfile == NULL) {
983 { 875 BIO_printf(bio_err, "no request key file specified\n");
984 BIO_printf(bio_err,"no request key file specified\n");
985 goto end; 876 goto end;
986 } 877 } else {
987 else 878 pk = load_key(bio_err,
988 { 879 keyfile, keyformat, 0,
989 pk=load_key(bio_err, 880 passin, e, "request key");
990 keyfile, keyformat, 0, 881 if (pk == NULL)
991 passin, e, "request key"); 882 goto end;
992 if (pk == NULL) goto end; 883 }
993 }
994 884
995 BIO_printf(bio_err,"Generating certificate request\n"); 885 BIO_printf(bio_err, "Generating certificate request\n");
996 886
997 rq=X509_to_X509_REQ(x,pk,digest); 887 rq = X509_to_X509_REQ(x, pk, digest);
998 EVP_PKEY_free(pk); 888 EVP_PKEY_free(pk);
999 if (rq == NULL) 889 if (rq == NULL) {
1000 {
1001 ERR_print_errors(bio_err); 890 ERR_print_errors(bio_err);
1002 goto end; 891 goto end;
1003 }
1004 if (!noout)
1005 {
1006 X509_REQ_print(out,rq);
1007 PEM_write_bio_X509_REQ(out,rq);
1008 }
1009 noout=1;
1010 } 892 }
1011 else if (ocspid == i) 893 if (!noout) {
1012 { 894 X509_REQ_print(out, rq);
1013 X509_ocspid_print(out, x); 895 PEM_write_bio_X509_REQ(out, rq);
1014 } 896 }
897 noout = 1;
898 } else if (ocspid == i) {
899 X509_ocspid_print(out, x);
1015 } 900 }
1016 } 901 }
1017 902 }
1018 if (checkend) 903 if (checkend) {
1019 { 904 time_t tcheck = time(NULL) + checkoffset;
1020 time_t tcheck=time(NULL) + checkoffset; 905
1021 906 if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
1022 if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) 907 BIO_printf(out, "Certificate will expire\n");
1023 { 908 ret = 1;
1024 BIO_printf(out,"Certificate will expire\n"); 909 } else {
1025 ret=1; 910 BIO_printf(out, "Certificate will not expire\n");
1026 } 911 ret = 0;
1027 else
1028 {
1029 BIO_printf(out,"Certificate will not expire\n");
1030 ret=0;
1031 }
1032 goto end;
1033 } 912 }
1034
1035 if (noout)
1036 {
1037 ret=0;
1038 goto end; 913 goto end;
1039 } 914 }
1040 915 if (noout) {
1041 if (outformat == FORMAT_ASN1) 916 ret = 0;
1042 i=i2d_X509_bio(out,x); 917 goto end;
1043 else if (outformat == FORMAT_PEM) 918 }
1044 { 919 if (outformat == FORMAT_ASN1)
1045 if (trustout) i=PEM_write_bio_X509_AUX(out,x); 920 i = i2d_X509_bio(out, x);
1046 else i=PEM_write_bio_X509(out,x); 921 else if (outformat == FORMAT_PEM) {
1047 } 922 if (trustout)
1048 else if (outformat == FORMAT_NETSCAPE) 923 i = PEM_write_bio_X509_AUX(out, x);
1049 { 924 else
925 i = PEM_write_bio_X509(out, x);
926 } else if (outformat == FORMAT_NETSCAPE) {
1050 NETSCAPE_X509 nx; 927 NETSCAPE_X509 nx;
1051 ASN1_OCTET_STRING hdr; 928 ASN1_OCTET_STRING hdr;
1052 929
1053 hdr.data=(unsigned char *)NETSCAPE_CERT_HDR; 930 hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
1054 hdr.length=strlen(NETSCAPE_CERT_HDR); 931 hdr.length = strlen(NETSCAPE_CERT_HDR);
1055 nx.header= &hdr; 932 nx.header = &hdr;
1056 nx.cert=x; 933 nx.cert = x;
1057 934
1058 i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx); 935 i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
1059 } 936 } else {
1060 else { 937 BIO_printf(bio_err, "bad output format specified for outfile\n");
1061 BIO_printf(bio_err,"bad output format specified for outfile\n");
1062 goto end; 938 goto end;
1063 } 939 }
1064 if (!i) 940 if (!i) {
1065 { 941 BIO_printf(bio_err, "unable to write certificate\n");
1066 BIO_printf(bio_err,"unable to write certificate\n");
1067 ERR_print_errors(bio_err); 942 ERR_print_errors(bio_err);
1068 goto end; 943 goto end;
1069 } 944 }
1070 ret=0; 945 ret = 0;
1071end: 946end:
1072 if (need_rand) 947 if (need_rand)
1073 app_RAND_write_file(NULL, bio_err); 948 app_RAND_write_file(NULL, bio_err);
@@ -1087,212 +962,230 @@ end:
1087 ASN1_INTEGER_free(sno); 962 ASN1_INTEGER_free(sno);
1088 sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); 963 sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
1089 sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); 964 sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
