src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2020-03-17 21:27:57 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2020-03-17 21:27:57 +0000
commit	aa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree	2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /apps
parent	fbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)
download	src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.tar.gz src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.zip

Import OpenSSL 1.1.1e.vendor/openssl/1.1.1e

Notes

Notes: svn path=/vendor-crypto/openssl/dist/; revision=359051 svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e

Diffstat (limited to 'apps')

-rw-r--r--

apps/apps.c

-rw-r--r--

apps/apps.h

-rw-r--r--

apps/dgst.c

126

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

17 files changed, 295 insertions, 146 deletions

diff --git a/apps/apps.c b/apps/apps.c
index 7177c5d98266..c06241abb975 100644
--- a/apps/apps.c
+++ b/apps/apps.c

@@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)

size_t len;

unsigned char *out;

size_t i, start = 0;

+ size_t skipped = 0;

len = strlen(in);

- if (len >= 65535)

+ if (len == 0 || len >= 65535)

return NULL;

- out = app_malloc(strlen(in) + 1, "NPN buffer");

+ out = app_malloc(len + 1, "NPN buffer");

for (i = 0; i <= len; ++i) {

if (i == len || in[i] == ',') {

+ /*

+ * Zero-length ALPN elements are invalid on the wire, we could be

+ * strict and reject the entire string, but just ignoring extra

+ * commas seems harmless and more friendly.

+ *

+ * Every comma we skip in this way puts the input buffer another

+ * byte ahead of the output buffer, so all stores into the output

+ * buffer need to be decremented by the number commas skipped.

+ */

+ if (i == start) {

+ ++start;

+ ++skipped;

+ continue;

+ }

if (i - start > 255) {

OPENSSL_free(out);

return NULL;

}

- out[start] = (unsigned char)(i - start);

+ out[start-skipped] = (unsigned char)(i - start);

start = i + 1;

} else {

- out[i + 1] = in[i];

+ out[i + 1 - skipped] = in[i];

}

- *outlen = len + 1;

+ if (len <= skipped) {

+ OPENSSL_free(out);

+ return NULL;

+ }

+ *outlen = len + 1 - skipped;

return out;

}

diff --git a/apps/apps.h b/apps/apps.h
index 4a3e1a88573e..34c3fd8633c1 100644
--- a/apps/apps.h
+++ b/apps/apps.h

@@ -7,8 +7,8 @@

* https://www.openssl.org/source/license.html

-#ifndef HEADER_APPS_H

-# define HEADER_APPS_H

+#ifndef OSSL_APPS_H

+# define OSSL_APPS_H

# include "e_os.h" /* struct timeval for DTLS */

# include "internal/nelem.h"

diff --git a/apps/dgst.c b/apps/dgst.c
index d6f5a0e2e712..e595f7d8186f 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c

@@ -19,6 +19,7 @@

#include <openssl/x509.h>

#include <openssl/pem.h>

#include <openssl/hmac.h>

+#include <ctype.h>

#undef BUFSIZE

#define BUFSIZE 1024*8

@@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

EVP_PKEY *key, unsigned char *sigin, int siglen,

const char *sig_name, const char *md_name,

const char *file);

+static void show_digests(const OBJ_NAME *name, void *bio_);

+struct doall_dgst_digests {

+ BIO *bio;

+ int n;

+};

typedef enum OPTION_choice {

- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,

+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,

OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,

OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,

OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,

@@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = {

{OPT_HELP_STR, 1, '-',

" file... files to digest (default is stdin)\n"},

{"help", OPT_HELP, '-', "Display this summary"},

+ {"list", OPT_LIST, '-', "List digests"},

{"c", OPT_C, '-', "Print the digest with separating colons"},

{"r", OPT_R, '-', "Print the digest in coreutils format"},

{"out", OPT_OUT, '>', "Output to filename rather than stdout"},

@@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv)

int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;

unsigned char *buf = NULL, *sigbuf = NULL;

int engine_impl = 0;

+ struct doall_dgst_digests dec;

prog = opt_progname(argv[0]);

buf = app_malloc(BUFSIZE, "I/O buffer");

@@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv)

opt_help(dgst_options);

ret = 0;

goto end;

+ case OPT_LIST:

+ BIO_printf(bio_out, "Supported digests:\n");

+ dec.bio = bio_out;

+ dec.n = 0;

+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,

+ show_digests, &dec);

+ BIO_printf(bio_out, "\n");

+ ret = 0;

