static int egdsocket = 0;
int
-app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
else if (RAND_egd(file) > 0) {
- /* we try if the given filename is an EGD socket.
- if it is, we don't write anything back to the file. */
+ /*
+ * we try if the given filename is an EGD socket. if it is,
+ * we don't write anything back to the file.
+ */
egdsocket = 1;
return 1;
}
BIO_printf(bio_e, "unable to load 'random state'\n");
BIO_printf(bio_e, "This means that the random number generator has not been seeded\n");
BIO_printf(bio_e, "with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
- {
+ if (consider_randfile) { /* explanation does not
+ * apply when a file is
+ * explicitly named */
BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n");
}
last = 0;
for (p = name;
((*p != '\0') && (*p != ':')); p++);
- if (*p == '\0')
- last = 1;
+ if (*p == '\0')
+ last = 1;
*p = '\0';
n = name;
name = p + 1;
}
int
-app_RAND_write_file(const char *file, BIO *bio_e)
+app_RAND_write_file(const char *file, BIO * bio_e)
{
char buffer[200];
if (egdsocket || !seeded)
- /* If we did not manage to read the seed file,
- * we should not write a low-entropy seed file back --
- * it would suppress a crucial warning the next time
- * we want to use it. */
+ /*
+ * If we did not manage to read the seed file, we should not
+ * write a low-entropy seed file back -- it would suppress a
+ * crucial warning the next time we want to use it.
+ */
return 0;
if (file == NULL)
static UI_METHOD *ui_method = NULL;
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl);
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+static EVP_PKEY *
+load_netscape_key(BIO * err, BIO * key, const char *file,
const char *key_descrip, int format);
#endif
else if ((*s == 'M') || (*s == 'm'))
return (FORMAT_MSBLOB);
else if ((*s == '1') ||
- (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) ||
+ (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) ||
(strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
return (FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
}
int
-chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+chopup_args(ARGS * arg, char *buf, int *argc, char **argv[])
{
int num, i;
char *p;
i = 0;
if (arg->count == 0) {
arg->count = 20;
- arg->data = (char **)malloc(sizeof(char *)*arg->count);
+ arg->data = (char **) malloc(sizeof(char *) * arg->count);
}
for (i = 0; i < arg->count; i++)
arg->data[i] = NULL;
if (num >= arg->count) {
char **tmp_p;
int tlen = arg->count + 20;
- tmp_p = (char **)realloc(arg->data,
- sizeof(char *)*tlen);
+ tmp_p = (char **) realloc(arg->data,
+ sizeof(char *) * tlen);
if (tmp_p == NULL)
return 0;
arg->data = tmp_p;
arg->data[num++] = p;
/* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
- {
- i= *(p++);
- arg->data[num - 1]++; /* jump over quote */
+ if ((*p == '\'') || (*p == '\"')) { /* scan for closing
+ * quote */
+ i = *(p++);
+ arg->data[num - 1]++; /* jump over quote */
while (*p && (*p != i))
p++;
*p = '\0';
} else {
while (*p && ((*p != ' ') &&
- (*p != '\t') && (*p != '\n')))
+ (*p != '\t') && (*p != '\n')))
p++;
if (*p == '\0')
#endif
-int dump_cert_text (BIO *out, X509 *x)
+int
+dump_cert_text(BIO * out, X509 * x)
{
char *p;
}
static int
-ui_open(UI *ui)
+ui_open(UI * ui)
{
- return UI_method_get_opener(UI_OpenSSL())(ui);
+ return UI_method_get_opener(UI_OpenSSL()) (ui);
}
static int
-ui_read(UI *ui, UI_STRING *uis)
+ui_read(UI * ui, UI_STRING * uis)
{
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
+ case UIT_PROMPT:
+ case UIT_VERIFY:
{
const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ ((PW_CB_DATA *) UI_get0_user_data(ui))->password;
if (password && password[0] != '\0') {
UI_set_result(ui, uis, password);
return 1;
break;
}
}
- return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+ return UI_method_get_reader(UI_OpenSSL()) (ui, uis);
}
static int
-ui_write(UI *ui, UI_STRING *uis)
+ui_write(UI * ui, UI_STRING * uis)
{
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD &&
UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
+ case UIT_PROMPT:
+ case UIT_VERIFY:
{
const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ ((PW_CB_DATA *) UI_get0_user_data(ui))->password;
if (password && password[0] != '\0')
return 1;
}
break;
}
}
- return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+ return UI_method_get_writer(UI_OpenSSL()) (ui, uis);
}
static int
-ui_close(UI *ui)
+ui_close(UI * ui)
{
- return UI_method_get_closer(UI_OpenSSL())(ui);
+ return UI_method_get_closer(UI_OpenSSL()) (ui);
}
int
int
password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_tmp)
+ PW_CB_DATA * cb_tmp)
{
UI *ui = NULL;
int res = 0;
const char *prompt_info = NULL;
const char *password = NULL;
- PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *) cb_tmp;
if (cb_data) {
if (cb_data->password)
if (cb_data->prompt_info)
prompt_info = cb_data->prompt_info;
}
-
if (password) {
res = strlen(password);
if (res > bufsiz)
memcpy(buf, password, res);
return res;
}
-
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
- buff = (char *)malloc(bufsiz);
+ buff = (char *) malloc(bufsiz);
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
PW_MIN_LENGTH, bufsiz - 1, buf);
}
UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
if (buff) {
- OPENSSL_cleanse(buff, (unsigned int)bufsiz);
+ OPENSSL_cleanse(buff, (unsigned int) bufsiz);
free(buff);
}
-
if (ok >= 0)
res = strlen(buf);
if (ok == -1) {
BIO_printf(bio_err, "User interface error\n");
ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ OPENSSL_cleanse(buf, (unsigned int) bufsiz);
res = 0;
}
if (ok == -2) {
BIO_printf(bio_err, "aborted!\n");
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ OPENSSL_cleanse(buf, (unsigned int) bufsiz);
res = 0;
}
UI_free(ui);
return res;
}
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
+static char *app_get_pass(BIO * err, char *arg, int keepbio);
int
-app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+app_passwd(BIO * err, char *arg1, char *arg2, char **pass1, char **pass2)
{
int same;
if (!arg2 || !arg1 || strcmp(arg1, arg2))
}
static char *
-app_get_pass(BIO *err, char *arg, int keepbio)
+app_get_pass(BIO * err, char *arg, int keepbio)
{
char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
BIO_printf(err, "Can't open file %s\n", arg + 5);
return NULL;
}
- /*
- * Under _WIN32, which covers even Win64 and CE, file
- * descriptors referenced by BIO_s_fd are not inherited
- * by child process and therefore below is not an option.
- * It could have been an option if bss_fd.c was operating
- * on real Windows descriptors, such as those obtained
- * with CreateFile.
- */
+ /*
+ * Under _WIN32, which covers even Win64 and CE, file
+ * descriptors referenced by BIO_s_fd are not inherited
+ * by child process and therefore below is not an option.
+ * It could have been an option if bss_fd.c was operating
+ * on real Windows descriptors, such as those obtained
+ * with CreateFile.
+ */
} else if (!strncmp(arg, "fd:", 3)) {
BIO *btmp;
i = atoi(arg + 3);
BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
return NULL;
}
- /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
+ /*
+ * Can't do BIO_gets on an fd BIO so add a buffering
+ * BIO
+ */
btmp = BIO_new(BIO_f_buffer());
pwdbio = BIO_push(btmp, pwdbio);
} else if (!strcmp(arg, "stdin")) {
}
int
-add_oid_section(BIO *err, CONF *conf)
+add_oid_section(BIO * err, CONF * conf)
{
char *p;
- STACK_OF(CONF_VALUE) *sktmp;
+ STACK_OF(CONF_VALUE) * sktmp;
CONF_VALUE *cnf;
int i;
if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
}
static int
-load_pkcs12(BIO *err, BIO *in, const char *desc, pem_password_cb *pem_cb,
- void *cb_data, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+load_pkcs12(BIO * err, BIO * in, const char *desc, pem_password_cb * pem_cb,
+ void *cb_data, EVP_PKEY ** pkey, X509 ** cert, STACK_OF(X509) ** ca)
{
const char *pass;
char tpass[PEM_BUFSIZE];
pass = "";
else {
if (!pem_cb)
- pem_cb = (pem_password_cb *)password_callback;
+ pem_cb = (pem_password_cb *) password_callback;
len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
if (len < 0) {
BIO_printf(err, "Passpharse callback error for %s\n",
}
X509 *
-load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
+load_cert(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
const char *cert_descrip)
{
X509 *x = NULL;
ERR_print_errors(err);
goto end;
}
-
if (file == NULL) {
#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
+#ifndef OPENSSL_NO_SETVBUF_IONBF
setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#endif
BIO_set_fp(cert, stdin, BIO_NOCLOSE);
} else {
if (nx == NULL)
goto end;
- if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
- nx->header->length) != 0)) {
+ if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
+ nx->header->length) != 0)) {
NETSCAPE_X509_free(nx);
BIO_printf(err, "Error reading header on certificate\n");
goto end;
NETSCAPE_X509_free(nx);
} else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL,
- (pem_password_cb *)password_callback, NULL);
+ (pem_password_cb *) password_callback, NULL);
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL,
- NULL, &x, NULL))
+ NULL, &x, NULL))
goto end;
} else {
BIO_printf(err, "bad input format specified for %s\n",
}
EVP_PKEY *
-load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
+load_key(BIO * err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE * e, const char *key_descrip)
{
BIO *key = NULL;
EVP_PKEY *pkey = NULL;
}
if (file == NULL && maybe_stdin) {
#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
+#ifndef OPENSSL_NO_SETVBUF_IONBF
setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#endif
BIO_set_fp(key, stdin, BIO_NOCLOSE);
} else if (BIO_read_filename(key, file) <= 0) {
pkey = d2i_PrivateKey_bio(key, NULL);
} else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PrivateKey(key, NULL,
- (pem_password_cb *)password_callback, &cb_data);
+ (pem_password_cb *) password_callback, &cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, key, key_descrip,
- (pem_password_cb *)password_callback, &cb_data,
- &pkey, NULL, NULL))
+ (pem_password_cb *) password_callback, &cb_data,
+ &pkey, NULL, NULL))
goto end;
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PrivateKey_bio(key);
else if (format == FORMAT_PVK)
- pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+ pkey = b2i_PVK_bio(key, (pem_password_cb *) password_callback,
&cb_data);
#endif
else {
}
EVP_PKEY *
-load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
+load_pubkey(BIO * err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE * e, const char *key_descrip)
{
BIO *key = NULL;
EVP_PKEY *pkey = NULL;
}
if (file == NULL && maybe_stdin) {
#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
+#ifndef OPENSSL_NO_SETVBUF_IONBF
setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#endif
BIO_set_fp(key, stdin, BIO_NOCLOSE);
} else if (BIO_read_filename(key, file) <= 0) {
} else if (format == FORMAT_PEMRSA) {
RSA *rsa;
rsa = PEM_read_bio_RSAPublicKey(key, NULL,
- (pem_password_cb *)password_callback, &cb_data);
+ (pem_password_cb *) password_callback, &cb_data);
if (rsa) {
pkey = EVP_PKEY_new();
if (pkey)
#endif
else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL,
- (pem_password_cb *)password_callback, &cb_data);
+ (pem_password_cb *) password_callback, &cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
+load_netscape_key(BIO * err, BIO * key, const char *file,
const char *key_descrip, int format)
{
EVP_PKEY *pkey;
BUF_MEM *buf;
- RSA *rsa;
+ RSA *rsa;
const unsigned char *p;
int size, i;
if (buf == NULL || pkey == NULL)
goto error;
for (;;) {
- if (!BUF_MEM_grow_clean(buf, size + 1024*10))
+ if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
goto error;
- i = BIO_read(key, &(buf->data[size]), 1024*10);
+ i = BIO_read(key, &(buf->data[size]), 1024 * 10);
size += i;
if (i == 0)
break;
goto error;
}
}
- p = (unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
+ p = (unsigned char *) buf->data;
+ rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL,
(format == FORMAT_IISSGC ? 1 : 0));
if (rsa == NULL)
goto error;
EVP_PKEY_free(pkey);
return NULL;
}
-#endif /* ndef OPENSSL_NO_RC4 */
+#endif /* ndef OPENSSL_NO_RC4 */
static int
-load_certs_crls(BIO *err, const char *file, int format, const char *pass,
- ENGINE *e, const char *desc, STACK_OF(X509) **pcerts,
- STACK_OF(X509_CRL) **pcrls)
+load_certs_crls(BIO * err, const char *file, int format, const char *pass,
+ ENGINE * e, const char *desc, STACK_OF(X509) ** pcerts,
+ STACK_OF(X509_CRL) ** pcrls)
{
int i;
BIO *bio;
- STACK_OF(X509_INFO) *xis = NULL;
+ STACK_OF(X509_INFO) * xis = NULL;
X509_INFO *xi;
PW_CB_DATA cb_data;
int rv = 0;
BIO_printf(err, "bad input format specified for %s\n", desc);
return 0;
}
-
if (file == NULL)
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
else
ERR_print_errors(err);
return 0;
}
-
xis = PEM_X509_INFO_read_bio(bio, NULL,
- (pem_password_cb *)password_callback, &cb_data);
+ (pem_password_cb *) password_callback, &cb_data);
BIO_free(bio);
if (!*pcerts)
goto end;
}
-
if (pcrls) {
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
}
-
for (i = 0; i < sk_X509_INFO_num(xis); i++) {
- xi = sk_X509_INFO_value (xis, i);
+ xi = sk_X509_INFO_value(xis, i);
if (xi->x509 && pcerts) {
if (!sk_X509_push(*pcerts, xi->x509))
goto end;
}
STACK_OF(X509) *
-load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
+load_certs(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
const char *desc)
{
- STACK_OF(X509) *certs;
+ STACK_OF(X509) * certs;
if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
return NULL;
return certs;
}
STACK_OF(X509_CRL) *
-load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e,
+load_crls(BIO * err, const char *file, int format, const char *pass, ENGINE * e,
const char *desc)
{
- STACK_OF(X509_CRL) *crls;
+ STACK_OF(X509_CRL) * crls;
if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
return NULL;
return crls;
set_cert_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL cert_tbl[] = {
- { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
- { "ca_default", X509_FLAG_CA, 0xffffffffl},
- { "no_header", X509_FLAG_NO_HEADER, 0},
- { "no_version", X509_FLAG_NO_VERSION, 0},
- { "no_serial", X509_FLAG_NO_SERIAL, 0},
- { "no_signame", X509_FLAG_NO_SIGNAME, 0},
- { "no_validity", X509_FLAG_NO_VALIDITY, 0},
- { "no_subject", X509_FLAG_NO_SUBJECT, 0},
- { "no_issuer", X509_FLAG_NO_ISSUER, 0},
- { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
- { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
- { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
- { "no_aux", X509_FLAG_NO_AUX, 0},
- { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
- { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
- { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { NULL, 0, 0}
+ {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ {"ca_default", X509_FLAG_CA, 0xffffffffl},
+ {"no_header", X509_FLAG_NO_HEADER, 0},
+ {"no_version", X509_FLAG_NO_VERSION, 0},
+ {"no_serial", X509_FLAG_NO_SERIAL, 0},
+ {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+ {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+ {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+ {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+ {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ {"no_aux", X509_FLAG_NO_AUX, 0},
+ {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {NULL, 0, 0}
};
return set_multi_opts(flags, arg, cert_tbl);
}
set_name_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL ex_tbl[] = {
- { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
- { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
- { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
- { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
- { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
- { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
- { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
- { "compat", XN_FLAG_COMPAT, 0xffffffffL},
- { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
- { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
- { "dn_rev", XN_FLAG_DN_REV, 0},
- { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
- { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
- { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
- { "align", XN_FLAG_FN_ALIGN, 0},
- { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
- { "space_eq", XN_FLAG_SPC_EQ, 0},
- { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
- { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
- { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
- { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
- { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
- { NULL, 0, 0}
+ {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+ {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+ {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+ {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+ {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+ {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+ {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+ {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+ {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+ {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+ {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+ {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+ {"dn_rev", XN_FLAG_DN_REV, 0},
+ {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+ {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+ {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ {"align", XN_FLAG_FN_ALIGN, 0},
+ {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+ {"space_eq", XN_FLAG_SPC_EQ, 0},
+ {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+ {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+ {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+ {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+ {NULL, 0, 0}
};
return set_multi_opts(flags, arg, ex_tbl);
}
}
int
-copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+copy_extensions(X509 * x, X509_REQ * req, int copy_type)
{
- STACK_OF(X509_EXTENSION) *exts = NULL;
+ STACK_OF(X509_EXTENSION) * exts = NULL;
X509_EXTENSION *ext, *tmpext;
ASN1_OBJECT *obj;
int i, idx, ret = 0;
}
static int
-set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl)
{
- STACK_OF(CONF_VALUE) *vals;
+ STACK_OF(CONF_VALUE) * vals;
CONF_VALUE *val;
int i, ret = 1;
if (!arg)
}
static int
-set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl)
{
char c;
const NAME_EX_TBL *ptbl;
} else if (c == '+') {
c = 1;
arg++;
- } else c = 1;
+ } else
+ c = 1;
for (ptbl = in_tbl; ptbl->name; ptbl++) {
if (!strcasecmp(arg, ptbl->name)) {
}
void
-print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
+print_name(BIO * out, const char *title, X509_NAME * nm, unsigned long lflags)
{
char *buf;
char mline = 0;
}
X509_STORE *
-setup_verify(BIO *bp, char *CAfile, char *CApath)
+setup_verify(BIO * bp, char *CAfile, char *CApath)
{
X509_STORE *store;
X509_LOOKUP *lookup;
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
static ENGINE *
-try_load_engine(BIO *err, const char *engine, int debug)
+try_load_engine(BIO * err, const char *engine, int debug)
{
ENGINE *e = ENGINE_by_id("dynamic");
if (e) {
}
ENGINE *
-setup_engine(BIO *err, const char *engine, int debug)
+setup_engine(BIO * err, const char *engine, int debug)
{
ENGINE *e = NULL;
ENGINE_free(e);
return NULL;
}
-
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
/* Free our "structural" reference. */
#endif
int
-load_config(BIO *err, CONF *cnf)
+load_config(BIO * err, CONF * cnf)
{
static int load_config_called = 0;
if (load_config_called)
}
static unsigned long
-index_serial_hash(const OPENSSL_CSTRING *a)
+index_serial_hash(const OPENSSL_CSTRING * a)
{
const char *n;
}
static int
-index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+index_serial_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b)
{
const char *aa, *bb;
- for (aa = a[DB_serial]; *aa == '0'; aa++)
- ;
- for (bb = b[DB_serial]; *bb == '0'; bb++)
- ;
+ for (aa = a[DB_serial]; *aa == '0'; aa++);
+ for (bb = b[DB_serial]; *bb == '0'; bb++);
return (strcmp(aa, bb));
}
}
static unsigned long
-index_name_hash(const OPENSSL_CSTRING *a)
+index_name_hash(const OPENSSL_CSTRING * a)
{
return (lh_strhash(a[DB_name]));
}
int
-index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+index_name_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b)
{
return (strcmp(a[DB_name], b[DB_name]));
}
-static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
-
+static
+IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+ static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+ static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
-BIGNUM *
-load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+ BIGNUM *
+ load_serial(char *serialfile, int create, ASN1_INTEGER ** retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
ERR_print_errors(bio_err);
goto err;
}
-
if (BIO_read_filename(in, serialfile) <= 0) {
if (!create) {
perror(serialfile);
}
int
-save_serial(char *serialfile, char *suffix, BIGNUM *serial,
- ASN1_INTEGER **retai)
+save_serial(char *serialfile, char *suffix, BIGNUM * serial,
+ ASN1_INTEGER ** retai)
{
char buf[1][BSIZE];
BIO *out = NULL;
BIO_printf(bio_err, "file name too long\n");
goto err;
}
-
if (suffix == NULL)
BUF_strlcpy(buf[0], serialfile, BSIZE);
else
perror(serialfile);
goto err;
}
-
if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
goto err;
BIO_printf(bio_err, "file name too long\n");
goto err;
}
-
(void) snprintf(buf[0], sizeof buf[0], "%s.%s",
serialfile, new_suffix);
(void) snprintf(buf[1], sizeof buf[1], "%s.%s",
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err,
"unable to rename %s to %s\n",
serialfile, buf[1]);
}
int
-rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+rand_serial(BIGNUM * b, ASN1_INTEGER * ai)
{
BIGNUM *btmp;
int ret = 0;
}
CA_DB *
-load_index(char *dbfile, DB_ATTR *db_attr)
+load_index(char *dbfile, DB_ATTR * db_attr)
{
CA_DB *retdb = NULL;
TXT_DB *tmpdb = NULL;
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
if (errorline > 0) {
BIO_printf(bio_err,
- "error on line %ld of db attribute file '%s'\n"
- , errorline, buf[0]);
+ "error on line %ld of db attribute file '%s'\n"
+ ,errorline, buf[0]);
goto err;
} else {
NCONF_free(dbattr_conf);
dbattr_conf = NULL;
}
}
-
if ((retdb = malloc(sizeof(CA_DB))) == NULL) {
fprintf(stderr, "Out of memory\n");
goto err;
}
-
retdb->db = tmpdb;
tmpdb = NULL;
if (db_attr)
retdb->attributes.unique_subject = parse_yesno(p, 1);
}
}
-
err:
if (dbattr_conf)
NCONF_free(dbattr_conf);
}
int
-index_index(CA_DB *db)
+index_index(CA_DB * db)
{
if (!TXT_DB_create_index(db->db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial),
- LHASH_COMP_FN(index_serial))) {
+ LHASH_HASH_FN(index_serial),
+ LHASH_COMP_FN(index_serial))) {
BIO_printf(bio_err,
"error creating serial number index:(%ld,%ld,%ld)\n",
db->db->error, db->db->arg1, db->db->arg2);
return 0;
}
-
if (db->attributes.unique_subject &&
!TXT_DB_create_index(db->db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) {
+ LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) {
BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
db->db->error, db->db->arg1, db->db->arg2);
return 0;
}
int
-save_index(const char *dbfile, const char *suffix, CA_DB *db)
+save_index(const char *dbfile, const char *suffix, CA_DB * db)
{
char buf[3][BSIZE];
BIO *out = BIO_new(BIO_s_file());
ERR_print_errors(bio_err);
goto err;
}
-
j = strlen(dbfile) + strlen(suffix);
if (j + 6 >= BSIZE) {
BIO_printf(bio_err, "file name too long\n");
goto err;
}
-
(void) snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
(void) snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
(void) snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
BIO_printf(bio_err, "file name too long\n");
goto err;
}
-
(void) snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
(void) snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
dbfile, new_suffix);
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err,
"unable to rename %s to %s\n",
dbfile, buf[1]);
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err,
"unable to rename %s to %s\n",
buf[4], buf[3]);
}
void
-free_index(CA_DB *db)
+free_index(CA_DB * db)
{
if (db) {
if (db->db)
int ret = def;
if (str) {
switch (*str) {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- case '0': /* 0 */
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ case '0': /* 0 */
ret = 0;
break;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- case '1': /* 1 */
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ case '1': /* 1 */
ret = 1;
break;
default:
X509_NAME *
parse_name(char *subject, long chtype, int multirdn)
{
- size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+ size_t buflen = strlen(subject) + 1; /* to copy the types and
+ * values into. due to
+ * escaping, the copy can
+ * only become shorter */
char *buf = malloc(buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = malloc(max_ne * sizeof (char *));
- char **ne_values = malloc(max_ne * sizeof (char *));
- int *mval = malloc (max_ne * sizeof (int));
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = malloc(max_ne * sizeof(char *));
+ char **ne_values = malloc(max_ne * sizeof(char *));
+ int *mval = malloc(max_ne * sizeof(int));
char *sp = subject, *bp = buf;
int i, ne_num = 0;
BIO_printf(bio_err, "malloc error\n");
goto error;
}
-
if (*subject != '/') {
BIO_printf(bio_err, "Subject does not start with '/'.\n");
goto error;
}
- sp++; /* skip leading / */
+ sp++; /* skip leading / */
/* no multivalued RDN by default */
mval[ne_num] = 0;
/* collect type */
ne_types[ne_num] = bp;
while (*sp) {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- {
+ if (*sp == '\\') { /* is there anything to
+ * escape in the type...? */
if (*++sp)
*bp++ = *sp++;
else {
BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
continue;
}
-
if (!*ne_values[i]) {
BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
continue;
}
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1, -1, mval[i]))
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *) ne_values[i], -1, -1, mval[i]))
goto error;
}
int
args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+ int *badarg, BIO * err, X509_VERIFY_PARAM ** pm)
{
ASN1_OBJECT *otmp = NULL;
unsigned long flags = 0;
*badarg = 1;
else {
long timestamp;
- /* interpret the -attime argument as seconds since
- * Epoch */
+ /*
+ * interpret the -attime argument as seconds since
+ * Epoch
+ */
if (sscanf(argn, "%li", ×tamp) != 1) {
BIO_printf(bio_err,
"Error parsing timestamp %s\n",
else if (!strcmp(arg, "-issuer_checks"))
flags |= X509_V_FLAG_CB_ISSUER_CHECK;
else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
+ flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
else if (!strcmp(arg, "-policy_check"))
flags |= X509_V_FLAG_POLICY_CHECK;
else if (!strcmp(arg, "-explicit_policy"))
*pm = NULL;
goto end;
}
-
if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
*badarg = 1;
goto end;
}
-
if (otmp)
X509_VERIFY_PARAM_add0_policy(*pm, otmp);
if (flags)
*/
int
-bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+bio_to_mem(unsigned char **out, int maxlen, BIO * in)
{
BIO *mem;
int len, ret;
if (maxlen == 0)
break;
}
- ret = BIO_get_mem_data(mem, (char **)out);
+ ret = BIO_get_mem_data(mem, (char **) out);
BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
BIO_free(mem);
return ret;
}
int
-pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+pkey_ctrl_string(EVP_PKEY_CTX * ctx, char *value)
{
int rv;
char *stmp, *vtmp = NULL;
}
static void
-nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
+nodes_print(BIO * out, const char *name, STACK_OF(X509_POLICY_NODE) * nodes)
{
X509_POLICY_NODE *node;
int i;
}
void
-policies_print(BIO *out, X509_STORE_CTX *ctx)
+policies_print(BIO * out, X509_STORE_CTX * ctx)
{
X509_POLICY_TREE *tree;
int explicit_policy;
q = BN_new();
BN_rshift1(q, p);
- BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+ BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
BN_free(bnsecret);
}
static void
-jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
+jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
{
BN_print(conn, p->gx);
BIO_puts(conn, "\n");
}
static void
-jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
+jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
{
JPAKE_STEP1 s1;
JPAKE_STEP1_generate(&s1, ctx);
jpake_send_part(bconn, &s1.p1);
jpake_send_part(bconn, &s1.p2);
- (void)BIO_flush(bconn);
+ (void) BIO_flush(bconn);
JPAKE_STEP1_release(&s1);
}
static void
-jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
+jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
{
JPAKE_STEP2 s2;
JPAKE_STEP2_init(&s2);
JPAKE_STEP2_generate(&s2, ctx);
jpake_send_part(bconn, &s2);
- (void)BIO_flush(bconn);
+ (void) BIO_flush(bconn);
JPAKE_STEP2_release(&s2);
}
static void
-jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
+jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
{
JPAKE_STEP3A s3a;
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
- (void)BIO_flush(bconn);
+ (void) BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
static void
-jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
+jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
{
JPAKE_STEP3B s3b;
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk);
- (void)BIO_flush(bconn);
+ (void) BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
static void
-readbn(BIGNUM **bn, BIO *bconn)
+readbn(BIGNUM ** bn, BIO * bconn)
{
char buf[10240];
int l;
}
static void
-jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
+jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
{
readbn(&p->gx, bconn);
readbn(&p->zkpx.gr, bconn);
}
static void
-jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
+jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
{
JPAKE_STEP1 s1;
}
static void
-jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
+jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
{
JPAKE_STEP2 s2;
}
static void
-jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
+jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
{
JPAKE_STEP3A s3a;
int l;
}
static void
-jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
+jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
{
JPAKE_STEP3B s3b;
int l;
}
void
-jpake_client_auth(BIO *out, BIO *conn, const char *secret)
+jpake_client_auth(BIO * out, BIO * conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
}
void
-jpake_server_auth(BIO *out, BIO *conn, const char *secret)
+jpake_server_auth(BIO * out, BIO * conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
*outlen = len + 1;
return out;
}
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif /* !OPENSSL_NO_TLSEXT &&
+ * !OPENSSL_NO_NEXTPROTONEG */
/*
* Platform-specific sections
double
app_tminterval(int stop, int usertime)
{
- double ret = 0;
- struct tms rus;
- clock_t now = times(&rus);
- static clock_t tmstart;
+ double ret = 0;
+ struct tms rus;
+ clock_t now = times(&rus);
+ static clock_t tmstart;
if (usertime)
now = rus.tms_utime;
tmstart = now;
else {
long int tck = sysconf(_SC_CLK_TCK);
- ret = (now - tmstart)/(double)tck;
+ ret = (now - tmstart) / (double) tck;
}
return (ret);
double
app_tminterval(int stop, int usertime)
{
- double ret = 0;
- struct rusage rus;
- struct timeval now;
+ double ret = 0;
+ struct rusage rus;
+ struct timeval now;
static struct timeval tmstart;
if (usertime)
/* app_isdir section */
#include <sys/stat.h>
#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
+#if defined(_S_IFMT) && defined(_S_IFDIR)
+#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+#else
+#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
#endif
int
else
return -1;
#else
- return -1;
+ return -1;
#endif
}
int MAIN(int, char **);
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
+static int do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf);
int
MAIN(int argc, char **argv)
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf = NULL;
- STACK_OF(OPENSSL_STRING) *osk = NULL;
+ STACK_OF(OPENSSL_STRING) * osk = NULL;
ASN1_TYPE *at = NULL;
informat = FORMAT_PEM;
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- derfile= *(++argv);
+ derfile = *(++argv);
} else if (strcmp(*argv, "-i") == 0) {
indent = 1;
- } else
- if (strcmp(*argv, "-noout") == 0) noout = 1;
- else if (strcmp(*argv, "-oid") == 0) {
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-oid") == 0) {
if (--argc < 1)
goto bad;
- oidfile= *(++argv);
+ oidfile = *(++argv);
} else if (strcmp(*argv, "-offset") == 0) {
if (--argc < 1)
goto bad;
} else if (strcmp(*argv, "-genstr") == 0) {
if (--argc < 1)
goto bad;
- genstr= *(++argv);
+ genstr = *(++argv);
} else if (strcmp(*argv, "-genconf") == 0) {
if (--argc < 1)
goto bad;
- genconf= *(++argv);
+ genconf = *(++argv);
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n");
goto end;
}
-
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
ERR_print_errors(bio_err);
goto end;
}
- BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
if (oidfile != NULL) {
if (BIO_read_filename(in, oidfile) <= 0) {
}
OBJ_create_objects(in);
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
goto end;
}
}
-
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
- goto end; /* Pre-allocate :-) */
+ goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(bio_err, genstr, genconf, buf);
in = b64;
b64 = tmp;
}
-
num = 0;
for (;;) {
- if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
+ if (!BUF_MEM_grow(buf, (int) num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) {
- tmpbuf = (unsigned char *)str;
+ tmpbuf = (unsigned char *) str;
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
- str = (char *)tmpbuf;
+ str = (char *) tmpbuf;
num = tmplen;
}
-
if (offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n");
goto end;
}
-
num -= offset;
- if ((length == 0) || ((long)length > num))
- length = (unsigned int)num;
+ if ((length == 0) || ((long) length > num))
+ length = (unsigned int) num;
if (derout) {
- if (BIO_write(derout, str + offset, length) != (int)length) {
+ if (BIO_write(derout, str + offset, length) != (int) length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout &&
- !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
+ !ASN1_parse_dump(out, (unsigned char *) &(str[offset]), length,
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
- return(ret);
+ return (ret);
}
static int
-do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
+do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf)
{
CONF *cnf = NULL;
int len;
goto err;
}
}
-
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (!BUF_MEM_grow(buf, len))
goto err;
- p = (unsigned char *)buf->data;
+ p = (unsigned char *) buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
- conferr:
+conferr:
if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
else
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
- err:
+err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
#include <openssl/pem.h>
#ifndef W_OK
-# include <sys/file.h>
+#include <sys/file.h>
#endif
#include "apps.h"
#ifndef W_OK
-# define F_OK 0
-# define X_OK 1
-# define W_OK 2
-# define R_OK 4
+#define F_OK 0
+#define X_OK 1
+#define W_OK 2
+#define R_OK 4
#endif
#undef PROG
#endif
static void lookup_fail(const char *name, const char *tag);
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+static int
+certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+ char *enddate, long days, int batch, char *ext_sect, CONF * conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+ static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst,
+ STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+ char *enddate, long days, int batch, char *ext_sect, CONF * conf,
int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, ENGINE *e);
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+ int ext_copy, ENGINE * e);
+ static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst,
+ STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect, CONF *conf, int verbose,
+ char *enddate, long days, char *ext_sect, CONF * conf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype, int multirdn,
+ static void write_new_certificate(BIO * bp, X509 * x, int output_der, int notext);
+ static int do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
+ STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, CA_DB * db,
+ BIGNUM * serial, char *subj, unsigned long chtype, int multirdn,
int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+ int verbose, X509_REQ * req, char *ext_sect, CONF * conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, int selfsign);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
-static int check_time_format(const char *str);
-char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf = NULL;
-static CONF *extconf = NULL;
-static char *section = NULL;
+ static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval);
+ static int get_certificate_status(const char *ser_status, CA_DB * db);
+ static int do_updatedb(CA_DB * db);
+ static int check_time_format(const char *str);
+ char *make_revocation_str(int rev_type, char *rev_arg);
+ int make_revoked(X509_REVOKED * rev, const char *str);
+ int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str);
+ static CONF *conf = NULL;
+ static CONF *extconf = NULL;
+ static char *section = NULL;
-static int preserve = 0;
-static int msie_hack = 0;
+ static int preserve = 0;
+ static int msie_hack = 0;
-int MAIN(int, char **);
+ int MAIN(int, char **);
-int
-MAIN(int argc, char **argv)
+ int
+ MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *key = NULL, *passargin = NULL;
ASN1_INTEGER *tmpser;
char *f;
const char *p;
- char * const *pp;
+ char *const * pp;
int i, j;
const EVP_MD *dgst = NULL;
- STACK_OF(CONF_VALUE) *attribs = NULL;
- STACK_OF(X509) *cert_sk = NULL;
- STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+ STACK_OF(CONF_VALUE) * attribs = NULL;
+ STACK_OF(X509) * cert_sk = NULL;
+ STACK_OF(OPENSSL_STRING) * sigopts = NULL;
#undef BSIZE
#define BSIZE 256
char buf[3][BSIZE];
msie_hack = 0;
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
argc--;
argv++;
else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
- configfile= *(++argv);
+ configfile = *(++argv);
} else if (strcmp(*argv, "-name") == 0) {
if (--argc < 1)
goto bad;
- section= *(++argv);
+ section = *(++argv);
} else if (strcmp(*argv, "-subj") == 0) {
if (--argc < 1)
goto bad;
- subj= *(++argv);
+ subj = *(++argv);
/* preserve=1; */
} else if (strcmp(*argv, "-utf8") == 0)
chtype = MBSTRING_UTF8;
else if (strcmp(*argv, "-startdate") == 0) {
if (--argc < 1)
goto bad;
- startdate= *(++argv);
+ startdate = *(++argv);
} else if (strcmp(*argv, "-enddate") == 0) {
if (--argc < 1)
goto bad;
- enddate= *(++argv);
+ enddate = *(++argv);
} else if (strcmp(*argv, "-days") == 0) {
if (--argc < 1)
goto bad;
} else if (strcmp(*argv, "-md") == 0) {
if (--argc < 1)
goto bad;
- md= *(++argv);
+ md = *(++argv);
} else if (strcmp(*argv, "-policy") == 0) {
if (--argc < 1)
goto bad;
- policy= *(++argv);
+ policy = *(++argv);
} else if (strcmp(*argv, "-keyfile") == 0) {
if (--argc < 1)
goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv, "-keyform") == 0) {
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
keyform = str2fmt(*(++argv));
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
- passargin= *(++argv);
+ passargin = *(++argv);
} else if (strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
- key= *(++argv);
+ key = *(++argv);
} else if (strcmp(*argv, "-cert") == 0) {
if (--argc < 1)
goto bad;
- certfile= *(++argv);
+ certfile = *(++argv);
} else if (strcmp(*argv, "-selfsign") == 0)
selfsign = 1;
else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
req = 1;
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-outdir") == 0) {
if (--argc < 1)
goto bad;
- outdir= *(++argv);
+ outdir = *(++argv);
} else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
goto bad;
} else if (strcmp(*argv, "-revoke") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
dorevoke = 1;
} else if (strcmp(*argv, "-extensions") == 0) {
if (--argc < 1)
goto bad;
- extensions= *(++argv);
+ extensions = *(++argv);
} else if (strcmp(*argv, "-extfile") == 0) {
if (--argc < 1)
goto bad;
- extfile= *(++argv);
+ extfile = *(++argv);
} else if (strcmp(*argv, "-status") == 0) {
if (--argc < 1)
goto bad;
- ser_status= *(++argv);
+ ser_status = *(++argv);
} else if (strcmp(*argv, "-updatedb") == 0) {
doupdatedb = 1;
} else if (strcmp(*argv, "-crlexts") == 0) {
if (--argc < 1)
goto bad;
- crl_ext= *(++argv);
+ crl_ext = *(++argv);
} else if (strcmp(*argv, "-crl_reason") == 0) {
if (--argc < 1)
goto bad;
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else {
-bad:
+ bad:
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
BIO_printf(bio_err, "%s", *pp2);
goto err;
}
-
ERR_load_crypto_strings();
/*****************************************************************/
BUF_strlcat(tofree, CONFIG_FILE, len);
configfile = tofree;
}
-
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
conf = NCONF_new(NULL);
if (NCONF_load(conf, configfile, &errorline) <= 0) {
configfile);
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
- , errorline, configfile);
+ ,errorline, configfile);
goto err;
}
if (tofree) {
free(tofree);
tofree = NULL;
}
-
if (!load_config(bio_err, conf))
goto err;
goto err;
}
}
-
if (conf != NULL) {
p = NCONF_get_string(conf, NULL, "oid_file");
if (p == NULL)
goto err;
}
}
-
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
goto err;
}
-
- if (chtype != MBSTRING_UTF8){
+ if (chtype != MBSTRING_UTF8) {
f = NCONF_get_string(conf, section, UTF8_IN);
if (!f)
ERR_clear_error();
else if (!strcmp(f, "yes"))
chtype = MBSTRING_UTF8;
}
-
db_attr.unique_subject = 1;
p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
if (p) {
ERR_print_errors(bio_err);
goto err;
}
-
/*****************************************************************/
/* report status of cert with serial number given on command line */
if (ser_status) {
ser_status);
goto err;
}
-
/*****************************************************************/
/* we definitely need a private key, so let's get it */
if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
- section, ENV_PRIVATE_KEY)) == NULL)) {
+ section, ENV_PRIVATE_KEY)) == NULL)) {
lookup_fail(section, ENV_PRIVATE_KEY);
goto err;
}
/* load_key() has already printed an appropriate message */
goto err;
}
-
/*****************************************************************/
/* we need a certificate */
if (!selfsign || spkac_file || ss_cert_file || gencrl) {
if ((certfile == NULL) &&
((certfile = NCONF_get_string(conf,
- section, ENV_CERTIFICATE)) == NULL)) {
+ section, ENV_CERTIFICATE)) == NULL)) {
lookup_fail(section, ENV_CERTIFICATE);
goto err;
}
if ((outdir == NULL) && (req)) {
if ((outdir = NCONF_get_string(conf, section,
- ENV_NEW_CERTS_DIR)) == NULL) {
+ ENV_NEW_CERTS_DIR)) == NULL) {
BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n");
goto err;
}
- /* outdir is a directory spec, but access() for VMS demands a
- filename. In any case, stat(), below, will catch the problem
- if outdir is not a directory spec, and the fopen() or open()
- will catch an error if there is no write access.
-
- Presumably, this problem could also be solved by using the DEC
- C routines to convert the directory syntax to Unixly, and give
- that to access(). However, time's too short to do that just
- now.
- */
- if (access(outdir, R_OK|W_OK|X_OK) != 0)
- {
+ /*
+ * outdir is a directory spec, but access() for VMS demands a
+ * filename. In any case, stat(), below, will catch the
+ * problem if outdir is not a directory spec, and the fopen()
+ * or open() will catch an error if there is no write access.
+ *
+ * Presumably, this problem could also be solved by using the
+ * DEC C routines to convert the directory syntax to Unixly,
+ * and give that to access(). However, time's too short to
+ * do that just now.
+ */
+ if (access(outdir, R_OK | W_OK | X_OK) != 0) {
BIO_printf(bio_err, "I am unable to access the %s directory\n", outdir);
perror(outdir);
goto err;
}
-
if (app_isdir(outdir) <= 0) {
BIO_printf(bio_err, "%s need to be a directory\n", outdir);
perror(outdir);
goto err;
}
}
-
/*****************************************************************/
/* we need to load the database file */
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0')) {
- BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i+1);
+ BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i + 1);
goto err;
}
if ((pp[DB_type][0] == DB_TYPE_REV) &&
!make_revoked(NULL, pp[DB_rev_date])) {
- BIO_printf(bio_err, " in entry %d\n", i+1);
+ BIO_printf(bio_err, " in entry %d\n", i + 1);
goto err;
}
- if (!check_time_format((char *)pp[DB_exp_date])) {
- BIO_printf(bio_err, "entry %d: invalid expiry date\n", i+1);
+ if (!check_time_format((char *) pp[DB_exp_date])) {
+ BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
goto err;
}
p = pp[DB_serial];
p++;
j--;
}
- if ((j&1) || (j < 2)) {
- BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i+1, j);
+ if ((j & 1) || (j < 2)) {
+ BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i + 1, j);
goto err;
}
while (*p) {
- if (!( ((*p >= '0') && (*p <= '9')) ||
- ((*p >= 'A') && (*p <= 'F')) ||
- ((*p >= 'a') && (*p <= 'f'))) ) {
- BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i+1, (long)(p-pp[DB_serial]), *p);
+ if (!(((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f')))) {
+ BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i + 1, (long) (p - pp[DB_serial]), *p);
goto err;
}
p++;
}
}
if (verbose) {
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */
TXT_DB_write(out, db->db);
BIO_printf(bio_err, "%d entries loaded from the database\n",
sk_OPENSSL_PSTRING_num(db->db->data));
BIO_printf(bio_err, "generating index\n");
}
-
if (!index_index(db))
goto err;
BIO_printf(bio_err, "Malloc failure\n");
goto err;
} else if (i == 0) {
- if (verbose) BIO_printf(bio_err,
+ if (verbose)
+ BIO_printf(bio_err,
"No entries found to mark expired\n");
} else {
if (!save_index(dbfile, "new", db))
if (!rotate_index(dbfile, "new", "old"))
goto err;
- if (verbose) BIO_printf(bio_err,
+ if (verbose)
+ BIO_printf(bio_err,
"Done. %d entries marked as expired\n", i);
}
}
-
/*****************************************************************/
/* Read extentions config file */
if (extfile) {
extfile);
else
BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
- errorline, extfile);
+ errorline, extfile);
ret = 1;
goto err;
}
-
if (verbose)
BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
-
/*****************************************************************/
if (req || gencrl) {
if (outfile != NULL) {
goto err;
}
} else {
- BIO_set_fp(Sout, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
}
}
-
if ((md == NULL) && ((md = NCONF_get_string(conf,
- section, ENV_DEFAULT_MD)) == NULL)) {
+ section, ENV_DEFAULT_MD)) == NULL)) {
lookup_fail(section, ENV_DEFAULT_MD);
goto err;
}
-
if (!strcmp(md, "default")) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
BIO_puts(bio_err, "no default digest\n");
goto err;
}
- md = (char *)OBJ_nid2sn(def_nid);
+ md = (char *) OBJ_nid2sn(def_nid);
}
-
if ((dgst = EVP_get_digestbyname(md)) == NULL) {
BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
goto err;
}
-
if (req) {
if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
- section, ENV_DEFAULT_EMAIL_DN)) != NULL )) {
+ section, ENV_DEFAULT_EMAIL_DN)) != NULL)) {
if (strcmp(tmp_email_dn, "no") == 0)
email_dn = 0;
}
BIO_printf(bio_err, "message digest is %s\n",
OBJ_nid2ln(dgst->type));
if ((policy == NULL) && ((policy = NCONF_get_string(conf,
- section, ENV_POLICY)) == NULL)) {
+ section, ENV_POLICY)) == NULL)) {
lookup_fail(section, ENV_POLICY);
goto err;
}
BIO_printf(bio_err, "policy is %s\n", policy);
if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
- == NULL) {
+ == NULL) {
lookup_fail(section, ENV_SERIAL);
goto err;
}
-
if (!extconf) {
- /* no '-extfile' option, so we look for extensions
- * in the main configuration file */
+ /*
+ * no '-extfile' option, so we look for extensions in
+ * the main configuration file
+ */
if (!extensions) {
extensions = NCONF_get_string(conf, section,
ENV_EXTENSIONS);
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
- NULL)) {
+ NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
}
}
}
-
if (startdate == NULL) {
startdate = NCONF_get_string(conf, section,
ENV_DEFAULT_STARTDATE);
goto err;
}
if (startdate == NULL)
- startdate="today";
+ startdate = "today";
if (enddate == NULL) {
enddate = NCONF_get_string(conf, section,
BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
goto err;
}
-
if (days == 0) {
if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
days = 0;
BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
goto err;
}
-
if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
BIO_printf(bio_err, "error while loading serial number\n");
goto err;
free(f);
}
}
-
if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
goto err;
}
-
if ((cert_sk = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
}
}
- /* we have a stack of newly certified certificates
- * and a data base and serial number that need
- * updating */
+ /*
+ * we have a stack of newly certified certificates and a data
+ * base and serial number that need updating
+ */
if (sk_X509_num(cert_sk) > 0) {
if (!batch) {
BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
- (void)BIO_flush(bio_err);
+ (void) BIO_flush(bio_err);
buf[0][0] = '\0';
if (!fgets(buf[0], 10, stdin)) {
BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
goto err;
}
}
-
BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk));
if (!save_serial(serialfile, "new", serial, NULL))
if (!save_index(dbfile, "new", db))
goto err;
}
-
if (verbose)
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
x = sk_X509_value(cert_sk, i);
j = x->cert_info->serialNumber->length;
- p = (const char *)x->cert_info->serialNumber->data;
+ p = (const char *) x->cert_info->serialNumber->data;
- if (strlen(outdir) >= (size_t)(j ? BSIZE - j*2 - 6 : BSIZE - 8)) {
+ if (strlen(outdir) >= (size_t) (j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
goto err;
}
-
strlcpy(buf[2], outdir, sizeof(buf[2]));
BUF_strlcat(buf[2], "/", sizeof(buf[2]));
- n = (char *)&(buf[2][strlen(buf[2])]);
+ n = (char *) &(buf[2][strlen(buf[2])]);
if (j > 0) {
for (k = 0; k < j; k++) {
if (n >= &(buf[2][sizeof(buf[2])]))
break;
(void) snprintf(n,
&buf[2][0] + sizeof(buf[2]) - n,
- "%02X", (unsigned char)*(p++));
+ "%02X", (unsigned char) *(p++));
n += 2;
}
} else {
BIO_printf(bio_err, "Data Base Updated\n");
}
}
-
/*****************************************************************/
if (gencrl) {
int crl_v2 = 0;
goto err;
}
}
-
if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
- != NULL)
+ != NULL)
if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
- BIO_printf(bio_err, "error while loading CRL number\n");
- goto err;
- }
-
+ BIO_printf(bio_err, "error while loading CRL number\n");
+ goto err;
+ }
if (!crldays && !crlhours && !crlsec) {
if (!NCONF_get_number(conf, section,
- ENV_DEFAULT_CRL_DAYS, &crldays))
+ ENV_DEFAULT_CRL_DAYS, &crldays))
crldays = 0;
if (!NCONF_get_number(conf, section,
- ENV_DEFAULT_CRL_HOURS, &crlhours))
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
ERR_clear_error();
}
BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n");
goto err;
}
-
if (verbose)
BIO_printf(bio_err, "making CRL\n");
if ((crl = X509_CRL_new()) == NULL)
goto err;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set_lastUpdate(crl, tmptm);
- if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
- NULL)) {
+ if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+ NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto err;
}
}
}
- /* sort the data so it will be written in serial
- * number order */
+ /*
+ * sort the data so it will be written in serial number order
+ */
X509_CRL_sort(crl);
/* we now have a CRL */
if (crl_ext)
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
+ crl_ext, crl))
+ goto err;
if (crlnumberfile != NULL) {
tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
if (!tmpser)
}
if (crl_ext || crl_v2) {
if (!X509_CRL_set_version(crl, 1))
- goto err; /* version 2 CRL */
+ goto err; /* version 2 CRL */
}
-
-
- if (crlnumberfile != NULL) /* we have a CRL number that need updating */
+ if (crlnumberfile != NULL) /* we have a CRL number that
+ * need updating */
if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
goto err;
BN_free(crlnumber);
crlnumber = NULL;
}
-
if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
goto err;
NCONF_free(extconf);
OBJ_cleanup();
apps_shutdown();
- return(ret);
+ return (ret);
}
static void
}
static int
-certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *lconf,
+ char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, int selfsign)
{
}
static int
-certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *lconf,
+ char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, ENGINE *e)
+ int ext_copy, ENGINE * e)
{
X509 *req = NULL;
X509_REQ *rreq = NULL;
}
static int
-do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn,
+do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst,
+ STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy,
+ CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn,
int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+ int verbose, X509_REQ * req, char *ext_sect, CONF * lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, int selfsign)
{
BIO_printf(bio_err, "malloc error\n");
return (0);
}
-
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
req->req_info->enc.modified = 1;
X509_NAME_free(n);
}
-
if (default_op)
BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
(str->type == V_ASN1_PRINTABLESTRING))
str->type = V_ASN1_IA5STRING;
}
-
/* If no EMAIL is wanted in the subject */
if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
continue;
if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) {
j = ASN1_PRINTABLE_type(str->data, str->length);
if (((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
+ (str->type != V_ASN1_T61STRING)) ||
((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING))) {
+ (str->type == V_ASN1_PRINTABLESTRING))) {
BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n");
goto err;
}
}
-
if (default_op)
old_entry_print(bio_err, obj, str);
}
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
-
/* take a copy of the issuer name before we mess with it. */
if (selfsign)
CAname = X509_NAME_dup(name);
str = str2 = NULL;
for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
- cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
+ cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name);
goto err;
BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name);
goto err;
}
-
last2 = -1;
-again2:
+ again2:
j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
if ((j < 0) && (last2 == -1)) {
BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name);
goto again2;
}
if (j < 0) {
- BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL)?"NULL":(char *)str2->data), ((str == NULL)?"NULL":(char *)str->data));
+ BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL) ? "NULL" : (char *) str2->data), ((str == NULL) ? "NULL" : (char *) str->data));
goto err;
}
} else {
if (subject == NULL)
goto err;
}
-
if (verbose)
BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
- /* and add it later on because of the method extensions are added (altName) */
+ /*
+ * and add it later on because of the method extensions are added
+ * (altName)
+ */
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
- /* Its best to dup the subject DN and then delete any email
+ /*
+ * Its best to dup the subject DN and then delete any email
* addresses because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
-
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
BIO_printf(bio_err, " check the database/serial_file for corruption\n");
}
}
-
if (rrow != NULL) {
BIO_printf(bio_err,
"The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
- p="Expired";
+ p = "Expired";
else if (rrow[DB_type][0] == 'R')
- p="Revoked";
+ p = "Revoked";
else if (rrow[DB_type][0] == 'V')
- p="Valid";
+ p = "Valid";
else
- p="\ninvalid type, Data base error\n";
+ p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);
if (rrow[DB_type][0] == 'R') {
- p = rrow[DB_exp_date]; if (p == NULL) p="undef";
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
- p = rrow[DB_exp_date]; if (p == NULL) p="undef";
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
- p = rrow[DB_serial]; if (p == NULL) p="undef";
+ p = rrow[DB_serial];
+ if (p == NULL)
+ p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
- p = rrow[DB_file]; if (p == NULL) p="undef";
+ p = rrow[DB_file];
+ if (p == NULL)
+ p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
- p = rrow[DB_name]; if (p == NULL) p="undef";
+ p = rrow[DB_name];
+ if (p == NULL)
+ p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
- ok= -1; /* This is now a 'bad' error. */
+ ok = -1; /* This is now a 'bad' error. */
goto err;
}
-
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n");
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
- ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
+ ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
- /* Free the current entries if any, there should not
- * be any I believe */
+ /*
+ * Free the current entries if any, there should not be any I
+ * believe
+ */
if (ci->extensions != NULL)
sk_X509_EXTENSION_pop_free(ci->extensions,
X509_EXTENSION_free);
ERR_print_errors(bio_err);
goto err;
}
-
if (verbose)
BIO_printf(bio_err, "Successfully added extensions from config\n");
}
}
-
/* Copy extensions from request (if any) */
if (!copy_extensions(ret, req, ext_copy)) {
ERR_print_errors(bio_err);
goto err;
}
-
/* Set the right value for the noemailDN option */
- if (email_dn == 0 ) {
+ if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
goto err;
}
-
if (!default_op) {
BIO_printf(bio_err, "Certificate Details:\n");
- /* Never print signature details because signature not present */
+ /*
+ * Never print signature details because signature not
+ * present
+ */
certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
X509_print_ex(bio_err, ret, nameopt, certopt);
}
-
BIO_printf(bio_err, "Certificate is to be certified until ");
ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
if (days)
if (!batch) {
BIO_printf(bio_err, "Sign the certificate? [y/n]:");
- (void)BIO_flush(bio_err);
+ (void) BIO_flush(bio_err);
buf[0] = '\0';
if (!fgets(buf, sizeof(buf) - 1, stdin)) {
BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
goto err;
}
}
-
pktmp = X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
goto err;
/* We now just add it to the database */
- row[DB_type] = (char *)malloc(2);
+ row[DB_type] = (char *) malloc(2);
tm = X509_get_notAfter(ret);
- row[DB_exp_date] = (char *)malloc(tm->length + 1);
+ row[DB_exp_date] = (char *) malloc(tm->length + 1);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
/* row[DB_serial] done already */
- row[DB_file] = (char *)malloc(8);
+ row[DB_file] = (char *) malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
row[DB_type][0] = 'V';
row[DB_type][1] = '\0';
- if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) {
+ if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
-
for (i = 0; i < DB_NUMBER; i++) {
irow[i] = row[i];
row[i] = NULL;
}
static void
-write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
+write_new_certificate(BIO * bp, X509 * x, int output_der, int notext)
{
if (output_der) {
- (void)i2d_X509_bio(bp, x);
+ (void) i2d_X509_bio(bp, x);
return;
}
#if 0
}
static int
-certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
+ const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
+ STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect, CONF *lconf, int verbose,
+ char *enddate, long days, char *ext_sect, CONF * lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy)
{
- STACK_OF(CONF_VALUE) *sk = NULL;
- LHASH_OF(CONF_VALUE) *parms = NULL;
+ STACK_OF(CONF_VALUE) * sk = NULL;
+ LHASH_OF(CONF_VALUE) * parms = NULL;
X509_REQ *req = NULL;
CONF_VALUE *cv = NULL;
NETSCAPE_SPKI *spki = NULL;
ERR_print_errors(bio_err);
goto err;
}
-
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
CONF_free(parms);
goto err;
}
-
/*
* Now create a dummy X509 request structure. We don't actually
* have an X509 request, but we have many of the components
ERR_print_errors(bio_err);
goto err;
}
-
/*
* Build up the subject name set.
*/
ri = req->req_info;
n = ri->subject;
- for (i = 0; ; i++) {
+ for (i = 0;; i++) {
if (sk_CONF_VALUE_num(sk) <= i)
break;
cv = sk_CONF_VALUE_value(sk, i);
type = cv->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple
+ * instances
*/
for (buf = cv->name; *buf; buf++) {
if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
}
continue;
}
-
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
- (unsigned char *)buf, -1, -1, 0))
+ (unsigned char *) buf, -1, -1, 0))
goto err;
}
if (spki == NULL) {
infile);
goto err;
}
-
/*
* Now extract the key from the SPKI structure.
*/
BIO_printf(bio_err, "error unpacking SPKAC public key\n");
goto err;
}
-
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
BIO_printf(bio_err, "signature verification failed on SPKAC public key\n");
}
static int
-do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+do_revoke(X509 * x509, CA_DB * db, int type, char *value)
{
ASN1_UTCTIME *tm = NULL;
char *row[DB_NUMBER], **rrow, **irow;
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
- /* We have to lookup by serial number because name lookup
- * skips revoked certs
- */
+ /*
+ * We have to lookup by serial number because name lookup skips
+ * revoked certs
+ */
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow == NULL) {
BIO_printf(bio_err, "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
/* We now just add it to the database */
- row[DB_type] = (char *)malloc(2);
+ row[DB_type] = (char *) malloc(2);
tm = X509_get_notAfter(x509);
- row[DB_exp_date] = (char *)malloc(tm->length + 1);
+ row[DB_exp_date] = (char *) malloc(tm->length + 1);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
/* row[DB_serial] done already */
- row[DB_file] = (char *)malloc(8);
+ row[DB_file] = (char *) malloc(8);
/* row[DB_name] done already */
row[DB_type][0] = 'V';
row[DB_type][1] = '\0';
- if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) {
+ if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
-
for (i = 0; i < DB_NUMBER; i++) {
irow[i] = row[i];
row[i] = NULL;
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
goto err;
}
-
/* Revoke Certificate */
ok = do_revoke(x509, db, type, value);
BIO_printf(bio_err, "ERROR:name does not match %s\n",
row[DB_name]);
goto err;
- } else if (rrow[DB_type][0]=='R') {
+ } else if (rrow[DB_type][0] == 'R') {
BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
row[DB_serial]);
goto err;
}
static int
-get_certificate_status(const char *serial, CA_DB *db)
+get_certificate_status(const char *serial, CA_DB * db)
{
char *row[DB_NUMBER], **rrow;
int ok = -1, i;
BIO_printf(bio_err, "Malloc failure\n");
goto err;
}
-
if (strlen(serial) % 2) {
- /* Set the first char to 0 */;
- row[DB_serial][0]='0';
+ /* Set the first char to 0 */ ;
+ row[DB_serial][0] = '0';
/* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial]+1, serial, strlen(serial));
+ memcpy(row[DB_serial] + 1, serial, strlen(serial));
row[DB_serial][strlen(serial) + 1] = '\0';
} else {
/* Copy String from serial to row[DB_serial] */
/* Make it Upper Case */
for (i = 0; row[DB_serial][i] != '\0'; i++)
- row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
+ row[DB_serial][i] = toupper((unsigned char) row[DB_serial][i]);
ok = 1;
row[DB_serial]);
ok = -1;
goto err;
- } else if (rrow[DB_type][0]=='V') {
+ } else if (rrow[DB_type][0] == 'V') {
BIO_printf(bio_err, "%s=Valid (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto err;
- } else if (rrow[DB_type][0]=='R') {
+ } else if (rrow[DB_type][0] == 'R') {
BIO_printf(bio_err, "%s=Revoked (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto err;
- } else if (rrow[DB_type][0]=='E') {
+ } else if (rrow[DB_type][0] == 'E') {
BIO_printf(bio_err, "%s=Expired (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto err;
- } else if (rrow[DB_type][0]=='S') {
+ } else if (rrow[DB_type][0] == 'S') {
BIO_printf(bio_err, "%s=Suspended (%c)\n",
row[DB_serial], rrow[DB_type][0]);
goto err;
return (ok);
}
-static int do_updatedb (CA_DB *db)
+static int
+do_updatedb(CA_DB * db)
{
- ASN1_UTCTIME *a_tm = NULL;
+ ASN1_UTCTIME *a_tm = NULL;
int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
+ int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
cnt = -1;
goto err;
}
-
memcpy(a_tm_s, a_tm->data, a_tm->length);
a_tm_s[a_tm->length] = '\0';
BIO_printf(bio_err, "%s=Expired\n",
rrow[DB_serial]);
}
-
}
}
BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
return NULL;
}
-
reason = "holdInstruction";
other = rev_arg;
break;
i = revtm->length + 1;
- if (reason) i += strlen(reason)
- + 1;
- if (other) i += strlen(other)
- + 1;
+ if (reason)
+ i += strlen(reason)
+ + 1;
+ if (other)
+ i += strlen(other)
+ + 1;
str = malloc(i);
if (!str)
return NULL;
- BUF_strlcpy(str, (char *)revtm->data, i);
+ BUF_strlcpy(str, (char *) revtm->data, i);
if (reason) {
BUF_strlcat(str, ",", i);
BUF_strlcat(str, reason, i);
*/
int
-make_revoked(X509_REVOKED *rev, const char *str)
+make_revoked(X509_REVOKED * rev, const char *str)
{
char *tmp = NULL;
int reason_code = -1;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
goto err;
}
-
if (rev && comp_time) {
if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
goto err;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
goto err;
}
-
if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
ret = 2;
else
}
int
-old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str)
{
char buf[25], *pbuf, *p;
int j;
else
BIO_printf(bp, "ASN.1 %2d:'", str->type);
- p = (char *)str->data;
+ p = (char *) str->data;
for (j = str->length; j > 0; j--) {
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bp, "%c", *p);
else if (*p & 0x80)
BIO_printf(bp, "\\0x%02X", *p);
- else if ((unsigned char)*p == 0xf7)
+ else if ((unsigned char) *p == 0xf7)
BIO_printf(bp, "^?");
else
- BIO_printf(bp, "^%c", *p+'@');
+ BIO_printf(bp, "^%c", *p + '@');
p++;
}
BIO_printf(bp, "'\n");
}
int
-unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+unpack_revinfo(ASN1_TIME ** prevtm, int *preason, ASN1_OBJECT ** phold,
+ ASN1_GENERALIZEDTIME ** pinvtm, const char *str)
{
char *tmp = NULL;
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
arg_str = p + 1;
}
}
-
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
goto err;
}
-
if (reason_code == 7)
reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
- else if (reason_code == 8) /* Hold instruction */
- {
+ else if (reason_code == 8) { /* Hold instruction */
if (!arg_str) {
BIO_printf(bio_err, "missing hold instruction\n");
goto err;
reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
}
}
-
if (preason)
*preason = reason_code;
if (pinvtm)
SSL *ssl = NULL;
char *ciphers = NULL;
const SSL_METHOD *meth = NULL;
- STACK_OF(SSL_CIPHER) *sk;
+ STACK_OF(SSL_CIPHER) * sk;
char buf[512];
BIO *STDout = NULL;
badops = 1;
break;
} else {
- ciphers= *argv;
+ ciphers = *argv;
}
argc--;
argv++;
BIO_printf(bio_err, "%s", *pp);
goto end;
}
-
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (!verbose) {
- for (i = 0; ; i++) {
+ for (i = 0;; i++) {
p = SSL_get_cipher_list(ssl, i);
if (p == NULL)
break;
BIO_printf(STDout, "%s", p);
}
BIO_printf(STDout, "\n");
- }
- else /* verbose */
- {
+ } else { /* verbose */
sk = SSL_get_ciphers(ssl);
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
- int id0 = (int)(id >> 24);
- int id1 = (int)((id >> 16) & 0xffL);
- int id2 = (int)((id >> 8) & 0xffL);
- int id3 = (int)(id & 0xffL);
+ int id0 = (int) (id >> 24);
+ int id1 = (int) ((id >> 16) & 0xffL);
+ int id2 = (int) ((id >> 8) & 0xffL);
+ int id3 = (int) (id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L)
- BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+ BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
else if ((id & 0xff000000L) == 0x03000000L)
- BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+ BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
else
- BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+ BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
-
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
if (STDout != NULL)
BIO_free_all(STDout);
apps_shutdown();
- return(ret);
+ return (ret);
}
#undef PROG
#define PROG cms_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int cms_cb(int ok, X509_STORE_CTX *ctx);
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static int save_certs(char *signerfile, STACK_OF(X509) * signers);
+static int cms_cb(int ok, X509_STORE_CTX * ctx);
+static void receipt_request_print(BIO * out, CMS_ContentInfo * cms);
static CMS_ReceiptRequest *
-make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
+make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to,
int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from);
+ STACK_OF(OPENSSL_STRING) * rr_from);
#define SMIME_OP 0x10
#define SMIME_IP 0x20
#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
-int verify_err = 0;
+ int verify_err = 0;
-int MAIN(int, char **);
+ int MAIN(int, char **);
-int
-MAIN(int argc, char **argv)
+ int
+ MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
- STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+ STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
char *certsoutfile = NULL;
const EVP_CIPHER *cipher = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
+ STACK_OF(X509) * encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
int badarg = 0;
int flags = CMS_DETACHED, noout = 0, print = 0;
int verify_retcode = 0;
int rr_print = 0, rr_allorfirst = -1;
- STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+ STACK_OF(OPENSSL_STRING) * rr_to = NULL, *rr_from = NULL;
CMS_ReceiptRequest *rr = NULL;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
if (bio_err == NULL) {
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
}
-
if (!load_config(bio_err, NULL))
goto end;
while (!badarg && *args && *args[0] == '-') {
- if (!strcmp (*args, "-encrypt"))
+ if (!strcmp(*args, "-encrypt"))
operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt"))
+ else if (!strcmp(*args, "-decrypt"))
operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign"))
+ else if (!strcmp(*args, "-sign"))
operation = SMIME_SIGN;
- else if (!strcmp (*args, "-sign_receipt"))
+ else if (!strcmp(*args, "-sign_receipt"))
operation = SMIME_SIGN_RECEIPT;
- else if (!strcmp (*args, "-resign"))
+ else if (!strcmp(*args, "-resign"))
operation = SMIME_RESIGN;
- else if (!strcmp (*args, "-verify"))
+ else if (!strcmp(*args, "-verify"))
operation = SMIME_VERIFY;
- else if (!strcmp (*args, "-verify_retcode"))
+ else if (!strcmp(*args, "-verify_retcode"))
verify_retcode = 1;
else if (!strcmp(*args, "-verify_receipt")) {
operation = SMIME_VERIFY_RECEIPT;
goto argerr;
args++;
rctfile = *args;
- } else if (!strcmp (*args, "-cmsout"))
+ } else if (!strcmp(*args, "-cmsout"))
operation = SMIME_CMSOUT;
- else if (!strcmp (*args, "-data_out"))
+ else if (!strcmp(*args, "-data_out"))
operation = SMIME_DATAOUT;
- else if (!strcmp (*args, "-data_create"))
+ else if (!strcmp(*args, "-data_create"))
operation = SMIME_DATA_CREATE;
- else if (!strcmp (*args, "-digest_verify"))
+ else if (!strcmp(*args, "-digest_verify"))
operation = SMIME_DIGEST_VERIFY;
- else if (!strcmp (*args, "-digest_create"))
+ else if (!strcmp(*args, "-digest_create"))
operation = SMIME_DIGEST_CREATE;
- else if (!strcmp (*args, "-compress"))
+ else if (!strcmp(*args, "-compress"))
operation = SMIME_COMPRESS;
- else if (!strcmp (*args, "-uncompress"))
+ else if (!strcmp(*args, "-uncompress"))
operation = SMIME_UNCOMPRESS;
- else if (!strcmp (*args, "-EncryptedData_decrypt"))
+ else if (!strcmp(*args, "-EncryptedData_decrypt"))
operation = SMIME_ENCRYPTED_DECRYPT;
- else if (!strcmp (*args, "-EncryptedData_encrypt"))
+ else if (!strcmp(*args, "-EncryptedData_encrypt"))
operation = SMIME_ENCRYPTED_ENCRYPT;
#ifndef OPENSSL_NO_DES
- else if (!strcmp (*args, "-des3"))
+ else if (!strcmp(*args, "-des3"))
cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
+ else if (!strcmp(*args, "-des"))
cipher = EVP_des_cbc();
#endif
#ifndef OPENSSL_NO_SEED
- else if (!strcmp (*args, "-seed"))
+ else if (!strcmp(*args, "-seed"))
cipher = EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
+ else if (!strcmp(*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
+ else if (!strcmp(*args, "-rc2-128"))
cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
+ else if (!strcmp(*args, "-rc2-64"))
cipher = EVP_rc2_64_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args, "-camellia256"))
cipher = EVP_camellia_256_cbc();
#endif
- else if (!strcmp (*args, "-debug_decrypt"))
+ else if (!strcmp(*args, "-debug_decrypt"))
flags |= CMS_DEBUG_DECRYPT;
- else if (!strcmp (*args, "-text"))
+ else if (!strcmp(*args, "-text"))
flags |= CMS_TEXT;
- else if (!strcmp (*args, "-nointern"))
+ else if (!strcmp(*args, "-nointern"))
flags |= CMS_NOINTERN;
- else if (!strcmp (*args, "-noverify") ||
- !strcmp (*args, "-no_signer_cert_verify"))
+ else if (!strcmp(*args, "-noverify") ||
+ !strcmp(*args, "-no_signer_cert_verify"))
flags |= CMS_NO_SIGNER_CERT_VERIFY;
- else if (!strcmp (*args, "-nocerts"))
+ else if (!strcmp(*args, "-nocerts"))
flags |= CMS_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
+ else if (!strcmp(*args, "-noattr"))
flags |= CMS_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
+ else if (!strcmp(*args, "-nodetach"))
flags &= ~CMS_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
+ else if (!strcmp(*args, "-nosmimecap"))
flags |= CMS_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
+ else if (!strcmp(*args, "-binary"))
flags |= CMS_BINARY;
- else if (!strcmp (*args, "-keyid"))
+ else if (!strcmp(*args, "-keyid"))
flags |= CMS_USE_KEYID;
- else if (!strcmp (*args, "-nosigs"))
+ else if (!strcmp(*args, "-nosigs"))
flags |= CMS_NOSIGS;
- else if (!strcmp (*args, "-no_content_verify"))
+ else if (!strcmp(*args, "-no_content_verify"))
flags |= CMS_NO_CONTENT_VERIFY;
- else if (!strcmp (*args, "-no_attr_verify"))
+ else if (!strcmp(*args, "-no_attr_verify"))
flags |= CMS_NO_ATTR_VERIFY;
- else if (!strcmp (*args, "-stream"))
+ else if (!strcmp(*args, "-stream"))
flags |= CMS_STREAM;
- else if (!strcmp (*args, "-indef"))
+ else if (!strcmp(*args, "-indef"))
flags |= CMS_STREAM;
- else if (!strcmp (*args, "-noindef"))
+ else if (!strcmp(*args, "-noindef"))
flags &= ~CMS_STREAM;
- else if (!strcmp (*args, "-nooldmime"))
+ else if (!strcmp(*args, "-nooldmime"))
flags |= CMS_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
+ else if (!strcmp(*args, "-crlfeol"))
flags |= CMS_CRLFEOL;
- else if (!strcmp (*args, "-noout"))
+ else if (!strcmp(*args, "-noout"))
noout = 1;
- else if (!strcmp (*args, "-receipt_request_print"))
+ else if (!strcmp(*args, "-receipt_request_print"))
rr_print = 1;
- else if (!strcmp (*args, "-receipt_request_all"))
+ else if (!strcmp(*args, "-receipt_request_all"))
rr_allorfirst = 0;
- else if (!strcmp (*args, "-receipt_request_first"))
+ else if (!strcmp(*args, "-receipt_request_first"))
rr_allorfirst = 1;
else if (!strcmp(*args, "-receipt_request_from")) {
if (!args[1])
if (!rr_from)
rr_from = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(rr_from, *args);
- }
- else if (!strcmp(*args, "-receipt_request_to")) {
+ } else if (!strcmp(*args, "-receipt_request_to")) {
if (!args[1])
goto argerr;
args++;
if (!rr_to)
rr_to = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(rr_to, *args);
- }
- else if (!strcmp (*args, "-print")) {
+ } else if (!strcmp(*args, "-print")) {
noout = 1;
print = 1;
- }
- else if (!strcmp(*args, "-secretkey")) {
+ } else if (!strcmp(*args, "-secretkey")) {
long ltmp;
if (!args[1])
goto argerr;
BIO_printf(bio_err, "Invalid key %s\n", *args);
goto argerr;
}
- secret_keylen = (size_t)ltmp;
- }
- else if (!strcmp(*args, "-secretkeyid")) {
+ secret_keylen = (size_t) ltmp;
+ } else if (!strcmp(*args, "-secretkeyid")) {
long ltmp;
if (!args[1])
goto argerr;
BIO_printf(bio_err, "Invalid id %s\n", *args);
goto argerr;
}
- secret_keyidlen = (size_t)ltmp;
- }
- else if (!strcmp(*args, "-pwri_password")) {
+ secret_keyidlen = (size_t) ltmp;
+ } else if (!strcmp(*args, "-pwri_password")) {
if (!args[1])
goto argerr;
args++;
- pwri_pass = (unsigned char *)*args;
+ pwri_pass = (unsigned char *) *args;
} else if (!strcmp(*args, "-econtent_type")) {
if (!args[1])
goto argerr;
if (!args[1])
goto argerr;
passargin = *++args;
- }
- else if (!strcmp (*args, "-to")) {
+ } else if (!strcmp(*args, "-to")) {
if (!args[1])
goto argerr;
to = *++args;
- }
- else if (!strcmp (*args, "-from")) {
+ } else if (!strcmp(*args, "-from")) {
if (!args[1])
goto argerr;
from = *++args;
- }
- else if (!strcmp (*args, "-subject")) {
+ } else if (!strcmp(*args, "-subject")) {
if (!args[1])
goto argerr;
subject = *++args;
- }
- else if (!strcmp (*args, "-signer")) {
+ } else if (!strcmp(*args, "-signer")) {
if (!args[1])
goto argerr;
/* If previous -signer argument add signer to list */
keyfile = NULL;
}
signerfile = *++args;
- } else if (!strcmp (*args, "-recip")) {
+ } else if (!strcmp(*args, "-recip")) {
if (!args[1])
goto argerr;
recipfile = *++args;
- } else if (!strcmp (*args, "-certsout")) {
+ } else if (!strcmp(*args, "-certsout")) {
if (!args[1])
goto argerr;
certsoutfile = *++args;
- } else if (!strcmp (*args, "-md")) {
+ } else if (!strcmp(*args, "-md")) {
if (!args[1])
goto argerr;
sign_md = EVP_get_digestbyname(*++args);
*args);
goto argerr;
}
- } else if (!strcmp (*args, "-inkey")) {
+ } else if (!strcmp(*args, "-inkey")) {
if (!args[1])
goto argerr;
/* If previous -inkey arument add signer to list */
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
- } else if (!strcmp (*args, "-keyform")) {
+ } else if (!strcmp(*args, "-keyform")) {
if (!args[1])
goto argerr;
keyform = str2fmt(*++args);
- } else if (!strcmp (*args, "-rctform")) {
+ } else if (!strcmp(*args, "-rctform")) {
if (!args[1])
goto argerr;
rctformat = str2fmt(*++args);
- } else if (!strcmp (*args, "-certfile")) {
+ } else if (!strcmp(*args, "-certfile")) {
if (!args[1])
goto argerr;
certfile = *++args;
- } else if (!strcmp (*args, "-CAfile")) {
+ } else if (!strcmp(*args, "-CAfile")) {
if (!args[1])
goto argerr;
CAfile = *++args;
- } else if (!strcmp (*args, "-CApath")) {
+ } else if (!strcmp(*args, "-CApath")) {
if (!args[1])
goto argerr;
CApath = *++args;
- } else if (!strcmp (*args, "-in")) {
+ } else if (!strcmp(*args, "-in")) {
if (!args[1])
goto argerr;
infile = *++args;
- } else if (!strcmp (*args, "-inform")) {
+ } else if (!strcmp(*args, "-inform")) {
if (!args[1])
goto argerr;
informat = str2fmt(*++args);
- } else if (!strcmp (*args, "-outform")) {
+ } else if (!strcmp(*args, "-outform")) {
if (!args[1])
goto argerr;
outformat = str2fmt(*++args);
- } else if (!strcmp (*args, "-out")) {
+ } else if (!strcmp(*args, "-out")) {
if (!args[1])
goto argerr;
outfile = *++args;
- } else if (!strcmp (*args, "-content")) {
+ } else if (!strcmp(*args, "-content")) {
if (!args[1])
goto argerr;
contfile = *++args;
BIO_puts(bio_err, "No Signed Receipts Recipients\n");
goto argerr;
}
-
- if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
+ if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
goto argerr;
}
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
}
-
if (operation & SMIME_SIGNERS) {
if (keyfile && !signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
badarg = 1;
if (badarg) {
- argerr:
- BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-cmsout output CMS structure\n");
+argerr:
+ BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-encrypt encrypt message\n");
+ BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf(bio_err, "-sign sign message\n");
+ BIO_printf(bio_err, "-verify verify signed message\n");
+ BIO_printf(bio_err, "-cmsout output CMS structure\n");
#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
+ BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf(bio_err, "-des encrypt with DES\n");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt with SEED\n");
+ BIO_printf(bio_err, "-seed encrypt with SEED\n");
#endif
#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+ BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-certsout file certificate output file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-keyid use subject key identifier\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf(bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf(bio_err, "-nodetach use opaque signing\n");
+ BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf(bio_err, "-binary don't translate message to text\n");
+ BIO_printf(bio_err, "-certfile file other certificates file\n");
+ BIO_printf(bio_err, "-certsout file certificate output file\n");
+ BIO_printf(bio_err, "-signer file signer certificate file\n");
+ BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf(bio_err, "-keyid use subject key identifier\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf(bio_err, "-to addr to address\n");
+ BIO_printf(bio_err, "-from ad from address\n");
+ BIO_printf(bio_err, "-subject s subject\n");
+ BIO_printf(bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
-
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
-
ret = 2;
if (!(operation & SMIME_SIGNERS))
goto end;
#endif
}
-
if (secret_key && !secret_keyid) {
BIO_printf(bio_err, "No secret key id\n");
goto end;
}
-
if (*args)
encerts = sk_X509_new_null();
while (*args) {
args++;
}
}
-
if (certfile) {
if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
- e, "certificate file"))) {
+ e, "certificate file"))) {
ERR_print_errors(bio_err);
goto end;
}
}
-
if (recipfile && (operation == SMIME_DECRYPT)) {
if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file"))) {
+ e, "recipient certificate file"))) {
ERR_print_errors(bio_err);
goto end;
}
}
-
if (operation == SMIME_SIGN_RECEIPT) {
if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
- e, "receipt signer certificate file"))) {
+ e, "receipt signer certificate file"))) {
ERR_print_errors(bio_err);
goto end;
}
}
-
if (operation == SMIME_DECRYPT) {
if (!keyfile)
keyfile = recipfile;
if (!key)
goto end;
}
-
if (infile) {
if (!(in = BIO_new_file(infile, inmode))) {
- BIO_printf (bio_err,
+ BIO_printf(bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
}
if (certsoutfile) {
- STACK_OF(X509) *allcerts;
+ STACK_OF(X509) * allcerts;
allcerts = CMS_get1_certs(cms);
if (!save_certs(certsoutfile, allcerts)) {
BIO_printf(bio_err,
sk_X509_pop_free(allcerts, X509_free);
}
}
-
if (rctfile) {
char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
if (!(rctin = BIO_new_file(rctfile, rctmode))) {
- BIO_printf (bio_err,
+ BIO_printf(bio_err,
"Can't open receipt file %s\n", rctfile);
goto end;
}
-
if (rctformat == FORMAT_SMIME)
rcms = SMIME_read_CMS(rctin, NULL);
else if (rctformat == FORMAT_PEM)
goto end;
}
}
-
if (outfile) {
if (!(out = BIO_new_file(outfile, outmode))) {
- BIO_printf (bio_err,
+ BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
if (vpm)
X509_STORE_set1_param(store, vpm);
}
-
-
ret = 3;
if (operation == SMIME_DATA_CREATE) {
goto end;
if (secret_key) {
if (!CMS_add0_recipient_key(cms, NID_undef,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen,
- NULL, NULL, NULL))
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
goto end;
/* NULL these because call absorbs them */
secret_key = NULL;
secret_keyid = NULL;
}
if (pwri_pass) {
- pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
+ pwri_tmp = (unsigned char *) BUF_strdup((char *) pwri_pass);
if (!pwri_tmp)
goto end;
if (!CMS_add0_recipient_password(cms,
- -1, NID_undef, NID_undef,
+ -1, NID_undef, NID_undef,
pwri_tmp, -1, NULL))
goto end;
pwri_tmp = NULL;
} else if (operation == SMIME_SIGN_RECEIPT) {
CMS_ContentInfo *srcms = NULL;
- STACK_OF(CMS_SignerInfo) *sis;
+ STACK_OF(CMS_SignerInfo) * sis;
CMS_SignerInfo *si;
sis = CMS_get0_SignerInfos(cms);
if (!sis)
cms = srcms;
} else if (operation & SMIME_SIGNERS) {
int i;
- /* If detached data content we enable streaming if
- * S/MIME output format.
+ /*
+ * If detached data content we enable streaming if S/MIME
+ * output format.