1090 if (passin) free(passin); 965 if (passin)
966 free(passin);
1091 apps_shutdown(); 967 apps_shutdown();
1092 return(ret); 968 return (ret);
1093 } 969}
1094 970
1095static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) 971static ASN1_INTEGER *
1096 { 972x509_load_serial(char *CAfile, char *serialfile, int create)
973{
1097 char *buf = NULL, *p; 974 char *buf = NULL, *p;
1098 ASN1_INTEGER *bs = NULL; 975 ASN1_INTEGER *bs = NULL;
1099 BIGNUM *serial = NULL; 976 BIGNUM *serial = NULL;
1100 size_t len; 977 size_t len;
1101 978
1102 len = ((serialfile == NULL) 979 len = ((serialfile == NULL)
1103 ?(strlen(CAfile)+strlen(POSTFIX)+1) 980 ? (strlen(CAfile) + strlen(POSTFIX) + 1)
1104 :(strlen(serialfile)))+1; 981 : (strlen(serialfile))) + 1;
1105 buf=malloc(len); 982 buf = malloc(len);
1106 if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } 983 if (buf == NULL) {
1107 if (serialfile == NULL) 984 BIO_printf(bio_err, "out of mem\n");
1108 { 985 goto end;
1109 BUF_strlcpy(buf,CAfile,len); 986 }
1110 for (p=buf; *p; p++) 987 if (serialfile == NULL) {
1111 if (*p == '.') 988 BUF_strlcpy(buf, CAfile, len);
1112 { 989 for (p = buf; *p; p++)
1113 *p='\0'; 990 if (*p == '.') {
991 *p = '\0';
1114 break; 992 break;
1115 } 993 }
1116 BUF_strlcat(buf,POSTFIX,len); 994 BUF_strlcat(buf, POSTFIX, len);
1117 } 995 } else
1118 else 996 BUF_strlcpy(buf, serialfile, len);
1119 BUF_strlcpy(buf,serialfile,len);
1120 997
1121 serial = load_serial(buf, create, NULL); 998 serial = load_serial(buf, create, NULL);
1122 if (serial == NULL) goto end; 999 if (serial == NULL)
1123 1000 goto end;
1124 if (!BN_add_word(serial,1))
1125 { BIO_printf(bio_err,"add_word failure\n"); goto end; }
1126 1001
1127 if (!save_serial(buf, NULL, serial, &bs)) goto end; 1002 if (!BN_add_word(serial, 1)) {
1003 BIO_printf(bio_err, "add_word failure\n");
1004 goto end;
1005 }
1006 if (!save_serial(buf, NULL, serial, &bs))
1007 goto end;
1128 1008
1129 end: 1009end:
1130 if (buf) free(buf); 1010 if (buf)
1011 free(buf);
1131 BN_free(serial); 1012 BN_free(serial);
1132 return bs; 1013 return bs;
1133 } 1014}
1134 1015
1135static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, 1016static int
1136 X509 *x, X509 *xca, EVP_PKEY *pkey, 1017x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest,
1137 STACK_OF(OPENSSL_STRING) *sigopts, 1018 X509 * x, X509 * xca, EVP_PKEY * pkey,
1138 char *serialfile, int create, 1019 STACK_OF(OPENSSL_STRING) * sigopts,
1139 int days, int clrext, CONF *conf, char *section, 1020 char *serialfile, int create,
1140 ASN1_INTEGER *sno) 1021 int days, int clrext, CONF * conf, char *section,
1141 { 1022 ASN1_INTEGER * sno)
1142 int ret=0; 1023{
1143 ASN1_INTEGER *bs=NULL; 1024 int ret = 0;
1025 ASN1_INTEGER *bs = NULL;
1144 X509_STORE_CTX xsc; 1026 X509_STORE_CTX xsc;
1145 EVP_PKEY *upkey; 1027 EVP_PKEY *upkey;
1146 1028
1147 upkey = X509_get_pubkey(xca); 1029 upkey = X509_get_pubkey(xca);
1148 EVP_PKEY_copy_parameters(upkey,pkey); 1030 EVP_PKEY_copy_parameters(upkey, pkey);
1149 EVP_PKEY_free(upkey); 1031 EVP_PKEY_free(upkey);
1150 1032
1151 if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL)) 1033 if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
1152 { 1034 BIO_printf(bio_err, "Error initialising X509 store\n");
1153 BIO_printf(bio_err,"Error initialising X509 store\n");
1154 goto end; 1035 goto end;
1155 } 1036 }
1156 if (sno) bs = sno; 1037 if (sno)
1038 bs = sno;
1157 else if (!(bs = x509_load_serial(CAfile, serialfile, create))) 1039 else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
1158 goto end; 1040 goto end;
1159 1041
1160/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ 1042/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
1161 1043
1162 /* NOTE: this certificate can/should be self signed, unless it was 1044 /*
1163 * a certificate request in which case it is not. */ 1045 * NOTE: this certificate can/should be self signed, unless it was a