+ goto end;

case OPT_C:

separator = 1;

break;

@@ -413,20 +431,86 @@ int dgst_main(int argc, char **argv)

return ret;

}

+static void show_digests(const OBJ_NAME *name, void *arg)

+ struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;

+ const EVP_MD *md = NULL;

+ /* Filter out signed digests (a.k.a signature algorithms) */

+ if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)

+ return;

+ if (!islower((unsigned char)*name->name))

+ return;

+ /* Filter out message digests that we cannot use */

+ md = EVP_get_digestbyname(name->name);

+ if (md == NULL)

+ return;

+ BIO_printf(dec->bio, "-%-25s", name->name);

+ if (++dec->n == 3) {

+ BIO_printf(dec->bio, "\n");

+ dec->n = 0;

+ } else {

+ BIO_printf(dec->bio, " ");

+ }

+/*

+ * The newline_escape_filename function performs newline escaping for any

+ * filename that contains a newline. This function also takes a pointer

+ * to backslash. The backslash pointer is a flag to indicating whether a newline

+ * is present in the filename. If a newline is present, the backslash flag is

+ * set and the output format will contain a backslash at the beginning of the

+ * digest output. This output format is to replicate the output format found

+ * in the '*sum' checksum programs. This aims to preserve backward

+ * compatibility.

+ */

+static const char *newline_escape_filename(const char *file, int * backslash)

+ size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;

+ char *file_cpy = NULL;

+ for (i = 0; i < length; i++)

+ if (file[i] == '\n')

+ newline_count++;

+ mem_len = length + newline_count + 1;

+ file_cpy = app_malloc(mem_len, file);

+ i = 0;

+ while(e < length) {

+ const char c = file[e];

+ if (c == '\n') {

+ file_cpy[i++] = '\\';

+ file_cpy[i++] = 'n';

+ *backslash = 1;

+ } else {

+ file_cpy[i++] = c;

+ }

+ e++;

+ }

+ file_cpy[i] = '\0';

+ return (const char*)file_cpy;

int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

EVP_PKEY *key, unsigned char *sigin, int siglen,

const char *sig_name, const char *md_name,

const char *file)

{

- size_t len;

- int i;

+ size_t len = BUFSIZE;

+ int i, backslash = 0, ret = 1;

+ unsigned char *sigbuf = NULL;

while (BIO_pending(bp) || !BIO_eof(bp)) {

i = BIO_read(bp, (char *)buf, BUFSIZE);

if (i < 0) {

BIO_printf(bio_err, "Read Error in %s\n", file);

ERR_print_errors(bio_err);

- return 1;

+ goto end;

}

if (i == 0)

break;

@@ -439,37 +523,51 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

BIO_printf(out, "Verified OK\n");

} else if (i == 0) {

BIO_printf(out, "Verification Failure\n");

- return 1;

+ goto end;

} else {

BIO_printf(bio_err, "Error Verifying Data\n");

ERR_print_errors(bio_err);

- return 1;

+ goto end;

}

- return 0;

+ ret = 0;

+ goto end;

}

if (key != NULL) {

EVP_MD_CTX *ctx;

+ int pkey_len;

BIO_get_md_ctx(bp, &ctx);

- len = BUFSIZE;

+ pkey_len = EVP_PKEY_size(key);

+ if (pkey_len > BUFSIZE) {

+ len = pkey_len;

+ sigbuf = app_malloc(len, "Signature buffer");

+ buf = sigbuf;

+ }

if (!EVP_DigestSignFinal(ctx, buf, &len)) {

BIO_printf(bio_err, "Error Signing Data\n");

ERR_print_errors(bio_err);

- return 1;

+ goto end;

}

} else {

len = BIO_gets(bp, (char *)buf, BUFSIZE);

if ((int)len < 0) {

ERR_print_errors(bio_err);

- return 1;

+ goto end;

}

if (binout) {

BIO_write(out, buf, len);

} else if (sep == 2) {

+ file = newline_escape_filename(file, &backslash);

+ if (backslash == 1)

+ BIO_puts(out, "\\");

for (i = 0; i < (int)len; i++)

BIO_printf(out, "%02x", buf[i]);

BIO_printf(out, " *%s\n", file);

+ OPENSSL_free((char *)file);

} else {

if (sig_name != NULL) {

BIO_puts(out, sig_name);

@@ -488,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

}

BIO_printf(out, "\n");

}

- return 0;

+ ret = 0;

+ end:

