diff options
Diffstat (limited to 'crypto/openssl/apps/lib/apps.c')
| -rw-r--r-- | crypto/openssl/apps/lib/apps.c | 754 |
1 files changed, 379 insertions, 375 deletions
diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c index 1b9c9e3e9a19..bc2e1c123a75 100644 --- a/crypto/openssl/apps/lib/apps.c +++ b/crypto/openssl/apps/lib/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,13 +12,13 @@ * On VMS, you need to define this to get the declaration of fileno(). The * value 2 is to make sure no function defined in POSIX-2 is left undefined. */ -# define _POSIX_C_SOURCE 2 +#define _POSIX_C_SOURCE 2 #endif #ifndef OPENSSL_NO_ENGINE /* We need to use some deprecated APIs */ -# define OPENSSL_SUPPRESS_DEPRECATED -# include <openssl/engine.h> +#define OPENSSL_SUPPRESS_DEPRECATED +#include <openssl/engine.h> #endif #include <stdio.h> @@ -26,8 +26,8 @@ #include <string.h> #include <sys/types.h> #ifndef OPENSSL_NO_POSIX_IO -# include <sys/stat.h> -# include <fcntl.h> +#include <sys/stat.h> +#include <fcntl.h> #endif #include <ctype.h> #include <errno.h> @@ -49,23 +49,24 @@ #include "apps.h" #include "internal/sockets.h" /* for openssl_fdset() */ +#include "internal/numbers.h" /* for LONG_MAX */ #include "internal/e_os.h" #ifdef _WIN32 static int WIN32_rename(const char *from, const char *to); -# define rename(from, to) WIN32_rename((from), (to)) +#define rename(from, to) WIN32_rename((from), (to)) #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include <conio.h> +#include <conio.h> #endif #if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__) -# define _kbhit kbhit +#define _kbhit kbhit #endif static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet); + int quiet); #define PASS_SOURCE_SIZE_MAX 4 @@ -78,9 +79,9 @@ typedef struct { } NAME_EX_TBL; static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL *in_tbl); + const NAME_EX_TBL *in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL *in_tbl); + const NAME_EX_TBL *in_tbl); int app_init(long mesgwin); #ifndef APP_INIT @@ -91,9 +92,9 @@ int app_init(long mesgwin) #endif int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) + const char *CAfile, int noCAfile, + const char *CApath, int noCApath, + const char *CAstore, int noCAstore) { if (CAfile == NULL && CApath == NULL && CAstore == NULL) { if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0) @@ -142,12 +143,7 @@ int set_nameopt(const char *arg) unsigned long get_nameopt(void) { - return - nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN - | ASN1_STRFLGS_ESC_CTRL - | ASN1_STRFLGS_UTF8_CONVERT - | ASN1_STRFLGS_DUMP_UNKNOWN - | ASN1_STRFLGS_DUMP_DER; + return nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | ASN1_STRFLGS_DUMP_DER; } void dump_cert_text(BIO *out, X509 *x) @@ -173,11 +169,11 @@ char *get_passwd(const char *pass, const char *desc) BIO_printf(bio_err, "Error getting password for %s\n", desc); if (pass != NULL && result == NULL) { BIO_printf(bio_err, - "Trying plain input string (better precede with 'pass:')\n"); + "Trying plain input string (better precede with 'pass:')\n"); result = OPENSSL_strdup(pass); if (result == NULL) BIO_printf(bio_err, - "Out of memory getting password for %s\n", desc); + "Out of memory getting password for %s\n", desc); } return result; } @@ -195,8 +191,13 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) } if (arg2 != NULL) { *pass2 = app_get_pass(arg2, same ? 2 : 0); - if (*pass2 == NULL) + if (*pass2 == NULL) { + if (pass1 != NULL) { + clear_free(*pass1); + *pass1 = NULL; + } return 0; + } } else if (pass2 != NULL) { *pass2 = NULL; } @@ -267,15 +268,15 @@ static char *app_get_pass(const char *arg, int keepbio) } } else { /* argument syntax error; do not reveal too much about arg */ - tmp = strchr(arg, ':'); - if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX) + const char *arg_ptr = strchr(arg, ':'); + if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX) BIO_printf(bio_err, - "Invalid password argument, missing ':' within the first %d chars\n", - PASS_SOURCE_SIZE_MAX + 1); + "Invalid password argument, missing ':' within the first %d chars\n", + PASS_SOURCE_SIZE_MAX + 1); else BIO_printf(bio_err, - "Invalid password argument, starting with \"%.*s\"\n", - (int)(tmp - arg + 1), arg); + "Invalid password argument, starting with \"%.*s\"\n", + (int)(arg_ptr - arg + 1), arg); return NULL; } } @@ -308,7 +309,7 @@ char *app_conf_try_string(const CONF *conf, const char *group, const char *name) } int app_conf_try_number(const CONF *conf, const char *group, const char *name, - long *result) + long *result) { int ok; @@ -336,7 +337,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename) BIO_printf(bio_err, "%s: Can't load ", opt_getprog()); } else { BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(), - errorline); + errorline); } if (filename != NULL) BIO_printf(bio_err, "config file \"%s\"\n", filename); @@ -411,7 +412,7 @@ int add_oid_section(CONF *conf) cnf = sk_CONF_VALUE_value(sktmp, i); if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", - cnf->name, cnf->value); + cnf->name, cnf->value); return 0; } } @@ -433,11 +434,11 @@ CONF *app_load_config_modules(const char *configfile) return conf; } -#define IS_HTTP(uri) ((uri) != NULL && HAS_PREFIX(uri, OSSL_HTTP_PREFIX)) +#define IS_HTTP(uri) ((uri) != NULL && HAS_PREFIX(uri, OSSL_HTTP_PREFIX)) #define IS_HTTPS(uri) ((uri) != NULL && HAS_PREFIX(uri, OSSL_HTTPS_PREFIX)) X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc) + const char *pass, const char *desc) { X509 *cert = NULL; @@ -453,13 +454,13 @@ X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, } } else { (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, 0, - NULL, NULL, NULL, &cert, NULL, NULL, NULL); + NULL, NULL, NULL, &cert, NULL, NULL, NULL); } return cert; } X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, - const char *desc) + const char *desc) { X509_CRL *crl = NULL; @@ -475,7 +476,7 @@ X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, } } else { (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, 0, - NULL, NULL, NULL, NULL, NULL, &crl, NULL); + NULL, NULL, NULL, NULL, NULL, &crl, NULL); } return crl; } @@ -499,7 +500,7 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) else print_format_error(format, OPT_FMT_PEMDER); - end: +end: if (req == NULL) { ERR_print_errors(bio_err); if (desc != NULL) @@ -511,7 +512,7 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) /* Better extend OSSL_STORE to support CSRs, see FR #15725 */ X509_REQ *load_csr_autofmt(const char *infile, int format, - STACK_OF(OPENSSL_STRING) *vfyopts, const char *desc) + STACK_OF(OPENSSL_STRING) *vfyopts, const char *desc) { X509_REQ *csr; @@ -529,7 +530,7 @@ X509_REQ *load_csr_autofmt(const char *infile, int format, } if (csr == NULL) { BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", - desc, infile); + desc, infile); } } if (csr != NULL) { @@ -558,7 +559,7 @@ void clear_free(char *str) } EVP_PKEY *load_key(const char *uri, int format, int may_stdin, - const char *pass, ENGINE *e, const char *desc) + const char *pass, ENGINE *e, const char *desc) { EVP_PKEY *pkey = NULL; char *allocated_uri = NULL; @@ -569,7 +570,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin, if (format == FORMAT_ENGINE) uri = allocated_uri = make_engine_uri(e, uri, desc); (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, 0, - &pkey, NULL, NULL, NULL, NULL, NULL, NULL); + &pkey, NULL, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; @@ -577,7 +578,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin, /* first try reading public key, on failure resort to loading private key */ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc) + const char *pass, ENGINE *e, const char *desc) { EVP_PKEY *pkey = NULL; char *allocated_uri = NULL; @@ -588,30 +589,30 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, if (format == FORMAT_ENGINE) uri = allocated_uri = make_engine_uri(e, uri, desc); (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, 1, - NULL, &pkey, NULL, NULL, NULL, NULL, NULL); + NULL, &pkey, NULL, NULL, NULL, NULL, NULL); if (pkey == NULL) (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, 0, - &pkey, NULL, NULL, NULL, NULL, NULL, NULL); + &pkey, NULL, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; } EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors) + const char *keytype, const char *desc, + int suppress_decode_errors) { EVP_PKEY *params = NULL; if (desc == NULL) desc = "key parameters"; (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, - suppress_decode_errors, - NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); + suppress_decode_errors, + NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { ERR_print_errors(bio_err); BIO_printf(bio_err, - "Unable to load %s from %s (unexpected parameters type)\n", - desc, uri); + "Unable to load %s from %s (unexpected parameters type)\n", + desc, uri); EVP_PKEY_free(params); params = NULL; } @@ -619,7 +620,7 @@ EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, } EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc) + const char *keytype, const char *desc) { return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0); } @@ -641,7 +642,7 @@ void *app_malloc(size_t sz, const char *what) if (vp == NULL) app_bail_out("%s: Could not allocate %zu bytes for %s\n", - opt_getprog(), sz, what); + opt_getprog(), sz, what); return vp; } @@ -665,16 +666,16 @@ static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n", - uri, subj, msg); + uri, subj, msg); OPENSSL_free(subj); } static void warn_cert(const char *uri, X509 *cert, int warn_EE, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { uint32_t ex_flags = X509_get_extension_flags(cert); int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), - X509_get0_notAfter(cert)); + X509_get0_notAfter(cert)); if (res != 0) warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); @@ -683,7 +684,7 @@ static void warn_cert(const char *uri, X509 *cert, int warn_EE, } static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { int i; @@ -692,23 +693,22 @@ static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE, } int load_cert_certs(const char *uri, - X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) + X509 **pcert, STACK_OF(X509) **pcerts, + int exclude_http, const char *pass, const char *desc, + X509_VERIFY_PARAM *vpm) { int ret = 0; char *pass_string; if (desc == NULL) desc = pcerts == NULL ? "certificate" : "certificates"; - if (exclude_http && (HAS_CASE_PREFIX(uri, "http://") - || HAS_CASE_PREFIX(uri, "https://"))) { + if (exclude_http && (HAS_CASE_PREFIX(uri, "http://") || HAS_CASE_PREFIX(uri, "https://"))) { BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); return ret; } pass_string = get_passwd(pass, desc); ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc, 0, - NULL, NULL, NULL, pcert, pcerts, NULL, NULL); + NULL, NULL, NULL, pcert, pcerts, NULL, NULL); clear_free(pass_string); if (ret) { @@ -726,7 +726,7 @@ int load_cert_certs(const char *uri, } STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, - const char *desc, X509_VERIFY_PARAM *vpm) + const char *desc, X509_VERIFY_PARAM *vpm) { STACK_OF(X509) *certs = NULL; STACK_OF(X509) *result = sk_X509_new_null(); @@ -742,7 +742,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, if (!load_cert_certs(files, NULL, &certs, 0, pass, desc, vpm)) goto err; if (!X509_add_certs(result, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto oom; OSSL_STACK_OF_X509_free(certs); certs = NULL; @@ -750,16 +750,16 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, } return result; - oom: +oom: BIO_printf(bio_err, "out of memory\n"); - err: +err: OSSL_STACK_OF_X509_free(certs); OSSL_STACK_OF_X509_free(result); return NULL; } static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, - const STACK_OF(X509) *certs /* may NULL */) + const STACK_OF(X509) *certs /* may NULL */) { int i; @@ -781,7 +781,7 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, * Returns pointer to created X509_STORE on success, NULL on error. */ X509_STORE *load_certstore(char *input, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { X509_STORE *store = NULL; STACK_OF(X509) *certs = NULL; @@ -809,14 +809,14 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc, * The caller is responsible for freeing *certs if its value is left not NULL. */ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, - const char *pass, const char *desc) + const char *pass, const char *desc) { int ret, was_NULL = *certs == NULL; if (desc == NULL) desc = "certificates"; ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin, pass, desc, 0, - NULL, NULL, NULL, NULL, certs, NULL, NULL); + NULL, NULL, NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { OSSL_STACK_OF_X509_free(*certs); @@ -830,14 +830,14 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, * The caller is responsible for freeing *crls if its value is left not NULL. */ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, - const char *pass, const char *desc) + const char *pass, const char *desc) { int ret, was_NULL = *crls == NULL; if (desc == NULL) desc = "CRLs"; ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc, 0, - NULL, NULL, NULL, NULL, NULL, NULL, crls); + NULL, NULL, NULL, NULL, NULL, NULL, crls); if (!ret && was_NULL) { sk_X509_CRL_pop_free(*crls, X509_CRL_free); @@ -865,16 +865,19 @@ static const char *format2string(int format) #define SET_EXPECT(val) \ (expect = expect < 0 ? (val) : (expect == (val) ? (val) : 0)) #define SET_EXPECT1(pvar, val) \ - if ((pvar) != NULL) { \ - *(pvar) = NULL; \ - SET_EXPECT(val); \ + if ((pvar) != NULL) { \ + *(pvar) = NULL; \ + SET_EXPECT(val); \ } /* Provide (error msg) text for some of the credential types to be loaded. */ -#define FAIL_NAME \ - (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" : \ - pparams != NULL ? "key parameters" : \ - pcert != NULL ? "certificate" : pcerts != NULL ? "certificates" : \ - pcrl != NULL ? "CRL" : pcrls != NULL ? "CRLs" : NULL) +#define FAIL_NAME \ + (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" \ + : pparams != NULL ? "key parameters" \ + : pcert != NULL ? "certificate" \ + : pcerts != NULL ? "certificates" \ + : pcrl != NULL ? "CRL" \ + : pcrls != NULL ? "CRLs" \ + : NULL) /* * Load those types of credentials for which the result pointer is not NULL. * Reads from stdin if 'uri' is NULL and 'maybe_stdin' is nonzero. @@ -891,11 +894,11 @@ static const char *format2string(int format) * of *pcerts and *pcrls (as far as they are not NULL). */ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, int quiet, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) + const char *pass, const char *desc, int quiet, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) { PW_CB_DATA uidata; OSSL_STORE_CTX *ctx = NULL; @@ -911,7 +914,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, if (failed == NULL) { if (!quiet) BIO_printf(bio_err, "Internal error: nothing was requested to load from %s\n", - uri != NULL ? uri : "<stdin>"); + uri != NULL ? uri : "<stdin>"); return 0; } /* suppress any extraneous errors left over from failed parse attempts */ @@ -922,7 +925,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS); SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT); /* - * Up to here, the follwing holds. + * Up to here, the following holds. * If just one of the ppkey, ppubkey, pparams, and pcert function parameters * is nonzero, expect > 0 indicates which type of credential is expected. * If expect == 0, more than one of them is nonzero (multiple types expected). @@ -961,7 +964,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, if ((input_type = format2string(format)) != NULL) { itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, - (char *)input_type, 0); + (char *)input_type, 0); itp[1] = OSSL_PARAM_construct_end(); params = itp; } @@ -979,13 +982,13 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, bio = BIO_new_fp(stdin, 0); if (bio != NULL) { ctx = OSSL_STORE_attach(bio, "file", libctx, propq, - get_ui_method(), &uidata, params, - NULL, NULL); + get_ui_method(), &uidata, params, + NULL, NULL); BIO_free(bio); } } else { ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, - params, NULL, NULL); + params, NULL, NULL); } if (ctx == NULL) { if (!quiet) @@ -1003,8 +1006,8 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, /* from here, failed != NULL only if actually an error has been detected */ while ((ppkey != NULL || ppubkey != NULL || pparams != NULL - || pcert != NULL || pcerts != NULL || pcrl != NULL || pcrls != NULL) - && !OSSL_STORE_eof(ctx)) { + || pcert != NULL || pcerts != NULL || pcrl != NULL || pcrls != NULL) + && !OSSL_STORE_eof(ctx)) { OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); int type, ok = 1; @@ -1055,8 +1058,8 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, pcert = NULL; } else if (pcerts != NULL) { ok = X509_add_cert(*pcerts, - OSSL_STORE_INFO_get1_CERT(info), - X509_ADD_FLAG_DEFAULT); + OSSL_STORE_INFO_get1_CERT(info), + X509_ADD_FLAG_DEFAULT); } ncerts += ok; break; @@ -1083,7 +1086,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, } } - end: +end: OSSL_STORE_close(ctx); /* see if any of the requested types of credentials was not found */ @@ -1127,37 +1130,36 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, return failed == NULL; } -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -#define X509V3_EXT_DEFAULT 0 /* Return error for unknown exts */ +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +#define X509V3_EXT_DEFAULT 0 /* Return error for unknown exts */ #define X509V3_EXT_ERROR_UNKNOWN (1L << 16) /* Print error for unknown exts */ #define X509V3_EXT_PARSE_UNKNOWN (2L << 16) /* ASN1 parse unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) /* BIO_dump unknown extensions */ +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) /* BIO_dump unknown extensions */ -#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \ - X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) +#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) int set_cert_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL cert_tbl[] = { - {"compatible", X509_FLAG_COMPAT, 0xffffffffl}, - {"ca_default", X509_FLAG_CA, 0xffffffffl}, - {"no_header", X509_FLAG_NO_HEADER, 0}, - {"no_version", X509_FLAG_NO_VERSION, 0}, - {"no_serial", X509_FLAG_NO_SERIAL, 0}, - {"no_signame", X509_FLAG_NO_SIGNAME, 0}, - {"no_validity", X509_FLAG_NO_VALIDITY, 0}, - {"no_subject", X509_FLAG_NO_SUBJECT, 0}, - {"no_issuer", X509_FLAG_NO_ISSUER, 0}, - {"no_pubkey", X509_FLAG_NO_PUBKEY, 0}, - {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, - {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, - {"no_aux", X509_FLAG_NO_AUX, 0}, - {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, - {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, - {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {NULL, 0, 0} + { "compatible", X509_FLAG_COMPAT, 0xffffffffl }, + { "ca_default", X509_FLAG_CA, 0xffffffffl }, + { "no_header", X509_FLAG_NO_HEADER, 0 }, + { "no_version", X509_FLAG_NO_VERSION, 0 }, + { "no_serial", X509_FLAG_NO_SERIAL, 0 }, + { "no_signame", X509_FLAG_NO_SIGNAME, 0 }, + { "no_validity", X509_FLAG_NO_VALIDITY, 0 }, + { "no_subject", X509_FLAG_NO_SUBJECT, 0 }, + { "no_issuer", X509_FLAG_NO_ISSUER, 0 }, + { "no_pubkey", X509_FLAG_NO_PUBKEY, 0 }, + { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0 }, + { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0 }, + { "no_aux", X509_FLAG_NO_AUX, 0 }, + { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0 }, + { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK }, + { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { NULL, 0, 0 } }; return set_multi_opts(flags, arg, cert_tbl); } @@ -1165,35 +1167,35 @@ int set_cert_ex(unsigned long *flags, const char *arg) int set_name_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL ex_tbl[] = { - {"esc_2253", ASN1_STRFLGS_ESC_2253, 0}, - {"esc_2254", ASN1_STRFLGS_ESC_2254, 