1164 X509_STORE_CTX_set_cert(&xsc,x); 1046 * certificate request in which case it is not.
1047 */
1048 X509_STORE_CTX_set_cert(&xsc, x);
1165 X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); 1049 X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
1166 if (!reqfile && X509_verify_cert(&xsc) <= 0) 1050 if (!reqfile && X509_verify_cert(&xsc) <= 0)
1167 goto end; 1051 goto end;
1168 1052
1169 if (!X509_check_private_key(xca,pkey)) 1053 if (!X509_check_private_key(xca, pkey)) {
1170 { 1054 BIO_printf(bio_err, "CA certificate and CA private key do not match\n");
1171 BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); 1055 goto end;
1056 }
1057 if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
1058 goto end;
1059 if (!X509_set_serialNumber(x, bs))
1172 goto end; 1060 goto end;
1173 }
1174
1175 if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
1176 if (!X509_set_serialNumber(x,bs)) goto end;
1177 1061
1178 if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL) 1062 if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
1179 goto end; 1063 goto end;
1180 1064
1181 /* hardwired expired */ 1065 /* hardwired expired */
1182 if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL) 1066 if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
1183 goto end; 1067 goto end;
1184 1068
1185 if (clrext) 1069 if (clrext) {
1186 { 1070 while (X509_get_ext_count(x) > 0)
1187 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); 1071 X509_delete_ext(x, 0);
1188 } 1072 }
1189 1073 if (conf) {
1190 if (conf)
1191 {
1192 X509V3_CTX ctx2; 1074 X509V3_CTX ctx2;
1193 X509_set_version(x,2); /* version 3 certificate */ 1075 X509_set_version(x, 2); /* version 3 certificate */
1194 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); 1076 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
1195 X509V3_set_nconf(&ctx2, conf); 1077 X509V3_set_nconf(&ctx2, conf);
1196 if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; 1078 if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
1197 } 1079 goto end;
1198 1080 }
1199 if (!do_X509_sign(bio_err, x, pkey, digest, sigopts)) 1081 if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
1200 goto end; 1082 goto end;
1201 ret=1; 1083 ret = 1;
1202end: 1084end:
1203 X509_STORE_CTX_cleanup(&xsc); 1085 X509_STORE_CTX_cleanup(&xsc);
1204 if (!ret) 1086 if (!ret)
1205 ERR_print_errors(bio_err); 1087 ERR_print_errors(bio_err);
1206 if (!sno) ASN1_INTEGER_free(bs); 1088 if (!sno)
1089 ASN1_INTEGER_free(bs);
1207 return ret; 1090 return ret;
1208 } 1091}
1209 1092
1210static int callb(int ok, X509_STORE_CTX *ctx) 1093static int
1211 { 1094callb(int ok, X509_STORE_CTX * ctx)
1095{
1212 int err; 1096 int err;
1213 X509 *err_cert; 1097 X509 *err_cert;
1214 1098
1215 /* it is ok to use a self signed certificate 1099 /*
1216 * This case will catch both the initial ok == 0 and the 1100 * it is ok to use a self signed certificate This case will catch
1217 * final ok == 1 calls to this function */ 1101 * both the initial ok == 0 and the final ok == 1 calls to this
1218 err=X509_STORE_CTX_get_error(ctx); 1102 * function
1103 */
1104 err = X509_STORE_CTX_get_error(ctx);
1219 if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) 1105 if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
1220 return 1; 1106 return 1;
1221 1107
1222 /* BAD we should have gotten an error. Normally if everything 1108 /*
1223 * worked X509_STORE_CTX_get_error(ctx) will still be set to 1109 * BAD we should have gotten an error. Normally if everything worked
1224 * DEPTH_ZERO_SELF_.... */ 1110 * X509_STORE_CTX_get_error(ctx) will still be set to
1225 if (ok) 1111 * DEPTH_ZERO_SELF_....