+ if (sigbuf != NULL)

+ OPENSSL_clear_free(sigbuf, len);

+ return ret;

}

diff --git a/apps/enc.c b/apps/enc.c
index d1772f3eb9f2..ddf51e0dba15 100644
--- a/apps/enc.c
+++ b/apps/enc.c

@@ -50,7 +50,8 @@ typedef enum OPTION_choice {

const OPTIONS enc_options[] = {

{"help", OPT_HELP, '-', "Display this summary"},

- {"ciphers", OPT_LIST, '-', "List ciphers"},

+ {"list", OPT_LIST, '-', "List ciphers"},

+ {"ciphers", OPT_LIST, '-', "Alias for -list"},

{"in", OPT_IN, '<', "Input file"},

{"out", OPT_OUT, '>', "Output file"},

{"pass", OPT_PASS, 's', "Passphrase source"},

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 5d2391816995..b85a4d82c1bd 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c

@@ -114,7 +114,7 @@ static int acfd = (int) INVALID_SOCKET;

static int index_changed(CA_DB *);

static void spawn_loop(void);

static int print_syslog(const char *str, size_t len, void *levPtr);

-static void sock_timeout(int signum);

+static void socket_timeout(int signum);

# endif

# ifndef OPENSSL_NO_SOCK

@@ -597,7 +597,7 @@ int ocsp_main(int argc, char **argv)

if (multi && acbio != NULL)

spawn_loop();

if (acbio != NULL && req_timeout > 0)

- signal(SIGALRM, sock_timeout);

+ signal(SIGALRM, socket_timeout);

#endif

if (acbio != NULL)

@@ -1352,7 +1352,7 @@ static int urldecode(char *p)

# endif

# ifdef OCSP_DAEMON

-static void sock_timeout(int signum)

+static void socket_timeout(int signum)

{

if (acfd != (int)INVALID_SOCKET)

(void)shutdown(acfd, SHUT_RD);

diff --git a/apps/openssl.c b/apps/openssl.c
index 9648f35b0284..ff7b759a40b1 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c

@@ -164,6 +164,13 @@ int main(int argc, char *argv[])

}

prog = prog_init();

+ if (prog == NULL) {

+ BIO_printf(bio_err,

+ "FATAL: Startup failure (dev note: prog_init() failed)\n");

+ ERR_print_errors(bio_err);

+ ret = 1;

+ goto end;

+ }

pname = opt_progname(argv[0]);

/* first check the program name */

diff --git a/apps/passwd.c b/apps/passwd.c
index aa516c874e65..d741d05335f8 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c

@@ -807,7 +807,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,

(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */

(*salt_p)[i] = 0;

# ifdef CHARSET_EBCDIC

- /* The password encryption funtion will convert back to ASCII */

+ /* The password encryption function will convert back to ASCII */

ascii2ebcdic(*salt_p, *salt_p, saltlen);

# endif

}

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index d0600b376043..3603b60c19b3 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c

@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,

int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,

const char *pass, int passlen,

int options, char *pempass, const EVP_CIPHER *enc);

+void print_attribute(BIO *out, const ASN1_TYPE *av);

int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,

const char *name);

void hex_prin(BIO *out, unsigned char *buf, int len);

@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)

return ret;

}

+/* Generalised x509 attribute value print */

+void print_attribute(BIO *out, const ASN1_TYPE *av)

+ char *value;

+ switch (av->type) {

+ case V_ASN1_BMPSTRING:

+ value = OPENSSL_uni2asc(av->value.bmpstring->data,

+ av->value.bmpstring->length);

+ BIO_printf(out, "%s\n", value);

+ OPENSSL_free(value);

+ break;

+ case V_ASN1_OCTET_STRING:

+ hex_prin(out, av->value.octet_string->data,

+ av->value.octet_string->length);

+ BIO_printf(out, "\n");

+ break;

+ case V_ASN1_BIT_STRING:

+ hex_prin(out, av->value.bit_string->data,

+ av->value.bit_string->length);

+ BIO_printf(out, "\n");

+ break;

+ default:

+ BIO_printf(out, "<Unsupported tag %d>\n", av->type);

+ break;

+ }

/* Generalised attribute print: handle PKCS#8 and bag attributes */

int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,

@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,

{

X509_ATTRIBUTE *attr;

ASN1_TYPE *av;

- char *value;

- int i, attr_nid;

+ int i, j, attr_nid;

if (!attrlst) {

BIO_printf(out, "%s: <No Attributes>\n", name);

return 1;