*/
if (operation == SMIME_SIGN) {
goto end;
}
}
-
if (!cms) {
BIO_printf(bio_err, "Error creating CMS structure\n");
goto end;
}
-
ret = 4;
if (operation == SMIME_DECRYPT) {
if (flags & CMS_DEBUG_DECRYPT)
if (secret_key) {
if (!CMS_decrypt_set1_key(cms,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen)) {
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen)) {
BIO_puts(bio_err,
"Error decrypting CMS using secret key\n");
goto end;
}
}
-
if (key) {
if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
BIO_puts(bio_err,
goto end;
}
}
-
if (pwri_pass) {
if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
BIO_puts(bio_err,
goto end;
}
}
-
if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
BIO_printf(bio_err, "Error decrypting CMS structure\n");
goto end;
}
} else if (operation == SMIME_ENCRYPTED_DECRYPT) {
if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
- indata, out, flags))
+ indata, out, flags))
goto end;
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0)
goto end;
}
if (signerfile) {
- STACK_OF(X509) *signers;
+ STACK_OF(X509) * signers;
signers = CMS_get0_signers(cms);
if (!save_certs(signerfile, signers)) {
BIO_printf(bio_err,
}
static int
-save_certs(char *signerfile, STACK_OF(X509) *signers)
+save_certs(char *signerfile, STACK_OF(X509) * signers)
{
int i;
BIO *tmp;
/* Minimal callback just to output policy info (if any) */
static int
-cms_cb(int ok, X509_STORE_CTX *ctx)
+cms_cb(int ok, X509_STORE_CTX * ctx)
{
int error;
}
static void
-gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+gnames_stack_print(BIO * out, STACK_OF(GENERAL_NAMES) * gns)
{
- STACK_OF(GENERAL_NAME) *gens;
+ STACK_OF(GENERAL_NAME) * gens;
GENERAL_NAME *gen;
int i, j;
for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
}
static void
-receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+receipt_request_print(BIO * out, CMS_ContentInfo * cms)
{
- STACK_OF(CMS_SignerInfo) *sis;
+ STACK_OF(CMS_SignerInfo) * sis;
CMS_SignerInfo *si;
CMS_ReceiptRequest *rr;
int allorfirst;
- STACK_OF(GENERAL_NAMES) *rto, *rlist;
+ STACK_OF(GENERAL_NAMES) * rto, *rlist;
ASN1_STRING *scid;
int i, rv;
sis = CMS_get0_SignerInfos(cms);
&rlist, &rto);
BIO_puts(out, " Signed Content ID:\n");
idlen = ASN1_STRING_length(scid);
- id = (char *)ASN1_STRING_data(scid);
+ id = (char *) ASN1_STRING_data(scid);
BIO_dump_indent(out, id, idlen, 4);
BIO_puts(out, " Receipts From");
if (rlist) {
}
static
-STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
+STACK_OF(GENERAL_NAMES) * make_names_stack(STACK_OF(OPENSSL_STRING) * ns)
{
int i;
- STACK_OF(GENERAL_NAMES) *ret;
+ STACK_OF(GENERAL_NAMES) * ret;
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gen = NULL;
ret = sk_GENERAL_NAMES_new_null();
static CMS_ReceiptRequest *
-make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from)
+make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst,
+ STACK_OF(OPENSSL_STRING) * rr_from)
{
- STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ STACK_OF(GENERAL_NAMES) * rct_to, *rct_from;
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (!rct_to)
BIO *out = NULL;
int informat, outformat;
char *infile = NULL, *outfile = NULL;
- int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0;
+ int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0,
+ text = 0;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (bio_out == NULL)
if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
- BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
- }
-
+ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
+ }
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
if (strcmp(*argv, "-p") == 0) {
if (--argc < 1)
goto bad;
- if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
+ if (!args_from_file(++argv, Nargc, Nargv)) {
+ goto end;
+ } */
}
#endif
if (strcmp(*argv, "-inform") == 0) {
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-hash") == 0)
- hash= ++num;
+ hash = ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv, "-hash_old") == 0)
- hash_old= ++num;
+ hash_old = ++num;
#endif
else if (strcmp(*argv, "-nameopt") == 0) {
if (--argc < 1)
if (!set_name_ex(&nmflag, *(++argv)))
goto bad;
} else if (strcmp(*argv, "-issuer") == 0)
- issuer= ++num;
+ issuer = ++num;
else if (strcmp(*argv, "-lastupdate") == 0)
- lastupdate= ++num;
+ lastupdate = ++num;
else if (strcmp(*argv, "-nextupdate") == 0)
- nextupdate= ++num;
+ nextupdate = ++num;
else if (strcmp(*argv, "-noout") == 0)
- noout= ++num;
+ noout = ++num;
else if (strcmp(*argv, "-fingerprint") == 0)
- fingerprint= ++num;
+ fingerprint = ++num;
else if (strcmp(*argv, "-crlnumber") == 0)
- crlnumber= ++num;
+ crlnumber = ++num;
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
digest = md_alg;
BIO_printf(bio_err, "%s", *pp);
goto end;
}
-
ERR_load_crypto_strings();
x = load_crl(infile, informat);
if (x == NULL) {
goto end;
}
-
if (do_ver) {
store = X509_STORE_new();
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
"Error initialising X509 store\n");
goto end;
}
-
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
if (i <= 0) {
else
BIO_printf(bio_err, "verify OK\n");
}
-
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
BIO_printf(bio_out, "%08lx\n",
- X509_NAME_hash_old(
- X509_CRL_get_issuer(x)));
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
}
BIO_printf(bio_out, "%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
- for (j = 0; j < (int)n; j++) {
+ for (j = 0; j < (int) n; j++) {
BIO_printf(bio_out, "%02X%c", md[j],
- (j + 1 == (int)n) ? '\n' : ':');
+ (j + 1 == (int) n) ? '\n' : ':');
}
}
}
}
-
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
-
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
ret = 0;
goto end;
}
-
if (outformat == FORMAT_ASN1)
- i = (int)i2d_X509_CRL_bio(out, x);
+ i = (int) i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_X509_CRL(out, x);
else {
X509_STORE_free(store);
}
apps_shutdown();
- return(ret);
+ return (ret);
}
static X509_CRL *
ERR_print_errors(bio_err);
goto end;
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
ERR_print_errors(bio_err);
goto end;
}
-
end:
BIO_free(in);
return (x);
#include <openssl/pem.h>
#include <openssl/objects.h>
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile);
#undef PROG
#define PROG crl2pkcs7_main
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl = NULL;
- STACK_OF(OPENSSL_STRING) *certflst = NULL;
- STACK_OF(X509_CRL) *crl_stack = NULL;
- STACK_OF(X509) *cert_stack = NULL;
+ STACK_OF(OPENSSL_STRING) * certflst = NULL;
+ STACK_OF(X509_CRL) * crl_stack = NULL;
+ STACK_OF(X509) * cert_stack = NULL;
int ret = 1, nocrl = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
infile = NULL;
outfile = NULL;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-nocrl") == 0) {
nocrl = 1;
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-certfile") == 0) {
if (--argc < 1)
goto bad;
- if (!certflst) certflst = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(certflst, *(++argv));
+ if (!certflst)
+ certflst = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(certflst, *(++argv));
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
ret = 1;
goto end;
}
-
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
ERR_print_errors(bio_err);
goto end;
}
-
if (!nocrl) {
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
goto end;
}
}
-
if ((p7 = PKCS7_new()) == NULL)
goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
p7s->crl = crl_stack;
if (crl != NULL) {
sk_X509_CRL_push(crl_stack, crl);
- crl=NULL; /* now part of p7 for freeing */
+ crl = NULL; /* now part of p7 for freeing */
}
-
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
- if (certflst) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
- certfile = sk_OPENSSL_STRING_value(certflst, i);
- if (add_certs_from_file(cert_stack, certfile) < 0) {
- BIO_printf(bio_err, "error loading certificates\n");
- ERR_print_errors(bio_err);
- goto end;
+ if (certflst)
+ for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+ certfile = sk_OPENSSL_STRING_value(certflst, i);
+ if (add_certs_from_file(cert_stack, certfile) < 0) {
+ BIO_printf(bio_err, "error loading certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
- }
sk_OPENSSL_STRING_free(certflst);
X509_CRL_free(crl);
apps_shutdown();
- return(ret);
+ return (ret);
}
/*
*----------------------------------------------------------------------
*/
static int
-add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+add_certs_from_file(STACK_OF(X509) * stack, char *certfile)
{
BIO *in = NULL;
int count = 0;
int ret = -1;
- STACK_OF(X509_INFO) *sk = NULL;
+ STACK_OF(X509_INFO) * sk = NULL;
X509_INFO *xi;
in = BIO_new(BIO_s_file());
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}
-
/* This loads from a file, a stack of x509/crl/pkey sets */
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
if (sk == NULL) {
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
goto end;
}
-
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) {
xi = sk_X509_INFO_shift(sk);
#define PROG dgst_main
int
-do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen,
+do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
+ EVP_PKEY * key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd);
+ const char *file, BIO * bmd);
static void
-list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg)
+list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg)
{
const char *mname;
/* Skip aliases */
char *hmac_key = NULL;
char *mac_name = NULL;
int non_fips_allow = 0;
- STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
+ STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
apps_startup();
- if ((buf = (unsigned char *)malloc(BUFSIZE)) == NULL) {
+ if ((buf = (unsigned char *) malloc(BUFSIZE)) == NULL) {
BIO_printf(bio_err, "out of memory\n");
goto end;
}
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
break;
- randfile=*(++argv);
+ randfile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
break;
- outfile=*(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-sign") == 0) {
if (--argc < 1)
break;
- keyfile=*(++argv);
+ keyfile = *(++argv);
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
break;
- passargin=*++argv;
+ passargin = *++argv;
} else if (strcmp(*argv, "-verify") == 0) {
if (--argc < 1)
break;
- keyfile=*(++argv);
+ keyfile = *(++argv);
want_pub = 1;
do_verify = 1;
} else if (strcmp(*argv, "-prverify") == 0) {
if (--argc < 1)
break;
- keyfile=*(++argv);
+ keyfile = *(++argv);
do_verify = 1;
} else if (strcmp(*argv, "-signature") == 0) {
if (--argc < 1)
break;
- sigfile=*(++argv);
+ sigfile = *(++argv);
} else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
break;
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
break;
- engine= *(++argv);
+ engine = *(++argv);
e = setup_engine(bio_err, engine, 0);
}
#endif
else if (!strcmp(*argv, "-hmac")) {
if (--argc < 1)
break;
- hmac_key=*++argv;
+ hmac_key = *++argv;
} else if (!strcmp(*argv, "-mac")) {
if (--argc < 1)
break;
- mac_name=*++argv;
+ mac_name = *++argv;
} else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
break;
BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
goto end;
}
-
- if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
- {
+ if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "-c to output the digest with separating colons\n");
EVP_MD_do_all_sorted(list_md_fn, bio_err);
goto end;
}
-
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
- BIO_set_callback_arg(in, (char *)bio_err);
+ BIO_set_callback_arg(in, (char *) bio_err);
}
-
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-
if ((in == NULL) || (bmd == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
-
if (out_bin == -1) {
if (keyfile)
out_bin = 1;
else
out_bin = 0;
}
-
if (randfile)
app_RAND_load_file(randfile, bio_err, 0);
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
}
-
if (keyfile) {
if (want_pub)
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
e, "key file");
if (!sigkey) {
- /* load_[pub]key() has already printed an appropriate
- message */
+ /*
+ * load_[pub]key() has already printed an appropriate
+ * message
+ */
goto end;
}
}
-
if (mac_name) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (r == 0)
goto end;
}
-
if (non_fips_allow) {
EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd, &md_ctx);
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
-
if (hmac_key) {
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
- (unsigned char *)hmac_key, -1);
+ (unsigned char *) hmac_key, -1);
if (!sigkey)
goto end;
}
-
if (sigkey) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_md(tctx);
}
-
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
}
if (r)
err = r;
- (void)BIO_reset(bmd);
+ (void) BIO_reset(bmd);
}
}
if (bmd != NULL)
BIO_free(bmd);
apps_shutdown();
- return(err);
+ return (err);
}
int
-do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen,
+do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout,
+ EVP_PKEY * key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd)
+ const char *file, BIO * bmd)
{
size_t len;
int i;
for (;;) {
- i = BIO_read(bp, (char *)buf, BUFSIZE);
+ i = BIO_read(bp, (char *) buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err);
if (sigin) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
- i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
+ i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int) siglen);
if (i > 0)
BIO_printf(out, "Verified OK\n");
else if (i == 0) {
return 1;
}
} else {
- len = BIO_gets(bp, (char *)buf, BUFSIZE);
- if ((int)len < 0) {
+ len = BIO_gets(bp, (char *) buf, BUFSIZE);
+ if ((int) len < 0) {
ERR_print_errors(bio_err);
return 1;
}
if (binout)
BIO_write(out, buf, len);
else if (sep == 2) {
- for (i = 0; i < (int)len; i++)
+ for (i = 0; i < (int) len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
} else {
BIO_printf(out, "%s(%s)= ", md_name, file);
else
BIO_printf(out, "(%s)= ", file);
- for (i = 0; i < (int)len; i++) {
+ for (i = 0; i < (int) len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]);
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#include <openssl/opensslconf.h>/* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
- }
- else if (strcmp(*argv, "-outform") == 0) {
+ } else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
- }
- else if (strcmp(*argv, "-in") == 0) {
+ } else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv, "-out") == 0) {
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-check") == 0)
#endif
goto end;
}
-
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
ERR_print_errors(bio_err);
goto end;
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
ERR_print_errors(bio_err);
goto end;
}
-
if (text) {
DHparams_print(out, dh);
#ifdef undef
printf("recommended private length=%ld\n", dh->length);
#endif
}
-
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
-
if (C) {
unsigned char *data;
int len, l, bits;
len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p);
- data = (unsigned char *)malloc(len);
+ data = (unsigned char *) malloc(len);
if (data == NULL) {
perror("malloc");
goto end;
printf("\treturn(dh);\n\t}\n");
free(data);
}
-
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
if (dh != NULL)
DH_free(dh);
apps_shutdown();
- return(ret);
+ return (ret);
}
-#else /* !OPENSSL_NO_DH */
+#else /* !OPENSSL_NO_DH */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
*
*/
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#include <openssl/opensslconf.h>/* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
* -C
*/
-static int dh_cb(int p, int n, BN_GENCB *cb);
+static int dh_cb(int p, int n, BN_GENCB * cb);
int MAIN(int, char **);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-check") == 0)
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
- inrand= *(++argv);
- }
- else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
+ inrand = *(++argv);
+ } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
goto bad;
argv++;
argc--;
BIO_printf(bio_err, " -noout no output\n");
goto end;
}
-
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
if (!dsa || !DSA_generate_parameters_ex(dsa, num,
- NULL, 0, NULL, NULL, &cb)) {
+ NULL, 0, NULL, NULL, &cb)) {
if (dsa)
DSA_free(dsa);
ERR_print_errors(bio_err);
goto end;
}
-
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
-
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
- else /* informat == FORMAT_PEM */
+ else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (dsa == NULL) {
ERR_print_errors(bio_err);
goto end;
}
-
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
{
if (informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
- else /* informat == FORMAT_PEM */
+ else /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
if (dh == NULL) {
if (text) {
DHparams_print(out, dh);
}
-
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p);
- data = (unsigned char *)malloc(len);
+ data = (unsigned char *) malloc(len);
if (data == NULL) {
perror("malloc");
goto end;
printf("\treturn(dh);\n\t}\n");
free(data);
}
-
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
- else {
+ else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (dh != NULL)
DH_free(dh);
apps_shutdown();
- return(ret);
+ return (ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static int
-dh_cb(int p, int n, BN_GENCB *cb)
+dh_cb(int p, int n, BN_GENCB * cb)
{
char c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1);
- (void)BIO_flush(cb->arg);
+ (void) BIO_flush(cb->arg);
#ifdef LINT
p = n;
#endif
return 1;
}
-#else /* !OPENSSL_NO_DH */
+#else /* !OPENSSL_NO_DH */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <stdlib.h>
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv, "-out") == 0) {
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
- passargin= *(++argv);
+ passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
- passargout= *(++argv);
+ passargout = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-pvk-strong") == 0)
BIO_printf(bio_err, " -modulus print the DSA public value\n");
goto end;
}
-
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
-
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
BIO_printf(bio_err, "read DSA key\n");
{
- EVP_PKEY *pkey;
+ EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
ERR_print_errors(bio_err);
goto end;
}
-
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
goto end;
}
}
-
if (modulus) {
fprintf(stdout, "Public Key=");
BN_print(out, dsa->pub_key);
fprintf(stdout, "\n");
}
-
if (noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n");
if (passout)
free(passout);
apps_shutdown();
- return(ret);
+ return (ret);
}
-#else /* !OPENSSL_NO_DSA */
+#else /* !OPENSSL_NO_DSA */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#endif
-static int dsa_cb(int p, int n, BN_GENCB *cb);
+static int dsa_cb(int p, int n, BN_GENCB * cb);
int MAIN(int, char **);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
- inrand= *(++argv);
+ inrand = *(++argv);
need_rand = 1;
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
BIO_printf(bio_err, " number number of bits to use for generating private key\n");
goto end;
}
-
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
ERR_print_errors(bio_err);
goto end;
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
-
if (numbits > 0) {
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err);
ERR_print_errors(bio_err);
goto end;
}
-
if (text) {
DSAparams_print(out, dsa);
}
-
if (C) {
unsigned char *data;
int l, len, bits_p;
len = BN_num_bytes(dsa->p);
bits_p = BN_num_bits(dsa->p);
- data = (unsigned char *)malloc(len + 20);
+ data = (unsigned char *) malloc(len + 20);
if (data == NULL) {
perror("malloc");
goto end;
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
}
-
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
if (dsa != NULL)
DSA_free(dsa);
apps_shutdown();
- return(ret);
+ return (ret);
}
static int
-dsa_cb(int p, int n, BN_GENCB *cb)
+dsa_cb(int p, int n, BN_GENCB * cb)
{
char c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1);
- (void)BIO_flush(cb->arg);
+ (void) BIO_flush(cb->arg);
#ifdef LINT
p = n;
#endif
#endif
return 1;
}
-#else /* !OPENSSL_NO_DSA */
+#else /* !OPENSSL_NO_DSA */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
int
MAIN(int argc, char **argv)
{
- int ret = 1;
- EC_KEY *eckey = NULL;
+ int ret = 1;
+ EC_KEY *eckey = NULL;
const EC_GROUP *group;
- int i, badops = 0;
+ int i, badops = 0;
const EVP_CIPHER *enc = NULL;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, text = 0, noout = 0;
- int pubin = 0, pubout = 0, param_out = 0;
- char *infile, *outfile, *prog, *engine;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, text = 0, noout = 0;
+ int pubin = 0, pubout = 0, param_out = 0;
+ char *infile, *outfile, *prog, *engine;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
- infile= *(++argv);
+ infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
- passargin= *(++argv);
+ passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
- passargout= *(++argv);
+ passargout = *(++argv);
} else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-text") == 0)
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device.\n");
BIO_printf(bio_err, " -des encrypt PEM output, "
- "instead of 'des' every other \n"
- " cipher "
+ "instead of 'des' every other \n"
+ " cipher "
"supported by OpenSSL can be used\n");
BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -noout don't print key out\n");
"explicit\n");
goto end;
}
-
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
-
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
-
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
ERR_print_errors(bio_err);
goto end;
}
-
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
ERR_print_errors(bio_err);
goto end;
}
-
if (noout) {
ret = 0;
goto end;
}
-
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out)
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
- NULL, 0, NULL, passout);
+ NULL, 0, NULL, passout);
} else {
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
if (passout)
free(passout);
apps_shutdown();
- return(ret);
+ return (ret);
}
-#else /* !OPENSSL_NO_EC */
+#else /* !OPENSSL_NO_EC */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
- * The elliptic curve binary polynomial software is originally written by
+ * The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
* -C - print a 'C' function creating the parameters
* -name arg - use the ec parameters with 'short name' name
* -list_curves - prints a list of all currently available curve 'short names'
- * -conv_form arg - specifies the point conversion form
+ * -conv_form arg - specifies the point conversion form
* - possible values: compressed
* uncompressed (default)
* hybrid
*/
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
+static int ecparam_print_var(BIO *, BIGNUM *, const char *, int, unsigned char *);
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
EC_GROUP *group = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
- char *curve_name = NULL, *inrand = NULL;
- int list_curves = 0, no_seed = 0, check = 0,
- badops = 0, text = 0, i, need_rand = 0, genkey = 0;
- char *infile = NULL, *outfile = NULL, *prog;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, noout = 0, C = 0, ret = 1;
- char *engine = NULL;
-
- BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
- *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+ point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
+ char *curve_name = NULL, *inrand = NULL;
+ int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0,
+ i, need_rand = 0, genkey = 0;
+ char *infile = NULL, *outfile = NULL, *prog;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, noout = 0, C = 0, ret = 1;
+ char *engine = NULL;
+
+ BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, *ec_gen = NULL,
+ *ec_order = NULL, *ec_cofactor = NULL;
unsigned char *buffer = NULL;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
- prog=argv[0];
+ prog = argv[0];
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-text") == 0)
text = 1;
- else if (strcmp(*argv,"-C") == 0)
+ else if (strcmp(*argv, "-C") == 0)
C = 1;
- else if (strcmp(*argv,"-check") == 0)
+ else if (strcmp(*argv, "-check") == 0)
check = 1;
- else if (strcmp (*argv, "-name") == 0)
- {
+ else if (strcmp(*argv, "-name") == 0) {
if (--argc < 1)
goto bad;
curve_name = *(++argv);
- }
- else if (strcmp(*argv, "-list_curves") == 0)
+ } else if (strcmp(*argv, "-list_curves") == 0)
list_curves = 1;
- else if (strcmp(*argv, "-conv_form") == 0)
- {
+ else if (strcmp(*argv, "-conv_form") == 0) {
if (--argc < 1)
goto bad;
++argv;
form = POINT_CONVERSION_HYBRID;
else
goto bad;
- }
- else if (strcmp(*argv, "-param_enc") == 0)
- {
+ } else if (strcmp(*argv, "-param_enc") == 0) {
if (--argc < 1)
goto bad;
++argv;
asn1_flag = 0;
else
goto bad;
- }
- else if (strcmp(*argv, "-no_seed") == 0)
+ } else if (strcmp(*argv, "-no_seed") == 0)
no_seed = 1;
else if (strcmp(*argv, "-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-genkey") == 0)
- {
- genkey=1;
- need_rand=1;
- }
- else if (strcmp(*argv, "-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- need_rand=1;
- }
- else if(strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
+ noout = 1;
+ else if (strcmp(*argv, "-genkey") == 0) {
+ genkey = 1;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ need_rand = 1;
+ } else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
engine = *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
- "default PEM (DER or PEM)\n");
+ "default PEM (DER or PEM)\n");
BIO_printf(bio_err, " -outform arg output format - "
- "default PEM\n");
+ "default PEM\n");
BIO_printf(bio_err, " -in arg input file - "
- "default stdin\n");
+ "default stdin\n");
BIO_printf(bio_err, " -out arg output file - "
- "default stdout\n");
+ "default stdout\n");
BIO_printf(bio_err, " -noout do not print the "
- "ec parameter\n");
+ "ec parameter\n");
BIO_printf(bio_err, " -text print the ec "
- "parameters in text form\n");
+ "parameters in text form\n");
BIO_printf(bio_err, " -check validate the ec "
- "parameters\n");
+ "parameters\n");
BIO_printf(bio_err, " -C print a 'C' "
- "function creating the parameters\n");
+ "function creating the parameters\n");
BIO_printf(bio_err, " -name arg use the "
- "ec parameters with 'short name' name\n");
+ "ec parameters with 'short name' name\n");
BIO_printf(bio_err, " -list_curves prints a list of "
- "all currently available curve 'short names'\n");
+ "all currently available curve 'short names'\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
- "point conversion form \n");
+ "point conversion form \n");
BIO_printf(bio_err, " possible values:"
- " compressed\n");
+ " compressed\n");
BIO_printf(bio_err, " "
- " uncompressed (default)\n");
+ " uncompressed (default)\n");
BIO_printf(bio_err, " "
- " hybrid\n");
+ " hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
- " the ec parameters are encoded\n");
+ " the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
- "encoding\n");
+ "encoding\n");
BIO_printf(bio_err, " possible values:"
- " named_curve (default)\n");
+ " named_curve (default)\n");
BIO_printf(bio_err, " "
- " explicit\n");
+ " explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are chosen do not"
- " use the seed\n");
+ " parameters are chosen do not"
+ " use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
- " key\n");
+ " key\n");
BIO_printf(bio_err, " -rand file files to use for"
- " random number input\n");
+ " random number input\n");
BIO_printf(bio_err, " -engine e use engine e, "
- "possibly a hardware device\n");
+ "possibly a hardware device\n");
goto end;
- }
-
+ }
ERR_load_crypto_strings();
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
}
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
- }
}
+ }
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
- if (list_curves)
- {
+ if (list_curves) {
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
size_t n = 0;
crv_len = EC_get_builtin_curves(NULL, 0);
- curves = malloc((int)(sizeof(EC_builtin_curve) * crv_len));
+ curves = malloc((int) (sizeof(EC_builtin_curve) * crv_len));
if (curves == NULL)
goto end;
- if (!EC_get_builtin_curves(curves, crv_len))
- {
+ if (!EC_get_builtin_curves(curves, crv_len)) {
free(curves);
goto end;
- }
-
-
- for (n = 0; n < crv_len; n++)
- {
+ }
+ for (n = 0; n < crv_len; n++) {
const char *comment;
const char *sname;
comment = curves[n].comment;
- sname = OBJ_nid2sn(curves[n].nid);
+ sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
- }
+ }
free(curves);
ret = 0;
goto end;
- }
-
- if (curve_name != NULL)
- {
+ }
+ if (curve_name != NULL) {
int nid;
- /* workaround for the SECG curve names secp192r1
- * and secp256r1 (which are the same as the curves
- * prime192v1 and prime256v1 defined in X9.62)
+ /*
+ * workaround for the SECG curve names secp192r1 and
+ * secp256r1 (which are the same as the curves prime192v1 and
+ * prime256v1 defined in X9.62)
*/
- if (!strcmp(curve_name, "secp192r1"))
- {
+ if (!strcmp(curve_name, "secp192r1")) {
BIO_printf(bio_err, "using curve name prime192v1 "
- "instead of secp192r1\n");
+ "instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
- }
- else if (!strcmp(curve_name, "secp256r1"))
- {
+ } else if (!strcmp(curve_name, "secp256r1")) {
BIO_printf(bio_err, "using curve name prime256v1 "
- "instead of secp256r1\n");
+ "instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
- }
- else
+ } else
nid = OBJ_sn2nid(curve_name);
-
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- curve_name);
- goto end;
- }
+ if (nid == 0) {
+ BIO_printf(bio_err, "unknown curve name (%s)\n",
+ curve_name);
+ goto end;
+ }
group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- curve_name);
+ if (group == NULL) {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ curve_name);
goto end;
- }
+ }
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
- }
- else if (informat == FORMAT_ASN1)
- {
+ } else if (informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
- }
- else if (informat == FORMAT_PEM)
- {
- group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
- }
- else
- {
+ } else if (informat == FORMAT_PEM) {
+ group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+ } else {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
- }
+ }
- if (group == NULL)
- {
- BIO_printf(bio_err,
- "unable to load elliptic curve parameters\n");
+ if (group == NULL) {
+ BIO_printf(bio_err,
+ "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
- if (no_seed)
- {
+ if (no_seed) {
EC_GROUP_set_seed(group, NULL, 0);
- }
-
- if (text)
- {
+ }
+ if (text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
- }
-
- if (check)
- {
+ }
+ if (check) {
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
- if (!EC_GROUP_check(group, NULL))
- {
+ if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
- }
- else
+ } else
BIO_printf(bio_err, "ok\n");
-
- }
- if (C)
- {
- size_t buf_len = 0, tmp_len = 0;
+ }
+ if (C) {
+ size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
- int is_prime, len = 0;
+ int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
- (ec_order = BN_new()) == NULL ||
- (ec_cofactor = BN_new()) == NULL )
- {
+ (ec_order = BN_new()) == NULL ||
+ (ec_cofactor = BN_new()) == NULL) {
perror("malloc");
goto end;
- }
-
- is_prime = (EC_METHOD_get_field_type(meth) ==
- NID_X9_62_prime_field);
+ }
+ is_prime = (EC_METHOD_get_field_type(meth) ==
+ NID_X9_62_prime_field);
- if (is_prime)
- {
+ if (is_prime) {
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end;
- }
- else
- {
+ } else {
/* TODO */
goto end;
- }
+ }
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
- if (!EC_POINT_point2bn(group, point,
- EC_GROUP_get_point_conversion_form(group), ec_gen,
+ if (!EC_POINT_point2bn(group, point,
+ EC_GROUP_get_point_conversion_form(group), ec_gen,
NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
- if (!ec_p || !ec_a || !ec_b || !ec_gen ||
- !ec_order || !ec_cofactor)
+ if (!ec_p || !ec_a || !ec_b || !ec_gen ||
+ !ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
- if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+ if ((tmp_len = (size_t) BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
- buffer = (unsigned char *)malloc(buf_len);
+ buffer = (unsigned char *) malloc(buf_len);
- if (buffer == NULL)
- {
+ if (buffer == NULL) {
perror("malloc");
goto end;
- }
-
+ }
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
- ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
- buffer);
+ ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
+ buffer);
BIO_printf(out, "\n\n");
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
- "*tmp_3 = NULL;\n\n");
+ "*tmp_3 = NULL;\n\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
- "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
+ "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
- "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
+ "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
- "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- if (is_prime)
- {
+ "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ if (is_prime) {
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
- "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
- "\n\t\tgoto err;\n\n");
- }
- else
- {
+ "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
+ "\n\t\tgoto err;\n\n");
+ } else {
/* TODO */
goto end;
- }
+ }
BIO_printf(out, "\t/* build generator */\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
- "sizeof(ec_gen_%d), tmp_1)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
+ "sizeof(ec_gen_%d), tmp_1)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
- "NULL, NULL);\n");
+ "NULL, NULL);\n");
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
- "sizeof(ec_order_%d), tmp_2)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
+ "sizeof(ec_order_%d), tmp_2)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
- "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
+ "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
- " tmp_2, tmp_3))\n\t\tgoto err;\n");
+ " tmp_2, tmp_3))\n\t\tgoto err;\n");
BIO_printf(out, "\n\tok=1;\n");
BIO_printf(out, "err:\n");
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
}
-
- if (!noout)
- {
+ if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group);
- else
- {
- BIO_printf(bio_err,"bad output format specified for"
- " outfile\n");
+ else {
+ BIO_printf(bio_err, "bad output format specified for"
+ " outfile\n");
goto end;
- }
- if (!i)
- {
+ }
+ if (!i) {
BIO_printf(bio_err, "unable to write elliptic "
- "curve parameters\n");
+ "curve parameters\n");
ERR_print_errors(bio_err);
goto end;
- }
}
-
- if (need_rand)
- {
+ }
+ if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- if (genkey)
- {
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+ if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
-
- if (!EC_KEY_generate_key(eckey))
- {
+
+ if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey);
goto end;
- }
+ }
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
- NULL, 0, NULL, NULL);
- else
- {
+ NULL, 0, NULL, NULL);
+ else {
BIO_printf(bio_err, "bad output format specified "
- "for outfile\n");
+ "for outfile\n");
EC_KEY_free(eckey);
goto end;
- }
- EC_KEY_free(eckey);
}
-
+ EC_KEY_free(eckey);
+ }
if (need_rand)
app_RAND_write_file(NULL, bio_err);
- ret=0;
+ ret = 0;
end:
if (ec_p)
BN_free(ec_p);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
- return(ret);
+ return (ret);
}
-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
- int len, unsigned char *buffer)
- {
+static int
+ecparam_print_var(BIO * out, BIGNUM * in, const char *var,
+ int len, unsigned char *buffer)
+{
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00");
- else
- {
+ else {
int i, l;
l = BN_bn2bin(in, buffer);
- for (i=0; i<l-1; i++)
- {
- if ((i%12) == 0)
+ for (i = 0; i < l - 1; i++) {
+ if ((i % 12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X,", buffer[i]);
- }
- if ((i%12) == 0)
+ }
+ if ((i % 12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X", buffer[i]);
- }
+ }
BIO_printf(out, "\n\t};\n\n");
return 1;
- }
-#else /* !OPENSSL_NO_EC */
+}
+#else /* !OPENSSL_NO_EC */
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+#if PEDANTIC
+static void *dummy = &dummy;
+#endif
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include <openssl/comp.h>
#include <ctype.h>
-int set_hex(char *in,unsigned char *out,int size);
+int set_hex(char *in, unsigned char *out, int size);
#undef SIZE
#undef BSIZE
#undef PROG
#define BSIZE (8*1024)
#define PROG enc_main
-static void show_ciphers(const OBJ_NAME *name,void *bio_)
- {
- BIO *bio=bio_;
+static void
+show_ciphers(const OBJ_NAME * name, void *bio_)
+{
+ BIO *bio = bio_;
static int n;
- if(!islower((unsigned char)*name->name))
+ if (!islower((unsigned char) *name->name))
return;
- BIO_printf(bio,"-%-25s",name->name);
- if(++n == 3)
- {
- BIO_printf(bio,"\n");
- n=0;
- }
- else
- BIO_printf(bio," ");
- }
+ BIO_printf(bio, "-%-25s", name->name);
+ if (++n == 3) {
+ BIO_printf(bio, "\n");
+ n = 0;
+ } else
+ BIO_printf(bio, " ");
+}
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- static const char magic[]="Salted__";
- char mbuf[sizeof magic-1];
- char *strbuf=NULL;
- unsigned char *buff=NULL,*bufsize=NULL;
- int bsize=BSIZE,verbose=0;
- int ret=1,inl;
+int
+MAIN(int argc, char **argv)
+{
+ static const char magic[] = "Salted__";
+ char mbuf[sizeof magic - 1];
+ char *strbuf = NULL;
+ unsigned char *buff = NULL, *bufsize = NULL;
+ int bsize = BSIZE, verbose = 0;
+ int ret = 1, inl;
int nopad = 0;
- unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
- char *str=NULL, *passarg = NULL, *pass = NULL;
- char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
- char *md=NULL;
- int enc=1,printkey=0,i,base64=0;
+ char *str = NULL, *passarg = NULL, *pass = NULL;
+ char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
+ char *md = NULL;
+ int enc = 1, printkey = 0, i, base64 = 0;
#ifdef ZLIB
- int do_zlib=0;
+ int do_zlib = 0;
BIO *bzl = NULL;
#endif
- int debug=0,olb64=0,nosalt=0;
- const EVP_CIPHER *cipher=NULL,*c;
+ int debug = 0, olb64 = 0, nosalt = 0;
+ const EVP_CIPHER *cipher = NULL, *c;
EVP_CIPHER_CTX *ctx = NULL;
- char *inf=NULL,*outf=NULL;
- BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+ char *inf = NULL, *outf = NULL;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL,
+ *wbio = NULL;
#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
+ char pname[PROG_NAME_SIZE + 1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
- const EVP_MD *dgst=NULL;
+ const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
- program_name(argv[0],pname,sizeof pname);
- if (strcmp(pname,"base64") == 0)
- base64=1;
+ program_name(argv[0], pname, sizeof pname);
+ if (strcmp(pname, "base64") == 0)
+ base64 = 1;
#ifdef ZLIB
- if (strcmp(pname,"zlib") == 0)
- do_zlib=1;
+ if (strcmp(pname, "zlib") == 0)
+ do_zlib = 1;
#endif
- cipher=EVP_get_cipherbyname(pname);
+ cipher = EVP_get_cipherbyname(pname);
#ifdef ZLIB
if (!do_zlib && !base64 && (cipher == NULL)
- && (strcmp(pname,"enc") != 0))
+ && (strcmp(pname, "enc") != 0))
#else
- if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+ if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
#endif
- {
- BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
+ {
+ BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
goto bad;
- }
-
+ }
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-e") == 0)
- enc=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- inf= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outf= *(++argv);
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg= *(++argv);
- }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-e") == 0)
+ enc = 1;
+ else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inf = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outf = *(++argv);
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passarg = *(++argv);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-d") == 0)
- enc=0;
- else if (strcmp(*argv,"-p") == 0)
- printkey=1;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-nopad") == 0)
- nopad=1;
- else if (strcmp(*argv,"-salt") == 0)
- nosalt=0;
- else if (strcmp(*argv,"-nosalt") == 0)
- nosalt=1;
- else if (strcmp(*argv,"-debug") == 0)
- debug=1;
- else if (strcmp(*argv,"-P") == 0)
- printkey=2;
- else if (strcmp(*argv,"-A") == 0)
- olb64=1;
- else if (strcmp(*argv,"-a") == 0)
- base64=1;
- else if (strcmp(*argv,"-base64") == 0)
- base64=1;
+ else if (strcmp(*argv, "-d") == 0)
+ enc = 0;
+ else if (strcmp(*argv, "-p") == 0)
+ printkey = 1;
+ else if (strcmp(*argv, "-v") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-nopad") == 0)
+ nopad = 1;
+ else if (strcmp(*argv, "-salt") == 0)
+ nosalt = 0;
+ else if (strcmp(*argv, "-nosalt") == 0)
+ nosalt = 1;
+ else if (strcmp(*argv, "-debug") == 0)
+ debug = 1;
+ else if (strcmp(*argv, "-P") == 0)
+ printkey = 2;
+ else if (strcmp(*argv, "-A") == 0)
+ olb64 = 1;
+ else if (strcmp(*argv, "-a") == 0)
+ base64 = 1;
+ else if (strcmp(*argv, "-base64") == 0)
+ base64 = 1;
#ifdef ZLIB
- else if (strcmp(*argv,"-z") == 0)
- do_zlib=1;
+ else if (strcmp(*argv, "-z") == 0)
+ do_zlib = 1;
#endif
- else if (strcmp(*argv,"-bufsize") == 0)
- {
- if (--argc < 1) goto bad;
- bufsize=(unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-k") == 0)
- {
- if (--argc < 1) goto bad;
- str= *(++argv);
- }
- else if (strcmp(*argv,"-kfile") == 0)
- {
+ else if (strcmp(*argv, "-bufsize") == 0) {
+ if (--argc < 1)
+ goto bad;
+ bufsize = (unsigned char *) *(++argv);
+ } else if (strcmp(*argv, "-k") == 0) {
+ if (--argc < 1)
+ goto bad;
+ str = *(++argv);
+ } else if (strcmp(*argv, "-kfile") == 0) {
static char buf[128];
FILE *infile;
char *file;
- if (--argc < 1) goto bad;
- file= *(++argv);
- infile=fopen(file,"r");
- if (infile == NULL)
- {
- BIO_printf(bio_err,"unable to read key from '%s'\n",
- file);
+ if (--argc < 1)
goto bad;
- }
- buf[0]='\0';
- if (!fgets(buf,sizeof buf,infile))
- {
- BIO_printf(bio_err,"unable to read key from '%s'\n",
- file);
+ file = *(++argv);
+ infile = fopen(file, "r");
+ if (infile == NULL) {
+ BIO_printf(bio_err, "unable to read key from '%s'\n",
+ file);
goto bad;
- }
+ }
+ buf[0] = '\0';
+ if (!fgets(buf, sizeof buf, infile)) {
+ BIO_printf(bio_err, "unable to read key from '%s'\n",
+ file);
+ goto bad;
+ }
fclose(infile);
- i=strlen(buf);
+ i = strlen(buf);
if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
+ ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+ buf[--i] = '\0';
if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
- if (i < 1)
- {
- BIO_printf(bio_err,"zero length password\n");
+ ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+ buf[--i] = '\0';
+ if (i < 1) {
+ BIO_printf(bio_err, "zero length password\n");
goto bad;
- }
- str=buf;
- }
- else if (strcmp(*argv,"-K") == 0)
- {
- if (--argc < 1) goto bad;
- hkey= *(++argv);
- }
- else if (strcmp(*argv,"-S") == 0)
- {
- if (--argc < 1) goto bad;
- hsalt= *(++argv);
}
- else if (strcmp(*argv,"-iv") == 0)
- {
- if (--argc < 1) goto bad;
- hiv= *(++argv);
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if (strcmp(*argv,"-non-fips-allow") == 0)
+ str = buf;
+ } else if (strcmp(*argv, "-K") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hkey = *(++argv);
+ } else if (strcmp(*argv, "-S") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hsalt = *(++argv);
+ } else if (strcmp(*argv, "-iv") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hiv = *(++argv);
+ } else if (strcmp(*argv, "-md") == 0) {
+ if (--argc < 1)
+ goto bad;
+ md = *(++argv);
+ } else if (strcmp(*argv, "-non-fips-allow") == 0)
non_fips_allow = 1;
- else if ((argv[0][0] == '-') &&
- ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
- {
- cipher=c;
- }
- else if (strcmp(*argv,"-none") == 0)
- cipher=NULL;
- else
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output file\n","-out <file>");
- BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
- BIO_printf(bio_err,"%-14s encrypt\n","-e");
- BIO_printf(bio_err,"%-14s decrypt\n","-d");
- BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
- BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
- BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
- BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
- BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
- BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
- BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
- BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
- BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
+ else if ((argv[0][0] == '-') &&
+ ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+ cipher = c;
+ } else if (strcmp(*argv, "-none") == 0)
+ cipher = NULL;
+ else {
+ BIO_printf(bio_err, "unknown option '%s'\n", *argv);
+ bad:
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
+ BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
+ BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
+ BIO_printf(bio_err, "%-14s encrypt\n", "-e");
+ BIO_printf(bio_err, "%-14s decrypt\n", "-d");
+ BIO_printf(bio_err, "%-14s base64 encode/decode, depending on encryption flag\n", "-a/-base64");
+ BIO_printf(bio_err, "%-14s passphrase is the next argument\n", "-k");
+ BIO_printf(bio_err, "%-14s passphrase is the first line of the file argument\n", "-kfile");
+ BIO_printf(bio_err, "%-14s the next argument is the md to use to create a key\n", "-md");
+ BIO_printf(bio_err, "%-14s from a passphrase. One of md2, md5, sha or sha1\n", "");
+ BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", "-S");
+ BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n", "-K/-iv");
+ BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n", "-[pP]");
+ BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
+ BIO_printf(bio_err, "%-14s disable standard block padding\n", "-nopad");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
+ BIO_printf(bio_err, "%-14s use engine e, possibly a hardware device.\n", "-engine e");
#endif
- BIO_printf(bio_err,"Cipher Types\n");
+ BIO_printf(bio_err, "Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- show_ciphers,
- bio_err);
- BIO_printf(bio_err,"\n");
+ show_ciphers,
+ bio_err);
+ BIO_printf(bio_err, "\n");
goto end;
- }
+ }
argc--;
argv++;
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
+ setup_engine(bio_err, engine, 0);
#endif
- if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+ BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
goto end;
- }
-
- if (dgst == NULL)
- {
+ }
+ if (dgst == NULL) {
dgst = EVP_md5();
- }
-
- if (bufsize != NULL)
- {
+ }
+ if (bufsize != NULL) {
unsigned long n;
- for (n=0; *bufsize; bufsize++)
- {
- i= *bufsize;
+ for (n = 0; *bufsize; bufsize++) {
+ i = *bufsize;
if ((i <= '9') && (i >= '0'))
- n=n*10+i-'0';
- else if (i == 'k')
- {
- n*=1024;
+ n = n * 10 + i - '0';
+ else if (i == 'k') {
+ n *= 1024;
bufsize++;
break;
- }
}
- if (*bufsize != '\0')
- {
- BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+ }
+ if (*bufsize != '\0') {
+ BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
- }
-
- /* It must be large enough for a base64 encoded line */
- if (base64 && n < 80) n=80;
-
- bsize=(int)n;
- if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
+ /* It must be large enough for a base64 encoded line */
+ if (base64 && n < 80)
+ n = 80;
- strbuf=malloc(SIZE);
- buff=(unsigned char *)malloc(EVP_ENCODE_LENGTH(bsize));
- if ((buff == NULL) || (strbuf == NULL))
- {
- BIO_printf(bio_err,"malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+ bsize = (int) n;
+ if (verbose)
+ BIO_printf(bio_err, "bufsize=%d\n", bsize);
+ }
+ strbuf = malloc(SIZE);
+ buff = (unsigned char *) malloc(EVP_ENCODE_LENGTH(bsize));
+ if ((buff == NULL) || (strbuf == NULL)) {
+ BIO_printf(bio_err, "malloc failure %ld\n", (long) EVP_ENCODE_LENGTH(bsize));
goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
+ }
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
- }
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- BIO_set_callback(out,BIO_debug_callback);
- BIO_set_callback_arg(in,(char *)bio_err);
- BIO_set_callback_arg(out,(char *)bio_err);
- }
-
- if (inf == NULL)
- {
+ }
+ if (debug) {
+ BIO_set_callback(in, BIO_debug_callback);
+ BIO_set_callback(out, BIO_debug_callback);
+ BIO_set_callback_arg(in, (char *) bio_err);
+ BIO_set_callback_arg(out, (char *) bio_err);
+ }
+ if (inf == NULL) {
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
- setvbuf(stdin, (char *)NULL, _IONBF, 0);
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(in,inf) <= 0)
- {
+ setvbuf(stdin, (char *) NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ } else {
+ if (BIO_read_filename(in, inf) <= 0) {
perror(inf);
goto end;
- }
}
+ }
- if(!str && passarg) {
- if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+ if (!str && passarg) {
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
-
- if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
- {
- for (;;)
- {
+ if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+ for (;;) {
char buf[200];
- (void) snprintf(buf,sizeof buf,"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
- (enc)?"encryption":"decryption");
- strbuf[0]='\0';
- i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
- if (i == 0)
- {
- if (strbuf[0] == '\0')
- {
- ret=1;
+ (void) snprintf(buf, sizeof buf, "enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc) ? "encryption" : "decryption");
+ strbuf[0] = '\0';
+ i = EVP_read_pw_string((char *) strbuf, SIZE, buf, enc);
+ if (i == 0) {
+ if (strbuf[0] == '\0') {
+ ret = 1;
goto end;
- }
- str=strbuf;
- break;
}
- if (i < 0)
- {
- BIO_printf(bio_err,"bad password read\n");
+ str = strbuf;
+ break;
+ }
+ if (i < 0) {
+ BIO_printf(bio_err, "bad password read\n");
goto end;
- }
}
}
-
-
- if (outf == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ }
+ if (outf == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
- setvbuf(stdout, (char *)NULL, _IONBF, 0);
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
- }
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
+ setvbuf(stdout, (char *) NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
+ } else {
+ if (BIO_write_filename(out, outf) <= 0) {
perror(outf);
goto end;
- }
}
+ }
- rbio=in;
- wbio=out;
+ rbio = in;
+ wbio = out;
#ifdef ZLIB
- if (do_zlib)
- {
- if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
+ if (do_zlib) {
+ if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (enc)
- wbio=BIO_push(bzl,wbio);
+ wbio = BIO_push(bzl, wbio);
else
- rbio=BIO_push(bzl,rbio);
- }
+ rbio = BIO_push(bzl, rbio);
+ }
#endif
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ if (base64) {
+ if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,(char *)bio_err);
- }
+ if (debug) {
+ BIO_set_callback(b64, BIO_debug_callback);
+ BIO_set_callback_arg(b64, (char *) bio_err);
+ }
if (olb64)
- BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
if (enc)
- wbio=BIO_push(b64,wbio);
+ wbio = BIO_push(b64, wbio);
else
- rbio=BIO_push(b64,rbio);
- }
-
- if (cipher != NULL)
- {
- /* Note that str is NULL if a key was passed on the command
+ rbio = BIO_push(b64, rbio);
+ }
+ if (cipher != NULL) {
+ /*
+ * Note that str is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
- if (str != NULL)
- {
- /* Salt handling: if encrypting generate a salt and
+ if (str != NULL) {
+ /*
+ * Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
- if(nosalt) sptr = NULL;
+ if (nosalt)
+ sptr = NULL;
else {
- if(enc) {
- if(hsalt) {
- if(!set_hex(hsalt,salt,sizeof salt)) {
+ if (enc) {
+ if (hsalt) {
+ if (!set_hex(hsalt, salt, sizeof salt)) {
BIO_printf(bio_err,
- "invalid hex salt value\n");
+ "invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
- /* If -P option then don't bother writing */
- if((printkey != 2)
- && (BIO_write(wbio,magic,
- sizeof magic-1) != sizeof magic-1
- || BIO_write(wbio,
- (char *)salt,
- sizeof salt) != sizeof salt)) {
- BIO_printf(bio_err,"error writing output file\n");
+ /*
+ * If -P option then don't bother
+ * writing
+ */
+ if ((printkey != 2)
+ && (BIO_write(wbio, magic,
+ sizeof magic - 1) != sizeof magic - 1
+ || BIO_write(wbio,
+ (char *) salt,
+ sizeof salt) != sizeof salt)) {
+ BIO_printf(bio_err, "error writing output file\n");
goto end;
}
- } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
- || BIO_read(rbio,
- (unsigned char *)salt,
- sizeof salt) != sizeof salt) {
- BIO_printf(bio_err,"error reading input file\n");
+ } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ || BIO_read(rbio,
+ (unsigned char *) salt,
+ sizeof salt) != sizeof salt) {
+ BIO_printf(bio_err, "error reading input file\n");
+ goto end;
+ } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ BIO_printf(bio_err, "bad magic number\n");
goto end;
- } else if(memcmp(mbuf,magic,sizeof magic-1)) {
- BIO_printf(bio_err,"bad magic number\n");
- goto end;
}
-
sptr = salt;
}
- EVP_BytesToKey(cipher,dgst,sptr,
- (unsigned char *)str,
- strlen(str),1,key,iv);
- /* zero the complete buffer or the string
- * passed from the command line
- * bug picked up by
- * Larry J. Hughes Jr. <hughes@indiana.edu> */
+ EVP_BytesToKey(cipher, dgst, sptr,
+ (unsigned char *) str,
+ strlen(str), 1, key, iv);
+ /*
+ * zero the complete buffer or the string passed from
+ * the command line bug picked up by Larry J. Hughes
+ * Jr. <hughes@indiana.edu>
+ */
if (str == strbuf)
- OPENSSL_cleanse(str,SIZE);
+ OPENSSL_cleanse(str, SIZE);
else
- OPENSSL_cleanse(str,strlen(str));
- }
- if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
- {
- BIO_printf(bio_err,"invalid hex iv value\n");
+ OPENSSL_cleanse(str, strlen(str));
+ }
+ if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
+ BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
- }
+ }
if ((hiv == NULL) && (str == NULL)
- && EVP_CIPHER_iv_length(cipher) != 0)
- {
- /* No IV was explicitly set and no IV was generated
+ && EVP_CIPHER_iv_length(cipher) != 0) {
+ /*
+ * No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
- * making correct decryption impossible. */
+ * making correct decryption impossible.
+ */
BIO_printf(bio_err, "iv undefined\n");
goto end;
- }
- if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
- {
- BIO_printf(bio_err,"invalid hex key value\n");
+ }
+ if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+ BIO_printf(bio_err, "invalid hex key value\n");
goto end;
- }
-
- if ((benc=BIO_new(BIO_f_cipher())) == NULL)
+ }
+ if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end;
- /* Since we may be changing parameters work on the encryption
+ /*
+ * Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
if (non_fips_allow)
EVP_CIPHER_CTX_set_flags(ctx,
- EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+ EVP_CIPH_FLAG_NON_FIPS_ALLOW);
- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
- {
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
+ EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
- if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
- {
+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
+ EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
- }
-
- if (debug)
- {
- BIO_set_callback(benc,BIO_debug_callback);
- BIO_set_callback_arg(benc,(char *)bio_err);
- }
-
- if (printkey)
- {
- if (!nosalt)
- {
+ }
+ if (debug) {
+ BIO_set_callback(benc, BIO_debug_callback);
+ BIO_set_callback_arg(benc, (char *) bio_err);
+ }
+ if (printkey) {
+ if (!nosalt) {
printf("salt=");
- for (i=0; i<(int)sizeof(salt); i++)
- printf("%02X",salt[i]);
+ for (i = 0; i < (int) sizeof(salt); i++)
+ printf("%02X", salt[i]);
printf("\n");
- }
- if (cipher->key_len > 0)
- {
+ }
+ if (cipher->key_len > 0) {
printf("key=");
- for (i=0; i<cipher->key_len; i++)
- printf("%02X",key[i]);
+ for (i = 0; i < cipher->key_len; i++)
+ printf("%02X", key[i]);
printf("\n");
- }
- if (cipher->iv_len > 0)
- {
+ }
+ if (cipher->iv_len > 0) {
printf("iv =");
- for (i=0; i<cipher->iv_len; i++)
- printf("%02X",iv[i]);
+ for (i = 0; i < cipher->iv_len; i++)
+ printf("%02X", iv[i]);
printf("\n");
- }
- if (printkey == 2)
- {
- ret=0;
+ }
+ if (printkey == 2) {
+ ret = 0;
goto end;
- }
}
}
-
+ }
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
- wbio=BIO_push(benc,wbio);
-
- for (;;)
- {
- inl=BIO_read(rbio,(char *)buff,bsize);
- if (inl <= 0) break;
- if (BIO_write(wbio,(char *)buff,inl) != inl)
- {
- BIO_printf(bio_err,"error writing output file\n");
+ wbio = BIO_push(benc, wbio);
+
+ for (;;) {
+ inl = BIO_read(rbio, (char *) buff, bsize);
+ if (inl <= 0)
+ break;
+ if (BIO_write(wbio, (char *) buff, inl) != inl) {
+ BIO_printf(bio_err, "error writing output file\n");
goto end;
- }
}
- if (!BIO_flush(wbio))
- {
- BIO_printf(bio_err,"bad decrypt\n");
+ }
+ if (!BIO_flush(wbio)) {
+ BIO_printf(bio_err, "bad decrypt\n");
goto end;
- }
-
- ret=0;
- if (verbose)
- {
- BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
- BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
- }
+ }
+ ret = 0;
+ if (verbose) {
+ BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
+ BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
+ }
end:
ERR_print_errors(bio_err);
- if (strbuf != NULL) free(strbuf);
- if (buff != NULL) free(buff);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (benc != NULL) BIO_free(benc);
- if (b64 != NULL) BIO_free(b64);
+ if (strbuf != NULL)
+ free(strbuf);
+ if (buff != NULL)
+ free(buff);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (benc != NULL)
+ BIO_free(benc);
+ if (b64 != NULL)
+ BIO_free(b64);
#ifdef ZLIB
- if (bzl != NULL) BIO_free(bzl);
+ if (bzl != NULL)
+ BIO_free(bzl);
#endif
- if(pass) free(pass);
+ if (pass)
+ free(pass);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
-int set_hex(char *in, unsigned char *out, int size)
- {
- int i,n;
+int
+set_hex(char *in, unsigned char *out, int size)
+{
+ int i, n;
unsigned char j;
- n=strlen(in);
- if (n > (size*2))
- {
- BIO_printf(bio_err,"hex string is too long\n");
- return(0);
- }
- memset(out,0,size);
- for (i=0; i<n; i++)
- {
- j=(unsigned char)*in;
- *(in++)='\0';
- if (j == 0) break;
+ n = strlen(in);
+ if (n > (size * 2)) {
+ BIO_printf(bio_err, "hex string is too long\n");
+ return (0);
+ }
+ memset(out, 0, size);
+ for (i = 0; i < n; i++) {
+ j = (unsigned char) *in;
+ *(in++) = '\0';
+ if (j == 0)
+ break;
if ((j >= '0') && (j <= '9'))
- j-='0';
+ j -= '0';
else if ((j >= 'A') && (j <= 'F'))
- j=j-'A'+10;
+ j = j - 'A' + 10;
else if ((j >= 'a') && (j <= 'f'))
- j=j-'a'+10;
- else
- {
- BIO_printf(bio_err,"non-hex digit\n");
- return(0);
- }
- if (i&1)
- out[i/2]|=j;
- else
- out[i/2]=(j<<4);
+ j = j - 'a' + 10;
+ else {
+ BIO_printf(bio_err, "non-hex digit\n");
+ return (0);
}
- return(1);
+ if (i & 1)
+ out[i / 2] |= j;
+ else
+ out[i / 2] = (j << 4);
}
+ return (1);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#undef PROG
#define PROG engine_main
-static const char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
-" -vv will additionally display each command's description\n",
-" -vvv will also add the input flags for each command\n",
-" -vvvv will also show internal input flags\n",
-" -c - for each engine, also list the capabilities\n",
-" -t[t] - for each engine, check that they are really available\n",
-" -tt will display error trace for unavailable engines\n",
-" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
-" to load it (if -t is used)\n",
-" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
-" (only used if -t is also provided)\n",
-" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
-" line, or all supported ENGINEs if none are specified.\n",
-" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
-" argument \"/lib/libdriver.so\".\n",
-NULL
+static const char *engine_usage[] = {
+ "usage: engine opts [engine ...]\n",
+ " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+ " -vv will additionally display each command's description\n",
+ " -vvv will also add the input flags for each command\n",
+ " -vvvv will also show internal input flags\n",
+ " -c - for each engine, also list the capabilities\n",
+ " -t[t] - for each engine, check that they are really available\n",
+ " -tt will display error trace for unavailable engines\n",
+ " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
+ " to load it (if -t is used)\n",
+ " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+ " (only used if -t is also provided)\n",
+ " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+ " line, or all supported ENGINEs if none are specified.\n",
+ " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+ " argument \"/lib/libdriver.so\".\n",
+ NULL
};
-static void identity(char *ptr)
- {
+static void
+identity(char *ptr)
+{
return;
- }
+}
-static int append_buf(char **buf, const char *s, int *size, int step)
- {
+static int
+append_buf(char **buf, const char *s, int *size, int step)
+{
int l = strlen(s);
- if (*buf == NULL)
- {
+ if (*buf == NULL) {
*size = step;
*buf = malloc(*size);
if (*buf == NULL)
return 0;
**buf = '\0';
- }
-
+ }
if (**buf != '\0')
l += 2; /* ", " */
- if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
- {
+ if (strlen(*buf) + strlen(s) >= (unsigned int) *size) {
*size += step;
*buf = realloc(*buf, *size);
- }
-
+ }
if (*buf == NULL)
return 0;
BUF_strlcat(*buf, s, *size);
return 1;
- }
+}
-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
- {
+static int
+util_flags(BIO * bio_out, unsigned int flags, const char *indent)
+{
int started = 0, err = 0;
/* Indent before displaying input flags */
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
- if(flags == 0)
- {
+ if (flags == 0) {
BIO_printf(bio_out, "<no flags>\n");
return 1;
- }
- /* If the object is internal, mark it in a way that shows instead of
- * having it part of all the other flags, even if it really is. */
- if(flags & ENGINE_CMD_FLAG_INTERNAL)
- {
+ }
+ /*
+ * If the object is internal, mark it in a way that shows instead of
+ * having it part of all the other flags, even if it really is.
+ */
+ if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(bio_out, "[Internal] ");
- }
-
- if(flags & ENGINE_CMD_FLAG_NUMERIC)
- {
+ }
+ if (flags & ENGINE_CMD_FLAG_NUMERIC) {
BIO_printf(bio_out, "NUMERIC");
started = 1;
- }
- /* Now we check that no combinations of the mutually exclusive NUMERIC,
- * STRING, and NO_INPUT flags have been used. Future flags that can be
- * OR'd together with these would need to added after these to preserve
- * the testing logic. */
- if(flags & ENGINE_CMD_FLAG_STRING)
- {
- if(started)
- {
+ }
+ /*
+ * Now we check that no combinations of the mutually exclusive
+ * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags
+ * that can be OR'd together with these would need to added after
+ * these to preserve the testing logic.
+ */
+ if (flags & ENGINE_CMD_FLAG_STRING) {
+ if (started) {
BIO_printf(bio_out, "|");
err = 1;
- }
+ }
BIO_printf(bio_out, "STRING");
started = 1;
- }
- if(flags & ENGINE_CMD_FLAG_NO_INPUT)
- {
- if(started)
- {
+ }
+ if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+ if (started) {
BIO_printf(bio_out, "|");
err = 1;
- }
+ }
BIO_printf(bio_out, "NO_INPUT");
started = 1;
- }
+ }
/* Check for unknown flags */
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
- ~ENGINE_CMD_FLAG_STRING &
- ~ENGINE_CMD_FLAG_NO_INPUT &
- ~ENGINE_CMD_FLAG_INTERNAL;
- if(flags)
- {
- if(started) BIO_printf(bio_out, "|");
+ ~ENGINE_CMD_FLAG_STRING &
+ ~ENGINE_CMD_FLAG_NO_INPUT &
+ ~ENGINE_CMD_FLAG_INTERNAL;
+ if (flags) {
+ if (started)
+ BIO_printf(bio_out, "|");
BIO_printf(bio_out, "<0x%04X>", flags);
- }
- if(err)
+ }
+ if (err)
BIO_printf(bio_out, " <illegal flags!>");
BIO_printf(bio_out, "\n");
return 1;
- }
+}
-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
- {
+static int
+util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent)
+{
static const int line_wrap = 78;
int num;
int ret = 0;
char *desc = NULL;
int flags;
int xpos = 0;
- STACK_OF(OPENSSL_STRING) *cmds = NULL;
- if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
- ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
- 0, NULL, NULL)) <= 0))
- {
+ STACK_OF(OPENSSL_STRING) * cmds = NULL;
+ if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+ ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+ 0, NULL, NULL)) <= 0)) {
#if 0
BIO_printf(bio_out, "%s<no control commands>\n", indent);
#endif
return 1;
- }
-
+ }
cmds = sk_OPENSSL_STRING_new_null();
- if(!cmds)
+ if (!cmds)
goto err;
do {
int len;
/* Get the command input flags */
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
- NULL, NULL)) < 0)
+ if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+ NULL, NULL)) < 0)
goto err;
- if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
- {
- /* Get the command name */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
- NULL, NULL)) <= 0)
- goto err;
- if((name = malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
- NULL) <= 0)
- goto err;
- /* Get the command description */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
- NULL, NULL)) < 0)
- goto err;
- if(len > 0)
- {
- if((desc = malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
- NULL) <= 0)
- goto err;
- }
- /* Now decide on the output */
- if(xpos == 0)
- /* Do an indent */
- xpos = BIO_puts(bio_out, indent);
- else
- /* Otherwise prepend a ", " */
- xpos += BIO_printf(bio_out, ", ");
- if(verbose == 1)
- {
- /* We're just listing names, comma-delimited */
- if((xpos > (int)strlen(indent)) &&
- (xpos + (int)strlen(name) > line_wrap))
- {
- BIO_printf(bio_out, "\n");
- xpos = BIO_puts(bio_out, indent);
- }
- xpos += BIO_printf(bio_out, "%s", name);
- }
- else
- {
- /* We're listing names plus descriptions */
- BIO_printf(bio_out, "%s: %s\n", name,
- (desc == NULL) ? "<no description>" : desc);
- /* ... and sometimes input flags */
- if((verbose >= 3) && !util_flags(bio_out, flags,
- indent))
- goto err;
- xpos = 0;
- }
- }
- free(name); name = NULL;
- if(desc) { free(desc); desc = NULL; }
+ if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+ /* Get the command name */
+ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+ NULL, NULL)) <= 0)
+ goto err;
+ if ((name = malloc(len + 1)) == NULL)
+ goto err;
+ if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+ NULL) <= 0)
+ goto err;
+ /* Get the command description */
+ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if (len > 0) {
+ if ((desc = malloc(len + 1)) == NULL)
+ goto err;
+ if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+ NULL) <= 0)
+ goto err;
+ }
+ /* Now decide on the output */
+ if (xpos == 0)
+ /* Do an indent */
+ xpos = BIO_puts(bio_out, indent);
+ else
+ /* Otherwise prepend a ", " */
+ xpos += BIO_printf(bio_out, ", ");
+ if (verbose == 1) {
+ /* We're just listing names, comma-delimited */
+ if ((xpos > (int) strlen(indent)) &&
+ (xpos + (int) strlen(name) > line_wrap)) {
+ BIO_printf(bio_out, "\n");
+ xpos = BIO_puts(bio_out, indent);
+ }
+ xpos += BIO_printf(bio_out, "%s", name);
+ } else {
+ /* We're listing names plus descriptions */
+ BIO_printf(bio_out, "%s: %s\n", name,
+ (desc == NULL) ? "<no description>" : desc);
+ /* ... and sometimes input flags */
+ if ((verbose >= 3) && !util_flags(bio_out, flags,
+ indent))
+ goto err;
+ xpos = 0;
+ }
+ }
+ free(name);
+ name = NULL;
+ if (desc) {
+ free(desc);
+ desc = NULL;
+ }
/* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
- num, NULL, NULL);
- } while(num > 0);
- if(xpos > 0)
+ num, NULL, NULL);
+ } while (num > 0);
+ if (xpos > 0)
BIO_printf(bio_out, "\n");
ret = 1;
err:
- if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
- if(name) free(name);
- if(desc) free(desc);
+ if (cmds)
+ sk_OPENSSL_STRING_pop_free(cmds, identity);
+ if (name)
+ free(name);
+ if (desc)
+ free(desc);
return ret;
- }
+}
-static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
- BIO *bio_out, const char *indent)
- {
+static void
+util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds,
+ BIO * bio_out, const char *indent)
+{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
- if(num < 0)
- {
+ if (num < 0) {
BIO_printf(bio_out, "[Error]: internal stack error\n");
return;
- }
- for(loop = 0; loop < num; loop++)
- {
+ }
+ for (loop = 0; loop < num; loop++) {
char buf[256];
const char *cmd, *arg;
cmd = sk_OPENSSL_STRING_value(cmds, loop);
- res = 1; /* assume success */
+ res = 1; /* assume success */
/* Check if this command has no ":arg" */
- if((arg = strstr(cmd, ":")) == NULL)
- {
- if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+ if ((arg = strstr(cmd, ":")) == NULL) {
+ if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
res = 0;
- }
- else
- {
- if((int)(arg - cmd) > 254)
- {
- BIO_printf(bio_out,"[Error]: command name too long\n");
+ } else {
+ if ((int) (arg - cmd) > 254) {
+ BIO_printf(bio_out, "[Error]: command name too long\n");
return;
- }
- memcpy(buf, cmd, (int)(arg - cmd));
- buf[arg-cmd] = '\0';
- arg++; /* Move past the ":" */
+ }
+ memcpy(buf, cmd, (int) (arg - cmd));
+ buf[arg - cmd] = '\0';
+ arg++; /* Move past the ":" */
/* Call the command with the argument */
- if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+ if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
- }
- if(res)
+ }
+ if (res)
BIO_printf(bio_out, "[Success]: %s\n", cmd);
- else
- {
+ else {
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
ERR_print_errors(bio_out);
- }
}
}
+}
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- int ret=1,i;
+int
+MAIN(int argc, char **argv)
+{
+ int ret = 1, i;
const char **pp;
- int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
+ int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
ENGINE *e;
- STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
- STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
- STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
- int badops=1;
- BIO *bio_out=NULL;
+ STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null();
+ STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null();
+ STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null();
+ int badops = 1;
+ BIO *bio_out = NULL;
const char *indent = " ";
apps_startup();
SSL_load_error_strings();
if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
argc--;
argv++;
- while (argc >= 1)
- {
- if (strncmp(*argv,"-v",2) == 0)
- {
- if(strspn(*argv + 1, "v") < strlen(*argv + 1))
+ while (argc >= 1) {
+ if (strncmp(*argv, "-v", 2) == 0) {
+ if (strspn(*argv + 1, "v") < strlen(*argv + 1))
goto skip_arg_loop;
- if((verbose=strlen(*argv + 1)) > 4)
+ if ((verbose = strlen(*argv + 1)) > 4)
goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-c") == 0)
- list_cap=1;
- else if (strncmp(*argv,"-t",2) == 0)
- {
- test_avail=1;
- if(strspn(*argv + 1, "t") < strlen(*argv + 1))
+ } else if (strcmp(*argv, "-c") == 0)
+ list_cap = 1;
+ else if (strncmp(*argv, "-t", 2) == 0) {
+ test_avail = 1;
+ if (strspn(*argv + 1, "t") < strlen(*argv + 1))
goto skip_arg_loop;
- if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
+ if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-pre") == 0)
- {
- argc--; argv++;
+ } else if (strcmp(*argv, "-pre") == 0) {
+ argc--;
+ argv++;
if (argc == 0)
goto skip_arg_loop;
- sk_OPENSSL_STRING_push(pre_cmds,*argv);
- }
- else if (strcmp(*argv,"-post") == 0)
- {
- argc--; argv++;
+ sk_OPENSSL_STRING_push(pre_cmds, *argv);
+ } else if (strcmp(*argv, "-post") == 0) {
+ argc--;
+ argv++;
if (argc == 0)
goto skip_arg_loop;
- sk_OPENSSL_STRING_push(post_cmds,*argv);
- }
- else if ((strncmp(*argv,"-h",2) == 0) ||
- (strcmp(*argv,"-?") == 0))
+ sk_OPENSSL_STRING_push(post_cmds, *argv);
+ } else if ((strncmp(*argv, "-h", 2) == 0) ||
+ (strcmp(*argv, "-?") == 0))
goto skip_arg_loop;
else
- sk_OPENSSL_STRING_push(engines,*argv);
+ sk_OPENSSL_STRING_push(engines, *argv);
argc--;
argv++;
- }
+ }
/* Looks like everything went OK */
badops = 0;
skip_arg_loop:
- if (badops)
- {
- for (pp=engine_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
+ if (badops) {
+ for (pp = engine_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
goto end;
+ }
+ if (sk_OPENSSL_STRING_num(engines) == 0) {
+ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+ sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e));
}
-
- if (sk_OPENSSL_STRING_num(engines) == 0)
- {
- for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
- {
- sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
- }
- }
-
- for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
- {
- const char *id = sk_OPENSSL_STRING_value(engines,i);
- if ((e = ENGINE_by_id(id)) != NULL)
- {
+ }
+ for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
+ const char *id = sk_OPENSSL_STRING_value(engines, i);
+ if ((e = ENGINE_by_id(id)) != NULL) {
const char *name = ENGINE_get_name(e);
/* Do "id" first, then "name". Easier to auto-parse. */
BIO_printf(bio_out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, bio_out, indent);
- if (strcmp(ENGINE_get_id(e), id) != 0)
- {
+ if (strcmp(ENGINE_get_id(e), id) != 0) {
BIO_printf(bio_out, "Loaded: (%s) %s\n",
- ENGINE_get_id(e), ENGINE_get_name(e));
- }
- if (list_cap)
- {
+ ENGINE_get_id(e), ENGINE_get_name(e));
+ }
+ if (list_cap) {
int cap_size = 256;
char *cap_buf = NULL;
- int k,n;
+ int k, n;
const int *nids;
ENGINE_CIPHERS_PTR fn_c;
ENGINE_DIGESTS_PTR fn_d;
ENGINE_PKEY_METHS_PTR fn_pk;
if (ENGINE_get_RSA(e) != NULL
- && !append_buf(&cap_buf, "RSA",
- &cap_size, 256))
+ && !append_buf(&cap_buf, "RSA",
+ &cap_size, 256))
goto end;
if (ENGINE_get_DSA(e) != NULL
- && !append_buf(&cap_buf, "DSA",
- &cap_size, 256))
+ && !append_buf(&cap_buf, "DSA",
+ &cap_size, 256))
goto end;
if (ENGINE_get_DH(e) != NULL
- && !append_buf(&cap_buf, "DH",
- &cap_size, 256))
+ && !append_buf(&cap_buf, "DH",
+ &cap_size, 256))
goto end;
if (ENGINE_get_RAND(e) != NULL
- && !append_buf(&cap_buf, "RAND",
- &cap_size, 256))
+ && !append_buf(&cap_buf, "RAND",
+ &cap_size, 256))
goto end;
fn_c = ENGINE_get_ciphers(e);
- if(!fn_c) goto skip_ciphers;
+ if (!fn_c)
+ goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
+ for (k = 0; k < n; ++k)
+ if (!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
goto end;
-skip_ciphers:
+ skip_ciphers:
fn_d = ENGINE_get_digests(e);
- if(!fn_d) goto skip_digests;
+ if (!fn_d)
+ goto skip_digests;
n = fn_d(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
+ for (k = 0; k < n; ++k)
+ if (!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
goto end;
-skip_digests:
+ skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
- if(!fn_pk) goto skip_pmeths;
+ if (!fn_pk)
+ goto skip_pmeths;
n = fn_pk(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
+ for (k = 0; k < n; ++k)
+ if (!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]),
+ &cap_size, 256))
goto end;
-skip_pmeths:
+ skip_pmeths:
if (cap_buf && (*cap_buf != '\0'))
BIO_printf(bio_out, " [%s]\n", cap_buf);
free(cap_buf);
- }
- if(test_avail)
- {
+ }
+ if (test_avail) {
BIO_printf(bio_out, "%s", indent);
- if (ENGINE_init(e))
- {
+ if (ENGINE_init(e)) {
BIO_printf(bio_out, "[ available ]\n");
util_do_cmds(e, post_cmds, bio_out, indent);
ENGINE_finish(e);
- }
- else
- {
+ } else {
BIO_printf(bio_out, "[ unavailable ]\n");
- if(test_avail_noise)
+ if (test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
- }
}
- if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+ }
+ if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
goto end;
ENGINE_free(e);
- }
- else
+ } else
ERR_print_errors(bio_err);
- }
+ }
- ret=0;
+ ret = 0;
end:
ERR_print_errors(bio_err);
sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity);
- if (bio_out != NULL) BIO_free_all(bio_out);
+ if (bio_out != NULL)
+ BIO_free_all(bio_out);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
#else
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+#if PEDANTIC
+static void *dummy = &dummy;
+#endif
#endif
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
SSL_load_error_strings();
argc--;
argv++;
}
-
for (i = 1; i < argc; i++) {
- if (sscanf(argv[i], "%lx",&l)) {
+ if (sscanf(argv[i], "%lx", &l)) {
ERR_error_string_n(l, buf, sizeof buf);
printf("%s\n", buf);
} else {
}
}
apps_shutdown();
- return(ret);
+ return (ret);
}
#undef PROG
#define PROG gendh_main
-static int dh_cb(int p, int n, BN_GENCB *cb);
+static int dh_cb(int p, int n, BN_GENCB * cb);
int MAIN(int, char **);
BN_GENCB_set(&cb, dh_cb, bio_err);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-2") == 0)
g = 2;
- /* else if (strcmp(*argv,"-3") == 0)
- g=3; */
+ /*
+ * else if (strcmp(*argv,"-3") == 0) g=3;
+ */
else if (strcmp(*argv, "-5") == 0)
g = 5;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
- inrand= *(++argv);
+ inrand = *(++argv);
} else
break;
argv++;
argc--;
}
- if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) {
+ if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
BIO_printf(bio_err, " -out file - output the key to 'file\n");
BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
+ /*
+ * BIO_printf(bio_err," -3 - use 3 as the generator
+ * value\n");
+ */
BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
-
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
ERR_print_errors(bio_err);
goto end;
}
-
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+ BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
if (dh != NULL)
DH_free(dh);
apps_shutdown();
- return(ret);
+ return (ret);
}
static int
-dh_cb(int p, int n, BN_GENCB *cb)
+dh_cb(int p, int n, BN_GENCB * cb)
{
char c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1);
- (void)BIO_flush(cb->arg);
+ (void) BIO_flush(cb->arg);
#ifdef LINT
p = n;
#endif
return 1;
}
-#else /* !OPENSSL_NO_DH */
+#else /* !OPENSSL_NO_DH */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#include <openssl/opensslconf.h>/* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <string.h>
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
- passargout= *(++argv);
+ passargout = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
- inrand= *(++argv);
+ inrand = *(++argv);
} else if (strcmp(*argv, "-") == 0)
goto bad;
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
-
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-
-
in = BIO_new(BIO_s_file());
if (!(BIO_read_filename(in, dsaparams))) {
perror(dsaparams);
goto end;
}
-
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end;
if (passout)
free(passout);
apps_shutdown();
- return(ret);
+ return (ret);
}
-#else /* !OPENSSL_NO_DSA */
+#else /* !OPENSSL_NO_DSA */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
#include <openssl/engine.h>
#endif
-static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, const char *file,
- ENGINE *e);
-static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int
+init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file,
+ ENGINE * e);
+static int genpkey_cb(EVP_PKEY_CTX * ctx);
#define PROG genpkey_main
} else if (!strcmp(*args, "-pass")) {
if (!args[1])
goto bad;
- passarg= *(++args);
+ passarg = *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args, "-engine") == 0) {
e = setup_engine(bio_err, *(++args), 0);
}
#endif
- else if (!strcmp (*args, "-paramfile")) {
+ else if (!strcmp(*args, "-paramfile")) {
if (!args[1])
goto bad;
args++;
goto bad;
if (!init_keygen_file(bio_err, &ctx, *args, e))
goto end;
- } else if (!strcmp (*args, "-out")) {
+ } else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
goto end;
}
-
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
-
if (outfile) {
- if (!(out = BIO_new_file (outfile, "wb"))) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
} else {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
-
if (text) {
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
ERR_print_errors(bio_err);
}
}
-
ret = 0;
end:
}
static int
-init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
- const char *file, ENGINE *e)
+init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx,
+ const char *file, ENGINE * e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
BIO_puts(err, "Parameters already set!\n");
return 0;
}
-
pbio = BIO_new_file(file, "r");
if (!pbio) {
BIO_printf(err, "Can't open parameter file %s\n", file);
return 0;
}
-
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
-
ctx = EVP_PKEY_CTX_new(pkey, e);
if (!ctx)
goto err;
}
int
-init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param)
+init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx,
+ const char *algname, ENGINE * e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth;
BIO_puts(err, "Algorithm already set!\n");
return 0;
}
-
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
return 0;
}
-
ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
}
static int
-genpkey_cb(EVP_PKEY_CTX *ctx)
+genpkey_cb(EVP_PKEY_CTX * ctx)
{
char c = '*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
if (p == 3)
c = '\n';
BIO_write(b, &c, 1);
- (void)BIO_flush(b);
+ (void) BIO_flush(b);
#ifdef LINT
p = n;
#endif
#undef PROG
#define PROG genrsa_main
-static int genrsa_cb(int p, int n, BN_GENCB *cb);
+static int genrsa_cb(int p, int n, BN_GENCB * cb);
int MAIN(int, char **);
BIGNUM *bn = BN_new();
RSA *rsa = NULL;
- if (!bn) goto err;
+ if (!bn)
+ goto err;
- apps_startup();
+ apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
BIO_printf(bio_err, "unable to create BIO for output\n");
goto err;
}
-
argv++;
argc--;
for (;;) {
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
- outfile= *(++argv);
+ outfile = *(++argv);
} else if (strcmp(*argv, "-3") == 0)
f4 = 3;
- else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv,"-f4") == 0)
+ else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
f4 = RSA_F4;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
- engine= *(++argv);
+ engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
- inrand= *(++argv);
+ inrand = *(++argv);
}
#ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0)
else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
- passargout= *(++argv);
+ passargout = *(++argv);
} else
break;
argv++;
argc--;
}
- if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) {
+ if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
}
-
ERR_load_crypto_strings();
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
-
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
app_RAND_write_file(NULL, bio_err);
- /* We need to do the following for when the base number size is <
- * long, esp windows 3.1 :-(. */
+ /*
+ * We need to do the following for when the base number size is <
+ * long, esp windows 3.1 :-(.
+ */
l = 0L;
for (i = 0; i < rsa->e->top; i++) {
#ifndef SIXTY_FOUR_BIT
- l<<=BN_BITS4;
- l<<=BN_BITS4;
+ l <<= BN_BITS4;
+ l <<= BN_BITS4;
#endif
l += rsa->e->d[i];
}
- BIO_printf(bio_err, "e is %ld (0x%lX)\n",l,l);
+ BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
- (pem_password_cb *)password_callback, &cb_data))
+ (pem_password_cb *) password_callback, &cb_data))
goto err;
}
RSA_free(rsa);
if (out)
BIO_free_all(out);
- if (passout) free(passout);
- if (ret != 0)
- ERR_print_errors(bio_err);
+ if (passout)
+ free(passout);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
apps_shutdown();
- return(ret);
+ return (ret);
}
static int
-genrsa_cb(int p, int n, BN_GENCB *cb)
+genrsa_cb(int p, int n, BN_GENCB * cb)
{
char c = '*';
if (p == 3)
c = '\n';
BIO_write(cb->arg, &c, 1);
- (void)BIO_flush(cb->arg);
+ (void) BIO_flush(cb->arg);
#ifdef LINT
p = n;
#endif
return 1;
}
-#else /* !OPENSSL_NO_RSA */
+#else /* !OPENSSL_NO_RSA */
-# if PEDANTIC
+#if PEDANTIC
static void *dummy = &dummy;
-# endif
+#endif
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
+int
+MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1;
int badarg = 0;
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
- if (!strcmp (*args, "-toseq")) toseq = 1;
- else if (!strcmp (*args, "-in")) {
+ if (!strcmp(*args, "-toseq"))
+ toseq = 1;
+ else if (!strcmp(*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
- } else badarg = 1;
- } else badarg = 1;
+ } else
+ badarg = 1;
+ } else
+ badarg = 1;
args++;
}
if (badarg) {
- BIO_printf (bio_err, "Netscape certificate sequence utility\n");
- BIO_printf (bio_err, "Usage nseq [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-toseq output NS Sequence file\n");
- return(1);
+ BIO_printf(bio_err, "Netscape certificate sequence utility\n");
+ BIO_printf(bio_err, "Usage nseq [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-toseq output NS Sequence file\n");
+ return (1);
}
-
if (infile) {
- if (!(in = BIO_new_file (infile, "r"))) {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
+ if (!(in = BIO_new_file(infile, "r"))) {
+ BIO_printf(bio_err,
+ "Can't open input file %s\n", infile);
goto end;
}
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
- if (!(out = BIO_new_file (outfile, "w"))) {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
+ if (!(out = BIO_new_file(outfile, "w"))) {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
goto end;
}
} else {
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new_null();
- while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
- sk_X509_push(seq->certs,x509);
+ while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ sk_X509_push(seq->certs, x509);
- if(!sk_X509_num(seq->certs))
- {
- BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+ if (!sk_X509_num(seq->certs)) {
+ BIO_printf(bio_err, "Error reading certs file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
goto end;
}
-
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
- BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+ BIO_printf(bio_err, "Error reading sequence file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
-
- for(i = 0; i < sk_X509_num(seq->certs); i++) {
+ for (i = 0; i < sk_X509_num(seq->certs); i++) {
x509 = sk_X509_value(seq->certs, i);
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
- return(ret);
+ return (ret);
}
-
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include "apps.h" /* needs to be included before the openssl headers! */
+#include "apps.h" /* needs to be included before the openssl
+ * headers! */
#include <openssl/e_os2.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#if defined(NETWARE_CLIB)
-# ifdef NETWARE_BSDSOCK
-# include <sys/socket.h>
-# include <sys/bsdskt.h>
-# else
-# include <novsock2.h>
-# endif
+#ifdef NETWARE_BSDSOCK
+#include <sys/socket.h>
+#include <sys/bsdskt.h>
+#else
+#include <novsock2.h>
+#endif
#elif defined(NETWARE_LIBC)
-# ifdef NETWARE_BSDSOCK
-# include <sys/select.h>
-# else
-# include <novsock2.h>
-# endif
+#ifdef NETWARE_BSDSOCK
+#include <sys/select.h>
+#else
+#include <novsock2.h>
#endif
-
+#endif
+
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(OPENSSL_STRING) *names,
- STACK_OF(OCSP_CERTID) *ids, long nsec,
- long maxage);
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays);
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout);
+static int
+add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer,
+ STACK_OF(OCSP_CERTID) * ids);
+ static int add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer,
+ STACK_OF(OCSP_CERTID) * ids);
+ static int print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req,
+ STACK_OF(OPENSSL_STRING) * names,
+ STACK_OF(OCSP_CERTID) * ids, long nsec,
+ long maxage);
+
+ static int make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db,
+ X509 * ca, X509 * rcert, EVP_PKEY * rkey,
+ STACK_OF(X509) * rother, unsigned long flags,
+ int nmin, int ndays);
+
+ static char **lookup_serial(CA_DB * db, ASN1_INTEGER * ser);
+ static BIO *init_responder(char *port);
+ static int do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port);
+ static int send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp);
+ static OCSP_RESPONSE *query_responder(BIO * err, BIO * cbio, char *path,
+ STACK_OF(CONF_VALUE) * headers,
+ OCSP_REQUEST * req, int req_timeout);
#undef PROG
#define PROG ocsp_main
-int MAIN(int, char **);
+ int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+ int MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
char *rsignfile = NULL, *rkeyfile = NULL;
char *outfile = NULL;
int add_nonce = 1, noverify = 0, use_ssl = -1;
- STACK_OF(CONF_VALUE) *headers = NULL;
+ STACK_OF(CONF_VALUE) * headers = NULL;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_BASICRESP *bs = NULL;
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
- STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ STACK_OF(X509) * sign_other = NULL, *verify_other = NULL, *rother = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
int ret = 1;
int badarg = 0;
int i;
int ignore_err = 0;
- STACK_OF(OPENSSL_STRING) *reqnames = NULL;
- STACK_OF(OCSP_CERTID) *ids = NULL;
+ STACK_OF(OPENSSL_STRING) * reqnames = NULL;
+ STACK_OF(OCSP_CERTID) * ids = NULL;
X509 *rca_cert = NULL;
char *ridx_filename = NULL;
int nmin = 0, ndays = -1;
const EVP_MD *cert_id_md = NULL;
- if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
args = argv + 1;
reqnames = sk_OPENSSL_STRING_new_null();
ids = sk_OCSP_CERTID_new_null();
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args, "-out"))
- {
- if (args[1])
- {
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-out")) {
+ if (args[1]) {
args++;
outfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-timeout"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-timeout")) {
+ if (args[1]) {
args++;
req_timeout = atol(*args);
- if (req_timeout < 0)
- {
+ if (req_timeout < 0) {
BIO_printf(bio_err,
- "Illegal timeout value %s\n",
- *args);
+ "Illegal timeout value %s\n",
+ *args);
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp(*args, "-url"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-url")) {
+ if (args[1]) {
args++;
- if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
- {
+ if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
BIO_printf(bio_err, "Error parsing URL\n");
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp(*args, "-host"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-host")) {
+ if (args[1]) {
args++;
host = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-port"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-port")) {
+ if (args[1]) {
args++;
port = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-header"))
- {
- if (args[1] && args[2])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-header")) {
+ if (args[1] && args[2]) {
if (!X509V3_add_value(args[1], args[2], &headers))
goto end;
args += 2;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-ignore_err"))
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
noverify = 1;
verify_flags |= OCSP_TRUSTOTHER;
else if (!strcmp(*args, "-no_intern"))
verify_flags |= OCSP_NOINTERN;
- else if (!strcmp(*args, "-text"))
- {
+ else if (!strcmp(*args, "-text")) {
req_text = 1;
resp_text = 1;
- }
- else if (!strcmp(*args, "-req_text"))
+ } else if (!strcmp(*args, "-req_text"))
req_text = 1;
else if (!strcmp(*args, "-resp_text"))
resp_text = 1;
- else if (!strcmp(*args, "-reqin"))
- {
- if (args[1])
- {
+ else if (!strcmp(*args, "-reqin")) {
+ if (args[1]) {
args++;
reqin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respin"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-respin")) {
+ if (args[1]) {
args++;
respin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signer"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-signer")) {
+ if (args[1]) {
args++;
signfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-VAfile"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-VAfile")) {
+ if (args[1]) {
args++;
verify_certfile = *args;
verify_flags |= OCSP_TRUSTOTHER;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-sign_other"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-sign_other")) {
+ if (args[1]) {
args++;
sign_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-verify_other"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-verify_other")) {
+ if (args[1]) {
args++;
verify_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
args++;
CAfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
args++;
CApath = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-validity_period"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-validity_period")) {
+ if (args[1]) {
args++;
nsec = atol(*args);
- if (nsec < 0)
- {
+ if (nsec < 0) {
BIO_printf(bio_err,
- "Illegal validity period %s\n",
- *args);
+ "Illegal validity period %s\n",
+ *args);
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp (*args, "-status_age"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-status_age")) {
+ if (args[1]) {
args++;
maxage = atol(*args);
- if (maxage < 0)
- {
+ if (maxage < 0) {
BIO_printf(bio_err,
- "Illegal validity age %s\n",
- *args);
+ "Illegal validity age %s\n",
+ *args);
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signkey"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-signkey")) {
+ if (args[1]) {
args++;
keyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-reqout"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-reqout")) {
+ if (args[1]) {
args++;
reqout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respout"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-respout")) {
+ if (args[1]) {
args++;
respout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-path"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-path")) {
+ if (args[1]) {
args++;
path = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-issuer"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-issuer")) {
+ if (args[1]) {
args++;
X509_free(issuer);
issuer = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "issuer certificate");
- if(!issuer) goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-cert"))
- {
- if (args[1])
- {
+ NULL, e, "issuer certificate");
+ if (!issuer)
+ goto end;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-cert")) {
+ if (args[1]) {
args++;
X509_free(cert);
cert = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "certificate");
- if(!cert) goto end;
- if (!cert_id_md) cert_id_md = EVP_sha1();
- if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
+ NULL, e, "certificate");
+ if (!cert)
goto end;
- if(!sk_OPENSSL_STRING_push(reqnames, *args))
+ if (!cert_id_md)
+ cert_id_md = EVP_sha1();
+ if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-serial"))
- {
- if (args[1])
- {
+ if (!sk_OPENSSL_STRING_push(reqnames, *args))
+ goto end;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-serial")) {
+ if (args[1]) {
args++;
- if (!cert_id_md) cert_id_md = EVP_sha1();
- if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
+ if (!cert_id_md)
+ cert_id_md = EVP_sha1();
+ if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
goto end;
- if(!sk_OPENSSL_STRING_push(reqnames, *args))
+ if (!sk_OPENSSL_STRING_push(reqnames, *args))
goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-index"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-index")) {
+ if (args[1]) {
args++;
ridx_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-CA"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CA")) {
+ if (args[1]) {
args++;
rca_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-nmin"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-nmin")) {
+ if (args[1]) {
args++;
nmin = atol(*args);
- if (nmin < 0)
- {
+ if (nmin < 0) {
BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
+ "Illegal update period %s\n",
+ *args);
badarg = 1;
- }
}
- if (ndays == -1)
- ndays = 0;
- else badarg = 1;
}
- else if (!strcmp (*args, "-nrequest"))
- {
- if (args[1])
- {
+ if (ndays == -1)
+ ndays = 0;
+ else
+ badarg = 1;
+ } else if (!strcmp(*args, "-nrequest")) {
+ if (args[1]) {
args++;
accept_count = atol(*args);
- if (accept_count < 0)
- {
+ if (accept_count < 0) {
BIO_printf(bio_err,
- "Illegal accept count %s\n",
- *args);
+ "Illegal accept count %s\n",
+ *args);
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp (*args, "-ndays"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-ndays")) {
+ if (args[1]) {
args++;
ndays = atol(*args);
- if (ndays < 0)
- {
+ if (ndays < 0) {
BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
+ "Illegal update period %s\n",
+ *args);
badarg = 1;
- }
}
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rsigner"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rsigner")) {
+ if (args[1]) {
args++;
rsignfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rkey"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rkey")) {
+ if (args[1]) {
args++;
rkeyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rother"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rother")) {
+ if (args[1]) {
args++;
rcertfile = *args;
- }
- else badarg = 1;
- }
- else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
- {
+ } else
+ badarg = 1;
+ } else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) {
badarg = 1;
- }
- args++;
}
+ args++;
+ }
/* Have we anything to do? */
- if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "OCSP utility\n");
- BIO_printf (bio_err, "Usage ocsp [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-out file output filename\n");
- BIO_printf (bio_err, "-issuer file issuer certificate\n");
- BIO_printf (bio_err, "-cert file certificate to check\n");
- BIO_printf (bio_err, "-serial n serial number to check\n");
- BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
- BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
- BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
- BIO_printf (bio_err, "-req_text print text form of request\n");
- BIO_printf (bio_err, "-resp_text print text form of response\n");
- BIO_printf (bio_err, "-text print text form of request and response\n");
- BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
- BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
- BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
- BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
- BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
- BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
- BIO_printf (bio_err, "-url URL OCSP responder URL\n");
- BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
- BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
- BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
- BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
- BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
- BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
- BIO_printf (bio_err, "-no_chain don't chain verify response\n");
- BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
- BIO_printf (bio_err, "-port num port to run responder on\n");
- BIO_printf (bio_err, "-index file certificate status index file\n");
- BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
- BIO_printf (bio_err, "-rother file other certificates to include in response\n");
- BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
- BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
- BIO_printf (bio_err, "-ndays n number of days before next update\n");
- BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
- BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
+ if (!req && !reqin && !respin && !(port && ridx_filename))
+ badarg = 1;
+
+ if (badarg) {
+ BIO_printf(bio_err, "OCSP utility\n");
+ BIO_printf(bio_err, "Usage ocsp [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-out file output filename\n");
+ BIO_printf(bio_err, "-issuer file issuer certificate\n");
+ BIO_printf(bio_err, "-cert file certificate to check\n");
+ BIO_printf(bio_err, "-serial n serial number to check\n");
+ BIO_printf(bio_err, "-signer file certificate to sign OCSP request with\n");
+ BIO_printf(bio_err, "-signkey file private key to sign OCSP request with\n");
+ BIO_printf(bio_err, "-sign_other file additional certificates to include in signed request\n");
+ BIO_printf(bio_err, "-no_certs don't include any certificates in signed request\n");
+ BIO_printf(bio_err, "-req_text print text form of request\n");
+ BIO_printf(bio_err, "-resp_text print text form of response\n");
+ BIO_printf(bio_err, "-text print text form of request and response\n");
+ BIO_printf(bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf(bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf(bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf(bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf(bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf(bio_err, "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf(bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf(bio_err, "-host host:n send OCSP request to host on port n\n");
+ BIO_printf(bio_err, "-path path to use in OCSP request\n");
+ BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf(bio_err, "-status_age n maximum status age in seconds\n");
+ BIO_printf(bio_err, "-noverify don't verify response at all\n");
+ BIO_printf(bio_err, "-verify_other file additional certificates to search for signer\n");
+ BIO_printf(bio_err, "-trust_other don't verify additional certificates\n");
+ BIO_printf(bio_err, "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf(bio_err, "-no_signature_verify don't check signature on response\n");
+ BIO_printf(bio_err, "-no_cert_verify don't check signing certificate\n");
+ BIO_printf(bio_err, "-no_chain don't chain verify response\n");
+ BIO_printf(bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf(bio_err, "-port num port to run responder on\n");
+ BIO_printf(bio_err, "-index file certificate status index file\n");
+ BIO_printf(bio_err, "-CA file CA certificate\n");
+ BIO_printf(bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf(bio_err, "-rkey file responder key to sign responses with\n");
+ BIO_printf(bio_err, "-rother file other certificates to include in response\n");
+ BIO_printf(bio_err, "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf(bio_err, "-nmin n number of minutes before next update\n");
+ BIO_printf(bio_err, "-ndays n number of days before next update\n");
+ BIO_printf(bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf(bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
+ BIO_printf(bio_err, "-<dgst alg> use specified digest in the request\n");
goto end;
- }
-
- if(outfile) out = BIO_new_file(outfile, "w");
- else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
+ else
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(!out)
- {
+ if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
goto end;
- }
-
- if (!req && (add_nonce != 2)) add_nonce = 0;
+ }
+ if (!req && (add_nonce != 2))
+ add_nonce = 0;
- if (!req && reqin)
- {
+ if (!req && reqin) {
derbio = BIO_new_file(reqin, "rb");
- if (!derbio)
- {
+ if (!derbio) {
BIO_printf(bio_err, "Error Opening OCSP request file\n");
goto end;
- }
+ }
req = d2i_OCSP_REQUEST_bio(derbio, NULL);
BIO_free(derbio);
- if(!req)
- {
+ if (!req) {
BIO_printf(bio_err, "Error reading OCSP request\n");
goto end;
- }
}
-
- if (!req && port)
- {
+ }
+ if (!req && port) {
acbio = init_responder(port);
if (!acbio)
goto end;
- }
-
- if (rsignfile && !rdb)
- {
- if (!rkeyfile) rkeyfile = rsignfile;
+ }
+ if (rsignfile && !rdb) {
+ if (!rkeyfile)
+ rkeyfile = rsignfile;
rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
- NULL, e, "responder certificate");
- if (!rsigner)
- {
+ NULL, e, "responder certificate");
+ if (!rsigner) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
- }
+ }
rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
- NULL, e, "CA certificate");
- if (rcertfile)
- {
+ NULL, e, "CA certificate");
+ if (rcertfile) {
rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
- NULL, e, "responder other certificates");
- if (!rother) goto end;
- }
+ NULL, e, "responder other certificates");
+ if (!rother)
+ goto end;
+ }
rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
- "responder private key");
+ "responder private key");
if (!rkey)
goto end;
- }
- if(acbio)
+ }
+ if (acbio)
BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
- redo_accept:
+redo_accept:
- if (acbio)
- {
+ if (acbio) {
if (!do_responder(&req, &cbio, acbio, port))
goto end;
- if (!req)
- {
+ if (!req) {
resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
send_ocsp_response(cbio, resp);
goto done_resp;
- }
}
-
- if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
- {
+ }
+ if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
goto end;
- }
-
- if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
+ }
+ if (req && add_nonce)
+ OCSP_request_add1_nonce(req, NULL, -1);
- if (signfile)
- {
- if (!keyfile) keyfile = signfile;
+ if (signfile) {
+ if (!keyfile)
+ keyfile = signfile;
signer = load_cert(bio_err, signfile, FORMAT_PEM,
- NULL, e, "signer certificate");
- if (!signer)
- {
+ NULL, e, "signer certificate");
+ if (!signer) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
- }
- if (sign_certfile)
- {
+ }
+ if (sign_certfile) {
sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
- NULL, e, "signer certificates");
- if (!sign_other) goto end;
- }
+ NULL, e, "signer certificates");
+ if (!sign_other)
+ goto end;
+ }
key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
- "signer private key");
+ "signer private key");
if (!key)
goto end;
- if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags))
- {
+ if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) {
BIO_printf(bio_err, "Error signing OCSP request\n");
goto end;
- }
}
+ }
+ if (req_text && req)
+ OCSP_REQUEST_print(out, req, 0);
- if (req_text && req) OCSP_REQUEST_print(out, req, 0);
-
- if (reqout)
- {
+ if (reqout) {
derbio = BIO_new_file(reqout, "wb");
- if(!derbio)
- {
+ if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n", reqout);
goto end;
- }
+ }
i2d_OCSP_REQUEST_bio(derbio, req);
BIO_free(derbio);
- }
-
- if (ridx_filename && (!rkey || !rsigner || !rca_cert))
- {
+ }
+ if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
goto end;
- }
-
- if (ridx_filename && !rdb)
- {
+ }
+ if (ridx_filename && !rdb) {
rdb = load_index(ridx_filename, NULL);
- if (!rdb) goto end;
- if (!index_index(rdb)) goto end;
- }
-
- if (rdb)
- {
+ if (!rdb)
+ goto end;
+ if (!index_index(rdb))
+ goto end;
+ }
+ if (rdb) {
i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
if (cbio)
send_ocsp_response(cbio, resp);
- }
- else if (host)
- {
+ } else if (host) {
#ifndef OPENSSL_NO_SOCK
resp = process_responder(bio_err, req, host, path,
- port, use_ssl, headers, req_timeout);
+ port, use_ssl, headers, req_timeout);
if (!resp)
goto end;
#else
BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
goto end;
#endif
- }
- else if (respin)
- {
+ } else if (respin) {
derbio = BIO_new_file(respin, "rb");
- if (!derbio)
- {
+ if (!derbio) {
BIO_printf(bio_err, "Error Opening OCSP response file\n");
goto end;
- }
+ }
resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
BIO_free(derbio);
- if(!resp)
- {
+ if (!resp) {
BIO_printf(bio_err, "Error reading OCSP response\n");
goto end;
- }
-
}
- else
- {
+ } else {
ret = 0;
goto end;
- }
+ }
- done_resp:
+done_resp:
- if (respout)
- {
+ if (respout) {
derbio = BIO_new_file(respout, "wb");
- if(!derbio)
- {
+ if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n", respout);
goto end;
- }
+ }
i2d_OCSP_RESPONSE_bio(derbio, resp);
BIO_free(derbio);
- }
-
+ }
i = OCSP_response_status(resp);
- if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- {
+ if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
BIO_printf(out, "Responder Error: %s (%d)\n",
- OCSP_response_status_str(i), i);
+ OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
- }
-
- if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
+ }
+ if (resp_text)
+ OCSP_RESPONSE_print(out, resp, 0);
/* If running as responder don't verify our own response */
- if (cbio)
- {
+ if (cbio) {
if (accept_count > 0)
accept_count--;
/* Redo if more connections needed */
- if (accept_count)
- {
+ if (accept_count) {
BIO_free_all(cbio);
cbio = NULL;
OCSP_REQUEST_free(req);
OCSP_RESPONSE_free(resp);
resp = NULL;
goto redo_accept;
- }
- goto end;
}
-
+ goto end;
+ }
if (!store)
store = setup_verify(bio_err, CAfile, CApath);
if (!store)
goto end;
- if (verify_certfile)
- {
+ if (verify_certfile) {
verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
- NULL, e, "validator certificate");
- if (!verify_other) goto end;
- }
-
+ NULL, e, "validator certificate");
+ if (!verify_other)
+ goto end;
+ }
bs = OCSP_response_get1_basic(resp);
- if (!bs)
- {
+ if (!bs) {
BIO_printf(bio_err, "Error parsing response\n");
goto end;
- }
-
- if (!noverify)
- {
- if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
- {
+ }
+ if (!noverify) {
+ if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
if (i == -1)
BIO_printf(bio_err, "WARNING: no nonce in response\n");
- else
- {
+ else {
BIO_printf(bio_err, "Nonce Verify error\n");
goto end;
- }
}
-
+ }
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
- if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
+ if (i < 0)
+ i = OCSP_basic_verify(bs, NULL, store, 0);
- if(i <= 0)
- {
+ if (i <= 0) {
BIO_printf(bio_err, "Response Verify Failure\n");
ERR_print_errors(bio_err);
- }
- else
+ } else
BIO_printf(bio_err, "Response verify OK\n");
- }
-
+ }
if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
goto end;
sk_X509_pop_free(verify_other, X509_free);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
- if (use_ssl != -1)
- {
+ if (use_ssl != -1) {
free(host);
free(port);
free(path);
- }
-
- return(ret);
+ }
+ return (ret);
}
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
+static int
+add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer,
+ STACK_OF(OCSP_CERTID) * ids)
+{
OCSP_CERTID *id;
- if(!issuer)
- {
+ if (!issuer) {
BIO_printf(bio_err, "No issuer certificate specified\n");
return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
+ }
+ if (!*req)
+ *req = OCSP_REQUEST_new();
+ if (!*req)
+ goto err;
id = OCSP_cert_to_id(cert_id_md, cert, issuer);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
+ if (!id || !sk_OCSP_CERTID_push(ids, id))
+ goto err;
+ if (!OCSP_request_add0_id(*req, id))
+ goto err;
return 1;
- err:
+err:
BIO_printf(bio_err, "Error Creating OCSP request\n");
return 0;
- }
+}
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
+static int
+add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer,
+ STACK_OF(OCSP_CERTID) * ids)
+{
OCSP_CERTID *id;
X509_NAME *iname;
ASN1_BIT_STRING *ikey;
ASN1_INTEGER *sno;
- if(!issuer)
- {
+ if (!issuer) {
BIO_printf(bio_err, "No issuer certificate specified\n");
return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
+ }
+ if (!*req)
+ *req = OCSP_REQUEST_new();
+ if (!*req)
+ goto err;
iname = X509_get_subject_name(issuer);
ikey = X509_get0_pubkey_bitstr(issuer);
sno = s2i_ASN1_INTEGER(NULL, serial);
- if(!sno)
- {
+ if (!sno) {
BIO_printf(bio_err, "Error converting serial number %s\n", serial);
return 0;
- }
+ }
id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
ASN1_INTEGER_free(sno);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
+ if (!id || !sk_OCSP_CERTID_push(ids, id))
+ goto err;
+ if (!OCSP_request_add0_id(*req, id))
+ goto err;
return 1;
- err:
+err:
BIO_printf(bio_err, "Error Creating OCSP request\n");
return 0;
- }
+}
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(OPENSSL_STRING) *names,
- STACK_OF(OCSP_CERTID) *ids, long nsec,
- long maxage)
- {
+static int
+print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req,
+ STACK_OF(OPENSSL_STRING) * names,
+ STACK_OF(OCSP_CERTID) * ids, long nsec,
+ long maxage)
+{
OCSP_CERTID *id;
char *name;
int i;
if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
return 1;
- for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
- {
+ for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
id = sk_OCSP_CERTID_value(ids, i);
name = sk_OPENSSL_STRING_value(names, i);
BIO_printf(out, "%s: ", name);
- if(!OCSP_resp_find_status(bs, id, &status, &reason,
- &rev, &thisupd, &nextupd))
- {
+ if (!OCSP_resp_find_status(bs, id, &status, &reason,
+ &rev, &thisupd, &nextupd)) {
BIO_puts(out, "ERROR: No Status found.\n");
continue;
- }
-
- /* Check validity: if invalid write to output BIO so we
- * know which response this refers to.