0}, - {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, - {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, - {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, - {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, - {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, - {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, - {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, - {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, - {"dump_der", ASN1_STRFLGS_DUMP_DER, 0}, - {"compat", XN_FLAG_COMPAT, 0xffffffffL}, - {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, - {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, - {"dn_rev", XN_FLAG_DN_REV, 0}, - {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, - {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, - {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, - {"align", XN_FLAG_FN_ALIGN, 0}, - {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, - {"space_eq", XN_FLAG_SPC_EQ, 0}, - {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, - {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, - {"oneline", XN_FLAG_ONELINE, 0xffffffffL}, - {"multiline", XN_FLAG_MULTILINE, 0xffffffffL}, - {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, - {NULL, 0, 0} + { "esc_2253", ASN1_STRFLGS_ESC_2253, 0 }, + { "esc_2254", ASN1_STRFLGS_ESC_2254, 0 }, + { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0 }, + { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0 }, + { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0 }, + { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0 }, + { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0 }, + { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0 }, + { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0 }, + { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0 }, + { "dump_der", ASN1_STRFLGS_DUMP_DER, 0 }, + { "compat", XN_FLAG_COMPAT, 0xffffffffL }, + { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK }, + { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK }, + { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK }, + { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK }, + { "dn_rev", XN_FLAG_DN_REV, 0 }, + { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK }, + { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK }, + { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK }, + { "align", XN_FLAG_FN_ALIGN, 0 }, + { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK }, + { "space_eq", XN_FLAG_SPC_EQ, 0 }, + { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0 }, + { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL }, + { "oneline", XN_FLAG_ONELINE, 0xffffffffL }, + { "multiline", XN_FLAG_MULTILINE, 0xffffffffL }, + { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL }, + { NULL, 0, 0 } }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; @@ -1259,13 +1261,13 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type) } ret = 1; - end: +end: sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); return ret; } static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL *in_tbl) + const NAME_EX_TBL *in_tbl) { STACK_OF(CONF_VALUE) *vals; CONF_VALUE *val; @@ -1284,7 +1286,7 @@ static int set_multi_opts(unsigned long *flags, const char *arg, } static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL *in_tbl) + const NAME_EX_TBL *in_tbl) { char c; const NAME_EX_TBL *ptbl; @@ -1342,7 +1344,7 @@ void print_name(BIO *out, const char *title, const X509_NAME *nm) } void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, - int len, unsigned char *buffer) + int len, unsigned char *buffer) { BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); if (BN_is_zero(in)) { @@ -1379,8 +1381,8 @@ void print_array(BIO *out, const char *title, int len, const unsigned char *d) } X509_STORE *setup_verify(const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) + const char *CApath, int noCApath, + const char *CAstore, int noCAstore) { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; @@ -1396,17 +1398,19 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile, goto end; if (CAfile != NULL) { if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, - libctx, propq) <= 0) { + libctx, propq) + <= 0) { ERR_clear_error(); if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_ASN1, - libctx, propq) <= 0) { + libctx, propq) + <= 0) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto end; } } } else { X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, - libctx, propq); + libctx, propq); } } @@ -1437,7 +1441,7 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile, ERR_clear_error(); return store; - end: +end: ERR_print_errors(bio_err); X509_STORE_free(store); return NULL; @@ -1454,12 +1458,14 @@ static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) } static int index_serial_cmp(const OPENSSL_CSTRING *a, - const OPENSSL_CSTRING *b) + const OPENSSL_CSTRING *b) { const char *aa, *bb; - for (aa = a[DB_serial]; *aa == '0'; aa++) ; - for (bb = b[DB_serial]; *bb == '0'; bb++) ; + for (aa = a[DB_serial]; *aa == '0'; aa++) + ; + for (bb = b[DB_serial]; *bb == '0'; bb++) + ; return strcmp(aa, bb); } @@ -1485,7 +1491,7 @@ static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 BIGNUM *load_serial(const char *serialfile, int *exists, int create, - ASN1_INTEGER **retai) + ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1510,14 +1516,14 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create, BIO_printf(bio_err, "Out of memory\n"); } else if (!rand_serial(ret, ai)) { BIO_printf(bio_err, "Error creating random number to store in %s\n", - serialfile); + serialfile); BN_free(ret); ret = NULL; } } else { if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { BIO_printf(bio_err, "Unable to load number from %s\n", - serialfile); + serialfile); goto err; } ret = ASN1_INTEGER_to_BN(ai, NULL); @@ -1531,7 +1537,7 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create, *retai = ai; ai = NULL; } - err: +err: if (ret == NULL) ERR_print_errors(bio_err); BIO_free(in); @@ -1540,7 +1546,7 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create, } int save_serial(const char *serialfile, const char *suffix, - const BIGNUM *serial, ASN1_INTEGER **retai) + const BIGNUM *serial, ASN1_INTEGER **retai) { char buf[1][BSIZE]; BIO *out = NULL; @@ -1582,7 +1588,7 @@ int save_serial(const char *serialfile, const char *suffix, *retai = ai; ai = NULL; } - err: +err: if (!ret) ERR_print_errors(bio_err); BIO_free_all(out); @@ -1591,7 +1597,7 @@ int save_serial(const char *serialfile, const char *suffix, } int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix) + const char *old_suffix) { char buf[2][BSIZE]; int i, j; @@ -1615,21 +1621,21 @@ int rotate_serial(const char *serialfile, const char *new_suffix, #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, - "Unable to rename %s to %s\n", serialfile, buf[1]); + "Unable to rename %s to %s\n", serialfile, buf[1]); perror("reason"); goto err; } if (rename(buf[0], serialfile) < 0) { BIO_printf(bio_err, - "Unable to rename %s to %s\n", buf[0], serialfile); + "Unable to rename %s to %s\n", buf[0], serialfile); perror("reason"); rename(buf[1], serialfile); goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1650,7 +1656,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) ret = 1; - error: +error: if (btmp != b) BN_free(btmp); @@ -1678,7 +1684,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) BIO_get_fp(in, &dbfp); if (fstat(fileno(dbfp), &dbst) == -1) { ERR_raise_data(ERR_LIB_SYS, errno, - "calling fstat(%s)", dbfile); + "calling fstat(%s)", dbfile); goto err; } #endif @@ -1716,7 +1722,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) retdb->dbst = dbst; #endif - err: +err: ERR_print_errors(bio_err); NCONF_free(dbattr_conf); TXT_DB_free(tmpdb); @@ -1730,24 +1736,24 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, - LHASH_HASH_FN(index_serial), - LHASH_COMP_FN(index_serial))) { + LHASH_HASH_FN(index_serial), + LHASH_COMP_FN(index_serial))) { BIO_printf(bio_err, - "Error creating serial number index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); + "Error creating serial number index:(%ld,%ld,%ld)\n", + db->db->error, db->db->arg1, db->db->arg2); goto err; } if (db->attributes.unique_subject && !TXT_DB_create_index(db->db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name), - LHASH_COMP_FN(index_name))) { + LHASH_HASH_FN(index_name), + LHASH_COMP_FN(index_name))) { BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); + db->db->error, db->db->arg1, db->db->arg2); goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1790,17 +1796,17 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; } BIO_printf(out, "unique_subject = %s\n", - db->attributes.unique_subject ? "yes" : "no"); + db->attributes.unique_subject ? "yes" : "no"); BIO_free(out); return 1; - err: +err: ERR_print_errors(bio_err); return 0; } int rotate_index(const char *dbfile, const char *new_suffix, - const char *old_suffix) + const char *old_suffix) { char buf[5][BSIZE]; int i, j; @@ -1830,7 +1836,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]); perror("reason"); goto err; @@ -1845,7 +1851,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]); perror("reason"); rename(dbfile, buf[0]); @@ -1861,7 +1867,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1879,17 +1885,17 @@ int parse_yesno(const char *str, int def) { if (str) { switch (*str) { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - case '0': /* 0 */ + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ return 0; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - case '1': /* 1 */ + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ return 1; } } @@ -1902,7 +1908,7 @@ int parse_yesno(const char *str, int def) * and characters may be escaped by \ */ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, - const char *desc) + const char *desc) { int nextismulti = 0; char *work; @@ -1910,10 +1916,10 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, if (*cp++ != '/') { BIO_printf(bio_err, - "%s: %s name is expected to be in the format " - "/type0=value0/type1=value1/type2=... where characters may " - "be escaped by \\. This name is not in that format: '%s'\n", - opt_getprog(), desc, --cp); + "%s: %s name is expected to be in the format " + "/type0=value0/type1=value1/type2=... where characters may " + "be escaped by \\. This name is not in that format: '%s'\n", + opt_getprog(), desc, --cp); return NULL; } @@ -1925,7 +1931,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, work = OPENSSL_strdup(cp); if (work == NULL) { BIO_printf(bio_err, "%s: Error copying %s name input\n", - opt_getprog(), desc); + opt_getprog(), desc); goto err; } @@ -1944,8 +1950,8 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, *bp++ = '\0'; if (*cp == '\0') { BIO_printf(bio_err, - "%s: Missing '=' after RDN type string '%s' in %s name string\n", - opt_getprog(), typestr, desc); + "%s: Missing '=' after RDN type string '%s' in %s name string\n", + opt_getprog(), typestr, desc); goto err; } ++cp; @@ -1960,8 +1966,8 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, } if (*cp == '\\' && *++cp == '\0') { BIO_printf(bio_err, - "%s: Escape character at end of %s name string\n", - opt_getprog(), desc); + "%s: Escape character at end of %s name string\n", + opt_getprog(), desc); goto err; } } @@ -1975,27 +1981,27 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, nid = OBJ_txt2nid(typestr); if (nid == NID_undef) { BIO_printf(bio_err, - "%s warning: Skipping unknown %s name attribute \"%s\"\n", - opt_getprog(), desc, typestr); + "%s warning: Skipping unknown %s name attribute \"%s\"\n", + opt_getprog(), desc, typestr); if (ismulti) BIO_printf(bio_err, - "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n", - opt_getprog()); + "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n", + opt_getprog()); continue; } if (*valstr == '\0') { BIO_printf(bio_err, - "%s warning: No value provided for %s name attribute \"%s\", skipped\n", - opt_getprog(), desc, typestr); + "%s warning: No value provided for %s name attribute \"%s\", skipped\n", + opt_getprog(), desc, typestr); continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - valstr, strlen((char *)valstr), - -1, ismulti ? -1 : 0)) { + valstr, strlen((char *)valstr), + -1, ismulti ? -1 : 0)) { ERR_print_errors(bio_err); BIO_printf(bio_err, - "%s: Error adding %s name attribute \"/%s=%s\"\n", - opt_getprog(), desc, typestr, valstr); + "%s: Error adding %s name attribute \"/%s=%s\"\n", + opt_getprog(), desc, typestr, valstr); goto err; } } @@ -2003,52 +2009,52 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, OPENSSL_free(work); return n; - err: +err: X509_NAME_free(n); OPENSSL_free(work); return NULL; } /* - * Read whole contents of a BIO into an allocated memory buffer and return - * it. + * Read whole contents of a BIO into an allocated memory buffer. + * The return value is one on success, zero on error. + * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if + * the input is longer than `maxlen`, an error is returned. + * If `maxlen` is zero, the limit is effectively `SIZE_MAX`. */ - -int bio_to_mem(unsigned char **out, int maxlen, BIO *in) +int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in) { + unsigned char tbuf[4096]; BIO *mem; - int len, ret; - unsigned char tbuf[1024]; + BUF_MEM *bufm; + size_t sz = 0; + int len; mem = BIO_new(BIO_s_mem()); if (mem == NULL) - return -1; + return 0; for (;;) { - if ((maxlen != -1) && maxlen < 1024) - len = maxlen; - else - len = 1024; - len = BIO_read(in, tbuf, len); - if (len < 