@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,

}

if (X509_ATTRIBUTE_count(attr)) {

- av = X509_ATTRIBUTE_get0_type(attr, 0);

- switch (av->type) {

- case V_ASN1_BMPSTRING:

- value = OPENSSL_uni2asc(av->value.bmpstring->data,

- av->value.bmpstring->length);

- BIO_printf(out, "%s\n", value);

- OPENSSL_free(value);

- break;

- case V_ASN1_OCTET_STRING:

- hex_prin(out, av->value.octet_string->data,

- av->value.octet_string->length);

- BIO_printf(out, "\n");

- break;

- case V_ASN1_BIT_STRING:

- hex_prin(out, av->value.bit_string->data,

- av->value.bit_string->length);

- BIO_printf(out, "\n");

- break;

- default:

- BIO_printf(out, "<Unsupported tag %d>\n", av->type);

- break;

+ for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)

+ {

+ av = X509_ATTRIBUTE_get0_type(attr, j);

+ print_attribute(out, av);

}

} else {

BIO_printf(out, "<No Values>\n");

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 2c4e524b693e..831e14dab4b3 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv)

/* Sanity check the input */

if (buf_inlen > EVP_MAX_MD_SIZE

&& (pkey_op == EVP_PKEY_OP_SIGN

- || pkey_op == EVP_PKEY_OP_VERIFY

- || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {

+ || pkey_op == EVP_PKEY_OP_VERIFY)) {

BIO_printf(bio_err,

"Error: The input data looks too long to be a hash\n");

goto end;

diff --git a/apps/req.c b/apps/req.c
index f9d6fba1094d..a603907cd5af 100644
--- a/apps/req.c
+++ b/apps/req.c

@@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)

*p = '\0';

/* Finally have a clean "key"; see if it's there [by attempt to add it]. */

- if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))

- != NULL || lh_OPENSSL_STRING_error(addexts)) {

- OPENSSL_free(p != NULL ? p : kv);

+ p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);

+ if (p != NULL) {

+ OPENSSL_free(p);

+ return 1;

+ } else if (lh_OPENSSL_STRING_error(addexts)) {

+ OPENSSL_free(kv);

return -1;

}

@@ -435,12 +438,14 @@ int req_main(int argc, char **argv)

if (verbose)

BIO_printf(bio_err, "Using configuration from %s\n", template);

- req_conf = app_load_config(template);

+ if ((req_conf = app_load_config(template)) == NULL)

+ goto end;

if (addext_bio) {

if (verbose)

BIO_printf(bio_err,

"Using additional configuration from command line\n");

- addext_conf = app_load_config_bio(addext_bio, NULL);

+ if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL)

+ goto end;

}

if (template != default_config_file && !app_load_modules(req_conf))

goto end;

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 5dc1d03f2883..6406ddfb9e1b 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -188,6 +188,7 @@ static STRINT_PAIR cert_type_list[] = {

{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},

{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},

{"GOST01 Sign", TLS_CT_GOST01_SIGN},

+ {"GOST12 Sign", TLS_CT_GOST12_SIGN},

{NULL}

};

diff --git a/apps/s_server.c b/apps/s_server.c
index 929a08bd85b0..2248a432e268 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c

@@ -180,9 +180,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,

}

#endif

-#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")

-#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")

static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,

size_t identity_len, SSL_SESSION **sess)

{

@@ -3208,6 +3205,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)

if (e[0] == ' ')

break;

+ if (e[0] == ':') {

+ /* Windows drive. We treat this the same way as ".." */

+ dot = -1;

+ break;

+ }

switch (dot) {

case 1:

dot = (e[0] == '.') ? 2 : 0;

@@ -3216,11 +3219,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)

dot = (e[0] == '.') ? 3 : 0;

break;

case 3:

- dot = (e[0] == '/') ? -1 : 0;

+ dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;

break;

}

if (dot == 0)

- dot = (e[0] == '/') ? 1 : 0;

+ dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;

}

dot = (dot == 3) || (dot == -1); /* filename contains ".."