+ }
+ /*
+ * Check validity: if invalid write to output BIO so we know
+ * which response this refers to.
*/
- if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
- {
+ if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
BIO_puts(out, "WARNING: Status times invalid.\n");
ERR_print_errors(out);
- }
+ }
BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
BIO_puts(out, "\tThis Update: ");
ASN1_GENERALIZEDTIME_print(out, thisupd);
BIO_puts(out, "\n");
- if(nextupd)
- {
+ if (nextupd) {
BIO_puts(out, "\tNext Update: ");
ASN1_GENERALIZEDTIME_print(out, nextupd);
BIO_puts(out, "\n");
- }
-
+ }
if (status != V_OCSP_CERTSTATUS_REVOKED)
continue;
if (reason != -1)
BIO_printf(out, "\tReason: %s\n",
- OCSP_crl_reason_str(reason));
+ OCSP_crl_reason_str(reason));
BIO_puts(out, "\tRevocation Time: ");
ASN1_GENERALIZEDTIME_print(out, rev);
BIO_puts(out, "\n");
- }
+ }
return 1;
- }
+}
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays)
- {
+static int
+make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db,
+ X509 * ca, X509 * rcert, EVP_PKEY * rkey,
+ STACK_OF(X509) * rother, unsigned long flags,
+ int nmin, int ndays)
+{
ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid, *ca_id = NULL;
OCSP_BASICRESP *bs = NULL;
id_count = OCSP_request_onereq_count(req);
- if (id_count <= 0)
- {
+ if (id_count <= 0) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
goto end;
- }
-
-
+ }
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
+ nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
/* Examine each certificate id in the request */
- for (i = 0; i < id_count; i++)
- {
+ for (i = 0; i < id_count; i++) {
OCSP_ONEREQ *one;
ASN1_INTEGER *serial;
char **inf;
one = OCSP_request_onereq_get0(req, i);
cid = OCSP_onereq_get0_id(one);
- OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid);
+ OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
- cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
- if (! cert_id_md)
- {
+ cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+ if (!cert_id_md) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
- NULL);
- goto end;
- }
- if (ca_id) OCSP_CERTID_free(ca_id);
+ NULL);
+ goto end;
+ }
+ if (ca_id)
+ OCSP_CERTID_free(ca_id);
ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
/* Is this request about our CA? */
- if (OCSP_id_issuer_cmp(ca_id, cid))
- {
+ if (OCSP_id_issuer_cmp(ca_id, cid)) {
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
continue;
- }
+ }
OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
inf = lookup_serial(db, serial);
if (!inf)
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL,
+ thisupd, nextupd);
else if (inf[DB_type][0] == DB_TYPE_VAL)
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_GOOD,
- 0, NULL,
- thisupd, nextupd);
- else if (inf[DB_type][0] == DB_TYPE_REV)
- {
+ V_OCSP_CERTSTATUS_GOOD,
+ 0, NULL,
+ thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_REV) {
ASN1_OBJECT *inst = NULL;
ASN1_TIME *revtm = NULL;
ASN1_GENERALIZEDTIME *invtm = NULL;
int reason = -1;
unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
single = OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_REVOKED,
- reason, revtm,
- thisupd, nextupd);
+ V_OCSP_CERTSTATUS_REVOKED,
+ reason, revtm,
+ thisupd, nextupd);
if (invtm)
OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
else if (inst)
ASN1_OBJECT_free(inst);
ASN1_TIME_free(revtm);
ASN1_GENERALIZEDTIME_free(invtm);
- }
}
+ }
OCSP_copy_nonce(bs, req);
-
+
OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
- end:
+end:
ASN1_TIME_free(thisupd);
ASN1_TIME_free(nextupd);
OCSP_CERTID_free(ca_id);
OCSP_BASICRESP_free(bs);
return ret;
- }
+}
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
- {
+static char **
+lookup_serial(CA_DB * db, ASN1_INTEGER * ser)
+{
int i;
BIGNUM *bn = NULL;
- char *itmp, *row[DB_NUMBER],**rrow;
- for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
- bn = ASN1_INTEGER_to_BN(ser,NULL);
- OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
+ char *itmp, *row[DB_NUMBER], **rrow;
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+ bn = ASN1_INTEGER_to_BN(ser, NULL);
+ OPENSSL_assert(bn); /* FIXME: should report an error at this
+ * point and abort */
if (BN_is_zero(bn))
itmp = BUF_strdup("00");
else
itmp = BN_bn2hex(bn);
row[DB_serial] = itmp;
BN_free(bn);
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
free(itmp);
return rrow;
- }
+}
/* Quick and dirty OCSP server: read in and parse input request */
-static BIO *init_responder(char *port)
- {
+static BIO *
+init_responder(char *port)
+{
BIO *acbio = NULL, *bufbio = NULL;
bufbio = BIO_new(BIO_f_buffer());
- if (!bufbio)
+ if (!bufbio)
goto err;
#ifndef OPENSSL_NO_SOCK
acbio = BIO_new_accept(port);
BIO_set_accept_bios(acbio, bufbio);
bufbio = NULL;
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error setting up accept BIO\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
+ if (BIO_do_accept(acbio) <= 0) {
+ BIO_printf(bio_err, "Error setting up accept BIO\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
return acbio;
- err:
+err:
BIO_free_all(acbio);
BIO_free(bufbio);
return NULL;
- }
+}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
- {
+static int
+do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port)
+{
int have_post = 0, len;
OCSP_REQUEST *req = NULL;
char inbuf[1024];
BIO *cbio = NULL;
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error accepting connection\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
+ if (BIO_do_accept(acbio) <= 0) {
+ BIO_printf(bio_err, "Error accepting connection\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
cbio = BIO_pop(acbio);
*pcbio = cbio;
- for(;;)
- {
+ for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf);
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
- if (!have_post)
- {
- if(strncmp(inbuf, "POST", 4))
- {
+ if (!have_post) {
+ if (strncmp(inbuf, "POST", 4)) {
BIO_printf(bio_err, "Invalid request\n");
return 1;
- }
- have_post = 1;
}
+ have_post = 1;
+ }
/* Look for end of headers */
if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
break;
- }
+ }
/* Try to read OCSP request */
req = d2i_OCSP_REQUEST_bio(cbio, NULL);
- if (!req)
- {
+ if (!req) {
BIO_printf(bio_err, "Error parsing OCSP request\n");
ERR_print_errors(bio_err);
- }
-
+ }
*preq = req;
return 1;
- }
+}
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
- {
- static const char http_resp[] =
- "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
- "Content-Length: %d\r\n\r\n";
+static int
+send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp)
+{
+ static const char http_resp[] =
+ "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+ "Content-Length: %d\r\n\r\n";
if (!cbio)
return 0;
BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
i2d_OCSP_RESPONSE_bio(cbio, resp);
- (void)BIO_flush(cbio);
+ (void) BIO_flush(cbio);
return 1;
- }
+}
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- STACK_OF(CONF_VALUE) *headers,
- OCSP_REQUEST *req, int req_timeout)
- {
+static OCSP_RESPONSE *
+query_responder(BIO * err, BIO * cbio, char *path,
+ STACK_OF(CONF_VALUE) * headers,
+ OCSP_REQUEST * req, int req_timeout)
+{
int fd;
int rv;
int i;
rv = BIO_do_connect(cbio);
- if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
- {
+ if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
BIO_puts(err, "Error connecting BIO\n");
return NULL;
- }
-
- if (BIO_get_fd(cbio, &fd) <= 0)
- {
+ }
+ if (BIO_get_fd(cbio, &fd) <= 0) {
BIO_puts(err, "Can't get connection fd\n");
goto err;
- }
-
- if (req_timeout != -1 && rv <= 0)
- {
+ }
+ if (req_timeout != -1 && rv <= 0) {
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
tv.tv_usec = 0;
tv.tv_sec = req_timeout;
- rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
- if (rv == 0)
- {
+ rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv);
+ if (rv == 0) {
BIO_puts(err, "Timeout on connect\n");
return NULL;
- }
}
-
-
+ }
ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
if (!ctx)
return NULL;
- for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
- {
+ for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
goto err;
- }
+ }
if (!OCSP_REQ_CTX_set1_req(ctx, req))
goto err;
-
- for (;;)
- {
+
+ for (;;) {
rv = OCSP_sendreq_nbio(&rsp, ctx);
if (rv != -1)
break;
tv.tv_usec = 0;
tv.tv_sec = req_timeout;
if (BIO_should_read(cbio))
- rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+ rv = select(fd + 1, (void *) &confds, NULL, NULL, &tv);
else if (BIO_should_write(cbio))
- rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
- else
- {
+ rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv);
+ else {
BIO_puts(err, "Unexpected retry condition\n");
goto err;
- }
- if (rv == 0)
- {
+ }
+ if (rv == 0) {
BIO_puts(err, "Timeout on request\n");
break;
- }
- if (rv == -1)
- {
+ }
+ if (rv == -1) {
BIO_puts(err, "Select error\n");
break;
- }
-
}
- err:
+ }
+err:
if (ctx)
OCSP_REQ_CTX_free(ctx);
return rsp;
- }
+}
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- STACK_OF(CONF_VALUE) *headers,
- int req_timeout)
- {
+OCSP_RESPONSE *
+process_responder(BIO * err, OCSP_REQUEST * req,
+ char *host, char *path, char *port, int use_ssl,
+ STACK_OF(CONF_VALUE) * headers,
+ int req_timeout)
+{
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;
OCSP_RESPONSE *resp = NULL;
cbio = BIO_new_connect(host);
- if (!cbio)
- {
+ if (!cbio) {
BIO_printf(err, "Error creating connect BIO\n");
goto end;
- }
- if (port) BIO_set_conn_port(cbio, port);
- if (use_ssl == 1)
- {
+ }
+ if (port)
+ BIO_set_conn_port(cbio, port);
+ if (use_ssl == 1) {
BIO *sbio;
ctx = SSL_CTX_new(SSLv23_client_method());
- if (ctx == NULL)
- {
+ if (ctx == NULL) {
BIO_printf(err, "Error creating SSL context.\n");
goto end;
- }
+ }
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
- }
+ }
resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responder\n");
- end:
+end:
if (cbio)
BIO_free_all(cbio);
if (ctx)
SSL_CTX_free(ctx);
return resp;
- }
+}
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
+#define OPENSSL_C /* tells apps.h to use complete
+ * apps_startup() */
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
* functions. */
-static LHASH_OF(FUNCTION) *prog_init(void );
-static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
-static void list_pkey(BIO *out);
-static void list_cipher(BIO *out);
-static void list_md(BIO *out);
-char *default_config_file=NULL;
+static LHASH_OF(FUNCTION) * prog_init(void);
+static int do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]);
+static void list_pkey(BIO * out);
+static void list_cipher(BIO * out);
+static void list_md(BIO * out);
+char *default_config_file = NULL;
-CONF *config=NULL;
-BIO *bio_err=NULL;
+CONF *config = NULL;
+BIO *bio_err = NULL;
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+static void
+lock_dbg_cb(int mode, int type, const char *file, int line)
+{
+ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
const char *errstr = NULL;
int rw;
-
- rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
- if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
- {
+
+ rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
+ if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
errstr = "invalid mode";
goto err;
- }
-
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
- {
+ }
+ if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
errstr = "type out of bounds";
goto err;
- }
-
- if (mode & CRYPTO_LOCK)
- {
- if (modes[type])
- {
+ }
+ if (mode & CRYPTO_LOCK) {
+ if (modes[type]) {
errstr = "already locked";
- /* must not happen in a single-threaded program
- * (would deadlock) */
+ /*
+ * must not happen in a single-threaded program
+ * (would deadlock)
+ */
goto err;
- }
-
- modes[type] = rw;
}
- else if (mode & CRYPTO_UNLOCK)
- {
- if (!modes[type])
- {
+ modes[type] = rw;
+ } else if (mode & CRYPTO_UNLOCK) {
+ if (!modes[type]) {
errstr = "not locked";
goto err;
- }
-
- if (modes[type] != rw)
- {
+ }
+ if (modes[type] != rw) {
errstr = (rw == CRYPTO_READ) ?
- "CRYPTO_r_unlock on write lock" :
- "CRYPTO_w_unlock on read lock";
- }
-
- modes[type] = 0;
+ "CRYPTO_r_unlock on write lock" :
+ "CRYPTO_w_unlock on read lock";
}
- else
- {
+ modes[type] = 0;
+ } else {
errstr = "invalid mode";
goto err;
- }
+ }
- err:
- if (errstr)
- {
+err:
+ if (errstr) {
/* we cannot use bio_err here */
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
- errstr, mode, type, file, line);
- }
+ errstr, mode, type, file, line);
}
+}
-# define ARGV Argv
+#define ARGV Argv
-int main(int Argc, char *ARGV[])
- {
+int
+main(int Argc, char *ARGV[])
+{
ARGS arg;
#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
- FUNCTION f,*fp;
+ char pname[PROG_NAME_SIZE + 1];
+ FUNCTION f, *fp;
const char *prompt;
char buf[1024];
- char *to_free=NULL;
- int n,i,ret=0;
+ char *to_free = NULL;
+ int n, i, ret = 0;
int argc;
- char **argv,*p;
- LHASH_OF(FUNCTION) *prog=NULL;
+ char **argv, *p;
+ LHASH_OF(FUNCTION) * prog = NULL;
long errline;
- arg.data=NULL;
- arg.count=0;
+ arg.data = NULL;
+ arg.count = 0;
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
- {
- if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
- {
+ if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
+ * compiled-in library
+ * defaults */
+ if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
+ } else {
/* OPENSSL_DEBUG_MEMORY=off */
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
}
+ }
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#if 0
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
#endif
- {
+ {
CRYPTO_set_locking_callback(lock_dbg_cb);
- }
-
- if(getenv("OPENSSL_FIPS")) {
+ }
+ if (getenv("OPENSSL_FIPS")) {
#ifdef OPENSSL_FIPS
if (!FIPS_mode_set(1)) {
ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
exit(1);
}
#else
fprintf(stderr, "FIPS mode not supported.\n");
exit(1);
#endif
- }
-
+ }
apps_startup();
/* Lets load up our environment a little */
- p=getenv("OPENSSL_CONF");
+ p = getenv("OPENSSL_CONF");
if (p == NULL)
- p=getenv("SSLEAY_CONF");
+ p = getenv("SSLEAY_CONF");
if (p == NULL)
- p=to_free=make_config_name();
+ p = to_free = make_config_name();
- default_config_file=p;
+ default_config_file = p;
- config=NCONF_new(NULL);
- i=NCONF_load(config,p,&errline);
- if (i == 0)
- {
+ config = NCONF_new(NULL);
+ i = NCONF_load(config, p, &errline);
+ if (i == 0) {
if (ERR_GET_REASON(ERR_peek_last_error())
- == CONF_R_NO_SUCH_FILE)
- {
+ == CONF_R_NO_SUCH_FILE) {
BIO_printf(bio_err,
- "WARNING: can't open config file: %s\n",p);
+ "WARNING: can't open config file: %s\n", p);
ERR_clear_error();
NCONF_free(config);
config = NULL;
- }
- else
- {
+ } else {
ERR_print_errors(bio_err);
NCONF_free(config);
exit(1);
- }
}
-
- prog=prog_init();
+ }
+ prog = prog_init();
/* first check the program name */
- program_name(Argv[0],pname,sizeof pname);
-
- f.name=pname;
- fp=lh_FUNCTION_retrieve(prog,&f);
- if (fp != NULL)
- {
- Argv[0]=pname;
- ret=fp->func(Argc,Argv);
- goto end;
- }
+ program_name(Argv[0], pname, sizeof pname);
- /* ok, now check that there are not arguments, if there are,
- * run with them, shifting the ssleay off the front */
- if (Argc != 1)
- {
+ f.name = pname;
+ fp = lh_FUNCTION_retrieve(prog, &f);
+ if (fp != NULL) {
+ Argv[0] = pname;
+ ret = fp->func(Argc, Argv);
+ goto end;
+ }
+ /*
+ * ok, now check that there are not arguments, if there are, run with
+ * them, shifting the ssleay off the front
+ */
+ if (Argc != 1) {
Argc--;
Argv++;
- ret=do_cmd(prog,Argc,Argv);
- if (ret < 0) ret=0;
+ ret = do_cmd(prog, Argc, Argv);
+ if (ret < 0)
+ ret = 0;
goto end;
- }
-
+ }
/* ok, lets enter the old 'OpenSSL>' mode */
-
- for (;;)
- {
- ret=0;
- p=buf;
- n=sizeof buf;
- i=0;
- for (;;)
- {
- p[0]='\0';
+
+ for (;;) {
+ ret = 0;
+ p = buf;
+ n = sizeof buf;
+ i = 0;
+ for (;;) {
+ p[0] = '\0';
if (i++)
- prompt=">";
- else prompt="OpenSSL> ";
- fputs(prompt,stdout);
+ prompt = ">";
+ else
+ prompt = "OpenSSL> ";
+ fputs(prompt, stdout);
fflush(stdout);
- if (!fgets(p,n,stdin))
+ if (!fgets(p, n, stdin))
goto end;
- if (p[0] == '\0') goto end;
- i=strlen(p);
- if (i <= 1) break;
- if (p[i-2] != '\\') break;
- i-=2;
- p+=i;
- n-=i;
- }
- if (!chopup_args(&arg,buf,&argc,&argv)) break;
+ if (p[0] == '\0')
+ goto end;
+ i = strlen(p);
+ if (i <= 1)
+ break;
+ if (p[i - 2] != '\\')
+ break;
+ i -= 2;
+ p += i;
+ n -= i;
+ }
+ if (!chopup_args(&arg, buf, &argc, &argv))
+ break;
- ret=do_cmd(prog,argc,argv);
- if (ret < 0)
- {
- ret=0;
+ ret = do_cmd(prog, argc, argv);
+ if (ret < 0) {
+ ret = 0;
goto end;
- }
- if (ret != 0)
- BIO_printf(bio_err,"error in %s\n",argv[0]);
- (void)BIO_flush(bio_err);
}
- BIO_printf(bio_err,"bad exit\n");
- ret=1;
+ if (ret != 0)
+ BIO_printf(bio_err, "error in %s\n", argv[0]);
+ (void) BIO_flush(bio_err);
+ }
+ BIO_printf(bio_err, "bad exit\n");
+ ret = 1;
end:
if (to_free)
free(to_free);
- if (config != NULL)
- {
+ if (config != NULL) {
NCONF_free(config);
- config=NULL;
- }
- if (prog != NULL) lh_FUNCTION_free(prog);
- if (arg.data != NULL) free(arg.data);
+ config = NULL;
+ }
+ if (prog != NULL)
+ lh_FUNCTION_free(prog);
+ if (arg.data != NULL)
+ free(arg.data);
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- {
+ if (bio_err != NULL) {
BIO_free(bio_err);
- bio_err=NULL;
- }
- return(ret);
+ bio_err = NULL;
}
+ return (ret);
+}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
-static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
- {
- FUNCTION f,*fp;
- int i,ret=1,tp,nl;
-
- if ((argc <= 0) || (argv[0] == NULL))
- { ret=0; goto end; }
- f.name=argv[0];
- fp=lh_FUNCTION_retrieve(prog,&f);
- if (fp == NULL)
- {
- if (EVP_get_digestbyname(argv[0]))
- {
+static int
+do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
+{
+ FUNCTION f, *fp;
+ int i, ret = 1, tp, nl;
+
+ if ((argc <= 0) || (argv[0] == NULL)) {
+ ret = 0;
+ goto end;
+ }
+ f.name = argv[0];
+ fp = lh_FUNCTION_retrieve(prog, &f);
+ if (fp == NULL) {
+ if (EVP_get_digestbyname(argv[0])) {
f.type = FUNC_TYPE_MD;
f.func = dgst_main;
fp = &f;
- }
- else if (EVP_get_cipherbyname(argv[0]))
- {
+ } else if (EVP_get_cipherbyname(argv[0])) {
f.type = FUNC_TYPE_CIPHER;
f.func = enc_main;
fp = &f;
- }
}
- if (fp != NULL)
- {
- ret=fp->func(argc,argv);
- }
- else if ((strncmp(argv[0],"no-",3)) == 0)
- {
- BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
- f.name=argv[0]+3;
- ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
+ }
+ if (fp != NULL) {
+ ret = fp->func(argc, argv);
+ } else if ((strncmp(argv[0], "no-", 3)) == 0) {
+ BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+ f.name = argv[0] + 3;
+ ret = (lh_FUNCTION_retrieve(prog, &f) != NULL);
if (!ret)
BIO_printf(bio_stdout, "%s\n", argv[0]);
else
- BIO_printf(bio_stdout, "%s\n", argv[0]+3);
+ BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
BIO_free_all(bio_stdout);
goto end;
- }
- else if ((strcmp(argv[0],"quit") == 0) ||
- (strcmp(argv[0],"q") == 0) ||
- (strcmp(argv[0],"exit") == 0) ||
- (strcmp(argv[0],"bye") == 0))
- {
- ret= -1;
+ } else if ((strcmp(argv[0], "quit") == 0) ||
+ (strcmp(argv[0], "q") == 0) ||
+ (strcmp(argv[0], "exit") == 0) ||
+ (strcmp(argv[0], "bye") == 0)) {
+ ret = -1;
goto end;
- }
- else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
- (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
- (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
- {
+ } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
+ (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+ (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
+ (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0) ||
+ (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0) ||
+ (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) {
int list_type;
BIO *bio_stdout;
- if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+ if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0)
list_type = FUNC_TYPE_GENERAL;
- else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+ else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0)
list_type = FUNC_TYPE_MD;
- else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
+ else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
list_type = FUNC_TYPE_MD_ALG;
- else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)
+ else if (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)
list_type = FUNC_TYPE_PKEY;
- else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0)
+ else if (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0)
list_type = FUNC_TYPE_CIPHER_ALG;
- else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+ else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
- bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+ bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
if (list_type == FUNC_TYPE_PKEY)
- list_pkey(bio_stdout);
+ list_pkey(bio_stdout);
if (list_type == FUNC_TYPE_MD_ALG)
- list_md(bio_stdout);
+ list_md(bio_stdout);
if (list_type == FUNC_TYPE_CIPHER_ALG)
- list_cipher(bio_stdout);
- else
- {
- for (fp=functions; fp->name != NULL; fp++)
+ list_cipher(bio_stdout);
+ else {
+ for (fp = functions; fp->name != NULL; fp++)
if (fp->type == list_type)
BIO_printf(bio_stdout, "%s\n",
- fp->name);
- }
+ fp->name);
+ }
BIO_free_all(bio_stdout);
- ret=0;
+ ret = 0;
goto end;
- }
- else
- {
- BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
- argv[0]);
+ } else {
+ BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n",
+ argv[0]);
BIO_printf(bio_err, "\nStandard commands");
- i=0;
- tp=0;
- for (fp=functions; fp->name != NULL; fp++)
- {
- nl=0;
+ i = 0;
+ tp = 0;
+ for (fp = functions; fp->name != NULL; fp++) {
+ nl = 0;
#ifdef OPENSSL_NO_CAMELLIA
if (((i++) % 5) == 0)
#else
if (((i++) % 4) == 0)
#endif
- {
- BIO_printf(bio_err,"\n");
- nl=1;
- }
- if (fp->type != tp)
- {
- tp=fp->type;
- if (!nl) BIO_printf(bio_err,"\n");
- if (tp == FUNC_TYPE_MD)
- {
- i=1;
+ {
+ BIO_printf(bio_err, "\n");
+ nl = 1;
+ }
+ if (fp->type != tp) {
+ tp = fp->type;
+ if (!nl)
+ BIO_printf(bio_err, "\n");
+ if (tp == FUNC_TYPE_MD) {
+ i = 1;
BIO_printf(bio_err,
- "\nMessage Digest commands (see the `dgst' command for more details)\n");
- }
- else if (tp == FUNC_TYPE_CIPHER)
- {
- i=1;
- BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
- }
+ "\nMessage Digest commands (see the `dgst' command for more details)\n");
+ } else if (tp == FUNC_TYPE_CIPHER) {
+ i = 1;
+ BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
}
+ }
#ifdef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"%-15s",fp->name);
+ BIO_printf(bio_err, "%-15s", fp->name);
#else
- BIO_printf(bio_err,"%-18s",fp->name);
+ BIO_printf(bio_err, "%-18s", fp->name);
#endif
- }
- BIO_printf(bio_err,"\n\n");
- ret=0;
}
-end:
- return(ret);
+ BIO_printf(bio_err, "\n\n");
+ ret = 0;
}
-
-static int SortFnByName(const void *_f1,const void *_f2)
- {
- const FUNCTION *f1=_f1;
- const FUNCTION *f2=_f2;
-
- if(f1->type != f2->type)
- return f1->type-f2->type;
- return strcmp(f1->name,f2->name);
- }
-
-static void list_pkey(BIO *out)
- {
+end:
+ return (ret);
+}
+
+static int
+SortFnByName(const void *_f1, const void *_f2)
+{
+ const FUNCTION *f1 = _f1;
+ const FUNCTION *f2 = _f2;
+
+ if (f1->type != f2->type)
+ return f1->type - f2->type;
+ return strcmp(f1->name, f2->name);
+}
+
+static void
+list_pkey(BIO * out)
+{
int i;
- for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
- {
+ for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id, pkey_base_id, pkey_flags;
const char *pinfo, *pem_str;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
- &pinfo, &pem_str, ameth);
- if (pkey_flags & ASN1_PKEY_ALIAS)
- {
- BIO_printf(out, "Name: %s\n",
- OBJ_nid2ln(pkey_id));
+ &pinfo, &pem_str, ameth);
+ if (pkey_flags & ASN1_PKEY_ALIAS) {
+ BIO_printf(out, "Name: %s\n",
+ OBJ_nid2ln(pkey_id));
BIO_printf(out, "\tType: Alias to %s\n",
- OBJ_nid2ln(pkey_base_id));
- }
- else
- {
+ OBJ_nid2ln(pkey_base_id));
+ } else {
BIO_printf(out, "Name: %s\n", pinfo);
- BIO_printf(out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ?
- "External" : "Builtin");
+ BIO_printf(out, "\tType: %s Algorithm\n",
+ pkey_flags & ASN1_PKEY_DYNAMIC ?
+ "External" : "Builtin");
BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
if (pem_str == NULL)
pem_str = "(none)";
BIO_printf(out, "\tPEM string: %s\n", pem_str);
- }
-
}
+
}
+}
-static void list_cipher_fn(const EVP_CIPHER *c,
- const char *from, const char *to, void *arg)
- {
+static void
+list_cipher_fn(const EVP_CIPHER * c,
+ const char *from, const char *to, void *arg)
+{
if (c)
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
- else
- {
+ else {
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
- }
}
+}
-static void list_cipher(BIO *out)
- {
+static void
+list_cipher(BIO * out)
+{
EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
- }
+}
-static void list_md_fn(const EVP_MD *m,
- const char *from, const char *to, void *arg)
- {
+static void
+list_md_fn(const EVP_MD * m,
+ const char *from, const char *to, void *arg)
+{
if (m)
BIO_printf(arg, "%s\n", EVP_MD_name(m));
- else
- {
+ else {
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
- }
}
+}
-static void list_md(BIO *out)
- {
+static void
+list_md(BIO * out)
+{
EVP_MD_do_all_sorted(list_md_fn, out);
- }
-
-static int function_cmp(const FUNCTION *a, const FUNCTION *b)
- {
- return strncmp(a->name,b->name,8);
- }
-static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
-
-static unsigned long function_hash(const FUNCTION *a)
- {
+}
+
+static int
+function_cmp(const FUNCTION * a, const FUNCTION * b)
+{
+ return strncmp(a->name, b->name, 8);
+}
+static
+IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
+ static unsigned long function_hash(const FUNCTION * a)
+{
return lh_strhash(a->name);
- }
-static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
-
-static LHASH_OF(FUNCTION) *prog_init(void)
- {
- LHASH_OF(FUNCTION) *ret;
+}
+static
+IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
+ static LHASH_OF(FUNCTION) * prog_init(void)
+{
+ LHASH_OF(FUNCTION) * ret;
FUNCTION *f;
size_t i;
/* Purely so it looks nice when the user hits ? */
- for(i=0,f=functions ; f->name != NULL ; ++f,++i)
- ;
- qsort(functions,i,sizeof *functions,SortFnByName);
-
- if ((ret=lh_FUNCTION_new()) == NULL)
- return(NULL);
+ for (i = 0, f = functions; f->name != NULL; ++f, ++i);
+ qsort(functions, i, sizeof *functions, SortFnByName);
- for (f=functions; f->name != NULL; f++)
- (void)lh_FUNCTION_insert(ret,f);
- return(ret);
- }
+ if ((ret = lh_FUNCTION_new()) == NULL)
+ return (NULL);
+ for (f = functions; f->name != NULL; f++)
+ (void) lh_FUNCTION_insert(ret, f);
+ return (ret);
+}
/* apps/passwd.c */
#if defined OPENSSL_NO_MD5
-# define NO_MD5CRYPT_1
+#define NO_MD5CRYPT_1
#endif
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
+#include <openssl/des.h>
#endif
#ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
+#include <openssl/md5.h>
#endif
#define PROG passwd_main
-static unsigned const char cov_2char[64]={
+static unsigned const char cov_2char[64] = {
/* from crypto/des/fcrypt.c */
- 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
- 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
- 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
- 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
- 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
- 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
- 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
- 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
};
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1);
+static int
+do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO * out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int use1, int useapr1);
/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
badopt = 0, opt_done = 0;
i = 0;
- while (!badopt && !opt_done && argv[++i] != NULL)
- {
+ while (!badopt && !opt_done && argv[++i] != NULL) {
if (strcmp(argv[i], "-crypt") == 0)
usecrypt = 1;
else if (strcmp(argv[i], "-1") == 0)
use1 = 1;
else if (strcmp(argv[i], "-apr1") == 0)
useapr1 = 1;
- else if (strcmp(argv[i], "-salt") == 0)
- {
- if ((argv[i+1] != NULL) && (salt == NULL))
- {
+ else if (strcmp(argv[i], "-salt") == 0) {
+ if ((argv[i + 1] != NULL) && (salt == NULL)) {
passed_salt = 1;
salt = argv[++i];
- }
- else
+ } else
badopt = 1;
- }
- else if (strcmp(argv[i], "-in") == 0)
- {
- if ((argv[i+1] != NULL) && !pw_source_defined)
- {
+ } else if (strcmp(argv[i], "-in") == 0) {
+ if ((argv[i + 1] != NULL) && !pw_source_defined) {
pw_source_defined = 1;
infile = argv[++i];
- }
- else
+ } else
badopt = 1;
- }
- else if (strcmp(argv[i], "-stdin") == 0)
- {
- if (!pw_source_defined)
- {
+ } else if (strcmp(argv[i], "-stdin") == 0) {
+ if (!pw_source_defined) {
pw_source_defined = 1;
in_stdin = 1;
- }
- else
+ } else
badopt = 1;
- }
- else if (strcmp(argv[i], "-noverify") == 0)
+ } else if (strcmp(argv[i], "-noverify") == 0)
in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
badopt = 1;
else if (!pw_source_defined)
/* non-option arguments, use as passwords */
- {
+ {
pw_source_defined = 1;
passwds = &argv[i];
opt_done = 1;
- }
- else
+ } else
badopt = 1;
- }
+ }
- if (!usecrypt && !use1 && !useapr1) /* use default */
+ if (!usecrypt && !use1 && !useapr1) /* use default */
usecrypt = 1;
- if (usecrypt + use1 + useapr1 > 1) /* conflict */
+ if (usecrypt + use1 + useapr1 > 1) /* conflict */
badopt = 1;
/* reject unsupported algorithms */
#ifdef OPENSSL_NO_DES
- if (usecrypt) badopt = 1;
+ if (usecrypt)
+ badopt = 1;
#endif
#ifdef NO_MD5CRYPT_1
- if (use1 || useapr1) badopt = 1;
+ if (use1 || useapr1)
+ badopt = 1;
#endif
- if (badopt)
- {
+ if (badopt) {
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n");
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
-
- goto err;
- }
- if ((infile != NULL) || in_stdin)
- {
+ goto err;
+ }
+ if ((infile != NULL) || in_stdin) {
in = BIO_new(BIO_s_file());
if (in == NULL)
goto err;
- if (infile != NULL)
- {
+ if (infile != NULL) {
assert(in_stdin == 0);
if (BIO_read_filename(in, infile) <= 0)
goto err;
- }
- else
- {
+ } else {
assert(in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
- }
}
-
+ }
if (usecrypt)
pw_maxlen = 8;
else if (use1 || useapr1)
- pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
+ pw_maxlen = 256;/* arbitrary limit, should be enough for most
+ * passwords */
- if (passwds == NULL)
- {
+ if (passwds == NULL) {
/* no passwords on the command line */
passwd_malloc_size = pw_maxlen + 2;
passwd = passwd_malloc = malloc(passwd_malloc_size);
if (passwd_malloc == NULL)
goto err;
- }
-
- if ((in == NULL) && (passwds == NULL))
- {
+ }
+ if ((in == NULL) && (passwds == NULL)) {
/* build a null-terminated list */
static char *passwds_static[2] = {NULL, NULL};
-
+
passwds = passwds_static;
if (in == NULL)
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
- }
-
- if (in == NULL)
- {
+ }
+ if (in == NULL) {
assert(passwds != NULL);
assert(*passwds != NULL);
-
- do /* loop over list of passwords */
- {
+
+ do { /* loop over list of passwords */
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
- }
- while (*passwds != NULL);
}
- else
+ while (*passwds != NULL);
+ } else
/* in != NULL */
- {
+ {
int done;
- assert (passwd != NULL);
- do
- {
+ assert(passwd != NULL);
+ do {
int r = BIO_gets(in, passwd, pw_maxlen + 1);
- if (r > 0)
- {
- char *c = (strchr(passwd, '\n')) ;
+ if (r > 0) {
+ char *c = (strchr(passwd, '\n'));
if (c != NULL)
- *c = 0; /* truncate at newline */
- else
- {
+ *c = 0; /* truncate at newline */
+ else {
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof trash);
while ((r > 0) && (!strchr(trash, '\n')));
- }
-
+ }
+
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
- }
- done = (r <= 0);
}
- while (!done);
+ done = (r <= 0);
}
+ while (!done);
+ }
ret = 0;
err:
if (out)
BIO_free_all(out);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
#ifndef NO_MD5CRYPT_1
* 'magic' string was changed -- the laziest application of the NIH principle
* I've ever encountered.)
*/
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
- {
- static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+static char *
+md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+ static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5h
+ * ash..........\0" */
unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out;
int n;
unsigned int i;
- EVP_MD_CTX md,md2;
+ EVP_MD_CTX md, md2;
size_t passwd_len, salt_len;
passwd_len = strlen(passwd);
out_buf[0] = '$';
out_buf[1] = 0;
- assert(strlen(magic) <= 4); /* "1" or "apr1" */
+ assert(strlen(magic) <= 4); /* "1" or "apr1" */
strlcat(out_buf, magic, sizeof(out_buf));
strlcat(out_buf, "$", sizeof(out_buf));
strlcat(out_buf, salt, sizeof(out_buf));
- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
assert(salt_len <= 8);
-
+
EVP_MD_CTX_init(&md);
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+ EVP_DigestInit_ex(&md, EVP_md5(), NULL);
EVP_DigestUpdate(&md, passwd, passwd_len);
EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, magic, strlen(magic));
EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, salt_out, salt_len);
-
+
EVP_MD_CTX_init(&md2);
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, salt_out, salt_len);
EVP_DigestUpdate(&md2, passwd, passwd_len);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
EVP_DigestUpdate(&md, buf, sizeof buf);
EVP_DigestUpdate(&md, buf, i);
-
+
n = passwd_len;
- while (n)
- {
+ while (n) {
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
n >>= 1;
- }
+ }
EVP_DigestFinal_ex(&md, buf, NULL);
- for (i = 0; i < 1000; i++)
- {
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+ for (i = 0; i < 1000; i++) {
+ EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ (i & 1) ? passwd_len : sizeof buf);
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
- (i & 1) ? sizeof buf : passwd_len);
+ (i & 1) ? sizeof buf : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
- }
+ }
EVP_MD_CTX_cleanup(&md2);
-
- {
+
+ {
/* transform buf into output string */
-
+
unsigned char buf_perm[sizeof buf];
int dest, source;
char *output;
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
-#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
+#ifndef PEDANTIC /* Unfortunately, this generates a "no
+ * effect" warning */
assert(16 == sizeof buf_perm);
#endif
-
+
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));
-
+
*output++ = '$';
- for (i = 0; i < 15; i += 3)
- {
- *output++ = cov_2char[buf_perm[i+2] & 0x3f];
- *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
- (buf_perm[i+2] >> 6)];
+ for (i = 0; i < 15; i += 3) {
+ *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+ *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+ (buf_perm[i + 2] >> 6)];
*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
- (buf_perm[i+1] >> 4)];
+ (buf_perm[i + 1] >> 4)];
*output++ = cov_2char[buf_perm[i] >> 2];
- }
+ }
assert(i == 15);
*output++ = cov_2char[buf_perm[i] & 0x3f];
*output++ = cov_2char[buf_perm[i] >> 6];
*output = 0;
assert(strlen(out_buf) < sizeof(out_buf));
- }
+ }
EVP_MD_CTX_cleanup(&md);
return out_buf;
- }
+}
#endif
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1)
- {
+static int
+do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO * out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int use1, int useapr1)
+{
char *hash = NULL;
assert(salt_p != NULL);
assert(salt_malloc_p != NULL);
/* first make sure we have a salt */
- if (!passed_salt)
- {
+ if (!passed_salt) {
#ifndef OPENSSL_NO_DES
- if (usecrypt)
- {
- if (*salt_malloc_p == NULL)
- {
+ if (usecrypt) {
+ if (*salt_malloc_p == NULL) {
*salt_p = *salt_malloc_p = malloc(3);
if (*salt_malloc_p == NULL)
goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ }
+ if (RAND_pseudo_bytes((unsigned char *) *salt_p, 2) < 0)
goto err;
- (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
- (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
(*salt_p)[2] = 0;
- }
-#endif /* !OPENSSL_NO_DES */
+ }
+#endif /* !OPENSSL_NO_DES */
#ifndef NO_MD5CRYPT_1
- if (use1 || useapr1)
- {
+ if (use1 || useapr1) {
int i;
-
- if (*salt_malloc_p == NULL)
- {
+
+ if (*salt_malloc_p == NULL) {
*salt_p = *salt_malloc_p = malloc(9);
if (*salt_malloc_p == NULL)
goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ }
+ if (RAND_pseudo_bytes((unsigned char *) *salt_p, 8) < 0)
goto err;
-
+
for (i = 0; i < 8; i++)
- (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[8] = 0;
- }
-#endif /* !NO_MD5CRYPT_1 */
}
-
+#endif /* !NO_MD5CRYPT_1 */
+ }
assert(*salt_p != NULL);
-
+
/* truncate password if necessary */
- if ((strlen(passwd) > pw_maxlen))
- {
+ if ((strlen(passwd) > pw_maxlen)) {
if (!quiet)
- /* XXX: really we should know how to print a size_t, not cast it */
- BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
+ /*
+ * XXX: really we should know how to print a size_t,
+ * not cast it
+ */
+ BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned) pw_maxlen);
passwd[pw_maxlen] = 0;
- }
+ }
assert(strlen(passwd) <= pw_maxlen);
-
+
/* now compute password hash */
#ifndef OPENSSL_NO_DES
if (usecrypt)
else
BIO_printf(out, "%s\n", hash);
return 1;
-
+
err:
return 0;
- }
+}
#else
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
fputs("Program not available.\n", stderr)
- return(1);
- }
+ return (1);
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define CLCERTS 0x8
#define CACERTS 0x10
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
- int passlen, int options, char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
-void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK_OF(X509) *sk);
-static int set_pbe(BIO *err, int *ppbe, const char *str);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain);
+int dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass, int passlen, int options, char *pempass);
+int
+dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags, char *pass,
+ int passlen, int options, char *pempass);
+ int dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bags, char *pass, int passlen, int options, char *pempass);
+ int print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name);
+ void hex_prin(BIO * out, unsigned char *buf, int len);
+ int alg_print(BIO * x, X509_ALGOR * alg);
+ int cert_load(BIO * in, STACK_OF(X509) * sk);
+ static int set_pbe(BIO * err, int *ppbe, const char *str);
+
+ int MAIN(int, char **);
+
+ int MAIN(int argc, char **argv)
{
- ENGINE *e = NULL;
- char *infile=NULL, *outfile=NULL, *keyname = NULL;
- char *certfile=NULL;
- BIO *in=NULL, *out = NULL;
- char **args;
- char *name = NULL;
- char *csp_name = NULL;
- int add_lmk = 0;
- PKCS12 *p12 = NULL;
- char pass[50], macpass[50];
- int export_cert = 0;
- int options = 0;
- int chain = 0;
- int badarg = 0;
- int iter = PKCS12_DEFAULT_ITER;
- int maciter = PKCS12_DEFAULT_ITER;
- int twopass = 0;
- int keytype = 0;
- int cert_pbe;
- int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- int ret = 1;
- int macver = 1;
- int noprompt = 0;
- STACK_OF(OPENSSL_STRING) *canames = NULL;
- char *cpass = NULL, *mpass = NULL;
- char *passargin = NULL, *passargout = NULL, *passarg = NULL;
- char *passin = NULL, *passout = NULL;
- char *inrand = NULL;
- char *macalg = NULL;
- char *CApath = NULL, *CAfile = NULL;
+ ENGINE *e = NULL;
+ char *infile = NULL, *outfile = NULL, *keyname = NULL;
+ char *certfile = NULL;
+ BIO *in = NULL, *out = NULL;
+ char **args;
+ char *name = NULL;
+ char *csp_name = NULL;
+ int add_lmk = 0;
+ PKCS12 *p12 = NULL;
+ char pass[50], macpass[50];
+ int export_cert = 0;
+ int options = 0;
+ int chain = 0;
+ int badarg = 0;
+ int iter = PKCS12_DEFAULT_ITER;
+ int maciter = PKCS12_DEFAULT_ITER;
+ int twopass = 0;
+ int keytype = 0;
+ int cert_pbe;
+ int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ int ret = 1;
+ int macver = 1;
+ int noprompt = 0;
+ STACK_OF(OPENSSL_STRING) * canames = NULL;
+ char *cpass = NULL, *mpass = NULL;
+ char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *inrand = NULL;
+ char *macalg = NULL;
+ char *CApath = NULL, *CAfile = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
- apps_startup();
+ apps_startup();
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
- enc = EVP_des_ede3_cbc();
- if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ enc = EVP_des_ede3_cbc();
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- args = argv + 1;
-
-
- while (*args) {
- if (*args[0] == '-') {
- if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
- else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
- else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
- else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
- else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
- else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
- else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
- else if (!strcmp (*args, "-info")) options |= INFO;
- else if (!strcmp (*args, "-chain")) chain = 1;
- else if (!strcmp (*args, "-twopass")) twopass = 1;
- else if (!strcmp (*args, "-nomacver")) macver = 0;
- else if (!strcmp (*args, "-descert"))
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else if (!strcmp (*args, "-export")) export_cert = 1;
- else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+ args = argv + 1;
+
+
+ while (*args) {
+ if (*args[0] == '-') {
+ if (!strcmp(*args, "-nokeys"))
+ options |= NOKEYS;
+ else if (!strcmp(*args, "-keyex"))
+ keytype = KEY_EX;
+ else if (!strcmp(*args, "-keysig"))
+ keytype = KEY_SIG;
+ else if (!strcmp(*args, "-nocerts"))
+ options |= NOCERTS;
+ else if (!strcmp(*args, "-clcerts"))
+ options |= CLCERTS;
+ else if (!strcmp(*args, "-cacerts"))
+ options |= CACERTS;
+ else if (!strcmp(*args, "-noout"))
+ options |= (NOKEYS | NOCERTS);
+ else if (!strcmp(*args, "-info"))
+ options |= INFO;
+ else if (!strcmp(*args, "-chain"))
+ chain = 1;
+ else if (!strcmp(*args, "-twopass"))
+ twopass = 1;
+ else if (!strcmp(*args, "-nomacver"))
+ macver = 0;
+ else if (!strcmp(*args, "-descert"))
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else if (!strcmp(*args, "-export"))
+ export_cert = 1;
+ else if (!strcmp(*args, "-des"))
+ enc = EVP_des_cbc();
+ else if (!strcmp(*args, "-des3"))
+ enc = EVP_des_ede3_cbc();
#ifndef OPENSSL_NO_IDEA
- else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+ else if (!strcmp(*args, "-idea"))
+ enc = EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_SEED
- else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
+ else if (!strcmp(*args, "-seed"))
+ enc = EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+ else if (!strcmp(*args, "-aes128"))
+ enc = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ enc = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ enc = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-noiter")) iter = 1;
- else if (!strcmp (*args, "-maciter"))
- maciter = PKCS12_DEFAULT_ITER;
- else if (!strcmp (*args, "-nomaciter"))
- maciter = 1;
- else if (!strcmp (*args, "-nomac"))
- maciter = -1;
- else if (!strcmp (*args, "-macalg"))
- if (args[1]) {
- args++;
- macalg = *args;
- } else badarg = 1;
- else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-certpbe")) {
- if (!set_pbe(bio_err, &cert_pbe, *++args))
- badarg = 1;
- } else if (!strcmp (*args, "-keypbe")) {
- if (!set_pbe(bio_err, &key_pbe, *++args))
- badarg = 1;
- } else if (!strcmp (*args, "-rand")) {
- if (args[1]) {
- args++;
- inrand = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inkey")) {
- if (args[1]) {
- args++;
- keyname = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-certfile")) {
- if (args[1]) {
- args++;
- certfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-name")) {
- if (args[1]) {
- args++;
- name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-LMK"))
- add_lmk = 1;
- else if (!strcmp (*args, "-CSP")) {
- if (args[1]) {
- args++;
- csp_name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-caname")) {
- if (args[1]) {
- args++;
- if (!canames) canames = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(canames, *args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passin")) {
- if (args[1]) {
- args++;
- passargin = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passout")) {
- if (args[1]) {
- args++;
- passargout = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-password")) {
- if (args[1]) {
- args++;
- passarg = *args;
- noprompt = 1;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CApath")) {
- if (args[1]) {
- args++;
- CApath = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CAfile")) {
- if (args[1]) {
- args++;
- CAfile = *args;
- } else badarg = 1;
+ else if (!strcmp(*args, "-camellia128"))
+ enc = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ enc = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ enc = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp(*args, "-noiter"))
+ iter = 1;
+ else if (!strcmp(*args, "-maciter"))
+ maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp(*args, "-nomaciter"))
+ maciter = 1;
+ else if (!strcmp(*args, "-nomac"))
+ maciter = -1;
+ else if (!strcmp(*args, "-macalg"))
+ if (args[1]) {
+ args++;
+ macalg = *args;
+ } else
+ badarg = 1;
+ else if (!strcmp(*args, "-nodes"))
+ enc = NULL;
+ else if (!strcmp(*args, "-certpbe")) {
+ if (!set_pbe(bio_err, &cert_pbe, *++args))
+ badarg = 1;
+ } else if (!strcmp(*args, "-keypbe")) {
+ if (!set_pbe(bio_err, &key_pbe, *++args))
+ badarg = 1;
+ } else if (!strcmp(*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyname = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-name")) {
+ if (args[1]) {
+ args++;
+ name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp(*args, "-CSP")) {
+ if (args[1]) {
+ args++;
+ csp_name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-caname")) {
+ if (args[1]) {
+ args++;
+ if (!canames)
+ canames = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(canames, *args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passout")) {
+ if (args[1]) {
+ args++;
+ passargout = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-password")) {
+ if (args[1]) {
+ args++;
+ passarg = *args;
+ noprompt = 1;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else
+ badarg = 1;
#ifndef OPENSSL_NO_ENGINE
- } else if (!strcmp(*args,"-engine")) {
- if (args[1]) {
- args++;
- engine = *args;
- } else badarg = 1;
-#endif
- } else badarg = 1;
-
- } else badarg = 1;
- args++;
- }
-
- if (badarg) {
- BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-export output PKCS12 file\n");
- BIO_printf (bio_err, "-chain add certificate chain\n");
- BIO_printf (bio_err, "-inkey file private key if not infile\n");
- BIO_printf (bio_err, "-certfile f add all certs in f\n");
- BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
- BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
- BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
- BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
- BIO_printf (bio_err, "-in infile input filename\n");
- BIO_printf (bio_err, "-out outfile output filename\n");
- BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
- BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
- BIO_printf (bio_err, "-nocerts don't output certificates.\n");
- BIO_printf (bio_err, "-clcerts only output client certificates.\n");
- BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
- BIO_printf (bio_err, "-nokeys don't output private keys.\n");
- BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
- BIO_printf (bio_err, "-des encrypt private keys with DES\n");
- BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
+ } else if (!strcmp(*args, "-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else
+ badarg = 1;
+#endif
+ } else
+ badarg = 1;
+
+ } else
+ badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-export output PKCS12 file\n");
+ BIO_printf(bio_err, "-chain add certificate chain\n");
+ BIO_printf(bio_err, "-inkey file private key if not infile\n");
+ BIO_printf(bio_err, "-certfile f add all certs in f\n");
+ BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
+ BIO_printf(bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
+ BIO_printf(bio_err, "-in infile input filename\n");
+ BIO_printf(bio_err, "-out outfile output filename\n");
+ BIO_printf(bio_err, "-noout don't output anything, just verify.\n");
+ BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
+ BIO_printf(bio_err, "-nocerts don't output certificates.\n");
+ BIO_printf(bio_err, "-clcerts only output client certificates.\n");
+ BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
+ BIO_printf(bio_err, "-nokeys don't output private keys.\n");
+ BIO_printf(bio_err, "-info give info about PKCS#12 structure.\n");
+ BIO_printf(bio_err, "-des encrypt private keys with DES\n");
+ BIO_printf(bio_err, "-des3 encrypt private keys with triple DES (default)\n");
#ifndef OPENSSL_NO_IDEA
- BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
+ BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
+ BIO_printf(bio_err, "-seed encrypt private keys with seed\n");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
- BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
- BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n");
- BIO_printf (bio_err, "-maciter use MAC iteration\n");
- BIO_printf (bio_err, "-nomac don't generate MAC\n");
- BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
- BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
- BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
- BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
- BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
- BIO_printf (bio_err, "-keyex set MS key exchange type\n");
- BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password source\n");
- BIO_printf (bio_err, "-passin p input file pass phrase source\n");
- BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
+ BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
+ BIO_printf(bio_err, "-nomaciter don't use MAC iteration\n");
+ BIO_printf(bio_err, "-maciter use MAC iteration\n");
+ BIO_printf(bio_err, "-nomac don't generate MAC\n");
+ BIO_printf(bio_err, "-twopass separate MAC, encryption passwords\n");
+ BIO_printf(bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf(bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf(bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
+ BIO_printf(bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
+ BIO_printf(bio_err, "-keyex set MS key exchange type\n");
+ BIO_printf(bio_err, "-keysig set MS key signature type\n");
+ BIO_printf(bio_err, "-password p set import/export password source\n");
+ BIO_printf(bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf(bio_err, "-passout p output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
- BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
- BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
- goto end;
- }
-
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(passarg) {
- if(export_cert) passargout = passarg;
- else passargin = passarg;
- }
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- if(!cpass) {
- if(export_cert) cpass = passout;
- else cpass = passin;
- }
-
- if(cpass) {
- mpass = cpass;
- noprompt = 1;
- } else {
- cpass = pass;
- mpass = macpass;
- }
-
- if(export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
- ERR_load_crypto_strings();
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read files");
+ e = setup_engine(bio_err, engine, 0);
#endif
- if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
- else in = BIO_new_file(infile, "rb");
- if (!in) {
- BIO_printf(bio_err, "Error opening input file %s\n",
- infile ? infile : "<stdin>");
- perror (infile);
- goto end;
- }
+ if (passarg) {
+ if (export_cert)
+ passargout = passarg;
+ else
+ passargin = passarg;
+ }
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+ if (!cpass) {
+ if (export_cert)
+ cpass = passout;
+ else
+ cpass = passin;
+ }
+ if (cpass) {
+ mpass = cpass;
+ noprompt = 1;
+ } else {
+ cpass = pass;
+ mpass = macpass;
+ }
+
+ if (export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+ ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("write files");
-#endif
-
- if (!outfile) {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- } else out = BIO_new_file(outfile, "wb");
- if (!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "<stdout>");
- perror (outfile);
- goto end;
- }
- if (twopass) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read MAC password");
+ CRYPTO_push_info("read files");
#endif
- if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
+
+ if (!infile)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(infile, "rb");
+ if (!in) {
+ BIO_printf(bio_err, "Error opening input file %s\n",
+ infile ? infile : "<stdin>");
+ perror(infile);
+ goto end;
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
+ CRYPTO_pop_info();
+ CRYPTO_push_info("write files");
#endif
- }
- if (export_cert) {
- EVP_PKEY *key = NULL;
- X509 *ucert = NULL, *x = NULL;
- STACK_OF(X509) *certs=NULL;
- const EVP_MD *macmd = NULL;
- unsigned char *catmp = NULL;
- int i;
-
- if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
- {
- BIO_printf(bio_err, "Nothing to do!\n");
- goto export_end;
+ if (!outfile) {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ } else
+ out = BIO_new_file(outfile, "wb");
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "<stdout>");
+ perror(outfile);
+ goto end;
+ }
+ if (twopass) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+#endif
+ if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto end;
}
-
- if (options & NOCERTS)
- chain = 0;
-
#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("process -export_cert");
- CRYPTO_push_info("reading private key");
-#endif
- if (!(options & NOKEYS))
- {
- key = load_key(bio_err, keyname ? keyname : infile,
- FORMAT_PEM, 1, passin, e, "private key");
- if (!key)
+ CRYPTO_pop_info();
+#endif
+ }
+ if (export_cert) {
+ EVP_PKEY *key = NULL;
+ X509 *ucert = NULL, *x = NULL;
+ STACK_OF(X509) * certs = NULL;
+ const EVP_MD *macmd = NULL;
+ unsigned char *catmp = NULL;
+ int i;
+
+ if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+ BIO_printf(bio_err, "Nothing to do!\n");
goto export_end;
}
+ if (options & NOCERTS)
+ chain = 0;
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input");
+ CRYPTO_push_info("process -export_cert");
+ CRYPTO_push_info("reading private key");
+#endif
+ if (!(options & NOKEYS)) {
+ key = load_key(bio_err, keyname ? keyname : infile,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!key)
+ goto export_end;
+ }
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input");
#endif
- /* Load in all certs in input file */
- if(!(options & NOCERTS))
- {
- certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
- "certificates");
- if (!certs)
- goto export_end;
+ /* Load in all certs in input file */
+ if (!(options & NOCERTS)) {
+ certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates");
+ if (!certs)
+ goto export_end;
- if (key)
- {
- /* Look for matching private key */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if(X509_check_private_key(x, key))
- {
- ucert = x;
- /* Zero keyid and alias */
- X509_keyid_set1(ucert, NULL, 0);
- X509_alias_set1(ucert, NULL, 0);
- /* Remove from list */
- (void)sk_X509_delete(certs, i);
- break;
+ if (key) {
+ /* Look for matching private key */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (X509_check_private_key(x, key)) {
+ ucert = x;
+ /* Zero keyid and alias */
+ X509_keyid_set1(ucert, NULL, 0);
+ X509_alias_set1(ucert, NULL, 0);
+ /* Remove from list */
+ (void) sk_X509_delete(certs, i);
+ break;
}
}
- if (!ucert)
- {
- BIO_printf(bio_err, "No certificate matches private key\n");
- goto export_end;
+ if (!ucert) {
+ BIO_printf(bio_err, "No certificate matches private key\n");
+ goto export_end;
}
}
-
}
-
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input 2");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input 2");
#endif
- /* Add any more certificates asked for */
- if(certfile)
- {
- STACK_OF(X509) *morecerts=NULL;
- if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
- NULL, e,
- "certificates from certfile")))
- goto export_end;
- while(sk_X509_num(morecerts) > 0)
- sk_X509_push(certs, sk_X509_shift(morecerts));
- sk_X509_free(morecerts);
- }
-
+ /* Add any more certificates asked for */
+ if (certfile) {
+ STACK_OF(X509) * morecerts = NULL;
+ if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile")))
+ goto export_end;
+ while (sk_X509_num(morecerts) > 0)
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ sk_X509_free(morecerts);
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from certfile");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from certfile");
#endif
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("building chain");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("building chain");
#endif
- /* If chaining get chain from user cert */
- if (chain) {
- int vret;
- STACK_OF(X509) *chain2;
- X509_STORE *store = X509_STORE_new();
- if (!store)
- {
- BIO_printf (bio_err, "Memory allocation error\n");
- goto export_end;
+ /* If chaining get chain from user cert */
+ if (chain) {
+ int vret;
+ STACK_OF(X509) * chain2;
+ X509_STORE *store = X509_STORE_new();
+ if (!store) {
+ BIO_printf(bio_err, "Memory allocation error\n");
+ goto export_end;
}
- if (!X509_STORE_load_locations(store, CAfile, CApath))
- X509_STORE_set_default_paths (store);
-
- vret = get_cert_chain (ucert, store, &chain2);
- X509_STORE_free(store);
-
- if (!vret) {
- /* Exclude verified certificate */
- for (i = 1; i < sk_X509_num (chain2) ; i++)
- sk_X509_push(certs, sk_X509_value (chain2, i));
- /* Free first certificate */
- X509_free(sk_X509_value(chain2, 0));
- sk_X509_free(chain2);
- } else {
- if (vret >= 0)
- BIO_printf (bio_err, "Error %s getting chain.\n",
- X509_verify_cert_error_string(vret));
- else
- ERR_print_errors(bio_err);
- goto export_end;
- }
- }
-
- /* Add any CA names */
+ if (!X509_STORE_load_locations(store, CAfile, CApath))
+ X509_STORE_set_default_paths(store);
+
+ vret = get_cert_chain(ucert, store, &chain2);
+ X509_STORE_free(store);
+
+ if (!vret) {
+ /* Exclude verified certificate */
+ for (i = 1; i < sk_X509_num(chain2); i++)
+ sk_X509_push(certs, sk_X509_value(chain2, i));
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
+ if (vret >= 0)
+ BIO_printf(bio_err, "Error %s getting chain.\n",
+ X509_verify_cert_error_string(vret));
+ else
+ ERR_print_errors(bio_err);
+ goto export_end;
+ }
+ }
+ /* Add any CA names */
- for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
- {
- catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
- X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+ for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+ catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i);
+ X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
- if (csp_name && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)csp_name, -1);
+ if (csp_name && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+ MBSTRING_ASC, (unsigned char *) csp_name, -1);
- if (add_lmk && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading password");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading password");
#endif
- if(!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto export_end;
- }
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+ if (!noprompt &&
+ EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto export_end;
+ }
+ if (!twopass)
+ BUF_strlcpy(macpass, pass, sizeof macpass);
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("creating PKCS#12 structure");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("creating PKCS#12 structure");
#endif
- p12 = PKCS12_create(cpass, name, key, ucert, certs,
- key_pbe, cert_pbe, iter, -1, keytype);
+ p12 = PKCS12_create(cpass, name, key, ucert, certs,
+ key_pbe, cert_pbe, iter, -1, keytype);
- if (!p12)
- {
- ERR_print_errors (bio_err);
- goto export_end;
+ if (!p12) {
+ ERR_print_errors(bio_err);
+ goto export_end;
}
-
- if (macalg)
- {
- macmd = EVP_get_digestbyname(macalg);
- if (!macmd)
- {
- BIO_printf(bio_err, "Unknown digest algorithm %s\n",
- macalg);
+ if (macalg) {
+ macmd = EVP_get_digestbyname(macalg);
+ if (!macmd) {
+ BIO_printf(bio_err, "Unknown digest algorithm %s\n",
+ macalg);
}
}
-
- if (maciter != -1)
- PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
+ if (maciter != -1)
+ PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("writing pkcs12");
+ CRYPTO_pop_info();
+ CRYPTO_push_info("writing pkcs12");
#endif
- i2d_PKCS12_bio(out, p12);
+ i2d_PKCS12_bio(out, p12);
- ret = 0;
+ ret = 0;
- export_end:
+export_end:
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_pop_info();
- CRYPTO_push_info("process -export_cert: freeing");
+ CRYPTO_pop_info();
+ CRYPTO_pop_info();
+ CRYPTO_push_info("process -export_cert: freeing");
#endif
- if (key) EVP_PKEY_free(key);
- if (certs) sk_X509_pop_free(certs, X509_free);
- if (ucert) X509_free(ucert);
+ if (key)
+ EVP_PKEY_free(key);
+ if (certs)
+ sk_X509_pop_free(certs, X509_free);
+ if (ucert)
+ X509_free(ucert);
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
+ CRYPTO_pop_info();
#endif
- goto end;
-
- }
-
- if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
- ERR_print_errors(bio_err);
- goto end;
- }
+ goto end;
+ }
+ if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read import password");
+ CRYPTO_push_info("read import password");
#endif
- if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
+ if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto end;
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
+ CRYPTO_pop_info();
#endif
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+ if (!twopass)
+ BUF_strlcpy(macpass, pass, sizeof macpass);
- if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
- if(macver) {
+ if ((options & INFO) && p12->mac)
+ BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+ if (macver) {
#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("verify MAC");
-#endif
- /* If we enter empty password try no password first */
- if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
- /* If mac and crypto pass the same set it to NULL too */
- if(!twopass) cpass = NULL;
- } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
- BIO_printf (bio_err, "Mac verify error: invalid password?\n");
- ERR_print_errors (bio_err);
- goto end;
- }
- BIO_printf (bio_err, "MAC verified OK\n");
+ CRYPTO_push_info("verify MAC");
+#endif
+ /* If we enter empty password try no password first */
+ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+ /* If mac and crypto pass the same set it to NULL too */
+ if (!twopass)
+ cpass = NULL;
+ } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+ BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err, "MAC verified OK\n");
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
+ CRYPTO_pop_info();
#endif
- }
-
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("output keys and certificates");
+ CRYPTO_push_info("output keys and certificates");
#endif
- if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
- BIO_printf(bio_err, "Error outputting keys and certificates\n");
- ERR_print_errors (bio_err);
- goto end;
- }
+ if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
+ BIO_printf(bio_err, "Error outputting keys and certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
+ CRYPTO_pop_info();
#endif
- ret = 0;
- end:
- if (p12) PKCS12_free(p12);
- if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
+ ret = 0;
+end:
+ if (p12)
+ PKCS12_free(p12);
+ if (export_cert || inrand)
+ app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
- CRYPTO_remove_all_info();
-#endif
- BIO_free(in);
- BIO_free_all(out);
- if (canames) sk_OPENSSL_STRING_free(canames);
- if(passin) free(passin);
- if(passout) free(passout);
- apps_shutdown();
- return(ret);
+ CRYPTO_remove_all_info();
+#endif
+ BIO_free(in);
+ BIO_free_all(out);
+ if (canames)
+ sk_OPENSSL_STRING_free(canames);
+ if (passin)
+ free(passin);
+ if (passout)
+ free(passout);
+ apps_shutdown();
+ return (ret);
}
-int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
- int passlen, int options, char *pempass)
+int
+dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass,
+ int passlen, int options, char *pempass)
{
- STACK_OF(PKCS7) *asafes = NULL;
- STACK_OF(PKCS12_SAFEBAG) *bags;
+ STACK_OF(PKCS7) * asafes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) * bags;
int i, bagnid;
int ret = 0;
PKCS7 *p7;
- if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
- for (i = 0; i < sk_PKCS7_num (asafes); i++) {
- p7 = sk_PKCS7_value (asafes, i);
- bagnid = OBJ_obj2nid (p7->type);
+ if (!(asafes = PKCS12_unpack_authsafes(p12)))
+ return 0;
+ for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
- if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+ if (options & INFO)
+ BIO_printf(bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) {
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
- alg_print(bio_err,
- p7->d.encrypted->enc_data->algorithm);
+ alg_print(bio_err,
+ p7->d.encrypted->enc_data->algorithm);
}
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
- } else continue;
- if (!bags) goto err;
- if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
- options, pempass)) {
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+ } else
+ continue;
+ if (!bags)
+ goto err;
+ if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+ options, pempass)) {
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
goto err;
}
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
}
ret = 1;
- err:
+err:
if (asafes)
- sk_PKCS7_pop_free (asafes, PKCS7_free);
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
return ret;
}
-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
- char *pass, int passlen, int options, char *pempass)
+int
+dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags,
+ char *pass, int passlen, int options, char *pempass)
{
int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
- if (!dump_certs_pkeys_bag (out,
- sk_PKCS12_SAFEBAG_value (bags, i),
- pass, passlen,
- options, pempass))
- return 0;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+ if (!dump_certs_pkeys_bag(out,
+ sk_PKCS12_SAFEBAG_value(bags, i),
+ pass, passlen,
+ options, pempass))
+ return 0;
}
return 1;
}
-int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options, char *pempass)
+int
+dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass,
+ int passlen, int options, char *pempass)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
-
- switch (M_PKCS12_bag_type(bag))
- {
+
+ switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
- if (options & INFO) BIO_printf (bio_err, "Key bag\n");
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
+ if (options & INFO)
+ BIO_printf(bio_err, "Key bag\n");
+ if (options & NOKEYS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
p8 = bag->value.keybag;
- if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
- print_attribs (out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+ if (!(pkey = EVP_PKCS82PKEY(p8)))
+ return 0;
+ print_attribs(out, p8->attributes, "Key Attributes");
+ PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
- break;
+ break;
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
- BIO_printf (bio_err, "Shrouded Keybag: ");
- alg_print (bio_err, bag->value.shkeybag->algor);
+ BIO_printf(bio_err, "Shrouded Keybag: ");
+ alg_print(bio_err, bag->value.shkeybag->algor);
}
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
+ if (options & NOKEYS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
- return 0;
- if (!(pkey = EVP_PKCS82PKEY (p8))) {
+ return 0;
+ if (!(pkey = EVP_PKCS82PKEY(p8))) {
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
}
- print_attribs (out, p8->attributes, "Key Attributes");
+ print_attribs(out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+ PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
- break;
+ break;
case NID_certBag:
- if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
- if (options & NOCERTS) return 1;
- if (PKCS12_get_attr(bag, NID_localKeyID)) {
- if (options & CACERTS) return 1;
- } else if (options & CLCERTS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
- return 1;
- if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
- dump_cert_text (out, x509);
- PEM_write_bio_X509 (out, x509);
+ if (options & INFO)
+ BIO_printf(bio_err, "Certificate bag\n");
+ if (options & NOCERTS)
+ return 1;
+ if (PKCS12_get_attr(bag, NID_localKeyID)) {
+ if (options & CACERTS)
+ return 1;
+ } else if (options & CLCERTS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ return 1;
+ if (!(x509 = PKCS12_certbag2x509(bag)))
+ return 0;
+ dump_cert_text(out, x509);
+ PEM_write_bio_X509(out, x509);
X509_free(x509);
- break;
+ break;
case NID_safeContentsBag:
- if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
- print_attribs (out, bag->attrib, "Bag Attributes");
- return dump_certs_pkeys_bags (out, bag->value.safes, pass,
- passlen, options, pempass);
-
+ if (options & INFO)
+ BIO_printf(bio_err, "Safe Contents bag\n");
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ return dump_certs_pkeys_bags(out, bag->value.safes, pass,
+ passlen, options, pempass);
+
default:
- BIO_printf (bio_err, "Warning unsupported bag type: ");
- i2a_ASN1_OBJECT (bio_err, bag->type);
- BIO_printf (bio_err, "\n");
+ BIO_printf(bio_err, "Warning unsupported bag type: ");
+ i2a_ASN1_OBJECT(bio_err, bag->type);
+ BIO_printf(bio_err, "\n");
return 1;
- break;
+ break;
}
return 1;
}
/* Hope this is OK .... */
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+int
+get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain)
{
X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
+ STACK_OF(X509) * chn;
int i = 0;
- /* FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this
- * function is less obvious. */
+ /*
+ * FIXME: Should really check the return status of
+ * X509_STORE_CTX_init for an error, but how that fits into the
+ * return value of this function is less obvious.