0) { - BIO_free(mem); - return -1; - } - if (len == 0) + if ((len = BIO_read(in, tbuf, 4096)) == 0) break; - if (BIO_write(mem, tbuf, len) != len) { + if (len < 0 + || BIO_write(mem, tbuf, len) != len + || sz > SIZE_MAX - len + || ((sz += len) > maxlen && maxlen != 0)) { BIO_free(mem); - return -1; + return 0; } - if (maxlen != -1) - maxlen -= len; - - if (maxlen == 0) - break; } - ret = BIO_get_mem_data(mem, (char **)out); - BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); + + /* So BIO_free orphans BUF_MEM */ + (void)BIO_set_close(mem, BIO_NOCLOSE); + BIO_get_mem_ptr(mem, &bufm); BIO_free(mem); - return ret; + *out = (unsigned char *)bufm->data; + *outlen = bufm->length; + /* Tell BUF_MEM to orphan data */ + bufm->data = NULL; + BUF_MEM_free(bufm); + return 1; } int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) @@ -2067,7 +2073,7 @@ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) vtmp++; rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); - err: +err: OPENSSL_free(stmp); return rv; } @@ -2098,7 +2104,7 @@ void policies_print(X509_STORE_CTX *ctx) explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); BIO_printf(bio_err, "Require explicit Policy: %s\n", - explicit_policy ? "True" : "False"); + explicit_policy ? "True" : "False"); nodes_print("Authority", X509_policy_tree_get0_policies(tree)); nodes_print("User", X509_policy_tree_get0_user_policies(tree)); @@ -2162,8 +2168,8 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) } int check_cert_attributes(BIO *bio, X509 *x, const char *checkhost, - const char *checkemail, const char *checkip, - int print) + const char *checkemail, const char *checkip, + int print) { int valid_host = 0; int valid_mail = 0; @@ -2177,7 +2183,7 @@ int check_cert_attributes(BIO *bio, X509 *x, const char *checkhost, valid_host = X509_check_host(x, checkhost, 0, 0, NULL); if (print) BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, valid_host == 1 ? "" : " NOT"); + checkhost, valid_host == 1 ? "" : " NOT"); ret = ret && valid_host > 0; } @@ -2185,7 +2191,7 @@ int check_cert_attributes(BIO *bio, X509 *x, const char *checkhost, valid_mail = X509_check_email(x, checkemail, 0, 0); if (print) BIO_printf(bio, "Email %s does%s match certificate\n", - checkemail, valid_mail ? "" : " NOT"); + checkemail, valid_mail ? "" : " NOT"); ret = ret && valid_mail > 0; } @@ -2193,7 +2199,7 @@ int check_cert_attributes(BIO *bio, X509 *x, const char *checkhost, valid_ip = X509_check_ip_asc(x, checkip, 0); if (print) BIO_printf(bio, "IP %s does%s match certificate\n", - checkip, valid_ip ? "" : " NOT"); + checkip, valid_ip ? "" : " NOT"); ret = ret && valid_ip > 0; } @@ -2261,7 +2267,7 @@ static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING) *opts) } static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, - const char *md, STACK_OF(OPENSSL_STRING) *sigopts) + const char *md, STACK_OF(OPENSSL_STRING) *sigopts) { EVP_PKEY_CTX *pkctx = NULL; char def_md[80]; @@ -2273,18 +2279,18 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, * for this algorithm. */ if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2 - && strcmp(def_md, "UNDEF") == 0) { + && strcmp(def_md, "UNDEF") == 0) { /* The signing algorithm requires there to be no digest */ md = NULL; } return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(), - app_get0_propq(), pkey, NULL) + app_get0_propq(), pkey, NULL) && do_pkey_ctx_init(pkctx, sigopts); } static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, - const char *name, const char *value, int add_default) + const char *name, const char *value, int add_default) { const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL, ext_ctx, name, value); @@ -2323,7 +2329,7 @@ int cert_matches_key(const X509 *cert, const EVP_PKEY *pkey) /* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */ int do_X509_sign(X509 *cert, int force_v1, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) + STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int self_sign; @@ -2343,21 +2349,21 @@ int do_X509_sign(X509 *cert, int force_v1, EVP_PKEY *pkey, const char *md, /* Prevent X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER */ self_sign = cert_matches_key(cert, pkey); if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", - "keyid, issuer", !self_sign)) + "keyid, issuer", !self_sign)) goto end; } /* May add further measures for ensuring RFC 5280 compliance, see #19805 */ if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0) rv = (X509_sign_ctx(cert, mctx) > 0); - end: +end: EVP_MD_CTX_free(mctx); return rv; } /* Sign the certificate request info */ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) + STACK_OF(OPENSSL_STRING) *sigopts) { int rv = 0; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); @@ -2370,7 +2376,7 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, /* Sign the CRL info */ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) + STACK_OF(OPENSSL_STRING) *sigopts) { int rv = 0; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); @@ -2401,7 +2407,7 @@ int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) * 0 if the signature check fails, or -1 if error occurs. */ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *vfyopts) + STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; @@ -2463,7 +2469,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) */ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, - const X509_NAME *nm) + const X509_NAME *nm) { X509 *x; STACK_OF(X509_CRL) *crls = NULL; @@ -2493,7 +2499,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, error: X509_CRL_free(crl); - sk_X509_CRL_free(crls); + sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; } @@ -2559,15 +2565,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) BIO *sbio = NULL; X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx); X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); - const char *host = vpm == NULL ? NULL : - X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */); + const char *host = vpm == NULL ? NULL : X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */); /* adapt after fixing callback design flaw, see #17088 */ if ((info->use_proxy - && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, - NULL, NULL, /* no proxy credentials */ - info->timeout, bio_err, opt_getprog())) - || (sbio = BIO_new(BIO_f_ssl())) == NULL) { + && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, + NULL, NULL, /* no proxy credentials */ + info->timeout, bio_err, opt_getprog())) + || (sbio = BIO_new(BIO_f_ssl())) == NULL) { return NULL; } if ((ssl = SSL_new(ssl_ctx)) == NULL) { @@ -2597,10 +2602,10 @@ void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info) } ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - long timeout, const char *expected_content_type, - const ASN1_ITEM *it) + const char *no_proxy, SSL_CTX *ssl_ctx, + const STACK_OF(CONF_VALUE) *headers, + long timeout, const char *expected_content_type, + const ASN1_ITEM *it) { APP_HTTP_TLS_INFO info; char *server; @@ -2615,16 +2620,16 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, } if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port, - NULL /* port_num, */, NULL, NULL, NULL)) + NULL /* port_num, */, NULL, NULL, NULL)) return NULL; if (use_ssl && ssl_ctx == NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, - "missing SSL_CTX"); + "missing SSL_CTX"); goto end; } if (!use_ssl && ssl_ctx != NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT, - "SSL_CTX given but use_ssl == 0"); + "SSL_CTX given but use_ssl == 0"); goto end; } @@ -2635,27 +2640,26 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, info.timeout = timeout; info.ssl_ctx = ssl_ctx; mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, 0 /* buf_size */, headers, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); + app_http_tls_cb, &info, 0 /* buf_size */, headers, + expected_content_type, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); resp = ASN1_item_d2i_bio(it, mem, NULL); BIO_free(mem); - end: +end: OPENSSL_free(server); OPENSSL_free(port); return resp; - } ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, - const char *path, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - const char *expected_content_type, - long timeout, const ASN1_ITEM *rsp_it) + const char *path, const char *proxy, + const char *no_proxy, SSL_CTX *ssl_ctx, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, + ASN1_VALUE *req, const ASN1_ITEM *req_it, + const char *expected_content_type, + long timeout, const ASN1_ITEM *rsp_it) { int use_ssl = ssl_ctx != NULL; APP_HTTP_TLS_INFO info; @@ -2672,12 +2676,12 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, info.timeout = timeout; info.ssl_ctx = ssl_ctx; rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl, - proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, - 0 /* buf_size */, headers, content_type, req_mem, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout, - 0 /* keep_alive */); + proxy, no_proxy, NULL /* bio */, NULL /* rbio */, + app_http_tls_cb, &info, + 0 /* buf_size */, headers, content_type, req_mem, + expected_content_type, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout, + 0 /* keep_alive */); BIO_free(req_mem); res = ASN1_item_d2i_bio(rsp_it, rsp, NULL); BIO_free(rsp); @@ -2690,13 +2694,13 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, * Platform-specific sections */ #if defined(_WIN32) -# ifdef fileno -# undef fileno -# define fileno(a) (int)_fileno(a) -# endif +#ifdef fileno +#undef fileno +#define fileno(a) (int)_fileno(a) +#endif -# include <windows.h> -# include <tchar.h> +#include <windows.h> +#include <tchar.h> static int WIN32_rename(const char *from, const char *to) { @@ -2707,21 +2711,21 @@ static int WIN32_rename(const char *from, const char *to) if (sizeof(TCHAR) == 1) { tfrom = (TCHAR *)from; tto = (TCHAR *)to; - } else { /* UNICODE path */ + } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; -# if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 +#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen)) -# endif +#endif for (i = 0; i < flen; i++) tfrom[i] = (TCHAR)from[i]; -# if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 +#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen)) -# endif +#endif for (i = 0; i < tlen; i++) tto[i] = (TCHAR)to[i]; } @@ -2739,10 +2743,10 @@ static int WIN32_rename(const char *from, const char *to) else if (err == ERROR_ACCESS_DENIED) errno = EACCES; else - errno = EINVAL; /* we could map more codes... */ - err: + errno = EINVAL; /* we could map more codes... */ +err: ret = -1; - ok: +ok: if (tfrom != NULL && tfrom != (TCHAR *)from) free(tfrom); return ret; @@ -2758,30 +2762,30 @@ double app_tminterval(int stop, int usertime) static ULARGE_INTEGER tmstart; static int warning = 1; int use_GetSystemTime = 1; -# ifdef _WIN32_WINNT +#ifdef _WIN32_WINNT static HANDLE proc = NULL; if (proc == NULL) { if (check_winnt()) proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, - GetCurrentProcessId()); + GetCurrentProcessId()); if (proc == NULL) - proc = (HANDLE) - 1; + proc = (HANDLE)-1; } - if (usertime && proc != (HANDLE) - 1) { + if (usertime && proc != (HANDLE)-1) { FILETIME junk; GetProcessTimes(proc, &junk, &junk, &junk, &now); use_GetSystemTime = 0; } -# endif +#endif if (use_GetSystemTime) { SYSTEMTIME systime; if (usertime && warning) { BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); + "this program on idle system.\n"); warning = 0; } GetSystemTime(&systime); @@ -2803,44 +2807,44 @@ double app_tminterval(int stop, int usertime) return ret; } #elif defined(OPENSSL_SYS_VXWORKS) -# include <time.h> +#include <time.h> double app_tminterval(int stop, int usertime) { double ret = 0; -# ifdef CLOCK_REALTIME +#ifdef CLOCK_REALTIME static struct timespec tmstart; struct timespec now; -# else +#else static unsigned long tmstart; unsigned long now; -# endif +#endif static int warning = 1; if (usertime && warning) { BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); + "this program on idle system.\n"); warning = 0; } -# ifdef CLOCK_REALTIME +#ifdef CLOCK_REALTIME clock_gettime(CLOCK_REALTIME, &now); if (stop == TM_START) tmstart = now; else ret = ((now.tv_sec + now.tv_nsec * 1e-9) - - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); -# else + - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); +#else now = tickGet(); if (stop == TM_START) tmstart = now; else ret = (now - tmstart) / (double)sysClkRateGet(); -# endif +#endif return ret; } -#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ -# include <sys/times.h> +#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ +#include <sys/times.h> double app_tminterval(int stop, int usertime) { @@ -2864,8 +2868,8 @@ double app_tminterval(int stop, int usertime) } #else -# include <sys/time.h> -# include <sys/resource.h> +#include <sys/time.h> +#include <sys/resource.h> double app_tminterval(int stop, int usertime) { @@ -2883,7 +2887,7 @@ double app_tminterval(int stop, int usertime) tmstart = now; else ret = ((now.tv_sec + now.tv_usec * 1e-6) - - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); + - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); return ret; } @@ -2905,7 +2909,7 @@ int app_isdir(const char *name) /* raw_read|write section */ #if defined(__VMS) -# include "vms_term_sock.h" +#include "vms_term_sock.h" static int stdin_sock = -1; static void close_stdin_sock(void) @@ -2945,7 +2949,7 @@ int raw_read_stdin(void *buf, int