* component */

@@ -3234,11 +3237,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)

if (dot) {

BIO_puts(io, text);

- BIO_printf(io, "'%s' contains '..' reference\r\n", p);

+ BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);

break;

}

- if (*p == '/') {

+ if (*p == '/' || *p == '\\') {

BIO_puts(io, text);

BIO_printf(io, "'%s' is an invalid path\r\n", p);

break;

diff --git a/apps/server.pem b/apps/server.pem
index d0fc265f0455..b3807591994d 100644
--- a/apps/server.pem
+++ b/apps/server.pem

@@ -1,52 +1,47 @@

-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert

-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA

-----BEGIN CERTIFICATE-----

-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV

-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT

-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt

-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG

-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU

-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw

-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ

-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi

-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv

-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7

-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU

-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R

-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI

-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW

-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49

-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK

-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp

-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7

-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds

-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t

-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==

+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290

+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD

+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9

+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV

+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/

+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1

+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71

+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS

+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud

+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4

+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI

+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk

+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK

+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi

+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q

+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=

-----END CERTIFICATE-----

------BEGIN RSA PRIVATE KEY-----

-MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv

-h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL

-tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu

-D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI

-uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6

-qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn

-zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3

-r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D

-AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R

-5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm

-W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH

-674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg

-utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY

-BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX

-4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a

-WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8

-bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH

-6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex

-4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa

-WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g

-n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB

-JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+

-OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX

-xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK

-UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==

------END RSA PRIVATE KEY-----

+-----BEGIN PRIVATE KEY-----

+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq

+jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH

+EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd

+igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp

+4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/

+WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p

+8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq

+gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD

+nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u

+OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4

+nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU

+otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4

+XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA

+trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V

++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G

+PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd

+vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs

+7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT

+SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5

+lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/

+yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww

+poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY

+rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx

+Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL

+Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws

+KQypwAFz0tbHxaNag/bSAN0J

+-----END PRIVATE KEY-----

diff --git a/apps/speed.c b/apps/speed.c
index 20149506cc74..d4ae7ab7bfde 100644
--- a/apps/speed.c
+++ b/apps/speed.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

@@ -1242,8 +1242,6 @@ static int run_benchmark(int async_jobs,

OSSL_ASYNC_FD job_fd = 0;

size_t num_job_fds = 0;

- run = 1;

if (async_jobs == 0) {

return loop_function((void *)&loopargs);

}

@@ -2412,7 +2410,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++)

Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &camellia_ks1,

iv, CAMELLIA_ENCRYPT);

@@ -2434,7 +2432,7 @@ int speed_main(int argc, char **argv)

exit(1);

}

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++)

Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &camellia_ks2,

iv, CAMELLIA_ENCRYPT);

@@ -2452,7 +2450,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++)

Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &camellia_ks3,

iv, CAMELLIA_ENCRYPT);

@@ -2472,7 +2470,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++)

IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &idea_ks,

iv, IDEA_ENCRYPT);

@@ -2492,7 +2490,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_SEED][testnum]); count++)

SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &seed_ks, iv, 1);

d = Time_F(STOP);

@@ -2515,7 +2513,7 @@ int speed_main(int argc, char **argv)

exit(1);

}

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_RC2][testnum]); count++)

RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &rc2_ks,

iv, RC2_ENCRYPT);

@@ -2539,7 +2537,7 @@ int speed_main(int argc, char **argv)

exit(1);

}

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_RC5][testnum]); count++)

RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &rc5_ks,

iv, RC5_ENCRYPT);

@@ -2559,7 +2557,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_BF][testnum]); count++)

BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &bf_ks,

iv, BF_ENCRYPT);

@@ -2579,7 +2577,7 @@ int speed_main(int argc, char **argv)

print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],

lengths[testnum], seconds.sym);

Time_F(START);

- for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)

+ for (count = 0; COND(c[D_CBC_CAST][testnum]); count++)

CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,

(size_t)lengths[testnum], &cast_ks,

iv, CAST_ENCRYPT);

@@ -3006,7 +3004,7 @@ int speed_main(int argc, char **argv)

pctx = NULL;

}

if (kctx == NULL || /* keygen ctx is not null */

- !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {

+ EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) {

ecdh_checks = 0;

BIO_printf(bio_err, "ECDH keygen failure.\n");

ERR_print_errors(bio_err);

@@ -3014,12 +3012,12 @@ int speed_main(int argc, char **argv)

break;

}

- if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */

- !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */

+ if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */

+ EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */

!(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */

- !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */

- !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */

- !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */

+ EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */

+ EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */

+ EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */

outlen == 0 || /* ensure outlen is a valid size */

outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {

ecdh_checks = 0;

@@ -3106,8 +3104,8 @@ int speed_main(int argc, char **argv)

if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL))