+ */
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error (&store_ctx);
+ i = X509_STORE_CTX_get_error(&store_ctx);
if (i == 0)
- /* avoid returning 0 if X509_verify_cert() did not
- * set an appropriate error value in the context */
+ /*
+ * avoid returning 0 if X509_verify_cert() did not
+ * set an appropriate error value in the context
+ */
i = -1;
chn = NULL;
goto err;
err:
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
-
+
return i;
-}
+}
-int alg_print (BIO *x, X509_ALGOR *alg)
+int
+alg_print(BIO * x, X509_ALGOR * alg)
{
PBEPARAM *pbe;
const unsigned char *p;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 1;
- BIO_printf (bio_err, "%s, Iteration %ld\n",
- OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
- ASN1_INTEGER_get(pbe->iter));
- PBEPARAM_free (pbe);
+ BIO_printf(bio_err, "%s, Iteration %ld\n",
+ OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+ ASN1_INTEGER_get(pbe->iter));
+ PBEPARAM_free(pbe);
return 1;
}
/* Load all certificates from a given file */
-int cert_load(BIO *in, STACK_OF(X509) *sk)
+int
+cert_load(BIO * in, STACK_OF(X509) * sk)
{
int ret;
X509 *cert;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
#endif
- while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+ while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
- if(ret) ERR_clear_error();
+ if (ret)
+ ERR_clear_error();
return ret;
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
+int
+print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value;
int i, attr_nid;
- if(!attrlst) {
+ if (!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
- if(!sk_X509_ATTRIBUTE_num(attrlst)) {
+ if (!sk_X509_ATTRIBUTE_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
- for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
attr_nid = OBJ_obj2nid(attr->object);
BIO_printf(out, " ");
- if(attr_nid == NID_undef) {
- i2a_ASN1_OBJECT (out, attr->object);
+ if (attr_nid == NID_undef) {
+ i2a_ASN1_OBJECT(out, attr->object);
BIO_printf(out, ": ");
- } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+ } else
+ BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
- if(sk_ASN1_TYPE_num(attr->value.set)) {
+ if (sk_ASN1_TYPE_num(attr->value.set)) {
av = sk_ASN1_TYPE_value(attr->value.set, 0);
- switch(av->type) {
- case V_ASN1_BMPSTRING:
- value = OPENSSL_uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
+ switch (av->type) {
+ case V_ASN1_BMPSTRING:
+ value = OPENSSL_uni2asc(av->value.bmpstring->data,
+ av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
free(value);
break;
- case V_ASN1_OCTET_STRING:
+ case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
- BIO_printf(out, "\n");
+ av->value.octet_string->length);
+ BIO_printf(out, "\n");
break;
- case V_ASN1_BIT_STRING:
+ case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
- BIO_printf(out, "\n");
+ av->value.bit_string->length);
+ BIO_printf(out, "\n");
break;
- default:
- BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+ default:
+ BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
}
- } else BIO_printf(out, "<No Values>\n");
+ } else
+ BIO_printf(out, "<No Values>\n");
}
return 1;
}
-void hex_prin(BIO *out, unsigned char *buf, int len)
+void
+hex_prin(BIO * out, unsigned char *buf, int len)
{
int i;
- for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+ for (i = 0; i < len; i++)
+ BIO_printf(out, "%02X ", buf[i]);
}
-static int set_pbe(BIO *err, int *ppbe, const char *str)
- {
+static int
+set_pbe(BIO * err, int *ppbe, const char *str)
+{
if (!str)
return 0;
- if (!strcmp(str, "NONE"))
- {
+ if (!strcmp(str, "NONE")) {
*ppbe = -1;
return 1;
- }
- *ppbe=OBJ_txt2nid(str);
- if (*ppbe == NID_undef)
- {
+ }
+ *ppbe = OBJ_txt2nid(str);
+ if (*ppbe == NID_undef) {
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
return 0;
- }
- return 1;
}
-
+ return 1;
+}
+
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- PKCS7 *p7=NULL;
- int i,badops=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat;
- char *infile,*outfile,*prog;
- int print_certs=0,text=0,noout=0,p7_print=0;
- int ret=1;
+int
+MAIN(int argc, char **argv)
+{
+ PKCS7 *p7 = NULL;
+ int i, badops = 0;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat;
+ char *infile, *outfile, *prog;
+ int print_certs = 0, text = 0, noout = 0, p7_print = 0;
+ int ret = 1;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
- prog=argv[0];
+ prog = argv[0];
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-print") == 0)
- p7_print=1;
- else if (strcmp(*argv,"-print_certs") == 0)
- print_certs=1;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-print") == 0)
+ p7_print = 1;
+ else if (strcmp(*argv, "-print_certs") == 0)
+ print_certs = 1;
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
- BIO_printf(bio_err," -text print full details of certificates\n");
- BIO_printf(bio_err," -noout don't output encoded data\n");
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -print_certs print any certs or crl in the input\n");
+ BIO_printf(bio_err, " -text print full details of certificates\n");
+ BIO_printf(bio_err, " -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
#endif
ret = 1;
goto end;
- }
-
+ }
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
+ setup_engine(bio_err, engine, 0);
#endif
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
- goto end;
- }
-
+ goto end;
+ }
if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- if (in == NULL)
- {
- perror(infile);
- goto end;
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0)
+ if (in == NULL) {
+ perror(infile);
+ goto end;
}
- }
+ }
- if (informat == FORMAT_ASN1)
- p7=d2i_PKCS7_bio(in,NULL);
+ if (informat == FORMAT_ASN1)
+ p7 = d2i_PKCS7_bio(in, NULL);
else if (informat == FORMAT_PEM)
- p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
goto end;
- }
- if (p7 == NULL)
- {
- BIO_printf(bio_err,"unable to load PKCS7 object\n");
+ }
+ if (p7 == NULL) {
+ BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
- }
}
+ }
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
- if (print_certs)
- {
- STACK_OF(X509) *certs=NULL;
- STACK_OF(X509_CRL) *crls=NULL;
+ if (print_certs) {
+ STACK_OF(X509) * certs = NULL;
+ STACK_OF(X509_CRL) * crls = NULL;
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
case NID_pkcs7_signed:
- certs=p7->d.sign->cert;
- crls=p7->d.sign->crl;
+ certs = p7->d.sign->cert;
+ crls = p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
- certs=p7->d.signed_and_enveloped->cert;
- crls=p7->d.signed_and_enveloped->crl;
+ certs = p7->d.signed_and_enveloped->cert;
+ crls = p7->d.signed_and_enveloped->crl;
break;
default:
break;
- }
+ }
- if (certs != NULL)
- {
+ if (certs != NULL) {
X509 *x;
- for (i=0; i<sk_X509_num(certs); i++)
- {
- x=sk_X509_value(certs,i);
- if(text) X509_print(out, x);
- else dump_cert_text(out, x);
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (text)
+ X509_print(out, x);
+ else
+ dump_cert_text(out, x);
- if(!noout) PEM_write_bio_X509(out,x);
- BIO_puts(out,"\n");
- }
+ if (!noout)
+ PEM_write_bio_X509(out, x);
+ BIO_puts(out, "\n");
}
- if (crls != NULL)
- {
+ }
+ if (crls != NULL) {
X509_CRL *crl;
- for (i=0; i<sk_X509_CRL_num(crls); i++)
- {
- crl=sk_X509_CRL_value(crls,i);
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+ crl = sk_X509_CRL_value(crls, i);
X509_CRL_print(out, crl);
- if(!noout)PEM_write_bio_X509_CRL(out,crl);
- BIO_puts(out,"\n");
- }
+ if (!noout)
+ PEM_write_bio_X509_CRL(out, crl);
+ BIO_puts(out, "\n");
}
-
- ret=0;
- goto end;
}
-
- if(!noout) {
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
+ ret = 0;
+ goto end;
+ }
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ i = PEM_write_bio_PKCS7(out, p7);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
+ }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ if (!i) {
+ BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
}
- ret=0;
+ ret = 0;
end:
- if (p7 != NULL) PKCS7_free(p7);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
+ if (p7 != NULL)
+ PKCS7_free(p7);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
int nocrypt = 0;
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
- EVP_PKEY *pkey=NULL;
+ EVP_PKEY *pkey = NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args,"-v2"))
- {
- if (args[1])
- {
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-v2")) {
+ if (args[1]) {
args++;
- cipher=EVP_get_cipherbyname(*args);
- if (!cipher)
- {
+ cipher = EVP_get_cipherbyname(*args);
+ if (!cipher) {
BIO_printf(bio_err,
- "Unknown cipher %s\n", *args);
+ "Unknown cipher %s\n", *args);
badarg = 1;
- }
}
- else
+ } else
badarg = 1;
- }
- else if (!strcmp(*args,"-v1"))
- {
- if (args[1])
- {
+ } else if (!strcmp(*args, "-v1")) {
+ if (args[1]) {
args++;
- pbe_nid=OBJ_txt2nid(*args);
- if (pbe_nid == NID_undef)
- {
+ pbe_nid = OBJ_txt2nid(*args);
+ if (pbe_nid == NID_undef) {
BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
+ "Unknown PBE algorithm %s\n", *args);
badarg = 1;
- }
}
- else
+ } else
badarg = 1;
- }
- else if (!strcmp(*args,"-inform"))
- {
- if (args[1])
- {
+ } else if (!strcmp(*args, "-inform")) {
+ if (args[1]) {
args++;
- informat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp(*args,"-outform"))
- {
- if (args[1])
- {
+ informat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-outform")) {
+ if (args[1]) {
args++;
- outformat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-topk8"))
+ outformat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-topk8"))
topk8 = 1;
- else if (!strcmp (*args, "-noiter"))
+ else if (!strcmp(*args, "-noiter"))
iter = 1;
- else if (!strcmp (*args, "-nocrypt"))
+ else if (!strcmp(*args, "-nocrypt"))
nocrypt = 1;
- else if (!strcmp (*args, "-nooct"))
+ else if (!strcmp(*args, "-nooct"))
p8_broken = PKCS8_NO_OCTET;
- else if (!strcmp (*args, "-nsdb"))
+ else if (!strcmp(*args, "-nsdb"))
p8_broken = PKCS8_NS_DB;
- else if (!strcmp (*args, "-embed"))
+ else if (!strcmp(*args, "-embed"))
p8_broken = PKCS8_EMBEDDED_PARAM;
- else if (!strcmp(*args,"-passin"))
- {
- if (!args[1]) goto bad;
- passargin= *(++args);
- }
- else if (!strcmp(*args,"-passout"))
- {
- if (!args[1]) goto bad;
- passargout= *(++args);
- }
+ else if (!strcmp(*args, "-passin")) {
+ if (!args[1])
+ goto bad;
+ passargin = *(++args);
+ } else if (!strcmp(*args, "-passout")) {
+ if (!args[1])
+ goto bad;
+ passargout = *(++args);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*args,"-engine") == 0)
- {
- if (!args[1]) goto bad;
- engine= *(++args);
- }
+ else if (strcmp(*args, "-engine") == 0) {
+ if (!args[1])
+ goto bad;
+ engine = *(++args);
+ }
#endif
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
+ else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
args++;
infile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
args++;
outfile = *args;
- }
- else badarg = 1;
- }
- else badarg = 1;
+ } else
+ badarg = 1;
+ } else
+ badarg = 1;
args++;
- }
+ }
- if (badarg)
- {
- bad:
+ if (badarg) {
+bad:
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
- }
-
+ }
if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC;
- if (infile)
- {
- if (!(in = BIO_new_file(infile, "rb")))
- {
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err,
- "Can't open input file %s\n", infile);
+ "Can't open input file %s\n", infile);
goto end;
- }
}
- else
- in = BIO_new_fp (stdin, BIO_NOCLOSE);
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (outfile)
- {
- if (!(out = BIO_new_file (outfile, "wb")))
- {
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
+ "Can't open output file %s\n", outfile);
goto end;
- }
- }
- else
- {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
}
- if (topk8)
- {
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
+ if (topk8) {
pkey = load_key(bio_err, infile, informat, 1,
- passin, e, "key");
+ passin, e, "key");
if (!pkey)
goto end;
- if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
- {
+ if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
- }
- if (nocrypt)
- {
- if (outformat == FORMAT_PEM)
+ }
+ if (nocrypt) {
+ if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
- else
- {
+ else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
- }
}
- else
- {
+ } else {
if (passout)
p8pass = passout;
- else
- {
+ else {
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
goto end;
- }
+ }
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
- p8pass, strlen(p8pass),
- NULL, 0, iter, p8inf)))
- {
+ p8pass, strlen(p8pass),
+ NULL, 0, iter, p8inf))) {
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
app_RAND_write_file(NULL, bio_err);
- if (outformat == FORMAT_PEM)
+ if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
- else
- {
+ else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
- }
}
+ }
ret = 0;
goto end;
- }
-
- if (nocrypt)
- {
- if (informat == FORMAT_PEM)
- p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
+ }
+ if (nocrypt) {
+ if (informat == FORMAT_PEM)
+ p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
- else
- {
+ else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
- }
}
- else
- {
- if (informat == FORMAT_PEM)
+ } else {
+ if (informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL);
- else
- {
+ else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
- }
+ }
- if (!p8)
- {
- BIO_printf (bio_err, "Error reading key\n");
+ if (!p8) {
+ BIO_printf(bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
if (passin)
p8pass = passin;
- else
- {
+ else {
p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
- }
- p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
+ p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+ }
- if (!p8inf)
- {
+ if (!p8inf) {
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;
- }
-
- if (!(pkey = EVP_PKCS82PKEY(p8inf)))
- {
+ }
+ if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
- }
-
- if (p8inf->broken)
- {
+ }
+ if (p8inf->broken) {
BIO_printf(bio_err, "Warning: broken key encoding: ");
- switch (p8inf->broken)
- {
- case PKCS8_NO_OCTET:
+ switch (p8inf->broken) {
+ case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break;
- case PKCS8_EMBEDDED_PARAM:
+ case PKCS8_EMBEDDED_PARAM:
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
break;
- case PKCS8_NS_DB:
+ case PKCS8_NS_DB:
BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
- case PKCS8_NEG_PRIVKEY:
+ case PKCS8_NEG_PRIVKEY:
BIO_printf(bio_err, "DSA private key value is negative\n");
break;
- default:
+ default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
-
- if (outformat == FORMAT_PEM)
+ if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
- else
- {
+ else {
BIO_printf(bio_err, "Bad format specified for key\n");
- goto end;
- }
+ goto end;
+ }
ret = 0;
- end:
+end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
free(passout);
return ret;
- }
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
const EVP_CIPHER *cipher = NULL;
int informat, outformat;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
- EVP_PKEY *pkey=NULL;
+ EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
int ret = 1;
if (bio_err == NULL)
- bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args,"-inform"))
- {
- if (args[1])
- {
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-inform")) {
+ if (args[1]) {
args++;
- informat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp(*args,"-outform"))
- {
- if (args[1])
- {
+ informat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-outform")) {
+ if (args[1]) {
args++;
- outformat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp(*args,"-passin"))
- {
- if (!args[1]) goto bad;
- passargin= *(++args);
- }
- else if (!strcmp(*args,"-passout"))
- {
- if (!args[1]) goto bad;
- passargout= *(++args);
- }
+ outformat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passin")) {
+ if (!args[1])
+ goto bad;
+ passargin = *(++args);
+ } else if (!strcmp(*args, "-passout")) {
+ if (!args[1])
+ goto bad;
+ passargout = *(++args);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*args,"-engine") == 0)
- {
- if (!args[1]) goto bad;
- engine= *(++args);
- }
+ else if (strcmp(*args, "-engine") == 0) {
+ if (!args[1])
+ goto bad;
+ engine = *(++args);
+ }
#endif
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
+ else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
args++;
infile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
args++;
outfile = *args;
- }
- else badarg = 1;
- }
- else if (strcmp(*args,"-pubin") == 0)
- {
- pubin=1;
- pubout=1;
- pubtext=1;
- }
- else if (strcmp(*args,"-pubout") == 0)
- pubout=1;
- else if (strcmp(*args,"-text_pub") == 0)
- {
- pubtext=1;
- text=1;
- }
- else if (strcmp(*args,"-text") == 0)
- text=1;
- else if (strcmp(*args,"-noout") == 0)
- noout=1;
- else
- {
+ } else
+ badarg = 1;
+ } else if (strcmp(*args, "-pubin") == 0) {
+ pubin = 1;
+ pubout = 1;
+ pubtext = 1;
+ } else if (strcmp(*args, "-pubout") == 0)
+ pubout = 1;
+ else if (strcmp(*args, "-text_pub") == 0) {
+ pubtext = 1;
+ text = 1;
+ } else if (strcmp(*args, "-text") == 0)
+ text = 1;
+ else if (strcmp(*args, "-noout") == 0)
+ noout = 1;
+ else {
cipher = EVP_get_cipherbyname(*args + 1);
- if (!cipher)
- {
+ if (!cipher) {
BIO_printf(bio_err, "Unknown cipher %s\n",
- *args + 1);
+ *args + 1);
badarg = 1;
- }
}
- args++;
}
+ args++;
+ }
- if (badarg)
- {
- bad:
+ if (badarg) {
+bad:
BIO_printf(bio_err, "Usage pkey [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
- }
-
- if (outfile)
- {
- if (!(out = BIO_new_file (outfile, "wb")))
- {
+ }
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
+ "Can't open output file %s\n", outfile);
goto end;
- }
- }
- else
- {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
}
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
- passin, e, "Public Key");
+ passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
- passin, e, "key");
+ passin, e, "key");
if (!pkey)
goto end;
- if (!noout)
- {
- if (outformat == FORMAT_PEM)
- {
+ if (!noout) {
+ if (outformat == FORMAT_PEM) {
if (pubout)
- PEM_write_bio_PUBKEY(out,pkey);
+ PEM_write_bio_PUBKEY(out, pkey);
else
PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout);
- }
- else if (outformat == FORMAT_ASN1)
- {
+ NULL, 0, NULL, passout);
+ } else if (outformat == FORMAT_ASN1) {
if (pubout)
i2d_PUBKEY_bio(out, pkey);
else
i2d_PrivateKey_bio(out, pkey);
- }
- else
- {
+ } else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
- }
-
}
- if (text)
- {
+ }
+ if (text) {
if (pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else
EVP_PKEY_print_private(out, pkey, 0, NULL);
- }
-
+ }
ret = 0;
- end:
+end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
free(passout);
return ret;
- }
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int text = 0, noout = 0;
- EVP_PKEY *pkey=NULL;
+ EVP_PKEY *pkey = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
int ret = 1;
if (bio_err == NULL)
- bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-in")) {
+ if (args[1]) {
args++;
infile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
args++;
outfile = *args;
- }
- else badarg = 1;
- }
+ } else
+ badarg = 1;
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*args,"-engine") == 0)
- {
- if (!args[1]) goto bad;
- engine= *(++args);
- }
+ else if (strcmp(*args, "-engine") == 0) {
+ if (!args[1])
+ goto bad;
+ engine = *(++args);
+ }
#endif
- else if (strcmp(*args,"-text") == 0)
- text=1;
- else if (strcmp(*args,"-noout") == 0)
- noout=1;
+ else if (strcmp(*args, "-text") == 0)
+ text = 1;
+ else if (strcmp(*args, "-noout") == 0)
+ noout = 1;
args++;
- }
+ }
- if (badarg)
- {
+ if (badarg) {
#ifndef OPENSSL_NO_ENGINE
- bad:
+bad:
#endif
BIO_printf(bio_err, "Usage pkeyparam [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
+ setup_engine(bio_err, engine, 0);
#endif
- if (infile)
- {
- if (!(in = BIO_new_file (infile, "r")))
- {
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "r"))) {
BIO_printf(bio_err,
- "Can't open input file %s\n", infile);
+ "Can't open input file %s\n", infile);
goto end;
- }
}
- else
- in = BIO_new_fp (stdin, BIO_NOCLOSE);
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (outfile)
- {
- if (!(out = BIO_new_file (outfile, "w")))
- {
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "w"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
+ "Can't open output file %s\n", outfile);
goto end;
- }
- }
- else
- {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
}
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
pkey = PEM_read_bio_Parameters(in, NULL);
- if (!pkey)
- {
+ if (!pkey) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (!noout)
- PEM_write_bio_Parameters(out,pkey);
+ PEM_write_bio_Parameters(out, pkey);
if (text)
EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0;
- end:
+end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
return ret;
- }
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define PROG pkeyutl_main
-static EVP_PKEY_CTX *init_ctx(int *pkeysize,
- char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e);
+static EVP_PKEY_CTX *
+init_ctx(int *pkeysize,
+ char *keyfile, int keyform, int key_type,
+ char *passargin, int pkey_op, ENGINE * e);
-static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file);
+static int
+setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
+ const char *file);
-static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
- unsigned char *in, size_t inlen);
+static int
+do_keyop(EVP_PKEY_CTX * ctx, int pkey_op,
+ unsigned char *out, size_t * poutlen,
+ unsigned char *in, size_t inlen);
int MAIN(int argc, char **);
-int MAIN(int argc, char **argv)
+int
+MAIN(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL;
argc--;
argv++;
- if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (!bio_err)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
-
- while(argc >= 1)
- {
- if (!strcmp(*argv,"-in"))
- {
- if (--argc < 1) badarg = 1;
- else infile= *(++argv);
- }
- else if (!strcmp(*argv,"-out"))
- {
- if (--argc < 1) badarg = 1;
- else outfile= *(++argv);
- }
- else if (!strcmp(*argv,"-sigfile"))
- {
- if (--argc < 1) badarg = 1;
- else sigfile= *(++argv);
- }
- else if(!strcmp(*argv, "-inkey"))
- {
+
+ while (argc >= 1) {
+ if (!strcmp(*argv, "-in")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ infile = *(++argv);
+ } else if (!strcmp(*argv, "-out")) {
if (--argc < 1)
badarg = 1;
else
- {
+ outfile = *(++argv);
+ } else if (!strcmp(*argv, "-sigfile")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ sigfile = *(++argv);
+ } else if (!strcmp(*argv, "-inkey")) {
+ if (--argc < 1)
+ badarg = 1;
+ else {
ctx = init_ctx(&keysize,
- *(++argv), keyform, key_type,
- passargin, pkey_op, e);
- if (!ctx)
- {
+ *(++argv), keyform, key_type,
+ passargin, pkey_op, e);
+ if (!ctx) {
BIO_puts(bio_err,
- "Error initializing context\n");
+ "Error initializing context\n");
ERR_print_errors(bio_err);
badarg = 1;
- }
}
}
- else if (!strcmp(*argv,"-peerkey"))
- {
+ } else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
badarg = 1;
- }
- else if (!strcmp(*argv,"-passin"))
- {
- if (--argc < 1) badarg = 1;
- else passargin= *(++argv);
- }
- else if (strcmp(*argv,"-peerform") == 0)
- {
- if (--argc < 1) badarg = 1;
- else peerform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) badarg = 1;
- else keyform=str2fmt(*(++argv));
- }
+ } else if (!strcmp(*argv, "-passin")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-peerform") == 0) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ peerform = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyform = str2fmt(*(++argv));
+ }
#ifndef OPENSSL_NO_ENGINE
- else if(!strcmp(*argv, "-engine"))
- {
+ else if (!strcmp(*argv, "-engine")) {
if (--argc < 1)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
- }
+ }
#endif
- else if(!strcmp(*argv, "-pubin"))
+ else if (!strcmp(*argv, "-pubin"))
key_type = KEY_PUBKEY;
- else if(!strcmp(*argv, "-certin"))
+ else if (!strcmp(*argv, "-certin"))
key_type = KEY_CERT;
- else if(!strcmp(*argv, "-asn1parse"))
+ else if (!strcmp(*argv, "-asn1parse"))
asn1parse = 1;
- else if(!strcmp(*argv, "-hexdump"))
+ else if (!strcmp(*argv, "-hexdump"))
hexdump = 1;
- else if(!strcmp(*argv, "-sign"))
+ else if (!strcmp(*argv, "-sign"))
pkey_op = EVP_PKEY_OP_SIGN;
- else if(!strcmp(*argv, "-verify"))
+ else if (!strcmp(*argv, "-verify"))
pkey_op = EVP_PKEY_OP_VERIFY;
- else if(!strcmp(*argv, "-verifyrecover"))
+ else if (!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
- else if(!strcmp(*argv, "-rev"))
+ else if (!strcmp(*argv, "-rev"))
rev = 1;
- else if(!strcmp(*argv, "-encrypt"))
+ else if (!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT;
- else if(!strcmp(*argv, "-decrypt"))
+ else if (!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT;
- else if(!strcmp(*argv, "-derive"))
+ else if (!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE;
- else if (strcmp(*argv,"-pkeyopt") == 0)
- {
+ else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
badarg = 1;
- else if (!ctx)
- {
+ else if (!ctx) {
BIO_puts(bio_err,
- "-pkeyopt command before -inkey\n");
+ "-pkeyopt command before -inkey\n");
badarg = 1;
- }
- else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
- {
+ } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
- }
}
- else badarg = 1;
- if(badarg)
- {
+ } else
+ badarg = 1;
+ if (badarg) {
usage();
goto end;
- }
+ }
argc--;
argv++;
- }
+ }
- if (!ctx)
- {
+ if (!ctx) {
usage();
goto end;
- }
-
- if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
- {
+ }
+ if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "Signature file specified for non verify\n");
goto end;
- }
-
- if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
- {
+ }
+ if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "No signature file specified for verify\n");
goto end;
- }
-
+ }
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
- if (pkey_op != EVP_PKEY_OP_DERIVE)
- {
- if(infile)
- {
- if(!(in = BIO_new_file(infile, "rb")))
- {
+ if (pkey_op != EVP_PKEY_OP_DERIVE) {
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "rb"))) {
BIO_puts(bio_err,
- "Error Opening Input File\n");
- ERR_print_errors(bio_err);
+ "Error Opening Input File\n");
+ ERR_print_errors(bio_err);
goto end;
- }
}
- else
+ } else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- }
-
- if(outfile)
- {
- if(!(out = BIO_new_file(outfile, "wb")))
- {
+ }
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Creating Output File\n");
- ERR_print_errors(bio_err);
+ ERR_print_errors(bio_err);
goto end;
- }
}
- else
- {
+ } else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (sigfile)
- {
+ if (sigfile) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
- if (!sigbio)
- {
+ if (!sigbio) {
BIO_printf(bio_err, "Can't open signature file %s\n",
- sigfile);
+ sigfile);
goto end;
- }
+ }
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
- if (siglen <= 0)
- {
+ if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
- }
}
-
- if (in)
- {
+ }
+ if (in) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
- if(buf_inlen <= 0)
- {
+ if (buf_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
- }
- if(rev)
- {
+ }
+ if (rev) {
size_t i;
unsigned char ctmp;
- size_t l = (size_t)buf_inlen;
- for(i = 0; i < l/2; i++)
- {
+ size_t l = (size_t) buf_inlen;
+ for (i = 0; i < l / 2; i++) {
ctmp = buf_in[i];
buf_in[i] = buf_in[l - 1 - i];
buf_in[l - 1 - i] = ctmp;
- }
}
}
-
- if(pkey_op == EVP_PKEY_OP_VERIFY)
- {
- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
- buf_in, (size_t)buf_inlen);
+ }
+ if (pkey_op == EVP_PKEY_OP_VERIFY) {
+ rv = EVP_PKEY_verify(ctx, sig, (size_t) siglen,
+ buf_in, (size_t) buf_inlen);
if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1)
BIO_puts(out, "Signature Verified Successfully\n");
if (rv >= 0)
goto end;
- }
- else
- {
- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen);
- if (rv > 0)
- {
+ } else {
+ rv = do_keyop(ctx, pkey_op, NULL, (size_t *) & buf_outlen,
+ buf_in, (size_t) buf_inlen);
+ if (rv > 0) {
buf_out = malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen);
- }
+ buf_out, (size_t *) & buf_outlen,
+ buf_in, (size_t) buf_inlen);
}
+ }
- if(rv <= 0)
- {
+ if (rv <= 0) {
BIO_printf(bio_err, "Public Key operation error\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
ret = 0;
- if(asn1parse)
- {
- if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+ if (asn1parse) {
+ if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
- }
- else if(hexdump)
- BIO_dump(out, (char *)buf_out, buf_outlen);
+ } else if (hexdump)
+ BIO_dump(out, (char *) buf_out, buf_outlen);
else
BIO_write(out, buf_out, buf_outlen);
- end:
+end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
BIO_free(in);
return ret;
}
-static void usage()
+static void
+usage()
{
BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
}
-static EVP_PKEY_CTX *init_ctx(int *pkeysize,
- char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e)
- {
+static EVP_PKEY_CTX *
+init_ctx(int *pkeysize,
+ char *keyfile, int keyform, int key_type,
+ char *passargin, int pkey_op, ENGINE * e)
+{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
- if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
+ if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
- && (key_type != KEY_PRIVKEY))
- {
+ && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
- }
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
+ }
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
- switch(key_type)
- {
- case KEY_PRIVKEY:
+ }
+ switch (key_type) {
+ case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
- passin, e, "Private Key");
+ passin, e, "Private Key");
break;
- case KEY_PUBKEY:
+ case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
- NULL, e, "Public Key");
+ NULL, e, "Public Key");
break;
- case KEY_CERT:
+ case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform,
- NULL, e, "Certificate");
- if(x)
- {
+ NULL, e, "Certificate");
+ if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
- }
+ }
break;
- }
+ }
*pkeysize = EVP_PKEY_size(pkey);
if (!ctx)
goto end;
- switch(pkey_op)
- {
- case EVP_PKEY_OP_SIGN:
+ switch (pkey_op) {
+ case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
- case EVP_PKEY_OP_VERIFY:
+ case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
- case EVP_PKEY_OP_VERIFYRECOVER:
+ case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
- case EVP_PKEY_OP_ENCRYPT:
+ case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
- case EVP_PKEY_OP_DECRYPT:
+ case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
- case EVP_PKEY_OP_DERIVE:
+ case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
- }
+ }
- if (rv <= 0)
- {
+ if (rv <= 0) {
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
- }
-
- end:
+ }
+end:
if (passin)
free(passin);
return ctx;
- }
+}
-static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file)
- {
+static int
+setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
+ const char *file)
+{
EVP_PKEY *peer = NULL;
int ret;
- if (!ctx)
- {
+ if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
- }
-
+ }
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
- if (!peer)
- {
+ if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(err);
return 0;
- }
-
+ }
ret = EVP_PKEY_derive_set_peer(ctx, peer);
EVP_PKEY_free(peer);
if (ret <= 0)
ERR_print_errors(err);
return ret;
- }
+}
-static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
- unsigned char *in, size_t inlen)
- {
+static int
+do_keyop(EVP_PKEY_CTX * ctx, int pkey_op,
+ unsigned char *out, size_t * poutlen,
+ unsigned char *in, size_t inlen)
+{
int rv = 0;
- switch(pkey_op)
- {
- case EVP_PKEY_OP_VERIFYRECOVER:
- rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
+ switch (pkey_op) {
+ case EVP_PKEY_OP_VERIFYRECOVER:
+ rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
break;
- case EVP_PKEY_OP_SIGN:
- rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
+ case EVP_PKEY_OP_SIGN:
+ rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
break;
- case EVP_PKEY_OP_ENCRYPT:
- rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
+ case EVP_PKEY_OP_ENCRYPT:
+ rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
break;
- case EVP_PKEY_OP_DECRYPT:
- rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
- break;
+ case EVP_PKEY_OP_DECRYPT:
+ rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
+ break;
- case EVP_PKEY_OP_DERIVE:
- rv = EVP_PKEY_derive(ctx, out, poutlen);
+ case EVP_PKEY_OP_DERIVE:
+ rv = EVP_PKEY_derive(ctx, out, poutlen);
break;
- }
- return rv;
}
+ return rv;
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- int hex=0;
- int checks=20;
- int generate=0;
- int bits=0;
- int safe=0;
- BIGNUM *bn=NULL;
- BIO *bio_out;
+int
+MAIN(int argc, char **argv)
+{
+ int hex = 0;
+ int checks = 20;
+ int generate = 0;
+ int bits = 0;
+ int safe = 0;
+ BIGNUM *bn = NULL;
+ BIO *bio_out;
- apps_startup();
+ apps_startup();
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- --argc;
- ++argv;
- while (argc >= 1 && **argv == '-')
- {
- if(!strcmp(*argv,"-hex"))
- hex=1;
- else if(!strcmp(*argv,"-generate"))
- generate=1;
- else if(!strcmp(*argv,"-bits"))
- if(--argc < 1)
- goto bad;
- else
- bits=atoi(*++argv);
- else if(!strcmp(*argv,"-safe"))
- safe=1;
- else if(!strcmp(*argv,"-checks"))
- if(--argc < 1)
- goto bad;
- else
- checks=atoi(*++argv);
- else
- {
- BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
- goto bad;
- }
--argc;
++argv;
+ while (argc >= 1 && **argv == '-') {
+ if (!strcmp(*argv, "-hex"))
+ hex = 1;
+ else if (!strcmp(*argv, "-generate"))
+ generate = 1;
+ else if (!strcmp(*argv, "-bits"))
+ if (--argc < 1)
+ goto bad;
+ else
+ bits = atoi(*++argv);
+ else if (!strcmp(*argv, "-safe"))
+ safe = 1;
+ else if (!strcmp(*argv, "-checks"))
+ if (--argc < 1)
+ goto bad;
+ else
+ checks = atoi(*++argv);
+ else {
+ BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
+ goto bad;
+ }
+ --argc;
+ ++argv;
}
- if (argv[0] == NULL && !generate)
- {
- BIO_printf(bio_err,"No prime specified\n");
- goto bad;
- }
-
- if ((bio_out=BIO_new(BIO_s_file())) != NULL)
- {
- BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+ if (argv[0] == NULL && !generate) {
+ BIO_printf(bio_err, "No prime specified\n");
+ goto bad;
}
-
- if(generate)
- {
- char *s;
-
- if(!bits)
- {
- BIO_printf(bio_err,"Specifiy the number of bits.\n");
- return 1;
- }
- bn=BN_new();
- BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL);
- s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
- BIO_printf(bio_out,"%s\n",s);
- free(s);
+ if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
}
- else
- {
- if(hex)
- BN_hex2bn(&bn,argv[0]);
- else
- BN_dec2bn(&bn,argv[0]);
-
- BN_print(bio_out,bn);
- BIO_printf(bio_out," is %sprime\n",
- BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
+ if (generate) {
+ char *s;
+
+ if (!bits) {
+ BIO_printf(bio_err, "Specifiy the number of bits.\n");
+ return 1;
+ }
+ bn = BN_new();
+ BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
+ s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+ BIO_printf(bio_out, "%s\n", s);
+ free(s);
+ } else {
+ if (hex)
+ BN_hex2bn(&bn, argv[0]);
+ else
+ BN_dec2bn(&bn, argv[0]);
+
+ BN_print(bio_out, bn);
+ BIO_printf(bio_out, " is %sprime\n",
+ BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
}
- BN_free(bn);
- BIO_free_all(bio_out);
+ BN_free(bn);
+ BIO_free_all(bio_out);
- return 0;
+ return 0;
- bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s hex\n","-hex");
- BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
- return 1;
- }
+bad:
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err, "%-14s hex\n", "-hex");
+ BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
+ return 1;
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
badopt = 0;
i = 0;
- while (!badopt && argv[++i] != NULL)
- {
- if (strcmp(argv[i], "-out") == 0)
- {
- if ((argv[i+1] != NULL) && (outfile == NULL))
+ while (!badopt && argv[++i] != NULL) {
+ if (strcmp(argv[i], "-out") == 0) {
+ if ((argv[i + 1] != NULL) && (outfile == NULL))
outfile = argv[++i];
else
badopt = 1;
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(argv[i], "-engine") == 0)
- {
- if ((argv[i+1] != NULL) && (engine == NULL))
+ else if (strcmp(argv[i], "-engine") == 0) {
+ if ((argv[i + 1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
- }
+ }
#endif
- else if (strcmp(argv[i], "-rand") == 0)
- {
- if ((argv[i+1] != NULL) && (inrand == NULL))
+ else if (strcmp(argv[i], "-rand") == 0) {
+ if ((argv[i + 1] != NULL) && (inrand == NULL))
inrand = argv[++i];
else
badopt = 1;
- }
- else if (strcmp(argv[i], "-base64") == 0)
- {
+ } else if (strcmp(argv[i], "-base64") == 0) {
if (!base64)
base64 = 1;
else
badopt = 1;
- }
- else if (strcmp(argv[i], "-hex") == 0)
- {
+ } else if (strcmp(argv[i], "-hex") == 0) {
if (!hex)
hex = 1;
else
badopt = 1;
- }
- else if (isdigit((unsigned char)argv[i][0]))
- {
- if (num < 0)
- {
+ } else if (isdigit((unsigned char) argv[i][0])) {
+ if (num < 0) {
r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
- }
- else
+ } else
badopt = 1;
- }
- else
+ } else
badopt = 1;
- }
+ }
if (hex && base64)
badopt = 1;
if (num < 0)
badopt = 1;
-
- if (badopt)
- {
+
+ if (badopt) {
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-base64 - base64 encode output\n");
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
+ setup_engine(bio_err, engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
if (outfile != NULL)
r = BIO_write_filename(out, outfile);
- else
- {
+ else {
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
- }
+ }
if (r <= 0)
goto err;
- if (base64)
- {
+ if (base64) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
out = BIO_push(b64, out);
- }
-
- while (num > 0)
- {
+ }
+ while (num > 0) {
unsigned char buf[4096];
int chunk;
chunk = num;
- if (chunk > (int)sizeof(buf))
+ if (chunk > (int) sizeof(buf))
chunk = sizeof buf;
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
- if (!hex)
+ if (!hex)
BIO_write(out, buf, chunk);
- else
- {
+ else {
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
- }
- num -= chunk;
}
+ num -= chunk;
+ }
if (hex)
BIO_puts(out, "\n");
- (void)BIO_flush(out);
+ (void) BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
ret = 0;
-
+
err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* require. This format is wrong
*/
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
- int attribs,unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
- int multirdn);
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype);
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
- STACK_OF(CONF_VALUE) *attr, int attribs,
- unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid,int n_min,int n_max, unsigned long chtype, int mval);
-static int genpkey_cb(EVP_PKEY_CTX *ctx);
-static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
- long *pkeylen, char **palgnam,
- ENGINE *keygen_engine);
-static CONF *req_conf=NULL;
-static int batch=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
+static int
+make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *dn, int mutlirdn,
+ int attribs, unsigned long chtype);
+static int
+build_subject(X509_REQ * req, char *subj, unsigned long chtype,
+ int multirdn);
+static int
+prompt_info(X509_REQ * req,
+ STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype);
+ static int auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * sk,
+ STACK_OF(CONF_VALUE) * attr, int attribs,
+ unsigned long chtype);
+ static int add_attribute_object(X509_REQ * req, char *text, const char *def,
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype);
+ static int add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
+ int nid, int n_min, int n_max, unsigned long chtype, int mval);
+ static int genpkey_cb(EVP_PKEY_CTX * ctx);
+ static int req_check_len(int len, int n_min, int n_max);
+ static int check_end(const char *str, const char *end);
+ static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
+ long *pkeylen, char **palgnam,
+ ENGINE * keygen_engine);
+ static CONF *req_conf = NULL;
+ static int batch = 0;
+
+ int MAIN(int, char **);
+
+ int MAIN(int argc, char **argv)
+{
ENGINE *e = NULL, *gen_eng = NULL;
unsigned long nmflag = 0, reqflag = 0;
- int ex=1,x509=0,days=30;
- X509 *x509ss=NULL;
- X509_REQ *req=NULL;
+ int ex = 1, x509 = 0, days = 30;
+ X509 *x509ss = NULL;
+ X509_REQ *req = NULL;
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
- STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
- EVP_PKEY *pkey=NULL;
- int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
+ STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL;
+ EVP_PKEY *pkey = NULL;
+ int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
long newkey = -1;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
- int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
- char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM;
+ int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
+ char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
+ *keyout = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
char *extensions = NULL;
char *req_exts = NULL;
- const EVP_CIPHER *cipher=NULL;
+ const EVP_CIPHER *cipher = NULL;
ASN1_INTEGER *serial = NULL;
- int modulus=0;
- char *inrand=NULL;
+ int modulus = 0;
+ char *inrand = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
char *subj = NULL;
int multirdn = 0;
- const EVP_MD *md_alg=NULL,*digest=NULL;
+ const EVP_MD *md_alg = NULL, *digest = NULL;
unsigned long chtype = MBSTRING_ASC;
req_conf = NULL;
#ifndef OPENSSL_NO_DES
- cipher=EVP_des_ede3_cbc();
+ cipher = EVP_des_ede3_cbc();
#endif
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
- prog=argv[0];
+ prog = argv[0];
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
- else if (strcmp(*argv,"-keygen_engine") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ } else if (strcmp(*argv, "-keygen_engine") == 0) {
+ if (--argc < 1)
+ goto bad;
gen_eng = ENGINE_by_id(*(++argv));
- if (gen_eng == NULL)
- {
+ if (gen_eng == NULL) {
BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
goto end;
- }
}
+ }
#endif
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-pubkey") == 0)
- {
- pubkey=1;
- }
- else if (strcmp(*argv,"-new") == 0)
- {
- newreq=1;
- }
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- template= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyout") == 0)
- {
- if (--argc < 1) goto bad;
- keyout= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-newkey") == 0)
- {
+ else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-pubkey") == 0) {
+ pubkey = 1;
+ } else if (strcmp(*argv, "-new") == 0) {
+ newreq = 1;
+ } else if (strcmp(*argv, "-config") == 0) {
+ if (--argc < 1)
+ goto bad;
+ template = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyform = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-keyout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyout = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else if (strcmp(*argv, "-newkey") == 0) {
if (--argc < 1)
goto bad;
keyalg = *(++argv);
- newreq=1;
- }
- else if (strcmp(*argv,"-pkeyopt") == 0)
- {
+ newreq = 1;
+ } else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
goto bad;
if (!pkeyopts)
pkeyopts = sk_OPENSSL_STRING_new_null();
if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
goto bad;
- }
- else if (strcmp(*argv,"-sigopt") == 0)
- {
+ } else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
goto bad;
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad;
- }
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-newhdr") == 0)
- newhdr=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else if (strcmp(*argv,"-nodes") == 0)
- nodes=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-utf8") == 0)
+ } else if (strcmp(*argv, "-batch") == 0)
+ batch = 1;
+ else if (strcmp(*argv, "-newhdr") == 0)
+ newhdr = 1;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = 1;
+ else if (strcmp(*argv, "-verify") == 0)
+ verify = 1;
+ else if (strcmp(*argv, "-nodes") == 0)
+ nodes = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-verbose") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-utf8") == 0)
chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-reqopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-subject") == 0)
- subject=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-x509") == 0)
- x509=1;
- else if (strcmp(*argv,"-asn1-kludge") == 0)
- kludge=1;
- else if (strcmp(*argv,"-no-asn1-kludge") == 0)
- kludge=0;
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- }
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days= atoi(*(++argv));
- if (days == 0) days=30;
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-nameopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_name_ex(&nmflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-reqopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_cert_ex(&reqflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-subject") == 0)
+ subject = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-x509") == 0)
+ x509 = 1;
+ else if (strcmp(*argv, "-asn1-kludge") == 0)
+ kludge = 1;
+ else if (strcmp(*argv, "-no-asn1-kludge") == 0)
+ kludge = 0;
+ else if (strcmp(*argv, "-subj") == 0) {
+ if (--argc < 1)
+ goto bad;
+ subj = *(++argv);
+ } else if (strcmp(*argv, "-multivalue-rdn") == 0)
+ multirdn = 1;
+ else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ if (days == 0)
+ days = 30;
+ } else if (strcmp(*argv, "-set_serial") == 0) {
+ if (--argc < 1)
+ goto bad;
serial = s2i_ASN1_INTEGER(NULL, *(++argv));
- if (!serial) goto bad;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
+ if (!serial)
+ goto bad;
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
extensions = *(++argv);
- }
- else if (strcmp(*argv,"-reqexts") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-reqexts") == 0) {
+ if (--argc < 1)
+ goto bad;
req_exts = *(++argv);
- }
- else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
- {
+ } else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) {
/* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ digest = md_alg;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text text form of request\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -noout do not output REQ\n");
- BIO_printf(bio_err," -verify verify signature on REQ\n");
- BIO_printf(bio_err," -modulus RSA modulus\n");
- BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -text text form of request\n");
+ BIO_printf(bio_err, " -pubkey output public key\n");
+ BIO_printf(bio_err, " -noout do not output REQ\n");
+ BIO_printf(bio_err, " -verify verify signature on REQ\n");
+ BIO_printf(bio_err, " -modulus RSA modulus\n");
+ BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
+ BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device\n");
#endif
- BIO_printf(bio_err," -subject output the request's subject\n");
- BIO_printf(bio_err," -passin private key password source\n");
- BIO_printf(bio_err," -key file use the private key contained in file\n");
- BIO_printf(bio_err," -keyform arg key file format\n");
- BIO_printf(bio_err," -keyout arg file to send the key to\n");
- BIO_printf(bio_err," -rand file:file:...\n");
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
- BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+ BIO_printf(bio_err, " -subject output the request's subject\n");
+ BIO_printf(bio_err, " -passin private key password source\n");
+ BIO_printf(bio_err, " -key file use the private key contained in file\n");
+ BIO_printf(bio_err, " -keyform arg key file format\n");
+ BIO_printf(bio_err, " -keyout arg file to send the key to\n");
+ BIO_printf(bio_err, " -rand file:file:...\n");
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+ BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+ BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
- BIO_printf(bio_err," -config file request template file.\n");
- BIO_printf(bio_err," -subj arg set or modify request subject\n");
- BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
- BIO_printf(bio_err," -new new request.\n");
- BIO_printf(bio_err," -batch do not ask anything during request generation\n");
- BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
- BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
- BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
- BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
- BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
- BIO_printf(bio_err," have been reported as requiring\n");
- BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
- BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
- BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
- BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
+ BIO_printf(bio_err, " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+ BIO_printf(bio_err, " -config file request template file.\n");
+ BIO_printf(bio_err, " -subj arg set or modify request subject\n");
+ BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
+ BIO_printf(bio_err, " -new new request.\n");
+ BIO_printf(bio_err, " -batch do not ask anything during request generation\n");
+ BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n");
+ BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n");
+ BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n");
+ BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n");
+ BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
+ BIO_printf(bio_err, " have been reported as requiring\n");
+ BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n");
+ BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n");
+ BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n");
+ BIO_printf(bio_err, " -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err, " -reqopt arg - various request text options\n\n");
goto end;
- }
-
+ }
ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
-
- if (template != NULL)
- {
+ if (template != NULL) {
long errline = -1;
- if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=NCONF_new(NULL);
- i=NCONF_load(req_conf,template,&errline);
- if (i == 0)
- {
- BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
+ if (verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n", template);
+ req_conf = NCONF_new(NULL);
+ i = NCONF_load(req_conf, template, &errline);
+ if (i == 0) {
+ BIO_printf(bio_err, "error on line %ld of %s\n", errline, template);
goto end;
- }
}
- else
- {
- req_conf=config;
+ } else {
+ req_conf = config;
- if (req_conf == NULL)
- {
- BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
+ if (req_conf == NULL) {
+ BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
if (newreq)
goto end;
- }
- else if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",
- default_config_file);
- }
+ } else if (verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n",
+ default_config_file);
+ }
- if (req_conf != NULL)
- {
+ if (req_conf != NULL) {
if (!load_config(bio_err, req_conf))
goto end;
- p=NCONF_get_string(req_conf,NULL,"oid_file");
+ p = NCONF_get_string(req_conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
- if (p != NULL)
- {
+ if (p != NULL) {
BIO *oid_bio;
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
+ oid_bio = BIO_new_file(p, "r");
+ if (oid_bio == NULL) {
/*
BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
ERR_print_errors(bio_err);
*/
- }
- else
- {
+ } else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
- }
}
}
- if(!add_oid_section(bio_err, req_conf)) goto end;
+ }
+ if (!add_oid_section(bio_err, req_conf))
+ goto end;
- if (md_alg == NULL)
- {
- p=NCONF_get_string(req_conf,SECTION,"default_md");
+ if (md_alg == NULL) {
+ p = NCONF_get_string(req_conf, SECTION, "default_md");
if (p == NULL)
ERR_clear_error();
- if (p != NULL)
- {
- if ((md_alg=EVP_get_digestbyname(p)) != NULL)
- digest=md_alg;
- }
+ if (p != NULL) {
+ if ((md_alg = EVP_get_digestbyname(p)) != NULL)
+ digest = md_alg;
}
-
- if (!extensions)
- {
+ }
+ if (!extensions) {
extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if (!extensions)
ERR_clear_error();
- }
+ }
if (extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
- "Error Loading extension section %s\n", extensions);
+ "Error Loading extension section %s\n", extensions);
goto end;
}
}
-
- if(!passin)
- {
+ if (!passin) {
passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
- }
-
- if(!passout)
- {
+ }
+ if (!passout) {
passout = NCONF_get_string(req_conf, SECTION, "output_password");
if (!passout)
ERR_clear_error();
- }
-
+ }
p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
if (!p)
ERR_clear_error();
- if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+ if (p && !ASN1_STRING_set_default_mask_asc(p)) {
BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
goto end;
}
-
- if (chtype != MBSTRING_UTF8)
- {
+ if (chtype != MBSTRING_UTF8) {
p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
if (!p)
ERR_clear_error();
else if (!strcmp(p, "yes"))
chtype = MBSTRING_UTF8;
- }
-
-
- if(!req_exts)
- {
+ }
+ if (!req_exts) {
req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if (!req_exts)
ERR_clear_error();
- }
- if(req_exts) {
+ }
+ if (req_exts) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
- "Error Loading request extension section %s\n",
- req_exts);
+ "Error Loading request extension section %s\n",
+ req_exts);
goto end;
}
}
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if (keyfile != NULL)
- {
+ if (keyfile != NULL) {
pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "Private Key");
- if (!pkey)
- {
- /* load_key() has already printed an appropriate
- message */
+ "Private Key");
+ if (!pkey) {
+ /*
+ * load_key() has already printed an appropriate
+ * message
+ */
goto end;
- }
- else
- {
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ } else {
+ char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
- }
}
-
- if (newreq && (pkey == NULL))
- {
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+ }
+ if (newreq && (pkey == NULL)) {
+ char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
if (inrand)
app_RAND_load_files(inrand);
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- {
- newkey=DEFAULT_KEY_LENGTH;
- }
-
- if (keyalg)
- {
+ if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
+ newkey = DEFAULT_KEY_LENGTH;
+ }
+ if (keyalg) {
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
- &keyalgstr, gen_eng);
+ &keyalgstr, gen_eng);
if (!genctx)
goto end;
- }
-
- if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
- {
- BIO_printf(bio_err,"private key length is too short,\n");
- BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
+ }
+ if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+ BIO_printf(bio_err, "private key length is too short,\n");
+ BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, newkey);
goto end;
- }
-
- if (!genctx)
- {
+ }
+ if (!genctx) {
genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
- &keyalgstr, gen_eng);
+ &keyalgstr, gen_eng);
if (!genctx)
goto end;
- }
-
- if (pkeyopts)
- {
+ }
+ if (pkeyopts) {
char *genopt;
- for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
- {
+ for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
- if (pkey_ctrl_string(genctx, genopt) <= 0)
- {
+ if (pkey_ctrl_string(genctx, genopt) <= 0) {
BIO_printf(bio_err,
- "parameter error \"%s\"\n",
- genopt);
+ "parameter error \"%s\"\n",
+ genopt);
ERR_print_errors(bio_err);
goto end;
- }
}
}
-
- BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
- newkey, keyalgstr);
+ }
+ BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+ newkey, keyalgstr);
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
- if (EVP_PKEY_keygen(genctx, &pkey) <= 0)
- {
+ if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error Generating Key\n");
goto end;
- }
-
+ }
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
app_RAND_write_file(randfile, bio_err);
- if (keyout == NULL)
- {
- keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
+ if (keyout == NULL) {
+ keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
if (keyout == NULL)
ERR_clear_error();
- }
-
- if (keyout == NULL)
- {
- BIO_printf(bio_err,"writing new private key to stdout\n");
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
- if (BIO_write_filename(out,keyout) <= 0)
- {
+ }
+ if (keyout == NULL) {
+ BIO_printf(bio_err, "writing new private key to stdout\n");
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
+ if (BIO_write_filename(out, keyout) <= 0) {
perror(keyout);
goto end;
- }
}
+ }
- p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
- if (p == NULL)
- {
+ p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
+ if (p == NULL) {
ERR_clear_error();
- p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
+ p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
if (p == NULL)
ERR_clear_error();
- }
- if ((p != NULL) && (strcmp(p,"no") == 0))
- cipher=NULL;
- if (nodes) cipher=NULL;
-
- i=0;
+ }
+ if ((p != NULL) && (strcmp(p, "no") == 0))
+ cipher = NULL;
+ if (nodes)
+ cipher = NULL;
+
+ i = 0;
loop:
- if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,NULL,passout))
- {
+ if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+ NULL, 0, NULL, passout)) {
if ((ERR_GET_REASON(ERR_peek_error()) ==
- PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
- {
+ PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
ERR_clear_error();
i++;
goto loop;
- }
- goto end;
}
- BIO_printf(bio_err,"-----\n");
+ goto end;
}
-
- if (!newreq)
- {
- /* Since we are using a pre-existing certificate
- * request, the kludge 'format' info should not be
- * changed. */
- kludge= -1;
+ BIO_printf(bio_err, "-----\n");
+ }
+ if (!newreq) {
+ /*
+ * Since we are using a pre-existing certificate request, the
+ * kludge 'format' info should not be changed.
+ */
+ kludge = -1;
if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
- }
}
+ }
- if (informat == FORMAT_ASN1)
- req=d2i_X509_REQ_bio(in,NULL);
+ if (informat == FORMAT_ASN1)
+ req = d2i_X509_REQ_bio(in, NULL);
else if (informat == FORMAT_PEM)
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for X509 request\n");
+ req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for X509 request\n");
goto end;
- }
- if (req == NULL)
- {
- BIO_printf(bio_err,"unable to load X509 request\n");
+ }
+ if (req == NULL) {
+ BIO_printf(bio_err, "unable to load X509 request\n");
goto end;
- }
}
-
- if (newreq || x509)
- {
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"you need to specify a private key\n");
+ }
+ if (newreq || x509) {
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
- }
-
- if (req == NULL)
- {
- req=X509_REQ_new();
- if (req == NULL)
- {
+ }
+ if (req == NULL) {
+ req = X509_REQ_new();
+ if (req == NULL) {
goto end;
- }
-
- i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
- subj=NULL; /* done processing '-subj' option */
- if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
- {
+ }
+ i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
+ subj = NULL; /* done processing '-subj' option */
+ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
sk_X509_ATTRIBUTE_free(req->req_info->attributes);
req->req_info->attributes = NULL;
- }
- if (!i)
- {
- BIO_printf(bio_err,"problems making Certificate Request\n");
+ }
+ if (!i) {
+ BIO_printf(bio_err, "problems making Certificate Request\n");
goto end;
- }
}
- if (x509)
- {
+ }
+ if (x509) {
EVP_PKEY *tmppkey;
X509V3_CTX ext_ctx;
- if ((x509ss=X509_new()) == NULL) goto end;
+ if ((x509ss = X509_new()) == NULL)
+ goto end;
/* Set version to V3 */
- if(extensions && !X509_set_version(x509ss, 2)) goto end;
- if (serial)
- {
- if (!X509_set_serialNumber(x509ss, serial)) goto end;
- }
- else
- {
+ if (extensions && !X509_set_version(x509ss, 2))
+ goto end;
+ if (serial) {
+ if (!X509_set_serialNumber(x509ss, serial))
+ goto end;
+ } else {
if (!rand_serial(NULL,
X509_get_serialNumber(x509ss)))
- goto end;
- }
+ goto end;
+ }
- if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
- if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end;
- if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+ if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
+ goto end;
+ if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
+ goto end;
+ if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
+ goto end;
+ if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
+ goto end;
tmppkey = X509_REQ_get_pubkey(req);
- if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+ if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+ goto end;
EVP_PKEY_free(tmppkey);
/* Set up V3 context struct */
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(extensions && !X509V3_EXT_add_nconf(req_conf,
- &ext_ctx, extensions, x509ss))
- {
+ if (extensions && !X509V3_EXT_add_nconf(req_conf,
+ &ext_ctx, extensions, x509ss)) {
BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
+ "Error Loading extension section %s\n",
+ extensions);
goto end;
- }
-
- i=do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
- if (!i)
- {
+ }
+ i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
+ if (!i) {
ERR_print_errors(bio_err);
goto end;
- }
}
- else
- {
+ } else {
X509V3_CTX ext_ctx;
/* Set up V3 context struct */
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
- &ext_ctx, req_exts, req))
- {
+ if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
+ &ext_ctx, req_exts, req)) {
BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- req_exts);
+ "Error Loading extension section %s\n",
+ req_exts);
goto end;
- }
- i=do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
- if (!i)
- {
+ }
+ i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
+ if (!i) {
ERR_print_errors(bio_err);
goto end;
- }
}
}
-
- if (subj && x509)
- {
+ }
+ if (subj && x509) {
BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
goto end;
- }
-
- if (subj && !x509)
- {
- if (verbose)
- {
+ }
+ if (subj && !x509) {
+ if (verbose) {
BIO_printf(bio_err, "Modifying Request's Subject\n");
print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (build_subject(req, subj, chtype, multirdn) == 0)
- {
+ }
+ if (build_subject(req, subj, chtype, multirdn) == 0) {
BIO_printf(bio_err, "ERROR: cannot modify subject\n");
- ex=1;
+ ex = 1;
goto end;
- }
-
+ }
req->req_info->enc.modified = 1;
- if (verbose)
- {
+ if (verbose) {
print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
- }
}
+ }
+ if (verify && !x509) {
+ int tmp = 0;
- if (verify && !x509)
- {
- int tmp=0;
-
- if (pkey == NULL)
- {
- pkey=X509_REQ_get_pubkey(req);
- tmp=1;
- if (pkey == NULL) goto end;
- }
-
- i=X509_REQ_verify(req,pkey);
+ if (pkey == NULL) {
+ pkey = X509_REQ_get_pubkey(req);
+ tmp = 1;
+ if (pkey == NULL)
+ goto end;
+ }
+ i = X509_REQ_verify(req, pkey);
if (tmp) {
EVP_PKEY_free(pkey);
- pkey=NULL;
+ pkey = NULL;
}
-
- if (i < 0)
- {
+ if (i < 0) {
goto end;
- }
- else if (i == 0)
- {
- BIO_printf(bio_err,"verify failure\n");
+ } else if (i == 0) {
+ BIO_printf(bio_err, "verify failure\n");
ERR_print_errors(bio_err);
- }
- else /* if (i > 0) */
- BIO_printf(bio_err,"verify OK\n");
- }
-
- if (noout && !text && !modulus && !subject && !pubkey)
- {
- ex=0;
+ } else /* if (i > 0) */
+ BIO_printf(bio_err, "verify OK\n");
+ }
+ if (noout && !text && !modulus && !subject && !pubkey) {
+ ex = 0;
goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
- i=(int)BIO_append_filename(out,outfile);
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if ((keyout != NULL) && (strcmp(outfile, keyout) == 0))
+ i = (int) BIO_append_filename(out, outfile);
else
- i=(int)BIO_write_filename(out,outfile);
- if (!i)
- {
+ i = (int) BIO_write_filename(out, outfile);
+ if (!i) {
perror(outfile);
goto end;
- }
}
+ }
- if (pubkey)
- {
- EVP_PKEY *tpubkey;
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
+ if (pubkey) {
+ EVP_PKEY *tpubkey;
+ tpubkey = X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL) {
+ BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
PEM_write_bio_PUBKEY(out, tpubkey);
EVP_PKEY_free(tpubkey);
- }
-
- if (text)
- {
+ }
+ if (text) {
if (x509)
X509_print_ex(out, x509ss, nmflag, reqflag);
- else
+ else
X509_REQ_print_ex(out, req, nmflag, reqflag);
- }
-
- if(subject)
- {
- if(x509)
+ }
+ if (subject) {
+ if (x509)
print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
else
print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (modulus)
- {
+ }
+ if (modulus) {
EVP_PKEY *tpubkey;
if (x509)
- tpubkey=X509_get_pubkey(x509ss);
+ tpubkey = X509_get_pubkey(x509ss);
else
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- fprintf(stdout,"Modulus=unavailable\n");
- goto end;
- }
- fprintf(stdout,"Modulus=");
+ tpubkey = X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL) {
+ fprintf(stdout, "Modulus=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
- BN_print(out,tpubkey->pkey.rsa->n);
+ BN_print(out, tpubkey->pkey.rsa->n);
else
#endif
- fprintf(stdout,"Wrong Algorithm type");
+ fprintf(stdout, "Wrong Algorithm type");
EVP_PKEY_free(tpubkey);
- fprintf(stdout,"\n");
- }
-
- if (!noout && !x509)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_REQ_bio(out,req);
+ fprintf(stdout, "\n");
+ }
+ if (!noout && !x509) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_REQ_bio(out, req);
else if (outformat == FORMAT_PEM) {
- if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
- else i=PEM_write_bio_X509_REQ(out,req);
+ if (newhdr)
+ i = PEM_write_bio_X509_REQ_NEW(out, req);
+ else
+ i = PEM_write_bio_X509_REQ(out, req);
} else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 request\n");
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write X509 request\n");
goto end;
- }
}
- if (!noout && x509 && (x509ss != NULL))
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x509ss);
+ }
+ if (!noout && x509 && (x509ss != NULL)) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_bio(out, x509ss);
else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x509ss);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ i = PEM_write_bio_X509(out, x509ss);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 certificate\n");
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write X509 certificate\n");
goto end;
- }
}
- ex=0;
+ }
+ ex = 0;
end:
- if (ex)
- {
+ if (ex) {
ERR_print_errors(bio_err);
- }
- if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
+ }
+ if ((req_conf != NULL) && (req_conf != config))
+ NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
- if(passargin && passin) free(passin);
- if(passargout && passout) free(passout);
+ if (passargin && passin)
+ free(passin);
+ if (passargout && passout)
+ free(passout);
OBJ_cleanup();
apps_shutdown();
- return(ex);
- }
+ return (ex);
+}
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
- int attribs, unsigned long chtype)
- {
- int ret=0,i;
+static int
+make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *subj, int multirdn,
+ int attribs, unsigned long chtype)
+{
+ int ret = 0, i;
char no_prompt = 0;
- STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
- char *tmp, *dn_sect,*attr_sect;
+ STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
+ char *tmp, *dn_sect, *attr_sect;
- tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
+ tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
if (tmp == NULL)
ERR_clear_error();
- if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
+ if ((tmp != NULL) && !strcmp(tmp, "no"))
+ no_prompt = 1;
- dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
- if (dn_sect == NULL)
- {
- BIO_printf(bio_err,"unable to find '%s' in config\n",
- DISTINGUISHED_NAME);
+ dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
+ if (dn_sect == NULL) {
+ BIO_printf(bio_err, "unable to find '%s' in config\n",
+ DISTINGUISHED_NAME);
goto err;
- }
- dn_sk=NCONF_get_section(req_conf,dn_sect);
- if (dn_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
+ }
+ dn_sk = NCONF_get_section(req_conf, dn_sect);
+ if (dn_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
goto err;
- }
-
- attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
- if (attr_sect == NULL)
- {
- ERR_clear_error();
- attr_sk=NULL;
- }
- else
- {
- attr_sk=NCONF_get_section(req_conf,attr_sect);
- if (attr_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
+ }
+ attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
+ if (attr_sect == NULL) {
+ ERR_clear_error();
+ attr_sk = NULL;
+ } else {
+ attr_sk = NCONF_get_section(req_conf, attr_sect);
+ if (attr_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
goto err;
- }
}
+ }
/* setup version number */
- if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
+ if (!X509_REQ_set_version(req, 0L))
+ goto err; /* version 1 */
- if (no_prompt)
+ if (no_prompt)
i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
- else
- {
+ else {
if (subj)
i = build_subject(req, subj, chtype, multirdn);
else
i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
- }
- if(!i) goto err;
+ }
+ if (!i)
+ goto err;
- if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+ if (!X509_REQ_set_pubkey(req, pkey))
+ goto err;
- ret=1;
+ ret = 1;
err:
- return(ret);
- }
+ return (ret);
+}
/*
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
- {
+static int
+build_subject(X509_REQ * req, char *subject, unsigned long chtype, int multirdn)
+{
X509_NAME *n;
if (!(n = parse_name(subject, chtype, multirdn)))
return 0;
- if (!X509_REQ_set_subject_name(req, n))
- {
+ if (!X509_REQ_set_subject_name(req, n)) {
X509_NAME_free(n);
return 0;
- }
+ }
X509_NAME_free(n);
return 1;
}
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype)
- {
+static int
+prompt_info(X509_REQ * req,
+ STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs,
+ unsigned long chtype)
+{
int i;
- char *p,*q;
+ char *p, *q;
char buf[100];
int nid, mval;
- long n_min,n_max;
+ long n_min, n_max;
char *type, *value;
const char *def;
CONF_VALUE *v;
X509_NAME *subj;
subj = X509_REQ_get_subject_name(req);
- if(!batch)
- {
- BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
- BIO_printf(bio_err,"into your certificate request.\n");
- BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
- BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
- BIO_printf(bio_err,"For some fields there will be a default value,\n");
- BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
- BIO_printf(bio_err,"-----\n");
- }
-
-
- if (sk_CONF_VALUE_num(dn_sk))
- {
- i= -1;
-start: for (;;)
- {
+ if (!batch) {
+ BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n");
+ BIO_printf(bio_err, "into your certificate request.\n");
+ BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ BIO_printf(bio_err, "There are quite a few fields but you can leave some blank\n");
+ BIO_printf(bio_err, "For some fields there will be a default value,\n");
+ BIO_printf(bio_err, "If you enter '.', the field will be left blank.\n");
+ BIO_printf(bio_err, "-----\n");
+ }
+ if (sk_CONF_VALUE_num(dn_sk)) {
+ i = -1;
+start: for (;;) {
int ret;
i++;
- if (sk_CONF_VALUE_num(dn_sk) <= i) break;
-
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- if(!check_end(type,"_min") || !check_end(type,"_max") ||
- !check_end(type,"_default") ||
- !check_end(type,"_value")) continue;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
+ if (sk_CONF_VALUE_num(dn_sk) <= i)
+ break;
+
+ v = sk_CONF_VALUE_value(dn_sk, i);
+ p = q = NULL;
+ type = v->name;
+ if (!check_end(type, "_min") || !check_end(type, "_max") ||
+ !check_end(type, "_default") ||
+ !check_end(type, "_value"))
+ continue;
+ /*
+ * Skip past any leading X. X: X, etc to allow for
+ * multiple instances
*/
- for(p = v->name; *p ; p++)
+ for (p = v->name; *p; p++)
if ((*p == ':') || (*p == ',') ||
- (*p == '.')) {
+ (*p == '.')) {
p++;
- if(*p) type = p;
+ if (*p)
+ type = p;
break;
}
- if (*type == '+')
- {
+ if (*type == '+') {
mval = -1;
type++;
- }
- else
+ } else
mval = 0;
/* If OBJ not recognised ignore it */
- if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
- ret = snprintf(buf,sizeof buf,"%s_default",v->name);
- if (ret == -1 || ret >= sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
+ if ((nid = OBJ_txt2nid(type)) == NID_undef)
+ goto start;
+ ret = snprintf(buf, sizeof buf, "%s_default", v->name);
+ if (ret == -1 || ret >= sizeof(buf)) {
+ BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+ return 0;
+ }
+ if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
- def="";
- }
-
- (void) snprintf(buf,sizeof buf,"%s_value",v->name);
- if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
+ def = "";
+ }
+ (void) snprintf(buf, sizeof buf, "%s_value", v->name);
+ if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
- value=NULL;
- }
-
- (void) snprintf(buf,sizeof buf,"%s_min",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
- {
+ value = NULL;
+ }
+ (void) snprintf(buf, sizeof buf, "%s_min", v->name);
+ if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
- }
-
- (void) snprintf(buf,sizeof buf,"%s_max",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
- {
+ }
+ (void) snprintf(buf, sizeof buf, "%s_max", v->name);
+ if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
- }
-
- if (!add_DN_object(subj,v->value,def,value,nid,
- n_min,n_max, chtype, mval))
- return 0;
}
- if (X509_NAME_entry_count(subj) == 0)
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
+ if (!add_DN_object(subj, v->value, def, value, nid,
+ n_min, n_max, chtype, mval))
+ return 0;
+ }
+ if (X509_NAME_entry_count(subj) == 0) {
+ BIO_printf(bio_err, "error, no objects specified in config file\n");
return 0;
+ }
+ if (attribs) {
+ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) {
+ BIO_printf(bio_err, "\nPlease enter the following 'extra' attributes\n");
+ BIO_printf(bio_err, "to be sent with your certificate request\n");
}
-
- if (attribs)
- {
- if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
- {
- BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
- BIO_printf(bio_err,"to be sent with your certificate request\n");
- }
-
- i= -1;
-start2: for (;;)
- {
+ i = -1;
+ start2: for (;;) {
int ret;
i++;
if ((attr_sk == NULL) ||
- (sk_CONF_VALUE_num(attr_sk) <= i))
+ (sk_CONF_VALUE_num(attr_sk) <= i))
break;
- v=sk_CONF_VALUE_value(attr_sk,i);
- type=v->name;
- if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ v = sk_CONF_VALUE_value(attr_sk, i);
+ type = v->name;
+ if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
- ret = snprintf(buf,sizeof buf,"%s_default",type);
- if (ret == -1 || ret >= sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
+ ret = snprintf(buf, sizeof buf, "%s_default", type);
+ if (ret == -1 || ret >= sizeof(buf)) {
+ BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+ return 0;
+ }
+ if ((def = NCONF_get_string(req_conf, attr_sect, buf))
+ == NULL) {
ERR_clear_error();
- def="";
- }
-
-
- (void) snprintf(buf,sizeof buf,"%s_value",type);
- if ((value=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
+ def = "";
+ }
+ (void) snprintf(buf, sizeof buf, "%s_value", type);
+ if ((value = NCONF_get_string(req_conf, attr_sect, buf))
+ == NULL) {
ERR_clear_error();
- value=NULL;
- }
-
- (void) snprintf(buf,sizeof buf,"%s_min",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
- {
+ value = NULL;
+ }
+ (void) snprintf(buf, sizeof buf, "%s_min", type);
+ if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
- }
-
- (void) snprintf(buf,sizeof buf,"%s_max",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
- {
+ }
+ (void) snprintf(buf, sizeof buf, "%s_max", type);
+ if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
- }
-
+ }
if (!add_attribute_object(req,
- v->value,def,value,nid,n_min,n_max, chtype))
+ v->value, def, value, nid, n_min, n_max, chtype))
return 0;
- }
}
}
- else
- {
- BIO_printf(bio_err,"No template, please set one up.\n");
+ } else {
+ BIO_printf(bio_err, "No template, please set one up.\n");
return 0;
- }
+ }
return 1;
- }
+}
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
- STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
- {
+static int
+auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * dn_sk,
+ STACK_OF(CONF_VALUE) * attr_sk, int attribs, unsigned long chtype)
+{
int i;
- char *p,*q;
+ char *p, *q;
char *type;
CONF_VALUE *v;
X509_NAME *subj;
subj = X509_REQ_get_subject_name(req);
- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
- {
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
int mval;
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
+ v = sk_CONF_VALUE_value(dn_sk, i);
+ p = q = NULL;
+ type = v->name;
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple
+ * instances
*/
- for(p = v->name; *p ; p++)
+ for (p = v->name; *p; p++)
if ((*p == ':') || (*p == ',') || (*p == '.')) {
p++;
- if(*p) type = p;
+ if (*p)
+ type = p;
break;
}
- if (*p == '+')
- {
+ if (*p == '+') {
p++;
mval = -1;
- }
- else
+ } else
mval = 0;
- if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
- (unsigned char *) v->value,-1,-1,mval)) return 0;
+ if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
+ (unsigned char *) v->value, -1, -1, mval))
+ return 0;
- }
+ }
- if (!X509_NAME_entry_count(subj))
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
- return 0;
- }
- if (attribs)
- {
- for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
- {
- v=sk_CONF_VALUE_value(attr_sk,i);
- if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
- (unsigned char *)v->value, -1)) return 0;
- }
- }
- return 1;
+ if (!X509_NAME_entry_count(subj)) {
+ BIO_printf(bio_err, "error, no objects specified in config file\n");
+ return 0;
}
+ if (attribs) {
+ for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
+ v = sk_CONF_VALUE_value(attr_sk, i);
+ if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+ (unsigned char *) v->value, -1))
+ return 0;
+ }
+ }
+ return 1;
+}
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid, int n_min, int n_max, unsigned long chtype, int mval)
- {
- int i,ret=0;
+static int
+add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
+ int nid, int n_min, int n_max, unsigned long chtype, int mval)
+{
+ int i, ret = 0;
char buf[1024];
start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if(value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- if (!fgets(buf,sizeof buf,stdin))
+ if (!batch)
+ BIO_printf(bio_err, "%s [%s]:", text, def);
+ (void) BIO_flush(bio_err);
+ if (value != NULL) {
+ BUF_strlcpy(buf, value, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ BIO_printf(bio_err, "%s\n", value);
+ } else {
+ buf[0] = '\0';
+ if (!batch) {
+ if (!fgets(buf, sizeof buf, stdin))
return 0;
- }
- else
- {
+ } else {
buf[0] = '\n';
buf[1] = '\0';
- }
}
+ }
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
+ if (buf[0] == '\0')
+ return (0);
+ else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
- if(!req_check_len(i, n_min, n_max)) goto start;
- if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
- (unsigned char *) buf, -1,-1,mval)) goto err;
- ret=1;
-err:
- return(ret);
+ return (1);
+ BUF_strlcpy(buf, def, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ } else if ((buf[0] == '.') && (buf[1] == '\n'))
+ return (1);
+
+ i = strlen(buf);
+ if (buf[i - 1] != '\n') {
+ BIO_printf(bio_err, "weird input :-(\n");
+ return (0);
}
+ buf[--i] = '\0';
+ if (!req_check_len(i, n_min, n_max))
+ goto start;
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *) buf, -1, -1, mval))
+ goto err;
+ ret = 1;
+err:
+ return (ret);
+}
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype)
- {
+static int
+add_attribute_object(X509_REQ * req, char *text, const char *def,
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype)
+{
int i;
static char buf[1024];
start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if (value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- if (!fgets(buf,sizeof buf,stdin))
+ if (!batch)
+ BIO_printf(bio_err, "%s [%s]:", text, def);
+ (void) BIO_flush(bio_err);
+ if (value != NULL) {
+ BUF_strlcpy(buf, value, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ BIO_printf(bio_err, "%s\n", value);
+ } else {
+ buf[0] = '\0';
+ if (!batch) {
+ if (!fgets(buf, sizeof buf, stdin))
return 0;
- }
- else
- {
+ } else {
buf[0] = '\n';
buf[1] = '\0';
- }
}
+ }
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
+ if (buf[0] == '\0')
+ return (0);
+ else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
- if(!req_check_len(i, n_min, n_max)) goto start;
+ return (1);
+ BUF_strlcpy(buf, def, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ } else if ((buf[0] == '.') && (buf[1] == '\n'))
+ return (1);
+
+ i = strlen(buf);
+ if (buf[i - 1] != '\n') {
+ BIO_printf(bio_err, "weird input :-(\n");
+ return (0);
+ }
+ buf[--i] = '\0';
+ if (!req_check_len(i, n_min, n_max))
+ goto start;
- if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
- (unsigned char *)buf, -1)) {
+ if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+ (unsigned char *) buf, -1)) {
BIO_printf(bio_err, "Error adding attribute\n");
ERR_print_errors(bio_err);
goto err;
}
-
- return(1);
+ return (1);
err:
- return(0);
- }
+ return (0);
+}
-static int req_check_len(int len, int n_min, int n_max)
- {
- if ((n_min > 0) && (len < n_min))
- {
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
- return(0);
- }
- if ((n_max >= 0) && (len > n_max))
- {
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
- return(0);
- }
- return(1);
+static int
+req_check_len(int len, int n_min, int n_max)
+{
+ if ((n_min > 0) && (len < n_min)) {
+ BIO_printf(bio_err, "string is too short, it needs to be at least %d bytes long\n", n_min);
+ return (0);
+ }
+ if ((n_max >= 0) && (len > n_max)) {
+ BIO_printf(bio_err, "string is too long, it needs to be less than %d bytes long\n", n_max);
+ return (0);
}
+ return (1);
+}
/* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
+static int
+check_end(const char *str, const char *end)
{
- int elen, slen;
+ int elen, slen;
const char *tmp;
elen = strlen(end);
slen = strlen(str);
- if(elen > slen) return 1;
+ if (elen > slen)
+ return 1;
tmp = str + slen - elen;
return strcmp(tmp, end);
}
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
- long *pkeylen, char **palgnam,
- ENGINE *keygen_engine)
- {
+static EVP_PKEY_CTX *
+set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
+ long *pkeylen, char **palgnam,
+ ENGINE * keygen_engine)
+{
EVP_PKEY_CTX *gctx = NULL;
EVP_PKEY *param = NULL;
long keylen = -1;
BIO *pbio = NULL;
const char *paramfile = NULL;
- if (gstr == NULL)
- {
+ if (gstr == NULL) {
*pkey_type = EVP_PKEY_RSA;
keylen = *pkeylen;
- }
- else if (gstr[0] >= '0' && gstr[0] <= '9')
- {
+ } else if (gstr[0] >= '0' && gstr[0] <= '9') {
*pkey_type = EVP_PKEY_RSA;
keylen = atol(gstr);
*pkeylen = keylen;
- }
- else if (!strncmp(gstr, "param:", 6))
+ } else if (!strncmp(gstr, "param:", 6))
paramfile = gstr + 6;
- else
- {
+ else {
const char *p = strchr(gstr, ':');
int len;
ENGINE *tmpeng;
len = p - gstr;
else
len = strlen(gstr);
- /* The lookup of a the string will cover all engines so
- * keep a note of the implementation.
+ /*
+ * The lookup of a the string will cover all engines so keep
+ * a note of the implementation.
*/
ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
- if (!ameth)
- {
+ if (!ameth) {
BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
return NULL;
- }
-
+ }
EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
- ameth);
+ ameth);
#ifndef OPENSSL_NO_ENGINE
if (tmpeng)
ENGINE_finish(tmpeng);
#endif
- if (*pkey_type == EVP_PKEY_RSA)
- {
- if (p)
- {
+ if (*pkey_type == EVP_PKEY_RSA) {
+ if (p) {
keylen = atol(p + 1);
*pkeylen = keylen;
- }
- else
+ } else
keylen = *pkeylen;
- }
- else if (p)
+ } else if (p)
paramfile = p + 1;
- }
+ }
- if (paramfile)
- {
+ if (paramfile) {
pbio = BIO_new_file(paramfile, "r");
- if (!pbio)
- {
+ if (!pbio) {
BIO_printf(err, "Can't open parameter file %s\n",
- paramfile);
+ paramfile);
return NULL;
- }
+ }
param = PEM_read_bio_Parameters(pbio, NULL);
- if (!param)
- {
+ if (!param) {
X509 *x;
- (void)BIO_reset(pbio);
+ (void) BIO_reset(pbio);
x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
- if (x)
- {
+ if (x) {
param = X509_get_pubkey(x);
X509_free(x);
- }
}
-
+ }
BIO_free(pbio);
- if (!param)
- {
+ if (!param) {
BIO_printf(err, "Error reading parameter file %s\n",
- paramfile);
+ paramfile);
return NULL;
- }
+ }
if (*pkey_type == -1)
*pkey_type = EVP_PKEY_id(param);
- else if (*pkey_type != EVP_PKEY_base_id(param))
- {
+ else if (*pkey_type != EVP_PKEY_base_id(param)) {
BIO_printf(err, "Key Type does not match parameters\n");
EVP_PKEY_free(param);
return NULL;
- }
}
-
- if (palgnam)
- {
+ }
+ if (palgnam) {
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng;
const char *anam;
ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
- if (!ameth)
- {
+ if (!ameth) {
BIO_puts(err, "Internal error: can't find key algorithm\n");
return NULL;
- }
+ }
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
*palgnam = BUF_strdup(anam);
#ifndef OPENSSL_NO_ENGINE
if (tmpeng)
ENGINE_finish(tmpeng);
#endif
- }
-
- if (param)
- {
+ }
+ if (param) {
gctx = EVP_PKEY_CTX_new(param, keygen_engine);
*pkeylen = EVP_PKEY_bits(param);
EVP_PKEY_free(param);
- }
- else
+ } else
gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
- if (!gctx)
- {
+ if (!gctx) {
BIO_puts(err, "Error allocating keygen context\n");
ERR_print_errors(err);
return NULL;
- }
-
- if (EVP_PKEY_keygen_init(gctx) <= 0)
- {
+ }
+ if (EVP_PKEY_keygen_init(gctx) <= 0) {
BIO_puts(err, "Error initializing keygen context\n");
ERR_print_errors(err);
return NULL;
- }
+ }
#ifndef OPENSSL_NO_RSA
- if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
- {
- if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
- {
+ if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(err, "Error setting RSA keysize\n");
ERR_print_errors(err);
EVP_PKEY_CTX_free(gctx);
return NULL;
- }
}
+ }
#endif
return gctx;
- }
+}
-static int genpkey_cb(EVP_PKEY_CTX *ctx)
- {
- char c='*';
+static int
+genpkey_cb(EVP_PKEY_CTX * ctx)
+{
+ char c = '*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(b,&c,1);
- (void)BIO_flush(b);
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(b, &c, 1);
+ (void) BIO_flush(b);
#ifdef LINT
- p=n;
+ p = n;
#endif
return 1;
- }
+}
-static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
- const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
- {
+static int
+do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey,
+ const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts)
+{
EVP_PKEY_CTX *pkctx = NULL;
int i;
EVP_MD_CTX_init(ctx);
if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
return 0;
- for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
- {
+ for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
- if (pkey_ctrl_string(pkctx, sigopt) <= 0)
- {
+ if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
BIO_printf(err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
return 0;
- }
}
- return 1;
}
+ return 1;
+}
-int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts)
- {
+int
+do_X509_sign(BIO * err, X509 * x, EVP_PKEY * pkey, const EVP_MD * md,
+ STACK_OF(OPENSSL_STRING) * sigopts)
+{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = X509_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
- }
+}
-int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts)
- {
+int
+do_X509_REQ_sign(BIO * err, X509_REQ * x, EVP_PKEY * pkey, const EVP_MD * md,
+ STACK_OF(OPENSSL_STRING) * sigopts)
+{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = X509_REQ_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
- }
-
-
+}
+
+
-int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts)
- {
+int
+do_X509_CRL_sign(BIO * err, X509_CRL * x, EVP_PKEY * pkey, const EVP_MD * md,
+ STACK_OF(OPENSSL_STRING) * sigopts)
+{
int rv;
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
rv = X509_CRL_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
- }
-
-
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
- int ret=1;
- RSA *rsa=NULL;
- int i,badops=0, sgckey=0;
- const EVP_CIPHER *enc=NULL;
- BIO *out=NULL;
- int informat,outformat,text=0,check=0,noout=0;
+ int ret = 1;
+ RSA *rsa = NULL;
+ int i, badops = 0, sgckey = 0;
+ const EVP_CIPHER *enc = NULL;
+ BIO *out = NULL;
+ int informat, outformat, text = 0, check = 0, noout = 0;
int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
+ char *infile, *outfile, *prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
- int modulus=0;
+ int modulus = 0;
int pvk_encr = 2;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
- prog=argv[0];
+ prog = argv[0];
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-sgckey") == 0)
- sgckey=1;
- else if (strcmp(*argv,"-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv,"-pubout") == 0)
- pubout=1;
- else if (strcmp(*argv,"-RSAPublicKey_in") == 0)
+ else if (strcmp(*argv, "-sgckey") == 0)
+ sgckey = 1;
+ else if (strcmp(*argv, "-pubin") == 0)
+ pubin = 1;
+ else if (strcmp(*argv, "-pubout") == 0)
+ pubout = 1;
+ else if (strcmp(*argv, "-RSAPublicKey_in") == 0)
pubin = 2;
- else if (strcmp(*argv,"-RSAPublicKey_out") == 0)
+ else if (strcmp(*argv, "-RSAPublicKey_out") == 0)
pubout = 2;
- else if (strcmp(*argv,"-pvk-strong") == 0)
- pvk_encr=2;
- else if (strcmp(*argv,"-pvk-weak") == 0)
- pvk_encr=1;
- else if (strcmp(*argv,"-pvk-none") == 0)
- pvk_encr=0;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ else if (strcmp(*argv, "-pvk-strong") == 0)
+ pvk_encr = 2;
+ else if (strcmp(*argv, "-pvk-weak") == 0)
+ pvk_encr = 1;
+ else if (strcmp(*argv, "-pvk-none") == 0)
+ pvk_encr = 0;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = 1;
+ else if (strcmp(*argv, "-check") == 0)
+ check = 1;
+ else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
+ BIO_printf(bio_err, " -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+ BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
+ BIO_printf(bio_err, " -seed encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
+ BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
+ BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the RSA key modulus\n");
- BIO_printf(bio_err," -check verify key consistency\n");
- BIO_printf(bio_err," -pubin expect a public key in input file\n");
- BIO_printf(bio_err," -pubout output a public key\n");
+ BIO_printf(bio_err, " -text print the key in text\n");
+ BIO_printf(bio_err, " -noout don't print key out\n");
+ BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
+ BIO_printf(bio_err, " -check verify key consistency\n");
+ BIO_printf(bio_err, " -pubin expect a public key in input file\n");
+ BIO_printf(bio_err, " -pubout output a public key\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
- }
-
+ }
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
-
- if(check && pubin) {
+ if (check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
}
-
- out=BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
{
- EVP_PKEY *pkey;
+ EVP_PKEY *pkey;
- if (pubin)
- {
- int tmpformat=-1;
- if (pubin == 2)
- {
+ if (pubin) {
+ int tmpformat = -1;
+ if (pubin == 2) {
if (informat == FORMAT_PEM)
tmpformat = FORMAT_PEMRSA;
else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
- }
- else if (informat == FORMAT_NETSCAPE && sgckey)
+ } else if (informat == FORMAT_NETSCAPE && sgckey)
tmpformat = FORMAT_IISSGC;
else
tmpformat = informat;
-
+
pkey = load_pubkey(bio_err, infile, tmpformat, 1,
- passin, e, "Public Key");
- }
- else
+ passin, e, "Public Key");
+ } else
pkey = load_key(bio_err, infile,
- (informat == FORMAT_NETSCAPE && sgckey ?
- FORMAT_IISSGC : informat), 1,
- passin, e, "Private Key");
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
}
- if (rsa == NULL)
- {
+ if (rsa == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
- }
}
+ }
- if (text)
- if (!RSA_print(out,rsa,0))
- {
+ if (text)
+ if (!RSA_print(out, rsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
- }
-
- if (modulus)
- {
- BIO_printf(out,"Modulus=");
- BN_print(out,rsa->n);
- BIO_printf(out,"\n");
}
-
- if (check)
- {
+ if (modulus) {
+ BIO_printf(out, "Modulus=");
+ BN_print(out, rsa->n);
+ BIO_printf(out, "\n");
+ }
+ if (check) {
int r = RSA_check_key(rsa);
if (r == 1)
- BIO_printf(out,"RSA key ok\n");
- else if (r == 0)
- {
+ BIO_printf(out, "RSA key ok\n");
+ else if (r == 0) {
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
- ERR_GET_LIB(err) == ERR_LIB_RSA &&
- ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
- ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
- {
+ ERR_GET_LIB(err) == ERR_LIB_RSA &&
+ ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+ ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
- ERR_get_error(); /* remove e from error stack */
- }
+ ERR_get_error(); /* remove e from error
+ * stack */
}
-
- if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
- {
+ }
+ if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
+ * r == -1 */
ERR_print_errors(bio_err);
goto end;
- }
}
-
- if (noout)
- {
+ }
+ if (noout) {
ret = 0;
goto end;
- }
- BIO_printf(bio_err,"writing RSA key\n");
- if (outformat == FORMAT_ASN1) {
- if(pubout || pubin)
- {
+ }
+ BIO_printf(bio_err, "writing RSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if (pubout || pubin) {
if (pubout == 2)
- i=i2d_RSAPublicKey_bio(out,rsa);
+ i = i2d_RSAPublicKey_bio(out, rsa);
else
- i=i2d_RSA_PUBKEY_bio(out,rsa);
- }
- else i=i2d_RSAPrivateKey_bio(out,rsa);
+ i = i2d_RSA_PUBKEY_bio(out, rsa);
+ } else
+ i = i2d_RSAPrivateKey_bio(out, rsa);
}
#ifndef OPENSSL_NO_RC4
- else if (outformat == FORMAT_NETSCAPE)
- {
- unsigned char *p,*pp;
+ else if (outformat == FORMAT_NETSCAPE) {
+ unsigned char *p, *pp;
int size;
- i=1;
- size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
- if ((p=(unsigned char *)malloc(size)) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
+ i = 1;
+ size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
+ if ((p = (unsigned char *) malloc(size)) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
- }
- pp=p;
- i2d_RSA_NET(rsa,&p,NULL, sgckey);
- BIO_write(out,(char *)pp,size);
- free(pp);
}
+ pp = p;
+ i2d_RSA_NET(rsa, &p, NULL, sgckey);
+ BIO_write(out, (char *) pp, size);
+ free(pp);
+ }
#endif
else if (outformat == FORMAT_PEM) {
- if(pubout || pubin)
- {
+ if (pubout || pubin) {
if (pubout == 2)
- i=PEM_write_bio_RSAPublicKey(out,rsa);
+ i = PEM_write_bio_RSAPublicKey(out, rsa);
else
- i=PEM_write_bio_RSA_PUBKEY(out,rsa);
- }
- else i=PEM_write_bio_RSAPrivateKey(out,rsa,
- enc,NULL,0,NULL,passout);
+ i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+ } else
+ i = PEM_write_bio_RSAPrivateKey(out, rsa,
+ enc, NULL, 0, NULL, passout);
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
- if (i <= 0)
- {
- BIO_printf(bio_err,"unable to write key\n");
+ }
+ if (i <= 0) {
+ BIO_printf(bio_err, "unable to write key\n");
ERR_print_errors(bio_err);
- }
- else
- ret=0;
+ } else
+ ret = 0;
end:
- if(out != NULL) BIO_free_all(out);
- if(rsa != NULL) RSA_free(rsa);
- if(passin) free(passin);
- if(passout) free(passout);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (rsa != NULL)
+ RSA_free(rsa);
+ if (passin)
+ free(passin);
+ if (passout)
+ free(passout);
apps_shutdown();
- return(ret);
- }
-#else /* !OPENSSL_NO_RSA */
+ return (ret);
+}
+#else /* !OPENSSL_NO_RSA */
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+#if PEDANTIC
+static void *dummy = &dummy;
+#endif
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int argc, char **);
-int MAIN(int argc, char **argv)
+int
+MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
argc--;
argv++;
- if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (!bio_err)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING;
-
- while(argc >= 1)
- {
- if (!strcmp(*argv,"-in")) {
+
+ while (argc >= 1) {
+ if (!strcmp(*argv, "-in")) {
if (--argc < 1)
badarg = 1;
else
- infile= *(++argv);
- } else if (!strcmp(*argv,"-out")) {
+ infile = *(++argv);
+ } else if (!strcmp(*argv, "-out")) {
if (--argc < 1)
badarg = 1;
else
- outfile= *(++argv);
- } else if(!strcmp(*argv, "-inkey")) {
+ outfile = *(++argv);
+ } else if (!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
else
keyfile = *(++argv);
- } else if (!strcmp(*argv,"-passin")) {
+ } else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
badarg = 1;
else
- passargin= *(++argv);
- } else if (strcmp(*argv,"-keyform") == 0) {
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
badarg = 1;
else
- keyform=str2fmt(*(++argv));
+ keyform = str2fmt(*(++argv));
#ifndef OPENSSL_NO_ENGINE
- } else if(!strcmp(*argv, "-engine")) {
+ } else if (!strcmp(*argv, "-engine")) {
if (--argc < 1)
badarg = 1;
else
engine = *(++argv);
#endif
- } else if(!strcmp(*argv, "-pubin")) {
+ } else if (!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
- } else if(!strcmp(*argv, "-certin")) {
+ } else if (!strcmp(*argv, "-certin")) {
key_type = KEY_CERT;
- }
- else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
- else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
- else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
- else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
- else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
- else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
- else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
- else if(!strcmp(*argv, "-sign")) {
+ } else if (!strcmp(*argv, "-asn1parse"))
+ asn1parse = 1;
+ else if (!strcmp(*argv, "-hexdump"))
+ hexdump = 1;
+ else if (!strcmp(*argv, "-raw"))
+ pad = RSA_NO_PADDING;
+ else if (!strcmp(*argv, "-oaep"))
+ pad = RSA_PKCS1_OAEP_PADDING;
+ else if (!strcmp(*argv, "-ssl"))
+ pad = RSA_SSLV23_PADDING;
+ else if (!strcmp(*argv, "-pkcs"))
+ pad = RSA_PKCS1_PADDING;
+ else if (!strcmp(*argv, "-x931"))
+ pad = RSA_X931_PADDING;
+ else if (!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN;
need_priv = 1;
- } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
- else if(!strcmp(*argv, "-rev")) rev = 1;
- else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
- else if(!strcmp(*argv, "-decrypt")) {
+ } else if (!strcmp(*argv, "-verify"))
+ rsa_mode = RSA_VERIFY;
+ else if (!strcmp(*argv, "-rev"))
+ rev = 1;
+ else if (!strcmp(*argv, "-encrypt"))
+ rsa_mode = RSA_ENCRYPT;
+ else if (!strcmp(*argv, "-decrypt")) {
rsa_mode = RSA_DECRYPT;
need_priv = 1;
- } else badarg = 1;
- if(badarg) {
+ } else
+ badarg = 1;
+ if (badarg) {
usage();
goto end;
}
argv++;
}
- if(need_priv && (key_type != KEY_PRIVKEY)) {
+ if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
-
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
-
- switch(key_type) {
- case KEY_PRIVKEY:
+
+ switch (key_type) {
+ case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
- passin, e, "Private Key");
+ passin, e, "Private Key");
break;
- case KEY_PUBKEY:
+ case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
- NULL, e, "Public Key");
+ NULL, e, "Public Key");
break;
- case KEY_CERT:
+ case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform,
- NULL, e, "Certificate");
- if(x) {
+ NULL, e, "Certificate");
+ if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
- if(!pkey) {
+ if (!pkey) {
return 1;
}
-
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
- if(!rsa) {
+ if (!rsa) {
BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err);
goto end;
}
-
-
- if(infile) {
- if(!(in = BIO_new_file(infile, "rb"))) {
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
- ERR_print_errors(bio_err);
+ ERR_print_errors(bio_err);
goto end;
}
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if(outfile) {
- if(!(out = BIO_new_file(outfile, "wb"))) {
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
- ERR_print_errors(bio_err);
+ ERR_print_errors(bio_err);
goto end;
}
} else {
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
- if(rsa_inlen <= 0) {
+ if (rsa_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
- if(rev) {
+ if (rev) {
int i;
unsigned char ctmp;
- for(i = 0; i < rsa_inlen/2; i++) {
+ for (i = 0; i < rsa_inlen / 2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
- switch(rsa_mode) {
+ switch (rsa_mode) {
- case RSA_VERIFY:
- rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ case RSA_VERIFY:
+ rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
- case RSA_SIGN:
- rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ case RSA_SIGN:
+ rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
- case RSA_ENCRYPT:
- rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ case RSA_ENCRYPT:
+ rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
- case RSA_DECRYPT:
- rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ case RSA_DECRYPT:
+ rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
}
- if(rsa_outlen <= 0) {
+ if (rsa_outlen <= 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
- if(asn1parse) {
- if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+ if (asn1parse) {
+ if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
- } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
- else BIO_write(out, rsa_out, rsa_outlen);
- end:
+ } else if (hexdump)
+ BIO_dump(out, (char *) rsa_out, rsa_outlen);
+ else
+ BIO_write(out, rsa_out, rsa_outlen);
+end:
RSA_free(rsa);
BIO_free(in);
BIO_free_all(out);
- if(rsa_in) free(rsa_in);
- if(rsa_out) free(rsa_out);
- if(passin) free(passin);
+ if (rsa_in)
+ free(rsa_in);
+ if (rsa_out)
+ free(rsa_out);
+ if (passin)
+ free(passin);
return ret;
}
-static void usage()
+static void
+usage()
{
BIO_printf(bio_err, "Usage: rsautl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
- BIO_printf (bio_err, "-passin arg pass phrase source\n");
+ BIO_printf(bio_err, "-passin arg pass phrase source\n");
#endif
}
-#else /* !OPENSSL_NO_RSA */
+#else /* !OPENSSL_NO_RSA */
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+#if PEDANTIC
+static void *dummy = &dummy;
+#endif
#endif
int cookie_initialized = 0;
int
-verify_callback(int ok, X509_STORE_CTX *ctx)
+verify_callback(int ok, X509_STORE_CTX * ctx)
{
X509 *err_cert;
int err, depth;
}
int
-set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
/*
*/
if (SSL_CTX_use_certificate_file(ctx, cert_file,
- SSL_FILETYPE_PEM) <= 0) {
+ SSL_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err,
"unable to get certificate from '%s'\n", cert_file);
ERR_print_errors(bio_err);
if (key_file == NULL)
key_file = cert_file;
if (SSL_CTX_use_PrivateKey_file(ctx, key_file,
- SSL_FILETYPE_PEM) <= 0) {
+ SSL_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err,
"unable to get private key from '%s'\n", key_file);
ERR_print_errors(bio_err);
return (0);
}
-
/*
In theory this is no longer needed
ssl=SSL_new(ctx);
SSL_free(ssl);
*/
- /* If we are using DSA, we can copy the parameters from
- * the private key */
+ /*
+ * If we are using DSA, we can copy the parameters from the
+ * private key
+ */
- /* Now we know that a key and cert have been set against
- * the SSL context */
+ /*
+ * Now we know that a key and cert have been set against the
+ * SSL context
+ */
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
"Private key does not match the certificate public key\n");
}
int
-set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
{
- if (cert == NULL)
+ if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
BIO_printf(bio_err, "error setting certificate\n");
ERR_print_errors(bio_err);
return 0;
}
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
+ /*
+ * Now we know that a key and cert have been set against the SSL
+ * context
+ */
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
"Private key does not match the certificate public key\n");
}
long
-bio_dump_callback(BIO *bio, int cmd, const char *argp,
+bio_dump_callback(BIO * bio, int cmd, const char *argp,
int argi, long argl, long ret)
{
BIO *out;
- out = (BIO *)BIO_get_callback_arg(bio);
+ out = (BIO *) BIO_get_callback_arg(bio);
if (out == NULL)
return (ret);
- if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) {
+ if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
BIO_printf(out,
"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
- (void *)bio, argp, (unsigned long)argi, ret, ret);
- BIO_dump(out, argp, (int)ret);
+ (void *) bio, argp, (unsigned long) argi, ret, ret);
+ BIO_dump(out, argp, (int) ret);
return (ret);
- } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) {
+ } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
BIO_printf(out,
"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
- (void *)bio, argp, (unsigned long)argi, ret, ret);
- BIO_dump(out, argp, (int)ret);
+ (void *) bio, argp, (unsigned long) argi, ret, ret);
+ BIO_dump(out, argp, (int) ret);
}
return (ret);
}
void
-apps_ssl_info_callback(const SSL *s, int where, int ret)
+apps_ssl_info_callback(const SSL * s, int where, int ret)
{
const char *str;
int w;
void
-msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg)
{
BIO *bio = arg;
- const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = "";
+ const char *str_write_p, *str_version, *str_content_type = "",
+ *str_details1 = "", *str_details2 = "";
str_write_p = write_p ? ">>>" : "<<<";
str_details1 = "???";
if (len > 0) {
- switch (((const unsigned char*)buf)[0]) {
+ switch (((const unsigned char *) buf)[0]) {
case 0:
str_details1 = ", ERROR:";
str_details2 = " ???";
if (len >= 3) {
- unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
+ unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
switch (err) {
case 0x0001:
break;
}
}
-
break;
case 1:
str_details1 = ", CLIENT-HELLO";
}
}
}
-
if (version == SSL3_VERSION || version == TLS1_VERSION ||
version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
break;
}
- if (content_type == 21) /* Alert */
- {
+ if (content_type == 21) { /* Alert */
str_details1 = ", ???";
if (len == 2) {
- switch (((const unsigned char*)buf)[0]) {
+ switch (((const unsigned char *) buf)[0]) {
case 1:
str_details1 = ", warning";
break;
}
str_details2 = " ???";
- switch (((const unsigned char*)buf)[1]) {
+ switch (((const unsigned char *) buf)[1]) {
case 0:
str_details2 = " close_notify";
break;
}
}
}
-
- if (content_type == 22) /* Handshake */
- {
+ if (content_type == 22) { /* Handshake */
str_details1 = "???";
if (len > 0) {
- switch (((const unsigned char*)buf)[0]) {
+ switch (((const unsigned char *) buf)[0]) {
case 0:
str_details1 = ", HelloRequest";
break;
}
}
}
-
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p,
- str_version, str_content_type, (unsigned long)len,
+ str_version, str_content_type, (unsigned long) len,
str_details1, str_details2);
if (len > 0) {
if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n ");
BIO_printf(bio, " %02x",
- ((const unsigned char*)buf)[i]);
+ ((const unsigned char *) buf)[i]);
}
if (i < len)
BIO_printf(bio, " ...");
BIO_printf(bio, "\n");
}
- (void)BIO_flush(bio);
+ (void) BIO_flush(bio);
}
void
-tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len,
+tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,
void *arg)
{
BIO *bio = arg;
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
client_server ? "server" : "client", extname, type, len);
- BIO_dump(bio, (char *)data, len);
- (void)BIO_flush(bio);
+ BIO_dump(bio, (char *) data, len);
+ (void) BIO_flush(bio);
}
int
-generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+generate_cookie_callback(SSL * ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
}
cookie_initialized = 1;
}
-
/* Read peer information */
- (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+ (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
BIO_printf(bio_err, "out of memory\n");
return 0;
}
-
switch (peer.sa.sa_family) {
case AF_INET:
memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
}
int
-verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
+verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
return 0;
/* Read peer information */
- (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+ (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
BIO_printf(bio_err, "out of memory\n");
return 0;
}
-
switch (peer.sa.sa_family) {
case AF_INET:
memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/*#define SSL_HOST_NAME "193.118.187.102" */
#define SSL_HOST_NAME "localhost"
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
+ /*#define TEST_CERT "client.pem" *//* no default cert. */
#undef BUFSIZZ
#define BUFSIZZ 1024*8
extern int verify_return_error;
#ifdef FIONBIO
-static int c_nbio=0;
+static int c_nbio = 0;
#endif
-static int c_Pause=0;
-static int c_debug=0;
+static int c_Pause = 0;
+static int c_debug = 0;
#ifndef OPENSSL_NO_TLSEXT
-static int c_tlsextdebug=0;
-static int c_status_req=0;
+static int c_tlsextdebug = 0;
+static int c_status_req = 0;
#endif
-static int c_msg=0;
-static int c_showcerts=0;
+static int c_msg = 0;
+static int c_showcerts = 0;
-static char *keymatexportlabel=NULL;
-static int keymatexportlen=20;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
+static void print_stuff(BIO * berr, SSL * con, int full);
#ifndef OPENSSL_NO_TLSEXT
-static int ocsp_resp_cb(SSL *s, void *arg);
+static int ocsp_resp_cb(SSL * s, void *arg);
#endif
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-static int c_ign_eof=0;
+static BIO *bio_c_out = NULL;
+static int c_quiet = 0;
+static int c_ign_eof = 0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
-static char *psk_identity="Client_identity";
+static char *psk_identity = "Client_identity";
/*char *psk_key=NULL; by default PSK is not used */
-static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
- unsigned int max_identity_len, unsigned char *psk,
- unsigned int max_psk_len)
- {
+static unsigned int
+psk_client_cb(SSL * ssl, const char *hint, char *identity,
+ unsigned int max_identity_len, unsigned char *psk,
+ unsigned int max_psk_len)
+{
unsigned int psk_len = 0;
size_t maxlen = 0;
int ret;
- BIGNUM *bn=NULL;
+ BIGNUM *bn = NULL;
if (c_debug)
BIO_printf(bio_c_out, "psk_client_cb\n");
if (max_identity_len > INT_MAX)
goto out_err;
maxlen = max_identity_len;
- if (!hint)
- {
- /* no ServerKeyExchange message*/
+ if (!hint) {
+ /* no ServerKeyExchange message */
if (c_debug)
- BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
- }
- else if (c_debug)
+ BIO_printf(bio_c_out, "NULL received PSK identity hint, continuing anyway\n");
+ } else if (c_debug)
BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
- /* lookup PSK identity and PSK key based on the given identity hint here */
+ /*
+ * lookup PSK identity and PSK key based on the given identity hint
+ * here
+ */
ret = snprintf(identity, maxlen, "%s", psk_identity);
if (ret == -1 || ret >= maxlen)
goto out_err;
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
- ret=BN_hex2bn(&bn, psk_key);
- if (!ret)
- {
- BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
- if (bn)
- BN_free(bn);
- return 0;
- }
-
- if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
- {
- BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
- return 0;
- }
-
- psk_len=BN_bn2bin(bn, psk);
- BN_free(bn);
- if (psk_len == 0)
- goto out_err;
+ ret = BN_hex2bn(&bn, psk_key);
+ if (!ret) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key);
+ if (bn)
+ BN_free(bn);
+ return 0;
+ }
+ if ((unsigned int) BN_num_bytes(bn) > max_psk_len) {
+ BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
+ max_psk_len, BN_num_bytes(bn));
+ BN_free(bn);
+ return 0;
+ }
+ psk_len = BN_bn2bin(bn, psk);
+ BN_free(bn);
+ if (psk_len == 0)
+ goto out_err;
if (c_debug)
BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
- return psk_len;
- out_err:
+ return psk_len;
+out_err:
if (c_debug)
BIO_printf(bio_err, "Error in PSK client callback\n");
- return 0;
- }
+ return 0;
+}
#endif
-static void sc_usage(void)
- {
- BIO_printf(bio_err,"usage: s_client args\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -4 - Force IPv4\n");
- BIO_printf(bio_err," -6 - Force IPv6\n");
- BIO_printf(bio_err," -host host - use -connect instead\n");
- BIO_printf(bio_err," -port port - use -connect instead\n");
- BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
- BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
- BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified but cert file is.\n");
- BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
- BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
- BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
- BIO_printf(bio_err," -debug - extra output\n");
+static void
+sc_usage(void)
+{
+ BIO_printf(bio_err, "usage: s_client args\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -4 - Force IPv4\n");
+ BIO_printf(bio_err, " -6 - Force IPv6\n");
+ BIO_printf(bio_err, " -host host - use -connect instead\n");
+ BIO_printf(bio_err, " -port port - use -connect instead\n");
+ BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR);
+
+ BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err, " -key arg - Private key file to use, in cert file if\n");
+ BIO_printf(bio_err, " not specified but cert file is.\n");
+ BIO_printf(bio_err, " -keyform arg - key format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err, " -showcerts - show all certificates in the chain\n");
+ BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32
- BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
+ BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
#endif
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
- BIO_printf(bio_err," -state - print the 'ssl' states\n");
+ BIO_printf(bio_err, " -msg - Show protocol messages\n");
+ BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n");
+ BIO_printf(bio_err, " -state - print the 'ssl' states\n");
#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
+ BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
#endif
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -quiet - no s_client output\n");
- BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
- BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
+ BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err, " -quiet - no s_client output\n");
+ BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n");
+ BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n");
#ifndef OPENSSL_NO_PSK
- BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
- BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
-# ifndef OPENSSL_NO_JPAKE
- BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
-# endif
+ BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
+ BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
+#ifndef OPENSSL_NO_JPAKE
+ BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
+#endif
#endif
#ifndef OPENSSL_NO_SRP
- BIO_printf(bio_err," -srpuser user - SRP authentification for 'user'\n");
- BIO_printf(bio_err," -srppass arg - password for 'user'\n");
- BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n");
- BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n");
- BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
-#endif
- BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
- BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
- BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
- BIO_printf(bio_err," -tls1 - just use TLSv1\n");
- BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -mtu - set the link layer MTU\n");
- BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
- BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
- BIO_printf(bio_err," command to see what is available\n");
- BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
- BIO_printf(bio_err," for those protocols that support it, where\n");
- BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
- BIO_printf(bio_err," are supported.\n");
+ BIO_printf(bio_err, " -srpuser user - SRP authentification for 'user'\n");
+ BIO_printf(bio_err, " -srppass arg - password for 'user'\n");
+ BIO_printf(bio_err, " -srp_lateuser - SRP username into second ClientHello message\n");
+ BIO_printf(bio_err, " -srp_moregroups - Tolerate other than the known g N values.\n");
+ BIO_printf(bio_err, " -srp_strength int - minimal mength in bits for N (default %d).\n", SRP_MINIMAL_N);
+#endif
+ BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
+ BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
+ BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n");
+ BIO_printf(bio_err, " -tls1 - just use TLSv1\n");
+ BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err, " -mtu - set the link layer MTU\n");
+ BIO_printf(bio_err, " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+ BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n");
+ BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
+ BIO_printf(bio_err, " command to see what is available\n");
+ BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err, " for those protocols that support it, where\n");
+ BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err, " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+ BIO_printf(bio_err, " are supported.\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+ BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':');
- BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
- BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':');
+ BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
+ BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n");
#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
- BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
- BIO_printf(bio_err," -status - request certificate status from server\n");
- BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
- BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-# endif
-#endif
- BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n");
+ BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err, " -status - request certificate status from server\n");
+ BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
+#endif
+#endif
+ BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#ifndef OPENSSL_NO_SRTP
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+ BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
#endif
- BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
- BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
- }
+ BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+}
#ifndef OPENSSL_NO_TLSEXT
/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
- BIO * biodebug;
- int ack;
+ BIO *biodebug;
+ int ack;
} tlsextctx;
-static int ssl_servername_cb(SSL *s, int *ad, void *arg)
- {
- tlsextctx * p = (tlsextctx *) arg;
- const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (SSL_get_servername_type(s) != -1)
- p->ack = !SSL_session_reused(s) && hn != NULL;
- else
- BIO_printf(bio_err,"Can't use SSL_get_servername\n");
-
+static int
+ssl_servername_cb(SSL * s, int *ad, void *arg)
+{
+ tlsextctx *p = (tlsextctx *) arg;
+ const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (SSL_get_servername_type(s) != -1)
+ p->ack = !SSL_session_reused(s) && hn != NULL;
+ else
+ BIO_printf(bio_err, "Can't use SSL_get_servername\n");
+
return SSL_TLSEXT_ERR_OK;
- }
+}
#ifndef OPENSSL_NO_SRP
/* This is a context that we pass to all callbacks */
-typedef struct srp_arg_st
- {
+typedef struct srp_arg_st {
char *srppassin;
char *srplogin;
- int msg; /* copy from c_msg */
- int debug; /* copy from c_debug */
- int amp; /* allow more groups */
+ int msg; /* copy from c_msg */
+ int debug; /* copy from c_debug */
+ int amp; /* allow more groups */
int strength /* minimal size for N */ ;
- } SRP_ARG;
+} SRP_ARG;
#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
- {
+static int
+srp_Verify_N_and_g(BIGNUM * N, BIGNUM * g)
+{
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
int ret =
- g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
- BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
- p != NULL && BN_rshift1(p, N) &&
+ g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
+ BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
+ p != NULL && BN_rshift1(p, N) &&
- /* p = (N-1)/2 */
- BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
- r != NULL &&
+ /* p = (N-1)/2 */
+ BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
+ r != NULL &&
- /* verify g^((N-1)/2) == -1 (mod N) */
- BN_mod_exp(r, g, p, N, bn_ctx) &&
- BN_add_word(r, 1) &&
- BN_cmp(r, N) == 0;
+ /* verify g^((N-1)/2) == -1 (mod N) */
+ BN_mod_exp(r, g, p, N, bn_ctx) &&
+ BN_add_word(r, 1) &&
+ BN_cmp(r, N) == 0;
- if(r)
+ if (r)
BN_free(r);
- if(p)
+ if (p)
BN_free(p);
- if(bn_ctx)
+ if (bn_ctx)
BN_CTX_free(bn_ctx);
return ret;
- }
+}
/* This callback is used here for two purposes:
- extended debugging
The callback is only called for a non default group.
An application does not need the call back at all if
- only the stanard groups are used. In real life situations,
- client and server already share well known groups,
- thus there is no need to verify them.
+ only the stanard groups are used. In real life situations,
+ client and server already share well known groups,
+ thus there is no need to verify them.
Furthermore, in case that a server actually proposes a group that
- is not one of those defined in RFC 5054, it is more appropriate
- to add the group to a static list and then compare since
+ is not one of those defined in RFC 5054, it is more appropriate
+ to add the group to a static list and then compare since
primality tests are rather cpu consuming.
*/
-static int ssl_srp_verify_param_cb(SSL *s, void *arg)
- {
- SRP_ARG *srp_arg = (SRP_ARG *)arg;
+static int
+ssl_srp_verify_param_cb(SSL * s, void *arg)
+{
+ SRP_ARG *srp_arg = (SRP_ARG *) arg;
BIGNUM *N = NULL, *g = NULL;
if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
return 0;
- if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1)
- {
- BIO_printf(bio_err, "SRP parameters:\n");
- BIO_printf(bio_err,"\tN="); BN_print(bio_err,N);
- BIO_printf(bio_err,"\n\tg="); BN_print(bio_err,g);
- BIO_printf(bio_err,"\n");
- }
-
- if (SRP_check_known_gN_param(g,N))
+ if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
+ BIO_printf(bio_err, "SRP parameters:\n");
+ BIO_printf(bio_err, "\tN=");
+ BN_print(bio_err, N);
+ BIO_printf(bio_err, "\n\tg=");
+ BN_print(bio_err, g);
+ BIO_printf(bio_err, "\n");
+ }
+ if (SRP_check_known_gN_param(g, N))
return 1;
- if (srp_arg->amp == 1)
- {
+ if (srp_arg->amp == 1) {
if (srp_arg->debug)
BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
Implementors should rather add the value to the known ones.
The minimal size has already been tested.