1226 { 1112 */
1227 BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n"); 1113 if (ok) {
1114 BIO_printf(bio_err, "error with certificate to be certified - should be self signed\n");
1228 return 0; 1115 return 0;
1229 } 1116 } else {
1230 else 1117 err_cert = X509_STORE_CTX_get_current_cert(ctx);
1231 { 1118 print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
1232 err_cert=X509_STORE_CTX_get_current_cert(ctx); 1119 BIO_printf(bio_err, "error with certificate - error %d at depth %d\n%s\n",
1233 print_name(bio_err, NULL, X509_get_subject_name(err_cert),0); 1120 err, X509_STORE_CTX_get_error_depth(ctx),
1234 BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n", 1121 X509_verify_cert_error_string(err));
1235 err,X509_STORE_CTX_get_error_depth(ctx),
1236 X509_verify_cert_error_string(err));
1237 return 1; 1122 return 1;
1238 }
1239 } 1123 }
1124}
1240 1125
1241/* self sign */ 1126/* self sign */
1242static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 1127static int
1243 CONF *conf, char *section) 1128sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
1244 { 1129 CONF * conf, char *section)
1130{
1245 1131
1246 EVP_PKEY *pktmp; 1132 EVP_PKEY *pktmp;
1247 1133
1248 pktmp = X509_get_pubkey(x); 1134 pktmp = X509_get_pubkey(x);
1249 EVP_PKEY_copy_parameters(pktmp,pkey); 1135 EVP_PKEY_copy_parameters(pktmp, pkey);
1250 EVP_PKEY_save_parameters(pktmp,1); 1136 EVP_PKEY_save_parameters(pktmp, 1);
1251 EVP_PKEY_free(pktmp); 1137 EVP_PKEY_free(pktmp);
1252 1138
1253 if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err; 1139 if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
1254 if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err; 1140 goto err;
1141 if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
1142 goto err;
1255 1143
1256 /* Lets just make it 12:00am GMT, Jan 1 1970 */ 1144 /* Lets just make it 12:00am GMT, Jan 1 1970 */
1257 /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ 1145 /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
1258 /* 28 days to be certified */ 1146 /* 28 days to be certified */
1259 1147
1260 if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) 1148 if (X509_gmtime_adj(X509_get_notAfter(x), (long) 60 * 60 * 24 * days) == NULL)
1261 goto err; 1149 goto err;
1262 1150
1263 if (!X509_set_pubkey(x,pkey)) goto err; 1151 if (!X509_set_pubkey(x, pkey))
1264 if (clrext) 1152 goto err;
1265 { 1153 if (clrext) {
1266 while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); 1154 while (X509_get_ext_count(x) > 0)
1267 } 1155 X509_delete_ext(x, 0);
1268 if (conf) 1156 }
1269 { 1157 if (conf) {
1270 X509V3_CTX ctx; 1158 X509V3_CTX ctx;
1271 X509_set_version(x,2); /* version 3 certificate */ 1159 X509_set_version(x, 2); /* version 3 certificate */
1272 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); 1160 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
1273 X509V3_set_nconf(&ctx, conf); 1161 X509V3_set_nconf(&ctx, conf);
1274 if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; 1162 if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
1275 } 1163 goto err;
1276 if (!X509_sign(x,pkey,digest)) goto err; 1164 }
1165 if (!X509_sign(x, pkey, digest))
1166 goto err;
1277 return 1; 1167 return 1;
1278err: 1168err:
1279 ERR_print_errors(bio_err); 1169 ERR_print_errors(bio_err);
1280 return 0; 1170 return 0;
1281 } 1171}
1282 1172
1283static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) 1173static int
1174purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt)
1284{ 1175{
1285 int id, i, idret; 1176 int id, i, idret;
1286 char *pname; 1177 char *pname;
1287 id = X509_PURPOSE_get_id(pt); 1178 id = X509_PURPOSE_get_id(pt);
1288 pname = X509_PURPOSE_get0_name(pt); 1179 pname = X509_PURPOSE_get0_name(pt);
1289 for (i = 0; i < 2; i++) 1180 for (i = 0; i < 2; i++) {
1290 {
1291 idret = X509_check_purpose(cert, id, i); 1181 idret = X509_check_purpose(cert, id, i);
1292 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 1182 BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
1293 if (idret == 1) BIO_printf(bio, "Yes\n"); 1183 if (idret == 1)
1294 else if (idret == 0) BIO_printf(bio, "No\n"); 1184 BIO_printf(bio, "Yes\n");
1295 else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); 1185 else if (idret == 0)
1296 } 1186 BIO_printf(bio, "No\n");
1187 else
1188 BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
1189 }
1297 return 1; 1190 return 1;
1298} 1191}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:03:30 +0000