siz) return -1; } #elif defined(__VMS) -# include <sys/socket.h> +#include <sys/socket.h> int raw_read_stdin(void *buf, int siz) { @@ -2991,13 +2995,13 @@ int raw_write_stdout(const void *buf, int siz) BIO *dup_bio_in(int format) { return BIO_new_fp(stdin, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); } BIO *dup_bio_out(int format) { BIO *b = BIO_new_fp(stdout, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); void *prefix = NULL; if (b == NULL) @@ -3020,7 +3024,7 @@ BIO *dup_bio_out(int format) BIO *dup_bio_err(int format) { BIO *b = BIO_new_fp(stderr, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); #ifdef OPENSSL_SYS_VMS if (b != NULL && FMT_istext(format)) @@ -3039,12 +3043,12 @@ void unbuffer(FILE *fp) * temporarily. */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment save -# pragma message disable maylosedata2 +#pragma environment save +#pragma message disable maylosedata2 #endif setbuf(fp, NULL); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment restore +#pragma environment restore #endif } @@ -3095,21 +3099,21 @@ BIO *bio_open_owner(const char *filename, int format, int private) textmode = FMT_istext(format); #ifndef OPENSSL_NO_POSIX_IO mode = O_WRONLY; -# ifdef O_CREAT +#ifdef O_CREAT mode |= O_CREAT; -# endif -# ifdef O_TRUNC +#endif +#ifdef O_TRUNC mode |= O_TRUNC; -# endif +#endif if (!textmode) { -# ifdef O_BINARY +#ifdef O_BINARY mode |= O_BINARY; -# elif defined(_O_BINARY) +#elif defined(_O_BINARY) mode |= _O_BINARY; -# endif +#endif } -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS /* * VMS doesn't have O_BINARY, it just doesn't make sense. But, * it still needs to know that we're going binary, or fdopen() @@ -3119,15 +3123,15 @@ BIO *bio_open_owner(const char *filename, int format, int private) if (!textmode) fd = open(filename, mode, 0600, "ctx=bin"); else -# endif +#endif fd = open(filename, mode, 0600); if (fd < 0) goto err; fp = fdopen(fd, modestr('w', format)); -#else /* OPENSSL_NO_POSIX_IO */ +#else /* OPENSSL_NO_POSIX_IO */ /* Have stdio but not Posix IO, do the best we can */ fp = fopen(filename, modestr('w', format)); -#endif /* OPENSSL_NO_POSIX_IO */ +#endif /* OPENSSL_NO_POSIX_IO */ if (fp == NULL) goto err; bflags = BIO_CLOSE; @@ -3137,9 +3141,9 @@ BIO *bio_open_owner(const char *filename, int format, int private) if (b != NULL) return b; - err: +err: BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", - opt_getprog(), filename, strerror(errno)); + opt_getprog(), filename, strerror(errno)); ERR_print_errors(bio_err); /* If we have fp, then fdopen took over fd, so don't close both. */ if (fp != NULL) @@ -3152,7 +3156,7 @@ BIO *bio_open_owner(const char *filename, int format, int private) } static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet) + int quiet) { BIO *ret; @@ -3165,8 +3169,8 @@ static BIO *bio_open_default_(const char *filename, char mode, int format, if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open %s, %s\n", - mode == 'r' ? "stdin" : "stdout", strerror(errno)); + "Can't open %s, %s\n", + mode == 'r' ? "stdin" : "stdout", strerror(errno)); } else { ret = BIO_new_file(filename, modestr(mode, format)); if (quiet) { @@ -3176,8 +3180,8 @@ static BIO *bio_open_default_(const char *filename, char mode, int format, if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open \"%s\" for %s, %s\n", - filename, modeverb(mode), strerror(errno)); + "Can't open \"%s\" for %s, %s\n", + filename, modeverb(mode), strerror(errno)); } ERR_print_errors(bio_err); return NULL; @@ -3254,7 +3258,7 @@ void wait_for_async(SSL *s) #if defined(OPENSSL_SYS_MSDOS) int has_stdin_waiting(void) { -# if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE); DWORD events = 0; INPUT_RECORD inputrec; @@ -3273,7 +3277,7 @@ int has_stdin_waiting(void) } return 0; } -# endif +#endif return _kbhit(); } #endif @@ -3289,16 +3293,16 @@ void corrupt_signature(const ASN1_STRING *signature) int check_cert_time_string(const char *time, const char *desc) { if (time == NULL || strcmp(time, "today") == 0 - || ASN1_TIME_set_string_X509(NULL, time)) + || ASN1_TIME_set_string_X509(NULL, time)) return 1; BIO_printf(bio_err, - "%s is invalid, it should be \"today\" or have format [CC]YYMMDDHHMMSSZ\n", - desc); + "%s is invalid, it should be \"today\" or have format [CC]YYMMDDHHMMSSZ\n", + desc); return 0; } int set_cert_times(X509 *x, const char *startdate, const char *enddate, - int days, int strict_compare_times) + int days, int strict_compare_times) { if (!check_cert_time_string(startdate, "start date")) return 0; @@ -3330,7 +3334,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, } if (ASN1_TIME_compare(X509_get0_notAfter(x), X509_get0_notBefore(x)) < 0) { BIO_printf(bio_err, "%s: end date before start date\n", - strict_compare_times ? "Error" : "Warning"); + strict_compare_times ? "Error" : "Warning"); if (strict_compare_times) return 0; } @@ -3363,7 +3367,7 @@ end: } int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, - long days, long hours, long secs) + long days, long hours, long secs) { int ret = 0; ASN1_TIME *tm = ASN1_TIME_new(); @@ -3397,7 +3401,7 @@ void make_uppercase(char *string) } OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, - const OSSL_PARAM *paramdefs) + const OSSL_PARAM *paramdefs) { OSSL_PARAM *params = NULL; size_t sz = (size_t)sk_OPENSSL_STRING_num(opts); @@ -3422,7 +3426,7 @@ OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, /* Skip over the separator so that vmtp points to the value */ vtmp++; if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], paramdefs, - stmp, vtmp, strlen(vtmp), &found)) + stmp, vtmp, strlen(vtmp), &found)) goto err; OPENSSL_free(stmp); } @@ -3431,7 +3435,7 @@ OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, err: OPENSSL_free(stmp); BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown", - opt); + opt); ERR_print_errors(bio_err); app_params_free(params); return NULL; @@ -3461,10 +3465,10 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) } if (!RAND_status()) BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" - "if the system has a poor entropy source\n"); + "if the system has a poor entropy source\n"); if (EVP_PKEY_keygen(ctx, &res) <= 0) BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); + alg != NULL ? alg : "asymmetric"); return res; } @@ -3474,10 +3478,10 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) if (!RAND_status()) BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" - "if the system has a poor entropy source\n"); + "if the system has a poor entropy source\n"); if (EVP_PKEY_paramgen(ctx, &res) <= 0) BIO_printf(bio_err, "%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); + opt_getprog(), alg != NULL ? alg : "asymmetric"); return res; } |