*/
- if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))
+ if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
return 1;
- }
+ }
BIO_printf(bio_err, "SRP param N and g rejected.\n");
return 0;
- }
+}
#define PWD_STRLEN 1024
-static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
- {
- SRP_ARG *srp_arg = (SRP_ARG *)arg;
- char *pass = (char *)malloc(PWD_STRLEN+1);
+static char *
+ssl_give_srp_client_pwd_cb(SSL * s, void *arg)
+{
+ SRP_ARG *srp_arg = (SRP_ARG *) arg;
+ char *pass = (char *) malloc(PWD_STRLEN + 1);
PW_CB_DATA cb_tmp;
int l;
- cb_tmp.password = (char *)srp_arg->srppassin;
+ cb_tmp.password = (char *) srp_arg->srppassin;
cb_tmp.prompt_info = "SRP user";
- if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp))<0)
- {
- BIO_printf (bio_err, "Can't read Password\n");
+ if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
+ BIO_printf(bio_err, "Can't read Password\n");
free(pass);
return NULL;
- }
- *(pass+l)= '\0';
+ }
+ *(pass + l) = '\0';
return pass;
- }
+}
#endif
#ifndef OPENSSL_NO_SRTP
- char *srtp_profiles = NULL;
+char *srtp_profiles = NULL;
#endif
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
static tlsextnextprotoctx next_proto;
-static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
- {
+static int
+next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+{
tlsextnextprotoctx *ctx = arg;
- if (!c_quiet)
- {
+ if (!c_quiet) {
/* We can assume that |in| is syntactically valid. */
unsigned i;
BIO_printf(bio_c_out, "Protocols advertised by server: ");
- for (i = 0; i < inlen; )
- {
+ for (i = 0; i < inlen;) {
if (i)
BIO_write(bio_c_out, ", ", 2);
BIO_write(bio_c_out, &in[i + 1], in[i]);
i += in[i] + 1;
- }
- BIO_write(bio_c_out, "\n", 1);
}
-
+ BIO_write(bio_c_out, "\n", 1);
+ }
ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
return SSL_TLSEXT_ERR_OK;
- }
-# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+}
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
#endif
-enum
-{
- PROTO_OFF = 0,
+enum {
+ PROTO_OFF = 0,
PROTO_SMTP,
PROTO_POP3,
PROTO_IMAP,
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- unsigned int off=0, clr=0;
- SSL *con=NULL;
+int
+MAIN(int argc, char **argv)
+{
+ unsigned int off = 0, clr = 0;
+ SSL *con = NULL;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
- int s,k,width,state=0, af=AF_UNSPEC;
- char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
- int cbuf_len,cbuf_off;
- int sbuf_len,sbuf_off;
- fd_set readfds,writefds;
- char *port=PORT_STR;
- int full_log=1;
- char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
+ int s, k, width, state = 0, af = AF_UNSPEC;
+ char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
+ int cbuf_len, cbuf_off;
+ int sbuf_len, sbuf_off;
+ fd_set readfds, writefds;
+ char *port = PORT_STR;
+ int full_log = 1;
+ char *host = SSL_HOST_NAME;
+ char *cert_file = NULL, *key_file = NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
- char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
- int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
- int crlf=0;
- int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
- SSL_CTX *ctx=NULL;
- int ret=1,in_init=1,i,nbio_test=0;
+ char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
+ int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
+ int crlf = 0;
+ int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+ SSL_CTX *ctx = NULL;
+ int ret = 1, in_init = 1, i, nbio_test = 0;
int starttls_proto = PROTO_OFF;
int prexit = 0;
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- const SSL_METHOD *meth=NULL;
- int socket_type=SOCK_STREAM;
+ const SSL_METHOD *meth = NULL;
+ int socket_type = SOCK_STREAM;
BIO *sbio;
- char *inrand=NULL;
- int mbuf_len=0;
+ char *inrand = NULL;
+ int mbuf_len = 0;
struct timeval timeout, *timeoutp;
#ifndef OPENSSL_NO_ENGINE
- char *engine_id=NULL;
- char *ssl_client_engine_id=NULL;
- ENGINE *ssl_client_engine=NULL;
+ char *engine_id = NULL;
+ char *ssl_client_engine_id = NULL;
+ ENGINE *ssl_client_engine = NULL;
#endif
- ENGINE *e=NULL;
+ ENGINE *e = NULL;
#ifndef OPENSSL_NO_TLSEXT
- char *servername = NULL;
- tlsextctx tlsextcbp =
- {NULL,0};
-# ifndef OPENSSL_NO_NEXTPROTONEG
+ char *servername = NULL;
+ tlsextctx tlsextcbp =
+ {NULL, 0};
+#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
-# endif
+#endif
#endif
char *sess_in = NULL;
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
- int enable_timeouts = 0 ;
+ int enable_timeouts = 0;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL;
#endif
#ifndef OPENSSL_NO_SRP
- char * srppass = NULL;
+ char *srppass = NULL;
int srp_lateuser = 0;
- SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
+ SRP_ARG srp_arg = {NULL, NULL, 0, 0, 0, 1024};
#endif
- meth=SSLv23_client_method();
+ meth = SSLv23_client_method();
apps_startup();
- c_Pause=0;
- c_quiet=0;
- c_ign_eof=0;
- c_debug=0;
- c_msg=0;
- c_showcerts=0;
+ c_Pause = 0;
+ c_quiet = 0;
+ c_ign_eof = 0;
+ c_debug = 0;
+ c_msg = 0;
+ c_showcerts = 0;
if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- if ( ((cbuf=malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=malloc(BUFSIZZ)) == NULL) ||
- ((mbuf=malloc(BUFSIZZ + 1)) == NULL)) /* NUL byte */
- {
- BIO_printf(bio_err,"out of memory\n");
+ if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
+ ((sbuf = malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */
+ BIO_printf(bio_err, "out of memory\n");
goto end;
- }
-
- verify_depth=0;
- verify_error=X509_V_OK;
+ }
+ verify_depth = 0;
+ verify_error = X509_V_OK;
#ifdef FIONBIO
- c_nbio=0;
+ c_nbio = 0;
#endif
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if (strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port= *(++argv);
- if (port == NULL || *port == '\0') goto bad;
- }
- else if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ while (argc >= 1) {
+ if (strcmp(*argv, "-host") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
+ } else if (strcmp(*argv, "-port") == 0) {
+ if (--argc < 1)
+ goto bad;
+ port = *(++argv);
+ if (port == NULL || *port == '\0')
+ goto bad;
+ } else if (strcmp(*argv, "-connect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!extract_host_port(*(++argv), &host, NULL, &port))
+ goto bad;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ verify = SSL_VERIFY_PEER;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cert_file = *(++argv);
+ } else if (strcmp(*argv, "-sess_out") == 0) {
+ if (--argc < 1)
goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- verify=SSL_VERIFY_PEER;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-sess_out") == 0)
- {
- if (--argc < 1) goto bad;
sess_out = *(++argv);
- }
- else if (strcmp(*argv,"-sess_in") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-sess_in") == 0) {
+ if (--argc < 1)
+ goto bad;
sess_in = *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-certform") == 0) {
+ if (--argc < 1)
+ goto bad;
cert_format = str2fmt(*(++argv));
- }
- else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
- {
+ } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto bad;
continue;
- }
- else if (strcmp(*argv,"-verify_return_error") == 0)
+ } else if (strcmp(*argv, "-verify_return_error") == 0)
verify_return_error = 1;
- else if (strcmp(*argv,"-prexit") == 0)
- prexit=1;
- else if (strcmp(*argv,"-crlf") == 0)
- crlf=1;
- else if (strcmp(*argv,"-quiet") == 0)
- {
- c_quiet=1;
- c_ign_eof=1;
- }
- else if (strcmp(*argv,"-ign_eof") == 0)
- c_ign_eof=1;
- else if (strcmp(*argv,"-no_ign_eof") == 0)
- c_ign_eof=0;
- else if (strcmp(*argv,"-pause") == 0)
- c_Pause=1;
- else if (strcmp(*argv,"-debug") == 0)
- c_debug=1;
+ else if (strcmp(*argv, "-prexit") == 0)
+ prexit = 1;
+ else if (strcmp(*argv, "-crlf") == 0)
+ crlf = 1;
+ else if (strcmp(*argv, "-quiet") == 0) {
+ c_quiet = 1;
+ c_ign_eof = 1;
+ } else if (strcmp(*argv, "-ign_eof") == 0)
+ c_ign_eof = 1;
+ else if (strcmp(*argv, "-no_ign_eof") == 0)
+ c_ign_eof = 0;
+ else if (strcmp(*argv, "-pause") == 0)
+ c_Pause = 1;
+ else if (strcmp(*argv, "-debug") == 0)
+ c_debug = 1;
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-tlsextdebug") == 0)
- c_tlsextdebug=1;
- else if (strcmp(*argv,"-status") == 0)
- c_status_req=1;
+ else if (strcmp(*argv, "-tlsextdebug") == 0)
+ c_tlsextdebug = 1;
+ else if (strcmp(*argv, "-status") == 0)
+ c_status_req = 1;
#endif
#ifdef WATT32
- else if (strcmp(*argv,"-wdebug") == 0)
+ else if (strcmp(*argv, "-wdebug") == 0)
dbug_init();
#endif
- else if (strcmp(*argv,"-msg") == 0)
- c_msg=1;
- else if (strcmp(*argv,"-showcerts") == 0)
- c_showcerts=1;
- else if (strcmp(*argv,"-nbio_test") == 0)
- nbio_test=1;
- else if (strcmp(*argv,"-state") == 0)
- state=1;
+ else if (strcmp(*argv, "-msg") == 0)
+ c_msg = 1;
+ else if (strcmp(*argv, "-showcerts") == 0)
+ c_showcerts = 1;
+ else if (strcmp(*argv, "-nbio_test") == 0)
+ nbio_test = 1;
+ else if (strcmp(*argv, "-state") == 0)
+ state = 1;
#ifndef OPENSSL_NO_PSK
- else if (strcmp(*argv,"-psk_identity") == 0)
- {
- if (--argc < 1) goto bad;
- psk_identity=*(++argv);
- }
- else if (strcmp(*argv,"-psk") == 0)
- {
- size_t j;
-
- if (--argc < 1) goto bad;
- psk_key=*(++argv);
- for (j = 0; j < strlen(psk_key); j++)
- {
- if (isxdigit((unsigned char)psk_key[j]))
- continue;
- BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
- goto bad;
- }
+ else if (strcmp(*argv, "-psk_identity") == 0) {
+ if (--argc < 1)
+ goto bad;
+ psk_identity = *(++argv);
+ } else if (strcmp(*argv, "-psk") == 0) {
+ size_t j;
+
+ if (--argc < 1)
+ goto bad;
+ psk_key = *(++argv);
+ for (j = 0; j < strlen(psk_key); j++) {
+ if (isxdigit((unsigned char) psk_key[j]))
+ continue;
+ BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+ goto bad;
}
+ }
#endif
#ifndef OPENSSL_NO_SRP
- else if (strcmp(*argv,"-srpuser") == 0)
- {
- if (--argc < 1) goto bad;
- srp_arg.srplogin= *(++argv);
- meth=TLSv1_client_method();
- }
- else if (strcmp(*argv,"-srppass") == 0)
- {
- if (--argc < 1) goto bad;
- srppass= *(++argv);
- meth=TLSv1_client_method();
- }
- else if (strcmp(*argv,"-srp_strength") == 0)
- {
- if (--argc < 1) goto bad;
- srp_arg.strength=atoi(*(++argv));
- BIO_printf(bio_err,"SRP minimal length for N is %d\n",srp_arg.strength);
- meth=TLSv1_client_method();
- }
- else if (strcmp(*argv,"-srp_lateuser") == 0)
- {
- srp_lateuser= 1;
- meth=TLSv1_client_method();
- }
- else if (strcmp(*argv,"-srp_moregroups") == 0)
- {
- srp_arg.amp=1;
- meth=TLSv1_client_method();
- }
+ else if (strcmp(*argv, "-srpuser") == 0) {
+ if (--argc < 1)
+ goto bad;
+ srp_arg.srplogin = *(++argv);
+ meth = TLSv1_client_method();
+ } else if (strcmp(*argv, "-srppass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ srppass = *(++argv);
+ meth = TLSv1_client_method();
+ } else if (strcmp(*argv, "-srp_strength") == 0) {
+ if (--argc < 1)
+ goto bad;
+ srp_arg.strength = atoi(*(++argv));
+ BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength);
+ meth = TLSv1_client_method();
+ } else if (strcmp(*argv, "-srp_lateuser") == 0) {
+ srp_lateuser = 1;
+ meth = TLSv1_client_method();
+ } else if (strcmp(*argv, "-srp_moregroups") == 0) {
+ srp_arg.amp = 1;
+ meth = TLSv1_client_method();
+ }
#endif
- else if (strcmp(*argv,"-ssl3") == 0)
- meth=SSLv3_client_method();
- else if (strcmp(*argv,"-tls1_2") == 0)
- meth=TLSv1_2_client_method();
- else if (strcmp(*argv,"-tls1_1") == 0)
- meth=TLSv1_1_client_method();
- else if (strcmp(*argv,"-tls1") == 0)
- meth=TLSv1_client_method();
+ else if (strcmp(*argv, "-ssl3") == 0)
+ meth = SSLv3_client_method();
+ else if (strcmp(*argv, "-tls1_2") == 0)
+ meth = TLSv1_2_client_method();
+ else if (strcmp(*argv, "-tls1_1") == 0)
+ meth = TLSv1_1_client_method();
+ else if (strcmp(*argv, "-tls1") == 0)
+ meth = TLSv1_client_method();
#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_client_method();
- socket_type=SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
- enable_timeouts=1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-dtls1") == 0) {
+ meth = DTLSv1_client_method();
+ socket_type = SOCK_DGRAM;
+ } else if (strcmp(*argv, "-timeout") == 0)
+ enable_timeouts = 1;
+ else if (strcmp(*argv, "-mtu") == 0) {
+ if (--argc < 1)
+ goto bad;
socket_mtu = atol(*(++argv));
- }
+ }
#endif
- else if (strcmp(*argv,"-bugs") == 0)
- bugs=1;
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-bugs") == 0)
+ bugs = 1;
+ else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
passarg = *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key_file= *(++argv);
- }
- else if (strcmp(*argv,"-reconnect") == 0)
- {
- reconnect=5;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-no_tls1_2") == 0)
- off|=SSL_OP_NO_TLSv1_2;
- else if (strcmp(*argv,"-no_tls1_1") == 0)
- off|=SSL_OP_NO_TLSv1_1;
- else if (strcmp(*argv,"-no_tls1") == 0)
- off|=SSL_OP_NO_TLSv1;
- else if (strcmp(*argv,"-no_ssl3") == 0)
- off|=SSL_OP_NO_SSLv3;
- else if (strcmp(*argv,"-no_ssl2") == 0)
- off|=SSL_OP_NO_SSLv2;
- else if (strcmp(*argv,"-no_comp") == 0)
- { off|=SSL_OP_NO_COMPRESSION; }
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ key_file = *(++argv);
+ } else if (strcmp(*argv, "-reconnect") == 0) {
+ reconnect = 5;
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ } else if (strcmp(*argv, "-no_tls1_2") == 0)
+ off |= SSL_OP_NO_TLSv1_2;
+ else if (strcmp(*argv, "-no_tls1_1") == 0)
+ off |= SSL_OP_NO_TLSv1_1;
+ else if (strcmp(*argv, "-no_tls1") == 0)
+ off |= SSL_OP_NO_TLSv1;
+ else if (strcmp(*argv, "-no_ssl3") == 0)
+ off |= SSL_OP_NO_SSLv3;
+ else if (strcmp(*argv, "-no_ssl2") == 0)
+ off |= SSL_OP_NO_SSLv2;
+ else if (strcmp(*argv, "-no_comp") == 0) {
+ off |= SSL_OP_NO_COMPRESSION;
+ }
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-no_ticket") == 0)
- { off|=SSL_OP_NO_TICKET; }
-# ifndef OPENSSL_NO_NEXTPROTONEG
- else if (strcmp(*argv,"-nextprotoneg") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-no_ticket") == 0) {
+ off |= SSL_OP_NO_TICKET;
+ }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ else if (strcmp(*argv, "-nextprotoneg") == 0) {
+ if (--argc < 1)
+ goto bad;
next_proto_neg_in = *(++argv);
- }
-# endif
-#endif
- else if (strcmp(*argv,"-serverpref") == 0)
- off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
- else if (strcmp(*argv,"-legacy_renegotiation") == 0)
- off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- else if (strcmp(*argv,"-legacy_server_connect") == 0)
- { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
- else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
- { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
+ }
+#endif
+#endif
+ else if (strcmp(*argv, "-serverpref") == 0)
+ off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ else if (strcmp(*argv, "-legacy_renegotiation") == 0)
+ off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv, "-legacy_server_connect") == 0) {
+ off |= SSL_OP_LEGACY_SERVER_CONNECT;
+ } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
+ clr |= SSL_OP_LEGACY_SERVER_CONNECT;
+ } else if (strcmp(*argv, "-cipher") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cipher = *(++argv);
+ }
#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { c_nbio=1; }
+ else if (strcmp(*argv, "-nbio") == 0) {
+ c_nbio = 1;
+ }
#endif
- else if (strcmp(*argv,"-starttls") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-starttls") == 0) {
+ if (--argc < 1)
+ goto bad;
++argv;
- if (strcmp(*argv,"smtp") == 0)
+ if (strcmp(*argv, "smtp") == 0)
starttls_proto = PROTO_SMTP;
- else if (strcmp(*argv,"pop3") == 0)
+ else if (strcmp(*argv, "pop3") == 0)
starttls_proto = PROTO_POP3;
- else if (strcmp(*argv,"imap") == 0)
+ else if (strcmp(*argv, "imap") == 0)
starttls_proto = PROTO_IMAP;
- else if (strcmp(*argv,"ftp") == 0)
+ else if (strcmp(*argv, "ftp") == 0)
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
else
goto bad;
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
engine_id = *(++argv);
- }
- else if (strcmp(*argv,"-ssl_client_engine") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-ssl_client_engine") == 0) {
+ if (--argc < 1)
+ goto bad;
ssl_client_engine_id = *(++argv);
- }
+ }
#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-4") == 0) { af = AF_INET;}
- else if (strcmp(*argv,"-6") == 0) { af = AF_INET6;}
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else if (strcmp(*argv, "-4") == 0) {
+ af = AF_INET;
+ } else if (strcmp(*argv, "-6") == 0) {
+ af = AF_INET6;
+ }
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-servername") == 0)
- {
- if (--argc < 1) goto bad;
- servername= *(++argv);
+ else if (strcmp(*argv, "-servername") == 0) {
+ if (--argc < 1)
+ goto bad;
+ servername = *(++argv);
/* meth=TLSv1_client_method(); */
- }
+ }
#endif
#ifndef OPENSSL_NO_JPAKE
- else if (strcmp(*argv,"-jpake") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-jpake") == 0) {
+ if (--argc < 1)
+ goto bad;
jpake_secret = *++argv;
- }
+ }
#endif
#ifndef OPENSSL_NO_SRTP
- else if (strcmp(*argv,"-use_srtp") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+ goto bad;
srtp_profiles = *(++argv);
- }
+ }
#endif
- else if (strcmp(*argv,"-keymatexport") == 0)
- {
- if (--argc < 1) goto bad;
- keymatexportlabel= *(++argv);
- }
- else if (strcmp(*argv,"-keymatexportlen") == 0)
- {
- if (--argc < 1) goto bad;
- keymatexportlen=atoi(*(++argv));
- if (keymatexportlen == 0) goto bad;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
+ else if (strcmp(*argv, "-keymatexport") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keymatexportlabel = *(++argv);
+ } else if (strcmp(*argv, "-keymatexportlen") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keymatexportlen = atoi(*(++argv));
+ if (keymatexportlen == 0)
+ goto bad;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
break;
- }
+ }
argc--;
argv++;
- }
- if (badop)
- {
+ }
+ if (badop) {
bad:
sc_usage();
goto end;
- }
-
+ }
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- if (jpake_secret)
- {
- if (psk_key)
- {
+ if (jpake_secret) {
+ if (psk_key) {
BIO_printf(bio_err,
- "Can't use JPAKE and PSK together\n");
+ "Can't use JPAKE and PSK together\n");
goto end;
- }
+ }
psk_identity = "JPAKE";
- if (cipher)
- {
+ if (cipher) {
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
- }
- cipher = "PSK";
}
+ cipher = "PSK";
+ }
#endif
OpenSSL_add_ssl_algorithms();
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
next_proto.status = -1;
- if (next_proto_neg_in)
- {
+ if (next_proto_neg_in) {
next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
- if (next_proto.data == NULL)
- {
+ if (next_proto.data == NULL) {
BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
goto end;
- }
}
- else
+ } else
next_proto.data = NULL;
#endif
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
- if (ssl_client_engine_id)
- {
+ e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id) {
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
- if (!ssl_client_engine)
- {
+ if (!ssl_client_engine) {
BIO_printf(bio_err,
- "Error getting client auth engine\n");
+ "Error getting client auth engine\n");
goto end;
- }
}
-
+ }
#endif
- if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
- {
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
-
+ }
if (key_file == NULL)
key_file = cert_file;
- if (key_file)
-
- {
+ if (key_file) {
key = load_key(bio_err, key_file, key_format, 0, pass, e,
- "client certificate private key file");
- if (!key)
- {
+ "client certificate private key file");
+ if (!key) {
ERR_print_errors(bio_err);
goto end;
- }
-
}
+ }
+ if (cert_file) {
+ cert = load_cert(bio_err, cert_file, cert_format,
+ NULL, e, "client certificate file");
- if (cert_file)
-
- {
- cert = load_cert(bio_err,cert_file,cert_format,
- NULL, e, "client certificate file");
-
- if (!cert)
- {
+ if (!cert) {
ERR_print_errors(bio_err);
goto end;
- }
}
-
+ }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
+ && !RAND_status()) {
+ BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
+ }
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
- if (bio_c_out == NULL)
- {
- if (c_quiet && !c_debug && !c_msg)
- {
- bio_c_out=BIO_new(BIO_s_null());
- }
- else
- {
+ if (bio_c_out == NULL) {
+ if (c_quiet && !c_debug && !c_msg) {
+ bio_c_out = BIO_new(BIO_s_null());
+ } else {
if (bio_c_out == NULL)
- bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
+ bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
-
+ }
#ifndef OPENSSL_NO_SRP
- if(!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL))
- {
+ if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
+ }
#endif
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_ENGINE
- if (ssl_client_engine)
- {
- if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
- {
+ if (ssl_client_engine) {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
BIO_puts(bio_err, "Error setting client auth engine\n");
ERR_print_errors(bio_err);
ENGINE_free(ssl_client_engine);
goto end;
- }
- ENGINE_free(ssl_client_engine);
}
+ ENGINE_free(ssl_client_engine);
+ }
#endif
#ifndef OPENSSL_NO_PSK
#else
if (psk_key != NULL || jpake_secret)
#endif
- {
+ {
if (c_debug)
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
- }
+ }
#endif
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
if (bugs)
- SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
+ SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
else
- SSL_CTX_set_options(ctx,off);
+ SSL_CTX_set_options(ctx, off);
if (clr)
SSL_CTX_clear_options(ctx, clr);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
+ * read ahead solves this problem.
*/
- if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+ if (socket_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx, 1);
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
#endif
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (state)
+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
if (cipher != NULL)
- if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
- }
+ if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
#if 0
- else
- SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
+ else
+ SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
#endif
- SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key))
+ SSL_CTX_set_verify(ctx, verify, verify_callback);
+ if (!set_cert_key_stuff(ctx, cert, key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify
+ * locations\n");
+ */
ERR_print_errors(bio_err);
/* goto end; */
- }
-
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL)
- {
+ if (servername != NULL) {
tlsextcbp.biodebug = bio_err;
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
- }
+ }
#ifndef OPENSSL_NO_SRP
- if (srp_arg.srplogin)
- {
- if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
- {
- BIO_printf(bio_err,"Unable to set SRP username\n");
+ if (srp_arg.srplogin) {
+ if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
+ BIO_printf(bio_err, "Unable to set SRP username\n");
goto end;
- }
+ }
srp_arg.msg = c_msg;
- srp_arg.debug = c_debug ;
- SSL_CTX_set_srp_cb_arg(ctx,&srp_arg);
+ srp_arg.debug = c_debug;
+ SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
if (c_msg || c_debug || srp_arg.amp == 0)
SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
- }
-
+ }
#endif
#endif
- con=SSL_new(ctx);
- if (sess_in)
- {
+ con = SSL_new(ctx);
+ if (sess_in) {
SSL_SESSION *sess;
BIO *stmp = BIO_new_file(sess_in, "r");
- if (!stmp)
- {
+ if (!stmp) {
BIO_printf(bio_err, "Can't open session file %s\n",
- sess_in);
+ sess_in);
ERR_print_errors(bio_err);
goto end;
- }
+ }
sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
BIO_free(stmp);
- if (!sess)
- {
+ if (!sess) {
BIO_printf(bio_err, "Can't open session file %s\n",
- sess_in);
+ sess_in);
ERR_print_errors(bio_err);
goto end;
- }
+ }
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
- }
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL)
- {
- if (!SSL_set_tlsext_host_name(con,servername))
- {
- BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
+ if (servername != NULL) {
+ if (!SSL_set_tlsext_host_name(con, servername)) {
+ BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
ERR_print_errors(bio_err);
goto end;
- }
}
+ }
#endif
#ifndef OPENSSL_NO_KRB5
- if (con && (kctx = kssl_ctx_new()) != NULL)
- {
+ if (con && (kctx = kssl_ctx_new()) != NULL) {
SSL_set0_kssl_ctx(con, kctx);
- kssl_ctx_setstring(kctx, KSSL_SERVER, host);
- }
-#endif /* OPENSSL_NO_KRB5 */
+ kssl_ctx_setstring(kctx, KSSL_SERVER, host);
+ }
+#endif /* OPENSSL_NO_KRB5 */
/* SSL_set_cipher_list(con,"RC4-MD5"); */
#if 0
#ifdef TLSEXT_TYPE_opaque_prf_input
re_start:
- if (init_client(&s,host,port,socket_type,af) == 0)
- {
- BIO_printf(bio_err,"connect:errno=%d\n",errno);
+ if (init_client(&s, host, port, socket_type, af) == 0) {
+ BIO_printf(bio_err, "connect:errno=%d\n", errno);
shutdown(s, SHUT_RD);
close(s);
goto end;
- }
- BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+ }
+ BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
#ifdef FIONBIO
- if (c_nbio)
- {
- unsigned long l=1;
- BIO_printf(bio_c_out,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
- {
+ if (c_nbio) {
+ unsigned long l = 1;
+ BIO_printf(bio_c_out, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) {
ERR_print_errors(bio_err);
goto end;
- }
}
-#endif
- if (c_Pause & 0x01) SSL_set_debug(con, 1);
+ }
+#endif
+ if (c_Pause & 0x01)
+ SSL_set_debug(con, 1);
- if ( SSL_version(con) == DTLS1_VERSION)
- {
+ if (SSL_version(con) == DTLS1_VERSION) {
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0)
- {
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+ if (getsockname(s, &peer, (void *) &peerlen) < 0) {
BIO_printf(bio_err, "getsockname:errno=%d\n",
- errno);
+ errno);
shutdown(s, SHUT_RD);
close(s);
goto end;
- }
-
- (void)BIO_ctrl_set_connected(sbio, 1, &peer);
+ }
+ (void) BIO_ctrl_set_connected(sbio, 1, &peer);
- if (enable_timeouts)
- {
+ if (enable_timeouts) {
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
+
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_SND_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
- if (socket_mtu > 28)
- {
+ }
+ if (socket_mtu > 28) {
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, socket_mtu - 28);
- }
- else
+ } else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
+ } else
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
- if (nbio_test)
- {
+ if (nbio_test) {
BIO *test;
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
-
- if (c_debug)
- {
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
+ if (c_debug) {
SSL_set_debug(con, 1);
- BIO_set_callback(sbio,bio_dump_callback);
- BIO_set_callback_arg(sbio,(char *)bio_c_out);
- }
- if (c_msg)
- {
+ BIO_set_callback(sbio, bio_dump_callback);
+ BIO_set_callback_arg(sbio, (char *) bio_c_out);
+ }
+ if (c_msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_out);
- }
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (c_tlsextdebug)
- {
+ if (c_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_c_out);
- }
- if (c_status_req)
- {
+ }
+ if (c_status_req) {
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
#if 0
-{
-STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
-OCSP_RESPID *id = OCSP_RESPID_new();
-id->value.byKey = ASN1_OCTET_STRING_new();
-id->type = V_OCSP_RESPID_KEY;
-ASN1_STRING_set(id->value.byKey, "Hello World", -1);
-sk_OCSP_RESPID_push(ids, id);
-SSL_set_tlsext_status_ids(con, ids);
-}
-#endif
+ {
+ STACK_OF(OCSP_RESPID) * ids = sk_OCSP_RESPID_new_null();
+ OCSP_RESPID *id = OCSP_RESPID_new();
+ id->value.byKey = ASN1_OCTET_STRING_new();
+ id->type = V_OCSP_RESPID_KEY;
+ ASN1_STRING_set(id->value.byKey, "Hello World", -1);
+ sk_OCSP_RESPID_push(ids, id);
+ SSL_set_tlsext_status_ids(con, ids);
}
+#endif
+ }
#endif
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_client_auth(bio_c_out, sbio, jpake_secret);
#endif
- SSL_set_bio(con,sbio,sbio);
+ SSL_set_bio(con, sbio, sbio);
SSL_set_connect_state(con);
/* ok, lets connect */
- width=SSL_get_fd(con)+1;
-
- read_tty=1;
- write_tty=0;
- tty_on=0;
- read_ssl=1;
- write_ssl=1;
-
- cbuf_len=0;
- cbuf_off=0;
- sbuf_len=0;
- sbuf_off=0;
+ width = SSL_get_fd(con) + 1;
+
+ read_tty = 1;
+ write_tty = 0;
+ tty_on = 0;
+ read_ssl = 1;
+ write_ssl = 1;
+
+ cbuf_len = 0;
+ cbuf_off = 0;
+ sbuf_len = 0;
+ sbuf_off = 0;
/* This is an ugly hack that does a lot of assumptions */
- /* We do have to handle multi-line responses which may come
- in a single packet or not. We therefore have to use
- BIO_gets() which does need a buffering BIO. So during
- the initial chitchat we do push a buffering BIO into the
- chain that is removed again later on to not disturb the
- rest of the s_client operation. */
- if (starttls_proto == PROTO_SMTP)
- {
- int foundit=0;
+ /*
+ * We do have to handle multi-line responses which may come in a
+ * single packet or not. We therefore have to use BIO_gets() which
+ * does need a buffering BIO. So during the initial chitchat we do
+ * push a buffering BIO into the chain that is removed again later on
+ * to not disturb the rest of the s_client operation.
+ */
+ if (starttls_proto == PROTO_SMTP) {
+ int foundit = 0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
/* wait for multi-line response to end from SMTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
/* STARTTLS command requires EHLO... */
- BIO_printf(fbio,"EHLO openssl.client.net\r\n");
- (void)BIO_flush(fbio);
+ BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+ (void) BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- (void)BIO_flush(fbio);
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
+ (void) BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
BIO_printf(bio_err,
- "didn't found starttls in server response,"
- " try anyway...\n");
- BIO_printf(sbio,"STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_POP3)
- {
- mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ);
- if (mbuf_len == -1)
- {
- BIO_printf(bio_err,"BIO_read failed\n");
+ "didn't found starttls in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio, "STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_POP3) {
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (mbuf_len == -1) {
+ BIO_printf(bio_err, "BIO_read failed\n");
goto end;
- }
- BIO_printf(sbio,"STLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
}
- else if (starttls_proto == PROTO_IMAP)
- {
- int foundit=0;
+ BIO_printf(sbio, "STLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_IMAP) {
+ int foundit = 0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
- BIO_gets(fbio,mbuf,BUFSIZZ);
+ BIO_gets(fbio, mbuf, BUFSIZZ);
/* STARTTLS command requires CAPABILITY... */
- BIO_printf(fbio,". CAPABILITY\r\n");
- (void)BIO_flush(fbio);
+ BIO_printf(fbio, ". CAPABILITY\r\n");
+ (void) BIO_flush(fbio);
/* wait for multi-line CAPABILITY response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[0]!='.');
- (void)BIO_flush(fbio);
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ }
+ while (mbuf_len > 3 && mbuf[0] != '.');
+ (void) BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
BIO_printf(bio_err,
- "didn't found STARTTLS in server response,"
- " try anyway...\n");
- BIO_printf(sbio,". STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_FTP)
- {
+ "didn't found STARTTLS in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio, ". STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_FTP) {
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
/* wait for multi-line response to end from FTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- (void)BIO_flush(fbio);
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
+ (void) BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
- BIO_printf(sbio,"AUTH TLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- if (starttls_proto == PROTO_XMPP)
- {
+ BIO_printf(sbio, "AUTH TLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ }
+ if (starttls_proto == PROTO_XMPP) {
int seen = 0;
- BIO_printf(sbio,"<stream:stream "
+ BIO_printf(sbio, "<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>", host);
- seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ);
mbuf[seen] = 0;
- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
- {
+ while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
if (strstr(mbuf, "/stream:features>"))
goto shut;
- seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ);
mbuf[seen] = 0;
- }
+ }
BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
- seen = BIO_read(sbio,sbuf,BUFSIZZ);
+ seen = BIO_read(sbio, sbuf, BUFSIZZ);
sbuf[seen] = 0;
if (!strstr(sbuf, "<proceed"))
goto shut;
mbuf[0] = 0;
- }
-
- for (;;)
- {
+ }
+ for (;;) {
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
+ DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
- if (SSL_in_init(con) && !SSL_total_renegotiations(con))
- {
- in_init=1;
- tty_on=0;
- }
- else
- {
- tty_on=1;
- if (in_init)
- {
- in_init=0;
-#if 0 /* This test doesn't really work as intended (needs to be fixed) */
+ if (SSL_in_init(con) && !SSL_total_renegotiations(con)) {
+ in_init = 1;
+ tty_on = 0;
+ } else {
+ tty_on = 1;
+ if (in_init) {
+ in_init = 0;
+#if 0 /* This test doesn't really work as intended
+ * (needs to be fixed) */
#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL && !SSL_session_reused(con))
- {
- BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
- }
+ if (servername != NULL && !SSL_session_reused(con)) {
+ BIO_printf(bio_c_out, "Server did %sacknowledge servername extension.\n", tlsextcbp.ack ? "" : "not ");
+ }
#endif
#endif
- if (sess_out)
- {
+ if (sess_out) {
BIO *stmp = BIO_new_file(sess_out, "w");
- if (stmp)
- {
+ if (stmp) {
PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
BIO_free(stmp);
- }
- else
+ } else
BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
- }
- print_stuff(bio_c_out,con,full_log);
- if (full_log > 0) full_log--;
+ }
+ print_stuff(bio_c_out, con, full_log);
+ if (full_log > 0)
+ full_log--;
- if (starttls_proto)
- {
+ if (starttls_proto) {
BIO_write(bio_err, mbuf, mbuf_len);
/* We don't need to know any more */
starttls_proto = PROTO_OFF;
- }
-
- if (reconnect)
- {
+ }
+ if (reconnect) {
reconnect--;
- BIO_printf(bio_c_out,"drop connection and then reconnect\n");
+ BIO_printf(bio_c_out, "drop connection and then reconnect\n");
SSL_shutdown(con);
SSL_set_connect_state(con);
shutdown(SSL_get_fd(con), SHUT_RD);
close(SSL_get_fd(con));
goto re_start;
- }
}
}
+ }
ssl_pending = read_ssl && SSL_pending(con);
- if (!ssl_pending)
- {
- if (tty_on)
- {
- if (read_tty) openssl_fdset(fileno(stdin),&readfds);
- if (write_tty) openssl_fdset(fileno(stdout),&writefds);
- }
+ if (!ssl_pending) {
+ if (tty_on) {
+ if (read_tty)
+ openssl_fdset(fileno(stdin), &readfds);
+ if (write_tty)
+ openssl_fdset(fileno(stdout), &writefds);
+ }
if (read_ssl)
- openssl_fdset(SSL_get_fd(con),&readfds);
+ openssl_fdset(SSL_get_fd(con), &readfds);
if (write_ssl)
- openssl_fdset(SSL_get_fd(con),&writefds);
+ openssl_fdset(SSL_get_fd(con), &writefds);
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
- /* Note: under VMS with SOCKETSHR the second parameter
- * is currently of type (int *) whereas under other
- * systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
+ /*
+ * Note: under VMS with SOCKETSHR the second
+ * parameter is currently of type (int *) whereas
+ * under other systems it is (void *) if you don't
+ * have a cast it will choke the compiler: if you do
+ * have a cast then you can either go for (int *) or
+ * (void *).
*/
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,timeoutp);
- if ( i < 0)
- {
- BIO_printf(bio_err,"bad select %d\n",
+ i = select(width, (void *) &readfds, (void *) &writefds,
+ NULL, timeoutp);
+ if (i < 0) {
+ BIO_printf(bio_err, "bad select %d\n",
errno);
goto shut;
/* goto end; */
- }
- }
-
- if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
- {
- BIO_printf(bio_err,"TIMEOUT occured\n");
}
-
- if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
- {
- k=SSL_write(con,&(cbuf[cbuf_off]),
- (unsigned int)cbuf_len);
- switch (SSL_get_error(con,k))
- {
+ }
+ if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
+ BIO_printf(bio_err, "TIMEOUT occured\n");
+ }
+ if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
+ k = SSL_write(con, &(cbuf[cbuf_off]),
+ (unsigned int) cbuf_len);
+ switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
- cbuf_off+=k;
- cbuf_len-=k;
- if (k <= 0) goto end;
+ cbuf_off += k;
+ cbuf_len -= k;
+ if (k <= 0)
+ goto end;
/* we have done a write(con,NULL,0); */
- if (cbuf_len <= 0)
- {
- read_tty=1;
- write_ssl=0;
- }
- else /* if (cbuf_len > 0) */
- {
- read_tty=0;
- write_ssl=1;
- }
+ if (cbuf_len <= 0) {
+ read_tty = 1;
+ write_ssl = 0;
+ } else { /* if (cbuf_len > 0) */
+ read_tty = 0;
+ write_ssl = 1;
+ }
break;
case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"write W BLOCK\n");
- write_ssl=1;
- read_tty=0;
+ BIO_printf(bio_c_out, "write W BLOCK\n");
+ write_ssl = 1;
+ read_tty = 0;
break;
case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"write R BLOCK\n");
- write_tty=0;
- read_ssl=1;
- write_ssl=0;
+ BIO_printf(bio_c_out, "write R BLOCK\n");
+ write_tty = 0;
+ read_ssl = 1;
+ write_ssl = 0;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"write X BLOCK\n");
+ BIO_printf(bio_c_out, "write X BLOCK\n");
break;
case SSL_ERROR_ZERO_RETURN:
- if (cbuf_len != 0)
- {
- BIO_printf(bio_c_out,"shutdown\n");
+ if (cbuf_len != 0) {
+ BIO_printf(bio_c_out, "shutdown\n");
ret = 0;
goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
+ } else {
+ read_tty = 1;
+ write_ssl = 0;
break;
- }
-
+ }
+
case SSL_ERROR_SYSCALL:
- if ((k != 0) || (cbuf_len != 0))
- {
- BIO_printf(bio_err,"write:errno=%d\n",
- errno);
+ if ((k != 0) || (cbuf_len != 0)) {
+ BIO_printf(bio_err, "write:errno=%d\n",
+ errno);
goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
- }
+ } else {
+ read_tty = 1;
+ write_ssl = 0;
+ }
break;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
- }
}
- else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
- {
- i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
+ } else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) {
+ i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
- if (i <= 0)
- {
- BIO_printf(bio_c_out,"DONE\n");
+ if (i <= 0) {
+ BIO_printf(bio_c_out, "DONE\n");
ret = 0;
goto shut;
/* goto end; */
- }
-
- sbuf_len-=i;
- sbuf_off+=i;
- if (sbuf_len <= 0)
- {
- read_ssl=1;
- write_tty=0;
- }
}
- else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
- {
+ sbuf_len -= i;
+ sbuf_off += i;
+ if (sbuf_len <= 0) {
+ read_ssl = 1;
+ write_tty = 0;
+ }
+ } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
+ {
+ static int iiii;
+ if (++iiii == 52) {
+ SSL_renegotiate(con);
+ iiii = 0;
+ }
+ }
#endif
#if 1
- k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+ k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
#else
/* Demo for pending and peek :-) */
- k=SSL_read(con,sbuf,16);
-{ char zbuf[10240];
-printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
-}
+ k = SSL_read(con, sbuf, 16);
+ {
+ char zbuf[10240];
+ printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), SSL_peek(con, zbuf, 10240));
+ }
#endif
- switch (SSL_get_error(con,k))
- {
+ switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
if (k <= 0)
goto end;
- sbuf_off=0;
- sbuf_len=k;
+ sbuf_off = 0;
+ sbuf_len = k;
- read_ssl=0;
- write_tty=1;
+ read_ssl = 0;
+ write_tty = 1;
break;
case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"read W BLOCK\n");
- write_ssl=1;
- read_tty=0;
+ BIO_printf(bio_c_out, "read W BLOCK\n");
+ write_ssl = 1;
+ read_tty = 0;
break;
case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"read R BLOCK\n");
- write_tty=0;
- read_ssl=1;
+ BIO_printf(bio_c_out, "read R BLOCK\n");
+ write_tty = 0;
+ read_ssl = 1;
if ((read_tty == 0) && (write_ssl == 0))
- write_ssl=1;
+ write_ssl = 1;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"read X BLOCK\n");
+ BIO_printf(bio_c_out, "read X BLOCK\n");
break;
case SSL_ERROR_SYSCALL:
- ret=errno;
- BIO_printf(bio_err,"read:errno=%d\n",ret);
+ ret = errno;
+ BIO_printf(bio_err, "read:errno=%d\n", ret);
goto shut;
case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_c_out,"closed\n");
- ret=0;
+ BIO_printf(bio_c_out, "closed\n");
+ ret = 0;
goto shut;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
/* break; */
- }
}
-
- else if (FD_ISSET(fileno(stdin),&readfds))
- {
- if (crlf)
- {
+ } else if (FD_ISSET(fileno(stdin), &readfds)) {
+ if (crlf) {
int j, lf_num;
- i=raw_read_stdin(cbuf,BUFSIZZ/2);
+ i = raw_read_stdin(cbuf, BUFSIZZ / 2);
lf_num = 0;
/* both loops are skipped when i <= 0 */
for (j = 0; j < i; j++)
if (cbuf[j] == '\n')
lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- cbuf[j+lf_num] = cbuf[j];
- if (cbuf[j] == '\n')
- {
+ for (j = i - 1; j >= 0; j--) {
+ cbuf[j + lf_num] = cbuf[j];
+ if (cbuf[j] == '\n') {
lf_num--;
i++;
- cbuf[j+lf_num] = '\r';
- }
+ cbuf[j + lf_num] = '\r';
}
- assert(lf_num == 0);
}
- else
- i=raw_read_stdin(cbuf,BUFSIZZ);
+ assert(lf_num == 0);
+ } else
+ i = raw_read_stdin(cbuf, BUFSIZZ);
- if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
- {
- BIO_printf(bio_err,"DONE\n");
- ret=0;
+ if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) {
+ BIO_printf(bio_err, "DONE\n");
+ ret = 0;
goto shut;
- }
-
- if ((!c_ign_eof) && (cbuf[0] == 'R'))
- {
- BIO_printf(bio_err,"RENEGOTIATING\n");
+ }
+ if ((!c_ign_eof) && (cbuf[0] == 'R')) {
+ BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
- cbuf_len=0;
- }
- else
- {
- cbuf_len=i;
- cbuf_off=0;
- }
-
- write_ssl=1;
- read_tty=0;
+ cbuf_len = 0;
+ } else {
+ cbuf_len = i;
+ cbuf_off = 0;
}
+
+ write_ssl = 1;
+ read_tty = 0;
}
+ }
- ret=0;
+ ret = 0;
shut:
if (in_init)
- print_stuff(bio_c_out,con,full_log);
+ print_stuff(bio_c_out, con, full_log);
SSL_shutdown(con);
shutdown(SSL_get_fd(con), SHUT_RD);
close(SSL_get_fd(con));
end:
- if (con != NULL)
- {
+ if (con != NULL) {
if (prexit != 0)
- print_stuff(bio_c_out,con,1);
+ print_stuff(bio_c_out, con, 1);
SSL_free(con);
- }
+ }
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
free(next_proto.data);
#endif
- if (ctx != NULL) SSL_CTX_free(ctx);
+ if (ctx != NULL)
+ SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
if (key)
free(pass);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
- if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); free(cbuf); }
- if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); free(sbuf); }
- if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); free(mbuf); }
- if (bio_c_out != NULL)
- {
+ if (cbuf != NULL) {
+ OPENSSL_cleanse(cbuf, BUFSIZZ);
+ free(cbuf);
+ }
+ if (sbuf != NULL) {
+ OPENSSL_cleanse(sbuf, BUFSIZZ);
+ free(sbuf);
+ }
+ if (mbuf != NULL) {
+ OPENSSL_cleanse(mbuf, BUFSIZZ);
+ free(mbuf);
+ }
+ if (bio_c_out != NULL) {
BIO_free(bio_c_out);
- bio_c_out=NULL;
- }
- apps_shutdown();
- return(ret);
+ bio_c_out = NULL;
}
+ apps_shutdown();
+ return (ret);
+}
-static void print_stuff(BIO *bio, SSL *s, int full)
- {
- X509 *peer=NULL;
+static void
+print_stuff(BIO * bio, SSL * s, int full)
+{
+ X509 *peer = NULL;
char *p;
- static const char *space=" ";
+ static const char *space = " ";
char buf[BUFSIZ];
- STACK_OF(X509) *sk;
- STACK_OF(X509_NAME) *sk2;
+ STACK_OF(X509) * sk;
+ STACK_OF(X509_NAME) * sk2;
const SSL_CIPHER *c;
X509_NAME *xn;
- int j,i;
+ int j, i;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
#endif
unsigned char *exportedkeymat;
- if (full)
- {
+ if (full) {
int got_a_chain = 0;
- sk=SSL_get_peer_cert_chain(s);
- if (sk != NULL)
- {
- got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+ sk = SSL_get_peer_cert_chain(s);
+ if (sk != NULL) {
+ got_a_chain = 1; /* we don't have it for SSL2
+ * (yet) */
- BIO_printf(bio,"---\nCertificate chain\n");
- for (i=0; i<sk_X509_num(sk); i++)
- {
+ BIO_printf(bio, "---\nCertificate chain\n");
+ for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio,"%2d s:%s\n",i,buf);
+ sk_X509_value(sk, i)), buf, sizeof buf);
+ BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio," i:%s\n",buf);
+ sk_X509_value(sk, i)), buf, sizeof buf);
+ BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts)
- PEM_write_bio_X509(bio,sk_X509_value(sk,i));
- }
+ PEM_write_bio_X509(bio, sk_X509_value(sk, i));
}
-
- BIO_printf(bio,"---\n");
- peer=SSL_get_peer_certificate(s);
- if (peer != NULL)
- {
- BIO_printf(bio,"Server certificate\n");
- if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
- PEM_write_bio_X509(bio,peer);
+ }
+ BIO_printf(bio, "---\n");
+ peer = SSL_get_peer_certificate(s);
+ if (peer != NULL) {
+ BIO_printf(bio, "Server certificate\n");
+ if (!(c_showcerts && got_a_chain)) /* Redundant if we
+ * showed the whole
+ * chain */
+ PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"subject=%s\n",buf);
+ buf, sizeof buf);
+ BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"issuer=%s\n",buf);
- }
- else
- BIO_printf(bio,"no peer certificate available\n");
-
- sk2=SSL_get_client_CA_list(s);
- if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
- {
- BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
- for (i=0; i<sk_X509_NAME_num(sk2); i++)
- {
- xn=sk_X509_NAME_value(sk2,i);
- X509_NAME_oneline(xn,buf,sizeof(buf));
- BIO_write(bio,buf,strlen(buf));
- BIO_write(bio,"\n",1);
- }
- }
- else
- {
- BIO_printf(bio,"---\nNo client certificate CA names sent\n");
- }
- p=SSL_get_shared_ciphers(s,buf,sizeof buf);
- if (p != NULL)
- {
- /* This works only for SSL 2. In later protocol
+ buf, sizeof buf);
+ BIO_printf(bio, "issuer=%s\n", buf);
+ } else
+ BIO_printf(bio, "no peer certificate available\n");
+
+ sk2 = SSL_get_client_CA_list(s);
+ if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
+ BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
+ for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
+ xn = sk_X509_NAME_value(sk2, i);
+ X509_NAME_oneline(xn, buf, sizeof(buf));
+ BIO_write(bio, buf, strlen(buf));
+ BIO_write(bio, "\n", 1);
+ }
+ } else {
+ BIO_printf(bio, "---\nNo client certificate CA names sent\n");
+ }
+ p = SSL_get_shared_ciphers(s, buf, sizeof buf);
+ if (p != NULL) {
+ /*
+ * This works only for SSL 2. In later protocol
* versions, the client does not know what other
- * ciphers (in addition to the one to be used
- * in the current connection) the server supports. */
-
- BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(bio,space,15-j%25);
+ * ciphers (in addition to the one to be used in the
+ * current connection) the server supports.
+ */
+
+ BIO_printf(bio, "---\nCiphers common between both SSL endpoints:\n");
+ j = i = 0;
+ while (*p) {
+ if (*p == ':') {
+ BIO_write(bio, space, 15 - j % 25);
i++;
- j=0;
- BIO_write(bio,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(bio,p,1);
+ j = 0;
+ BIO_write(bio, ((i % 3) ? " " : "\n"), 1);
+ } else {
+ BIO_write(bio, p, 1);
j++;
- }
- p++;
}
- BIO_write(bio,"\n",1);
+ p++;
}
-
- BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
- BIO_number_read(SSL_get_rbio(s)),
- BIO_number_written(SSL_get_wbio(s)));
+ BIO_write(bio, "\n", 1);
}
- BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, "));
- c=SSL_get_current_cipher(s);
- BIO_printf(bio,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
+ BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+ BIO_number_read(SSL_get_rbio(s)),
+ BIO_number_written(SSL_get_wbio(s)));
+ }
+ BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
+ c = SSL_get_current_cipher(s);
+ BIO_printf(bio, "%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(peer);
- BIO_printf(bio,"Server public key is %d bit\n",
- EVP_PKEY_bits(pktmp));
+ BIO_printf(bio, "Server public key is %d bit\n",
+ EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP
- comp=SSL_get_current_compression(s);
- expansion=SSL_get_current_expansion(s);
- BIO_printf(bio,"Compression: %s\n",
- comp ? SSL_COMP_get_name(comp) : "NONE");
- BIO_printf(bio,"Expansion: %s\n",
- expansion ? SSL_COMP_get_name(expansion) : "NONE");
-#endif
-
+ comp = SSL_get_current_compression(s);
+ expansion = SSL_get_current_expansion(s);
+ BIO_printf(bio, "Compression: %s\n",
+ comp ? SSL_COMP_get_name(comp) : "NONE");
+ BIO_printf(bio, "Expansion: %s\n",
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+
#ifdef SSL_DEBUG
{
- /* Print out local port of connection: useful for debugging */
- int sock;
- struct sockaddr_in ladd;
- socklen_t ladd_size = sizeof(ladd);
- sock = SSL_get_fd(s);
- getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
- BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
+ /* Print out local port of connection: useful for debugging */
+ int sock;
+ struct sockaddr_in ladd;
+ socklen_t ladd_size = sizeof(ladd);
+ sock = SSL_get_fd(s);
+ getsockname(sock, (struct sockaddr *) & ladd, &ladd_size);
+ BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
}
#endif
#endif
#ifndef OPENSSL_NO_SRTP
- {
- SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
-
- if(srtp_profile)
- BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
- srtp_profile->name);
+ {
+ SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s);
+
+ if (srtp_profile)
+ BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
+ srtp_profile->name);
}
#endif
-
- SSL_SESSION_print(bio,SSL_get_session(s));
- if (keymatexportlabel != NULL)
- {
+
+ SSL_SESSION_print(bio, SSL_get_session(s));
+ if (keymatexportlabel != NULL) {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
exportedkeymat = malloc(keymatexportlen);
- if (exportedkeymat != NULL)
- {
+ if (exportedkeymat != NULL) {
if (!SSL_export_keying_material(s, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0))
- {
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)) {
BIO_printf(bio, " Error\n");
- }
- else
- {
+ } else {
BIO_printf(bio, " Keying material: ");
- for (i=0; i<keymatexportlen; i++)
+ for (i = 0; i < keymatexportlen; i++)
BIO_printf(bio, "%02X",
- exportedkeymat[i]);
+ exportedkeymat[i]);
BIO_printf(bio, "\n");
- }
- free(exportedkeymat);
}
+ free(exportedkeymat);
}
- BIO_printf(bio,"---\n");
+ }
+ BIO_printf(bio, "---\n");
if (peer != NULL)
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
- (void)BIO_flush(bio);
- }
+ (void) BIO_flush(bio);
+}
#ifndef OPENSSL_NO_TLSEXT
-static int ocsp_resp_cb(SSL *s, void *arg)
- {
+static int
+ocsp_resp_cb(SSL * s, void *arg)
+{
const unsigned char *p;
int len;
OCSP_RESPONSE *rsp;
len = SSL_get_tlsext_status_ocsp_resp(s, &p);
BIO_puts(arg, "OCSP response: ");
- if (!p)
- {
+ if (!p) {
BIO_puts(arg, "no response sent\n");
return 1;
- }
+ }
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
- if (!rsp)
- {
+ if (!rsp) {
BIO_puts(arg, "response parse error\n");
- BIO_dump_indent(arg, (char *)p, len, 4);
+ BIO_dump_indent(arg, (char *) p, len, 4);
return 0;
- }
+ }
BIO_puts(arg, "\n======================================\n");
OCSP_RESPONSE_print(arg, rsp, 0);
BIO_puts(arg, "======================================\n");
OCSP_RESPONSE_free(rsp);
return 1;
- }
+}
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
+ * ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* ====================================================================
#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+static RSA *tmp_rsa_cb(SSL * s, int is_export, int keylength);
#endif
static int sv_body(char *hostname, int s, unsigned char *context);
static int www_body(char *hostname, int s, unsigned char *context);
-static void close_accept_socket(void );
+static void close_accept_socket(void);
static void sv_usage(void);
-static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
+static int init_ssl_connection(SSL * s);
+static void print_stats(BIO * bp, SSL_CTX * ctx);
+static int
+generate_session_id(const SSL * ssl, unsigned char *id,
+ unsigned int *id_len);
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(const char *dhfile);
static DH *get_dh512(void);
static void s_server_init(void);
#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
+static unsigned char dh512_p[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+ 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+ 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+ 0x47, 0x74, 0xE8, 0x33,
+};
+static unsigned char dh512_g[] = {
0x02,
- };
+};
-static DH *get_dh512(void)
- {
- DH *dh=NULL;
+static DH *
+get_dh512(void)
+{
+ DH *dh = NULL;
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
+ return (NULL);
+ return (dh);
+}
#endif
#undef BUFSIZZ
#define BUFSIZZ 16*1024
-static int bufsize=BUFSIZZ;
-static int accept_socket= -1;
+static int bufsize = BUFSIZZ;
+static int accept_socket = -1;
#define TEST_CERT "server.pem"
#ifndef OPENSSL_NO_TLSEXT
extern int verify_depth, verify_return_error;
-static char *cipher=NULL;
-static int s_server_verify=SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *cipher = NULL;
+static int s_server_verify = SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
+static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
#ifndef OPENSSL_NO_TLSEXT
-static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
+static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
-static char *s_dcert_file=NULL,*s_dkey_file=NULL;
+static char *s_dcert_file = NULL, *s_dkey_file = NULL;
#ifdef FIONBIO
-static int s_nbio=0;
+static int s_nbio = 0;
#endif
-static int s_nbio_test=0;
-int s_crlf=0;
-static SSL_CTX *ctx=NULL;
+static int s_nbio_test = 0;
+int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
#ifndef OPENSSL_NO_TLSEXT
-static SSL_CTX *ctx2=NULL;
+static SSL_CTX *ctx2 = NULL;
#endif
-static int www=0;
+static int www = 0;
-static BIO *bio_s_out=NULL;
-static int s_debug=0;
+static BIO *bio_s_out = NULL;
+static int s_debug = 0;
#ifndef OPENSSL_NO_TLSEXT
-static int s_tlsextdebug=0;
-static int s_tlsextstatus=0;
-static int cert_status_cb(SSL *s, void *arg);
+static int s_tlsextdebug = 0;
+static int s_tlsextstatus = 0;
+static int cert_status_cb(SSL * s, void *arg);
#endif
-static int s_msg=0;
-static int s_quiet=0;
+static int s_msg = 0;
+static int s_quiet = 0;
-static char *keymatexportlabel=NULL;
-static int keymatexportlen=20;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
-static int hack=0;
+static int hack = 0;
#ifndef OPENSSL_NO_ENGINE
-static char *engine_id=NULL;
+static char *engine_id = NULL;
#endif
-static const char *session_id_prefix=NULL;
+static const char *session_id_prefix = NULL;
static int enable_timeouts = 0;
static long socket_mtu;
#ifndef OPENSSL_NO_PSK
-static char *psk_identity="Client_identity";
-char *psk_key=NULL; /* by default PSK is not used */
+static char *psk_identity = "Client_identity";
+char *psk_key = NULL; /* by default PSK is not used */
-static unsigned int psk_server_cb(SSL *ssl, const char *identity,
- unsigned char *psk, unsigned int max_psk_len)
- {
+static unsigned int
+psk_server_cb(SSL * ssl, const char *identity,
+ unsigned char *psk, unsigned int max_psk_len)
+{
unsigned int psk_len = 0;
int ret;
BIGNUM *bn = NULL;
if (s_debug)
- BIO_printf(bio_s_out,"psk_server_cb\n");
- if (!identity)
- {
- BIO_printf(bio_err,"Error: client did not send PSK identity\n");
+ BIO_printf(bio_s_out, "psk_server_cb\n");
+ if (!identity) {
+ BIO_printf(bio_err, "Error: client did not send PSK identity\n");
goto out_err;
- }
+ }
if (s_debug)
- BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",
- identity ? (int)strlen(identity) : 0, identity);
+ BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+ identity ? (int) strlen(identity) : 0, identity);
/* here we could lookup the given identity e.g. from a database */
- if (strcmp(identity, psk_identity) != 0)
- {
- BIO_printf(bio_s_out, "PSK error: client identity not found"
- " (got '%s' expected '%s')\n", identity,
- psk_identity);
+ if (strcmp(identity, psk_identity) != 0) {
+ BIO_printf(bio_s_out, "PSK error: client identity not found"
+ " (got '%s' expected '%s')\n", identity,
+ psk_identity);
goto out_err;
- }
+ }
if (s_debug)
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
ret = BN_hex2bn(&bn, psk_key);
- if (!ret)
- {
- BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
+ if (!ret) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key);
if (bn)
BN_free(bn);
return 0;
- }
- if (BN_num_bytes(bn) > (int)max_psk_len)
- {
- BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
+ }
+ if (BN_num_bytes(bn) > (int) max_psk_len) {
+ BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
+ max_psk_len, BN_num_bytes(bn));
BN_free(bn);
return 0;
- }
-
+ }
ret = BN_bn2bin(bn, psk);
BN_free(bn);
if (ret < 0)
goto out_err;
- psk_len = (unsigned int)ret;
+ psk_len = (unsigned int) ret;
if (s_debug)
BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
- out_err:
+ return psk_len;
+out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
return 0;
- }
+}
#endif
#ifndef OPENSSL_NO_SRP
/* This is a context that we pass to callbacks */
-typedef struct srpsrvparm_st
- {
+typedef struct srpsrvparm_st {
char *login;
SRP_VBASE *vb;
SRP_user_pwd *user;
- } srpsrvparm;
+} srpsrvparm;
/* This callback pretends to require some asynchronous logic in order to obtain
a verifier. When the callback is called for a new connection we return
with a negative value. This will provoke the accept etc to return with
- an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ an LOOKUP_X509. The main logic of the reinvokes the suspended call
(which would normally occur after a worker has finished) and we
- set the user parameters.
+ set the user parameters.
*/
-static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
- {
- srpsrvparm *p = (srpsrvparm *)arg;
- if (p->login == NULL && p->user == NULL )
- {
+static int
+ssl_srp_server_param_cb(SSL * s, int *ad, void *arg)
+{
+ srpsrvparm *p = (srpsrvparm *) arg;
+ if (p->login == NULL && p->user == NULL) {
p->login = SSL_get_srp_username(s);
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
- return (-1) ;
- }
-
- if (p->user == NULL)
- {
+ return (-1);
+ }
+ if (p->user == NULL) {
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
return SSL3_AL_FATAL;
- }
+ }
if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
- p->user->info) < 0)
- {
+ p->user->info) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
- }
- BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info);
+ }
+ BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
/* need to check whether there are memory leaks */
p->user = NULL;
p->login = NULL;
return SSL_ERROR_NONE;
- }
+}
#endif
-static void s_server_init(void)
- {
- accept_socket=-1;
- cipher=NULL;
- s_server_verify=SSL_VERIFY_NONE;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
- s_cert_file=TEST_CERT;
- s_key_file=NULL;
+static void
+s_server_init(void)
+{
+ accept_socket = -1;
+ cipher = NULL;
+ s_server_verify = SSL_VERIFY_NONE;
+ s_dcert_file = NULL;
+ s_dkey_file = NULL;
+ s_cert_file = TEST_CERT;
+ s_key_file = NULL;
#ifndef OPENSSL_NO_TLSEXT
- s_cert_file2=TEST_CERT2;
- s_key_file2=NULL;
- ctx2=NULL;
+ s_cert_file2 = TEST_CERT2;
+ s_key_file2 = NULL;
+ ctx2 = NULL;
#endif
#ifdef FIONBIO
- s_nbio=0;
+ s_nbio = 0;
#endif
- s_nbio_test=0;
- ctx=NULL;
- www=0;
+ s_nbio_test = 0;
+ ctx = NULL;
+ www = 0;
- bio_s_out=NULL;
- s_debug=0;
- s_msg=0;
- s_quiet=0;
- hack=0;
+ bio_s_out = NULL;
+ s_debug = 0;
+ s_msg = 0;
+ s_quiet = 0;
+ hack = 0;
#ifndef OPENSSL_NO_ENGINE
- engine_id=NULL;
+ engine_id = NULL;
#endif
- }
+}
-static void sv_usage(void)
- {
- BIO_printf(bio_err,"usage: s_server [args ...]\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
- BIO_printf(bio_err," -context arg - set session ID context\n");
- BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
- BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -cert arg - certificate file to use\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
- " The CRL(s) are appended to the certificate file\n");
- BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
- " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
- " the certificate file.\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
- BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
- BIO_printf(bio_err," or a default set of parameters is used\n");
+static void
+sv_usage(void)
+{
+ BIO_printf(bio_err, "usage: s_server [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -accept arg - port to accept on (default is %d)\n", PORT);
+ BIO_printf(bio_err, " -context arg - set session ID context\n");
+ BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err, " -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err, " -cert arg - certificate file to use\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT);
+ BIO_printf(bio_err, " -crl_check - check the peer certificate has not been revoked by its CA.\n" \
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err, " -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
+ " the certificate file.\n");
+ BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err, " -key arg - Private Key file to use, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT);
+ BIO_printf(bio_err, " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err, " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n");
+ BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
+ BIO_printf(bio_err, " or a default set of parameters is used\n");
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is nistp256).\n");
+ BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+ " Use \"openssl ecparam -list_curves\" for all names\n" \
+ " (default is nistp256).\n");
#endif
#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -debug - Print more output\n");
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -state - Print the SSL states\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
- BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
- BIO_printf(bio_err," -quiet - No server output\n");
- BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
+ BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n");
+ BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err, " -debug - Print more output\n");
+ BIO_printf(bio_err, " -msg - Show protocol messages\n");
+ BIO_printf(bio_err, " -state - Print the SSL states\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
+ BIO_printf(bio_err, " -quiet - No server output\n");
+ BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
#ifndef OPENSSL_NO_PSK
- BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
- BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");
-# ifndef OPENSSL_NO_JPAKE
- BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
-# endif
+ BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
+ BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
+#ifndef OPENSSL_NO_JPAKE
+ BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
+#endif
#endif
#ifndef OPENSSL_NO_SRP
- BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n");
- BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
-#endif
- BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
- BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
- BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
- BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
- BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
- BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set link layer MTU\n");
- BIO_printf(bio_err," -chain - Read a certificate chain\n");
- BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
- BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
- BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
- BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n");
- BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n");
+ BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
+ BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
+#endif
+ BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
+ BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
+ BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
+ BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
+ BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n");
+ BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n");
+ BIO_printf(bio_err, " -timeout - Enable timeouts\n");
+ BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err, " -chain - Read a certificate chain\n");
+ BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
+ BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
+ BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
+ BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n");
+ BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n");
#ifndef OPENSSL_NO_DH
- BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
+ BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
#endif
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
+ BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
- BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
- BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+ BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err, " -www - Respond to a 'GET /' with a status page\n");
+ BIO_printf(bio_err,
" -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err,
" -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err, " with the assumption it contains a complete HTTP response.\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+ BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
#endif
- BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':');
+ BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':');
#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
- BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
- BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
- BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
- BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
- BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
-# endif
-# ifndef OPENSSL_NO_SRTP
- BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-# endif
-#endif
- BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
- BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
- }
-
-static int local_argc=0;
+ BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
+ BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+ BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2);
+ BIO_printf(bio_err, " -key2 arg - Private Key file to use for servername, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2);
+ BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
+#endif
+#ifndef OPENSSL_NO_SRTP
+ BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
+#endif
+ BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+}
+
+static int local_argc = 0;
static char **local_argv;
#ifndef OPENSSL_NO_TLSEXT
/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
- char * servername;
- BIO * biodebug;
- int extension_error;
+ char *servername;
+ BIO *biodebug;
+ int extension_error;
} tlsextctx;
-static int ssl_servername_cb(SSL *s, int *ad, void *arg)
- {
- tlsextctx * p = (tlsextctx *) arg;
- const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (servername && p->biodebug)
- BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
-
+static int
+ssl_servername_cb(SSL * s, int *ad, void *arg)
+{
+ tlsextctx *p = (tlsextctx *) arg;
+ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (servername && p->biodebug)
+ BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername);
+
if (!p->servername)
return SSL_TLSEXT_ERR_NOACK;
-
- if (servername)
- {
- if (strcmp(servername,p->servername))
+
+ if (servername) {
+ if (strcmp(servername, p->servername))
return p->extension_error;
- if (ctx2)
- {
- BIO_printf(p->biodebug,"Switching server context.\n");
- SSL_set_SSL_CTX(s,ctx2);
- }
+ if (ctx2) {
+ BIO_printf(p->biodebug, "Switching server context.\n");
+ SSL_set_SSL_CTX(s, ctx2);
}
+ }
return SSL_TLSEXT_ERR_OK;
}
/* Structure passed to cert status callback */
typedef struct tlsextstatusctx_st {
- /* Default responder to use */
- char *host, *path, *port;
- int use_ssl;
- int timeout;
- BIO *err;
- int verbose;
+ /* Default responder to use */
+ char *host, *path, *port;
+ int use_ssl;
+ int timeout;
+ BIO *err;
+ int verbose;
} tlsextstatusctx;
static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
* considered "expired".
*/
-static int cert_status_cb(SSL *s, void *arg)
- {
+static int
+cert_status_cb(SSL * s, void *arg)
+{
tlsextstatusctx *srctx = arg;
BIO *err = srctx->err;
char *host, *port, *path;
int use_ssl;
unsigned char *rspder = NULL;
int rspderlen;
- STACK_OF(OPENSSL_STRING) *aia = NULL;
+ STACK_OF(OPENSSL_STRING) * aia = NULL;
X509 *x = NULL;
X509_STORE_CTX inctx;
X509_OBJECT obj;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_CERTID *id = NULL;
- STACK_OF(X509_EXTENSION) *exts;
+ STACK_OF(X509_EXTENSION) * exts;
int ret = SSL_TLSEXT_ERR_NOACK;
int i;
#if 0
-STACK_OF(OCSP_RESPID) *ids;
-SSL_get_tlsext_status_ids(s, &ids);
-BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
+ STACK_OF(OCSP_RESPID) * ids;
+ SSL_get_tlsext_status_ids(s, &ids);
+ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
#endif
if (srctx->verbose)
BIO_puts(err, "cert_status: callback called\n");
/* Build up OCSP query from server certificate */
x = SSL_get_certificate(s);
aia = X509_get1_ocsp(x);
- if (aia)
- {
+ if (aia) {
if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
- &host, &port, &path, &use_ssl))
- {
+ &host, &port, &path, &use_ssl)) {
BIO_puts(err, "cert_status: can't parse AIA URL\n");
goto err;
- }
+ }
if (srctx->verbose)
BIO_printf(err, "cert_status: AIA URL: %s\n",
- sk_OPENSSL_STRING_value(aia, 0));
- }
- else
- {
- if (!srctx->host)
- {
+ sk_OPENSSL_STRING_value(aia, 0));
+ } else {
+ if (!srctx->host) {
BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
goto done;
- }
+ }
host = srctx->host;
path = srctx->path;
port = srctx->port;
use_ssl = srctx->use_ssl;
- }
-
+ }
+
if (!X509_STORE_CTX_init(&inctx,
- SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
- NULL, NULL))
+ SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+ NULL, NULL))
goto err;
- if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
- X509_get_issuer_name(x),&obj) <= 0)
- {
+ if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
+ X509_get_issuer_name(x), &obj) <= 0) {
BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
X509_STORE_CTX_cleanup(&inctx);
goto done;
- }
+ }
req = OCSP_REQUEST_new();
if (!req)
goto err;
id = NULL;
/* Add any extensions to the request */
SSL_get_tlsext_status_exts(s, &exts);
- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
- {
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
if (!OCSP_REQUEST_add_ext(req, ext, -1))
goto err;
- }
+ }
resp = process_responder(err, req, host, path, port, use_ssl, NULL,
- srctx->timeout);
- if (!resp)
- {
+ srctx->timeout);
+ if (!resp) {
BIO_puts(err, "cert_status: error querying responder\n");
goto done;
- }
+ }
rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
if (rspderlen <= 0)
goto err;
SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
- if (srctx->verbose)
- {
+ if (srctx->verbose) {
BIO_puts(err, "cert_status: ocsp response sent:\n");
OCSP_RESPONSE_print(err, resp, 2);
- }
+ }
ret = SSL_TLSEXT_ERR_OK;
- done:
+done:
if (ret != SSL_TLSEXT_ERR_OK)
ERR_print_errors(err);
- if (aia)
- {
+ if (aia) {
free(host);
free(path);
free(port);
X509_email_free(aia);
- }
+ }
if (id)
OCSP_CERTID_free(id);
if (req)
if (resp)
OCSP_RESPONSE_free(resp);
return ret;
- err:
+err:
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
goto done;
- }
+}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* This is the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
unsigned int len;
} tlsextnextprotoctx;
-static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
- {
+static int
+next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
+{
tlsextnextprotoctx *next_proto = arg;
*data = next_proto->data;
*len = next_proto->len;
return SSL_TLSEXT_ERR_OK;
- }
-# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+}
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
#endif
static char *jpake_secret = NULL;
#endif
#ifndef OPENSSL_NO_SRP
- static srpsrvparm srp_callback_parm;
+static srpsrvparm srp_callback_parm;
#endif
#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL;
#endif
-int MAIN(int argc, char *argv[])
- {
+int
+MAIN(int argc, char *argv[])
+{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- short port=PORT;
- char *CApath=NULL,*CAfile=NULL;
+ short port = PORT;
+ char *CApath = NULL, *CAfile = NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
#ifndef OPENSSL_NO_ECDH
char *named_curve = NULL;
#endif
- int badop=0,bugs=0;
- int ret=1;
- int off=0;
- int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
- int state=0;
- const SSL_METHOD *meth=NULL;
- int socket_type=SOCK_STREAM;
- ENGINE *e=NULL;
- char *inrand=NULL;
+ int badop = 0, bugs = 0;
+ int ret = 1;
+ int off = 0;
+ int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
+ int state = 0;
+ const SSL_METHOD *meth = NULL;
+ int socket_type = SOCK_STREAM;
+ ENGINE *e = NULL;
+ char *inrand = NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
char *dpassarg = NULL, *dpass = NULL;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
- tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-# ifndef OPENSSL_NO_NEXTPROTONEG
+ tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
+#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto;
-# endif
+#endif
#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
- static char *psk_identity_hint=NULL;
+ static char *psk_identity_hint = NULL;
#endif
#ifndef OPENSSL_NO_SRP
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
- meth=SSLv23_server_method();
+ meth = SSLv23_server_method();
- local_argc=argc;
- local_argv=argv;
+ local_argc = argc;
+ local_argv = argv;
apps_startup();
s_server_init();
if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- verify_depth=0;
+ verify_depth = 0;
#ifdef FIONBIO
- s_nbio=0;
+ s_nbio = 0;
#endif
- s_nbio_test=0;
+ s_nbio_test = 0;
argc--;
argv++;
- while (argc >= 1)
- {
- if ((strcmp(*argv,"-port") == 0) ||
- (strcmp(*argv,"-accept") == 0))
- {
- if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
+ while (argc >= 1) {
+ if ((strcmp(*argv, "-port") == 0) ||
+ (strcmp(*argv, "-accept") == 0)) {
+ if (--argc < 1)
+ goto bad;
+ if (!extract_port(*(++argv), &port))
+ goto bad;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ } else if (strcmp(*argv, "-Verify") == 0) {
+ s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+ SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth);
+ } else if (strcmp(*argv, "-context") == 0) {
+ if (--argc < 1)
+ goto bad;
+ context = (unsigned char *) *(++argv);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_cert_file = *(++argv);
+ } else if (strcmp(*argv, "-certform") == 0) {
+ if (--argc < 1)
goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-Verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
- SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
- }
- else if (strcmp(*argv,"-context") == 0)
- {
- if (--argc < 1) goto bad;
- context= (unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
s_cert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_file= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_key_file = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
s_key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
passarg = *(++argv);
- }
- else if (strcmp(*argv,"-dhparam") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-dhparam") == 0) {
+ if (--argc < 1)
+ goto bad;
dhfile = *(++argv);
- }
-#ifndef OPENSSL_NO_ECDH
- else if (strcmp(*argv,"-named_curve") == 0)
- {
- if (--argc < 1) goto bad;
+ }
+#ifndef OPENSSL_NO_ECDH
+ else if (strcmp(*argv, "-named_curve") == 0) {
+ if (--argc < 1)
+ goto bad;
named_curve = *(++argv);
- }
+ }
#endif
- else if (strcmp(*argv,"-dcertform") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-dcertform") == 0) {
+ if (--argc < 1)
+ goto bad;
s_dcert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dcert") == 0)
- {
- if (--argc < 1) goto bad;
- s_dcert_file= *(++argv);
- }
- else if (strcmp(*argv,"-dkeyform") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-dcert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dcert_file = *(++argv);
+ } else if (strcmp(*argv, "-dkeyform") == 0) {
+ if (--argc < 1)
+ goto bad;
s_dkey_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dpass") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-dpass") == 0) {
+ if (--argc < 1)
+ goto bad;
dpassarg = *(++argv);
- }
- else if (strcmp(*argv,"-dkey") == 0)
- {
- if (--argc < 1) goto bad;
- s_dkey_file= *(++argv);
- }
- else if (strcmp(*argv,"-nocert") == 0)
- {
- nocert=1;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-no_cache") == 0)
+ } else if (strcmp(*argv, "-dkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dkey_file = *(++argv);
+ } else if (strcmp(*argv, "-nocert") == 0) {
+ nocert = 1;
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-no_cache") == 0)
no_cache = 1;
- else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
- {
+ else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto bad;
continue;
- }
- else if (strcmp(*argv,"-verify_return_error") == 0)
+ } else if (strcmp(*argv, "-verify_return_error") == 0)
verify_return_error = 1;
- else if (strcmp(*argv,"-serverpref") == 0)
- { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
- else if (strcmp(*argv,"-legacy_renegotiation") == 0)
- off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
-#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { s_nbio=1; }
+ else if (strcmp(*argv, "-serverpref") == 0) {
+ off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
+ off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv, "-cipher") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cipher = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv, "-nbio") == 0) {
+ s_nbio = 1;
+ }
#endif
- else if (strcmp(*argv,"-nbio_test") == 0)
- {
-#ifdef FIONBIO
- s_nbio=1;
+ else if (strcmp(*argv, "-nbio_test") == 0) {
+#ifdef FIONBIO
+ s_nbio = 1;
#endif
- s_nbio_test=1;
- }
- else if (strcmp(*argv,"-debug") == 0)
- { s_debug=1; }
+ s_nbio_test = 1;
+ } else if (strcmp(*argv, "-debug") == 0) {
+ s_debug = 1;
+ }
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-tlsextdebug") == 0)
- s_tlsextdebug=1;
- else if (strcmp(*argv,"-status") == 0)
- s_tlsextstatus=1;
- else if (strcmp(*argv,"-status_verbose") == 0)
- {
- s_tlsextstatus=1;
+ else if (strcmp(*argv, "-tlsextdebug") == 0)
+ s_tlsextdebug = 1;
+ else if (strcmp(*argv, "-status") == 0)
+ s_tlsextstatus = 1;
+ else if (strcmp(*argv, "-status_verbose") == 0) {
+ s_tlsextstatus = 1;
tlscstatp.verbose = 1;
- }
- else if (!strcmp(*argv, "-status_timeout"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
+ } else if (!strcmp(*argv, "-status_timeout")) {
+ s_tlsextstatus = 1;
+ if (--argc < 1)
+ goto bad;
tlscstatp.timeout = atoi(*(++argv));
- }
- else if (!strcmp(*argv, "-status_url"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
+ } else if (!strcmp(*argv, "-status_url")) {
+ s_tlsextstatus = 1;
+ if (--argc < 1)
+ goto bad;
if (!OCSP_parse_url(*(++argv),
- &tlscstatp.host,
- &tlscstatp.port,
- &tlscstatp.path,
- &tlscstatp.use_ssl))
- {
+ &tlscstatp.host,
+ &tlscstatp.port,
+ &tlscstatp.path,
+ &tlscstatp.use_ssl)) {
BIO_printf(bio_err, "Error parsing URL\n");
goto bad;
- }
}
+ }
#endif
- else if (strcmp(*argv,"-msg") == 0)
- { s_msg=1; }
- else if (strcmp(*argv,"-hack") == 0)
- { hack=1; }
- else if (strcmp(*argv,"-state") == 0)
- { state=1; }
- else if (strcmp(*argv,"-crlf") == 0)
- { s_crlf=1; }
- else if (strcmp(*argv,"-quiet") == 0)
- { s_quiet=1; }
- else if (strcmp(*argv,"-bugs") == 0)
- { bugs=1; }
- else if (strcmp(*argv,"-no_tmp_rsa") == 0)
- { no_tmp_rsa=1; }
- else if (strcmp(*argv,"-no_dhe") == 0)
- { no_dhe=1; }
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- { no_ecdhe=1; }
+ else if (strcmp(*argv, "-msg") == 0) {
+ s_msg = 1;
+ } else if (strcmp(*argv, "-hack") == 0) {
+ hack = 1;
+ } else if (strcmp(*argv, "-state") == 0) {
+ state = 1;
+ } else if (strcmp(*argv, "-crlf") == 0) {
+ s_crlf = 1;
+ } else if (strcmp(*argv, "-quiet") == 0) {
+ s_quiet = 1;
+ } else if (strcmp(*argv, "-bugs") == 0) {
+ bugs = 1;
+ } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
+ no_tmp_rsa = 1;
+ } else if (strcmp(*argv, "-no_dhe") == 0) {
+ no_dhe = 1;
+ } else if (strcmp(*argv, "-no_ecdhe") == 0) {
+ no_ecdhe = 1;
+ }
#ifndef OPENSSL_NO_PSK
- else if (strcmp(*argv,"-psk_hint") == 0)
- {
- if (--argc < 1) goto bad;
- psk_identity_hint= *(++argv);
- }
- else if (strcmp(*argv,"-psk") == 0)
- {
+ else if (strcmp(*argv, "-psk_hint") == 0) {
+ if (--argc < 1)
+ goto bad;
+ psk_identity_hint = *(++argv);
+ } else if (strcmp(*argv, "-psk") == 0) {
size_t i;
- if (--argc < 1) goto bad;
- psk_key=*(++argv);
- for (i=0; i<strlen(psk_key); i++)
- {
- if (isxdigit((unsigned char)psk_key[i]))
+ if (--argc < 1)
+ goto bad;
+ psk_key = *(++argv);
+ for (i = 0; i < strlen(psk_key); i++) {
+ if (isxdigit((unsigned char) psk_key[i]))
continue;
- BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
+ BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
goto bad;
- }
}
+ }
#endif
#ifndef OPENSSL_NO_SRP
- else if (strcmp(*argv, "-srpvfile") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-srpvfile") == 0) {
+ if (--argc < 1)
+ goto bad;
srp_verifier_file = *(++argv);
meth = TLSv1_server_method();
- }
- else if (strcmp(*argv, "-srpuserseed") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-srpuserseed") == 0) {
+ if (--argc < 1)
+ goto bad;
srpuserseed = *(++argv);
meth = TLSv1_server_method();
- }
+ }
#endif
- else if (strcmp(*argv,"-www") == 0)
- { www=1; }
- else if (strcmp(*argv,"-WWW") == 0)
- { www=2; }
- else if (strcmp(*argv,"-HTTP") == 0)
- { www=3; }
- else if (strcmp(*argv,"-no_ssl2") == 0)
- { off|=SSL_OP_NO_SSLv2; }
- else if (strcmp(*argv,"-no_ssl3") == 0)
- { off|=SSL_OP_NO_SSLv3; }
- else if (strcmp(*argv,"-no_tls1") == 0)
- { off|=SSL_OP_NO_TLSv1; }
- else if (strcmp(*argv,"-no_tls1_1") == 0)
- { off|=SSL_OP_NO_TLSv1_1; }
- else if (strcmp(*argv,"-no_tls1_2") == 0)
- { off|=SSL_OP_NO_TLSv1_2; }
- else if (strcmp(*argv,"-no_comp") == 0)
- { off|=SSL_OP_NO_COMPRESSION; }
+ else if (strcmp(*argv, "-www") == 0) {
+ www = 1;
+ } else if (strcmp(*argv, "-WWW") == 0) {
+ www = 2;
+ } else if (strcmp(*argv, "-HTTP") == 0) {
+ www = 3;
+ } else if (strcmp(*argv, "-no_ssl2") == 0) {
+ off |= SSL_OP_NO_SSLv2;
+ } else if (strcmp(*argv, "-no_ssl3") == 0) {
+ off |= SSL_OP_NO_SSLv3;
+ } else if (strcmp(*argv, "-no_tls1") == 0) {
+ off |= SSL_OP_NO_TLSv1;
+ } else if (strcmp(*argv, "-no_tls1_1") == 0) {
+ off |= SSL_OP_NO_TLSv1_1;
+ } else if (strcmp(*argv, "-no_tls1_2") == 0) {
+ off |= SSL_OP_NO_TLSv1_2;
+ } else if (strcmp(*argv, "-no_comp") == 0) {
+ off |= SSL_OP_NO_COMPRESSION;
+ }
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-no_ticket") == 0)
- { off|=SSL_OP_NO_TICKET; }
-#endif
- else if (strcmp(*argv,"-ssl3") == 0)
- { meth=SSLv3_server_method(); }
- else if (strcmp(*argv,"-tls1") == 0)
- { meth=TLSv1_server_method(); }
- else if (strcmp(*argv,"-tls1_1") == 0)
- { meth=TLSv1_1_server_method(); }
- else if (strcmp(*argv,"-tls1_2") == 0)
- { meth=TLSv1_2_server_method(); }
+ else if (strcmp(*argv, "-no_ticket") == 0) {
+ off |= SSL_OP_NO_TICKET;
+ }
+#endif
+ else if (strcmp(*argv, "-ssl3") == 0) {
+ meth = SSLv3_server_method();
+ } else if (strcmp(*argv, "-tls1") == 0) {
+ meth = TLSv1_server_method();
+ } else if (strcmp(*argv, "-tls1_1") == 0) {
+ meth = TLSv1_1_server_method();
+ } else if (strcmp(*argv, "-tls1_2") == 0) {
+ meth = TLSv1_2_server_method();
+ }
#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_server_method();
+ else if (strcmp(*argv, "-dtls1") == 0) {
+ meth = DTLSv1_server_method();
socket_type = SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
+ } else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-mtu") == 0) {
+ if (--argc < 1)
+ goto bad;
socket_mtu = atol(*(++argv));
- }
- else if (strcmp(*argv, "-chain") == 0)
+ } else if (strcmp(*argv, "-chain") == 0)
cert_chain = 1;
#endif
- else if (strcmp(*argv, "-id_prefix") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-id_prefix") == 0) {
+ if (--argc < 1)
+ goto bad;
session_id_prefix = *(++argv);
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine_id= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine_id = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ }
#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-servername") == 0)
- {
- if (--argc < 1) goto bad;
- tlsextcbp.servername= *(++argv);
- }
- else if (strcmp(*argv,"-servername_fatal") == 0)
- { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
- else if (strcmp(*argv,"-cert2") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_file2= *(++argv);
- }
- else if (strcmp(*argv,"-key2") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_file2= *(++argv);
- }
-# ifndef OPENSSL_NO_NEXTPROTONEG
- else if (strcmp(*argv,"-nextprotoneg") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-servername") == 0) {
+ if (--argc < 1)
+ goto bad;
+ tlsextcbp.servername = *(++argv);
+ } else if (strcmp(*argv, "-servername_fatal") == 0) {
+ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+ } else if (strcmp(*argv, "-cert2") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_cert_file2 = *(++argv);
+ } else if (strcmp(*argv, "-key2") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_key_file2 = *(++argv);
+ }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ else if (strcmp(*argv, "-nextprotoneg") == 0) {
+ if (--argc < 1)
+ goto bad;
next_proto_neg_in = *(++argv);
- }
-# endif
+ }
+#endif
#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- else if (strcmp(*argv,"-jpake") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-jpake") == 0) {
+ if (--argc < 1)
+ goto bad;
jpake_secret = *(++argv);
- }
+ }
#endif
#ifndef OPENSSL_NO_SRTP
- else if (strcmp(*argv,"-use_srtp") == 0)
- {
- if (--argc < 1) goto bad;
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+ goto bad;
srtp_profiles = *(++argv);
- }
+ }
#endif
- else if (strcmp(*argv,"-keymatexport") == 0)
- {
- if (--argc < 1) goto bad;
- keymatexportlabel= *(++argv);
- }
- else if (strcmp(*argv,"-keymatexportlen") == 0)
- {
- if (--argc < 1) goto bad;
- keymatexportlen=atoi(*(++argv));
- if (keymatexportlen == 0) goto bad;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
+ else if (strcmp(*argv, "-keymatexport") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keymatexportlabel = *(++argv);
+ } else if (strcmp(*argv, "-keymatexportlen") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keymatexportlen = atoi(*(++argv));
+ if (keymatexportlen == 0)
+ goto bad;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
break;
- }
+ }
argc--;
argv++;
- }
- if (badop)
- {
+ }
+ if (badop) {
bad:
sv_usage();
goto end;
- }
-
+ }
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- if (jpake_secret)
- {
- if (psk_key)
- {
+ if (jpake_secret) {
+ if (psk_key) {
BIO_printf(bio_err,
- "Can't use JPAKE and PSK together\n");
+ "Can't use JPAKE and PSK together\n");
goto end;
- }
+ }
psk_identity = "JPAKE";
- if (cipher)
- {
+ if (cipher) {
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
- }
- cipher = "PSK";
}
-
+ cipher = "PSK";
+ }
#endif
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
+ e = setup_engine(bio_err, engine_id, 1);
#endif
- if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
- {
+ if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
-
-
+ }
if (s_key_file == NULL)
s_key_file = s_cert_file;
#ifndef OPENSSL_NO_TLSEXT
s_key_file2 = s_cert_file2;
#endif
- if (nocert == 0)
- {
+ if (nocert == 0) {
s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
- "server certificate private key file");
- if (!s_key)
- {
+ "server certificate private key file");
+ if (!s_key) {
ERR_print_errors(bio_err);
goto end;
- }
-
- s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
- NULL, e, "server certificate file");
+ }
+ s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
+ NULL, e, "server certificate file");
- if (!s_cert)
- {
+ if (!s_cert) {
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (tlsextcbp.servername)
- {
+ if (tlsextcbp.servername) {
s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
- "second server certificate private key file");
- if (!s_key2)
- {
+ "second server certificate private key file");
+ if (!s_key2) {
ERR_print_errors(bio_err);
goto end;
- }
-
- s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
- NULL, e, "second server certificate file");
-
- if (!s_cert2)
- {
+ }
+ s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_cert2) {
ERR_print_errors(bio_err);
goto end;
- }
}
-#endif
}
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
- if (next_proto_neg_in)
- {
+#endif
+ }
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ if (next_proto_neg_in) {
unsigned short len;
next_proto.data = next_protos_parse(&len, next_proto_neg_in);
if (next_proto.data == NULL)
goto end;
next_proto.len = len;
- }
- else
- {
+ } else {
next_proto.data = NULL;
- }
+ }
#endif
- if (s_dcert_file)
- {
+ if (s_dcert_file) {
if (s_dkey_file == NULL)
s_dkey_file = s_dcert_file;
s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
- 0, dpass, e,
- "second certificate private key file");
- if (!s_dkey)
- {
+ 0, dpass, e,
+ "second certificate private key file");
+ if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
- }
-
- s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
- NULL, e, "second server certificate file");
+ }
+ s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
+ NULL, e, "second server certificate file");
- if (!s_dcert)
- {
+ if (!s_dcert) {
ERR_print_errors(bio_err);
goto end;
- }
-
}
-
+ }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
+ && !RAND_status()) {
+ BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
+ }
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- if (bio_s_out == NULL)
- {
- if (s_quiet && !s_debug && !s_msg)
- {
- bio_s_out=BIO_new(BIO_s_null());
- }
- else
- {
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ if (bio_s_out == NULL) {
+ if (s_quiet && !s_debug && !s_msg) {
+ bio_s_out = BIO_new(BIO_s_null());
+ } else {
if (bio_s_out == NULL)
- bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
+ bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
-
+ }
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
if (nocert)
#endif
- {
- s_cert_file=NULL;
- s_key_file=NULL;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
+ {
+ s_cert_file = NULL;
+ s_key_file = NULL;
+ s_dcert_file = NULL;
+ s_dkey_file = NULL;
#ifndef OPENSSL_NO_TLSEXT
- s_cert_file2=NULL;
- s_key_file2=NULL;
+ s_cert_file2 = NULL;
+ s_key_file2 = NULL;
#endif
- }
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
+ }
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
- if (session_id_prefix)
- {
- if(strlen(session_id_prefix) >= 32)
+ }
+ if (session_id_prefix) {
+ if (strlen(session_id_prefix) >= 32)
BIO_printf(bio_err,
-"warning: id_prefix is too long, only one new session will be possible\n");
- else if(strlen(session_id_prefix) >= 16)
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if (strlen(session_id_prefix) >= 16)
BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
- if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
- {
- BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+ BIO_printf(bio_err, "error setting 'id_prefix'\n");
ERR_print_errors(bio_err);
goto end;
- }
- BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
}
- SSL_CTX_set_quiet_shutdown(ctx,1);
- if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
- if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
- SSL_CTX_set_options(ctx,off);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
+ BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx, 1);
+ if (bugs)
+ SSL_CTX_set_options(ctx, SSL_OP_ALL);
+ if (hack)
+ SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx, off);
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
+ * read ahead solves this problem.
*/
- if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+ if (socket_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx, 1);
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (state)
+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
- SSL_CTX_sess_set_cache_size(ctx,128);
+ SSL_CTX_sess_set_cache_size(ctx, 128);
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
#endif
#if 0
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+ if (cipher == NULL)
+ cipher = getenv("SSL_CIPHER");
#endif
#if 0
- if (s_cert_file == NULL)
- {
- BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
+ if (s_cert_file == NULL) {
+ BIO_printf(bio_err, "You must specify a certificate file for the server to use\n");
goto end;
- }
+ }
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
- }
+ }
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_TLSEXT
- if (s_cert2)
- {
- ctx2=SSL_CTX_new(meth);
- if (ctx2 == NULL)
- {
+ if (s_cert2) {
+ ctx2 = SSL_CTX_new(meth);
+ if (ctx2 == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
}
-
- if (ctx2)
- {
- BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
-
- if (session_id_prefix)
- {
- if(strlen(session_id_prefix) >= 32)
+ }
+ if (ctx2) {
+ BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+ if (session_id_prefix) {
+ if (strlen(session_id_prefix) >= 32)
BIO_printf(bio_err,
- "warning: id_prefix is too long, only one new session will be possible\n");
- else if(strlen(session_id_prefix) >= 16)
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if (strlen(session_id_prefix) >= 16)
BIO_printf(bio_err,
- "warning: id_prefix is too long if you use SSLv2\n");
- if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
- {
- BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+ BIO_printf(bio_err, "error setting 'id_prefix'\n");
ERR_print_errors(bio_err);
goto end;
- }
- BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
}
- SSL_CTX_set_quiet_shutdown(ctx2,1);
- if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
- if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
- SSL_CTX_set_options(ctx2,off);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
+ BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx2, 1);
+ if (bugs)
+ SSL_CTX_set_options(ctx2, SSL_OP_ALL);
+ if (hack)
+ SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx2, off);
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
- if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
+ if (socket_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx2, 1);
- if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
+ if (state)
+ SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
if (no_cache)
- SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
else
- SSL_CTX_sess_set_cache_size(ctx2,128);
+ SSL_CTX_sess_set_cache_size(ctx2, 128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
- {
+ if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx2))) {
ERR_print_errors(bio_err);
- }
+ }
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
- }
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
+ }
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
-# endif
-#endif
+#endif
+#endif
#ifndef OPENSSL_NO_DH
- if (!no_dhe)
- {
- DH *dh=NULL;
+ if (!no_dhe) {
+ DH *dh = NULL;
if (dhfile)
dh = load_dh_param(dhfile);
else if (s_cert_file)
dh = load_dh_param(s_cert_file);
- if (dh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp DH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp DH parameters\n");
- dh=get_dh512();
- }
- (void)BIO_flush(bio_s_out);
+ if (dh != NULL) {
+ BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+ } else {
+ BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+ dh = get_dh512();
+ }
+ (void) BIO_flush(bio_s_out);
- SSL_CTX_set_tmp_dh(ctx,dh);
+ SSL_CTX_set_tmp_dh(ctx, dh);
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- if (!dhfile)
- {
- DH *dh2=load_dh_param(s_cert_file2);
- if (dh2 != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp DH parameters\n");
- (void)BIO_flush(bio_s_out);
+ if (ctx2) {
+ if (!dhfile) {
+ DH *dh2 = load_dh_param(s_cert_file2);
+ if (dh2 != NULL) {
+ BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+ (void) BIO_flush(bio_s_out);
DH_free(dh);
dh = dh2;
- }
}
- SSL_CTX_set_tmp_dh(ctx2,dh);
}
+ SSL_CTX_set_tmp_dh(ctx2, dh);
+ }
#endif
DH_free(dh);
- }
+ }
#endif
#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- EC_KEY *ecdh=NULL;
+ if (!no_ecdhe) {
+ EC_KEY *ecdh = NULL;
- if (named_curve)
- {
+ if (named_curve) {
int nid = OBJ_sn2nid(named_curve);
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- named_curve);
+ if (nid == 0) {
+ BIO_printf(bio_err, "unknown curve name (%s)\n",
+ named_curve);
goto end;
- }
+ }
ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- named_curve);
+ if (ecdh == NULL) {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ named_curve);
goto end;
- }
}
-
- if (ecdh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
+ }
+ if (ecdh != NULL) {
+ BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
+ } else {
+ BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh == NULL)
- {
+ if (ecdh == NULL) {
BIO_printf(bio_err, "unable to create curve (nistp256)\n");
goto end;
- }
}
- (void)BIO_flush(bio_s_out);
+ }
+ (void) BIO_flush(bio_s_out);
- SSL_CTX_set_tmp_ecdh(ctx,ecdh);
+ SSL_CTX_set_tmp_ecdh(ctx, ecdh);
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
+ if (ctx2)
+ SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
#endif
EC_KEY_free(ecdh);
- }
+ }
#endif
-
+
if (!set_cert_key_stuff(ctx, s_cert, s_key))
goto end;
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
- goto end;
+ if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
+ goto end;
#endif
- if (s_dcert != NULL)
- {
+ if (s_dcert != NULL) {
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
goto end;
- }
-
+ }
#ifndef OPENSSL_NO_RSA
#if 1
- if (!no_tmp_rsa)
- {
- SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+ if (!no_tmp_rsa) {
+ SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
-#endif
- }
+ if (ctx2)
+ SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
+#endif
+ }
#else
- if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
- {
+ if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
RSA *rsa;
- BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
+ BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
BIO_flush(bio_s_out);
- rsa=RSA_generate_key(512,RSA_F4,NULL);
+ rsa = RSA_generate_key(512, RSA_F4, NULL);
- if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
- {
+ if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
ERR_print_errors(bio_err);
goto end;
- }
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
+ if (ctx2) {
+ if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif
RSA_free(rsa);
- BIO_printf(bio_s_out,"\n");
- }
+ BIO_printf(bio_s_out, "\n");
+ }
#endif
#endif
#else
if (psk_key != NULL || jpake_secret)
#endif
- {
+ {
if (s_debug)
BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
- }
-
- if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint))
- {
- BIO_printf(bio_err,"error setting PSK identity hint to context\n");
+ }
+ if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+ BIO_printf(bio_err, "error setting PSK identity hint to context\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
#endif
- if (cipher != NULL)
- {
- if(!SSL_CTX_set_cipher_list(ctx,cipher))
- {
- BIO_printf(bio_err,"error setting cipher list\n");
+ if (cipher != NULL) {
+ if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
- {
- BIO_printf(bio_err,"error setting cipher list\n");
+ if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
- }
-#endif
}
- SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
- SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+#endif
+ }
+ SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+ SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context,
+ sizeof s_server_session_id_context);
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
- SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ if (ctx2) {
+ SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+ SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context,
+ sizeof s_server_session_id_context);
tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
- }
+ }
#endif
#ifndef OPENSSL_NO_SRP
- if (srp_verifier_file != NULL)
- {
+ if (srp_verifier_file != NULL) {
srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
srp_callback_parm.user = NULL;
srp_callback_parm.login = NULL;
- if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR)
- {
+ if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
BIO_printf(bio_err,
- "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
- srp_verifier_file, ret);
- goto end;
- }
- SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback);
- SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
- SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+ "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+ srp_verifier_file, ret);
+ goto end;
}
- else
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
+ SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
+ SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+ } else
#endif
- if (CAfile != NULL)
- {
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+ if (CAfile != NULL) {
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
+ if (ctx2)
+ SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
#endif
- }
-
- BIO_printf(bio_s_out,"ACCEPT\n");
- (void)BIO_flush(bio_s_out);
+ }
+ BIO_printf(bio_s_out, "ACCEPT\n");
+ (void) BIO_flush(bio_s_out);
if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port, socket_type, &accept_socket, www_body, context);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
- print_stats(bio_s_out,ctx);
- ret=0;
+ do_server(port, socket_type, &accept_socket, sv_body, context);
+ print_stats(bio_s_out, ctx);
+ ret = 0;
end:
- if (ctx != NULL) SSL_CTX_free(ctx);
+ if (ctx != NULL)
+ SSL_CTX_free(ctx);
if (s_cert)
X509_free(s_cert);
if (s_dcert)
free(tlscstatp.port);
if (tlscstatp.path)
free(tlscstatp.path);
- if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ if (ctx2 != NULL)
+ SSL_CTX_free(ctx2);
if (s_cert2)
X509_free(s_cert2);
if (s_key2)
EVP_PKEY_free(s_key2);
#endif
- if (bio_s_out != NULL)
- {
- BIO_free(bio_s_out);
- bio_s_out=NULL;
- }
- apps_shutdown();
- return(ret);
+ if (bio_s_out != NULL) {
+ BIO_free(bio_s_out);
+ bio_s_out = NULL;
}
+ apps_shutdown();
+ return (ret);
+}
-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
- {
- BIO_printf(bio,"%4ld items in the session cache\n",
- SSL_CTX_sess_number(ssl_ctx));
- BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ssl_ctx));
- BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
- SSL_CTX_sess_connect_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld client connects that finished\n",
- SSL_CTX_sess_connect_good(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
- SSL_CTX_sess_accept(ssl_ctx));
- BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
- SSL_CTX_sess_accept_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts that finished\n",
- SSL_CTX_sess_accept_good(ssl_ctx));
- BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
- BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
- BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
- BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
- BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
- SSL_CTX_sess_cache_full(ssl_ctx),
- SSL_CTX_sess_get_cache_size(ssl_ctx));
- }
-
-static int sv_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
+static void
+print_stats(BIO * bio, SSL_CTX * ssl_ctx)
+{
+ BIO_printf(bio, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ssl_ctx));
+ BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ssl_ctx));
+ BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+ SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+ BIO_printf(bio, "%4ld client connects that finished\n",
+ SSL_CTX_sess_connect_good(ssl_ctx));
+ BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+ SSL_CTX_sess_accept(ssl_ctx));
+ BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+ SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+ BIO_printf(bio, "%4ld server accepts that finished\n",
+ SSL_CTX_sess_accept_good(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx));
+ BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+ SSL_CTX_sess_cache_full(ssl_ctx),
+ SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static int
+sv_body(char *hostname, int s, unsigned char *context)
+{
+ char *buf = NULL;
fd_set readfds;
- int ret=1,width;
- int k,i;
+ int ret = 1, width;
+ int k, i;
unsigned long l;
- SSL *con=NULL;
+ SSL *con = NULL;
BIO *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
struct timeval timeout;
struct timeval *timeoutp;
- if ((buf=malloc(bufsize)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
+ if ((buf = malloc(bufsize)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
goto err;
- }
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
+ }
+#ifdef FIONBIO
+ if (s_nbio) {
+ unsigned long sl = 1;
if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+ BIO_printf(bio_err, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
ERR_print_errors(bio_err);
- }
+ }
#endif
if (con == NULL) {
- con=SSL_new(ctx);
+ con = SSL_new(ctx);
#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (s_tlsextstatus)
- {
- SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
- tlscstatp.err = bio_err;
- SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+ if (s_tlsextstatus) {
+ SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+ tlscstatp.err = bio_err;
+ SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
#endif
#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL)
- {
+ if ((kctx = kssl_ctx_new()) != NULL) {
SSL_set0_kssl_ctx(con, kctx);
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context)
- SSL_set_session_id_context(con, context,
- strlen((char *)context));
+ kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if (context)
+ SSL_set_session_id_context(con, context,
+ strlen((char *) context));
}
SSL_clear(con);
#if 0
#endif
#endif
- if (SSL_version(con) == DTLS1_VERSION)
- {
+ if (SSL_version(con) == DTLS1_VERSION) {
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
- if (enable_timeouts)
- {
+ if (enable_timeouts) {
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
+
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_SND_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
- if (socket_mtu > 28)
- {
+ }
+ if (socket_mtu > 28) {
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, socket_mtu - 28);
- }
- else
+ } else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
- /* turn on cookie exchange */
- SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
+ /* turn on cookie exchange */
+ SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+ } else
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
- if (s_nbio_test)
- {
+ if (s_nbio_test) {
BIO *test;
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
#ifndef OPENSSL_NO_JPAKE
- if(jpake_secret)
+ if (jpake_secret)
jpake_server_auth(bio_s_out, sbio, jpake_secret);
#endif
- SSL_set_bio(con,sbio,sbio);
+ SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
- if (s_debug)
- {
+ if (s_debug) {
SSL_set_debug(con, 1);
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
+ BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
+ }
+ if (s_msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_out);
- }
+ }
#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
+ if (s_tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
+ }
#endif
- width=s+1;
- for (;;)
- {
+ width = s + 1;
+ for (;;) {
int read_from_terminal;
int read_from_sslcon;
read_from_terminal = 0;
read_from_sslcon = SSL_pending(con);
- if (!read_from_sslcon)
- {
+ if (!read_from_sslcon) {
FD_ZERO(&readfds);
- openssl_fdset(fileno(stdin),&readfds);
- openssl_fdset(s,&readfds);
- /* Note: under VMS with SOCKETSHR the second parameter is
- * currently of type (int *) whereas under other systems
- * it is (void *) if you don't have a cast it will choke
- * the compiler: if you do have a cast then you can either
- * go for (int *) or (void *).
+ openssl_fdset(fileno(stdin), &readfds);
+ openssl_fdset(s, &readfds);
+ /*
+ * Note: under VMS with SOCKETSHR the second
+ * parameter is currently of type (int *) whereas
+ * under other systems it is (void *) if you don't
+ * have a cast it will choke the compiler: if you do
+ * have a cast then you can either go for (int *) or
+ * (void *).
*/
if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
+ DTLSv1_get_timeout(con, &timeout))
timeoutp = &timeout;
else
timeoutp = NULL;
- i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
-
- if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
- {
- BIO_printf(bio_err,"TIMEOUT occured\n");
- }
+ i = select(width, (void *) &readfds, NULL, NULL, timeoutp);
- if (i <= 0) continue;
- if (FD_ISSET(fileno(stdin),&readfds))
+ if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
+ BIO_printf(bio_err, "TIMEOUT occured\n");
+ }
+ if (i <= 0)
+ continue;
+ if (FD_ISSET(fileno(stdin), &readfds))
read_from_terminal = 1;
- if (FD_ISSET(s,&readfds))
+ if (FD_ISSET(s, &readfds))
read_from_sslcon = 1;
- }
- if (read_from_terminal)
- {
- if (s_crlf)
- {
+ }
+ if (read_from_terminal) {
+ if (s_crlf) {
int j, lf_num;
- i=raw_read_stdin(buf, bufsize/2);
+ i = raw_read_stdin(buf, bufsize / 2);
lf_num = 0;
/* both loops are skipped when i <= 0 */
for (j = 0; j < i; j++)
if (buf[j] == '\n')
lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- buf[j+lf_num] = buf[j];
- if (buf[j] == '\n')
- {
+ for (j = i - 1; j >= 0; j--) {
+ buf[j + lf_num] = buf[j];
+ if (buf[j] == '\n') {
lf_num--;
i++;
- buf[j+lf_num] = '\r';
- }
+ buf[j + lf_num] = '\r';
}
- assert(lf_num == 0);
}
- else
- i=raw_read_stdin(buf,bufsize);
- if (!s_quiet)
- {
- if ((i <= 0) || (buf[0] == 'Q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
+ assert(lf_num == 0);
+ } else
+ i = raw_read_stdin(buf, bufsize);
+ if (!s_quiet) {
+ if ((i <= 0) || (buf[0] == 'Q')) {
+ BIO_printf(bio_s_out, "DONE\n");
shutdown(s, SHUT_RD);
close(s);
close_accept_socket();
- ret= -11;
+ ret = -11;
goto err;
- }
- if ((i <= 0) || (buf[0] == 'q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
+ }
+ if ((i <= 0) || (buf[0] == 'q')) {
+ BIO_printf(bio_s_out, "DONE\n");
if (SSL_version(con) != DTLS1_VERSION) {
- shutdown(s, SHUT_RD);
+ shutdown(s, SHUT_RD);
close(s);
}
- /* close_accept_socket();
- ret= -11;*/
+ /*
+ * close_accept_socket(); ret= -11;
+ */
goto err;
- }
- if ((buf[0] == 'r') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
+ }
+ if ((buf[0] == 'r') &&
+ ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /*13; */
+ i = SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n", i);
+ i = 0; /* 13; */
continue;
- /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
- }
+ /*
+ * strcpy(buf,"server side
+ * RE-NEGOTIATE\n");
+ */
+ }
if ((buf[0] == 'R') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
+ ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_set_verify(con,
- SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
+ SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /* 13; */
+ i = SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n", i);
+ i = 0; /* 13; */
continue;
- /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
- }
- if (buf[0] == 'P')
- {
- static const char *str="Lets print some clear text\n";
- BIO_write(SSL_get_wbio(con),str,strlen(str));
- }
- if (buf[0] == 'S')
- {
- print_stats(bio_s_out,SSL_get_SSL_CTX(con));
- }
+ /*
+ * strcpy(buf,"server side
+ * RE-NEGOTIATE asking for client
+ * cert\n");
+ */
}
- l=k=0;
- for (;;)
- {
+ if (buf[0] == 'P') {
+ static const char *str = "Lets print some clear text\n";
+ BIO_write(SSL_get_wbio(con), str, strlen(str));
+ }
+ if (buf[0] == 'S') {
+ print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+ }
+ }
+ l = k = 0;
+ for (;;) {
/* should do a select for the write */
#ifdef RENEG
-{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
+ {
+ static count = 0;
+ if (++count == 100) {
+ count = 0;
+ SSL_renegotiate(con);
+ }
+ }
#endif
- k=SSL_write(con,&(buf[l]),(unsigned int)i);
+ k = SSL_write(con, &(buf[l]), (unsigned int) i);
#ifndef OPENSSL_NO_SRP
- while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
- {
- BIO_printf(bio_s_out,"LOOKUP renego during write\n");
- srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
- if (srp_callback_parm.user)
- BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
- else
- BIO_printf(bio_s_out,"LOOKUP not successful\n");
- k=SSL_write(con,&(buf[l]),(unsigned int)i);
- }
+ while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+ srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ k = SSL_write(con, &(buf[l]), (unsigned int) i);
+ }
#endif
- switch (SSL_get_error(con,k))
- {
+ switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out,"Write BLOCK\n");
+ BIO_printf(bio_s_out, "Write BLOCK\n");
break;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
+ BIO_printf(bio_s_out, "ERROR\n");
ERR_print_errors(bio_err);
- ret=1;
+ ret = 1;
goto err;
/* break; */
case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
+ BIO_printf(bio_s_out, "DONE\n");
+ ret = 1;
goto err;
- }
- l+=k;
- i-=k;
- if (i <= 0) break;
}
+ l += k;
+ i -= k;
+ if (i <= 0)
+ break;
}
- if (read_from_sslcon)
- {
- if (!SSL_is_init_finished(con))
- {
- i=init_ssl_connection(con);
-
- if (i < 0)
- {
- ret=0;
+ }
+ if (read_from_sslcon) {
+ if (!SSL_is_init_finished(con)) {
+ i = init_ssl_connection(con);
+
+ if (i < 0) {
+ ret = 0;
goto err;
- }
- else if (i == 0)
- {
- ret=1;
+ } else if (i == 0) {
+ ret = 1;
goto err;
- }
}
- else
- {
-again:
- i=SSL_read(con,(char *)buf,bufsize);
+ } else {
+ again:
+ i = SSL_read(con, (char *) buf, bufsize);
#ifndef OPENSSL_NO_SRP
- while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
- {
- BIO_printf(bio_s_out,"LOOKUP renego during read\n");
- srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
- if (srp_callback_parm.user)
- BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
- else
- BIO_printf(bio_s_out,"LOOKUP not successful\n");
- i=SSL_read(con,(char *)buf,bufsize);
- }
+ while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ i = SSL_read(con, (char *) buf, bufsize);
+ }
#endif
- switch (SSL_get_error(con,i))
- {
+ switch (SSL_get_error(con, i)) {
case SSL_ERROR_NONE:
raw_write_stdout(buf,
- (unsigned int)i);
- if (SSL_pending(con)) goto again;
+ (unsigned int) i);
+ if (SSL_pending(con))
+ goto again;
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
- BIO_printf(bio_s_out,"Read BLOCK\n");
+ BIO_printf(bio_s_out, "Read BLOCK\n");
break;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
+ BIO_printf(bio_s_out, "ERROR\n");
ERR_print_errors(bio_err);
- ret=1;
+ ret = 1;
goto err;
case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
+ BIO_printf(bio_s_out, "DONE\n");
+ ret = 1;
goto err;
- }
}
}
}
+ }
err:
- if (con != NULL)
- {
- BIO_printf(bio_s_out,"shutting down SSL\n");
+ if (con != NULL) {
+ BIO_printf(bio_s_out, "shutting down SSL\n");
#if 1
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(con);
#endif
SSL_free(con);
- }
- BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bufsize);
+ }
+ BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, bufsize);
free(buf);
- }
- if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
- return(ret);
}
+ if (ret >= 0)
+ BIO_printf(bio_s_out, "ACCEPT\n");
+ return (ret);
+}
-static void close_accept_socket(void)
- {
- BIO_printf(bio_err,"shutdown accept socket\n");
- if (accept_socket >= 0)
- {
+static void
+close_accept_socket(void)
+{
+ BIO_printf(bio_err, "shutdown accept socket\n");
+ if (accept_socket >= 0) {
shutdown(accept_socket, SHUT_RDWR);
close(accept_socket);
- }
}
+}
-static int init_ssl_connection(SSL *con)
- {
+static int
+init_ssl_connection(SSL * con)
+{
int i;
const char *str;
X509 *peer;
unsigned char *exportedkeymat;
- i=SSL_accept(con);
+ i = SSL_accept(con);
#ifndef OPENSSL_NO_SRP
- while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
- {
- BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
- srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
- if (srp_callback_parm.user)
- BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
- else
- BIO_printf(bio_s_out,"LOOKUP not successful\n");
- i=SSL_accept(con);
- }
-#endif
- if (i <= 0)
- {
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_s_out,"DELAY\n");
- return(1);
- }
-
- BIO_printf(bio_err,"ERROR\n");
- verify_error=SSL_get_verify_result(con);
- if (verify_error != X509_V_OK)
- {
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
- }
+ while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
+ srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ i = SSL_accept(con);
+ }
+#endif
+ if (i <= 0) {
+ if (BIO_sock_should_retry(i)) {
+ BIO_printf(bio_s_out, "DELAY\n");
+ return (1);
+ }
+ BIO_printf(bio_err, "ERROR\n");
+ verify_error = SSL_get_verify_result(con);
+ if (verify_error != X509_V_OK) {
+ BIO_printf(bio_err, "verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ } else
ERR_print_errors(bio_err);
- return(0);
- }
-
- PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
-
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(bio_s_out,"Client certificate\n");
- PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"issuer=%s\n",buf);
+ return (0);
+ }
+ PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+ peer = SSL_get_peer_certificate(con);
+ if (peer != NULL) {
+ BIO_printf(bio_s_out, "Client certificate\n");
+ PEM_write_bio_X509(bio_s_out, peer);
+ X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+ BIO_printf(bio_s_out, "subject=%s\n", buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+ BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer);
- }
-
- if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
- BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
- str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
- BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+ }
+ if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
+ BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+ str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
- if (next_proto_neg)
- {
- BIO_printf(bio_s_out,"NEXTPROTO is ");
+ if (next_proto_neg) {
+ BIO_printf(bio_s_out, "NEXTPROTO is ");
BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
BIO_printf(bio_s_out, "\n");
- }
+ }
#endif
#ifndef OPENSSL_NO_SRTP
{
- SRTP_PROTECTION_PROFILE *srtp_profile
- = SSL_get_selected_srtp_profile(con);
+ SRTP_PROTECTION_PROFILE *srtp_profile
+ = SSL_get_selected_srtp_profile(con);
- if(srtp_profile)
- BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
- srtp_profile->name);
+ if (srtp_profile)
+ BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
+ srtp_profile->name);
}
#endif
- if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
- if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
- TLS1_FLAGS_TLS_PADDING_BUG)
+ if (SSL_cache_hit(con))
+ BIO_printf(bio_s_out, "Reused session-id\n");
+ if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
+ TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,
- "Peer has incorrect TLSv1 block padding\n");
+ "Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
- if (client_princ != NULL)
- {
- BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
- client_princ);
- }
-#endif /* OPENSSL_NO_KRB5 */
+ if (client_princ != NULL) {
+ BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
+ client_princ);
+ }
+#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
- if (keymatexportlabel != NULL)
- {
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+ if (keymatexportlabel != NULL) {
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio_s_out, " Length: %i bytes\n",
- keymatexportlen);
+ keymatexportlen);
exportedkeymat = malloc(keymatexportlen);
- if (exportedkeymat != NULL)
- {
+ if (exportedkeymat != NULL) {
if (!SSL_export_keying_material(con, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0))
- {
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)) {
BIO_printf(bio_s_out, " Error\n");
- }
- else
- {
+ } else {
BIO_printf(bio_s_out, " Keying material: ");
- for (i=0; i<keymatexportlen; i++)
+ for (i = 0; i < keymatexportlen; i++)
BIO_printf(bio_s_out, "%02X",
- exportedkeymat[i]);
+ exportedkeymat[i]);
BIO_printf(bio_s_out, "\n");
- }
- free(exportedkeymat);
}
+ free(exportedkeymat);
}
-
- return(1);
}
+ return (1);
+}
#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
- {
- DH *ret=NULL;
+static DH *
+load_dh_param(const char *dhfile)
+{
+ DH *ret = NULL;
BIO *bio;
- if ((bio=BIO_new_file(dhfile,"r")) == NULL)
+ if ((bio = BIO_new_file(dhfile, "r")) == NULL)
goto err;
- ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
+ ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
err:
- if (bio != NULL) BIO_free(bio);
- return(ret);
- }
+ if (bio != NULL)
+ BIO_free(bio);
+ return (ret);
+}
#endif
#ifndef OPENSSL_NO_KRB5
- char *client_princ;
+char *client_princ;
#endif
#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
- {
+static int
+load_CA(SSL_CTX * ctx, char *file)
+{
FILE *in;
- X509 *x=NULL;
+ X509 *x = NULL;
- if ((in=fopen(file,"r")) == NULL)
- return(0);
+ if ((in = fopen(file, "r")) == NULL)
+ return (0);
- for (;;)
- {
- if (PEM_read_X509(in,&x,NULL) == NULL)
+ for (;;) {
+ if (PEM_read_X509(in, &x, NULL) == NULL)
break;
- SSL_CTX_add_client_CA(ctx,x);
- }
- if (x != NULL) X509_free(x);
- fclose(in);
- return(1);
+ SSL_CTX_add_client_CA(ctx, x);
}
+ if (x != NULL)
+ X509_free(x);
+ fclose(in);
+ return (1);
+}
#endif
-static int www_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
- int ret=1;
- int i,j,k,dot;
+static int
+www_body(char *hostname, int s, unsigned char *context)
+{
+ char *buf = NULL;
+ int ret = 1;
+ int i, j, k, dot;
SSL *con;
const SSL_CIPHER *c;
- BIO *io,*ssl_bio,*sbio;
+ BIO *io, *ssl_bio, *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
- buf=malloc(bufsize);
- if (buf == NULL) return(0);
- io=BIO_new(BIO_f_buffer());
- ssl_bio=BIO_new(BIO_f_ssl());
- if ((io == NULL) || (ssl_bio == NULL)) goto err;
+ buf = malloc(bufsize);
+ if (buf == NULL)
+ return (0);
+ io = BIO_new(BIO_f_buffer());
+ ssl_bio = BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL))
+ goto err;
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
+#ifdef FIONBIO
+ if (s_nbio) {
+ unsigned long sl = 1;
if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
+ BIO_printf(bio_err, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
ERR_print_errors(bio_err);
- }
+ }
#endif
/* lets make the output buffer a reasonable size */
- if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
+ if (!BIO_set_write_buffer_size(io, bufsize))
+ goto err;
- if ((con=SSL_new(ctx)) == NULL) goto err;
+ if ((con = SSL_new(ctx)) == NULL)
+ goto err;
#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
#endif
#ifndef OPENSSL_NO_KRB5
- if ((kctx = kssl_ctx_new()) != NULL)
- {
+ if ((kctx = kssl_ctx_new()) != NULL) {
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context) SSL_set_session_id_context(con, context,
- strlen((char *)context));
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if (context)
+ SSL_set_session_id_context(con, context,
+ strlen((char *) context));
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
- if (s_nbio_test)
- {
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
+ if (s_nbio_test) {
BIO *test;
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
- SSL_set_bio(con,sbio,sbio);
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
+ SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
- BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
- BIO_push(io,ssl_bio);
+ BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+ BIO_push(io, ssl_bio);
- if (s_debug)
- {
+ if (s_debug) {
SSL_set_debug(con, 1);
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
+ BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
+ }
+ if (s_msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_out);
- }
-
- for (;;)
- {
- if (hack)
- {
- i=SSL_accept(con);
+ }
+ for (;;) {
+ if (hack) {
+ i = SSL_accept(con);
#ifndef OPENSSL_NO_SRP
- while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
- {
- BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
- srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
- if (srp_callback_parm.user)
- BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
- else
- BIO_printf(bio_s_out,"LOOKUP not successful\n");
- i=SSL_accept(con);
- }
+ while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
+ srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ i = SSL_accept(con);
+ }
#endif
- switch (SSL_get_error(con,i))
- {
+ switch (SSL_get_error(con, i)) {
case SSL_ERROR_NONE:
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
case SSL_ERROR_ZERO_RETURN:
- ret=1;
+ ret = 1;
goto err;
/* break; */
- }
-
- SSL_renegotiate(con);
- SSL_write(con,NULL,0);
}
- i=BIO_gets(io,buf,bufsize-1);
- if (i < 0) /* error */
- {
- if (!BIO_should_retry(io))
- {
+ SSL_renegotiate(con);
+ SSL_write(con, NULL, 0);
+ }
+ i = BIO_gets(io, buf, bufsize - 1);
+ if (i < 0) { /* error */
+ if (!BIO_should_retry(io)) {
if (!s_quiet)
ERR_print_errors(bio_err);
goto err;
- }
- else
- {
- BIO_printf(bio_s_out,"read R BLOCK\n");
+ } else {
+ BIO_printf(bio_s_out, "read R BLOCK\n");
sleep(1);
continue;
- }
}
- else if (i == 0) /* end of input */
- {
- ret=1;
+ } else if (i == 0) { /* end of input */
+ ret = 1;
goto end;
- }
-
+ }
/* else we have data */
- if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
- ((www == 2) && (strncmp("GET /stats ",buf,11) == 0)))
- {
+ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+ ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
char *p;
X509 *peer;
- STACK_OF(SSL_CIPHER) *sk;
- static const char *space=" ";
+ STACK_OF(SSL_CIPHER) * sk;
+ static const char *space = " ";
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
- BIO_puts(io,"<pre>\n");
+ BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+ BIO_puts(io,
"<pre>\n");
/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
- BIO_puts(io,"\n");
- for (i=0; i<local_argc; i++)
- {
- BIO_puts(io,local_argv[i]);
- BIO_write(io," ",1);
- }
- BIO_puts(io,"\n");
+ BIO_puts(io, "\n");
+ for (i = 0; i < local_argc; i++) {
+ BIO_puts(io, local_argv[i]);
+ BIO_write(io, " ", 1);
+ }
+ BIO_puts(io, "\n");
BIO_printf(io,
- "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(con) ?
- "" : " NOT");
-
- /* The following is evil and should not really
- * be done */
- BIO_printf(io,"Ciphers supported in s_server binary\n");
- sk=SSL_get_ciphers(con);
- j=sk_SSL_CIPHER_num(sk);
- for (i=0; i<j; i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- BIO_printf(io,"%-11s:%-25s",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- if ((((i+1)%2) == 0) && (i+1 != j))
- BIO_puts(io,"\n");
- }
- BIO_puts(io,"\n");
- p=SSL_get_shared_ciphers(con,buf,bufsize);
- if (p != NULL)
- {
- BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(io,space,26-j);
+ "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ?
+ "" : " NOT");
+
+ /*
+ * The following is evil and should not really be
+ * done
+ */
+ BIO_printf(io, "Ciphers supported in s_server binary\n");
+ sk = SSL_get_ciphers(con);
+ j = sk_SSL_CIPHER_num(sk);
+ for (i = 0; i < j; i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ BIO_printf(io, "%-11s:%-25s",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ if ((((i + 1) % 2) == 0) && (i + 1 != j))
+ BIO_puts(io, "\n");
+ }
+ BIO_puts(io, "\n");
+ p = SSL_get_shared_ciphers(con, buf, bufsize);
+ if (p != NULL) {
+ BIO_printf(io, "---\nCiphers common between both SSL end points:\n");
+ j = i = 0;
+ while (*p) {
+ if (*p == ':') {
+ BIO_write(io, space, 26 - j);
i++;
- j=0;
- BIO_write(io,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(io,p,1);
+ j = 0;
+ BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+ } else {
+ BIO_write(io, p, 1);
j++;
- }
- p++;
}
- BIO_puts(io,"\n");
- }
- BIO_printf(io,(SSL_cache_hit(con)
- ?"---\nReused, "
- :"---\nNew, "));
- c=SSL_get_current_cipher(con);
- BIO_printf(io,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- SSL_SESSION_print(io,SSL_get_session(con));
- BIO_printf(io,"---\n");
- print_stats(io,SSL_get_SSL_CTX(con));
- BIO_printf(io,"---\n");
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(io,"Client certificate\n");
- X509_print(io,peer);
- PEM_write_bio_X509(io,peer);
+ p++;
}
- else
- BIO_puts(io,"no client certificate available\n");
- BIO_puts(io,"</BODY></HTML>\r\n\r\n");
+ BIO_puts(io, "\n");
+ }
+ BIO_printf(io, (SSL_cache_hit(con)
+ ? "---\nReused, "
+ : "---\nNew, "));
+ c = SSL_get_current_cipher(con);
+ BIO_printf(io, "%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ SSL_SESSION_print(io, SSL_get_session(con));
+ BIO_printf(io, "---\n");
+ print_stats(io, SSL_get_SSL_CTX(con));
+ BIO_printf(io, "---\n");
+ peer = SSL_get_peer_certificate(con);
+ if (peer != NULL) {
+ BIO_printf(io, "Client certificate\n");
+ X509_print(io, peer);
+ PEM_write_bio_X509(io, peer);
+ } else
+ BIO_puts(io, "no client certificate available\n");
+ BIO_puts(io, "</BODY></HTML>\r\n\r\n");
break;
- }
- else if ((www == 2 || www == 3)
- && (strncmp("GET /",buf,5) == 0))
- {
+ } else if ((www == 2 || www == 3)
+ && (strncmp("GET /", buf, 5) == 0)) {
BIO *file;
- char *p,*e;
- static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+ char *p, *e;
+ static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
- p= &(buf[5]);
+ p = &(buf[5]);
dot = 1;
- for (e=p; *e != '\0'; e++)
- {
+ for (e = p; *e != '\0'; e++) {
if (e[0] == ' ')
break;
- switch (dot)
- {
+ switch (dot) {
case 1:
dot = (e[0] == '.') ? 2 : 0;
break;
case 3:
dot = (e[0] == '/') ? -1 : 0;
break;
- }
+ }
if (dot == 0)
dot = (e[0] == '/') ? 1 : 0;
- }
- dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
+ }
+ dot = (dot == 3) || (dot == -1); /* filename contains
+ * ".." component */
- if (*e == '\0')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+ if (*e == '\0') {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is an invalid file name\r\n", p);
break;
- }
- *e='\0';
+ }
+ *e = '\0';
- if (dot)
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+ if (dot) {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' contains '..' reference\r\n", p);
break;
- }
-
- if (*p == '/')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid path\r\n",p);
+ }
+ if (*p == '/') {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is an invalid path\r\n", p);
break;
- }
-
+ }
#if 0
/* append if a directory lookup */
if (e[-1] == '/')
- strcat(p,"index.html");
+ strcat(p, "index.html");
#endif
/* if a directory, do the index thang */
- if (app_isdir(p)>0)
- {
-#if 0 /* must check buffer size */
- strcat(p,"/index.html");
+ if (app_isdir(p) > 0) {
+#if 0 /* must check buffer size */
+ strcat(p, "/index.html");
#else
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is a directory\r\n",p);
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is a directory\r\n", p);
break;
#endif
- }
-
- if ((file=BIO_new_file(p,"r")) == NULL)
- {
- BIO_puts(io,text);
- BIO_printf(io,"Error opening '%s'\r\n",p);
+ }
+ if ((file = BIO_new_file(p, "r")) == NULL) {
+ BIO_puts(io, text);
+ BIO_printf(io, "Error opening '%s'\r\n", p);
ERR_print_errors(io);
break;
- }
-
+ }
if (!s_quiet)
- BIO_printf(bio_err,"FILE:%s\n",p);
-
- if (www == 2)
- {
- i=strlen(p);
- if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- else
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
- }
+ BIO_printf(bio_err, "FILE:%s\n", p);
+
+ if (www == 2) {
+ i = strlen(p);
+ if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+ BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ else
+ BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ }
/* send the file */
- for (;;)
- {
- i=BIO_read(file,buf,bufsize);
- if (i <= 0) break;
+ for (;;) {
+ i = BIO_read(file, buf, bufsize);
+ if (i <= 0)
+ break;
#ifdef RENEG
- total_bytes+=i;
- fprintf(stderr,"%d\n",i);
- if (total_bytes > 3*1024)
- {
- total_bytes=0;
- fprintf(stderr,"RENEGOTIATE\n");
+ total_bytes += i;
+ fprintf(stderr, "%d\n", i);
+ if (total_bytes > 3 * 1024) {
+ total_bytes = 0;
+ fprintf(stderr, "RENEGOTIATE\n");
SSL_renegotiate(con);
- }
+ }
#endif
- for (j=0; j<i; )
- {
+ for (j = 0; j < i;) {
#ifdef RENEG
-{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
+ {
+ static count = 0;
+ if (++count == 13) {
+ SSL_renegotiate(con);
+ }
+ }
#endif
- k=BIO_write(io,&(buf[j]),i-j);
- if (k <= 0)
- {
+ k = BIO_write(io, &(buf[j]), i - j);
+ if (k <= 0) {
if (!BIO_should_retry(io))
goto write_error;
- else
- {
- BIO_printf(bio_s_out,"rwrite W BLOCK\n");
- }
- }
- else
- {
- j+=k;
+ else {
+ BIO_printf(bio_s_out, "rwrite W BLOCK\n");
}
+ } else {
+ j += k;
}
}
-write_error:
+ }
+ write_error:
BIO_free(file);
break;
- }
}
+ }
- for (;;)
- {
- i=(int)BIO_flush(io);
- if (i <= 0)
- {
+ for (;;) {
+ i = (int) BIO_flush(io);
+ if (i <= 0) {
if (!BIO_should_retry(io))
break;
- }
- else
+ } else
break;
- }
+ }
end:
#if 1
/* make sure we re-use sessions */
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
/* This kills performance */
/* SSL_shutdown(con); A shutdown gets sent in the
err:
if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
+ BIO_printf(bio_s_out, "ACCEPT\n");
- if (buf != NULL) free(buf);
- if (io != NULL) BIO_free_all(io);
+ if (buf != NULL)
+ free(buf);
+ if (io != NULL)
+ BIO_free_all(io);
/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
- return(ret);
- }
+ return (ret);
+}
#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
+static RSA *
+tmp_rsa_cb(SSL * s, int is_export, int keylength)
+{
BIGNUM *bn = NULL;
- static RSA *rsa_tmp=NULL;
+ static RSA *rsa_tmp = NULL;
if (!rsa_tmp && ((bn = BN_new()) == NULL))
- BIO_printf(bio_err,"Allocation error in generating RSA key\n");
- if (!rsa_tmp && bn)
- {
- if (!s_quiet)
- {
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- }
- if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
- !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
- {
- if(rsa_tmp) RSA_free(rsa_tmp);
+ BIO_printf(bio_err, "Allocation error in generating RSA key\n");
+ if (!rsa_tmp && bn) {
+ if (!s_quiet) {
+ BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
+ (void) BIO_flush(bio_err);
+ }
+ if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+ !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
+ if (rsa_tmp)
+ RSA_free(rsa_tmp);
rsa_tmp = NULL;
- }
- if (!s_quiet)
- {
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- BN_free(bn);
}
- return(rsa_tmp);
+ if (!s_quiet) {
+ BIO_printf(bio_err, "\n");
+ (void) BIO_flush(bio_err);
+ }
+ BN_free(bn);
}
+ return (rsa_tmp);
+}
#endif
#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
- {
+static int
+generate_session_id(const SSL * ssl, unsigned char *id,
+ unsigned int *id_len)
+{
unsigned int count = 0;
- do {
+ do {
RAND_pseudo_bytes(id, *id_len);
- /* Prefix the session_id with the required prefix. NB: If our
- * prefix is too long, clip it - but there will be worse effects
- * anyway, eg. the server could only possibly create 1 session
- * ID (ie. the prefix!) so all future session negotiations will
- * fail due to conflicts. */
+ /*
+ * Prefix the session_id with the required prefix. NB: If our
+ * prefix is too long, clip it - but there will be worse
+ * effects anyway, eg. the server could only possibly create
+ * 1 session ID (ie. the prefix!) so all future session
+ * negotiations will fail due to conflicts.
+ */
memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
- }
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
- if(count >= MAX_SESSION_ID_ATTEMPTS)
+ (strlen(session_id_prefix) < *id_len) ?
+ strlen(session_id_prefix) : *id_len);
+ }
+ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++count < MAX_SESSION_ID_ATTEMPTS));
+ if (count >= MAX_SESSION_ID_ATTEMPTS)
return 0;
return 1;
- }
+}
}
return (0);
}
-
for (ai = ai_top; ai != NULL; ai = ai->ai_next) {
s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (s == -1) {
if (type == SOCK_STREAM) {
i = 0;
i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
- (char *)&i, sizeof(i));
+ (char *) &i, sizeof(i));
if (i < 0) {
perror("keepalive");
return (0);
freeaddrinfo(ai_top);
return (1);
}
-
close(s);
}
int
do_server(int port, int type, int *ret,
- int (*cb)(char *hostname, int s, unsigned char *context),
+ int (*cb) (char *hostname, int s, unsigned char *context),
unsigned char *context)
{
int sock;
if (ret != NULL) {
*ret = accept_socket;
- /* return(1);*/
+ /* return(1); */
}
for (;;) {
if (type == SOCK_STREAM) {
}
} else
sock = accept_socket;
- i = (*cb)(name, sock, context);
+ i = (*cb) (name, sock, context);
if (name != NULL)
free(name);
if (type == SOCK_STREAM) {
if (!ssl_sock_init())
return (0);
- memset((char *)&server, 0,sizeof(server));
+ memset((char *) &server, 0, sizeof(server));
server.sin_family = AF_INET;
- server.sin_port = htons((unsigned short)port);
+ server.sin_port = htons((unsigned short) port);
if (ip == NULL)
server.sin_addr.s_addr = INADDR_ANY;
else
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr, ip, 4);
+ memcpy(&server.sin_addr.s_addr, ip, 4);
#else
- memcpy(&server.sin_addr, ip, 4);
+ memcpy(&server.sin_addr, ip, 4);
#endif
if (type == SOCK_STREAM)
s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
+ else /* type == SOCK_DGRAM */
s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (s == -1)
(void *) &j, sizeof j);
}
#endif
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+ if (bind(s, (struct sockaddr *) & server, sizeof(server)) == -1) {
perror("bind");
goto err;
}
redoit:
- memset((char *)&from, 0, sizeof(from));
+ memset((char *) &from, 0, sizeof(from));
len = sizeof(from);
- /* Note: under VMS with SOCKETSHR the fourth parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
+ /*
+ * Note: under VMS with SOCKETSHR the fourth parameter is currently
+ * of type (int *) whereas under other systems it is (void *) if you
+ * don't have a cast it will choke the compiler: if you do have a
+ * cast then you can either go for (int *) or (void *).
*/
- ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+ ret = accept(acc_sock, (struct sockaddr *) & from, (void *) &len);
if (ret == -1) {
if (errno == EINTR) {
- /*check_timeout(); */
+ /* check_timeout(); */
goto redoit;
}
- fprintf(stderr,"errno=%d ",errno);
+ fprintf(stderr, "errno=%d ", errno);
perror("accept");
return (0);
}
-
/*
ling.l_onoff=1;
ling.l_linger=0;
goto end;
#ifndef BIT_FIELD_LIMITS
/* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+ h1 = gethostbyaddr((char *) &from.sin_addr.s_addr,
sizeof(from.sin_addr.s_addr), AF_INET);
#else
- h1 = gethostbyaddr((char *)&from.sin_addr,
+ h1 = gethostbyaddr((char *) &from.sin_addr,
sizeof(struct in_addr), AF_INET);
#endif
if (h1 == NULL) {
*host = NULL;
/* return(0); */
} else {
- if ((*host = (char *)malloc(strlen(h1->h_name) + 1)) == NULL) {
+ if ((*host = (char *) malloc(strlen(h1->h_name) + 1)) == NULL) {
perror("malloc");
return (0);
}
char *h, *p;
h = str;
- p = strrchr(str, '/'); /* IPv6 host/port */
+ p = strrchr(str, '/'); /* IPv6 host/port */
if (p == NULL) {
p = strrchr(str, ':');
}
i = atoi(str);
if (i != 0)
- *port_ptr = (unsigned short)i;
+ *port_ptr = (unsigned short) i;
else {
s = getservbyname(str, "tcp");
if (s == NULL) {
BIO_printf(bio_err, "getservbyname failure for %s\n", str);
return (0);
}
- *port_ptr = ntohs((unsigned short)s->s_port);
+ *port_ptr = ntohs((unsigned short) s->s_port);
}
return (1);
}
static unsigned long ghbn_miss = 0L;
static struct hostent *
-GetHostByName(char *name) {
+GetHostByName(char *name)
+{
struct hostent *ret;
int i, lowi = 0;
- unsigned long low = (unsigned long) - 1;
+ unsigned long low = (unsigned long) -1;
for (i = 0; i < GHBN_NUM; i++) {
if (low > ghbn_cache[i].order) {
break;
}
}
- if (i == GHBN_NUM) /* no hit*/
- {
+ if (i == GHBN_NUM) { /* no hit */
ghbn_miss++;
ret = gethostbyname(name);
if (ret == NULL)
/* else add to cache */
if (strlen(name) < sizeof ghbn_cache[0].name) {
strlcpy(ghbn_cache[lowi].name, name, sizeof(ghbn_cache[0].name));
- memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent));
+ memcpy((char *) &(ghbn_cache[lowi].ent), ret, sizeof(struct hostent));
ghbn_cache[lowi].order = ghbn_miss + ghbn_hits;
}
return (ret);
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define SSL_CONNECT_NAME "localhost:4433"
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
+ /*#define TEST_CERT "client.pem" *//* no default cert. */
#undef BUFSIZZ
#define BUFSIZZ 1024*10
extern int verify_error;
static void s_time_usage(void);
-static int parseArgs( int argc, char **argv );
-static SSL *doConnection( SSL *scon );
+static int parseArgs(int argc, char **argv);
+static SSL *doConnection(SSL * scon);
static void s_time_init(void);
/***********************************************************************
*/
/* static char *port=PORT_STR;*/
-static char *host=SSL_CONNECT_NAME;
-static char *t_cert_file=NULL;
-static char *t_key_file=NULL;
-static char *CApath=NULL;
-static char *CAfile=NULL;
-static char *tm_cipher=NULL;
+static char *host = SSL_CONNECT_NAME;
+static char *t_cert_file = NULL;
+static char *t_key_file = NULL;
+static char *CApath = NULL;
+static char *CAfile = NULL;
+static char *tm_cipher = NULL;
static int tm_verify = SSL_VERIFY_NONE;
static int maxTime = SECONDS;
-static SSL_CTX *tm_ctx=NULL;
-static const SSL_METHOD *s_time_meth=NULL;
-static char *s_www_path=NULL;
-static long bytes_read=0;
-static int st_bugs=0;
-static int perform=0;
+static SSL_CTX *tm_ctx = NULL;
+static const SSL_METHOD *s_time_meth = NULL;
+static char *s_www_path = NULL;
+static long bytes_read = 0;
+static int st_bugs = 0;
+static int perform = 0;
#ifdef FIONBIO
-static int t_nbio=0;
+static int t_nbio = 0;
#endif
-static void s_time_init(void)
- {
- host=SSL_CONNECT_NAME;
- t_cert_file=NULL;
- t_key_file=NULL;
- CApath=NULL;
- CAfile=NULL;
- tm_cipher=NULL;
+static void
+s_time_init(void)
+{
+ host = SSL_CONNECT_NAME;
+ t_cert_file = NULL;
+ t_key_file = NULL;
+ CApath = NULL;
+ CAfile = NULL;
+ tm_cipher = NULL;
tm_verify = SSL_VERIFY_NONE;
maxTime = SECONDS;
- tm_ctx=NULL;
- s_time_meth=NULL;
- s_www_path=NULL;
- bytes_read=0;
- st_bugs=0;
- perform=0;
+ tm_ctx = NULL;
+ s_time_meth = NULL;
+ s_www_path = NULL;
+ bytes_read = 0;
+ st_bugs = 0;
+ perform = 0;
#ifdef FIONBIO
- t_nbio=0;
+ t_nbio = 0;
#endif
- }
+}
/***********************************************************************
* usage - display usage message
*/
-static void s_time_usage(void)
+static void
+s_time_usage(void)
{
static const char umsg[] = "\
-time arg - max number of seconds to collect data, default %d\n\
-CAfile arg - PEM format file of CA's\n\
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
- printf( "usage: s_time <args>\n\n" );
+ printf("usage: s_time <args>\n\n");
- printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+ printf("-connect host:port - host:port to connect to (default is %s)\n", SSL_CONNECT_NAME);
#ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n");
printf("-ssl2 - Just use SSLv2\n");
printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n");
#endif
- printf( umsg,SECONDS );
+ printf(umsg, SECONDS);
}
/***********************************************************************
*
* Returns 0 if ok, -1 on bad args
*/
-static int parseArgs(int argc, char **argv)
+static int
+parseArgs(int argc, char **argv)
{
- int badop = 0;
+ int badop = 0;
- verify_depth=0;
- verify_error=X509_V_OK;
+ verify_depth = 0;
+ verify_error = X509_V_OK;
- argc--;
- argv++;
+ argc--;
+ argv++;
- while (argc >= 1) {
- if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
+ while (argc >= 1) {
+ if (strcmp(*argv, "-connect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
}
#if 0
- else if( strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if( strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port= *(++argv);
+ else if (strcmp(*argv, "-host") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
+ } else if (strcmp(*argv, "-port") == 0) {
+ if (--argc < 1)
+ goto bad;
+ port = *(++argv);
}
#endif
- else if (strcmp(*argv,"-reuse") == 0)
- perform=2;
- else if (strcmp(*argv,"-new") == 0)
- perform=1;
- else if( strcmp(*argv,"-verify") == 0) {
+ else if (strcmp(*argv, "-reuse") == 0)
+ perform = 2;
+ else if (strcmp(*argv, "-new") == 0)
+ perform = 1;
+ else if (strcmp(*argv, "-verify") == 0) {
- tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
- } else if( strcmp(*argv,"-cert") == 0) {
+ } else if (strcmp(*argv, "-cert") == 0) {
- if (--argc < 1) goto bad;
- t_cert_file= *(++argv);
+ if (--argc < 1)
+ goto bad;
+ t_cert_file = *(++argv);
- } else if( strcmp(*argv,"-key") == 0) {
+ } else if (strcmp(*argv, "-key") == 0) {
- if (--argc < 1) goto bad;
- t_key_file= *(++argv);
+ if (--argc < 1)
+ goto bad;
+ t_key_file = *(++argv);
- } else if( strcmp(*argv,"-CApath") == 0) {
+ } else if (strcmp(*argv, "-CApath") == 0) {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
- } else if( strcmp(*argv,"-CAfile") == 0) {
+ } else if (strcmp(*argv, "-CAfile") == 0) {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
- } else if( strcmp(*argv,"-cipher") == 0) {
+ } else if (strcmp(*argv, "-cipher") == 0) {
- if (--argc < 1) goto bad;
- tm_cipher= *(++argv);
- }
+ if (--argc < 1)
+ goto bad;
+ tm_cipher = *(++argv);
+ }
#ifdef FIONBIO
- else if(strcmp(*argv,"-nbio") == 0) {
- t_nbio=1;
- }
+ else if (strcmp(*argv, "-nbio") == 0) {
+ t_nbio = 1;
+ }
#endif
- else if(strcmp(*argv,"-www") == 0)
- {
- if (--argc < 1) goto bad;
- s_www_path= *(++argv);
- if(strlen(s_www_path) > MYBUFSIZ-100)
- {
- BIO_printf(bio_err,"-www option too long\n");
- badop=1;
+ else if (strcmp(*argv, "-www") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_www_path = *(++argv);
+ if (strlen(s_www_path) > MYBUFSIZ - 100) {
+ BIO_printf(bio_err, "-www option too long\n");
+ badop = 1;
}
+ } else if (strcmp(*argv, "-bugs") == 0)
+ st_bugs = 1;
+ else if (strcmp(*argv, "-ssl3") == 0)
+ s_time_meth = SSLv3_client_method();
+ else if (strcmp(*argv, "-time") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ maxTime = atoi(*(++argv));
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
}
- else if(strcmp(*argv,"-bugs") == 0)
- st_bugs=1;
- else if(strcmp(*argv,"-ssl3") == 0)
- s_time_meth=SSLv3_client_method();
- else if( strcmp(*argv,"-time") == 0) {
-
- if (--argc < 1) goto bad;
- maxTime= atoi(*(++argv));
- }
- else {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
+ argc--;
+ argv++;
+ }
- if (perform == 0) perform=3;
+ if (perform == 0)
+ perform = 3;
- if(badop) {
+ if (badop) {
bad:
s_time_usage();
return -1;
- }
-
- return 0; /* Valid args */
+ }
+ return 0; /* Valid args */
}
/***********************************************************************
#define START 0
#define STOP 1
-static double tm_Time_F(int s)
- {
- return app_tminterval(s,1);
- }
+static double
+tm_Time_F(int s)
+{
+ return app_tminterval(s, 1);
+}
/***********************************************************************
* MAIN - main processing area for client
*/
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
double totalTime = 0.0;
int nConn = 0;
- SSL *scon=NULL;
- long finishtime=0;
- int ret=1,i;
- char buf[1024*8];
+ SSL *scon = NULL;
+ long finishtime = 0;
+ int ret = 1, i;
+ char buf[1024 * 8];
int ver;
apps_startup();
s_time_init();
if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
- s_time_meth=SSLv23_client_method();
+ s_time_meth = SSLv23_client_method();
/* parse the command line arguments */
- if( parseArgs( argc, argv ) < 0 )
+ if (parseArgs(argc, argv) < 0)
goto end;
OpenSSL_add_ssl_algorithms();
- if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+ if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
+ return (1);
- SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+ SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
- if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
- SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
- if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
+ if (st_bugs)
+ SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
+ SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+ if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
goto end;
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify
+ * locations\n");
+ */
ERR_print_errors(bio_err);
/* goto end; */
- }
-
+ }
if (tm_cipher == NULL)
tm_cipher = getenv("SSL_CIPHER");
- if (tm_cipher == NULL ) {
- fprintf( stderr, "No CIPHER specified\n" );
+ if (tm_cipher == NULL) {
+ fprintf(stderr, "No CIPHER specified\n");
}
-
- if (!(perform & 1)) goto next;
- printf( "Collecting connection statistics for %d seconds\n", maxTime );
+ if (!(perform & 1))
+ goto next;
+ printf("Collecting connection statistics for %d seconds\n", maxTime);
/* Loop and time how long it takes to make connections */
- bytes_read=0;
- finishtime=(long)time(NULL)+maxTime;
+ bytes_read = 0;
+ finishtime = (long) time(NULL) + maxTime;
tm_Time_F(START);
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
+ for (;;) {
+ if (finishtime < (long) time(NULL))
+ break;
#ifdef WIN32_STUFF
- if( flushWinMsgs(0) == -1 )
+ if (flushWinMsgs(0) == -1)
goto end;
- if( waitingToDie || exitNow ) /* we're dead */
+ if (waitingToDie || exitNow) /* we're dead */
goto end;
#endif
- if( (scon = doConnection( NULL )) == NULL )
+ if ((scon = doConnection(NULL)) == NULL)
goto end;
- if (s_www_path != NULL)
- {
- (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
+ if (s_www_path != NULL) {
+ (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+ bytes_read += i;
+ }
#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
nConn += 1;
if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
+ ver = 'r';
+ else {
+ ver = SSL_version(scon);
if (ver == TLS1_VERSION)
- ver='t';
+ ver = 't';
else if (ver == SSL3_VERSION)
- ver='3';
+ ver = '3';
else if (ver == SSL2_VERSION)
- ver='2';
+ ver = '2';
else
- ver='*';
- }
- fputc(ver,stdout);
+ ver = '*';
+ }
+ fputc(ver, stdout);
fflush(stdout);
- SSL_free( scon );
- scon=NULL;
- }
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+ SSL_free(scon);
+ scon = NULL;
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
- i=(int)((long)time(NULL)-finishtime+maxTime);
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+ i = (int) ((long) time(NULL) - finishtime + maxTime);
+ printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
+ printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
- /* Now loop and time connections using the same session id over and over */
+ /*
+ * Now loop and time connections using the same session id over and
+ * over
+ */
next:
- if (!(perform & 2)) goto end;
- printf( "\n\nNow timing with session id reuse.\n" );
+ if (!(perform & 2))
+ goto end;
+ printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */
- if( (scon = doConnection( NULL )) == NULL )
- {
- fprintf( stderr, "Unable to get connection\n" );
+ if ((scon = doConnection(NULL)) == NULL) {
+ fprintf(stderr, "Unable to get connection\n");
goto end;
- }
-
- if (s_www_path != NULL)
- {
- (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while (SSL_read(scon,buf,sizeof(buf)) > 0)
- ;
- }
+ }
+ if (s_www_path != NULL) {
+ (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while (SSL_read(scon, buf, sizeof(buf)) > 0);
+ }
#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
nConn = 0;
totalTime = 0.0;
- finishtime=(long)time(NULL)+maxTime;
+ finishtime = (long) time(NULL) + maxTime;
- printf( "starting\n" );
- bytes_read=0;
+ printf("starting\n");
+ bytes_read = 0;
tm_Time_F(START);
-
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
+
+ for (;;) {
+ if (finishtime < (long) time(NULL))
+ break;
#ifdef WIN32_STUFF
- if( flushWinMsgs(0) == -1 )
+ if (flushWinMsgs(0) == -1)
goto end;
- if( waitingToDie || exitNow ) /* we're dead */
+ if (waitingToDie || exitNow) /* we're dead */
goto end;
#endif
- if( (doConnection( scon )) == NULL )
+ if ((doConnection(scon)) == NULL)
goto end;
- if (s_www_path)
- {
- (void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
+ if (s_www_path) {
+ (void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+ bytes_read += i;
+ }
#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
shutdown(SSL_get_fd(scon), SHUT_RDWR);
close(SSL_get_fd(scon));
-
+
nConn += 1;
if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
+ ver = 'r';
+ else {
+ ver = SSL_version(scon);
if (ver == TLS1_VERSION)
- ver='t';
+ ver = 't';
else if (ver == SSL3_VERSION)
- ver='3';
+ ver = '3';
else if (ver == SSL2_VERSION)
- ver='2';
+ ver = '2';
else
- ver='*';
- }
- fputc(ver,stdout);
- fflush(stdout);
+ ver = '*';
}
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+ fputc(ver, stdout);
+ fflush(stdout);
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+ printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
+ printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
- ret=0;
+ ret = 0;
end:
- if (scon != NULL) SSL_free(scon);
+ if (scon != NULL)
+ SSL_free(scon);
- if (tm_ctx != NULL)
- {
+ if (tm_ctx != NULL) {
SSL_CTX_free(tm_ctx);
- tm_ctx=NULL;
- }
- apps_shutdown();
- return(ret);
+ tm_ctx = NULL;
}
+ apps_shutdown();
+ return (ret);
+}
/***********************************************************************
* doConnection - make a connection
* Returns:
* SSL * = the connection pointer.
*/
-static SSL *doConnection(SSL *scon)
- {
+static SSL *
+doConnection(SSL * scon)
+{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
- if ((conn=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
+ if ((conn = BIO_new(BIO_s_connect())) == NULL)
+ return (NULL);
/* BIO_set_conn_port(conn,port);*/
- BIO_set_conn_hostname(conn,host);
+ BIO_set_conn_hostname(conn, host);
if (scon == NULL)
- serverCon=SSL_new(tm_ctx);
- else
- {
- serverCon=scon;
+ serverCon = SSL_new(tm_ctx);
+ else {
+ serverCon = scon;
SSL_set_connect_state(serverCon);
- }
+ }
- SSL_set_bio(serverCon,conn,conn);
+ SSL_set_bio(serverCon, conn, conn);
#if 0
- if( scon != NULL )
- SSL_set_session(serverCon,SSL_get_session(scon));
+ if (scon != NULL)
+ SSL_set_session(serverCon, SSL_get_session(scon));
#endif
/* ok, lets connect */
- for(;;) {
- i=SSL_connect(serverCon);
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_err,"DELAY\n");
-
- i=SSL_get_fd(serverCon);
- width=i+1;
+ for (;;) {
+ i = SSL_connect(serverCon);
+ if (BIO_sock_should_retry(i)) {
+ BIO_printf(bio_err, "DELAY\n");
+
+ i = SSL_get_fd(serverCon);
+ width = i + 1;
FD_ZERO(&readfds);
- openssl_fdset(i,&readfds);
- /* Note: under VMS with SOCKETSHR the 2nd parameter
+ openssl_fdset(i, &readfds);
+ /*
+ * Note: under VMS with SOCKETSHR the 2nd parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
+ * will choke the compiler: if you do have a cast
+ * then you can either go for (int *) or (void *).
*/
- select(width,(void *)&readfds,NULL,NULL,NULL);
+ select(width, (void *) &readfds, NULL, NULL, NULL);
continue;
- }
- break;
}
- if(i <= 0)
- {
- BIO_printf(bio_err,"ERROR\n");
+ break;
+ }
+ if (i <= 0) {
+ BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK)
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
+ BIO_printf(bio_err, "verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
- }
-
- return serverCon;
}
-
-
+ return serverCon;
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#undef PROG
#define PROG sess_id_main
-static const char *sess_id_usage[]={
-"usage: sess_id args\n",
-"\n",
-" -inform arg - input format - default PEM (DER or PEM)\n",
-" -outform arg - output format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -text - print ssl session id details\n",
-" -cert - output certificate \n",
-" -noout - no CRL output\n",
-" -context arg - set the session ID context\n",
-NULL
+static const char *sess_id_usage[] = {
+ "usage: sess_id args\n",
+ "\n",
+ " -inform arg - input format - default PEM (DER or PEM)\n",
+ " -outform arg - output format - default PEM\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -text - print ssl session id details\n",
+ " -cert - output certificate \n",
+ " -noout - no CRL output\n",
+ " -context arg - set the session ID context\n",
+ NULL
};
static SSL_SESSION *load_sess_id(char *file, int format);
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- SSL_SESSION *x=NULL;
+int
+MAIN(int argc, char **argv)
+{
+ SSL_SESSION *x = NULL;
X509 *peer = NULL;
- int ret=1,i,num,badops=0;
- BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL,*context=NULL;
- int cert=0,noout=0,text=0;
+ int ret = 1, i, num, badops = 0;
+ BIO *out = NULL;
+ int informat, outformat;
+ char *infile = NULL, *outfile = NULL, *context = NULL;
+ int cert = 0, noout = 0, text = 0;
const char **pp;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
argc--;
argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-cert") == 0)
- cert= ++num;
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-context") == 0)
- {
- if(--argc < 1) goto bad;
- context=*++argv;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ num = 0;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-text") == 0)
+ text = ++num;
+ else if (strcmp(*argv, "-cert") == 0)
+ cert = ++num;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = ++num;
+ else if (strcmp(*argv, "-context") == 0) {
+ if (--argc < 1)
+ goto bad;
+ context = *++argv;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- for (pp=sess_id_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
+ for (pp = sess_id_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
goto end;
- }
-
+ }
ERR_load_crypto_strings();
- x=load_sess_id(infile,informat);
- if (x == NULL) { goto end; }
+ x = load_sess_id(infile, informat);
+ if (x == NULL) {
+ goto end;
+ }
peer = SSL_SESSION_get0_peer(x);
- if(context)
- {
- size_t ctx_len = strlen(context);
- if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
- {
- BIO_printf(bio_err,"Context too long\n");
- goto end;
+ if (context) {
+ size_t ctx_len = strlen(context);
+ if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ BIO_printf(bio_err, "Context too long\n");
+ goto end;
}
- SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
- }
-
+ SSL_SESSION_set1_id_context(x, (unsigned char *) context, ctx_len);
+ }
#ifdef undef
/* just testing for memory leaks :-) */
{
- SSL_SESSION *s;
- char buf[1024*10],*p;
- int i;
+ SSL_SESSION *s;
+ char buf[1024 * 10], *p;
+ int i;
- s=SSL_SESSION_new();
+ s = SSL_SESSION_new();
- p= &buf;
- i=i2d_SSL_SESSION(x,&p);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- SSL_SESSION_free(s);
+ p = &buf;
+ i = i2d_SSL_SESSION(x, &p);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long) i);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long) i);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long) i);
+ SSL_SESSION_free(s);
}
#endif
- if (!noout || text)
- {
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
+ if (!noout || text) {
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
- }
}
}
+ }
+ if (text) {
+ SSL_SESSION_print(out, x);
- if (text)
- {
- SSL_SESSION_print(out,x);
-
- if (cert)
- {
+ if (cert) {
if (peer == NULL)
- BIO_puts(out,"No certificate present\n");
+ BIO_puts(out, "No certificate present\n");
else
- X509_print(out,peer);
- }
+ X509_print(out, peer);
}
-
- if (!noout && !cert)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_SSL_SESSION_bio(out,x);
+ }
+ if (!noout && !cert) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_SSL_SESSION_bio(out, x);
else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_SSL_SESSION(out,x);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ i = PEM_write_bio_SSL_SESSION(out, x);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
+ }
if (!i) {
- BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+ BIO_printf(bio_err, "unable to write SSL_SESSION\n");
goto end;
- }
}
- else if (!noout && (peer != NULL)) /* just print the certificate */
- {
- if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_bio(out,peer);
+ } else if (!noout && (peer != NULL)) { /* just print the certificate */
+ if (outformat == FORMAT_ASN1)
+ i = (int) i2d_X509_bio(out, peer);
else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,peer);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ i = PEM_write_bio_X509(out, peer);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
+ }
if (!i) {
- BIO_printf(bio_err,"unable to write X509\n");
+ BIO_printf(bio_err, "unable to write X509\n");
goto end;
- }
}
- ret=0;
+ }
+ ret = 0;
end:
- if (out != NULL) BIO_free_all(out);
- if (x != NULL) SSL_SESSION_free(x);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (x != NULL)
+ SSL_SESSION_free(x);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
-static SSL_SESSION *load_sess_id(char *infile, int format)
- {
- SSL_SESSION *x=NULL;
- BIO *in=NULL;
+static SSL_SESSION *
+load_sess_id(char *infile, int format)
+{
+ SSL_SESSION *x = NULL;
+ BIO *in = NULL;
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
- }
}
- if (format == FORMAT_ASN1)
- x=d2i_SSL_SESSION_bio(in,NULL);
+ }
+ if (format == FORMAT_ASN1)
+ x = d2i_SSL_SESSION_bio(in, NULL);
else if (format == FORMAT_PEM)
- x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
+ x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
- }
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+ }
+ if (x == NULL) {
+ BIO_printf(bio_err, "unable to load SSL_SESSION\n");
ERR_print_errors(bio_err);
goto end;
- }
-
-end:
- if (in != NULL) BIO_free(in);
- return(x);
}
-
+end:
+ if (in != NULL)
+ BIO_free(in);
+ return (x);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#undef PROG
#define PROG smime_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
+static int save_certs(char *signerfile, STACK_OF(X509) * signers);
+static int smime_cb(int ok, X509_STORE_CTX * ctx);
#define SMIME_OP 0x10
#define SMIME_IP 0x20
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
- STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+ STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
+ STACK_OF(X509) * encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
int flags = PKCS7_DETACHED;
int indef = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int keyform = FORMAT_PEM;
+ int keyform = FORMAT_PEM;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
X509_VERIFY_PARAM *vpm = NULL;
apps_startup();
- if (bio_err == NULL)
- {
+ if (bio_err == NULL) {
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
- }
-
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ }
if (!load_config(bio_err, NULL))
goto end;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp (*args, "-encrypt"))
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-encrypt"))
operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt"))
+ else if (!strcmp(*args, "-decrypt"))
operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign"))
+ else if (!strcmp(*args, "-sign"))
operation = SMIME_SIGN;
- else if (!strcmp (*args, "-resign"))
+ else if (!strcmp(*args, "-resign"))
operation = SMIME_RESIGN;
- else if (!strcmp (*args, "-verify"))
+ else if (!strcmp(*args, "-verify"))
operation = SMIME_VERIFY;
- else if (!strcmp (*args, "-pk7out"))
+ else if (!strcmp(*args, "-pk7out"))
operation = SMIME_PK7OUT;
#ifndef OPENSSL_NO_DES
- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
+ else if (!strcmp(*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp(*args, "-des"))
+ cipher = EVP_des_cbc();
#endif
#ifndef OPENSSL_NO_SEED
- else if (!strcmp (*args, "-seed"))
- cipher = EVP_seed_cbc();
+ else if (!strcmp(*args, "-seed"))
+ cipher = EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
+ else if (!strcmp(*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp(*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp(*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
#endif
#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256"))
- cipher = EVP_aes_256_cbc();
+ else if (!strcmp(*args, "-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ cipher = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128"))
- cipher = EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192"))
- cipher = EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256"))
- cipher = EVP_camellia_256_cbc();
+ else if (!strcmp(*args, "-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ cipher = EVP_camellia_256_cbc();
#endif
- else if (!strcmp (*args, "-text"))
- flags |= PKCS7_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= PKCS7_NOINTERN;
- else if (!strcmp (*args, "-noverify"))
- flags |= PKCS7_NOVERIFY;
- else if (!strcmp (*args, "-nochain"))
- flags |= PKCS7_NOCHAIN;
- else if (!strcmp (*args, "-nocerts"))
- flags |= PKCS7_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= PKCS7_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~PKCS7_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= PKCS7_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= PKCS7_BINARY;
- else if (!strcmp (*args, "-nosigs"))
- flags |= PKCS7_NOSIGS;
- else if (!strcmp (*args, "-stream"))
- indef = 1;
- else if (!strcmp (*args, "-indef"))
- indef = 1;
- else if (!strcmp (*args, "-noindef"))
- indef = 0;
- else if (!strcmp (*args, "-nooldmime"))
- flags |= PKCS7_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
- flags |= PKCS7_CRLFEOL;
- else if (!strcmp(*args,"-rand"))
- {
+ else if (!strcmp(*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp(*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp(*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp(*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp(*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp(*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp(*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp(*args, "-nosmimecap"))
+ flags |= PKCS7_NOSMIMECAP;
+ else if (!strcmp(*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp(*args, "-nosigs"))
+ flags |= PKCS7_NOSIGS;
+ else if (!strcmp(*args, "-stream"))
+ indef = 1;
+ else if (!strcmp(*args, "-indef"))
+ indef = 1;
+ else if (!strcmp(*args, "-noindef"))
+ indef = 0;
+ else if (!strcmp(*args, "-nooldmime"))
+ flags |= PKCS7_NOOLDMIMETYPE;
+ else if (!strcmp(*args, "-crlfeol"))
+ flags |= PKCS7_CRLFEOL;
+ else if (!strcmp(*args, "-rand")) {
if (!args[1])
goto argerr;
args++;
inrand = *args;
need_rand = 1;
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args,"-engine"))
- {
+ else if (!strcmp(*args, "-engine")) {
if (!args[1])
goto argerr;
engine = *++args;
- }
+ }
#endif
- else if (!strcmp(*args,"-passin"))
- {
+ else if (!strcmp(*args, "-passin")) {
if (!args[1])
goto argerr;
passargin = *++args;
- }
- else if (!strcmp (*args, "-to"))
- {
+ } else if (!strcmp(*args, "-to")) {
if (!args[1])
goto argerr;
to = *++args;
- }
- else if (!strcmp (*args, "-from"))
- {
+ } else if (!strcmp(*args, "-from")) {
if (!args[1])
goto argerr;
from = *++args;
- }
- else if (!strcmp (*args, "-subject"))
- {
+ } else if (!strcmp(*args, "-subject")) {
if (!args[1])
goto argerr;
subject = *++args;
- }
- else if (!strcmp (*args, "-signer"))
- {
+ } else if (!strcmp(*args, "-signer")) {
if (!args[1])
goto argerr;
/* If previous -signer argument add signer to list */
- if (signerfile)
- {
+ if (signerfile) {
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
- }
- signerfile = *++args;
}
- else if (!strcmp (*args, "-recip"))
- {
+ signerfile = *++args;
+ } else if (!strcmp(*args, "-recip")) {
if (!args[1])
goto argerr;
recipfile = *++args;
- }
- else if (!strcmp (*args, "-md"))
- {
+ } else if (!strcmp(*args, "-md")) {
if (!args[1])
goto argerr;
sign_md = EVP_get_digestbyname(*++args);
- if (sign_md == NULL)
- {
+ if (sign_md == NULL) {
BIO_printf(bio_err, "Unknown digest %s\n",
- *args);
+ *args);
goto argerr;
- }
}
- else if (!strcmp (*args, "-inkey"))
- {
- if (!args[1])
+ } else if (!strcmp(*args, "-inkey")) {
+ if (!args[1])
goto argerr;
/* If previous -inkey arument add signer to list */
- if (keyfile)
- {
- if (!signerfile)
- {
+ if (keyfile) {
+ if (!signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
- }
+ }
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
- }
- keyfile = *++args;
}
- else if (!strcmp (*args, "-keyform"))
- {
+ keyfile = *++args;
+ } else if (!strcmp(*args, "-keyform")) {
if (!args[1])
goto argerr;
keyform = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-certfile"))
- {
+ } else if (!strcmp(*args, "-certfile")) {
if (!args[1])
goto argerr;
certfile = *++args;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
+ } else if (!strcmp(*args, "-CAfile")) {
if (!args[1])
goto argerr;
CAfile = *++args;
- }
- else if (!strcmp (*args, "-CApath"))
- {
+ } else if (!strcmp(*args, "-CApath")) {
if (!args[1])
goto argerr;
CApath = *++args;
- }
- else if (!strcmp (*args, "-in"))
- {
+ } else if (!strcmp(*args, "-in")) {
if (!args[1])
goto argerr;
infile = *++args;
- }
- else if (!strcmp (*args, "-inform"))
- {
+ } else if (!strcmp(*args, "-inform")) {
if (!args[1])
goto argerr;
informat = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-outform"))
- {
+ } else if (!strcmp(*args, "-outform")) {
if (!args[1])
goto argerr;
outformat = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-out"))
- {
+ } else if (!strcmp(*args, "-out")) {
if (!args[1])
goto argerr;
outfile = *++args;
- }
- else if (!strcmp (*args, "-content"))
- {
+ } else if (!strcmp(*args, "-content")) {
if (!args[1])
goto argerr;
contfile = *++args;
- }
- else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue;
else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
badarg = 1;
args++;
- }
+ }
- if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
- {
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
- }
-
- if (operation & SMIME_SIGNERS)
- {
+ }
+ if (operation & SMIME_SIGNERS) {
/* Check to see if any final signer needs to be appended */
- if (keyfile && !signerfile)
- {
+ if (keyfile && !signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
- }
- if (signerfile)
- {
+ }
+ if (signerfile) {
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
- }
- if (!sksigners)
- {
+ }
+ if (!sksigners) {
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
- }
+ }
signerfile = NULL;
keyfile = NULL;
need_rand = 1;
- }
- else if (operation == SMIME_DECRYPT)
- {
- if (!recipfile && !keyfile)
- {
+ } else if (operation == SMIME_DECRYPT) {
+ if (!recipfile && !keyfile) {
BIO_printf(bio_err, "No recipient certificate or key specified\n");
badarg = 1;
- }
}
- else if (operation == SMIME_ENCRYPT)
- {
- if (!*args)
- {
+ } else if (operation == SMIME_ENCRYPT) {
+ if (!*args) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
- }
- need_rand = 1;
}
- else if (!operation)
+ need_rand = 1;
+ } else if (!operation)
badarg = 1;
- if (badarg)
- {
- argerr:
- BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+ if (badarg) {
+argerr:
+ BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-encrypt encrypt message\n");
+ BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf(bio_err, "-sign sign message\n");
+ BIO_printf(bio_err, "-verify verify signed message\n");
+ BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n");
#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
+ BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf(bio_err, "-des encrypt with DES\n");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt with SEED\n");
+ BIO_printf(bio_err, "-seed encrypt with SEED\n");
#endif
#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+ BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf(bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf(bio_err, "-nodetach use opaque signing\n");
+ BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf(bio_err, "-binary don't translate message to text\n");
+ BIO_printf(bio_err, "-certfile file other certificates file\n");
+ BIO_printf(bio_err, "-signer file signer certificate file\n");
+ BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf(bio_err, "-to addr to address\n");
+ BIO_printf(bio_err, "-from ad from address\n");
+ BIO_printf(bio_err, "-subject s subject\n");
+ BIO_printf(bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
-
- if (need_rand)
- {
+ }
+ if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
ret = 2;
if (!(operation & SMIME_SIGNERS))
flags &= ~PKCS7_DETACHED;
- if (operation & SMIME_OP)
- {
+ if (operation & SMIME_OP) {
if (outformat == FORMAT_ASN1)
outmode = "wb";
- }
- else
- {
+ } else {
if (flags & PKCS7_BINARY)
outmode = "wb";
- }
+ }
- if (operation & SMIME_IP)
- {
+ if (operation & SMIME_IP) {
if (informat == FORMAT_ASN1)
inmode = "rb";
- }
- else
- {
+ } else {
if (flags & PKCS7_BINARY)
inmode = "rb";
- }
+ }
- if (operation == SMIME_ENCRYPT)
- {
- if (!cipher)
- {
-#ifndef OPENSSL_NO_RC2
+ if (operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+#ifndef OPENSSL_NO_RC2
cipher = EVP_rc2_40_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
#endif
- }
+ }
encerts = sk_X509_new_null();
- while (*args)
- {
- if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
- NULL, e, "recipient certificate file")))
- {
+ while (*args) {
+ if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "recipient certificate file"))) {
#if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
#endif
goto end;
- }
+ }
sk_X509_push(encerts, cert);
cert = NULL;
args++;
- }
}
-
- if (certfile)
- {
- if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
- e, "certificate file")))
- {
+ }
+ if (certfile) {
+ if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
+ e, "certificate file"))) {
ERR_print_errors(bio_err);
goto end;
- }
}
-
- if (recipfile && (operation == SMIME_DECRYPT))
- {
- if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
- e, "recipient certificate file")))
- {
+ }
+ if (recipfile && (operation == SMIME_DECRYPT)) {
+ if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
+ e, "recipient certificate file"))) {
ERR_print_errors(bio_err);
goto end;
- }
}
-
- if (operation == SMIME_DECRYPT)
- {
+ }
+ if (operation == SMIME_DECRYPT) {
if (!keyfile)
keyfile = recipfile;
- }
- else if (operation == SMIME_SIGN)
- {
+ } else if (operation == SMIME_SIGN) {
if (!keyfile)
keyfile = signerfile;
- }
- else keyfile = NULL;
+ } else
+ keyfile = NULL;
- if (keyfile)
- {
+ if (keyfile) {
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
+ "signing key file");
if (!key)
goto end;
- }
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, inmode)))
- {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
+ }
+ if (infile) {
+ if (!(in = BIO_new_file(infile, inmode))) {
+ BIO_printf(bio_err,
+ "Can't open input file %s\n", infile);
goto end;
- }
}
- else
+ } else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (operation & SMIME_IP)
- {
- if (informat == FORMAT_SMIME)
+ if (operation & SMIME_IP) {
+ if (informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
- else if (informat == FORMAT_PEM)
+ else if (informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
+ else if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
- else
- {
+ else {
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
goto end;
- }
+ }
- if (!p7)
- {
+ if (!p7) {
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
- }
- if (contfile)
- {
+ }
+ if (contfile) {
BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb")))
- {
+ if (!(indata = BIO_new_file(contfile, "rb"))) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
- }
}
}
-
- if (outfile)
- {
- if (!(out = BIO_new_file(outfile, outmode)))
- {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
+ }
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, outmode))) {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
goto end;
- }
}
- else
- {
+ } else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
- }
+ }
- if (operation == SMIME_VERIFY)
- {
+ if (operation == SMIME_VERIFY) {
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
- }
-
-
+ }
ret = 3;
- if (operation == SMIME_ENCRYPT)
- {
+ if (operation == SMIME_ENCRYPT) {
if (indef)
flags |= PKCS7_STREAM;
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
- }
- else if (operation & SMIME_SIGNERS)
- {
+ } else if (operation & SMIME_SIGNERS) {
int i;
- /* If detached data content we only enable streaming if
+ /*
+ * If detached data content we only enable streaming if
* S/MIME output format.
*/
- if (operation == SMIME_SIGN)
- {
- if (flags & PKCS7_DETACHED)
- {
+ if (operation == SMIME_SIGN) {
+ if (flags & PKCS7_DETACHED) {
if (outformat == FORMAT_SMIME)
flags |= PKCS7_STREAM;
- }
- else if (indef)
+ } else if (indef)
flags |= PKCS7_STREAM;
flags |= PKCS7_PARTIAL;
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
if (!p7)
goto end;
- }
- else
+ } else
flags |= PKCS7_REUSE_DIGEST;
- for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
- {
+ for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ e, "signer certificate");
if (!signer)
goto end;
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
+ "signing key file");
if (!key)
goto end;
if (!PKCS7_sign_add_signer(p7, signer, key,
- sign_md, flags))
+ sign_md, flags))
goto end;
X509_free(signer);
signer = NULL;
EVP_PKEY_free(key);
key = NULL;
- }
+ }
/* If not streaming or resigning finalize structure */
- if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
- {
+ if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
if (!PKCS7_final(p7, in, flags))
goto end;
- }
}
-
- if (!p7)
- {
+ }
+ if (!p7) {
BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
goto end;
- }
-
+ }
ret = 4;
- if (operation == SMIME_DECRYPT)
- {
- if (!PKCS7_decrypt(p7, key, recip, out, flags))
- {
+ if (operation == SMIME_DECRYPT) {
+ if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
goto end;
- }
}
- else if (operation == SMIME_VERIFY)
- {
- STACK_OF(X509) *signers;
+ } else if (operation == SMIME_VERIFY) {
+ STACK_OF(X509) * signers;
if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification successful\n");
- else
- {
+ else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
- }
+ }
signers = PKCS7_get0_signers(p7, other, flags);
- if (!save_certs(signerfile, signers))
- {
+ if (!save_certs(signerfile, signers)) {
BIO_printf(bio_err, "Error writing signers to %s\n",
- signerfile);
+ signerfile);
ret = 5;
goto end;
- }
- sk_X509_free(signers);
}
- else if (operation == SMIME_PK7OUT)
+ sk_X509_free(signers);
+ } else if (operation == SMIME_PK7OUT)
PEM_write_bio_PKCS7(out, p7);
- else
- {
+ else {
if (to)
BIO_printf(out, "To: %s\n", to);
if (from)
BIO_printf(out, "From: %s\n", from);
if (subject)
BIO_printf(out, "Subject: %s\n", subject);
- if (outformat == FORMAT_SMIME)
- {
+ if (outformat == FORMAT_SMIME) {
if (operation == SMIME_RESIGN)
SMIME_write_PKCS7(out, p7, indata, flags);
else
SMIME_write_PKCS7(out, p7, in, flags);
- }
- else if (outformat == FORMAT_PEM)
+ } else if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS7_stream(out, p7, in, flags);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS7_bio_stream(out,p7, in, flags);
- else
- {
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS7_bio_stream(out, p7, in, flags);
+ else {
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end;
- }
}
+ }
ret = 0;
end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
- if (ret) ERR_print_errors(bio_err);
+ if (ret)
+ ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);
- if (passin) free(passin);
+ if (passin)
+ free(passin);
return (ret);
}
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
- {
+static int
+save_certs(char *signerfile, STACK_OF(X509) * signers)
+{
int i;
BIO *tmp;
if (!signerfile)
return 1;
tmp = BIO_new_file(signerfile, "w");
- if (!tmp) return 0;
- for(i = 0; i < sk_X509_num(signers); i++)
+ if (!tmp)
+ return 0;
+ for (i = 0; i < sk_X509_num(signers); i++)
PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
BIO_free(tmp);
return 1;
- }
-
+}
+
/* Minimal callback just to output policy info (if any) */
-static int smime_cb(int ok, X509_STORE_CTX *ctx)
- {
+static int
+smime_cb(int ok, X509_STORE_CTX * ctx)
+{
int error;
error = X509_STORE_CTX_get_error(ctx);
if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
- && ((error != X509_V_OK) || (ok != 2)))
+ && ((error != X509_V_OK) || (ok != 2)))
return ok;
policies_print(NULL, ctx);
return ok;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
- * The ECDH and ECDSA speed test software is originally written by
+ * The ECDH and ECDSA speed test software is originally written by
* Sumit Gupta of Sun Microsystems Laboratories.
*
*/
#ifndef OPENSSL_NO_SPEED
#undef SECONDS
-#define SECONDS 3
+#define SECONDS 3
#define RSA_SECONDS 10
#define DSA_SECONDS 10
#define ECDSA_SECONDS 10
#if defined(_WIN32) || defined(__CYGWIN__)
#include <windows.h>
-# if defined(__CYGWIN__) && !defined(_WIN32)
- /* <windows.h> should define _WIN32, which normally is mutually
- * exclusive with __CYGWIN__, but if it didn't... */
-# define _WIN32
- /* this is done because Cygwin alarm() fails sometimes. */
-# endif
+#if defined(__CYGWIN__) && !defined(_WIN32)
+ /*
+ * <windows.h> should define _WIN32, which normally is mutually exclusive
+ * with __CYGWIN__, but if it didn't...
+ */
+#define _WIN32
+ /* this is done because Cygwin alarm() fails sometimes. */
+#endif
#endif
#include <openssl/bn.h>
#ifndef HAVE_FORK
-# define HAVE_FORK 1
+#define HAVE_FORK 1
#endif
#if HAVE_FORK
#undef BUFSIZE
#define BUFSIZE ((long)1024*8+1)
-int run=0;
+int run = 0;
-static int mr=0;
-static int usertime=1;
+static int mr = 0;
+static int usertime = 1;
static double Time_F(int s);
-static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
- long num, int bits, int sec);
-static void print_result(int alg,int run_no,int count,double time_used);
+static void print_message(const char *s, long num, int length);
+static void
+pkey_print_message(const char *str, const char *str2,
+ long num, int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
#ifndef NO_FORK
static int do_multi(int multi);
#endif
#define EC_NUM 16
#define MAX_ECDH_SIZE 256
-static const char *names[ALGOR_NUM]={
- "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
- "des cbc","des ede3","idea cbc","seed cbc",
- "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
- "aes-128 cbc","aes-192 cbc","aes-256 cbc",
- "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
- "evp","sha256","sha512","whirlpool",
- "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
+static const char *names[ALGOR_NUM] = {
+ "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+ "des cbc", "des ede3", "idea cbc", "seed cbc",
+ "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+ "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+ "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+ "evp", "sha256", "sha512", "whirlpool",
+"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"};
static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static int lengths[SIZE_NUM] = {16, 64, 256, 1024, 8 * 1024};
#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
#endif
#define SIGRETTYPE void
#else
#define SIGRETTYPE int
-#endif
+#endif
static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
+static SIGRETTYPE
+sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
#ifdef LINT
- sig=sig;
+ sig = sig;
#endif
- }
+}
#endif
#define START 0
#define STOP 1
-static double Time_F(int s)
- {
- return app_tminterval(s,usertime);
- }
+static double
+Time_F(int s)
+{
+ return app_tminterval(s, usertime);
+}
#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
+static void *
+KDF1_SHA1(const void *in, size_t inlen, void *out, size_t * outlen)
+{
#ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
return SHA1(in, inlen, out);
#else
return NULL;
-#endif /* OPENSSL_NO_SHA */
- }
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_SHA */
+}
+#endif /* OPENSSL_NO_ECDH */
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- unsigned char *buf=NULL,*buf2=NULL;
- int mret=1;
- long count=0,save_count=0;
- int i,j,k;
+int
+MAIN(int argc, char **argv)
+{
+ unsigned char *buf = NULL, *buf2 = NULL;
+ int mret = 1;
+ long count = 0, save_count = 0;
+ int i, j, k;
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
long rsa_count;
#endif
#ifndef OPENSSL_NO_CAST
CAST_KEY cast_ks;
#endif
- static const unsigned char key16[16]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+ static const unsigned char key16[16] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
#ifndef OPENSSL_NO_AES
- static const unsigned char key24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char key32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+ static const unsigned char key24[24] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
+ static const unsigned char key32[32] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+ 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
#endif
#ifndef OPENSSL_NO_CAMELLIA
- static const unsigned char ckey24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char ckey32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+ static const unsigned char ckey24[24] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
+ static const unsigned char ckey32[32] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+ 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
#endif
#ifndef OPENSSL_NO_AES
#define MAX_BLOCK_SIZE 128
#define MAX_BLOCK_SIZE 64
#endif
unsigned char DES_iv[8];
- unsigned char iv[2*MAX_BLOCK_SIZE/8];
+ unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
#ifndef OPENSSL_NO_DES
- static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ static DES_cblock key = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
+ static DES_cblock key2 = {0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
+ static DES_cblock key3 = {0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
DES_key_schedule sch;
DES_key_schedule sch2;
DES_key_schedule sch3;
#define D_CBC_128_AES 16
#define D_CBC_192_AES 17
#define D_CBC_256_AES 18
-#define D_CBC_128_CML 19
+#define D_CBC_128_CML 19
#define D_CBC_192_CML 20
-#define D_CBC_256_CML 21
+#define D_CBC_256_CML 21
#define D_EVP 22
-#define D_SHA256 23
+#define D_SHA256 23
#define D_SHA512 24
#define D_WHIRLPOOL 25
#define D_IGE_128_AES 26
#define D_IGE_192_AES 27
#define D_IGE_256_AES 28
#define D_GHASH 29
- double d=0.0;
+ double d = 0.0;
long c[ALGOR_NUM][SIZE_NUM];
#define R_DSA_512 0
#define R_DSA_1024 1
#define R_RSA_4096 3
#define R_EC_P160 0
-#define R_EC_P192 1
+#define R_EC_P192 1
#define R_EC_P224 2
#define R_EC_P256 3
#define R_EC_P384 4
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2];
- static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
- static unsigned char *rsa_data[RSA_NUM]=
- {test512,test1024,test2048,test4096};
- static int rsa_data_length[RSA_NUM]={
- sizeof(test512),sizeof(test1024),
- sizeof(test2048),sizeof(test4096)};
+ static unsigned int rsa_bits[RSA_NUM] = {512, 1024, 2048, 4096};
+ static unsigned char *rsa_data[RSA_NUM] =
+ {test512, test1024, test2048, test4096};
+ static int rsa_data_length[RSA_NUM] = {
+ sizeof(test512), sizeof(test1024),
+ sizeof(test2048), sizeof(test4096)};
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
long dsa_c[DSA_NUM][2];
- static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+ static unsigned int dsa_bits[DSA_NUM] = {512, 1024, 2048};
#endif
#ifndef OPENSSL_NO_EC
- /* We only test over the following curves as they are representative,
- * To add tests over more curves, simply add the curve NID
- * and curve name to the following arrays and increase the
- * EC_NUM value accordingly.
+ /*
+ * We only test over the following curves as they are representative,
+ * To add tests over more curves, simply add the curve NID and curve
+ * name to the following arrays and increase the EC_NUM value
+ * accordingly.
*/
- static unsigned int test_curves[EC_NUM] =
- {
- /* Prime Curves */
- NID_secp160r1,
- NID_X9_62_prime192v1,
- NID_secp224r1,
- NID_X9_62_prime256v1,
- NID_secp384r1,
- NID_secp521r1,
- /* Binary Curves */
- NID_sect163k1,
- NID_sect233k1,
- NID_sect283k1,
- NID_sect409k1,
- NID_sect571k1,
- NID_sect163r2,
- NID_sect233r1,
- NID_sect283r1,
- NID_sect409r1,
- NID_sect571r1
- };
- static const char * test_curves_names[EC_NUM] =
+ static unsigned int test_curves[EC_NUM] =
+ {
+ /* Prime Curves */
+ NID_secp160r1,
+ NID_X9_62_prime192v1,
+ NID_secp224r1,
+ NID_X9_62_prime256v1,
+ NID_secp384r1,
+ NID_secp521r1,
+ /* Binary Curves */
+ NID_sect163k1,
+ NID_sect233k1,
+ NID_sect283k1,
+ NID_sect409k1,
+ NID_sect571k1,
+ NID_sect163r2,
+ NID_sect233r1,
+ NID_sect283r1,
+ NID_sect409r1,
+ NID_sect571r1
+ };
+ static const char *test_curves_names[EC_NUM] =
{
- /* Prime Curves */
- "secp160r1",
- "nistp192",
- "nistp224",
- "nistp256",
- "nistp384",
- "nistp521",
- /* Binary Curves */
- "nistk163",
- "nistk233",
- "nistk283",
- "nistk409",
- "nistk571",
- "nistb163",
- "nistb233",
- "nistb283",
- "nistb409",
- "nistb571"
+ /* Prime Curves */
+ "secp160r1",
+ "nistp192",
+ "nistp224",
+ "nistp256",
+ "nistp384",
+ "nistp521",
+ /* Binary Curves */
+ "nistk163",
+ "nistk233",
+ "nistk283",
+ "nistk409",
+ "nistk571",
+ "nistb163",
+ "nistb233",
+ "nistb283",
+ "nistb409",
+ "nistb571"
};
static int test_curves_bits[EC_NUM] =
- {
- 160, 192, 224, 256, 384, 521,
- 163, 233, 283, 409, 571,
- 163, 233, 283, 409, 571
- };
+ {
+ 160, 192, 224, 256, 384, 521,
+ 163, 233, 283, 409, 571,
+ 163, 233, 283, 409, 571
+ };
#endif
int ecdsa_doit[EC_NUM];
#endif
#ifndef OPENSSL_NO_ECDH
- int ecdh_doit[EC_NUM];
+ int ecdh_doit[EC_NUM];
#endif
int doit[ALGOR_NUM];
- int pr_header=0;
- const EVP_CIPHER *evp_cipher=NULL;
- const EVP_MD *evp_md=NULL;
- int decrypt=0;
+ int pr_header = 0;
+ const EVP_CIPHER *evp_cipher = NULL;
+ const EVP_MD *evp_md = NULL;
+ int decrypt = 0;
#ifndef NO_FORK
- int multi=0;
+ int multi = 0;
#endif
#ifndef TIMES
- usertime=-1;
+ usertime = -1;
#endif
apps_startup();
memset(results, 0, sizeof(results));
#ifndef OPENSSL_NO_DSA
- memset(dsa_key,0,sizeof(dsa_key));
+ memset(dsa_key, 0, sizeof(dsa_key));
#endif
#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa[i] = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
+ for (i = 0; i < EC_NUM; i++) {
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
- }
+ }
#endif
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_RSA
- memset(rsa_key,0,sizeof(rsa_key));
- for (i=0; i<RSA_NUM; i++)
- rsa_key[i]=NULL;
+ memset(rsa_key, 0, sizeof(rsa_key));
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_key[i] = NULL;
#endif
- if ((buf=(unsigned char *)malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
+ if ((buf = (unsigned char *) malloc((int) BUFSIZE)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
goto end;
- }
- if ((buf2=(unsigned char *)malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
+ }
+ if ((buf2 = (unsigned char *) malloc((int) BUFSIZE)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
goto end;
- }
-
- memset(c,0,sizeof(c));
- memset(DES_iv,0,sizeof(DES_iv));
- memset(iv,0,sizeof(iv));
-
- for (i=0; i<ALGOR_NUM; i++)
- doit[i]=0;
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=0;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=0;
+ }
+ memset(c, 0, sizeof(c));
+ memset(DES_iv, 0, sizeof(DES_iv));
+ memset(iv, 0, sizeof(iv));
+
+ for (i = 0; i < ALGOR_NUM; i++)
+ doit[i] = 0;
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_doit[i] = 0;
+ for (i = 0; i < DSA_NUM; i++)
+ dsa_doit[i] = 0;
#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- ecdsa_doit[i]=0;
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa_doit[i] = 0;
#endif
#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- ecdh_doit[i]=0;
+ for (i = 0; i < EC_NUM; i++)
+ ecdh_doit[i] = 0;
#endif
-
- j=0;
+
+ j = 0;
argc--;
argv++;
- while (argc)
- {
- if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
- {
+ while (argc) {
+ if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
usertime = 0;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
- }
- else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
- {
+ j--; /* Otherwise, -elapsed gets confused with an
+ * algorithm. */
+ } else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
argc--;
argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no EVP given\n");
- goto end;
- }
- evp_cipher=EVP_get_cipherbyname(*argv);
- if(!evp_cipher)
- {
- evp_md=EVP_get_digestbyname(*argv);
- }
- if(!evp_cipher && !evp_md)
- {
- BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+ if (argc == 0) {
+ BIO_printf(bio_err, "no EVP given\n");
goto end;
- }
- doit[D_EVP]=1;
}
- else if (argc > 0 && !strcmp(*argv,"-decrypt"))
- {
- decrypt=1;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
+ evp_cipher = EVP_get_cipherbyname(*argv);
+ if (!evp_cipher) {
+ evp_md = EVP_get_digestbyname(*argv);
+ }
+ if (!evp_cipher && !evp_md) {
+ BIO_printf(bio_err, "%s is an unknown cipher or digest\n", *argv);
+ goto end;
}
+ doit[D_EVP] = 1;
+ } else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
+ decrypt = 1;
+ j--; /* Otherwise, -elapsed gets confused with an
+ * algorithm. */
+ }
#ifndef OPENSSL_NO_ENGINE
- else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
- {
+ else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
argc--;
argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no engine given\n");
+ if (argc == 0) {
+ BIO_printf(bio_err, "no engine given\n");
goto end;
- }
- setup_engine(bio_err, *argv, 0);
- /* j will be increased again further down. We just
- don't want speed to confuse an engine with an
- algorithm, especially when none is given (which
- means all of them should be run) */
- j--;
}
+ setup_engine(bio_err, *argv, 0);
+ /*
+ * j will be increased again further down. We just
+ * don't want speed to confuse an engine with an
+ * algorithm, especially when none is given (which
+ * means all of them should be run)
+ */
+ j--;
+ }
#endif
#ifndef NO_FORK
- else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
- {
+ else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
argc--;
argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no multi count given\n");
+ if (argc == 0) {
+ BIO_printf(bio_err, "no multi count given\n");
goto end;
- }
- multi=atoi(argv[0]);
- if(multi <= 0)
- {
- BIO_printf(bio_err,"bad multi count\n");
+ }
+ multi = atoi(argv[0]);
+ if (multi <= 0) {
+ BIO_printf(bio_err, "bad multi count\n");
goto end;
- }
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
}
+ j--; /* Otherwise, -mr gets confused with an
+ * algorithm. */
+ }
#endif
- else if (argc > 0 && !strcmp(*argv,"-mr"))
- {
- mr=1;
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
- }
- else
+ else if (argc > 0 && !strcmp(*argv, "-mr")) {
+ mr = 1;
+ j--; /* Otherwise, -mr gets confused with an
+ * algorithm. */
+ } else
#ifndef OPENSSL_NO_MD2
- if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
+ if (strcmp(*argv, "md2") == 0)
+ doit[D_MD2] = 1;
else
#endif
#ifndef OPENSSL_NO_MDC2
- if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
+ if (strcmp(*argv, "mdc2") == 0)
+ doit[D_MDC2] = 1;
else
#endif
#ifndef OPENSSL_NO_MD4
- if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
+ if (strcmp(*argv, "md4") == 0)
+ doit[D_MD4] = 1;
else
#endif
#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
+ if (strcmp(*argv, "md5") == 0)
+ doit[D_MD5] = 1;
else
#endif
#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
+ if (strcmp(*argv, "hmac") == 0)
+ doit[D_HMAC] = 1;
else
#endif
#ifndef OPENSSL_NO_SHA
- if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
- else
- if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1,
- doit[D_SHA256]=1,
- doit[D_SHA512]=1;
+ if (strcmp(*argv, "sha1") == 0)
+ doit[D_SHA1] = 1;
+ else if (strcmp(*argv, "sha") == 0)
+ doit[D_SHA1] = 1,
+ doit[D_SHA256] = 1,
+ doit[D_SHA512] = 1;
else
#ifndef OPENSSL_NO_SHA256
- if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+ if (strcmp(*argv, "sha256") == 0)
+ doit[D_SHA256] = 1;
else
#endif
#ifndef OPENSSL_NO_SHA512
- if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
+ if (strcmp(*argv, "sha512") == 0)
+ doit[D_SHA512] = 1;
else
#endif
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
- if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1;
+ if (strcmp(*argv, "whirlpool") == 0)
+ doit[D_WHIRLPOOL] = 1;
else
#endif
#ifndef OPENSSL_NO_RIPEMD
- if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+ if (strcmp(*argv, "ripemd") == 0)
+ doit[D_RMD160] = 1;
+ else if (strcmp(*argv, "rmd160") == 0)
+ doit[D_RMD160] = 1;
+ else if (strcmp(*argv, "ripemd160") == 0)
+ doit[D_RMD160] = 1;
else
#endif
#ifndef OPENSSL_NO_RC4
- if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
- else
+ if (strcmp(*argv, "rc4") == 0)
+ doit[D_RC4] = 1;
+ else
#endif
#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
- else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
+ if (strcmp(*argv, "des-cbc") == 0)
+ doit[D_CBC_DES] = 1;
+ else if (strcmp(*argv, "des-ede3") == 0)
+ doit[D_EDE3_DES] = 1;
else
#endif
#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
- else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
- else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
- else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
- else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
- else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
- else
+ if (strcmp(*argv, "aes-128-cbc") == 0)
+ doit[D_CBC_128_AES] = 1;
+ else if (strcmp(*argv, "aes-192-cbc") == 0)
+ doit[D_CBC_192_AES] = 1;
+ else if (strcmp(*argv, "aes-256-cbc") == 0)
+ doit[D_CBC_256_AES] = 1;
+ else if (strcmp(*argv, "aes-128-ige") == 0)
+ doit[D_IGE_128_AES] = 1;
+ else if (strcmp(*argv, "aes-192-ige") == 0)
+ doit[D_IGE_192_AES] = 1;
+ else if (strcmp(*argv, "aes-256-ige") == 0)
+ doit[D_IGE_256_AES] = 1;
+ else
#endif
#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
- else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
- else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
+ if (strcmp(*argv, "camellia-128-cbc") == 0)
+ doit[D_CBC_128_CML] = 1;
+ else if (strcmp(*argv, "camellia-192-cbc") == 0)
+ doit[D_CBC_192_CML] = 1;
+ else if (strcmp(*argv, "camellia-256-cbc") == 0)
+ doit[D_CBC_256_CML] = 1;
else
#endif
#ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
- if (strcmp(*argv,"rsaref") == 0)
- {
+#if 0 /* was: #ifdef RSAref */
+ if (strcmp(*argv, "rsaref") == 0) {
RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
- }
- else
+ } else
#endif
#ifndef RSA_NULL
- if (strcmp(*argv,"openssl") == 0)
- {
+ if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_SSLeay());
j--;
- }
- else
-#endif
-#endif /* !OPENSSL_NO_RSA */
- if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
- else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
- else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
- else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
- else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
- else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
- else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
+ } else
+#endif
+#endif /* !OPENSSL_NO_RSA */
+ if (strcmp(*argv, "dsa512") == 0)
+ dsa_doit[R_DSA_512] = 2;
+ else if (strcmp(*argv, "dsa1024") == 0)
+ dsa_doit[R_DSA_1024] = 2;
+ else if (strcmp(*argv, "dsa2048") == 0)
+ dsa_doit[R_DSA_2048] = 2;
+ else if (strcmp(*argv, "rsa512") == 0)
+ rsa_doit[R_RSA_512] = 2;
+ else if (strcmp(*argv, "rsa1024") == 0)
+ rsa_doit[R_RSA_1024] = 2;
+ else if (strcmp(*argv, "rsa2048") == 0)
+ rsa_doit[R_RSA_2048] = 2;
+ else if (strcmp(*argv, "rsa4096") == 0)
+ rsa_doit[R_RSA_4096] = 2;
else
#ifndef OPENSSL_NO_RC2
- if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
- else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
+ if (strcmp(*argv, "rc2-cbc") == 0)
+ doit[D_CBC_RC2] = 1;
+ else if (strcmp(*argv, "rc2") == 0)
+ doit[D_CBC_RC2] = 1;
else
#endif
#ifndef OPENSSL_NO_RC5
- if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
- else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+ if (strcmp(*argv, "rc5-cbc") == 0)
+ doit[D_CBC_RC5] = 1;
+ else if (strcmp(*argv, "rc5") == 0)
+ doit[D_CBC_RC5] = 1;
else
#endif
#ifndef OPENSSL_NO_IDEA
- if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
- else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
+ if (strcmp(*argv, "idea-cbc") == 0)
+ doit[D_CBC_IDEA] = 1;
+ else if (strcmp(*argv, "idea") == 0)
+ doit[D_CBC_IDEA] = 1;
else
#endif
#ifndef OPENSSL_NO_SEED
- if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
- else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
+ if (strcmp(*argv, "seed-cbc") == 0)
+ doit[D_CBC_SEED] = 1;
+ else if (strcmp(*argv, "seed") == 0)
+ doit[D_CBC_SEED] = 1;
else
#endif
#ifndef OPENSSL_NO_BF
- if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+ if (strcmp(*argv, "bf-cbc") == 0)
+ doit[D_CBC_BF] = 1;
+ else if (strcmp(*argv, "blowfish") == 0)
+ doit[D_CBC_BF] = 1;
+ else if (strcmp(*argv, "bf") == 0)
+ doit[D_CBC_BF] = 1;
else
#endif
#ifndef OPENSSL_NO_CAST
- if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
+ if (strcmp(*argv, "cast-cbc") == 0)
+ doit[D_CBC_CAST] = 1;
+ else if (strcmp(*argv, "cast") == 0)
+ doit[D_CBC_CAST] = 1;
+ else if (strcmp(*argv, "cast5") == 0)
+ doit[D_CBC_CAST] = 1;
else
#endif
#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des") == 0)
- {
- doit[D_CBC_DES]=1;
- doit[D_EDE3_DES]=1;
- }
- else
+ if (strcmp(*argv, "des") == 0) {
+ doit[D_CBC_DES] = 1;
+ doit[D_EDE3_DES] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes") == 0)
- {
- doit[D_CBC_128_AES]=1;
- doit[D_CBC_192_AES]=1;
- doit[D_CBC_256_AES]=1;
- }
- else if (strcmp(*argv,"ghash") == 0)
- {
- doit[D_GHASH]=1;
- }
- else
+ if (strcmp(*argv, "aes") == 0) {
+ doit[D_CBC_128_AES] = 1;
+ doit[D_CBC_192_AES] = 1;
+ doit[D_CBC_256_AES] = 1;
+ } else if (strcmp(*argv, "ghash") == 0) {
+ doit[D_GHASH] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia") == 0)
- {
- doit[D_CBC_128_CML]=1;
- doit[D_CBC_192_CML]=1;
- doit[D_CBC_256_CML]=1;
- }
- else
+ if (strcmp(*argv, "camellia") == 0) {
+ doit[D_CBC_128_CML] = 1;
+ doit[D_CBC_192_CML] = 1;
+ doit[D_CBC_256_CML] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_RSA
- if (strcmp(*argv,"rsa") == 0)
- {
- rsa_doit[R_RSA_512]=1;
- rsa_doit[R_RSA_1024]=1;
- rsa_doit[R_RSA_2048]=1;
- rsa_doit[R_RSA_4096]=1;
- }
- else
+ if (strcmp(*argv, "rsa") == 0) {
+ rsa_doit[R_RSA_512] = 1;
+ rsa_doit[R_RSA_1024] = 1;
+ rsa_doit[R_RSA_2048] = 1;
+ rsa_doit[R_RSA_4096] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_DSA
- if (strcmp(*argv,"dsa") == 0)
- {
- dsa_doit[R_DSA_512]=1;
- dsa_doit[R_DSA_1024]=1;
- dsa_doit[R_DSA_2048]=1;
- }
- else
+ if (strcmp(*argv, "dsa") == 0) {
+ dsa_doit[R_DSA_512] = 1;
+ dsa_doit[R_DSA_1024] = 1;
+ dsa_doit[R_DSA_2048] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdsa") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdsa_doit[i]=1;
- }
- else
+ if (strcmp(*argv, "ecdsap160") == 0)
+ ecdsa_doit[R_EC_P160] = 2;
+ else if (strcmp(*argv, "ecdsap192") == 0)
+ ecdsa_doit[R_EC_P192] = 2;
+ else if (strcmp(*argv, "ecdsap224") == 0)
+ ecdsa_doit[R_EC_P224] = 2;
+ else if (strcmp(*argv, "ecdsap256") == 0)
+ ecdsa_doit[R_EC_P256] = 2;
+ else if (strcmp(*argv, "ecdsap384") == 0)
+ ecdsa_doit[R_EC_P384] = 2;
+ else if (strcmp(*argv, "ecdsap521") == 0)
+ ecdsa_doit[R_EC_P521] = 2;
+ else if (strcmp(*argv, "ecdsak163") == 0)
+ ecdsa_doit[R_EC_K163] = 2;
+ else if (strcmp(*argv, "ecdsak233") == 0)
+ ecdsa_doit[R_EC_K233] = 2;
+ else if (strcmp(*argv, "ecdsak283") == 0)
+ ecdsa_doit[R_EC_K283] = 2;
+ else if (strcmp(*argv, "ecdsak409") == 0)
+ ecdsa_doit[R_EC_K409] = 2;
+ else if (strcmp(*argv, "ecdsak571") == 0)
+ ecdsa_doit[R_EC_K571] = 2;
+ else if (strcmp(*argv, "ecdsab163") == 0)
+ ecdsa_doit[R_EC_B163] = 2;
+ else if (strcmp(*argv, "ecdsab233") == 0)
+ ecdsa_doit[R_EC_B233] = 2;
+ else if (strcmp(*argv, "ecdsab283") == 0)
+ ecdsa_doit[R_EC_B283] = 2;
+ else if (strcmp(*argv, "ecdsab409") == 0)
+ ecdsa_doit[R_EC_B409] = 2;
+ else if (strcmp(*argv, "ecdsab571") == 0)
+ ecdsa_doit[R_EC_B571] = 2;
+ else if (strcmp(*argv, "ecdsa") == 0) {
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa_doit[i] = 1;
+ } else
#endif
#ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdh") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdh_doit[i]=1;
- }
- else
+ if (strcmp(*argv, "ecdhp160") == 0)
+ ecdh_doit[R_EC_P160] = 2;
+ else if (strcmp(*argv, "ecdhp192") == 0)
+ ecdh_doit[R_EC_P192] = 2;
+ else if (strcmp(*argv, "ecdhp224") == 0)
+ ecdh_doit[R_EC_P224] = 2;
+ else if (strcmp(*argv, "ecdhp256") == 0)
+ ecdh_doit[R_EC_P256] = 2;
+ else if (strcmp(*argv, "ecdhp384") == 0)
+ ecdh_doit[R_EC_P384] = 2;
+ else if (strcmp(*argv, "ecdhp521") == 0)
+ ecdh_doit[R_EC_P521] = 2;
+ else if (strcmp(*argv, "ecdhk163") == 0)
+ ecdh_doit[R_EC_K163] = 2;
+ else if (strcmp(*argv, "ecdhk233") == 0)
+ ecdh_doit[R_EC_K233] = 2;
+ else if (strcmp(*argv, "ecdhk283") == 0)
+ ecdh_doit[R_EC_K283] = 2;
+ else if (strcmp(*argv, "ecdhk409") == 0)
+ ecdh_doit[R_EC_K409] = 2;
+ else if (strcmp(*argv, "ecdhk571") == 0)
+ ecdh_doit[R_EC_K571] = 2;
+ else if (strcmp(*argv, "ecdhb163") == 0)
+ ecdh_doit[R_EC_B163] = 2;
+ else if (strcmp(*argv, "ecdhb233") == 0)
+ ecdh_doit[R_EC_B233] = 2;
+ else if (strcmp(*argv, "ecdhb283") == 0)
+ ecdh_doit[R_EC_B283] = 2;
+ else if (strcmp(*argv, "ecdhb409") == 0)
+ ecdh_doit[R_EC_B409] = 2;
+ else if (strcmp(*argv, "ecdhb571") == 0)
+ ecdh_doit[R_EC_B571] = 2;
+ else if (strcmp(*argv, "ecdh") == 0) {
+ for (i = 0; i < EC_NUM; i++)
+ ecdh_doit[i] = 1;
+ } else
#endif
- {
- BIO_printf(bio_err,"Error: bad option or value\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available values:\n");
+ {
+ BIO_printf(bio_err, "Error: bad option or value\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, "Available values:\n");
#ifndef OPENSSL_NO_MD2
- BIO_printf(bio_err,"md2 ");
+ BIO_printf(bio_err, "md2 ");
#endif
#ifndef OPENSSL_NO_MDC2
- BIO_printf(bio_err,"mdc2 ");
+ BIO_printf(bio_err, "mdc2 ");
#endif
#ifndef OPENSSL_NO_MD4
- BIO_printf(bio_err,"md4 ");
+ BIO_printf(bio_err, "md4 ");
#endif
#ifndef OPENSSL_NO_MD5
- BIO_printf(bio_err,"md5 ");
+ BIO_printf(bio_err, "md5 ");
#ifndef OPENSSL_NO_HMAC
- BIO_printf(bio_err,"hmac ");
+ BIO_printf(bio_err, "hmac ");
#endif
#endif
#ifndef OPENSSL_NO_SHA1
- BIO_printf(bio_err,"sha1 ");
+ BIO_printf(bio_err, "sha1 ");
#endif
#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"sha256 ");
+ BIO_printf(bio_err, "sha256 ");
#endif
#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"sha512 ");
+ BIO_printf(bio_err, "sha512 ");
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
- BIO_printf(bio_err,"whirlpool");
+ BIO_printf(bio_err, "whirlpool");
#endif
#ifndef OPENSSL_NO_RIPEMD160
- BIO_printf(bio_err,"rmd160");
+ BIO_printf(bio_err, "rmd160");
#endif
#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
!defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
!defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
!defined(OPENSSL_NO_WHIRLPOOL)
- BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err, "\n");
#endif
#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea-cbc ");
+ BIO_printf(bio_err, "idea-cbc ");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err,"seed-cbc ");
+ BIO_printf(bio_err, "seed-cbc ");
#endif
#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2-cbc ");
+ BIO_printf(bio_err, "rc2-cbc ");
#endif
#ifndef OPENSSL_NO_RC5
- BIO_printf(bio_err,"rc5-cbc ");
+ BIO_printf(bio_err, "rc5-cbc ");
#endif
#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"bf-cbc");
+ BIO_printf(bio_err, "bf-cbc");
#endif
#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
!defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
- BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err, "\n");
#endif
#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des-cbc des-ede3 ");
+ BIO_printf(bio_err, "des-cbc des-ede3 ");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
- BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
+ BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
+ BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
#endif
#ifndef OPENSSL_NO_RC4
- BIO_printf(bio_err,"rc4");
+ BIO_printf(bio_err, "rc4");
#endif
- BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err, "\n");
#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
+ BIO_printf(bio_err, "rsa512 rsa1024 rsa2048 rsa4096\n");
#endif
#ifndef OPENSSL_NO_DSA
- BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
+ BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
#endif
#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err,"ecdsa\n");
+ BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+ BIO_printf(bio_err, "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+ BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+ BIO_printf(bio_err, "ecdsa\n");
#endif
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err,"ecdh\n");
+ BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
+ BIO_printf(bio_err, "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
+ BIO_printf(bio_err, "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
+ BIO_printf(bio_err, "ecdh\n");
#endif
#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea ");
+ BIO_printf(bio_err, "idea ");
#endif
#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err,"seed ");
+ BIO_printf(bio_err, "seed ");
#endif
#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2 ");
+ BIO_printf(bio_err, "rc2 ");
#endif
#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des ");
+ BIO_printf(bio_err, "des ");
#endif
#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes ");
+ BIO_printf(bio_err, "aes ");
#endif
#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"camellia ");
+ BIO_printf(bio_err, "camellia ");
#endif
#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa ");
+ BIO_printf(bio_err, "rsa ");
#endif
#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"blowfish");
+ BIO_printf(bio_err, "blowfish");
#endif
#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
!defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
!defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
!defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
- BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err, "\n");
#endif
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available options:\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, "Available options:\n");
#if defined(TIMES) || defined(USE_TOD)
- BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
+ BIO_printf(bio_err, "-elapsed measure time in real time instead of CPU user time.\n");
#endif
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
- BIO_printf(bio_err,"-evp e use EVP e.\n");
- BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
- BIO_printf(bio_err,"-mr produce machine readable output.\n");
+ BIO_printf(bio_err, "-evp e use EVP e.\n");
+ BIO_printf(bio_err, "-decrypt time decryption instead of encryption (only EVP).\n");
+ BIO_printf(bio_err, "-mr produce machine readable output.\n");
#ifndef NO_FORK
- BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
+ BIO_printf(bio_err, "-multi n run n benchmarks in parallel.\n");
#endif
goto end;
- }
+ }
argc--;
argv++;
j++;
- }
+ }
#ifndef NO_FORK
- if(multi && do_multi(multi))
+ if (multi && do_multi(multi))
goto show_res;
#endif
- if (j == 0)
- {
- for (i=0; i<ALGOR_NUM; i++)
- {
+ if (j == 0) {
+ for (i = 0; i < ALGOR_NUM; i++) {
if (i != D_EVP)
- doit[i]=1;
- }
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=1;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=1;
+ doit[i] = 1;
+ }
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_doit[i] = 1;
+ for (i = 0; i < DSA_NUM; i++)
+ dsa_doit[i] = 1;
#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- ecdsa_doit[i]=1;
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- ecdh_doit[i]=1;
+ for (i = 0; i < EC_NUM; i++)
+ ecdh_doit[i] = 1;
#endif
- }
- for (i=0; i<ALGOR_NUM; i++)
- if (doit[i]) pr_header++;
+ }
+ for (i = 0; i < ALGOR_NUM; i++)
+ if (doit[i])
+ pr_header++;
if (usertime == 0 && !mr)
- BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
+ BIO_printf(bio_err, "You have chosen to measure elapsed time instead of user CPU time.\n");
#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
- {
+ for (i = 0; i < RSA_NUM; i++) {
const unsigned char *p;
- p=rsa_data[i];
- rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
- if (rsa_key[i] == NULL)
- {
- BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
+ p = rsa_data[i];
+ rsa_key[i] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[i]);
+ if (rsa_key[i] == NULL) {
+ BIO_printf(bio_err, "internal error loading RSA key number %d\n", i);
goto end;
- }
+ }
#if 0
- else
- {
- BIO_printf(bio_err,mr ? "+RK:%d:"
- : "Loaded RSA key, %d bit modulus and e= 0x",
- BN_num_bits(rsa_key[i]->n));
- BN_print(bio_err,rsa_key[i]->e);
- BIO_printf(bio_err,"\n");
- }
-#endif
+ else {
+ BIO_printf(bio_err, mr ? "+RK:%d:"
+ : "Loaded RSA key, %d bit modulus and e= 0x",
+ BN_num_bits(rsa_key[i]->n));
+ BN_print(bio_err, rsa_key[i]->e);
+ BIO_printf(bio_err, "\n");
}
#endif
+ }
+#endif
#ifndef OPENSSL_NO_DSA
- dsa_key[0]=get_dsa512();
- dsa_key[1]=get_dsa1024();
- dsa_key[2]=get_dsa2048();
+ dsa_key[0] = get_dsa512();
+ dsa_key[1] = get_dsa1024();
+ dsa_key[2] = get_dsa2048();
#endif
#ifndef OPENSSL_NO_DES
- DES_set_key_unchecked(&key,&sch);
- DES_set_key_unchecked(&key2,&sch2);
- DES_set_key_unchecked(&key3,&sch3);
+ DES_set_key_unchecked(&key, &sch);
+ DES_set_key_unchecked(&key2, &sch2);
+ DES_set_key_unchecked(&key3, &sch3);
#endif
#ifndef OPENSSL_NO_AES
- AES_set_encrypt_key(key16,128,&aes_ks1);
- AES_set_encrypt_key(key24,192,&aes_ks2);
- AES_set_encrypt_key(key32,256,&aes_ks3);
+ AES_set_encrypt_key(key16, 128, &aes_ks1);
+ AES_set_encrypt_key(key24, 192, &aes_ks2);
+ AES_set_encrypt_key(key32, 256, &aes_ks3);
#endif
#ifndef OPENSSL_NO_CAMELLIA
- Camellia_set_key(key16,128,&camellia_ks1);
- Camellia_set_key(ckey24,192,&camellia_ks2);
- Camellia_set_key(ckey32,256,&camellia_ks3);
+ Camellia_set_key(key16, 128, &camellia_ks1);
+ Camellia_set_key(ckey24, 192, &camellia_ks2);
+ Camellia_set_key(ckey32, 256, &camellia_ks3);
#endif
#ifndef OPENSSL_NO_IDEA
- idea_set_encrypt_key(key16,&idea_ks);
+ idea_set_encrypt_key(key16, &idea_ks);
#endif
#ifndef OPENSSL_NO_SEED
- SEED_set_key(key16,&seed_ks);
+ SEED_set_key(key16, &seed_ks);
#endif
#ifndef OPENSSL_NO_RC4
- RC4_set_key(&rc4_ks,16,key16);
+ RC4_set_key(&rc4_ks, 16, key16);
#endif
#ifndef OPENSSL_NO_RC2
- RC2_set_key(&rc2_ks,16,key16,128);
+ RC2_set_key(&rc2_ks, 16, key16, 128);
#endif
#ifndef OPENSSL_NO_RC5
- RC5_32_set_key(&rc5_ks,16,key16,12);
+ RC5_32_set_key(&rc5_ks, 16, key16, 12);
#endif
#ifndef OPENSSL_NO_BF
- BF_set_key(&bf_ks,16,key16);
+ BF_set_key(&bf_ks, 16, key16);
#endif
#ifndef OPENSSL_NO_CAST
- CAST_set_key(&cast_ks,16,key16);
+ CAST_set_key(&cast_ks, 16, key16);
#endif
#ifndef OPENSSL_NO_RSA
- memset(rsa_c,0,sizeof(rsa_c));
+ memset(rsa_c, 0, sizeof(rsa_c));
#endif
#ifndef SIGALRM
#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
- count=10;
- do {
+ BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+ count = 10;
+ do {
long it;
- count*=2;
+ count *= 2;
Time_F(START);
- for (it=count; it; it--)
- DES_ecb_encrypt((DES_cblock *)buf,
- (DES_cblock *)buf,
- &sch,DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d <3);
- save_count=count;
- c[D_MD2][0]=count/10;
- c[D_MDC2][0]=count/10;
- c[D_MD4][0]=count;
- c[D_MD5][0]=count;
- c[D_HMAC][0]=count;
- c[D_SHA1][0]=count;
- c[D_RMD160][0]=count;
- c[D_RC4][0]=count*5;
- c[D_CBC_DES][0]=count;
- c[D_EDE3_DES][0]=count/3;
- c[D_CBC_IDEA][0]=count;
- c[D_CBC_SEED][0]=count;
- c[D_CBC_RC2][0]=count;
- c[D_CBC_RC5][0]=count;
- c[D_CBC_BF][0]=count;
- c[D_CBC_CAST][0]=count;
- c[D_CBC_128_AES][0]=count;
- c[D_CBC_192_AES][0]=count;
- c[D_CBC_256_AES][0]=count;
- c[D_CBC_128_CML][0]=count;
- c[D_CBC_192_CML][0]=count;
- c[D_CBC_256_CML][0]=count;
- c[D_SHA256][0]=count;
- c[D_SHA512][0]=count;
- c[D_WHIRLPOOL][0]=count;
- c[D_IGE_128_AES][0]=count;
- c[D_IGE_192_AES][0]=count;
- c[D_IGE_256_AES][0]=count;
- c[D_GHASH][0]=count;
-
- for (i=1; i<SIZE_NUM; i++)
- {
- c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
- c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
- c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
- c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
- c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
- c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
- c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
- c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
- c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
- c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i];
- }
- for (i=1; i<SIZE_NUM; i++)
- {
- long l0,l1;
-
- l0=(long)lengths[i-1];
- l1=(long)lengths[i];
- c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
- c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
- c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
- c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
- c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
- c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
- c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
- c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
- c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
- c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
- c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
- c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
- c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
- c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
- c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
- c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
- c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
- c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
- }
+ for (it = count; it; it--)
+ DES_ecb_encrypt((DES_cblock *) buf,
+ (DES_cblock *) buf,
+ &sch, DES_ENCRYPT);
+ d = Time_F(STOP);
+ } while (d < 3);
+ save_count = count;
+ c[D_MD2][0] = count / 10;
+ c[D_MDC2][0] = count / 10;
+ c[D_MD4][0] = count;
+ c[D_MD5][0] = count;
+ c[D_HMAC][0] = count;
+ c[D_SHA1][0] = count;
+ c[D_RMD160][0] = count;
+ c[D_RC4][0] = count * 5;
+ c[D_CBC_DES][0] = count;
+ c[D_EDE3_DES][0] = count / 3;
+ c[D_CBC_IDEA][0] = count;
+ c[D_CBC_SEED][0] = count;
+ c[D_CBC_RC2][0] = count;
+ c[D_CBC_RC5][0] = count;
+ c[D_CBC_BF][0] = count;
+ c[D_CBC_CAST][0] = count;
+ c[D_CBC_128_AES][0] = count;
+ c[D_CBC_192_AES][0] = count;
+ c[D_CBC_256_AES][0] = count;
+ c[D_CBC_128_CML][0] = count;
+ c[D_CBC_192_CML][0] = count;
+ c[D_CBC_256_CML][0] = count;
+ c[D_SHA256][0] = count;
+ c[D_SHA512][0] = count;
+ c[D_WHIRLPOOL][0] = count;
+ c[D_IGE_128_AES][0] = count;
+ c[D_IGE_192_AES][0] = count;
+ c[D_IGE_256_AES][0] = count;
+ c[D_GHASH][0] = count;
+
+ for (i = 1; i < SIZE_NUM; i++) {
+ c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
+ c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
+ c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
+ c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
+ c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
+ c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
+ c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * lengths[0] / lengths[i];
+ }
+ for (i = 1; i < SIZE_NUM; i++) {
+ long l0, l1;
+
+ l0 = (long) lengths[i - 1];
+ l1 = (long) lengths[i];
+ c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+ c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+ c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+ c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+ c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+ c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+ c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+ c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+ c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+ c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+ c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+ c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+ c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+ c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+ c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+ c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+ c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+ c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+ }
#ifndef OPENSSL_NO_RSA
- rsa_c[R_RSA_512][0]=count/2000;
- rsa_c[R_RSA_512][1]=count/400;
- for (i=1; i<RSA_NUM; i++)
- {
- rsa_c[i][0]=rsa_c[i-1][0]/8;
- rsa_c[i][1]=rsa_c[i-1][1]/4;
+ rsa_c[R_RSA_512][0] = count / 2000;
+ rsa_c[R_RSA_512][1] = count / 400;
+ for (i = 1; i < RSA_NUM; i++) {
+ rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+ rsa_c[i][1] = rsa_c[i - 1][1] / 4;
if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
- rsa_doit[i]=0;
- else
- {
- if (rsa_c[i][0] == 0)
- {
- rsa_c[i][0]=1;
- rsa_c[i][1]=20;
- }
- }
+ rsa_doit[i] = 0;
+ else {
+ if (rsa_c[i][0] == 0) {
+ rsa_c[i][0] = 1;
+ rsa_c[i][1] = 20;
+ }
}
+ }
#endif
#ifndef OPENSSL_NO_DSA
- dsa_c[R_DSA_512][0]=count/1000;
- dsa_c[R_DSA_512][1]=count/1000/2;
- for (i=1; i<DSA_NUM; i++)
- {
- dsa_c[i][0]=dsa_c[i-1][0]/4;
- dsa_c[i][1]=dsa_c[i-1][1]/4;
+ dsa_c[R_DSA_512][0] = count / 1000;
+ dsa_c[R_DSA_512][1] = count / 1000 / 2;
+ for (i = 1; i < DSA_NUM; i++) {
+ dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+ dsa_c[i][1] = dsa_c[i - 1][1] / 4;
if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
- dsa_doit[i]=0;
- else
- {
- if (dsa_c[i] == 0)
- {
- dsa_c[i][0]=1;
- dsa_c[i][1]=1;
- }
- }
+ dsa_doit[i] = 0;
+ else {
+ if (dsa_c[i] == 0) {
+ dsa_c[i][0] = 1;
+ dsa_c[i][1] = 1;
+ }
}
+ }
#endif
#ifndef OPENSSL_NO_ECDSA
- ecdsa_c[R_EC_P160][0]=count/1000;
- ecdsa_c[R_EC_P160][1]=count/1000/2;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ ecdsa_c[R_EC_P160][0] = count / 1000;
+ ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
}
}
- ecdsa_c[R_EC_K163][0]=count/1000;
- ecdsa_c[R_EC_K163][1]=count/1000/2;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ }
+ ecdsa_c[R_EC_K163][0] = count / 1000;
+ ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
}
}
- ecdsa_c[R_EC_B163][0]=count/1000;
- ecdsa_c[R_EC_B163][1]=count/1000/2;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+ }
+ ecdsa_c[R_EC_B163][0] = count / 1000;
+ ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
}
}
+ }
#endif
#ifndef OPENSSL_NO_ECDH
- ecdh_c[R_EC_P160][0]=count/1000;
- ecdh_c[R_EC_P160][1]=count/1000;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ ecdh_c[R_EC_P160][0] = count / 1000;
+ ecdh_c[R_EC_P160][1] = count / 1000;
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
}
}
- ecdh_c[R_EC_K163][0]=count/1000;
- ecdh_c[R_EC_K163][1]=count/1000;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ }
+ ecdh_c[R_EC_K163][0] = count / 1000;
+ ecdh_c[R_EC_K163][1] = count / 1000;
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
}
}
- ecdh_c[R_EC_B163][0]=count/1000;
- ecdh_c[R_EC_B163][1]=count/1000;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+ }
+ ecdh_c[R_EC_B163][0] = count / 1000;
+ ecdh_c[R_EC_B163][1] = count / 1000;
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
}
}
+ }
#endif
#define COND(d) (count < (d))
#define COUNT(d) (d)
#else
/* not worth fixing */
-# error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
+#error "You cannot disable DES on systems without SIGALRM."
+#endif /* OPENSSL_NO_DES */
#else
#define COND(c) (run && count<0x7fffffff)
#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
-#endif /* SIGALRM */
+ signal(SIGALRM, sig_done);
+#endif /* SIGALRM */
#ifndef OPENSSL_NO_MD2
- if (doit[D_MD2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+ if (doit[D_MD2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_MD2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
- d=Time_F(STOP);
- print_result(D_MD2,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_MD2][j]); count++)
+ EVP_Digest(buf, (unsigned long) lengths[j], &(md2[0]), NULL, EVP_md2(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD2, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_MDC2
- if (doit[D_MDC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+ if (doit[D_MDC2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_MDC2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
- d=Time_F(STOP);
- print_result(D_MDC2,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
+ EVP_Digest(buf, (unsigned long) lengths[j], &(mdc2[0]), NULL, EVP_mdc2(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MDC2, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_MD4
- if (doit[D_MD4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+ if (doit[D_MD4]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_MD4][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
- d=Time_F(STOP);
- print_result(D_MD4,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
+ EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD4, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_MD5
- if (doit[D_MD5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+ if (doit[D_MD5]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_MD5][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
- d=Time_F(STOP);
- print_result(D_MD5,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
+ EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md5[0]), NULL, EVP_get_digestbyname("md5"), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD5, j, count, d);
}
+ }
#endif
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
- if (doit[D_HMAC])
- {
+ if (doit[D_HMAC]) {
HMAC_CTX hctx;
HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
- 16,EVP_md5(), NULL);
+ HMAC_Init_ex(&hctx, (unsigned char *) "This is a key...",
+ 16, EVP_md5(), NULL);
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_HMAC][j]); count++)
- {
- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
- HMAC_Update(&hctx,buf,lengths[j]);
- HMAC_Final(&hctx,&(hmac[0]),NULL);
- }
- d=Time_F(STOP);
- print_result(D_HMAC,j,count,d);
+ for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
+ HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
+ HMAC_Update(&hctx, buf, lengths[j]);
+ HMAC_Final(&hctx, &(hmac[0]), NULL);
}
- HMAC_CTX_cleanup(&hctx);
+ d = Time_F(STOP);
+ print_result(D_HMAC, j, count, d);
}
+ HMAC_CTX_cleanup(&hctx);
+ }
#endif
#ifndef OPENSSL_NO_SHA
- if (doit[D_SHA1])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+ if (doit[D_SHA1]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_SHA1][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
- d=Time_F(STOP);
- print_result(D_SHA1,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
+ EVP_Digest(buf, (unsigned long) lengths[j], &(sha[0]), NULL, EVP_sha1(), NULL);
+ d = Time_F(STOP);
+ print_result(D_SHA1, j, count, d);
}
-
+ }
#ifndef OPENSSL_NO_SHA256
- if (doit[D_SHA256])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
+ if (doit[D_SHA256]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_SHA256][j]); count++)
- SHA256(buf,lengths[j],sha256);
- d=Time_F(STOP);
- print_result(D_SHA256,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_SHA256][j]); count++)
+ SHA256(buf, lengths[j], sha256);
+ d = Time_F(STOP);
+ print_result(D_SHA256, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_SHA512
- if (doit[D_SHA512])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
+ if (doit[D_SHA512]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_SHA512][j]); count++)
- SHA512(buf,lengths[j],sha512);
- d=Time_F(STOP);
- print_result(D_SHA512,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_SHA512][j]); count++)
+ SHA512(buf, lengths[j], sha512);
+ d = Time_F(STOP);
+ print_result(D_SHA512, j, count, d);
}
+ }
#endif
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
- if (doit[D_WHIRLPOOL])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
+ if (doit[D_WHIRLPOOL]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++)
- WHIRLPOOL(buf,lengths[j],whirlpool);
- d=Time_F(STOP);
- print_result(D_WHIRLPOOL,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_WHIRLPOOL][j]); count++)
+ WHIRLPOOL(buf, lengths[j], whirlpool);
+ d = Time_F(STOP);
+ print_result(D_WHIRLPOOL, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_RIPEMD
- if (doit[D_RMD160])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+ if (doit[D_RMD160]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_RMD160][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
- d=Time_F(STOP);
- print_result(D_RMD160,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_RMD160][j]); count++)
+ EVP_Digest(buf, (unsigned long) lengths[j], &(rmd160[0]), NULL, EVP_ripemd160(), NULL);
+ d = Time_F(STOP);
+ print_result(D_RMD160, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_RC4
- if (doit[D_RC4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
+ if (doit[D_RC4]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_RC4][j]); count++)
- RC4(&rc4_ks,(unsigned int)lengths[j],
- buf,buf);
- d=Time_F(STOP);
- print_result(D_RC4,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_RC4][j]); count++)
+ RC4(&rc4_ks, (unsigned int) lengths[j],
+ buf, buf);
+ d = Time_F(STOP);
+ print_result(D_RC4, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_DES
- if (doit[D_CBC_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
+ if (doit[D_CBC_DES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
- DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_DES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++)
+ DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
+ &DES_iv, DES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_DES, j, count, d);
}
-
- if (doit[D_EDE3_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
+ }
+ if (doit[D_EDE3_DES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
- DES_ede3_cbc_encrypt(buf,buf,lengths[j],
- &sch,&sch2,&sch3,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_EDE3_DES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++)
+ DES_ede3_cbc_encrypt(buf, buf, lengths[j],
+ &sch, &sch2, &sch3,
+ &DES_iv, DES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_EDE3_DES, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_AES
- if (doit[D_CBC_128_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
+ if (doit[D_CBC_128_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks1,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &aes_ks1,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_128_AES, j, count, d);
}
- if (doit[D_CBC_192_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
+ }
+ if (doit[D_CBC_192_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks2,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &aes_ks2,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_192_AES, j, count, d);
}
- if (doit[D_CBC_256_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
+ }
+ if (doit[D_CBC_256_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks3,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &aes_ks3,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_256_AES, j, count, d);
}
-
- if (doit[D_IGE_128_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
+ }
+ if (doit[D_IGE_128_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks1,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_128_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long) lengths[j], &aes_ks1,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_128_AES, j, count, d);
}
- if (doit[D_IGE_192_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
+ }
+ if (doit[D_IGE_192_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks2,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_192_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long) lengths[j], &aes_ks2,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_192_AES, j, count, d);
}
- if (doit[D_IGE_256_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
+ }
+ if (doit[D_IGE_256_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks3,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_256_AES,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long) lengths[j], &aes_ks3,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_256_AES, j, count, d);
}
- if (doit[D_GHASH])
- {
- GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1,(block128_f)AES_encrypt);
- CRYPTO_gcm128_setiv (ctx,(unsigned char *)"0123456789ab",12);
+ }
+ if (doit[D_GHASH]) {
+ GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
+ CRYPTO_gcm128_setiv(ctx, (unsigned char *) "0123456789ab", 12);
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_GHASH],c[D_GHASH][j],lengths[j]);
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_GHASH][j]); count++)
- CRYPTO_gcm128_aad(ctx,buf,lengths[j]);
- d=Time_F(STOP);
- print_result(D_GHASH,j,count,d);
- }
- CRYPTO_gcm128_release(ctx);
+ for (count = 0, run = 1; COND(c[D_GHASH][j]); count++)
+ CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
+ d = Time_F(STOP);
+ print_result(D_GHASH, j, count, d);
}
-
+ CRYPTO_gcm128_release(ctx);
+ }
#endif
#ifndef OPENSSL_NO_CAMELLIA
- if (doit[D_CBC_128_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
+ if (doit[D_CBC_128_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks1,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_CML,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &camellia_ks1,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_128_CML, j, count, d);
}
- if (doit[D_CBC_192_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
+ }
+ if (doit[D_CBC_192_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks2,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_CML,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &camellia_ks2,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_192_CML, j, count, d);
}
- if (doit[D_CBC_256_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
+ }
+ if (doit[D_CBC_256_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks3,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_CML,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &camellia_ks3,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_256_CML, j, count, d);
}
-
+ }
#endif
#ifndef OPENSSL_NO_IDEA
- if (doit[D_CBC_IDEA])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
+ if (doit[D_CBC_IDEA]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
- idea_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&idea_ks,
- iv,IDEA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_IDEA,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++)
+ idea_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &idea_ks,
+ iv, IDEA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_IDEA, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_SEED
- if (doit[D_CBC_SEED])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
+ if (doit[D_CBC_SEED]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
- SEED_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&seed_ks,iv,1);
- d=Time_F(STOP);
- print_result(D_CBC_SEED,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_SEED][j]); count++)
+ SEED_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &seed_ks, iv, 1);
+ d = Time_F(STOP);
+ print_result(D_CBC_SEED, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_RC2
- if (doit[D_CBC_RC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
+ if (doit[D_CBC_RC2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
- RC2_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc2_ks,
- iv,RC2_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC2,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++)
+ RC2_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &rc2_ks,
+ iv, RC2_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC2, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_RC5
- if (doit[D_CBC_RC5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
+ if (doit[D_CBC_RC5]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
- RC5_32_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc5_ks,
- iv,RC5_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC5,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_RC5][j]); count++)
+ RC5_32_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &rc5_ks,
+ iv, RC5_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC5, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_BF
- if (doit[D_CBC_BF])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
+ if (doit[D_CBC_BF]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
- BF_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&bf_ks,
- iv,BF_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_BF,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++)
+ BF_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &bf_ks,
+ iv, BF_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_BF, j, count, d);
}
+ }
#endif
#ifndef OPENSSL_NO_CAST
- if (doit[D_CBC_CAST])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
+ if (doit[D_CBC_CAST]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
- CAST_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&cast_ks,
- iv,CAST_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_CAST,j,count,d);
- }
+ for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++)
+ CAST_cbc_encrypt(buf, buf,
+ (unsigned long) lengths[j], &cast_ks,
+ iv, CAST_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_CAST, j, count, d);
}
+ }
#endif
- if (doit[D_EVP])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- if (evp_cipher)
- {
+ if (doit[D_EVP]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ if (evp_cipher) {
EVP_CIPHER_CTX ctx;
int outl;
- names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
- /* -O3 -fschedule-insns messes up an
- * optimization here! names[D_EVP]
- * somehow becomes NULL */
- print_message(names[D_EVP],save_count,
- lengths[j]);
+ names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
+ /*
+ * -O3 -fschedule-insns messes up an
+ * optimization here! names[D_EVP] somehow
+ * becomes NULL
+ */
+ print_message(names[D_EVP], save_count,
+ lengths[j]);
EVP_CIPHER_CTX_init(&ctx);
- if(decrypt)
- EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ if (decrypt)
+ EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
else
- EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
Time_F(START);
- if(decrypt)
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+ if (decrypt)
+ for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+ EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
else
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
- if(decrypt)
- EVP_DecryptFinal_ex(&ctx,buf,&outl);
+ for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+ EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+ if (decrypt)
+ EVP_DecryptFinal_ex(&ctx, buf, &outl);
else
- EVP_EncryptFinal_ex(&ctx,buf,&outl);
- d=Time_F(STOP);
+ EVP_EncryptFinal_ex(&ctx, buf, &outl);
+ d = Time_F(STOP);
EVP_CIPHER_CTX_cleanup(&ctx);
- }
- if (evp_md)
- {
- names[D_EVP]=OBJ_nid2ln(evp_md->type);
- print_message(names[D_EVP],save_count,
- lengths[j]);
+ }
+ if (evp_md) {
+ names[D_EVP] = OBJ_nid2ln(evp_md->type);
+ print_message(names[D_EVP], save_count,
+ lengths[j]);
Time_F(START);
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+ for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+ EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
- d=Time_F(STOP);
- }
- print_result(D_EVP,j,count,d);
+ d = Time_F(STOP);
}
+ print_result(D_EVP, j, count, d);
}
-
- RAND_pseudo_bytes(buf,36);
+ }
+ RAND_pseudo_bytes(buf, 36);
#ifndef OPENSSL_NO_RSA
- for (j=0; j<RSA_NUM; j++)
- {
+ for (j = 0; j < RSA_NUM; j++) {
int ret;
- if (!rsa_doit[j]) continue;
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
+ if (!rsa_doit[j])
+ continue;
+ ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, &rsa_num, rsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "RSA sign failure. No RSA sign will be done.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("private","rsa",
- rsa_c[j][0],rsa_bits[j],
- RSA_SECONDS);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("private", "rsa",
+ rsa_c[j][0], rsa_bits[j],
+ RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][0]); count++)
- {
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
- &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
+ for (count = 0, run = 1; COND(rsa_c[j][0]); count++) {
+ ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
+ &rsa_num, rsa_key[j]);
+ if (ret == 0) {
BIO_printf(bio_err,
- "RSA sign failure\n");
+ "RSA sign failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
- : "%ld %d bit private RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][0]=d/(double)count;
- rsa_count=count;
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %d bit private RSA's in %.2fs\n",
+ count, rsa_bits[j], d);
+ rsa_results[j][0] = d / (double) count;
+ rsa_count = count;
+ }
#if 1
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
+ ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err, "RSA verify failure. No RSA verify will be done.\n");
ERR_print_errors(bio_err);
rsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("public","rsa",
- rsa_c[j][1],rsa_bits[j],
- RSA_SECONDS);
+ } else {
+ pkey_print_message("public", "rsa",
+ rsa_c[j][1], rsa_bits[j],
+ RSA_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][1]); count++)
- {
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
- rsa_num, rsa_key[j]);
- if (ret <= 0)
- {
+ for (count = 0, run = 1; COND(rsa_c[j][1]); count++) {
+ ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
+ rsa_num, rsa_key[j]);
+ if (ret <= 0) {
BIO_printf(bio_err,
- "RSA verify failure\n");
+ "RSA verify failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
- : "%ld %d bit public RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][1]=d/(double)count;
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %d bit public RSA's in %.2fs\n",
+ count, rsa_bits[j], d);
+ rsa_results[j][1] = d / (double) count;
+ }
#endif
- if (rsa_count <= 1)
- {
+ if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (j++; j<RSA_NUM; j++)
- rsa_doit[j]=0;
- }
+ for (j++; j < RSA_NUM; j++)
+ rsa_doit[j] = 0;
}
+ }
#endif
- RAND_pseudo_bytes(buf,20);
+ RAND_pseudo_bytes(buf, 20);
#ifndef OPENSSL_NO_DSA
- if (RAND_status() != 1)
- {
+ if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
- }
- for (j=0; j<DSA_NUM; j++)
- {
+ }
+ for (j = 0; j < DSA_NUM; j++) {
unsigned int kk;
int ret;
- if (!dsa_doit[j]) continue;
+ if (!dsa_doit[j])
+ continue;
/* DSA_generate_key(dsa_key[j]); */
/* DSA_sign_setup(dsa_key[j],NULL); */
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
+ ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2,
+ &kk, dsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "DSA sign failure. No DSA sign will be done.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","dsa",
- dsa_c[j][0],dsa_bits[j],
- DSA_SECONDS);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "dsa",
+ dsa_c[j][0], dsa_bits[j],
+ DSA_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][0]); count++)
- {
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
+ for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
+ ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2,
+ &kk, dsa_key[j]);
+ if (ret == 0) {
BIO_printf(bio_err,
- "DSA sign failure\n");
+ "DSA sign failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
- : "%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][0]=d/(double)count;
- rsa_count=count;
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count, dsa_bits[j], d);
+ dsa_results[j][0] = d / (double) count;
+ rsa_count = count;
+ }
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
+ ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2,
+ kk, dsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err, "DSA verify failure. No DSA verify will be done.\n");
ERR_print_errors(bio_err);
dsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","dsa",
- dsa_c[j][1],dsa_bits[j],
- DSA_SECONDS);
+ } else {
+ pkey_print_message("verify", "dsa",
+ dsa_c[j][1], dsa_bits[j],
+ DSA_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][1]); count++)
- {
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
+ for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
+ ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2,
+ kk, dsa_key[j]);
+ if (ret <= 0) {
BIO_printf(bio_err,
- "DSA verify failure\n");
+ "DSA verify failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
- : "%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][1]=d/(double)count;
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count, dsa_bits[j], d);
+ dsa_results[j][1] = d / (double) count;
+ }
- if (rsa_count <= 1)
- {
+ if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (j++; j<DSA_NUM; j++)
- dsa_doit[j]=0;
- }
+ for (j++; j < DSA_NUM; j++)
+ dsa_doit[j] = 0;
}
- if (rnd_fake) RAND_cleanup();
+ }
+ if (rnd_fake)
+ RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDSA
- if (RAND_status() != 1)
- {
+ if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
+ }
+ for (j = 0; j < EC_NUM; j++) {
int ret;
- if (!ecdsa_doit[j]) continue; /* Ignore Curve */
+ if (!ecdsa_doit[j])
+ continue; /* Ignore Curve */
ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if (ecdsa[j] == NULL)
- {
- BIO_printf(bio_err,"ECDSA failure.\n");
+ if (ecdsa[j] == NULL) {
+ BIO_printf(bio_err, "ECDSA failure.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
+ rsa_count = 1;
+ } else {
#if 1
EC_KEY_precompute_mult(ecdsa[j], NULL);
#endif
/* Perform ECDSA signature test */
EC_KEY_generate_key(ecdsa[j]);
- ret = ECDSA_sign(0, buf, 20, ecdsasig,
- &ecdsasiglen, ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
+ ret = ECDSA_sign(0, buf, 20, ecdsasig,
+ &ecdsasiglen, ecdsa[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "ECDSA sign failure. No ECDSA sign will be done.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","ecdsa",
- ecdsa_c[j][0],
- test_curves_bits[j],
- ECDSA_SECONDS);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "ecdsa",
+ ecdsa_c[j][0],
+ test_curves_bits[j],
+ ECDSA_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][0]);
- count++)
- {
- ret=ECDSA_sign(0, buf, 20,
- ecdsasig, &ecdsasiglen,
- ecdsa[j]);
- if (ret == 0)
- {
+ for (count = 0, run = 1; COND(ecdsa_c[j][0]);
+ count++) {
+ ret = ECDSA_sign(0, buf, 20,
+ ecdsasig, &ecdsasiglen,
+ ecdsa[j]);
+ if (ret == 0) {
BIO_printf(bio_err, "ECDSA sign failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
+ }
+ d = Time_F(STOP);
BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
- "%ld %d bit ECDSA signs in %.2fs \n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
+ "%ld %d bit ECDSA signs in %.2fs \n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][0] = d / (double) count;
+ rsa_count = count;
+ }
/* Perform ECDSA verification test */
- ret=ECDSA_verify(0, buf, 20, ecdsasig,
- ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
+ ret = ECDSA_verify(0, buf, 20, ecdsasig,
+ ecdsasiglen, ecdsa[j]);
+ if (ret != 1) {
+ BIO_printf(bio_err, "ECDSA verify failure. No ECDSA verify will be done.\n");
ERR_print_errors(bio_err);
ecdsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","ecdsa",
- ecdsa_c[j][1],
- test_curves_bits[j],
- ECDSA_SECONDS);
+ } else {
+ pkey_print_message("verify", "ecdsa",
+ ecdsa_c[j][1],
+ test_curves_bits[j],
+ ECDSA_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
- {
- ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
+ for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) {
+ ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+ if (ret != 1) {
BIO_printf(bio_err, "ECDSA verify failure\n");
ERR_print_errors(bio_err);
- count=1;
+ count = 1;
break;
- }
}
- d=Time_F(STOP);
- BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
- : "%ld %d bit ECDSA verify in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][1]=d/(double)count;
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R6:%ld:%d:%.2f\n"
+ : "%ld %d bit ECDSA verify in %.2fs\n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][1] = d / (double) count;
+ }
- if (rsa_count <= 1)
- {
+ if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdsa_doit[j]=0;
- }
+ for (j++; j < EC_NUM; j++)
+ ecdsa_doit[j] = 0;
}
}
- if (rnd_fake) RAND_cleanup();
+ }
+ if (rnd_fake)
+ RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDH
- if (RAND_status() != 1)
- {
+ if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- if (!ecdh_doit[j]) continue;
+ }
+ for (j = 0; j < EC_NUM; j++) {
+ if (!ecdh_doit[j])
+ continue;
ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
- {
- BIO_printf(bio_err,"ECDH failure.\n");
+ if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) {
+ BIO_printf(bio_err, "ECDH failure.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
+ rsa_count = 1;
+ } else {
/* generate two ECDH key pairs */
if (!EC_KEY_generate_key(ecdh_a[j]) ||
- !EC_KEY_generate_key(ecdh_b[j]))
- {
- BIO_printf(bio_err,"ECDH key generation failure.\n");
+ !EC_KEY_generate_key(ecdh_b[j])) {
+ BIO_printf(bio_err, "ECDH key generation failure.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* If field size is not more than 24 octets, then use SHA-1 hash of result;
- * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
+ rsa_count = 1;
+ } else {
+ /*
+ * If field size is not more than 24 octets,
+ * then use SHA-1 hash of result; otherwise,
+ * use result (see section 4.8 of
+ * draft-ietf-tls-ecc-03.txt).
*/
int field_size, outlen;
- void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
+ void *(*kdf) (const void *in, size_t inlen, void *out, size_t * xoutlen);
field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
- if (field_size <= 24 * 8)
- {
+ if (field_size <= 24 * 8) {
outlen = KDF1_SHA1_len;
kdf = KDF1_SHA1;
- }
- else
- {
- outlen = (field_size+7)/8;
+ } else {
+ outlen = (field_size + 7) / 8;
kdf = NULL;
- }
+ }
secret_size_a = ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
secret_size_b = ECDH_compute_key(secret_b, outlen,
- EC_KEY_get0_public_key(ecdh_a[j]),
- ecdh_b[j], kdf);
- if (secret_size_a != secret_size_b)
+ EC_KEY_get0_public_key(ecdh_a[j]),
+ ecdh_b[j], kdf);
+ if (secret_size_a != secret_size_b)
ecdh_checks = 0;
else
ecdh_checks = 1;
- for (secret_idx = 0;
+ for (secret_idx = 0;
(secret_idx < secret_size_a)
- && (ecdh_checks == 1);
- secret_idx++)
- {
+ && (ecdh_checks == 1);
+ secret_idx++) {
if (secret_a[secret_idx] != secret_b[secret_idx])
- ecdh_checks = 0;
- }
+ ecdh_checks = 0;
+ }
- if (ecdh_checks == 0)
- {
- BIO_printf(bio_err,"ECDH computations don't match.\n");
+ if (ecdh_checks == 0) {
+ BIO_printf(bio_err, "ECDH computations don't match.\n");
ERR_print_errors(bio_err);
- rsa_count=1;
- }
-
- pkey_print_message("","ecdh",
- ecdh_c[j][0],
- test_curves_bits[j],
- ECDH_SECONDS);
+ rsa_count = 1;
+ }
+ pkey_print_message("", "ecdh",
+ ecdh_c[j][0],
+ test_curves_bits[j],
+ ECDH_SECONDS);
Time_F(START);
- for (count=0,run=1; COND(ecdh_c[j][0]); count++)
- {
+ for (count = 0, run = 1; COND(ecdh_c[j][0]); count++) {
ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdh_results[j][0]=d/(double)count;
- rsa_count=count;
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
}
+ d = Time_F(STOP);
+ BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" : "%ld %d-bit ECDH ops in %.2fs\n",
+ count, test_curves_bits[j], d);
+ ecdh_results[j][0] = d / (double) count;
+ rsa_count = count;
}
+ }
- if (rsa_count <= 1)
- {
+ if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdh_doit[j]=0;
- }
+ for (j++; j < EC_NUM; j++)
+ ecdh_doit[j] = 0;
}
- if (rnd_fake) RAND_cleanup();
+ }
+ if (rnd_fake)
+ RAND_cleanup();
#endif
#ifndef NO_FORK
show_res:
#endif
- if(!mr)
- {
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+ if (!mr) {
+ fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
+ fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
printf("options:");
- printf("%s ",BN_options());
+ printf("%s ", BN_options());
#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
+ printf("%s ", MD2_options());
#endif
#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
+ printf("%s ", RC4_options());
#endif
#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
+ printf("%s ", DES_options());
#endif
#ifndef OPENSSL_NO_AES
- printf("%s ",AES_options());
+ printf("%s ", AES_options());
#endif
#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
+ printf("%s ", idea_options());
#endif
#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
+ printf("%s ", BF_options());
#endif
- fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
- }
-
- if (pr_header)
- {
- if(mr)
- fprintf(stdout,"+H");
- else
- {
- fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
- fprintf(stdout,"type ");
- }
- for (j=0; j<SIZE_NUM; j++)
- fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
- fprintf(stdout,"\n");
+ fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
+ }
+ if (pr_header) {
+ if (mr)
+ fprintf(stdout, "+H");
+ else {
+ fprintf(stdout, "The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout, "type ");
}
-
- for (k=0; k<ALGOR_NUM; k++)
- {
- if (!doit[k]) continue;
- if(mr)
- fprintf(stdout,"+F:%d:%s",k,names[k]);
+ for (j = 0; j < SIZE_NUM; j++)
+ fprintf(stdout, mr ? ":%d" : "%7d bytes", lengths[j]);
+ fprintf(stdout, "\n");
+ }
+ for (k = 0; k < ALGOR_NUM; k++) {
+ if (!doit[k])
+ continue;
+ if (mr)
+ fprintf(stdout, "+F:%d:%s", k, names[k]);
else
- fprintf(stdout,"%-13s",names[k]);
- for (j=0; j<SIZE_NUM; j++)
- {
+ fprintf(stdout, "%-13s", names[k]);
+ for (j = 0; j < SIZE_NUM; j++) {
if (results[k][j] > 10000 && !mr)
- fprintf(stdout," %11.2fk",results[k][j]/1e3);
+ fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
else
- fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
- }
- fprintf(stdout,"\n");
+ fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
}
+ fprintf(stdout, "\n");
+ }
#ifndef OPENSSL_NO_RSA
- j=1;
- for (k=0; k<RSA_NUM; k++)
- {
- if (!rsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
- k,rsa_bits[k],rsa_results[k][0],
- rsa_results[k][1]);
- else
- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
+ j = 1;
+ for (k = 0; k < RSA_NUM; k++) {
+ if (!rsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%18ssign verify sign/s verify/s\n", " ");
+ j = 0;
}
+ if (mr)
+ fprintf(stdout, "+F2:%u:%u:%f:%f\n",
+ k, rsa_bits[k], rsa_results[k][0],
+ rsa_results[k][1]);
+ else
+ fprintf(stdout, "rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
+ 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
+ }
#endif
#ifndef OPENSSL_NO_DSA
- j=1;
- for (k=0; k<DSA_NUM; k++)
- {
- if (!dsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
- else
- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+ j = 1;
+ for (k = 0; k < DSA_NUM; k++) {
+ if (!dsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%18ssign verify sign/s verify/s\n", " ");
+ j = 0;
}
+ if (mr)
+ fprintf(stdout, "+F3:%u:%u:%f:%f\n",
+ k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+ else
+ fprintf(stdout, "dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
+ 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
+ }
#endif
#ifndef OPENSSL_NO_ECDSA
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30ssign verify sign/s verify/s\n"," ");
- j=0;
- }
-
+ j = 1;
+ for (k = 0; k < EC_NUM; k++) {
+ if (!ecdsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%30ssign verify sign/s verify/s\n", " ");
+ j = 0;
+ }
if (mr)
- fprintf(stdout,"+F4:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdsa_results[k][0],ecdsa_results[k][1]);
+ fprintf(stdout, "+F4:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdsa_results[k][0], ecdsa_results[k][1]);
else
fprintf(stdout,
- "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdsa_results[k][0],ecdsa_results[k][1],
- 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
- }
+ "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdsa_results[k][0], ecdsa_results[k][1],
+ 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+ }
#endif
#ifndef OPENSSL_NO_ECDH
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdh_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30sop op/s\n"," ");
- j=0;
- }
+ j = 1;
+ for (k = 0; k < EC_NUM; k++) {
+ if (!ecdh_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%30sop op/s\n", " ");
+ j = 0;
+ }
if (mr)
- fprintf(stdout,"+F5:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
+ fprintf(stdout, "+F5:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
else
- fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
- }
+ fprintf(stdout, "%4u bit ecdh (%s) %8.4fs %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+ }
#endif
- mret=0;
+ mret = 0;
end:
ERR_print_errors(bio_err);
- if (buf != NULL) free(buf);
- if (buf2 != NULL) free(buf2);
+ if (buf != NULL)
+ free(buf);
+ if (buf2 != NULL)
+ free(buf2);
#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
+ for (i = 0; i < RSA_NUM; i++)
if (rsa_key[i] != NULL)
RSA_free(rsa_key[i]);
#endif
#ifndef OPENSSL_NO_DSA
- for (i=0; i<DSA_NUM; i++)
+ for (i = 0; i < DSA_NUM; i++)
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
+ for (i = 0; i < EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
#endif
#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
+ for (i = 0; i < EC_NUM; i++) {
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
if (ecdh_b[i] != NULL)
#endif
apps_shutdown();
- return(mret);
- }
+ return (mret);
+}
-static void print_message(const char *s, long num, int length)
- {
+static void
+print_message(const char *s, long num, int length)
+{
#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
- : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
- (void)BIO_flush(bio_err);
+ BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n"
+ : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
+ (void) BIO_flush(bio_err);
alarm(SECONDS);
#else
- BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
- : "Doing %s %ld times on %d size blocks: ",s,num,length);
- (void)BIO_flush(bio_err);
+ BIO_printf(bio_err, mr ? "+DN:%s:%ld:%d\n"
+ : "Doing %s %ld times on %d size blocks: ", s, num, length);
+ (void) BIO_flush(bio_err);
#endif
#ifdef LINT
- num=num;
+ num = num;
#endif
- }
+}
-static void pkey_print_message(const char *str, const char *str2, long num,
- int bits, int tm)
- {
+static void
+pkey_print_message(const char *str, const char *str2, long num,
+ int bits, int tm)
+{
#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
- : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
- (void)BIO_flush(bio_err);
+ BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n"
+ : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
+ (void) BIO_flush(bio_err);
alarm(tm);
#else
- BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
- : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
- (void)BIO_flush(bio_err);
+ BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n"
+ : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
+ (void) BIO_flush(bio_err);
#endif
#ifdef LINT
- num=num;
+ num = num;
#endif
+}
+
+static void
+print_result(int alg, int run_no, int count, double time_used)
+{
+ BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
+ : "%d %s's in %.2fs\n", count, names[alg], time_used);
+ results[alg][run_no] = ((double) count) / time_used * lengths[run_no];
+}
+
+#ifndef NO_FORK
+static char *
+sstrsep(char **string, const char *delim)
+{
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, sizeof isdelim);
+ isdelim[0] = 1;
+
+ while (*delim) {
+ isdelim[(unsigned char) (*delim)] = 1;
+ delim++;
}
-static void print_result(int alg,int run_no,int count,double time_used)
- {
- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n",count,names[alg],time_used);
- results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+ while (!isdelim[(unsigned char) (**string)]) {
+ (*string)++;
}
-#ifndef NO_FORK
-static char *sstrsep(char **string, const char *delim)
- {
- char isdelim[256];
- char *token = *string;
-
- if (**string == 0)
- return NULL;
-
- memset(isdelim, 0, sizeof isdelim);
- isdelim[0] = 1;
-
- while (*delim)
- {
- isdelim[(unsigned char)(*delim)] = 1;
- delim++;
- }
-
- while (!isdelim[(unsigned char)(**string)])
- {
- (*string)++;
- }
-
- if (**string)
- {
- **string = 0;
- (*string)++;
- }
-
- return token;
- }
-
-static int do_multi(int multi)
- {
+ if (**string) {
+ **string = 0;
+ (*string)++;
+ }
+ return token;
+}
+
+static int
+do_multi(int multi)
+{
int n;
int fd[2];
int *fds;
- static char sep[]=":";
+ static char sep[] = ":";
- fds=malloc(multi*sizeof *fds);
- for(n=0 ; n < multi ; ++n)
- {
- if (pipe(fd) == -1)
- {
+ fds = malloc(multi * sizeof *fds);
+ for (n = 0; n < multi; ++n) {
+ if (pipe(fd) == -1) {
fprintf(stderr, "pipe failure\n");
exit(1);
- }
+ }
fflush(stdout);
fflush(stderr);
- if(fork())
- {
+ if (fork()) {
close(fd[1]);
- fds[n]=fd[0];
- }
- else
- {
+ fds[n] = fd[0];
+ } else {
close(fd[0]);
close(1);
- if (dup(fd[1]) == -1)
- {
+ if (dup(fd[1]) == -1) {
fprintf(stderr, "dup failed\n");
exit(1);
- }
+ }
close(fd[1]);
- mr=1;
- usertime=0;
+ mr = 1;
+ usertime = 0;
free(fds);
return 0;
- }
- printf("Forked child %d\n",n);
}
+ printf("Forked child %d\n", n);
+ }
/* for now, assume the pipe is long enough to take all the output */
- for(n=0 ; n < multi ; ++n)
- {
+ for (n = 0; n < multi; ++n) {
FILE *f;
char buf[1024];
char *p;
- f=fdopen(fds[n],"r");
- while(fgets(buf,sizeof buf,f))
- {
- p=strchr(buf,'\n');
- if(p)
- *p='\0';
- if(buf[0] != '+')
- {
- fprintf(stderr,"Don't understand line '%s' from child %d\n",
- buf,n);
+ f = fdopen(fds[n], "r");
+ while (fgets(buf, sizeof buf, f)) {
+ p = strchr(buf, '\n');
+ if (p)
+ *p = '\0';
+ if (buf[0] != '+') {
+ fprintf(stderr, "Don't understand line '%s' from child %d\n",
+ buf, n);
continue;
- }
- printf("Got: %s from %d\n",buf,n);
- if(!strncmp(buf,"+F:",3))
- {
+ }
+ printf("Got: %s from %d\n", buf, n);
+ if (!strncmp(buf, "+F:", 3)) {
int alg;
int j;
- p=buf+3;
- alg=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
- for(j=0 ; j < SIZE_NUM ; ++j)
- results[alg][j]+=atof(sstrsep(&p,sep));
- }
- else if(!strncmp(buf,"+F2:",4))
- {
+ p = buf + 3;
+ alg = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+ for (j = 0; j < SIZE_NUM; ++j)
+ results[alg][j] += atof(sstrsep(&p, sep));
+ } else if (!strncmp(buf, "+F2:", 4)) {
int k;
double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
else
- rsa_results[k][0]=d;
+ rsa_results[k][0] = d;
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
else
- rsa_results[k][1]=d;
- }
- else if(!strncmp(buf,"+F2:",4))
- {
+ rsa_results[k][1] = d;
+ } else if (!strncmp(buf, "+F2:", 4)) {
int k;
double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
else
- rsa_results[k][0]=d;
+ rsa_results[k][0] = d;
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
else
- rsa_results[k][1]=d;
- }
+ rsa_results[k][1] = d;
+ }
#ifndef OPENSSL_NO_DSA
- else if(!strncmp(buf,"+F3:",4))
- {
+ else if (!strncmp(buf, "+F3:", 4)) {
int k;
double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
else
- dsa_results[k][0]=d;
+ dsa_results[k][0] = d;
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
else
- dsa_results[k][1]=d;
- }
+ dsa_results[k][1] = d;
+ }
#endif
#ifndef OPENSSL_NO_ECDSA
- else if(!strncmp(buf,"+F4:",4))
- {
+ else if (!strncmp(buf, "+F4:", 4)) {
int k;
double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdsa_results[k][0] = 1 / (1 / ecdsa_results[k][0] + 1 / d);
else
- ecdsa_results[k][0]=d;
+ ecdsa_results[k][0] = d;
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdsa_results[k][1] = 1 / (1 / ecdsa_results[k][1] + 1 / d);
else
- ecdsa_results[k][1]=d;
- }
-#endif
+ ecdsa_results[k][1] = d;
+ }
+#endif
#ifndef OPENSSL_NO_ECDH
- else if(!strncmp(buf,"+F5:",4))
- {
+ else if (!strncmp(buf, "+F5:", 4)) {
int k;
double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
else
- ecdh_results[k][0]=d;
+ ecdh_results[k][0] = d;
- }
+ }
#endif
- else if(!strncmp(buf,"+H:",3))
- {
- }
- else
- fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
- }
+ else if (!strncmp(buf, "+H:", 3)) {
+ } else
+ fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n);
+ }
fclose(f);
- }
+ }
free(fds);
return 1;
- }
+}
#endif
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
- int i,badops=0, ret = 1;
- BIO *in = NULL,*out = NULL;
- int verify=0,noout=0,pubkey=0;
- char *infile = NULL,*outfile = NULL,*prog;
+ int i, badops = 0, ret = 1;
+ BIO *in = NULL, *out = NULL;
+ int verify = 0, noout = 0, pubkey = 0;
+ char *infile = NULL, *outfile = NULL, *prog;
char *passargin = NULL, *passin = NULL;
const char *spkac = "SPKAC", *spksect = "default";
char *spkstr = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
apps_startup();
- if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (!bio_err)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- prog=argv[0];
+ prog = argv[0];
argc--;
argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-challenge") == 0)
- {
- if (--argc < 1) goto bad;
- challenge= *(++argv);
- }
- else if (strcmp(*argv,"-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac= *(++argv);
- }
- else if (strcmp(*argv,"-spksect") == 0)
- {
- if (--argc < 1) goto bad;
- spksect= *(++argv);
- }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-challenge") == 0) {
+ if (--argc < 1)
+ goto bad;
+ challenge = *(++argv);
+ } else if (strcmp(*argv, "-spkac") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spkac = *(++argv);
+ } else if (strcmp(*argv, "-spksect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spksect = *(++argv);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else badops = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-pubkey") == 0)
+ pubkey = 1;
+ else if (strcmp(*argv, "-verify") == 0)
+ verify = 1;
+ else
+ badops = 1;
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- BIO_printf(bio_err,"%s [options]\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -key arg create SPKAC using private key\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -challenge arg challenge string\n");
- BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
- BIO_printf(bio_err," -noout don't print SPKAC\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err, "%s [options]\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err, " -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, " -challenge arg challenge string\n");
+ BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err, " -noout don't print SPKAC\n");
+ BIO_printf(bio_err, " -pubkey output public key\n");
+ BIO_printf(bio_err, " -verify verify SPKAC signature\n");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
- }
-
+ }
ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
- if(keyfile) {
+ if (keyfile) {
pkey = load_key(bio_err,
- strcmp(keyfile, "-") ? keyfile : NULL,
- FORMAT_PEM, 1, passin, e, "private key");
- if(!pkey) {
+ strcmp(keyfile, "-") ? keyfile : NULL,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!pkey) {
goto end;
}
spki = NETSCAPE_SPKI_new();
- if(challenge) ASN1_STRING_set(spki->spkac->challenge,
- challenge, (int)strlen(challenge));
+ if (challenge)
+ ASN1_STRING_set(spki->spkac->challenge,
+ challenge, (int) strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
- if (outfile) out = BIO_new_file(outfile, "w");
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if(!out) {
+ if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
ret = 0;
goto end;
}
+ if (infile)
+ in = BIO_new_file(infile, "r");
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-
- if (infile) in = BIO_new_file(infile, "r");
- else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if(!in) {
+ if (!in) {
BIO_printf(bio_err, "Error opening input file\n");
ERR_print_errors(bio_err);
goto end;
}
-
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
- if(!i) {
+ if (!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
-
spkstr = NCONF_get_string(conf, spksect, spkac);
-
- if(!spkstr) {
+
+ if (!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
ERR_print_errors(bio_err);
goto end;
}
-
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
-
- if(!spki) {
+
+ if (!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
}
-
- if (outfile) out = BIO_new_file(outfile, "w");
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if(!out) {
+ if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
}
-
- if(!noout) NETSCAPE_SPKI_print(out, spki);
+ if (!noout)
+ NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
- if(verify) {
+ if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
- if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ if (i > 0)
+ BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;
}
}
- if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
+ if (pubkey)
+ PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
- if(passin) free(passin);
+ if (passin)
+ free(passin);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
/* apps/srp.c */
-/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
+/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define ENV_DATABASE "srpvfile"
#define ENV_DEFAULT_SRP "default_srp"
-static char *srp_usage[]={
-"usage: srp [args] [user] \n",
-"\n",
-" -verbose Talk alot while doing things\n",
-" -config file A config file\n",
-" -name arg The particular srp definition to use\n",
-" -srpvfile arg The srp verifier file name\n",
-" -add add an user and srp verifier\n",
-" -modify modify the srp verifier of an existing user\n",
-" -delete delete user from verifier file\n",
-" -list list user\n",
-" -gn arg g and N values to be used for new verifier\n",
-" -userinfo arg additional info to be set for user\n",
-" -passin arg input file pass phrase source\n",
-" -passout arg output file pass phrase source\n",
+static char *srp_usage[] = {
+ "usage: srp [args] [user] \n",
+ "\n",
+ " -verbose Talk alot while doing things\n",
+ " -config file A config file\n",
+ " -name arg The particular srp definition to use\n",
+ " -srpvfile arg The srp verifier file name\n",
+ " -add add an user and srp verifier\n",
+ " -modify modify the srp verifier of an existing user\n",
+ " -delete delete user from verifier file\n",
+ " -list list user\n",
+ " -gn arg g and N values to be used for new verifier\n",
+ " -userinfo arg additional info to be set for user\n",
+ " -passin arg input file pass phrase source\n",
+ " -passout arg output file pass phrase source\n",
#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
+ " -engine e - use engine e, possibly a hardware device.\n",
#endif
-NULL
+ NULL
};
#ifdef EFENCE
extern int EF_ALIGNMENT;
#endif
-static CONF *conf=NULL;
-static char *section=NULL;
+static CONF *conf = NULL;
+static char *section = NULL;
-#define VERBOSE if (verbose)
-#define VVERBOSE if (verbose>1)
+#define VERBOSE if (verbose)
+#define VVERBOSE if (verbose>1)
int MAIN(int, char **);
-static int get_index(CA_DB *db, char* id, char type)
- {
- char ** pp;
+static int
+get_index(CA_DB * db, char *id, char type)
+{
+ char **pp;
int i;
- if (id == NULL) return -1;
- if (type == DB_SRP_INDEX)
- for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
- if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
- return i;
+ if (id == NULL)
+ return -1;
+ if (type == DB_SRP_INDEX)
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+ if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+ return i;
}
- else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+ else
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
- if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
- return i;
+ if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+ return i;
}
- return -1 ;
- }
+ return -1;
+}
-static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
- {
- if (indx >= 0 && verbose)
- {
+static void
+print_entry(CA_DB * db, BIO * bio, int indx, int verbose, char *s)
+{
+ if (indx >= 0 && verbose) {
int j;
char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
- for (j = 0; j < DB_NUMBER; j++)
- {
- BIO_printf(bio_err," %d = \"%s\"\n", j, pp[j]);
- }
+ for (j = 0; j < DB_NUMBER; j++) {
+ BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
}
}
+}
-static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
- {
- print_entry(db, bio, indexindex, verbose, "g N entry") ;
- }
+static void
+print_index(CA_DB * db, BIO * bio, int indexindex, int verbose)
+{
+ print_entry(db, bio, indexindex, verbose, "g N entry");
+}
-static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
- {
- if (verbose > 0)
- {
- char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
+static void
+print_user(CA_DB * db, BIO * bio, int userindex, int verbose)
+{
+ if (verbose > 0) {
+ char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
- if (pp[DB_srptype][0] != 'I')
- {
+ if (pp[DB_srptype][0] != 'I') {
print_entry(db, bio, userindex, verbose, "User entry");
print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
- }
-
}
}
+}
-static int update_index(CA_DB *db, BIO *bio, char **row)
- {
- char ** irow;
+static int
+update_index(CA_DB * db, BIO * bio, char **row)
+{
+ char **irow;
int i;
- if ((irow=(char **)malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
+ if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
- }
-
- for (i=0; i<DB_NUMBER; i++)
- {
- irow[i]=row[i];
- row[i]=NULL;
- }
- irow[DB_NUMBER]=NULL;
+ }
+ for (i = 0; i < DB_NUMBER; i++) {
+ irow[i] = row[i];
+ row[i] = NULL;
+ }
+ irow[DB_NUMBER] = NULL;
- if (!TXT_DB_insert(db->db,irow))
- {
- BIO_printf(bio,"failed to update srpvfile\n");
- BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
+ if (!TXT_DB_insert(db->db, irow)) {
+ BIO_printf(bio, "failed to update srpvfile\n");
+ BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
free(irow);
return 0;
- }
- return 1;
}
+ return 1;
+}
-static void lookup_fail(const char *name, char *tag)
- {
- BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
- }
+static void
+lookup_fail(const char *name, char *tag)
+{
+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+}
-static char *srp_verify_user(const char *user, const char *srp_verifier,
- char *srp_usersalt, const char *g, const char *N,
- const char *passin, BIO *bio, int verbose)
- {
+static char *
+srp_verify_user(const char *user, const char *srp_verifier,
+ char *srp_usersalt, const char *g, const char *N,
+ const char *passin, BIO * bio, int verbose)
+{
char password[1024];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
- if (password_callback(password, 1024, 0, &cb_tmp) >0)
- {
- VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
+ if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
+ VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password);
- if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
- {
+ if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
- }
- else
- {
+ } else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
free(verifier);
- }
}
- return gNid;
}
+ return gNid;
+}
-static char *srp_create_user(char *user, char **srp_verifier,
- char **srp_usersalt, char *g, char *N,
- char *passout, BIO *bio, int verbose)
- {
- char password[1024];
- PW_CB_DATA cb_tmp;
+static char *
+srp_create_user(char *user, char **srp_verifier,
+ char **srp_usersalt, char *g, char *N,
+ char *passout, BIO * bio, int verbose)
+{
+ char password[1024];
+ PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
- cb_tmp.prompt_info = user;
- cb_tmp.password = passout;
-
- if (password_callback(password,1024,1,&cb_tmp) >0)
- {
- VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
- if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
- {
- BIO_printf(bio,"Internal error creating SRP verifier\n");
- }
- else
+ cb_tmp.prompt_info = user;
+ cb_tmp.password = passout;
+
+ if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
+ VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N);
+ if (!(gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) {
+ BIO_printf(bio, "Internal error creating SRP verifier\n");
+ } else
*srp_usersalt = salt;
- VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
+ VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier);
- }
- return gNid;
}
+ return gNid;
+}
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
int add_user = 0;
- int list_user= 0;
- int delete_user= 0;
- int modify_user= 0;
- char * user = NULL;
+ int list_user = 0;
+ int delete_user = 0;
+ int modify_user = 0;
+ char *user = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
- char * gN = NULL;
+ char *gN = NULL;
int gNindex = -1;
- char ** gNrow = NULL;
+ char **gNrow = NULL;
int maxgN = -1;
- char * userinfo = NULL;
-
- int badops=0;
- int ret=1;
- int errors=0;
- int verbose=0;
- int doupdatedb=0;
- char *configfile=NULL;
- char *dbfile=NULL;
- CA_DB *db=NULL;
- char **pp ;
+ char *userinfo = NULL;
+
+ int badops = 0;
+ int ret = 1;
+ int errors = 0;
+ int verbose = 0;
+ int doupdatedb = 0;
+ char *configfile = NULL;
+ char *dbfile = NULL;
+ CA_DB *db = NULL;
+ char **pp;
int i;
long errorline = -1;
- char *randfile=NULL;
+ char *randfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
- char *tofree=NULL;
+ char *tofree = NULL;
DB_ATTR db_attr;
#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
+ EF_PROTECT_FREE = 1;
+ EF_PROTECT_BELOW = 1;
+ EF_ALIGNMENT = 0;
#endif
apps_startup();
section = NULL;
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
argc--;
argv++;
- while (argc >= 1 && badops == 0)
- {
- if (strcmp(*argv,"-verbose") == 0)
+ while (argc >= 1 && badops == 0) {
+ if (strcmp(*argv, "-verbose") == 0)
verbose++;
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- configfile= *(++argv);
- }
- else if (strcmp(*argv,"-name") == 0)
- {
- if (--argc < 1) goto bad;
- section= *(++argv);
- }
- else if (strcmp(*argv,"-srpvfile") == 0)
- {
- if (--argc < 1) goto bad;
- dbfile= *(++argv);
- }
- else if (strcmp(*argv,"-add") == 0)
- add_user=1;
- else if (strcmp(*argv,"-delete") == 0)
- delete_user=1;
- else if (strcmp(*argv,"-modify") == 0)
- modify_user=1;
- else if (strcmp(*argv,"-list") == 0)
- list_user=1;
- else if (strcmp(*argv,"-gn") == 0)
- {
- if (--argc < 1) goto bad;
- gN= *(++argv);
- }
- else if (strcmp(*argv,"-userinfo") == 0)
- {
- if (--argc < 1) goto bad;
- userinfo= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
+ else if (strcmp(*argv, "-config") == 0) {
+ if (--argc < 1)
+ goto bad;
+ configfile = *(++argv);
+ } else if (strcmp(*argv, "-name") == 0) {
+ if (--argc < 1)
+ goto bad;
+ section = *(++argv);
+ } else if (strcmp(*argv, "-srpvfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ dbfile = *(++argv);
+ } else if (strcmp(*argv, "-add") == 0)
+ add_user = 1;
+ else if (strcmp(*argv, "-delete") == 0)
+ delete_user = 1;
+ else if (strcmp(*argv, "-modify") == 0)
+ modify_user = 1;
+ else if (strcmp(*argv, "-list") == 0)
+ list_user = 1;
+ else if (strcmp(*argv, "-gn") == 0) {
+ if (--argc < 1)
+ goto bad;
+ gN = *(++argv);
+ } else if (strcmp(*argv, "-userinfo") == 0) {
+ if (--argc < 1)
+ goto bad;
+ userinfo = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else if (**argv == '-')
- {
-bad:
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ else if (**argv == '-') {
+ bad:
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
- else
+ } else
break;
-
+
argc--;
argv++;
- }
+ }
- if (dbfile && configfile)
- {
- BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
+ if (dbfile && configfile) {
+ BIO_printf(bio_err, "-dbfile and -configfile cannot be specified together.\n");
badops = 1;
- }
- if (add_user+delete_user+modify_user+list_user != 1)
- {
- BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+ }
+ if (add_user + delete_user + modify_user + list_user != 1) {
+ BIO_printf(bio_err, "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
badops = 1;
- }
- if (delete_user+modify_user+delete_user== 1 && argc <= 0)
- {
- BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
+ }
+ if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
+ BIO_printf(bio_err, "Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
- }
- if ((passin || passout) && argc != 1 )
- {
- BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
+ }
+ if ((passin || passout) && argc != 1) {
+ BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n");
badops = 1;
- }
-
- if (badops)
- {
- for (pp=srp_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
+ }
+ if (badops) {
+ for (pp = srp_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
goto err;
- }
-
+ }
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto err;
- }
-
- if (!dbfile)
- {
+ }
+ if (!dbfile) {
- /*****************************************************************/
- tofree=NULL;
- if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
+ /*****************************************************************/
+ tofree = NULL;
+ if (configfile == NULL)
+ configfile = getenv("OPENSSL_CONF");
if (configfile == NULL)
- {
- const char *s=X509_get_default_cert_area();
+ configfile = getenv("SSLEAY_CONF");
+ if (configfile == NULL) {
+ const char *s = X509_get_default_cert_area();
size_t len;
- len = strlen(s)+sizeof(CONFIG_FILE)+1;
- tofree=malloc(len);
- BUF_strlcpy(tofree,s,len);
- BUF_strlcat(tofree,"/",len);
- BUF_strlcat(tofree,CONFIG_FILE,len);
- configfile=tofree;
- }
-
- VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+ len = strlen(s) + sizeof(CONFIG_FILE) + 1;
+ tofree = malloc(len);
+ BUF_strlcpy(tofree, s, len);
+ BUF_strlcat(tofree, "/", len);
+ BUF_strlcat(tofree, CONFIG_FILE, len);
+ configfile = tofree;
+ }
+ VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", configfile);
conf = NCONF_new(NULL);
- if (NCONF_load(conf,configfile,&errorline) <= 0)
- {
+ if (NCONF_load(conf, configfile, &errorline) <= 0) {
if (errorline <= 0)
- BIO_printf(bio_err,"error loading the config file '%s'\n",
- configfile);
+ BIO_printf(bio_err, "error loading the config file '%s'\n",
+ configfile);
else
- BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
- ,errorline,configfile);
+ BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
+ ,errorline, configfile);
goto err;
- }
- if(tofree)
- {
+ }
+ if (tofree) {
free(tofree);
tofree = NULL;
- }
-
+ }
if (!load_config(bio_err, conf))
goto err;
- /* Lets get the config section we are using */
- if (section == NULL)
- {
- VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
+ /* Lets get the config section we are using */
+ if (section == NULL) {
+ VERBOSE BIO_printf(bio_err, "trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
- section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
- if (section == NULL)
- {
- lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
+ section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+ if (section == NULL) {
+ lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
goto err;
- }
}
-
+ }
if (randfile == NULL && conf)
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
-
- VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
+ VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
- }
+ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+ lookup_fail(section, ENV_DATABASE);
+ goto err;
+ }
+ }
if (randfile == NULL)
ERR_clear_error();
- else
+ else
app_RAND_load_file(randfile, bio_err, 0);
- VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
+ VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
db = load_index(dbfile, &db_attr);
- if (db == NULL) goto err;
+ if (db == NULL)
+ goto err;
/* Lets check some fields */
- for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
-
- if (pp[DB_srptype][0] == DB_SRP_INDEX)
- {
+
+ if (pp[DB_srptype][0] == DB_SRP_INDEX) {
maxgN = i;
if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
gNindex = i;
print_index(db, bio_err, i, verbose > 1);
- }
}
-
+ }
+
VERBOSE BIO_printf(bio_err, "Database initialised\n");
- if (gNindex >= 0)
- {
- gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+ if (gNindex >= 0) {
+ gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
- }
- else if (maxgN > 0 && !SRP_get_default_gN(gN))
- {
+ } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
goto err;
- }
- else
- {
+ } else {
VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
gNrow = NULL;
- }
-
+ }
+
- VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
+ VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
if (argc > 0)
- user = *(argv++) ;
+ user = *(argv++);
- while (list_user || user)
- {
+ while (list_user || user) {
int userindex = -1;
- if (user)
+ if (user)
VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
- if ((userindex = get_index(db, user, 'U')) >= 0)
- {
+ if ((userindex = get_index(db, user, 'U')) >= 0) {
print_user(db, bio_err, userindex, (verbose > 0) || list_user);
- }
-
- if (list_user)
- {
- if (user == NULL)
- {
- BIO_printf(bio_err,"List all users\n");
-
- for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- print_user(db,bio_err, i, 1);
- }
- list_user = 0;
+ }
+ if (list_user) {
+ if (user == NULL) {
+ BIO_printf(bio_err, "List all users\n");
+
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ print_user(db, bio_err, i, 1);
}
- else if (userindex < 0)
- {
+ list_user = 0;
+ } else if (userindex < 0) {
BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
- user);
+ user);
errors++;
- }
}
- else if (add_user)
- {
- if (userindex >= 0)
- {
+ } else if (add_user) {
+ if (userindex >= 0) {
/* reactivation of a new user */
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
doupdatedb = 1;
- }
- else
- {
- char *row[DB_NUMBER] ; char *gNid;
+ } else {
+ char *row[DB_NUMBER];
+ char *gNid;
row[DB_srpverifier] = NULL;
row[DB_srpsalt] = NULL;
row[DB_srpinfo] = NULL;
- if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
- {
- BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
- errors++;
- goto err;
- }
+ if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
+ BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
+ errors++;
+ goto err;
+ }
row[DB_srpid] = BUF_strdup(user);
row[DB_srptype] = BUF_strdup("v");
row[DB_srpgN] = BUF_strdup(gNid);
if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
- (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
- !update_index(db, bio_err, row))
- {
- if (row[DB_srpid]) free(row[DB_srpid]);
- if (row[DB_srpgN]) free(row[DB_srpgN]);
- if (row[DB_srpinfo]) free(row[DB_srpinfo]);
- if (row[DB_srptype]) free(row[DB_srptype]);
- if (row[DB_srpverifier]) free(row[DB_srpverifier]);
- if (row[DB_srpsalt]) free(row[DB_srpsalt]);
+ (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
+ !update_index(db, bio_err, row)) {
+ if (row[DB_srpid])
+ free(row[DB_srpid]);
+ if (row[DB_srpgN])
+ free(row[DB_srpgN]);
+ if (row[DB_srpinfo])
+ free(row[DB_srpinfo]);
+ if (row[DB_srptype])
+ free(row[DB_srptype]);
+ if (row[DB_srpverifier])
+ free(row[DB_srpverifier]);
+ if (row[DB_srpsalt])
+ free(row[DB_srpsalt]);
goto err;
- }
- doupdatedb = 1;
}
+ doupdatedb = 1;
}
- else if (modify_user)
- {
- if (userindex < 0)
- {
- BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
+ } else if (modify_user) {
+ if (userindex < 0) {
+ BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored.\n", user);
errors++;
- }
- else
- {
+ } else {
char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
- if (type == 'v')
- {
- BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
+ if (type == 'v') {
+ BIO_printf(bio_err, "user \"%s\" already updated, operation ignored.\n", user);
errors++;
- }
- else
- {
+ } else {
char *gNid;
- if (row[DB_srptype][0] == 'V')
- {
+ if (row[DB_srptype][0] == 'V') {
int user_gN;
char **irow = NULL;
- VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
- if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
- irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ VERBOSE BIO_printf(bio_err, "Verifying password for user \"%s\"\n", user);
+ if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+ irow = (char **) sk_OPENSSL_PSTRING_value(db->db->data, userindex);
- if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
- {
+ if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose)) {
BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
errors++;
goto err;
- }
- }
- VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
+ }
+ }
+ VERBOSE BIO_printf(bio_err, "Password for user \"%s\" ok.\n", user);
- if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
- {
+ if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
errors++;
goto err;
- }
-
+ }
row[DB_srptype][0] = 'v';
row[DB_srpgN] = BUF_strdup(gNid);
-
+
if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
- (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
+ (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
goto err;
doupdatedb = 1;
- }
}
}
- else if (delete_user)
- {
- if (userindex < 0)
- {
+ } else if (delete_user) {
+ if (userindex < 0) {
BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
errors++;
- }
- else
- {
- char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
+ } else {
+ char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
xpp[DB_srptype][0] = 'R';
-
+
doupdatedb = 1;
- }
}
+ }
if (--argc > 0)
- user = *(argv++) ;
- else
- {
+ user = *(argv++);
+ else {
user = NULL;
list_user = 0;
- }
}
+ }
- VERBOSE BIO_printf(bio_err,"User procession done.\n");
+ VERBOSE BIO_printf(bio_err, "User procession done.\n");
- if (doupdatedb)
- {
+ if (doupdatedb) {
/* Lets check some fields */
- for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
- {
- pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-
- if (pp[DB_srptype][0] == 'v')
- {
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+ if (pp[DB_srptype][0] == 'v') {
pp[DB_srptype][0] = 'V';
print_user(db, bio_err, i, verbose);
- }
}
+ }
VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
- if (!save_index(dbfile, "new", db)) goto err;
-
+ if (!save_index(dbfile, "new", db))
+ goto err;
+
VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
- if (!rotate_index(dbfile, "new", "old")) goto err;
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
- }
-
+ }
ret = (errors != 0);
err:
if (errors != 0)
- VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
+ VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
- VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
- if(tofree)
+ VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+ if (tofree)
free(tofree);
- if (ret) ERR_print_errors(bio_err);
- if (randfile) app_RAND_write_file(randfile, bio_err);
- if (conf) NCONF_free(conf);
- if (db) free_index(db);
+ if (ret)
+ ERR_print_errors(bio_err);
+ if (randfile)
+ app_RAND_write_file(randfile, bio_err);
+ if (conf)
+ NCONF_free(conf);
+ if (db)
+ free_index(db);
OBJ_cleanup();
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
#endif
-
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
static CONF *load_config_file(const char *configfile);
/* Query related functions. */
-static int query_command(const char *data, char *digest,
- const EVP_MD *md, const char *policy, int no_nonce,
- int cert, const char *in, const char *out, int text);
-static BIO *BIO_open_with_default(const char *file, const char *mode,
- FILE *default_fp);
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
- const char *policy, int no_nonce, int cert);
-static int create_digest(BIO *input, char *digest,
- const EVP_MD *md, unsigned char **md_value);
+static int
+query_command(const char *data, char *digest,
+ const EVP_MD * md, const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text);
+static BIO *
+BIO_open_with_default(const char *file, const char *mode,
+ FILE * default_fp);
+static TS_REQ *
+create_query(BIO * data_bio, char *digest, const EVP_MD * md,
+ const char *policy, int no_nonce, int cert);
+static int
+create_digest(BIO * input, char *digest,
+ const EVP_MD * md, unsigned char **md_value);
static ASN1_INTEGER *create_nonce(int bits);
/* Reply related functions. */
-static int reply_command(CONF *conf, char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy,
- char *in, int token_in, char *out, int token_out,
- int text);
-static TS_RESP *read_PKCS7(BIO *in_bio);
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy);
-static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data);
+static int
+reply_command(CONF * conf, char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy,
+ char *in, int token_in, char *out, int token_out,
+ int text);
+static TS_RESP *read_PKCS7(BIO * in_bio);
+static TS_RESP *
+create_response(CONF * conf, const char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy);
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile);
-static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER * serial);
/* Verify related functions. */
-static int verify_command(char *data, char *digest, char *queryfile,
- char *in, int token_in,
- char *ca_path, char *ca_file, char *untrusted);
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
- char *queryfile,
- char *ca_path, char *ca_file,
- char *untrusted);
+static int
+verify_command(char *data, char *digest, char *queryfile,
+ char *in, int token_in,
+ char *ca_path, char *ca_file, char *untrusted);
+static TS_VERIFY_CTX *
+create_verify_ctx(char *data, char *digest,
+ char *queryfile,
+ char *ca_path, char *ca_file,
+ char *untrusted);
static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
-static int verify_cb(int ok, X509_STORE_CTX *ctx);
+static int verify_cb(int ok, X509_STORE_CTX * ctx);
/* Main function definition. */
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+int
+MAIN(int argc, char **argv)
+{
int ret = 1;
char *configfile = NULL;
char *section = NULL;
CONF *conf = NULL;
enum mode {
- CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
+ CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
} mode = CMD_NONE;
char *data = NULL;
char *digest = NULL;
int text = 0;
char *queryfile = NULL;
char *passin = NULL; /* Password source. */
- char *password =NULL; /* Password itself. */
+ char *password = NULL; /* Password itself. */
char *inkey = NULL;
char *signer = NULL;
char *chain = NULL;
char *untrusted = NULL;
char *engine = NULL;
/* Input is ContentInfo instead of TimeStampResp. */
- int token_in = 0;
+ int token_in = 0;
/* Output is ContentInfo instead of TimeStampResp. */
int token_out = 0;
int free_bio_err = 0;
ERR_load_crypto_strings();
apps_startup();
- if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL)
- {
+ if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) {
free_bio_err = 1;
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- }
-
+ }
if (!load_config(bio_err, NULL))
goto cleanup;
- for (argc--, argv++; argc > 0; argc--, argv++)
- {
- if (strcmp(*argv, "-config") == 0)
- {
- if (argc-- < 1) goto usage;
+ for (argc--, argv++; argc > 0; argc--, argv++) {
+ if (strcmp(*argv, "-config") == 0) {
+ if (argc-- < 1)
+ goto usage;
configfile = *++argv;
- }
- else if (strcmp(*argv, "-section") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-section") == 0) {
+ if (argc-- < 1)
+ goto usage;
section = *++argv;
- }
- else if (strcmp(*argv, "-query") == 0)
- {
- if (mode != CMD_NONE) goto usage;
+ } else if (strcmp(*argv, "-query") == 0) {
+ if (mode != CMD_NONE)
+ goto usage;
mode = CMD_QUERY;
- }
- else if (strcmp(*argv, "-data") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-data") == 0) {
+ if (argc-- < 1)
+ goto usage;
data = *++argv;
- }
- else if (strcmp(*argv, "-digest") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-digest") == 0) {
+ if (argc-- < 1)
+ goto usage;
digest = *++argv;
- }
- else if (strcmp(*argv, "-rand") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (argc-- < 1)
+ goto usage;
rnd = *++argv;
- }
- else if (strcmp(*argv, "-policy") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-policy") == 0) {
+ if (argc-- < 1)
+ goto usage;
policy = *++argv;
- }
- else if (strcmp(*argv, "-no_nonce") == 0)
- {
+ } else if (strcmp(*argv, "-no_nonce") == 0) {
no_nonce = 1;
- }
- else if (strcmp(*argv, "-cert") == 0)
- {
+ } else if (strcmp(*argv, "-cert") == 0) {
cert = 1;
- }
- else if (strcmp(*argv, "-in") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (argc-- < 1)
+ goto usage;
in = *++argv;
- }
- else if (strcmp(*argv, "-token_in") == 0)
- {
+ } else if (strcmp(*argv, "-token_in") == 0) {
token_in = 1;
- }
- else if (strcmp(*argv, "-out") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (argc-- < 1)
+ goto usage;
out = *++argv;
- }
- else if (strcmp(*argv, "-token_out") == 0)
- {
+ } else if (strcmp(*argv, "-token_out") == 0) {
token_out = 1;
- }
- else if (strcmp(*argv, "-text") == 0)
- {
+ } else if (strcmp(*argv, "-text") == 0) {
text = 1;
- }
- else if (strcmp(*argv, "-reply") == 0)
- {
- if (mode != CMD_NONE) goto usage;
+ } else if (strcmp(*argv, "-reply") == 0) {
+ if (mode != CMD_NONE)
+ goto usage;
mode = CMD_REPLY;
- }
- else if (strcmp(*argv, "-queryfile") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-queryfile") == 0) {
+ if (argc-- < 1)
+ goto usage;
queryfile = *++argv;
- }
- else if (strcmp(*argv, "-passin") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (argc-- < 1)
+ goto usage;
passin = *++argv;
- }
- else if (strcmp(*argv, "-inkey") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-inkey") == 0) {
+ if (argc-- < 1)
+ goto usage;
inkey = *++argv;
- }
- else if (strcmp(*argv, "-signer") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-signer") == 0) {
+ if (argc-- < 1)
+ goto usage;
signer = *++argv;
- }
- else if (strcmp(*argv, "-chain") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-chain") == 0) {
+ if (argc-- < 1)
+ goto usage;
chain = *++argv;
- }
- else if (strcmp(*argv, "-verify") == 0)
- {
- if (mode != CMD_NONE) goto usage;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ if (mode != CMD_NONE)
+ goto usage;
mode = CMD_VERIFY;
- }
- else if (strcmp(*argv, "-CApath") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (argc-- < 1)
+ goto usage;
ca_path = *++argv;
- }
- else if (strcmp(*argv, "-CAfile") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (argc-- < 1)
+ goto usage;
ca_file = *++argv;
- }
- else if (strcmp(*argv, "-untrusted") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-untrusted") == 0) {
+ if (argc-- < 1)
+ goto usage;
untrusted = *++argv;
- }
- else if (strcmp(*argv, "-engine") == 0)
- {
- if (argc-- < 1) goto usage;
+ } else if (strcmp(*argv, "-engine") == 0) {
+ if (argc-- < 1)
+ goto usage;
engine = *++argv;
- }
- else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
- {
+ } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) {
/* empty. */
- }
- else
+ } else
goto usage;
- }
-
+ }
+
/* Seed the random number generator if it is going to be used. */
- if (mode == CMD_QUERY && !no_nonce)
- {
+ if (mode == CMD_QUERY && !no_nonce) {
if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
BIO_printf(bio_err, "warning, not much extra random "
- "data, consider using the -rand option\n");
+ "data, consider using the -rand option\n");
if (rnd != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(rnd));
- }
-
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(rnd));
+ }
/* Get the password if required. */
- if(mode == CMD_REPLY && passin &&
- !app_passwd(bio_err, passin, NULL, &password, NULL))
- {
- BIO_printf(bio_err,"Error getting password.\n");
+ if (mode == CMD_REPLY && passin &&
+ !app_passwd(bio_err, passin, NULL, &password, NULL)) {
+ BIO_printf(bio_err, "Error getting password.\n");
goto cleanup;
- }
-
- /* Check consistency of parameters and execute
- the appropriate function. */
- switch (mode)
- {
+ }
+ /*
+ * Check consistency of parameters and execute the appropriate
+ * function.
+ */
+ switch (mode) {
case CMD_NONE:
goto usage;
case CMD_QUERY:
- /* Data file and message imprint cannot be specified
- at the same time. */
+ /*
+ * Data file and message imprint cannot be specified at the
+ * same time.
+ */
ret = data != NULL && digest != NULL;
- if (ret) goto usage;
+ if (ret)
+ goto usage;
/* Load the config file for possible policy OIDs. */
conf = load_config_file(configfile);
ret = !query_command(data, digest, md, policy, no_nonce, cert,
- in, out, text);
+ in, out, text);
break;
case CMD_REPLY:
conf = load_config_file(configfile);
- if (in == NULL)
- {
+ if (in == NULL) {
ret = !(queryfile != NULL && conf != NULL && !token_in);
- if (ret) goto usage;
- }
- else
- {
+ if (ret)
+ goto usage;
+ } else {
/* 'in' and 'queryfile' are exclusive. */
ret = !(queryfile == NULL);
- if (ret) goto usage;
- }
+ if (ret)
+ goto usage;
+ }
- ret = !reply_command(conf, section, engine, queryfile,
- password, inkey, signer, chain, policy,
- in, token_in, out, token_out, text);
+ ret = !reply_command(conf, section, engine, queryfile,
+ password, inkey, signer, chain, policy,
+ in, token_in, out, token_out, text);
break;
case CMD_VERIFY:
ret = !(((queryfile && !data && !digest)
- || (!queryfile && data && !digest)
- || (!queryfile && !data && digest))
- && in != NULL);
- if (ret) goto usage;
+ || (!queryfile && data && !digest)
+ || (!queryfile && !data && digest))
+ && in != NULL);
+ if (ret)
+ goto usage;
ret = !verify_command(data, digest, queryfile, in, token_in,
- ca_path, ca_file, untrusted);
- }
+ ca_path, ca_file, untrusted);
+ }
goto cleanup;
- usage:
+usage:
BIO_printf(bio_err, "usage:\n"
- "ts -query [-rand file%cfile%c...] [-config configfile] "
- "[-data file_to_hash] [-digest digest_bytes]"
- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
- "[-policy object_id] [-no_nonce] [-cert] "
- "[-in request.tsq] [-out request.tsq] [-text]\n",
- ':', ':');
+ "ts -query [-rand file%cfile%c...] [-config configfile] "
+ "[-data file_to_hash] [-digest digest_bytes]"
+ "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
+ "[-policy object_id] [-no_nonce] [-cert] "
+ "[-in request.tsq] [-out request.tsq] [-text]\n",
+ ':', ':');
BIO_printf(bio_err, "or\n"
- "ts -reply [-config configfile] [-section tsa_section] "
- "[-queryfile request.tsq] [-passin password] "
- "[-signer tsa_cert.pem] [-inkey private_key.pem] "
- "[-chain certs_file.pem] [-policy object_id] "
- "[-in response.tsr] [-token_in] "
- "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
+ "ts -reply [-config configfile] [-section tsa_section] "
+ "[-queryfile request.tsq] [-passin password] "
+ "[-signer tsa_cert.pem] [-inkey private_key.pem] "
+ "[-chain certs_file.pem] [-policy object_id] "
+ "[-in response.tsr] [-token_in] "
+ "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
BIO_printf(bio_err, "or\n"
- "ts -verify [-data file_to_hash] [-digest digest_bytes] "
- "[-queryfile request.tsq] "
- "-in response.tsr [-token_in] "
- "-CApath ca_path -CAfile ca_file.pem "
- "-untrusted cert_file.pem\n");
- cleanup:
+ "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ "[-queryfile request.tsq] "
+ "-in response.tsr [-token_in] "
+ "-CApath ca_path -CAfile ca_file.pem "
+ "-untrusted cert_file.pem\n");
+cleanup:
/* Clean up. */
app_RAND_write_file(NULL, bio_err);
NCONF_free(conf);
free(password);
OBJ_cleanup();
- if (free_bio_err)
- {
+ if (free_bio_err) {
BIO_free_all(bio_err);
bio_err = NULL;
- }
-
- return(ret);
}
+ return (ret);
+}
/*
* Configuration file-related function definitions.
*/
-static ASN1_OBJECT *txt2obj(const char *oid)
- {
+static ASN1_OBJECT *
+txt2obj(const char *oid)
+{
ASN1_OBJECT *oid_obj = NULL;
if (!(oid_obj = OBJ_txt2obj(oid, 0)))
BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
return oid_obj;
- }
+}
-static CONF *load_config_file(const char *configfile)
- {
+static CONF *
+load_config_file(const char *configfile)
+{
CONF *conf = NULL;
long errorline = -1;
- if (!configfile) configfile = getenv("OPENSSL_CONF");
- if (!configfile) configfile = getenv("SSLEAY_CONF");
+ if (!configfile)
+ configfile = getenv("OPENSSL_CONF");
+ if (!configfile)
+ configfile = getenv("SSLEAY_CONF");
if (configfile &&
(!(conf = NCONF_new(NULL)) ||
- NCONF_load(conf, configfile, &errorline) <= 0))
- {
+ NCONF_load(conf, configfile, &errorline) <= 0)) {
if (errorline <= 0)
BIO_printf(bio_err, "error loading the config file "
- "'%s'\n", configfile);
+ "'%s'\n", configfile);
else
BIO_printf(bio_err, "error on line %ld of config file "
- "'%s'\n", errorline, configfile);
- }
-
- if (conf != NULL)
- {
+ "'%s'\n", errorline, configfile);
+ }
+ if (conf != NULL) {
const char *p;
- BIO_printf(bio_err,"Using configuration from %s\n", configfile);
+ BIO_printf(bio_err, "Using configuration from %s\n", configfile);
p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
- if (p != NULL)
- {
+ if (p != NULL) {
BIO *oid_bio = BIO_new_file(p, "r");
- if (!oid_bio)
+ if (!oid_bio)
ERR_print_errors(bio_err);
- else
- {
+ else {
OBJ_create_objects(oid_bio);
BIO_free_all(oid_bio);
- }
}
- else
+ } else
ERR_clear_error();
- if(!add_oid_section(bio_err, conf))
+ if (!add_oid_section(bio_err, conf))
ERR_print_errors(bio_err);
- }
- return conf;
}
+ return conf;
+}
/*
* Query-related method definitions.
*/
-static int query_command(const char *data, char *digest, const EVP_MD *md,
- const char *policy, int no_nonce,
- int cert, const char *in, const char *out, int text)
- {
+static int
+query_command(const char *data, char *digest, const EVP_MD * md,
+ const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text)
+{
int ret = 0;
TS_REQ *query = NULL;
BIO *in_bio = NULL;
BIO *out_bio = NULL;
/* Build query object either from file or from scratch. */
- if (in != NULL)
- {
- if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
+ if (in != NULL) {
+ if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+ goto end;
query = d2i_TS_REQ_bio(in_bio, NULL);
- }
- else
- {
+ } else {
/* Open the file if no explicit digest bytes were specified. */
- if (!digest
+ if (!digest
&& !(data_bio = BIO_open_with_default(data, "rb", stdin)))
goto end;
/* Creating the query object. */
query = create_query(data_bio, digest, md,
- policy, no_nonce, cert);
+ policy, no_nonce, cert);
/* Saving the random number generator state. */
- }
- if (query == NULL) goto end;
+ }
+ if (query == NULL)
+ goto end;
/* Write query either in ASN.1 or in text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
goto end;
- if (text)
- {
+ if (text) {
/* Text output. */
if (!TS_REQ_print_bio(out_bio, query))
goto end;
- }
- else
- {
+ } else {
/* ASN.1 output. */
if (!i2d_TS_REQ_bio(out_bio, query))
goto end;
- }
+ }
ret = 1;
- end:
+end:
ERR_print_errors(bio_err);
/* Clean up. */
TS_REQ_free(query);
return ret;
- }
-
-static BIO *BIO_open_with_default(const char *file, const char *mode,
- FILE *default_fp)
- {
- return file == NULL ?
- BIO_new_fp(default_fp, BIO_NOCLOSE)
- : BIO_new_file(file, mode);
- }
-
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
- const char *policy, int no_nonce, int cert)
- {
+}
+
+static BIO *
+BIO_open_with_default(const char *file, const char *mode,
+ FILE * default_fp)
+{
+ return file == NULL ?
+ BIO_new_fp(default_fp, BIO_NOCLOSE)
+ : BIO_new_file(file, mode);
+}
+
+static TS_REQ *
+create_query(BIO * data_bio, char *digest, const EVP_MD * md,
+ const char *policy, int no_nonce, int cert)
+{
int ret = 0;
TS_REQ *ts_req = NULL;
int len;
ASN1_INTEGER *nonce_asn1 = NULL;
/* Setting default message digest. */
- if (!md && !(md = EVP_get_digestbyname("sha1"))) goto err;
+ if (!md && !(md = EVP_get_digestbyname("sha1")))
+ goto err;
/* Creating request object. */
- if (!(ts_req = TS_REQ_new())) goto err;
+ if (!(ts_req = TS_REQ_new()))
+ goto err;
/* Setting version. */
- if (!TS_REQ_set_version(ts_req, 1)) goto err;
+ if (!TS_REQ_set_version(ts_req, 1))
+ goto err;
/* Creating and adding MSG_IMPRINT object. */
- if (!(msg_imprint = TS_MSG_IMPRINT_new())) goto err;
+ if (!(msg_imprint = TS_MSG_IMPRINT_new()))
+ goto err;
/* Adding algorithm. */
- if (!(algo = X509_ALGOR_new())) goto err;
- if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) goto err;
- if (!(algo->parameter = ASN1_TYPE_new())) goto err;
+ if (!(algo = X509_ALGOR_new()))
+ goto err;
+ if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))))
+ goto err;
+ if (!(algo->parameter = ASN1_TYPE_new()))
+ goto err;
algo->parameter->type = V_ASN1_NULL;
- if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err;
+ if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
+ goto err;
/* Adding message digest. */
if ((len = create_digest(data_bio, digest, md, &data)) == 0)
goto err;
- if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) goto err;
+ if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
+ goto err;
+
+ if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
+ goto err;
- if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err;
-
/* Setting policy if requested. */
- if (policy && !(policy_obj = txt2obj(policy))) goto err;
- if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err;
+ if (policy && !(policy_obj = txt2obj(policy)))
+ goto err;
+ if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
+ goto err;
/* Setting nonce if requested. */
- if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) goto err;
- if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err;
+ if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH)))
+ goto err;
+ if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
+ goto err;
/* Setting certificate request flag if requested. */
- if (!TS_REQ_set_cert_req(ts_req, cert)) goto err;
+ if (!TS_REQ_set_cert_req(ts_req, cert))
+ goto err;
ret = 1;
- err:
- if (!ret)
- {
+err:
+ if (!ret) {
TS_REQ_free(ts_req);
ts_req = NULL;
BIO_printf(bio_err, "could not create query\n");
- }
+ }
TS_MSG_IMPRINT_free(msg_imprint);
X509_ALGOR_free(algo);
free(data);
ASN1_OBJECT_free(policy_obj);
ASN1_INTEGER_free(nonce_asn1);
return ts_req;
- }
+}
-static int create_digest(BIO *input, char *digest, const EVP_MD *md,
- unsigned char **md_value)
- {
+static int
+create_digest(BIO * input, char *digest, const EVP_MD * md,
+ unsigned char **md_value)
+{
int md_value_len;
md_value_len = EVP_MD_size(md);
if (md_value_len < 0)
- goto err;
- if (input)
- {
+ goto err;
+ if (input) {
/* Digest must be computed from an input file. */
EVP_MD_CTX md_ctx;
unsigned char buffer[4096];
int length;
*md_value = malloc(md_value_len);
- if (*md_value == 0) goto err;
+ if (*md_value == 0)
+ goto err;
EVP_DigestInit(&md_ctx, md);
- while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0)
- {
+ while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
EVP_DigestUpdate(&md_ctx, buffer, length);
- }
- EVP_DigestFinal(&md_ctx, *md_value, NULL);
}
- else
- {
+ EVP_DigestFinal(&md_ctx, *md_value, NULL);
+ } else {
/* Digest bytes are specified with digest. */
long digest_len;
*md_value = string_to_hex(digest, &digest_len);
- if (!*md_value || md_value_len != digest_len)
- {
+ if (!*md_value || md_value_len != digest_len) {
free(*md_value);
*md_value = NULL;
BIO_printf(bio_err, "bad digest, %d bytes "
- "must be specified\n", md_value_len);
+ "must be specified\n", md_value_len);
goto err;
- }
}
+ }
return md_value_len;
- err:
+err:
return 0;
- }
+}
-static ASN1_INTEGER *create_nonce(int bits)
- {
+static ASN1_INTEGER *
+create_nonce(int bits)
+{
unsigned char buf[20];
ASN1_INTEGER *nonce = NULL;
int len = (bits - 1) / 8 + 1;
int i;
/* Generating random byte sequence. */
- if (len > (int)sizeof(buf)) goto err;
- if (RAND_bytes(buf, len) <= 0) goto err;
+ if (len > (int) sizeof(buf))
+ goto err;
+ if (RAND_bytes(buf, len) <= 0)
+ goto err;
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
for (i = 0; i < len && !buf[i]; ++i);
- if (!(nonce = ASN1_INTEGER_new())) goto err;
+ if (!(nonce = ASN1_INTEGER_new()))
+ goto err;
free(nonce->data);
/* Allocate at least one byte. */
nonce->length = len - i;
- if (!(nonce->data = malloc(nonce->length + 1))) goto err;
+ if (!(nonce->data = malloc(nonce->length + 1)))
+ goto err;
memcpy(nonce->data, buf + i, nonce->length);
return nonce;
- err:
+err:
BIO_printf(bio_err, "could not create nonce\n");
ASN1_INTEGER_free(nonce);
return NULL;
- }
+}
/*
* Reply-related method definitions.
*/
-static int reply_command(CONF *conf, char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy,
- char *in, int token_in,
- char *out, int token_out, int text)
- {
+static int
+reply_command(CONF * conf, char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy,
+ char *in, int token_in,
+ char *out, int token_out, int text)
+{
int ret = 0;
TS_RESP *response = NULL;
BIO *in_bio = NULL;
BIO *out_bio = NULL;
/* Build response object either from response or query. */
- if (in != NULL)
- {
- if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
- if (token_in)
- {
- /* We have a ContentInfo (PKCS7) object, add
- 'granted' status info around it. */
+ if (in != NULL) {
+ if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+ goto end;
+ if (token_in) {
+ /*
+ * We have a ContentInfo (PKCS7) object, add
+ * 'granted' status info around it.
+ */
response = read_PKCS7(in_bio);
- }
- else
- {
+ } else {
/* We have a ready-made TS_RESP object. */
response = d2i_TS_RESP_bio(in_bio, NULL);
- }
}
- else
- {
+ } else {
response = create_response(conf, section, engine, queryfile,
- passin, inkey, signer, chain,
- policy);
+ passin, inkey, signer, chain,
+ policy);
if (response)
BIO_printf(bio_err, "Response has been generated.\n");
else
BIO_printf(bio_err, "Response is not generated.\n");
- }
- if (response == NULL) goto end;
+ }
+ if (response == NULL)
+ goto end;
/* Write response either in ASN.1 or text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
goto end;
- if (text)
- {
+ if (text) {
/* Text output. */
- if (token_out)
- {
+ if (token_out) {
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
- if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end;
- }
- else
- {
- if (!TS_RESP_print_bio(out_bio, response)) goto end;
- }
+ if (!TS_TST_INFO_print_bio(out_bio, tst_info))
+ goto end;
+ } else {
+ if (!TS_RESP_print_bio(out_bio, response))
+ goto end;
}
- else
- {
+ } else {
/* ASN.1 DER output. */
- if (token_out)
- {
+ if (token_out) {
PKCS7 *token = TS_RESP_get_token(response);
- if (!i2d_PKCS7_bio(out_bio, token)) goto end;
- }
- else
- {
- if (!i2d_TS_RESP_bio(out_bio, response)) goto end;
- }
+ if (!i2d_PKCS7_bio(out_bio, token))
+ goto end;
+ } else {
+ if (!i2d_TS_RESP_bio(out_bio, response))
+ goto end;
}
+ }
ret = 1;
- end:
+end:
ERR_print_errors(bio_err);
/* Clean up. */
TS_RESP_free(response);
return ret;
- }
+}
/* Reads a PKCS7 token and adds default 'granted' status info to it. */
-static TS_RESP *read_PKCS7(BIO *in_bio)
- {
+static TS_RESP *
+read_PKCS7(BIO * in_bio)
+{
int ret = 0;
PKCS7 *token = NULL;
TS_TST_INFO *tst_info = NULL;
TS_STATUS_INFO *si = NULL;
/* Read PKCS7 object and extract the signed time stamp info. */
- if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
- if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) goto end;
+ if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
+ goto end;
+ if (!(tst_info = PKCS7_to_TS_TST_INFO(token)))
+ goto end;
/* Creating response object. */
- if (!(resp = TS_RESP_new())) goto end;
+ if (!(resp = TS_RESP_new()))
+ goto end;
/* Create granted status info. */
- if (!(si = TS_STATUS_INFO_new())) goto end;
- if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) goto end;
- if (!TS_RESP_set_status_info(resp, si)) goto end;
+ if (!(si = TS_STATUS_INFO_new()))
+ goto end;
+ if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED)))
+ goto end;
+ if (!TS_RESP_set_status_info(resp, si))
+ goto end;
/* Setting encapsulated token. */
TS_RESP_set_tst_info(resp, token, tst_info);
tst_info = NULL; /* Ownership is lost. */
ret = 1;
- end:
+end:
PKCS7_free(token);
TS_TST_INFO_free(tst_info);
- if (!ret)
- {
+ if (!ret) {
TS_RESP_free(resp);
resp = NULL;
- }
+ }
TS_STATUS_INFO_free(si);
return resp;
- }
+}
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy)
- {
+static TS_RESP *
+create_response(CONF * conf, const char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy)
+{
int ret = 0;
TS_RESP *response = NULL;
BIO *query_bio = NULL;
goto end;
/* Setting up response generation context. */
- if (!(resp_ctx = TS_RESP_CTX_new())) goto end;
+ if (!(resp_ctx = TS_RESP_CTX_new()))
+ goto end;
/* Setting serial number provider callback. */
- if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end;
+ if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
+ goto end;
#ifndef OPENSSL_NO_ENGINE
/* Setting default OpenSSL engine. */
- if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end;
+ if (!TS_CONF_set_crypto_device(conf, section, engine))
+ goto end;
#endif
/* Setting TSA signer certificate. */
- if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end;
+ if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
+ goto end;
/* Setting TSA signer certificate chain. */
- if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) goto end;
+ if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
+ goto end;
/* Setting TSA signer private key. */
if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
goto end;
/* Setting default policy OID. */
- if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end;
+ if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
+ goto end;
/* Setting acceptable policy OIDs. */
- if (!TS_CONF_set_policies(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_policies(conf, section, resp_ctx))
+ goto end;
/* Setting the acceptable one-way hash algorithms. */
- if (!TS_CONF_set_digests(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_digests(conf, section, resp_ctx))
+ goto end;
/* Setting guaranteed time stamp accuracy. */
- if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
+ goto end;
/* Setting the precision of the time. */
if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
goto end;
/* Setting the ordering flaf if requested. */
- if (!TS_CONF_set_ordering(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_ordering(conf, section, resp_ctx))
+ goto end;
/* Setting the TSA name required flag if requested. */
- if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
+ goto end;
/* Setting the ESS cert id chain flag if requested. */
- if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) goto end;
+ if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
+ goto end;
/* Creating the response. */
if (!(response = TS_RESP_create_response(resp_ctx, query_bio)))
goto end;
ret = 1;
- end:
- if (!ret)
- {
+end:
+ if (!ret) {
TS_RESP_free(response);
response = NULL;
- }
+ }
TS_RESP_CTX_free(resp_ctx);
BIO_free_all(query_bio);
return response;
- }
+}
-static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data)
- {
+static ASN1_INTEGER *
+serial_cb(TS_RESP_CTX * ctx, void *data)
+{
const char *serial_file = (const char *) data;
ASN1_INTEGER *serial = next_serial(serial_file);
- if (!serial)
- {
+ if (!serial) {
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
- "Error during serial number "
- "generation.");
+ "Error during serial number "
+ "generation.");
TS_RESP_CTX_add_failure_info(ctx,
- TS_INFO_ADD_INFO_NOT_AVAILABLE);
- }
- else
+ TS_INFO_ADD_INFO_NOT_AVAILABLE);
+ } else
save_ts_serial(serial_file, serial);
return serial;
- }
+}
-static ASN1_INTEGER *next_serial(const char *serialfile)
- {
+static ASN1_INTEGER *
+next_serial(const char *serialfile)
+{
int ret = 0;
BIO *in = NULL;
ASN1_INTEGER *serial = NULL;
BIGNUM *bn = NULL;
- if (!(serial = ASN1_INTEGER_new())) goto err;
+ if (!(serial = ASN1_INTEGER_new()))
+ goto err;
- if (!(in = BIO_new_file(serialfile, "r")))
- {
+ if (!(in = BIO_new_file(serialfile, "r"))) {
ERR_clear_error();
BIO_printf(bio_err, "Warning: could not open file %s for "
- "reading, using serial number: 1\n", serialfile);
- if (!ASN1_INTEGER_set(serial, 1)) goto err;
- }
- else
- {
+ "reading, using serial number: 1\n", serialfile);
+ if (!ASN1_INTEGER_set(serial, 1))
+ goto err;
+ } else {
char buf[1024];
- if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf)))
- {
+ if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
BIO_printf(bio_err, "unable to load number from %s\n",
- serialfile);
+ serialfile);
+ goto err;
+ }
+ if (!(bn = ASN1_INTEGER_to_BN(serial, NULL)))
goto err;
- }
- if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) goto err;
ASN1_INTEGER_free(serial);
serial = NULL;
- if (!BN_add_word(bn, 1)) goto err;
- if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) goto err;
- }
+ if (!BN_add_word(bn, 1))
+ goto err;
+ if (!(serial = BN_to_ASN1_INTEGER(bn, NULL)))
+ goto err;
+ }
ret = 1;
- err:
- if (!ret)
- {
+err:
+ if (!ret) {
ASN1_INTEGER_free(serial);
serial = NULL;
- }
+ }
BIO_free_all(in);
BN_free(bn);
return serial;
- }
+}
-static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
- {
+static int
+save_ts_serial(const char *serialfile, ASN1_INTEGER * serial)
+{
int ret = 0;
BIO *out = NULL;
- if (!(out = BIO_new_file(serialfile, "w"))) goto err;
- if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err;
- if (BIO_puts(out, "\n") <= 0) goto err;
+ if (!(out = BIO_new_file(serialfile, "w")))
+ goto err;
+ if (i2a_ASN1_INTEGER(out, serial) <= 0)
+ goto err;
+ if (BIO_puts(out, "\n") <= 0)
+ goto err;
ret = 1;
- err:
+err:
if (!ret)
BIO_printf(bio_err, "could not save serial number to %s\n",
- serialfile);
+ serialfile);
BIO_free_all(out);
return ret;
- }
+}
/*
* Verify-related method definitions.
*/
-static int verify_command(char *data, char *digest, char *queryfile,
- char *in, int token_in,
- char *ca_path, char *ca_file, char *untrusted)
- {
+static int
+verify_command(char *data, char *digest, char *queryfile,
+ char *in, int token_in,
+ char *ca_path, char *ca_file, char *untrusted)
+{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
TS_RESP *response = NULL;
int ret = 0;
/* Decode the token (PKCS7) or response (TS_RESP) files. */
- if (!(in_bio = BIO_new_file(in, "rb"))) goto end;
- if (token_in)
- {
- if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
- }
- else
- {
- if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end;
- }
+ if (!(in_bio = BIO_new_file(in, "rb")))
+ goto end;
+ if (token_in) {
+ if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
+ goto end;
+ } else {
+ if (!(response = d2i_TS_RESP_bio(in_bio, NULL)))
+ goto end;
+ }
- if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
- ca_path, ca_file, untrusted)))
+ if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
+ ca_path, ca_file, untrusted)))
goto end;
/* Checking the token or response against the request. */
ret = token_in ?
- TS_RESP_verify_token(verify_ctx, token) :
- TS_RESP_verify_response(verify_ctx, response);
+ TS_RESP_verify_token(verify_ctx, token) :
+ TS_RESP_verify_response(verify_ctx, response);
- end:
+end:
printf("Verification: ");
if (ret)
printf("OK\n");
- else
- {
+ else {
printf("FAILED\n");
/* Print errors, if there are any. */
ERR_print_errors(bio_err);
- }
-
+ }
+
/* Clean up. */
BIO_free_all(in_bio);
PKCS7_free(token);
TS_RESP_free(response);
TS_VERIFY_CTX_free(verify_ctx);
return ret;
- }
-
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
- char *queryfile,
- char *ca_path, char *ca_file,
- char *untrusted)
- {
+}
+
+static TS_VERIFY_CTX *
+create_verify_ctx(char *data, char *digest,
+ char *queryfile,
+ char *ca_path, char *ca_file,
+ char *untrusted)
+{
TS_VERIFY_CTX *ctx = NULL;
BIO *input = NULL;
TS_REQ *request = NULL;
int ret = 0;
- if (data != NULL || digest != NULL)
- {
- if (!(ctx = TS_VERIFY_CTX_new())) goto err;
+ if (data != NULL || digest != NULL) {
+ if (!(ctx = TS_VERIFY_CTX_new()))
+ goto err;
ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
- if (data != NULL)
- {
+ if (data != NULL) {
ctx->flags |= TS_VFY_DATA;
- if (!(ctx->data = BIO_new_file(data, "rb"))) goto err;
- }
- else if (digest != NULL)
- {
+ if (!(ctx->data = BIO_new_file(data, "rb")))
+ goto err;
+ } else if (digest != NULL) {
long imprint_len;
ctx->flags |= TS_VFY_IMPRINT;
if (!(ctx->imprint = string_to_hex(digest,
- &imprint_len)))
- {
+ &imprint_len))) {
BIO_printf(bio_err, "invalid digest string\n");
goto err;
- }
- ctx->imprint_len = imprint_len;
}
-
- }
- else if (queryfile != NULL)
- {
- /* The request has just to be read, decoded and converted to
- a verify context object. */
- if (!(input = BIO_new_file(queryfile, "rb"))) goto err;
- if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
- if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
+ ctx->imprint_len = imprint_len;
}
- else
+ } else if (queryfile != NULL) {
+ /*
+ * The request has just to be read, decoded and converted to
+ * a verify context object.
+ */
+ if (!(input = BIO_new_file(queryfile, "rb")))
+ goto err;
+ if (!(request = d2i_TS_REQ_bio(input, NULL)))
+ goto err;
+ if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)))
+ goto err;
+ } else
return NULL;
/* Add the signature verification flag and arguments. */
ctx->flags |= TS_VFY_SIGNATURE;
/* Initialising the X509_STORE object. */
- if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err;
+ if (!(ctx->store = create_cert_store(ca_path, ca_file)))
+ goto err;
/* Loading untrusted certificates. */
- if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
+ if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
goto err;
ret = 1;
- err:
- if (!ret)
- {
+err:
+ if (!ret) {
TS_VERIFY_CTX_free(ctx);
ctx = NULL;
- }
+ }
BIO_free_all(input);
TS_REQ_free(request);
return ctx;
- }
+}
-static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
- {
+static X509_STORE *
+create_cert_store(char *ca_path, char *ca_file)
+{
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
int i;
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
/* Adding a trusted certificate directory source. */
- if (ca_path)
- {
+ if (ca_path) {
lookup = X509_STORE_add_lookup(cert_ctx,
- X509_LOOKUP_hash_dir());
- if (lookup == NULL)
- {
+ X509_LOOKUP_hash_dir());
+ if (lookup == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
- }
+ }
i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM);
- if (!i)
- {
+ if (!i) {
BIO_printf(bio_err, "Error loading directory %s\n",
- ca_path);
+ ca_path);
goto err;
- }
}
-
+ }
/* Adding a trusted certificate file source. */
- if (ca_file)
- {
+ if (ca_file) {
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
- if (lookup == NULL)
- {
+ if (lookup == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
- }
+ }
i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM);
- if (!i)
- {
+ if (!i) {
BIO_printf(bio_err, "Error loading file %s\n", ca_file);
goto err;
- }
}
-
+ }
return cert_ctx;
- err:
+err:
X509_STORE_free(cert_ctx);
return NULL;
- }
+}
-static int verify_cb(int ok, X509_STORE_CTX *ctx)
- {
+static int
+verify_cb(int ok, X509_STORE_CTX * ctx)
+{
/*
char buf[256];
*/
return ok;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#undef PROG
#define PROG verify_main
-static int cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file,
- STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e);
-static int v_verbose=0, vflags = 0;
+static int cb(int ok, X509_STORE_CTX * ctx);
+static int
+check(X509_STORE * ctx, char *file,
+ STACK_OF(X509) * uchain, STACK_OF(X509) * tchain,
+ STACK_OF(X509_CRL) * crls, ENGINE * e);
+ static int v_verbose = 0, vflags = 0;
-int MAIN(int, char **);
+ int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
+ int MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
- int i,ret=1, badarg = 0;
- char *CApath=NULL,*CAfile=NULL;
+ int i, ret = 1, badarg = 0;
+ char *CApath = NULL, *CAfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
- STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
- STACK_OF(X509_CRL) *crls = NULL;
- X509_STORE *cert_ctx=NULL;
- X509_LOOKUP *lookup=NULL;
+ STACK_OF(X509) * untrusted = NULL, *trusted = NULL;
+ STACK_OF(X509_CRL) * crls = NULL;
+ X509_STORE *cert_ctx = NULL;
+ X509_LOOKUP *lookup = NULL;
X509_VERIFY_PARAM *vpm = NULL;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
- cert_ctx=X509_STORE_new();
- if (cert_ctx == NULL) goto end;
- X509_STORE_set_verify_cb(cert_ctx,cb);
+ cert_ctx = X509_STORE_new();
+ if (cert_ctx == NULL)
+ goto end;
+ X509_STORE_set_verify_cb(cert_ctx, cb);
ERR_load_crypto_strings();
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argc--;
argv++;
- for (;;)
- {
- if (argc >= 1)
- {
- if (strcmp(*argv,"-CApath") == 0)
- {
- if (argc-- < 1) goto end;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (argc-- < 1) goto end;
- CAfile= *(++argv);
- }
- else if (args_verify(&argv, &argc, &badarg, bio_err,
- &vpm))
- {
+ for (;;) {
+ if (argc >= 1) {
+ if (strcmp(*argv, "-CApath") == 0) {
+ if (argc-- < 1)
+ goto end;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (argc-- < 1)
+ goto end;
+ CAfile = *(++argv);
+ } else if (args_verify(&argv, &argc, &badarg, bio_err,
+ &vpm)) {
if (badarg)
goto end;
continue;
- }
- else if (strcmp(*argv,"-untrusted") == 0)
- {
- if (argc-- < 1) goto end;
- untfile= *(++argv);
- }
- else if (strcmp(*argv,"-trusted") == 0)
- {
- if (argc-- < 1) goto end;
- trustfile= *(++argv);
- }
- else if (strcmp(*argv,"-CRLfile") == 0)
- {
- if (argc-- < 1) goto end;
- crlfile= *(++argv);
- }
+ } else if (strcmp(*argv, "-untrusted") == 0) {
+ if (argc-- < 1)
+ goto end;
+ untfile = *(++argv);
+ } else if (strcmp(*argv, "-trusted") == 0) {
+ if (argc-- < 1)
+ goto end;
+ trustfile = *(++argv);
+ } else if (strcmp(*argv, "-CRLfile") == 0) {
+ if (argc-- < 1)
+ goto end;
+ crlfile = *(++argv);
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto end;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto end;
+ engine = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-help") == 0)
+ else if (strcmp(*argv, "-help") == 0)
goto end;
- else if (strcmp(*argv,"-verbose") == 0)
- v_verbose=1;
+ else if (strcmp(*argv, "-verbose") == 0)
+ v_verbose = 1;
else if (argv[0][0] == '-')
goto end;
else
break;
argc--;
argv++;
- }
- else
+ } else
break;
- }
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
- if (lookup == NULL) abort();
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+ if (lookup == NULL)
+ abort();
if (CAfile) {
- i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
- if(!i) {
+ i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+ if (!i) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
ERR_print_errors(bio_err);
goto end;
}
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
- if (lookup == NULL) abort();
+ } else
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ abort();
if (CApath) {
- i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
- if(!i) {
+ i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+ if (!i) {
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
ERR_print_errors(bio_err);
goto end;
}
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+ } else
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error();
- if(untfile)
- {
+ if (untfile) {
untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
- NULL, e, "untrusted certificates");
- if(!untrusted)
+ NULL, e, "untrusted certificates");
+ if (!untrusted)
goto end;
- }
-
- if(trustfile)
- {
+ }
+ if (trustfile) {
trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
- NULL, e, "trusted certificates");
- if(!trusted)
+ NULL, e, "trusted certificates");
+ if (!trusted)
goto end;
- }
-
- if(crlfile)
- {
+ }
+ if (crlfile) {
crls = load_crls(bio_err, crlfile, FORMAT_PEM,
- NULL, e, "other CRLs");
- if(!crls)
+ NULL, e, "other CRLs");
+ if (!crls)
goto end;
- }
-
+ }
ret = 0;
- if (argc < 1)
- {
+ if (argc < 1) {
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
ret = -1;
- }
- else
- {
- for (i=0; i<argc; i++)
- if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+ } else {
+ for (i = 0; i < argc; i++)
+ if (1 != check(cert_ctx, argv[i], untrusted, trusted, crls, e))
ret = -1;
- }
+ }
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err," [-attime timestamp]");
+ BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+ BIO_printf(bio_err, " [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," [-engine e]");
+ BIO_printf(bio_err, " [-engine e]");
#endif
- BIO_printf(bio_err," cert1 cert2 ...\n");
+ BIO_printf(bio_err, " cert1 cert2 ...\n");
- BIO_printf(bio_err,"recognized usages:\n");
- for(i = 0; i < X509_PURPOSE_get_count(); i++)
- {
+ BIO_printf(bio_err, "recognized usages:\n");
+ for (i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i);
BIO_printf(bio_err, "\t%-10s\t%s\n",
- X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
- }
+ X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
+ }
}
- if (vpm) X509_VERIFY_PARAM_free(vpm);
- if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (cert_ctx != NULL)
+ X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown();
- return(ret < 0 ? 2 : ret);
- }
-
-static int check(X509_STORE *ctx, char *file,
- STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e)
- {
- X509 *x=NULL;
- int i=0,ret=0;
+ return (ret < 0 ? 2 : ret);
+}
+
+static int
+check(X509_STORE * ctx, char *file,
+ STACK_OF(X509) * uchain, STACK_OF(X509) * tchain,
+ STACK_OF(X509_CRL) * crls, ENGINE * e)
+{
+ X509 *x = NULL;
+ int i = 0, ret = 0;
X509_STORE_CTX *csc;
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL)
goto end;
- fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
+ fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
csc = X509_STORE_CTX_new();
- if (csc == NULL)
- {
+ if (csc == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
+ }
X509_STORE_set_flags(ctx, vflags);
- if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
- {
+ if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err);
goto end;
- }
- if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
+ }
+ if (tchain)
+ X509_STORE_CTX_trusted_stack(csc, tchain);
if (crls)
X509_STORE_CTX_set0_crls(csc, crls);
- i=X509_verify_cert(csc);
+ i = X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
- ret=0;
+ ret = 0;
end:
- if (i > 0)
- {
- fprintf(stdout,"OK\n");
- ret=1;
- }
- else
+ if (i > 0) {
+ fprintf(stdout, "OK\n");
+ ret = 1;
+ } else
ERR_print_errors(bio_err);
- if (x != NULL) X509_free(x);
+ if (x != NULL)
+ X509_free(x);
- return(ret);
- }
+ return (ret);
+}
-static int cb(int ok, X509_STORE_CTX *ctx)
- {
+static int
+cb(int ok, X509_STORE_CTX * ctx)
+{
int cert_error = X509_STORE_CTX_get_error(ctx);
X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
- if (!ok)
- {
- if (current_cert)
- {
+ if (!ok) {
+ if (current_cert) {
X509_NAME_print_ex_fp(stdout,
- X509_get_subject_name(current_cert),
- 0, XN_FLAG_ONELINE);
+ X509_get_subject_name(current_cert),
+ 0, XN_FLAG_ONELINE);
printf("\n");
- }
+ }
printf("%serror %d at %d depth lookup:%s\n",
- X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
- cert_error,
- X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(cert_error));
- switch(cert_error)
- {
- case X509_V_ERR_NO_EXPLICIT_POLICY:
- policies_print(NULL, ctx);
- case X509_V_ERR_CERT_HAS_EXPIRED:
-
- /* since we are just checking the certificates, it is
- * ok if they are self signed. But we should still warn
- * the user.
+ X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
+ cert_error,
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(cert_error));
+ switch (cert_error) {
+ case X509_V_ERR_NO_EXPLICIT_POLICY:
+ policies_print(NULL, ctx);
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+
+ /*
+ * since we are just checking the certificates, it is
+ * ok if they are self signed. But we should still
+ * warn the user.
*/
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
- case X509_V_ERR_INVALID_CA:
- case X509_V_ERR_INVALID_NON_CA:
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- case X509_V_ERR_INVALID_PURPOSE:
- case X509_V_ERR_CRL_HAS_EXPIRED:
- case X509_V_ERR_CRL_NOT_YET_VALID:
- case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+ case X509_V_ERR_INVALID_CA:
+ case X509_V_ERR_INVALID_NON_CA:
+ case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+ case X509_V_ERR_INVALID_PURPOSE:
+ case X509_V_ERR_CRL_HAS_EXPIRED:
+ case X509_V_ERR_CRL_NOT_YET_VALID:
+ case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
ok = 1;
- }
+ }
return ok;
- }
+ }
if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx);
if (!v_verbose)
ERR_clear_error();
- return(ok);
- }
+ return (ok);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <openssl/crypto.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
+#include <openssl/md2.h>
#endif
#ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
+#include <openssl/rc4.h>
#endif
#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
+#include <openssl/des.h>
#endif
#ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
+#include <openssl/idea.h>
#endif
#ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
+#include <openssl/blowfish.h>
#endif
#undef PROG
int MAIN(int, char **);
-int MAIN(int argc, char **argv)
- {
- int i,ret=0;
- int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+int
+MAIN(int argc, char **argv)
+{
+ int i, ret = 0;
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0,
+ dir = 0;
apps_startup();
if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- if (argc == 1) version=1;
- for (i=1; i<argc; i++)
- {
- if (strcmp(argv[i],"-v") == 0)
- version=1;
- else if (strcmp(argv[i],"-b") == 0)
- date=1;
- else if (strcmp(argv[i],"-f") == 0)
- cflags=1;
- else if (strcmp(argv[i],"-o") == 0)
- options=1;
- else if (strcmp(argv[i],"-p") == 0)
- platform=1;
- else if (strcmp(argv[i],"-d") == 0)
- dir=1;
- else if (strcmp(argv[i],"-a") == 0)
- date=version=cflags=options=platform=dir=1;
- else
- {
- BIO_printf(bio_err,"usage:version -[avbofpd]\n");
- ret=1;
+ if (argc == 1)
+ version = 1;
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-v") == 0)
+ version = 1;
+ else if (strcmp(argv[i], "-b") == 0)
+ date = 1;
+ else if (strcmp(argv[i], "-f") == 0)
+ cflags = 1;
+ else if (strcmp(argv[i], "-o") == 0)
+ options = 1;
+ else if (strcmp(argv[i], "-p") == 0)
+ platform = 1;
+ else if (strcmp(argv[i], "-d") == 0)
+ dir = 1;
+ else if (strcmp(argv[i], "-a") == 0)
+ date = version = cflags = options = platform = dir = 1;
+ else {
+ BIO_printf(bio_err, "usage:version -[avbofpd]\n");
+ ret = 1;
goto end;
- }
}
+ }
- if (version)
- {
- if (SSLeay() == SSLEAY_VERSION_NUMBER)
- {
- printf("%s\n",SSLeay_version(SSLEAY_VERSION));
- }
- else
- {
+ if (version) {
+ if (SSLeay() == SSLEAY_VERSION_NUMBER) {
+ printf("%s\n", SSLeay_version(SSLEAY_VERSION));
+ } else {
printf("%s (Library: %s)\n",
- OPENSSL_VERSION_TEXT,
- SSLeay_version(SSLEAY_VERSION));
- }
+ OPENSSL_VERSION_TEXT,
+ SSLeay_version(SSLEAY_VERSION));
}
- if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
- if (options)
- {
+ }
+ if (date)
+ printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
+ if (platform)
+ printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
+ if (options) {
printf("options: ");
- printf("%s ",BN_options());
+ printf("%s ", BN_options());
#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
+ printf("%s ", MD2_options());
#endif
#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
+ printf("%s ", RC4_options());
#endif
#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
+ printf("%s ", DES_options());
#endif
#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
+ printf("%s ", idea_options());
#endif
#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
+ printf("%s ", BF_options());
#endif
printf("\n");
- }
- if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
- if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
+ }
+ if (cflags)
+ printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
+ if (dir)
+ printf("%s\n", SSLeay_version(SSLEAY_DIR));
end:
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define POSTFIX ".srl"
#define DEF_DAYS 30
-static const char *x509_usage[]={
-"usage: x509 args\n",
-" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
-" -keyform arg - private key format - default PEM\n",
-" -CAform arg - CA format - default PEM\n",
-" -CAkeyform arg - CA key format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -passin arg - private key password source\n",
-" -serial - print serial number value\n",
-" -subject_hash - print subject hash value\n",
+static const char *x509_usage[] = {
+ "usage: x509 args\n",
+ " -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
+ " -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
+ " -keyform arg - private key format - default PEM\n",
+ " -CAform arg - CA format - default PEM\n",
+ " -CAkeyform arg - CA key format - default PEM\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -passin arg - private key password source\n",
+ " -serial - print serial number value\n",
+ " -subject_hash - print subject hash value\n",
#ifndef OPENSSL_NO_MD5
-" -subject_hash_old - print old-style (MD5) subject hash value\n",
+ " -subject_hash_old - print old-style (MD5) subject hash value\n",
#endif
-" -issuer_hash - print issuer hash value\n",
+ " -issuer_hash - print issuer hash value\n",
#ifndef OPENSSL_NO_MD5
-" -issuer_hash_old - print old-style (MD5) issuer hash value\n",
+ " -issuer_hash_old - print old-style (MD5) issuer hash value\n",
#endif
-" -hash - synonym for -subject_hash\n",
-" -subject - print subject DN\n",
-" -issuer - print issuer DN\n",
-" -email - print email address(es)\n",
-" -startdate - notBefore field\n",
-" -enddate - notAfter field\n",
-" -purpose - print out certificate purposes\n",
-" -dates - both Before and After dates\n",
-" -modulus - print the RSA key modulus\n",
-" -pubkey - output the public key\n",
-" -fingerprint - print the certificate fingerprint\n",
-" -alias - output certificate alias\n",
-" -noout - no certificate output\n",
-" -ocspid - print OCSP hash values for the subject name and public key\n",
-" -ocsp_uri - print OCSP Responder URL(s)\n",
-" -trustout - output a \"trusted\" certificate\n",
-" -clrtrust - clear all trusted purposes\n",
-" -clrreject - clear all rejected purposes\n",
-" -addtrust arg - trust certificate for a given purpose\n",
-" -addreject arg - reject certificate for a given purpose\n",
-" -setalias arg - set certificate alias\n",
-" -days arg - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg - check whether the cert expires in the next arg seconds\n",
-" exit 1 if so, 0 if not\n",
-" -signkey arg - self sign cert with arg\n",
-" -x509toreq - output a certification request object\n",
-" -req - input is a certificate request, sign and output.\n",
-" -CA arg - set the CA certificate, must be PEM format.\n",
-" -CAkey arg - set the CA key, must be PEM format\n",
-" missing, it is assumed to be in the CA file.\n",
-" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial arg - serial file\n",
-" -set_serial - serial number to use\n",
-" -text - print the certificate in text form\n",
-" -C - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
-" -extfile - configuration file with X509V3 extensions to add\n",
-" -extensions - section from config file with X509V3 extensions to add\n",
-" -clrext - delete extensions before signing and input certificate\n",
-" -nameopt arg - various certificate name options\n",
+ " -hash - synonym for -subject_hash\n",
+ " -subject - print subject DN\n",
+ " -issuer - print issuer DN\n",
+ " -email - print email address(es)\n",
+ " -startdate - notBefore field\n",
+ " -enddate - notAfter field\n",
+ " -purpose - print out certificate purposes\n",
+ " -dates - both Before and After dates\n",
+ " -modulus - print the RSA key modulus\n",
+ " -pubkey - output the public key\n",
+ " -fingerprint - print the certificate fingerprint\n",
+ " -alias - output certificate alias\n",
+ " -noout - no certificate output\n",
+ " -ocspid - print OCSP hash values for the subject name and public key\n",
+ " -ocsp_uri - print OCSP Responder URL(s)\n",
+ " -trustout - output a \"trusted\" certificate\n",
+ " -clrtrust - clear all trusted purposes\n",
+ " -clrreject - clear all rejected purposes\n",
+ " -addtrust arg - trust certificate for a given purpose\n",
+ " -addreject arg - reject certificate for a given purpose\n",
+ " -setalias arg - set certificate alias\n",
+ " -days arg - How long till expiry of a signed certificate - def 30 days\n",
+ " -checkend arg - check whether the cert expires in the next arg seconds\n",
+ " exit 1 if so, 0 if not\n",
+ " -signkey arg - self sign cert with arg\n",
+ " -x509toreq - output a certification request object\n",
+ " -req - input is a certificate request, sign and output.\n",
+ " -CA arg - set the CA certificate, must be PEM format.\n",
+ " -CAkey arg - set the CA key, must be PEM format\n",
+ " missing, it is assumed to be in the CA file.\n",
+ " -CAcreateserial - create serial number file if it does not exist\n",
+ " -CAserial arg - serial file\n",
+ " -set_serial - serial number to use\n",
+ " -text - print the certificate in text form\n",
+ " -C - print out C code forms\n",
+ " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+ " -extfile - configuration file with X509V3 extensions to add\n",
+ " -extensions - section from config file with X509V3 extensions to add\n",
+ " -clrext - delete extensions before signing and input certificate\n",
+ " -nameopt arg - various certificate name options\n",
#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
+ " -engine e - use engine e, possibly a hardware device.\n",
#endif
-" -certopt arg - various certificate text options\n",
-NULL
+ " -certopt arg - various certificate text options\n",
+ NULL
};
-static int callb(int ok, X509_STORE_CTX *ctx);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
- CONF *conf, char *section);
-static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
- X509 *x,X509 *xca,EVP_PKEY *pkey,
- STACK_OF(OPENSSL_STRING) *sigopts,
- char *serial, int create ,int days, int clrext,
- CONF *conf, char *section, ASN1_INTEGER *sno);
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-static int reqfile=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
+static int callb(int ok, X509_STORE_CTX * ctx);
+static int
+sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
+ CONF * conf, char *section);
+static int
+x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest,
+ X509 * x, X509 * xca, EVP_PKEY * pkey,
+ STACK_OF(OPENSSL_STRING) * sigopts,
+ char *serial, int create, int days, int clrext,
+ CONF * conf, char *section, ASN1_INTEGER * sno);
+ static int purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt);
+ static int reqfile = 0;
+
+ int MAIN(int, char **);
+
+ int MAIN(int argc, char **argv)
+{
ENGINE *e = NULL;
- int ret=1;
- X509_REQ *req=NULL;
- X509 *x=NULL,*xca=NULL;
+ int ret = 1;
+ X509_REQ *req = NULL;
+ X509 *x = NULL, *xca = NULL;
ASN1_OBJECT *objtmp;
- STACK_OF(OPENSSL_STRING) *sigopts = NULL;
- EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+ STACK_OF(OPENSSL_STRING) * sigopts = NULL;
+ EVP_PKEY *Upkey = NULL, *CApkey = NULL;
ASN1_INTEGER *sno = NULL;
- int i,num,badops=0;
- BIO *out=NULL;
- BIO *STDout=NULL;
- STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
- int informat,outformat,keyformat,CAformat,CAkeyformat;
- char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
- char *CAkeyfile=NULL,*CAserial=NULL;
- char *alias=NULL;
- int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
- int next_serial=0;
- int subject_hash=0,issuer_hash=0,ocspid=0;
+ int i, num, badops = 0;
+ BIO *out = NULL;
+ BIO *STDout = NULL;
+ STACK_OF(ASN1_OBJECT) * trust = NULL, *reject = NULL;
+ int informat, outformat, keyformat, CAformat, CAkeyformat;
+ char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+ char *CAkeyfile = NULL, *CAserial = NULL;
+ char *alias = NULL;
+ int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0,
+ enddate = 0;
+ int next_serial = 0;
+ int subject_hash = 0, issuer_hash = 0, ocspid = 0;
#ifndef OPENSSL_NO_MD5
- int subject_hash_old=0,issuer_hash_old=0;
+ int subject_hash_old = 0, issuer_hash_old = 0;
#endif
- int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
- int ocsp_uri=0;
- int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
- int C=0;
- int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
+ int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0,
+ email = 0;
+ int ocsp_uri = 0;
+ int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
+ int C = 0;
+ int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
int pprint = 0;
const char **pp;
- X509_STORE *ctx=NULL;
- X509_REQ *rq=NULL;
- int fingerprint=0;
+ X509_STORE *ctx = NULL;
+ X509_REQ *rq = NULL;
+ int fingerprint = 0;
char buf[256];
- const EVP_MD *md_alg,*digest=NULL;
+ const EVP_MD *md_alg, *digest = NULL;
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
- int checkend=0,checkoffset=0;
+ int checkend = 0, checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
+ char *engine = NULL;
#endif
- reqfile=0;
+ reqfile = 0;
apps_startup();
if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
- STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+ STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
- keyformat=FORMAT_PEM;
- CAformat=FORMAT_PEM;
- CAkeyformat=FORMAT_PEM;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+ keyformat = FORMAT_PEM;
+ CAformat = FORMAT_PEM;
+ CAkeyformat = FORMAT_PEM;
- ctx=X509_STORE_new();
- if (ctx == NULL) goto end;
- X509_STORE_set_verify_cb(ctx,callb);
+ ctx = X509_STORE_new();
+ if (ctx == NULL)
+ goto end;
+ X509_STORE_set_verify_cb(ctx, callb);
argc--;
argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-req") == 0)
- {
- reqfile=1;
+ num = 0;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-req") == 0) {
+ reqfile = 1;
need_rand = 1;
- }
- else if (strcmp(*argv,"-CAform") == 0)
- {
- if (--argc < 1) goto bad;
- CAformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-CAkeyform") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-sigopt") == 0)
- {
+ } else if (strcmp(*argv, "-CAform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-CAkeyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAkeyformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-sigopt") == 0) {
if (--argc < 1)
goto bad;
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad;
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- if (days == 0)
- {
- BIO_printf(bio_err,"bad number of days\n");
+ } else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ if (days == 0) {
+ BIO_printf(bio_err, "bad number of days\n");
goto bad;
- }
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extsect= *(++argv);
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
}
- else if (strcmp(*argv,"-signkey") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- sign_flag= ++num;
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-extfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extfile = *(++argv);
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extsect = *(++argv);
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-signkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ sign_flag = ++num;
need_rand = 1;
- }
- else if (strcmp(*argv,"-CA") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- CA_flag= ++num;
+ } else if (strcmp(*argv, "-CA") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ CA_flag = ++num;
need_rand = 1;
- }
- else if (strcmp(*argv,"-CAkey") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyfile= *(++argv);
- }
- else if (strcmp(*argv,"-CAserial") == 0)
- {
- if (--argc < 1) goto bad;
- CAserial= *(++argv);
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
+ } else if (strcmp(*argv, "-CAkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAkeyfile = *(++argv);
+ } else if (strcmp(*argv, "-CAserial") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAserial = *(++argv);
+ } else if (strcmp(*argv, "-set_serial") == 0) {
+ if (--argc < 1)
+ goto bad;
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
goto bad;
- }
- else if (strcmp(*argv,"-addtrust") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
+ } else if (strcmp(*argv, "-addtrust") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
- "Invalid trust object value %s\n", *argv);
+ "Invalid trust object value %s\n", *argv);
goto bad;
- }
- if (!trust) trust = sk_ASN1_OBJECT_new_null();
+ }
+ if (!trust)
+ trust = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(trust, objtmp);
trustout = 1;
- }
- else if (strcmp(*argv,"-addreject") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
+ } else if (strcmp(*argv, "-addreject") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
- "Invalid reject object value %s\n", *argv);
+ "Invalid reject object value %s\n", *argv);
goto bad;
- }
- if (!reject) reject = sk_ASN1_OBJECT_new_null();
+ }
+ if (!reject)
+ reject = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(reject, objtmp);
trustout = 1;
- }
- else if (strcmp(*argv,"-setalias") == 0)
- {
- if (--argc < 1) goto bad;
- alias= *(++argv);
+ } else if (strcmp(*argv, "-setalias") == 0) {
+ if (--argc < 1)
+ goto bad;
+ alias = *(++argv);
trustout = 1;
- }
- else if (strcmp(*argv,"-certopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&certflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
+ } else if (strcmp(*argv, "-certopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_cert_ex(&certflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-nameopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_name_ex(&nmflag, *(++argv)))
+ goto bad;
+ }
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
#endif
- else if (strcmp(*argv,"-C") == 0)
- C= ++num;
- else if (strcmp(*argv,"-email") == 0)
- email= ++num;
- else if (strcmp(*argv,"-ocsp_uri") == 0)
- ocsp_uri= ++num;
- else if (strcmp(*argv,"-serial") == 0)
- serial= ++num;
- else if (strcmp(*argv,"-next_serial") == 0)
- next_serial= ++num;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus= ++num;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey= ++num;
- else if (strcmp(*argv,"-x509toreq") == 0)
- x509req= ++num;
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-hash") == 0
- || strcmp(*argv,"-subject_hash") == 0)
- subject_hash= ++num;
+ else if (strcmp(*argv, "-C") == 0)
+ C = ++num;
+ else if (strcmp(*argv, "-email") == 0)
+ email = ++num;
+ else if (strcmp(*argv, "-ocsp_uri") == 0)
+ ocsp_uri = ++num;
+ else if (strcmp(*argv, "-serial") == 0)
+ serial = ++num;
+ else if (strcmp(*argv, "-next_serial") == 0)
+ next_serial = ++num;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = ++num;
+ else if (strcmp(*argv, "-pubkey") == 0)
+ pubkey = ++num;
+ else if (strcmp(*argv, "-x509toreq") == 0)
+ x509req = ++num;
+ else if (strcmp(*argv, "-text") == 0)
+ text = ++num;
+ else if (strcmp(*argv, "-hash") == 0
+ || strcmp(*argv, "-subject_hash") == 0)
+ subject_hash = ++num;
#ifndef OPENSSL_NO_MD5
- else if (strcmp(*argv,"-subject_hash_old") == 0)
- subject_hash_old= ++num;
+ else if (strcmp(*argv, "-subject_hash_old") == 0)
+ subject_hash_old = ++num;
#endif
- else if (strcmp(*argv,"-issuer_hash") == 0)
- issuer_hash= ++num;
+ else if (strcmp(*argv, "-issuer_hash") == 0)
+ issuer_hash = ++num;
#ifndef OPENSSL_NO_MD5
- else if (strcmp(*argv,"-issuer_hash_old") == 0)
- issuer_hash_old= ++num;
+ else if (strcmp(*argv, "-issuer_hash_old") == 0)
+ issuer_hash_old = ++num;
#endif
- else if (strcmp(*argv,"-subject") == 0)
- subject= ++num;
- else if (strcmp(*argv,"-issuer") == 0)
- issuer= ++num;
- else if (strcmp(*argv,"-fingerprint") == 0)
- fingerprint= ++num;
- else if (strcmp(*argv,"-dates") == 0)
- {
- startdate= ++num;
- enddate= ++num;
- }
- else if (strcmp(*argv,"-purpose") == 0)
- pprint= ++num;
- else if (strcmp(*argv,"-startdate") == 0)
- startdate= ++num;
- else if (strcmp(*argv,"-enddate") == 0)
- enddate= ++num;
- else if (strcmp(*argv,"-checkend") == 0)
- {
- if (--argc < 1) goto bad;
- checkoffset=atoi(*(++argv));
- checkend=1;
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-trustout") == 0)
- trustout= 1;
- else if (strcmp(*argv,"-clrtrust") == 0)
- clrtrust= ++num;
- else if (strcmp(*argv,"-clrreject") == 0)
- clrreject= ++num;
- else if (strcmp(*argv,"-alias") == 0)
- aliasout= ++num;
- else if (strcmp(*argv,"-CAcreateserial") == 0)
- CA_createserial= ++num;
- else if (strcmp(*argv,"-clrext") == 0)
+ else if (strcmp(*argv, "-subject") == 0)
+ subject = ++num;
+ else if (strcmp(*argv, "-issuer") == 0)
+ issuer = ++num;
+ else if (strcmp(*argv, "-fingerprint") == 0)
+ fingerprint = ++num;
+ else if (strcmp(*argv, "-dates") == 0) {
+ startdate = ++num;
+ enddate = ++num;
+ } else if (strcmp(*argv, "-purpose") == 0)
+ pprint = ++num;
+ else if (strcmp(*argv, "-startdate") == 0)
+ startdate = ++num;
+ else if (strcmp(*argv, "-enddate") == 0)
+ enddate = ++num;
+ else if (strcmp(*argv, "-checkend") == 0) {
+ if (--argc < 1)
+ goto bad;
+ checkoffset = atoi(*(++argv));
+ checkend = 1;
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = ++num;
+ else if (strcmp(*argv, "-trustout") == 0)
+ trustout = 1;
+ else if (strcmp(*argv, "-clrtrust") == 0)
+ clrtrust = ++num;
+ else if (strcmp(*argv, "-clrreject") == 0)
+ clrreject = ++num;
+ else if (strcmp(*argv, "-alias") == 0)
+ aliasout = ++num;
+ else if (strcmp(*argv, "-CAcreateserial") == 0)
+ CA_createserial = ++num;
+ else if (strcmp(*argv, "-clrext") == 0)
clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
- else if (strcmp(*argv,"-crlext") == 0)
- {
- BIO_printf(bio_err,"use -clrext instead of -crlext\n");
+#if 1 /* stay backwards-compatible with 0.9.5; this
+ * should go away soon */
+ else if (strcmp(*argv, "-crlext") == 0) {
+ BIO_printf(bio_err, "use -clrext instead of -crlext\n");
clrext = 1;
- }
+ }
#endif
- else if (strcmp(*argv,"-ocspid") == 0)
- ocspid= ++num;
- else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
- {
+ else if (strcmp(*argv, "-ocspid") == 0)
+ ocspid = ++num;
+ else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
+ digest = md_alg;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
break;
- }
+ }
argc--;
argv++;
- }
+ }
- if (badops)
- {
+ if (badops) {
bad:
- for (pp=x509_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
+ for (pp = x509_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
goto end;
- }
-
+ }
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
#endif
if (need_rand)
ERR_load_crypto_strings();
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
- }
-
- if (!X509_STORE_set_default_paths(ctx))
- {
+ }
+ if (!X509_STORE_set_default_paths(ctx)) {
ERR_print_errors(bio_err);
goto end;
- }
-
- if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
- { CAkeyfile=CAfile; }
- else if ((CA_flag) && (CAkeyfile == NULL))
- {
- BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+ }
+ if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+ CAkeyfile = CAfile;
+ } else if ((CA_flag) && (CAkeyfile == NULL)) {
+ BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n");
goto end;
- }
-
- if (extfile)
- {
+ }
+ if (extfile) {
long errorline = -1;
X509V3_CTX ctx2;
extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, extfile,&errorline))
- {
+ if (!NCONF_load(extconf, extfile, &errorline)) {
if (errorline <= 0)
BIO_printf(bio_err,
- "error loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err,
- "error on line %ld of config file '%s'\n"
- ,errorline,extfile);
+ "error loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err,
+ "error on line %ld of config file '%s'\n"
+ ,errorline, extfile);
goto end;
- }
- if (!extsect)
- {
+ }
+ if (!extsect) {
extsect = NCONF_get_string(extconf, "default", "extensions");
- if (!extsect)
- {
+ if (!extsect) {
ERR_clear_error();
extsect = "default";
- }
}
+ }
X509V3_set_ctx_test(&ctx2);
X509V3_set_nconf(&ctx2, extconf);
- if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
- {
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extsect);
+ "Error Loading extension section %s\n",
+ extsect);
ERR_print_errors(bio_err);
goto end;
- }
}
-
-
- if (reqfile)
- {
+ }
+ if (reqfile) {
EVP_PKEY *pkey;
BIO *in;
- if (!sign_flag && !CA_flag)
- {
- BIO_printf(bio_err,"We need a private key to sign with\n");
+ if (!sign_flag && !CA_flag) {
+ BIO_printf(bio_err, "We need a private key to sign with\n");
goto end;
- }
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
+ }
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
+ }
if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
BIO_free(in);
goto end;
- }
}
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+ }
+ req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
BIO_free(in);
- if (req == NULL)
- {
+ if (req == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
-
- if ( (req->req_info == NULL) ||
- (req->req_info->pubkey == NULL) ||
- (req->req_info->pubkey->public_key == NULL) ||
- (req->req_info->pubkey->public_key->data == NULL))
- {
- BIO_printf(bio_err,"The certificate request appears to corrupted\n");
- BIO_printf(bio_err,"It does not contain a public key\n");
+ }
+ if ((req->req_info == NULL) ||
+ (req->req_info->pubkey == NULL) ||
+ (req->req_info->pubkey->public_key == NULL) ||
+ (req->req_info->pubkey->public_key->data == NULL)) {
+ BIO_printf(bio_err, "The certificate request appears to corrupted\n");
+ BIO_printf(bio_err, "It does not contain a public key\n");
goto end;
- }
- if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto end;
- }
- i=X509_REQ_verify(req,pkey);
+ }
+ if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto end;
+ }
+ i = X509_REQ_verify(req, pkey);
EVP_PKEY_free(pkey);
- if (i < 0)
- {
- BIO_printf(bio_err,"Signature verification error\n");
+ if (i < 0) {
+ BIO_printf(bio_err, "Signature verification error\n");
ERR_print_errors(bio_err);
goto end;
- }
- if (i == 0)
- {
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ }
+ if (i == 0) {
+ BIO_printf(bio_err, "Signature did not match the certificate request\n");
goto end;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
- if ((x=X509_new()) == NULL) goto end;
+ if ((x = X509_new()) == NULL)
+ goto end;
- if (sno == NULL)
- {
+ if (sno == NULL) {
sno = ASN1_INTEGER_new();
if (!sno || !rand_serial(NULL, sno))
goto end;
- if (!X509_set_serialNumber(x, sno))
+ if (!X509_set_serialNumber(x, sno))
goto end;
ASN1_INTEGER_free(sno);
sno = NULL;
- }
- else if (!X509_set_serialNumber(x, sno))
+ } else if (!X509_set_serialNumber(x, sno))
goto end;
- if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
- if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+ if (!X509_set_issuer_name(x, req->req_info->subject))
+ goto end;
+ if (!X509_set_subject_name(x, req->req_info->subject))
+ goto end;
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
+ X509_gmtime_adj(X509_get_notBefore(x), 0);
+ X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
pkey = X509_REQ_get_pubkey(req);
- X509_set_pubkey(x,pkey);
+ X509_set_pubkey(x, pkey);
EVP_PKEY_free(pkey);
- }
- else
- x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
-
- if (x == NULL) goto end;
- if (CA_flag)
- {
- xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
- if (xca == NULL) goto end;
- }
+ } else
+ x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
- if (!noout || text || next_serial)
- {
+ if (x == NULL)
+ goto end;
+ if (CA_flag) {
+ xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
+ if (xca == NULL)
+ goto end;
+ }
+ if (!noout || text || next_serial) {
OBJ_create("2.99999.3",
- "SET.ex3","SET x509v3 extension 3");
+ "SET.ex3", "SET x509v3 extension 3");
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
- }
}
}
+ }
+ if (alias)
+ X509_alias_set1(x, (unsigned char *) alias, -1);
- if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
-
- if (clrtrust) X509_trust_clear(x);
- if (clrreject) X509_reject_clear(x);
+ if (clrtrust)
+ X509_trust_clear(x);
+ if (clrreject)
+ X509_reject_clear(x);
- if (trust)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
- {
+ if (trust) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_add1_trust_object(x, objtmp);
- }
}
-
- if (reject)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
- {
+ }
+ if (reject) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_add1_reject_object(x, objtmp);
- }
}
-
- if (num)
- {
- for (i=1; i<=num; i++)
- {
- if (issuer == i)
- {
+ }
+ if (num) {
+ for (i = 1; i <= num; i++) {
+ if (issuer == i) {
print_name(STDout, "issuer= ",
- X509_get_issuer_name(x), nmflag);
- }
- else if (subject == i)
- {
+ X509_get_issuer_name(x), nmflag);
+ } else if (subject == i) {
print_name(STDout, "subject= ",
- X509_get_subject_name(x), nmflag);
- }
- else if (serial == i)
- {
- BIO_printf(STDout,"serial=");
+ X509_get_subject_name(x), nmflag);
+ } else if (serial == i) {
+ BIO_printf(STDout, "serial=");
i2a_ASN1_INTEGER(STDout,
- X509_get_serialNumber(x));
- BIO_printf(STDout,"\n");
- }
- else if (next_serial == i)
- {
+ X509_get_serialNumber(x));
+ BIO_printf(STDout, "\n");
+ } else if (next_serial == i) {
BIGNUM *bnser;
ASN1_INTEGER *ser;
ser = X509_get_serialNumber(x);
i2a_ASN1_INTEGER(out, ser);
ASN1_INTEGER_free(ser);
BIO_puts(out, "\n");
- }
- else if ((email == i) || (ocsp_uri == i))
- {
+ } else if ((email == i) || (ocsp_uri == i)) {
int j;
- STACK_OF(OPENSSL_STRING) *emlst;
+ STACK_OF(OPENSSL_STRING) * emlst;
if (email == i)
emlst = X509_get1_email(x);
else
emlst = X509_get1_ocsp(x);
for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
BIO_printf(STDout, "%s\n",
- sk_OPENSSL_STRING_value(emlst, j));
+ sk_OPENSSL_STRING_value(emlst, j));
X509_email_free(emlst);
- }
- else if (aliasout == i)
- {
+ } else if (aliasout == i) {
unsigned char *alstr;
alstr = X509_alias_get0(x, NULL);
- if (alstr) BIO_printf(STDout,"%s\n", alstr);
- else BIO_puts(STDout,"<No Alias>\n");
- }
- else if (subject_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
- }
+ if (alstr)
+ BIO_printf(STDout, "%s\n", alstr);
+ else
+ BIO_puts(STDout, "<No Alias>\n");
+ } else if (subject_hash == i) {
+ BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
+ }
#ifndef OPENSSL_NO_MD5
- else if (subject_hash_old == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
- }
+ else if (subject_hash_old == i) {
+ BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
+ }
#endif
- else if (issuer_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
- }
+ else if (issuer_hash == i) {
+ BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
+ }
#ifndef OPENSSL_NO_MD5
- else if (issuer_hash_old == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
- }
+ else if (issuer_hash_old == i) {
+ BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x));
+ }
#endif
- else if (pprint == i)
- {
+ else if (pprint == i) {
X509_PURPOSE *ptmp;
int j;
BIO_printf(STDout, "Certificate purposes:\n");
- for (j = 0; j < X509_PURPOSE_get_count(); j++)
- {
+ for (j = 0; j < X509_PURPOSE_get_count(); j++) {
ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp);
- }
}
- else
- if (modulus == i)
- {
+ } else if (modulus == i) {
EVP_PKEY *pkey;
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Modulus=unavailable\n");
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "Modulus=unavailable\n");
ERR_print_errors(bio_err);
goto end;
- }
- BIO_printf(STDout,"Modulus=");
+ }
+ BIO_printf(STDout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
- BN_print(STDout,pkey->pkey.rsa->n);
+ BN_print(STDout, pkey->pkey.rsa->n);
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
- BN_print(STDout,pkey->pkey.dsa->pub_key);
+ BN_print(STDout, pkey->pkey.dsa->pub_key);
else
#endif
- BIO_printf(STDout,"Wrong Algorithm type");
- BIO_printf(STDout,"\n");
+ BIO_printf(STDout, "Wrong Algorithm type");
+ BIO_printf(STDout, "\n");
EVP_PKEY_free(pkey);
- }
- else
- if (pubkey == i)
- {
+ } else if (pubkey == i) {
EVP_PKEY *pkey;
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
- }
+ }
PEM_write_bio_PUBKEY(STDout, pkey);
EVP_PKEY_free(pkey);
- }
- else
- if (C == i)
- {
+ } else if (C == i) {
unsigned char *d;
char *m;
- int y,z;
+ int y, z;
X509_NAME_oneline(X509_get_subject_name(x),
- buf,sizeof buf);
- BIO_printf(STDout,"/* subject:%s */\n",buf);
- m=X509_NAME_oneline(
- X509_get_issuer_name(x),buf,
- sizeof buf);
- BIO_printf(STDout,"/* issuer :%s */\n",buf);
-
- z=i2d_X509(x,NULL);
- m=malloc(z);
-
- d=(unsigned char *)m;
- z=i2d_X509_NAME(X509_get_subject_name(x),&d);
- BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
- BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
+ buf, sizeof buf);
+ BIO_printf(STDout, "/* subject:%s */\n", buf);
+ m = X509_NAME_oneline(
+ X509_get_issuer_name(x), buf,
+ sizeof buf);
+ BIO_printf(STDout, "/* issuer :%s */\n", buf);
+
+ z = i2d_X509(x, NULL);
+ m = malloc(z);
+
+ d = (unsigned char *) m;
+ z = i2d_X509_NAME(X509_get_subject_name(x), &d);
+ BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n", z);
+ d = (unsigned char *) m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509(x,&d);
- BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- free(m);
- }
- else if (text == i)
- {
- X509_print_ex(STDout,x,nmflag, certflag);
+ BIO_printf(STDout, "\n");
}
- else if (startdate == i)
- {
- BIO_puts(STDout,"notBefore=");
- ASN1_TIME_print(STDout,X509_get_notBefore(x));
- BIO_puts(STDout,"\n");
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+ BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z);
+ d = (unsigned char *) m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout, "\n");
}
- else if (enddate == i)
- {
- BIO_puts(STDout,"notAfter=");
- ASN1_TIME_print(STDout,X509_get_notAfter(x));
- BIO_puts(STDout,"\n");
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ z = i2d_X509(x, &d);
+ BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n", z);
+ d = (unsigned char *) m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout, "\n");
}
- else if (fingerprint == i)
- {
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ free(m);
+ } else if (text == i) {
+ X509_print_ex(STDout, x, nmflag, certflag);
+ } else if (startdate == i) {
+ BIO_puts(STDout, "notBefore=");
+ ASN1_TIME_print(STDout, X509_get_notBefore(x));
+ BIO_puts(STDout, "\n");
+ } else if (enddate == i) {
+ BIO_puts(STDout, "notAfter=");
+ ASN1_TIME_print(STDout, X509_get_notAfter(x));
+ BIO_puts(STDout, "\n");
+ } else if (fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!fdig)
fdig = EVP_sha1();
- if (!X509_digest(x,fdig,md,&n))
- {
- BIO_printf(bio_err,"out of memory\n");
+ if (!X509_digest(x, fdig, md, &n)) {
+ BIO_printf(bio_err, "out of memory\n");
goto end;
- }
- BIO_printf(STDout,"%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(fdig)));
- for (j=0; j<(int)n; j++)
- {
- BIO_printf(STDout,"%02X%c",md[j],
- (j+1 == (int)n)
- ?'\n':':');
- }
}
-
+ BIO_printf(STDout, "%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(fdig)));
+ for (j = 0; j < (int) n; j++) {
+ BIO_printf(STDout, "%02X%c", md[j],
+ (j + 1 == (int) n)
+ ? '\n' : ':');
+ }
+ }
/* should be in the library */
- else if ((sign_flag == i) && (x509req == 0))
- {
- BIO_printf(bio_err,"Getting Private key\n");
- if (Upkey == NULL)
- {
- Upkey=load_key(bio_err,
- keyfile, keyformat, 0,
- passin, e, "Private key");
- if (Upkey == NULL) goto end;
- }
-
+ else if ((sign_flag == i) && (x509req == 0)) {
+ BIO_printf(bio_err, "Getting Private key\n");
+ if (Upkey == NULL) {
+ Upkey = load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "Private key");
+ if (Upkey == NULL)
+ goto end;
+ }
assert(need_rand);
- if (!sign(x,Upkey,days,clrext,digest,
- extconf, extsect)) goto end;
+ if (!sign(x, Upkey, days, clrext, digest,
+ extconf, extsect))
+ goto end;
+ } else if (CA_flag == i) {
+ BIO_printf(bio_err, "Getting CA Private Key\n");
+ if (CAkeyfile != NULL) {
+ CApkey = load_key(bio_err,
+ CAkeyfile, CAkeyformat,
+ 0, passin, e,
+ "CA Private Key");
+ if (CApkey == NULL)
+ goto end;
}
- else if (CA_flag == i)
- {
- BIO_printf(bio_err,"Getting CA Private Key\n");
- if (CAkeyfile != NULL)
- {
- CApkey=load_key(bio_err,
- CAkeyfile, CAkeyformat,
- 0, passin, e,
- "CA Private Key");
- if (CApkey == NULL) goto end;
- }
-
assert(need_rand);
- if (!x509_certify(ctx,CAfile,digest,x,xca,
+ if (!x509_certify(ctx, CAfile, digest, x, xca,
CApkey, sigopts,
- CAserial,CA_createserial,days, clrext,
+ CAserial, CA_createserial, days, clrext,
extconf, extsect, sno))
goto end;
- }
- else if (x509req == i)
- {
+ } else if (x509req == i) {
EVP_PKEY *pk;
- BIO_printf(bio_err,"Getting request Private Key\n");
- if (keyfile == NULL)
- {
- BIO_printf(bio_err,"no request key file specified\n");
+ BIO_printf(bio_err, "Getting request Private Key\n");
+ if (keyfile == NULL) {
+ BIO_printf(bio_err, "no request key file specified\n");
goto end;
- }
- else
- {
- pk=load_key(bio_err,
- keyfile, keyformat, 0,
- passin, e, "request key");
- if (pk == NULL) goto end;
- }
+ } else {
+ pk = load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "request key");
+ if (pk == NULL)
+ goto end;
+ }
- BIO_printf(bio_err,"Generating certificate request\n");
+ BIO_printf(bio_err, "Generating certificate request\n");
- rq=X509_to_X509_REQ(x,pk,digest);
+ rq = X509_to_X509_REQ(x, pk, digest);
EVP_PKEY_free(pk);
- if (rq == NULL)
- {
+ if (rq == NULL) {
ERR_print_errors(bio_err);
goto end;
- }
- if (!noout)
- {
- X509_REQ_print(out,rq);
- PEM_write_bio_X509_REQ(out,rq);
- }
- noout=1;
}
- else if (ocspid == i)
- {
- X509_ocspid_print(out, x);
+ if (!noout) {
+ X509_REQ_print(out, rq);
+ PEM_write_bio_X509_REQ(out, rq);
}
+ noout = 1;
+ } else if (ocspid == i) {
+ X509_ocspid_print(out, x);
}
}
-
- if (checkend)
- {
- time_t tcheck=time(NULL) + checkoffset;
-
- if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
- {
- BIO_printf(out,"Certificate will expire\n");
- ret=1;
- }
- else
- {
- BIO_printf(out,"Certificate will not expire\n");
- ret=0;
- }
- goto end;
+ }
+ if (checkend) {
+ time_t tcheck = time(NULL) + checkoffset;
+
+ if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
+ BIO_printf(out, "Certificate will expire\n");
+ ret = 1;
+ } else {
+ BIO_printf(out, "Certificate will not expire\n");
+ ret = 0;
}
-
- if (noout)
- {
- ret=0;
goto end;
- }
-
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x);
- else if (outformat == FORMAT_PEM)
- {
- if (trustout) i=PEM_write_bio_X509_AUX(out,x);
- else i=PEM_write_bio_X509(out,x);
- }
- else if (outformat == FORMAT_NETSCAPE)
- {
+ }
+ if (noout) {
+ ret = 0;
+ goto end;
+ }
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_bio(out, x);
+ else if (outformat == FORMAT_PEM) {
+ if (trustout)
+ i = PEM_write_bio_X509_AUX(out, x);
+ else
+ i = PEM_write_bio_X509(out, x);
+ } else if (outformat == FORMAT_NETSCAPE) {
NETSCAPE_X509 nx;
ASN1_OCTET_STRING hdr;
- hdr.data=(unsigned char *)NETSCAPE_CERT_HDR;
- hdr.length=strlen(NETSCAPE_CERT_HDR);
- nx.header= &hdr;
- nx.cert=x;
+ hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
+ hdr.length = strlen(NETSCAPE_CERT_HDR);
+ nx.header = &hdr;
+ nx.cert = x;
- i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx);
- }
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
+ i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write certificate\n");
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write certificate\n");
ERR_print_errors(bio_err);
goto end;
- }
- ret=0;
+ }
+ ret = 0;
end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if (passin) free(passin);
+ if (passin)
+ free(passin);
apps_shutdown();
- return(ret);
- }
+ return (ret);
+}
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
- {
+static ASN1_INTEGER *
+x509_load_serial(char *CAfile, char *serialfile, int create)
+{
char *buf = NULL, *p;
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
size_t len;
len = ((serialfile == NULL)
- ?(strlen(CAfile)+strlen(POSTFIX)+1)
- :(strlen(serialfile)))+1;
- buf=malloc(len);
- if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
- if (serialfile == NULL)
- {
- BUF_strlcpy(buf,CAfile,len);
- for (p=buf; *p; p++)
- if (*p == '.')
- {
- *p='\0';
+ ? (strlen(CAfile) + strlen(POSTFIX) + 1)
+ : (strlen(serialfile))) + 1;
+ buf = malloc(len);
+ if (buf == NULL) {
+ BIO_printf(bio_err, "out of mem\n");
+ goto end;
+ }
+ if (serialfile == NULL) {
+ BUF_strlcpy(buf, CAfile, len);
+ for (p = buf; *p; p++)
+ if (*p == '.') {
+ *p = '\0';
break;
- }
- BUF_strlcat(buf,POSTFIX,len);
- }
- else
- BUF_strlcpy(buf,serialfile,len);
+ }
+ BUF_strlcat(buf, POSTFIX, len);
+ } else
+ BUF_strlcpy(buf, serialfile, len);
serial = load_serial(buf, create, NULL);
- if (serial == NULL) goto end;
-
- if (!BN_add_word(serial,1))
- { BIO_printf(bio_err,"add_word failure\n"); goto end; }
+ if (serial == NULL)
+ goto end;
- if (!save_serial(buf, NULL, serial, &bs)) goto end;
+ if (!BN_add_word(serial, 1)) {
+ BIO_printf(bio_err, "add_word failure\n");
+ goto end;
+ }
+ if (!save_serial(buf, NULL, serial, &bs))
+ goto end;
- end:
- if (buf) free(buf);
+end:
+ if (buf)
+ free(buf);
BN_free(serial);
return bs;
- }
+}
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
- X509 *x, X509 *xca, EVP_PKEY *pkey,
- STACK_OF(OPENSSL_STRING) *sigopts,
- char *serialfile, int create,
- int days, int clrext, CONF *conf, char *section,
- ASN1_INTEGER *sno)
- {
- int ret=0;
- ASN1_INTEGER *bs=NULL;
+static int
+x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest,
+ X509 * x, X509 * xca, EVP_PKEY * pkey,
+ STACK_OF(OPENSSL_STRING) * sigopts,
+ char *serialfile, int create,
+ int days, int clrext, CONF * conf, char *section,
+ ASN1_INTEGER * sno)
+{
+ int ret = 0;
+ ASN1_INTEGER *bs = NULL;
X509_STORE_CTX xsc;
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
- EVP_PKEY_copy_parameters(upkey,pkey);
+ EVP_PKEY_copy_parameters(upkey, pkey);
EVP_PKEY_free(upkey);
- if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
- {
- BIO_printf(bio_err,"Error initialising X509 store\n");
+ if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
+ BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
- }
- if (sno) bs = sno;
+ }
+ if (sno)
+ bs = sno;
else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
- /* NOTE: this certificate can/should be self signed, unless it was
- * a certificate request in which case it is not. */
- X509_STORE_CTX_set_cert(&xsc,x);
+ /*
+ * NOTE: this certificate can/should be self signed, unless it was a
+ * certificate request in which case it is not.
+ */
+ X509_STORE_CTX_set_cert(&xsc, x);
X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
if (!reqfile && X509_verify_cert(&xsc) <= 0)
goto end;
- if (!X509_check_private_key(xca,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+ if (!X509_check_private_key(xca, pkey)) {
+ BIO_printf(bio_err, "CA certificate and CA private key do not match\n");
+ goto end;
+ }
+ if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+ goto end;
+ if (!X509_set_serialNumber(x, bs))
goto end;
- }
-
- if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
- if (!X509_set_serialNumber(x,bs)) goto end;
- if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+ if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
goto end;
/* hardwired expired */
- if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto end;
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
-
- if (conf)
- {
+ if (clrext) {
+ while (X509_get_ext_count(x) > 0)
+ X509_delete_ext(x, 0);
+ }
+ if (conf) {
X509V3_CTX ctx2;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx2, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
- }
-
+ X509_set_version(x, 2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx2, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+ goto end;
+ }
if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
goto end;
- ret=1;
+ ret = 1;
end:
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
- if (!sno) ASN1_INTEGER_free(bs);
+ if (!sno)
+ ASN1_INTEGER_free(bs);
return ret;
- }
+}
-static int callb(int ok, X509_STORE_CTX *ctx)
- {
+static int
+callb(int ok, X509_STORE_CTX * ctx)
+{
int err;
X509 *err_cert;
- /* it is ok to use a self signed certificate
- * This case will catch both the initial ok == 0 and the
- * final ok == 1 calls to this function */
- err=X509_STORE_CTX_get_error(ctx);
+ /*
+ * it is ok to use a self signed certificate This case will catch
+ * both the initial ok == 0 and the final ok == 1 calls to this
+ * function
+ */
+ err = X509_STORE_CTX_get_error(ctx);
if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
return 1;
- /* BAD we should have gotten an error. Normally if everything
- * worked X509_STORE_CTX_get_error(ctx) will still be set to
- * DEPTH_ZERO_SELF_.... */
- if (ok)
- {
- BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
+ /*
+ * BAD we should have gotten an error. Normally if everything worked
+ * X509_STORE_CTX_get_error(ctx) will still be set to
+ * DEPTH_ZERO_SELF_....
+ */
+ if (ok) {
+ BIO_printf(bio_err, "error with certificate to be certified - should be self signed\n");
return 0;
- }
- else
- {
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
- BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
- err,X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(err));
+ } else {
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+ BIO_printf(bio_err, "error with certificate - error %d at depth %d\n%s\n",
+ err, X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(err));
return 1;
- }
}
+}
/* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
- CONF *conf, char *section)
- {
+static int
+sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
+ CONF * conf, char *section)
+{
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_save_parameters(pktmp,1);
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_save_parameters(pktmp, 1);
EVP_PKEY_free(pktmp);
- if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
- if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+ if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+ goto err;
+ if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+ goto err;
/* Lets just make it 12:00am GMT, Jan 1 1970 */
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
/* 28 days to be certified */
- if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+ if (X509_gmtime_adj(X509_get_notAfter(x), (long) 60 * 60 * 24 * days) == NULL)
goto err;
- if (!X509_set_pubkey(x,pkey)) goto err;
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
- if (conf)
- {
+ if (!X509_set_pubkey(x, pkey))
+ goto err;
+ if (clrext) {
+ while (X509_get_ext_count(x) > 0)
+ X509_delete_ext(x, 0);
+ }
+ if (conf) {
X509V3_CTX ctx;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
- }
- if (!X509_sign(x,pkey,digest)) goto err;
+ X509_set_version(x, 2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+ goto err;
+ }
+ if (!X509_sign(x, pkey, digest))
+ goto err;
return 1;
err:
ERR_print_errors(bio_err);
return 0;
- }
+}
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+static int
+purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt)
{
int id, i, idret;
char *pname;
id = X509_PURPOSE_get_id(pt);
pname = X509_PURPOSE_get0_name(pt);
- for (i = 0; i < 2; i++)
- {
+ for (i = 0; i < 2; i++) {
idret = X509_check_purpose(cert, id, i);
- BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
- if (idret == 1) BIO_printf(bio, "Yes\n");
- else if (idret == 0) BIO_printf(bio, "No\n");
- else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
- }
+ BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+ if (idret == 1)
+ BIO_printf(bio, "Yes\n");
+ else if (idret == 0)
+ BIO_printf(bio, "No\n");
+ else
+ BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+ }
return 1;
}
projects / openbsd / commitdiff