== NULL

- || !EVP_PKEY_keygen_init(ed_pctx)

- || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) {

+ || EVP_PKEY_keygen_init(ed_pctx) <= 0

+ || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {

st = 0;

EVP_PKEY_CTX_free(ed_pctx);

break;

@@ -3395,6 +3393,7 @@ static void print_message(const char *s, long num, int length, int tm)

mr ? "+DT:%s:%d:%d\n"

: "Doing %s for %ds on %d size blocks: ", s, tm, length);

(void)BIO_flush(bio_err);

+ run = 1;

alarm(tm);

#else

BIO_printf(bio_err,

@@ -3412,6 +3411,7 @@ static void pkey_print_message(const char *str, const char *str2, long num,

mr ? "+DTP:%d:%s:%s:%d\n"

: "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);

(void)BIO_flush(bio_err);

+ run = 1;

alarm(tm);

#else

BIO_printf(bio_err,

@@ -3584,6 +3584,7 @@ static int do_multi(int multi, int size_num)

p = buf + 4;

k = atoi(sstrsep(&p, sep));

sstrsep(&p, sep);

+ sstrsep(&p, sep);

d = atof(sstrsep(&p, sep));

eddsa_results[k][0] += d;

@@ -3641,7 +3642,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,

for (j = 0; j < num; j++) {

print_message(alg_name, 0, mblengths[j], seconds->sym);

Time_F(START);

- for (count = 0, run = 1; run && count < 0x7fffffff; count++) {

+ for (count = 0; run && count < 0x7fffffff; count++) {

unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];

EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;

size_t len = mblengths[j];

diff --git a/apps/timeouts.h b/apps/timeouts.h
index e023b0aa4920..7e606cba0b20 100644
--- a/apps/timeouts.h
+++ b/apps/timeouts.h

@@ -7,11 +7,11 @@

* https://www.openssl.org/source/license.html

-#ifndef INCLUDED_TIMEOUTS_H

-# define INCLUDED_TIMEOUTS_H

+#ifndef OSSL_APPS_TIMEOUTS_H

+# define OSSL_APPS_TIMEOUTS_H

/* numbers in us */

# define DGRAM_RCV_TIMEOUT 250000

# define DGRAM_SND_TIMEOUT 250000

-#endif /* ! INCLUDED_TIMEOUTS_H */

+#endif /* ! OSSL_APPS_TIMEOUTS_H */

diff --git a/apps/ts.c b/apps/ts.c
index 930c1daaab6d..44a8f75d4a37 100644
--- a/apps/ts.c
+++ b/apps/ts.c

@@ -282,7 +282,8 @@ int ts_main(int argc, char **argv)

goto end;

}

- conf = load_config_file(configfile);

+ if ((conf = load_config_file(configfile)) == NULL)

+ goto end;

if (configfile != default_config_file && !app_load_modules(conf))

goto end;

diff --git a/apps/x509.c b/apps/x509.c
index 81291a9a4f90..5bb110fe4a0a 100644
--- a/apps/x509.c
+++ b/apps/x509.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -72,7 +72,7 @@ const OPTIONS x509_options[] = {

{"outform", OPT_OUTFORM, 'f',

"Output format - default PEM (one of DER or PEM)"},

{"out", OPT_OUT, '>', "Output file - default stdout"},

- {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},

+ {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},

{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},

{"serial", OPT_SERIAL, '-', "Print serial number value"},

{"subject_hash", OPT_HASH, '-', "Print subject hash value"},

@@ -107,7 +107,7 @@ const OPTIONS x509_options[] = {

{"checkend", OPT_CHECKEND, 'M',

"Check whether the cert expires in the next arg seconds"},

{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},

- {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},

+ {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},

{"x509toreq", OPT_X509TOREQ, '-',

"Output a certification request object"},

{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},

@@ -130,7 +130,7 @@ const OPTIONS x509_options[] = {

{"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},

{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},

{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},

- {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},

+ {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"},

{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},

{"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},

{"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},

@@ -217,7 +217,7 @@ int x509_main(int argc, char **argv)

goto opthelp;

break;

case OPT_KEYFORM:

- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))

+ if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))

goto opthelp;

break;

case OPT_CAFORM:

@@ -225,7 +225,7 @@ int x509_main(int argc, char **argv)

goto opthelp;

break;

case OPT_CAKEYFORM:

- if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))

+ if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat))

goto opthelp;

break;

case OPT_OUT: