All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
-/* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: asn1pars.c,v 1.13 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int offset;
char *oidfile;
STACK_OF(OPENSSL_STRING) *osk;
-} asn1pars_config;
+} cfg;
static int
asn1pars_opt_dlimit(char *arg)
{
const char *errstr;
- asn1pars_config.dump = strtonum(arg, 1, INT_MAX, &errstr);
+ cfg.dump = strtonum(arg, 1, INT_MAX, &errstr);
if (errstr) {
fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n",
errstr);
{
const char *errstr;
- asn1pars_config.length = strtonum(arg, 1, UINT_MAX, &errstr);
+ cfg.length = strtonum(arg, 1, UINT_MAX, &errstr);
if (errstr) {
fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n",
errstr);
static int
asn1pars_opt_strparse(char *arg)
{
- if (sk_OPENSSL_STRING_push(asn1pars_config.osk, arg) == 0) {
+ if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) {
fprintf(stderr, "-strparse cannot add argument\n");
return (-1);
}
.desc = "Dump unknown data in hex form",
.type = OPTION_VALUE,
.value = -1,
- .opt.value = &asn1pars_config.dump,
+ .opt.value = &cfg.dump,
},
{
.name = "dlimit",
.argname = "file",
.desc = "File to generate ASN.1 structure from",
.type = OPTION_ARG,
- .opt.arg = &asn1pars_config.genconf,
+ .opt.arg = &cfg.genconf,
},
{
.name = "genstr",
.argname = "string",
.desc = "String to generate ASN.1 structure from",
.type = OPTION_ARG,
- .opt.arg = &asn1pars_config.genstr,
+ .opt.arg = &cfg.genstr,
},
{
.name = "i",
.desc = "Indent output according to depth of structures",
.type = OPTION_FLAG,
- .opt.flag = &asn1pars_config.indent,
+ .opt.flag = &cfg.indent,
},
{
.name = "in",
.argname = "file",
.desc = "The input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &asn1pars_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "fmt",
.desc = "Input format (DER, TXT or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &asn1pars_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "length",
.name = "noout",
.desc = "Do not produce any output",
.type = OPTION_FLAG,
- .opt.flag = &asn1pars_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "offset",
.argname = "num",
.desc = "Offset to begin parsing",
.type = OPTION_ARG_INT,
- .opt.value = &asn1pars_config.offset,
+ .opt.value = &cfg.offset,
},
{
.name = "oid",
.argname = "file",
.desc = "File containing additional object identifiers (OIDs)",
.type = OPTION_ARG,
- .opt.arg = &asn1pars_config.oidfile,
+ .opt.arg = &cfg.oidfile,
},
{
.name = "out",
.argname = "file",
.desc = "Output file in DER format",
.type = OPTION_ARG,
- .opt.arg = &asn1pars_config.derfile,
+ .opt.arg = &cfg.derfile,
},
{
.name = "strparse",
exit(1);
}
- memset(&asn1pars_config, 0, sizeof(asn1pars_config));
+ memset(&cfg, 0, sizeof(cfg));
- asn1pars_config.informat = FORMAT_PEM;
- if ((asn1pars_config.osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+ cfg.informat = FORMAT_PEM;
+ if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
}
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
- if (asn1pars_config.oidfile != NULL) {
- if (BIO_read_filename(in, asn1pars_config.oidfile) <= 0) {
+ if (cfg.oidfile != NULL) {
+ if (BIO_read_filename(in, cfg.oidfile) <= 0) {
BIO_printf(bio_err, "problems opening %s\n",
- asn1pars_config.oidfile);
+ cfg.oidfile);
ERR_print_errors(bio_err);
goto end;
}
OBJ_create_objects(in);
}
- if (asn1pars_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, asn1pars_config.infile) <= 0) {
- perror(asn1pars_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (asn1pars_config.derfile) {
- if (!(derout = BIO_new_file(asn1pars_config.derfile, "wb"))) {
+ if (cfg.derfile) {
+ if (!(derout = BIO_new_file(cfg.derfile, "wb"))) {
BIO_printf(bio_err, "problems opening %s\n",
- asn1pars_config.derfile);
+ cfg.derfile);
ERR_print_errors(bio_err);
goto end;
}
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
- if (asn1pars_config.genstr || asn1pars_config.genconf) {
- num = do_generate(bio_err, asn1pars_config.genstr,
- asn1pars_config.genconf, buf);
+ if (cfg.genstr || cfg.genconf) {
+ num = do_generate(bio_err, cfg.genstr,
+ cfg.genconf, buf);
if (num < 0) {
ERR_print_errors(bio_err);
goto end;
}
} else {
- if (asn1pars_config.informat == FORMAT_PEM) {
+ if (cfg.informat == FORMAT_PEM) {
BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
/* If any structs to parse go through in sequence */
- if (sk_OPENSSL_STRING_num(asn1pars_config.osk)) {
+ if (sk_OPENSSL_STRING_num(cfg.osk)) {
tmpbuf = (unsigned char *) str;
tmplen = num;
- for (i = 0; i < sk_OPENSSL_STRING_num(asn1pars_config.osk);
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk);
i++) {
ASN1_TYPE *atmp;
int typ;
j = strtonum(
- sk_OPENSSL_STRING_value(asn1pars_config.osk, i),
+ sk_OPENSSL_STRING_value(cfg.osk, i),
1, INT_MAX, &errstr);
if (errstr) {
BIO_printf(bio_err,
"'%s' is an invalid number: %s\n",
- sk_OPENSSL_STRING_value(asn1pars_config.osk,
+ sk_OPENSSL_STRING_value(cfg.osk,
i), errstr);
continue;
}
str = (char *) tmpbuf;
num = tmplen;
}
- if (asn1pars_config.offset >= num) {
+ if (cfg.offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n");
goto end;
}
- num -= asn1pars_config.offset;
+ num -= cfg.offset;
- if ((asn1pars_config.length == 0) ||
- ((long)asn1pars_config.length > num))
- asn1pars_config.length = (unsigned int) num;
+ if ((cfg.length == 0) ||
+ ((long)cfg.length > num))
+ cfg.length = (unsigned int) num;
if (derout) {
- if (BIO_write(derout, str + asn1pars_config.offset,
- asn1pars_config.length) != (int)asn1pars_config.length) {
+ if (BIO_write(derout, str + cfg.offset,
+ cfg.length) != (int)cfg.length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
- if (!asn1pars_config.noout &&
+ if (!cfg.noout &&
!ASN1_parse_dump(out,
- (unsigned char *)&(str[asn1pars_config.offset]),
- asn1pars_config.length, asn1pars_config.indent,
- asn1pars_config.dump)) {
+ (unsigned char *)&(str[cfg.offset]),
+ cfg.length, cfg.indent,
+ cfg.dump)) {
ERR_print_errors(bio_err);
goto end;
}
ERR_print_errors(bio_err);
BUF_MEM_free(buf);
ASN1_TYPE_free(at);
- sk_OPENSSL_STRING_free(asn1pars_config.osk);
+ sk_OPENSSL_STRING_free(cfg.osk);
OBJ_cleanup();
return (ret);
-/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *startdate;
char *subj;
int verbose;
-} ca_config;
+} cfg;
static int
ca_opt_chtype_utf8(void)
{
- ca_config.chtype = MBSTRING_UTF8;
+ cfg.chtype = MBSTRING_UTF8;
return (0);
}
static int
ca_opt_crl_ca_compromise(char *arg)
{
- ca_config.rev_arg = arg;
- ca_config.rev_type = REV_CA_COMPROMISE;
+ cfg.rev_arg = arg;
+ cfg.rev_type = REV_CA_COMPROMISE;
return (0);
}
static int
ca_opt_crl_compromise(char *arg)
{
- ca_config.rev_arg = arg;
- ca_config.rev_type = REV_KEY_COMPROMISE;
+ cfg.rev_arg = arg;
+ cfg.rev_type = REV_KEY_COMPROMISE;
return (0);
}
static int
ca_opt_crl_hold(char *arg)
{
- ca_config.rev_arg = arg;
- ca_config.rev_type = REV_HOLD;
+ cfg.rev_arg = arg;
+ cfg.rev_type = REV_HOLD;
return (0);
}
static int
ca_opt_crl_reason(char *arg)
{
- ca_config.rev_arg = arg;
- ca_config.rev_type = REV_CRL_REASON;
+ cfg.rev_arg = arg;
+ cfg.rev_type = REV_CRL_REASON;
return (0);
}
static int
ca_opt_in(char *arg)
{
- ca_config.infile = arg;
- ca_config.req = 1;
+ cfg.infile = arg;
+ cfg.req = 1;
return (0);
}
static int
ca_opt_infiles(int argc, char **argv, int *argsused)
{
- ca_config.infiles_num = argc - 1;
- if (ca_config.infiles_num < 1)
+ cfg.infiles_num = argc - 1;
+ if (cfg.infiles_num < 1)
return (1);
- ca_config.infiles = argv + 1;
- ca_config.req = 1;
+ cfg.infiles = argv + 1;
+ cfg.req = 1;
*argsused = argc;
return (0);
}
static int
ca_opt_revoke(char *arg)
{
- ca_config.infile = arg;
- ca_config.dorevoke = 1;
+ cfg.infile = arg;
+ cfg.dorevoke = 1;
return (0);
}
static int
ca_opt_sigopt(char *arg)
{
- if (ca_config.sigopts == NULL)
- ca_config.sigopts = sk_OPENSSL_STRING_new_null();
- if (ca_config.sigopts == NULL)
+ if (cfg.sigopts == NULL)
+ cfg.sigopts = sk_OPENSSL_STRING_new_null();
+ if (cfg.sigopts == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
return (1);
return (0);
}
static int
ca_opt_spkac(char *arg)
{
- ca_config.spkac_file = arg;
- ca_config.req = 1;
+ cfg.spkac_file = arg;
+ cfg.req = 1;
return (0);
}
static int
ca_opt_ss_cert(char *arg)
{
- ca_config.ss_cert_file = arg;
- ca_config.req = 1;
+ cfg.ss_cert_file = arg;
+ cfg.req = 1;
return (0);
}
.name = "batch",
.desc = "Operate in batch mode",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.batch,
+ .opt.flag = &cfg.batch,
},
{
.name = "cert",
.argname = "file",
.desc = "File containing the CA certificate",
.type = OPTION_ARG,
- .opt.arg = &ca_config.certfile,
+ .opt.arg = &cfg.certfile,
},
{
.name = "config",
.argname = "file",
.desc = "Specify an alternative configuration file",
.type = OPTION_ARG,
- .opt.arg = &ca_config.configfile,
+ .opt.arg = &cfg.configfile,
},
{
.name = "create_serial",
.desc = "If reading serial fails, create a new random serial",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.create_serial,
+ .opt.flag = &cfg.create_serial,
},
{
.name = "crl_CA_compromise",
.argname = "days",
.desc = "Number of days before the next CRL is due",
.type = OPTION_ARG_LONG,
- .opt.lvalue = &ca_config.crldays,
+ .opt.lvalue = &cfg.crldays,
},
{
.name = "crlexts",
.argname = "section",
.desc = "CRL extension section (override value in config file)",
.type = OPTION_ARG,
- .opt.arg = &ca_config.crl_ext,
+ .opt.arg = &cfg.crl_ext,
},
{
.name = "crlhours",
.argname = "hours",
.desc = "Number of hours before the next CRL is due",
.type = OPTION_ARG_LONG,
- .opt.lvalue = &ca_config.crlhours,
+ .opt.lvalue = &cfg.crlhours,
},
{
.name = "crlsec",
.argname = "seconds",
.desc = "Number of seconds before the next CRL is due",
.type = OPTION_ARG_LONG,
- .opt.lvalue = &ca_config.crlsec,
+ .opt.lvalue = &cfg.crlsec,
},
{
.name = "days",
.argname = "arg",
.desc = "Number of days to certify the certificate for",
.type = OPTION_ARG_LONG,
- .opt.lvalue = &ca_config.days,
+ .opt.lvalue = &cfg.days,
},
{
.name = "enddate",
.argname = "YYMMDDHHMMSSZ",
.desc = "Certificate validity notAfter (overrides -days)",
.type = OPTION_ARG,
- .opt.arg = &ca_config.enddate,
+ .opt.arg = &cfg.enddate,
},
{
.name = "extensions",
.argname = "section",
.desc = "Extension section (override value in config file)",
.type = OPTION_ARG,
- .opt.arg = &ca_config.extensions,
+ .opt.arg = &cfg.extensions,
},
{
.name = "extfile",
.argname = "file",
.desc = "Configuration file with X509v3 extentions to add",
.type = OPTION_ARG,
- .opt.arg = &ca_config.extfile,
+ .opt.arg = &cfg.extfile,
},
{
.name = "gencrl",
.desc = "Generate a new CRL",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.gencrl,
+ .opt.flag = &cfg.gencrl,
},
{
.name = "in",
.argname = "password",
.desc = "Key to decode the private key if it is encrypted",
.type = OPTION_ARG,
- .opt.arg = &ca_config.key,
+ .opt.arg = &cfg.key,
},
{
.name = "keyfile",
.argname = "file",
.desc = "Private key file",
.type = OPTION_ARG,
- .opt.arg = &ca_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "keyform",
.argname = "fmt",
.desc = "Private key file format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &ca_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "md",
.argname = "alg",
.desc = "Message digest to use",
.type = OPTION_ARG,
- .opt.arg = &ca_config.md,
+ .opt.arg = &cfg.md,
},
{
.name = "msie_hack",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.msie_hack,
+ .opt.flag = &cfg.msie_hack,
},
{
.name = "multivalue-rdn",
.desc = "Enable support for multivalued RDNs",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.multirdn,
+ .opt.flag = &cfg.multirdn,
},
{
.name = "name",
.argname = "section",
.desc = "Specifies the configuration file section to use",
.type = OPTION_ARG,
- .opt.arg = &ca_config.section,
+ .opt.arg = &cfg.section,
},
{
.name = "noemailDN",
.desc = "Do not add the EMAIL field to the DN",
.type = OPTION_VALUE,
- .opt.value = &ca_config.email_dn,
+ .opt.value = &cfg.email_dn,
.value = 0,
},
{
.name = "notext",
.desc = "Do not print the generated certificate",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.notext,
+ .opt.flag = &cfg.notext,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &ca_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outdir",
.argname = "directory",
.desc = " Directory to output certificates to",
.type = OPTION_ARG,
- .opt.arg = &ca_config.outdir,
+ .opt.arg = &cfg.outdir,
},
{
.name = "passin",
.argname = "src",
.desc = "Private key input password source",
.type = OPTION_ARG,
- .opt.arg = &ca_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "policy",
.argname = "name",
.desc = "The CA 'policy' to support",
.type = OPTION_ARG,
- .opt.arg = &ca_config.policy,
+ .opt.arg = &cfg.policy,
},
{
.name = "preserveDN",
.desc = "Do not re-order the DN",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.preserve,
+ .opt.flag = &cfg.preserve,
},
{
.name = "revoke",
.name = "selfsign",
.desc = "Sign a certificate using the key associated with it",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.selfsign,
+ .opt.flag = &cfg.selfsign,
},
{
.name = "sigopt",
.argname = "YYMMDDHHMMSSZ",
.desc = "Certificate validity notBefore",
.type = OPTION_ARG,
- .opt.arg = &ca_config.startdate,
+ .opt.arg = &cfg.startdate,
},
{
.name = "status",
.argname = "serial",
.desc = "Shows certificate status given the serial number",
.type = OPTION_ARG,
- .opt.arg = &ca_config.serial_status,
+ .opt.arg = &cfg.serial_status,
},
{
.name = "subj",
.argname = "arg",
.desc = "Use arg instead of request's subject",
.type = OPTION_ARG,
- .opt.arg = &ca_config.subj,
+ .opt.arg = &cfg.subj,
},
{
.name = "updatedb",
.desc = "Updates db for expired certificates",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.doupdatedb,
+ .opt.flag = &cfg.doupdatedb,
},
{
.name = "utf8",
.name = "verbose",
.desc = "Verbose output during processing",
.type = OPTION_FLAG,
- .opt.flag = &ca_config.verbose,
+ .opt.flag = &cfg.verbose,
},
{ NULL },
};
exit(1);
}
- memset(&ca_config, 0, sizeof(ca_config));
- ca_config.email_dn = 1;
- ca_config.keyform = FORMAT_PEM;
- ca_config.chtype = MBSTRING_ASC;
- ca_config.rev_type = REV_NONE;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.email_dn = 1;
+ cfg.keyform = FORMAT_PEM;
+ cfg.chtype = MBSTRING_ASC;
+ cfg.rev_type = REV_NONE;
conf = NULL;
/*****************************************************************/
tofree = NULL;
- if (ca_config.configfile == NULL)
- ca_config.configfile = getenv("OPENSSL_CONF");
- if (ca_config.configfile == NULL) {
+ if (cfg.configfile == NULL)
+ cfg.configfile = getenv("OPENSSL_CONF");
+ if (cfg.configfile == NULL) {
if ((tofree = make_config_name()) == NULL) {
BIO_printf(bio_err, "error making config file name\n");
goto err;
}
- ca_config.configfile = tofree;
+ cfg.configfile = tofree;
}
BIO_printf(bio_err, "Using configuration from %s\n",
- ca_config.configfile);
+ cfg.configfile);
conf = NCONF_new(NULL);
- if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) {
+ if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) {
if (errorline <= 0)
BIO_printf(bio_err,
"error loading the config file '%s'\n",
- ca_config.configfile);
+ cfg.configfile);
else
BIO_printf(bio_err,
"error on line %ld of config file '%s'\n",
- errorline, ca_config.configfile);
+ errorline, cfg.configfile);
goto err;
}
free(tofree);
tofree = NULL;
/* Lets get the config section we are using */
- if (ca_config.section == NULL) {
- ca_config.section = NCONF_get_string(conf, BASE_SECTION,
+ if (cfg.section == NULL) {
+ cfg.section = NCONF_get_string(conf, BASE_SECTION,
ENV_DEFAULT_CA);
- if (ca_config.section == NULL) {
+ if (cfg.section == NULL) {
lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
goto err;
}
goto err;
}
}
- f = NCONF_get_string(conf, ca_config.section, STRING_MASK);
+ f = NCONF_get_string(conf, cfg.section, STRING_MASK);
if (f == NULL)
ERR_clear_error();
"Invalid global string mask setting %s\n", f);
goto err;
}
- if (ca_config.chtype != MBSTRING_UTF8) {
- f = NCONF_get_string(conf, ca_config.section, UTF8_IN);
+ if (cfg.chtype != MBSTRING_UTF8) {
+ f = NCONF_get_string(conf, cfg.section, UTF8_IN);
if (f == NULL)
ERR_clear_error();
else if (strcmp(f, "yes") == 0)
- ca_config.chtype = MBSTRING_UTF8;
+ cfg.chtype = MBSTRING_UTF8;
}
db_attr.unique_subject = 1;
- p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT);
+ p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT);
if (p != NULL) {
db_attr.unique_subject = parse_yesno(p, 1);
} else
}
/*****************************************************************/
/* report status of cert with serial number given on command line */
- if (ca_config.serial_status) {
- if ((dbfile = NCONF_get_string(conf, ca_config.section,
+ if (cfg.serial_status) {
+ if ((dbfile = NCONF_get_string(conf, cfg.section,
ENV_DATABASE)) == NULL) {
- lookup_fail(ca_config.section, ENV_DATABASE);
+ lookup_fail(cfg.section, ENV_DATABASE);
goto err;
}
db = load_index(dbfile, &db_attr);
if (!index_index(db))
goto err;
- if (get_certificate_status(ca_config.serial_status, db) != 1)
+ if (get_certificate_status(cfg.serial_status, db) != 1)
BIO_printf(bio_err, "Error verifying serial %s!\n",
- ca_config.serial_status);
+ cfg.serial_status);
goto err;
}
/*****************************************************************/
/* we definitely need a private key, so let's get it */
- if ((ca_config.keyfile == NULL) &&
- ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section,
+ if ((cfg.keyfile == NULL) &&
+ ((cfg.keyfile = NCONF_get_string(conf, cfg.section,
ENV_PRIVATE_KEY)) == NULL)) {
- lookup_fail(ca_config.section, ENV_PRIVATE_KEY);
+ lookup_fail(cfg.section, ENV_PRIVATE_KEY);
goto err;
}
- if (ca_config.key == NULL) {
+ if (cfg.key == NULL) {
free_key = 1;
- if (!app_passwd(bio_err, ca_config.passargin, NULL,
- &ca_config.key, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL,
+ &cfg.key, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
}
- pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0,
- ca_config.key, "CA private key");
- if (ca_config.key != NULL)
- explicit_bzero(ca_config.key, strlen(ca_config.key));
+ pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0,
+ cfg.key, "CA private key");
+ if (cfg.key != NULL)
+ explicit_bzero(cfg.key, strlen(cfg.key));
if (pkey == NULL) {
/* load_key() has already printed an appropriate message */
goto err;
}
/*****************************************************************/
/* we need a certificate */
- if (!ca_config.selfsign || ca_config.spkac_file != NULL ||
- ca_config.ss_cert_file != NULL || ca_config.gencrl) {
- if ((ca_config.certfile == NULL) &&
- ((ca_config.certfile = NCONF_get_string(conf,
- ca_config.section, ENV_CERTIFICATE)) == NULL)) {
- lookup_fail(ca_config.section, ENV_CERTIFICATE);
+ if (!cfg.selfsign || cfg.spkac_file != NULL ||
+ cfg.ss_cert_file != NULL || cfg.gencrl) {
+ if ((cfg.certfile == NULL) &&
+ ((cfg.certfile = NCONF_get_string(conf,
+ cfg.section, ENV_CERTIFICATE)) == NULL)) {
+ lookup_fail(cfg.section, ENV_CERTIFICATE);
goto err;
}
- x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL,
+ x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL,
"CA certificate");
if (x509 == NULL)
goto err;
goto err;
}
}
- if (!ca_config.selfsign)
+ if (!cfg.selfsign)
x509p = x509;
f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- ca_config.preserve = 1;
+ cfg.preserve = 1;
f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- ca_config.msie_hack = 1;
+ cfg.msie_hack = 1;
- f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT);
+ f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT);
if (f != NULL) {
if (!set_name_ex(&nameopt, f)) {
} else
ERR_clear_error();
- f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT);
+ f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT);
if (f != NULL) {
if (!set_cert_ex(&certopt, f)) {
} else
ERR_clear_error();
- f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY);
+ f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY);
if (f != NULL) {
if (!set_ext_copy(&ext_copy, f)) {
/*****************************************************************/
/* lookup where to write new certificates */
- if (ca_config.outdir == NULL && ca_config.req) {
- if ((ca_config.outdir = NCONF_get_string(conf,
- ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) {
+ if (cfg.outdir == NULL && cfg.req) {
+ if ((cfg.outdir = NCONF_get_string(conf,
+ cfg.section, ENV_NEW_CERTS_DIR)) == NULL) {
BIO_printf(bio_err, "output directory %s not defined\n",
ENV_NEW_CERTS_DIR);
goto err;
}
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile = NCONF_get_string(conf, ca_config.section,
+ if ((dbfile = NCONF_get_string(conf, cfg.section,
ENV_DATABASE)) == NULL) {
- lookup_fail(ca_config.section, ENV_DATABASE);
+ lookup_fail(cfg.section, ENV_DATABASE);
goto err;
}
db = load_index(dbfile, &db_attr);
p++;
}
}
- if (ca_config.verbose) {
+ if (cfg.verbose) {
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
TXT_DB_write(out, db->db);
BIO_printf(bio_err, "%d entries loaded from the database\n",
/*****************************************************************/
/* Update the db file for expired certificates */
- if (ca_config.doupdatedb) {
- if (ca_config.verbose)
+ if (cfg.doupdatedb) {
+ if (cfg.verbose)
BIO_printf(bio_err, "Updating %s ...\n", dbfile);
i = do_updatedb(db);
BIO_printf(bio_err, "Malloc failure\n");
goto err;
} else if (i == 0) {
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err,
"No entries found to mark expired\n");
} else {
if (!rotate_index(dbfile, "new", "old"))
goto err;
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err,
"Done. %d entries marked as expired\n", i);
}
}
/*****************************************************************/
/* Read extentions config file */
- if (ca_config.extfile != NULL) {
+ if (cfg.extfile != NULL) {
extconf = NCONF_new(NULL);
- if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) {
+ if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) {
if (errorline <= 0)
BIO_printf(bio_err,
"ERROR: loading the config file '%s'\n",
- ca_config.extfile);
+ cfg.extfile);
else
BIO_printf(bio_err,
"ERROR: on line %ld of config file '%s'\n",
- errorline, ca_config.extfile);
+ errorline, cfg.extfile);
ret = 1;
goto err;
}
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err,
"Successfully loaded extensions file %s\n",
- ca_config.extfile);
+ cfg.extfile);
/* We can have sections in the ext file */
- if (ca_config.extensions == NULL &&
- (ca_config.extensions = NCONF_get_string(extconf, "default",
+ if (cfg.extensions == NULL &&
+ (cfg.extensions = NCONF_get_string(extconf, "default",
"extensions")) == NULL)
- ca_config.extensions = "default";
+ cfg.extensions = "default";
}
/*****************************************************************/
- if (ca_config.req || ca_config.gencrl) {
- if (ca_config.outfile != NULL) {
- if (BIO_write_filename(Sout, ca_config.outfile) <= 0) {
- perror(ca_config.outfile);
+ if (cfg.req || cfg.gencrl) {
+ if (cfg.outfile != NULL) {
+ if (BIO_write_filename(Sout, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto err;
}
} else {
BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
}
}
- if ((ca_config.md == NULL) &&
- ((ca_config.md = NCONF_get_string(conf, ca_config.section,
+ if ((cfg.md == NULL) &&
+ ((cfg.md = NCONF_get_string(conf, cfg.section,
ENV_DEFAULT_MD)) == NULL)) {
- lookup_fail(ca_config.section, ENV_DEFAULT_MD);
+ lookup_fail(cfg.section, ENV_DEFAULT_MD);
goto err;
}
- if (strcmp(ca_config.md, "default") == 0) {
+ if (strcmp(cfg.md, "default") == 0) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
BIO_puts(bio_err, "no default digest\n");
goto err;
}
- ca_config.md = (char *) OBJ_nid2sn(def_nid);
- if (ca_config.md == NULL)
+ cfg.md = (char *) OBJ_nid2sn(def_nid);
+ if (cfg.md == NULL)
goto err;
}
- if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) {
+ if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
BIO_printf(bio_err,
- "%s is an unsupported message digest type\n", ca_config.md);
+ "%s is an unsupported message digest type\n", cfg.md);
goto err;
}
- if (ca_config.req) {
- if ((ca_config.email_dn == 1) &&
- ((tmp_email_dn = NCONF_get_string(conf, ca_config.section,
+ if (cfg.req) {
+ if ((cfg.email_dn == 1) &&
+ ((tmp_email_dn = NCONF_get_string(conf, cfg.section,
ENV_DEFAULT_EMAIL_DN)) != NULL)) {
if (strcmp(tmp_email_dn, "no") == 0)
- ca_config.email_dn = 0;
+ cfg.email_dn = 0;
}
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "message digest is %s\n",
OBJ_nid2ln(EVP_MD_type(dgst)));
- if ((ca_config.policy == NULL) &&
- ((ca_config.policy = NCONF_get_string(conf,
- ca_config.section, ENV_POLICY)) == NULL)) {
- lookup_fail(ca_config.section, ENV_POLICY);
+ if ((cfg.policy == NULL) &&
+ ((cfg.policy = NCONF_get_string(conf,
+ cfg.section, ENV_POLICY)) == NULL)) {
+ lookup_fail(cfg.section, ENV_POLICY);
goto err;
}
- if (ca_config.verbose)
- BIO_printf(bio_err, "policy is %s\n", ca_config.policy);
+ if (cfg.verbose)
+ BIO_printf(bio_err, "policy is %s\n", cfg.policy);
- if ((serialfile = NCONF_get_string(conf, ca_config.section,
+ if ((serialfile = NCONF_get_string(conf, cfg.section,
ENV_SERIAL)) == NULL) {
- lookup_fail(ca_config.section, ENV_SERIAL);
+ lookup_fail(cfg.section, ENV_SERIAL);
goto err;
}
if (extconf == NULL) {
* no '-extfile' option, so we look for extensions in
* the main configuration file
*/
- if (ca_config.extensions == NULL) {
- ca_config.extensions = NCONF_get_string(conf,
- ca_config.section, ENV_EXTENSIONS);
- if (ca_config.extensions == NULL)
+ if (cfg.extensions == NULL) {
+ cfg.extensions = NCONF_get_string(conf,
+ cfg.section, ENV_EXTENSIONS);
+ if (cfg.extensions == NULL)
ERR_clear_error();
}
- if (ca_config.extensions != NULL) {
+ if (cfg.extensions != NULL) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx,
- ca_config.extensions, NULL)) {
+ cfg.extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
- ca_config.extensions);
+ cfg.extensions);
ret = 1;
goto err;
}
}
}
- if (ca_config.startdate == NULL) {
- ca_config.startdate = NCONF_get_string(conf,
- ca_config.section, ENV_DEFAULT_STARTDATE);
- if (ca_config.startdate == NULL)
+ if (cfg.startdate == NULL) {
+ cfg.startdate = NCONF_get_string(conf,
+ cfg.section, ENV_DEFAULT_STARTDATE);
+ if (cfg.startdate == NULL)
ERR_clear_error();
}
- if (ca_config.startdate == NULL)
- ca_config.startdate = "today";
+ if (cfg.startdate == NULL)
+ cfg.startdate = "today";
- if (ca_config.enddate == NULL) {
- ca_config.enddate = NCONF_get_string(conf,
- ca_config.section, ENV_DEFAULT_ENDDATE);
- if (ca_config.enddate == NULL)
+ if (cfg.enddate == NULL) {
+ cfg.enddate = NCONF_get_string(conf,
+ cfg.section, ENV_DEFAULT_ENDDATE);
+ if (cfg.enddate == NULL)
ERR_clear_error();
}
- if (ca_config.days == 0 && ca_config.enddate == NULL) {
- if (!NCONF_get_number(conf, ca_config.section,
- ENV_DEFAULT_DAYS, &ca_config.days))
- ca_config.days = 0;
+ if (cfg.days == 0 && cfg.enddate == NULL) {
+ if (!NCONF_get_number(conf, cfg.section,
+ ENV_DEFAULT_DAYS, &cfg.days))
+ cfg.days = 0;
}
- if (ca_config.enddate == NULL && ca_config.days == 0) {
+ if (cfg.enddate == NULL && cfg.days == 0) {
BIO_printf(bio_err,
"cannot lookup how many days to certify for\n");
goto err;
}
- if ((serial = load_serial(serialfile, ca_config.create_serial,
+ if ((serial = load_serial(serialfile, cfg.create_serial,
NULL)) == NULL) {
BIO_printf(bio_err,
"error while loading serial number\n");
goto err;
}
- if (ca_config.verbose) {
+ if (cfg.verbose) {
if (BN_is_zero(serial))
BIO_printf(bio_err,
"next serial number is 00\n");
free(f);
}
}
- if ((attribs = NCONF_get_section(conf, ca_config.policy)) ==
+ if ((attribs = NCONF_get_section(conf, cfg.policy)) ==
NULL) {
BIO_printf(bio_err, "unable to find 'section' for %s\n",
- ca_config.policy);
+ cfg.policy);
goto err;
}
if ((cert_sk = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
- if (ca_config.spkac_file != NULL) {
+ if (cfg.spkac_file != NULL) {
total++;
- j = certify_spkac(&x, ca_config.spkac_file, pkey, x509,
- dgst, ca_config.sigopts, attribs, db, serial,
- ca_config.subj, ca_config.chtype,
- ca_config.multirdn, ca_config.email_dn,
- ca_config.startdate, ca_config.enddate,
- ca_config.days, ca_config.extensions, conf,
- ca_config.verbose, certopt, nameopt, default_op,
+ j = certify_spkac(&x, cfg.spkac_file, pkey, x509,
+ dgst, cfg.sigopts, attribs, db, serial,
+ cfg.subj, cfg.chtype,
+ cfg.multirdn, cfg.email_dn,
+ cfg.startdate, cfg.enddate,
+ cfg.days, cfg.extensions, conf,
+ cfg.verbose, certopt, nameopt, default_op,
ext_copy);
if (j < 0)
goto err;
"Memory allocation failure\n");
goto err;
}
- if (ca_config.outfile != NULL) {
+ if (cfg.outfile != NULL) {
output_der = 1;
- ca_config.batch = 1;
+ cfg.batch = 1;
}
}
}
- if (ca_config.ss_cert_file != NULL) {
+ if (cfg.ss_cert_file != NULL) {
total++;
- j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509,
- dgst, ca_config.sigopts, attribs, db, serial,
- ca_config.subj, ca_config.chtype,
- ca_config.multirdn, ca_config.email_dn,
- ca_config.startdate, ca_config.enddate,
- ca_config.days, ca_config.batch,
- ca_config.extensions, conf, ca_config.verbose,
+ j = certify_cert(&x, cfg.ss_cert_file, pkey, x509,
+ dgst, cfg.sigopts, attribs, db, serial,
+ cfg.subj, cfg.chtype,
+ cfg.multirdn, cfg.email_dn,
+ cfg.startdate, cfg.enddate,
+ cfg.days, cfg.batch,
+ cfg.extensions, conf, cfg.verbose,
certopt, nameopt, default_op, ext_copy);
if (j < 0)
goto err;
}
}
}
- if (ca_config.infile != NULL) {
+ if (cfg.infile != NULL) {
total++;
- j = certify(&x, ca_config.infile, pkey, x509p, dgst,
- ca_config.sigopts, attribs, db, serial,
- ca_config.subj, ca_config.chtype,
- ca_config.multirdn, ca_config.email_dn,
- ca_config.startdate, ca_config.enddate,
- ca_config.days, ca_config.batch,
- ca_config.extensions, conf, ca_config.verbose,
+ j = certify(&x, cfg.infile, pkey, x509p, dgst,
+ cfg.sigopts, attribs, db, serial,
+ cfg.subj, cfg.chtype,
+ cfg.multirdn, cfg.email_dn,
+ cfg.startdate, cfg.enddate,
+ cfg.days, cfg.batch,
+ cfg.extensions, conf, cfg.verbose,
certopt, nameopt, default_op, ext_copy,
- ca_config.selfsign);
+ cfg.selfsign);
if (j < 0)
goto err;
if (j > 0) {
}
}
}
- for (i = 0; i < ca_config.infiles_num; i++) {
+ for (i = 0; i < cfg.infiles_num; i++) {
total++;
- j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst,
- ca_config.sigopts, attribs, db, serial,
- ca_config.subj, ca_config.chtype,
- ca_config.multirdn, ca_config.email_dn,
- ca_config.startdate, ca_config.enddate,
- ca_config.days, ca_config.batch,
- ca_config.extensions, conf, ca_config.verbose,
+ j = certify(&x, cfg.infiles[i], pkey, x509p, dgst,
+ cfg.sigopts, attribs, db, serial,
+ cfg.subj, cfg.chtype,
+ cfg.multirdn, cfg.email_dn,
+ cfg.startdate, cfg.enddate,
+ cfg.days, cfg.batch,
+ cfg.extensions, conf, cfg.verbose,
certopt, nameopt, default_op, ext_copy,
- ca_config.selfsign);
+ cfg.selfsign);
if (j < 0)
goto err;
if (j > 0) {
*/
if (sk_X509_num(cert_sk) > 0) {
- if (!ca_config.batch) {
+ if (!cfg.batch) {
char answer[10];
BIO_printf(bio_err,
if (!save_index(dbfile, "new", db))
goto err;
}
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "writing new certificates\n");
for (i = 0; i < sk_X509_num(cert_sk); i++) {
ASN1_INTEGER *serialNumber;
serialstr = strdup("00");
if (serialstr != NULL) {
k = snprintf(pempath, sizeof(pempath),
- "%s/%s.pem", ca_config.outdir, serialstr);
+ "%s/%s.pem", cfg.outdir, serialstr);
free(serialstr);
if (k < 0 || k >= sizeof(pempath)) {
BIO_printf(bio_err,
"memory allocation failed\n");
goto err;
}
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "writing %s\n", pempath);
if (BIO_write_filename(Cout, pempath) <= 0) {
goto err;
}
if (!write_new_certificate(Cout, x, 0,
- ca_config.notext))
+ cfg.notext))
goto err;
if (!write_new_certificate(Sout, x, output_der,
- ca_config.notext))
+ cfg.notext))
goto err;
}
}
}
/*****************************************************************/
- if (ca_config.gencrl) {
+ if (cfg.gencrl) {
int crl_v2 = 0;
- if (ca_config.crl_ext == NULL) {
- ca_config.crl_ext = NCONF_get_string(conf,
- ca_config.section, ENV_CRLEXT);
- if (ca_config.crl_ext == NULL)
+ if (cfg.crl_ext == NULL) {
+ cfg.crl_ext = NCONF_get_string(conf,
+ cfg.section, ENV_CRLEXT);
+ if (cfg.crl_ext == NULL)
ERR_clear_error();
}
- if (ca_config.crl_ext != NULL) {
+ if (cfg.crl_ext != NULL) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext,
+ if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext,
NULL)) {
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
- ca_config.crl_ext);
+ cfg.crl_ext);
ret = 1;
goto err;
}
}
- if ((crlnumberfile = NCONF_get_string(conf, ca_config.section,
+ if ((crlnumberfile = NCONF_get_string(conf, cfg.section,
ENV_CRLNUMBER)) != NULL)
if ((crlnumber = load_serial(crlnumberfile, 0,
NULL)) == NULL) {
"error while loading CRL number\n");
goto err;
}
- if (!ca_config.crldays && !ca_config.crlhours &&
- !ca_config.crlsec) {
- if (!NCONF_get_number(conf, ca_config.section,
- ENV_DEFAULT_CRL_DAYS, &ca_config.crldays))
- ca_config.crldays = 0;
- if (!NCONF_get_number(conf, ca_config.section,
- ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours))
- ca_config.crlhours = 0;
+ if (!cfg.crldays && !cfg.crlhours &&
+ !cfg.crlsec) {
+ if (!NCONF_get_number(conf, cfg.section,
+ ENV_DEFAULT_CRL_DAYS, &cfg.crldays))
+ cfg.crldays = 0;
+ if (!NCONF_get_number(conf, cfg.section,
+ ENV_DEFAULT_CRL_HOURS, &cfg.crlhours))
+ cfg.crlhours = 0;
ERR_clear_error();
}
- if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) &&
- (ca_config.crlsec == 0)) {
+ if ((cfg.crldays == 0) && (cfg.crlhours == 0) &&
+ (cfg.crlsec == 0)) {
BIO_printf(bio_err,
"cannot lookup how long until the next CRL is issued\n");
goto err;
}
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "making CRL\n");
if ((crl = X509_CRL_new()) == NULL)
goto err;
goto err;
if (!X509_CRL_set_lastUpdate(crl, tmptm))
goto err;
- if (X509_time_adj_ex(tmptm, ca_config.crldays,
- ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==
+ if (X509_time_adj_ex(tmptm, cfg.crldays,
+ cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) ==
NULL) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto err;
X509_CRL_sort(crl);
/* we now have a CRL */
- if (ca_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "signing CRL\n");
/* Add any extensions asked for */
- if (ca_config.crl_ext != NULL || crlnumberfile != NULL) {
+ if (cfg.crl_ext != NULL || crlnumberfile != NULL) {
X509V3_CTX crlctx;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_nconf(&crlctx, conf);
- if (ca_config.crl_ext != NULL)
+ if (cfg.crl_ext != NULL)
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- ca_config.crl_ext, crl))
+ cfg.crl_ext, crl))
goto err;
if (crlnumberfile != NULL) {
tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
goto err;
}
}
- if (ca_config.crl_ext != NULL || crl_v2) {
+ if (cfg.crl_ext != NULL || crl_v2) {
if (!X509_CRL_set_version(crl, 1))
goto err; /* version 2 CRL */
}
crlnumber = NULL;
if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
- ca_config.sigopts))
+ cfg.sigopts))
goto err;
if (!PEM_write_bio_X509_CRL(Sout, crl))
}
/*****************************************************************/
- if (ca_config.dorevoke) {
- if (ca_config.infile == NULL) {
+ if (cfg.dorevoke) {
+ if (cfg.infile == NULL) {
BIO_printf(bio_err, "no input files\n");
goto err;
} else {
X509 *revcert;
- revcert = load_cert(bio_err, ca_config.infile,
- FORMAT_PEM, NULL, ca_config.infile);
+ revcert = load_cert(bio_err, cfg.infile,
+ FORMAT_PEM, NULL, cfg.infile);
if (revcert == NULL)
goto err;
- j = do_revoke(revcert, db, ca_config.rev_type,
- ca_config.rev_arg);
+ j = do_revoke(revcert, db, cfg.rev_type,
+ cfg.rev_arg);
if (j <= 0)
goto err;
X509_free(revcert);
if (ret)
ERR_print_errors(bio_err);
if (free_key)
- free(ca_config.key);
+ free(cfg.key);
BN_free(serial);
BN_free(crlnumber);
free_index(db);
- sk_OPENSSL_STRING_free(ca_config.sigopts);
+ sk_OPENSSL_STRING_free(cfg.sigopts);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
if (obj == NULL)
goto err;
- if (ca_config.msie_hack) {
+ if (cfg.msie_hack) {
/* assume all type should be strings */
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
if (nid == NID_undef)
}
}
- if (ca_config.preserve) {
+ if (cfg.preserve) {
X509_NAME_free(subject);
/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
subject = X509_NAME_dup(name);
-/* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */
/*
* Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
*
static struct {
int dryrun;
int verbose;
-} certhash_config;
+} cfg;
static const struct option certhash_options[] = {
{
.name = "n",
.desc = "Perform a dry-run - do not make any changes",
.type = OPTION_FLAG,
- .opt.flag = &certhash_config.dryrun,
+ .opt.flag = &cfg.dryrun,
},
{
.name = "v",
.desc = "Verbose",
.type = OPTION_FLAG,
- .opt.flag = &certhash_config.verbose,
+ .opt.flag = &cfg.verbose,
},
{ NULL },
};
goto err;
}
- if (certhash_config.verbose)
+ if (cfg.verbose)
fprintf(stdout, "scanning directory %s\n", path);
/* Create lists of existing hash links, certs and CRLs. */
if (link->exists == 0 ||
(link->reference != NULL && link->changed == 0))
continue;
- if (certhash_config.verbose)
+ if (cfg.verbose)
fprintf(stdout, "%s link %s -> %s\n",
- (certhash_config.dryrun ? "would remove" :
+ (cfg.dryrun ? "would remove" :
"removing"), link->filename, link->target);
- if (certhash_config.dryrun)
+ if (cfg.dryrun)
continue;
if (unlink(link->filename) == -1) {
fprintf(stderr, "failed to remove link %s\n",
for (link = links; link != NULL; link = link->next) {
if (link->exists == 1 && link->changed == 0)
continue;
- if (certhash_config.verbose)
+ if (cfg.verbose)
fprintf(stdout, "%s link %s -> %s\n",
- (certhash_config.dryrun ? "would create" :
+ (cfg.dryrun ? "would create" :
"creating"), link->filename,
link->reference->filename);
- if (certhash_config.dryrun)
+ if (cfg.dryrun)
continue;
if (symlink(link->reference->filename, link->filename) == -1) {
fprintf(stderr, "failed to create link %s -> %s\n",
exit(1);
}
- memset(&certhash_config, 0, sizeof(certhash_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) {
certhash_usage();
-/* $OpenBSD: ciphers.c,v 1.17 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: ciphers.c,v 1.18 2023/03/06 14:32:05 tb Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
int use_supported;
int verbose;
int version;
-} ciphers_config;
+} cfg;
static const struct option ciphers_options[] = {
{
.name = "h",
.type = OPTION_FLAG,
- .opt.flag = &ciphers_config.usage,
+ .opt.flag = &cfg.usage,
},
{
.name = "?",
.type = OPTION_FLAG,
- .opt.flag = &ciphers_config.usage,
+ .opt.flag = &cfg.usage,
},
{
.name = "s",
.desc = "Only list ciphers that are supported by the TLS method",
.type = OPTION_FLAG,
- .opt.flag = &ciphers_config.use_supported,
+ .opt.flag = &cfg.use_supported,
},
{
.name = "tls1",
.desc = "Use TLS protocol version 1",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.version,
+ .opt.value = &cfg.version,
.value = TLS1_VERSION,
},
{
.name = "tls1_1",
.desc = "Use TLS protocol version 1.1",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.version,
+ .opt.value = &cfg.version,
.value = TLS1_1_VERSION,
},
{
.name = "tls1_2",
.desc = "Use TLS protocol version 1.2",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.version,
+ .opt.value = &cfg.version,
.value = TLS1_2_VERSION,
},
{
.name = "tls1_3",
.desc = "Use TLS protocol version 1.3",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.version,
+ .opt.value = &cfg.version,
.value = TLS1_3_VERSION,
},
{
.name = "v",
.desc = "Provide cipher listing",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.verbose,
+ .opt.value = &cfg.verbose,
.value = 1,
},
{
.name = "V",
.desc = "Provide cipher listing with cipher suite values",
.type = OPTION_VALUE,
- .opt.value = &ciphers_config.verbose,
+ .opt.value = &cfg.verbose,
.value = 2,
},
{ NULL },
exit(1);
}
- memset(&ciphers_config, 0, sizeof(ciphers_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, ciphers_options, &cipherlist,
NULL) != 0) {
return (1);
}
- if (ciphers_config.usage) {
+ if (cfg.usage) {
ciphers_usage();
return (1);
}
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
goto err;
- if (ciphers_config.version != 0) {
+ if (cfg.version != 0) {
if (!SSL_CTX_set_min_proto_version(ssl_ctx,
- ciphers_config.version))
+ cfg.version))
goto err;
if (!SSL_CTX_set_max_proto_version(ssl_ctx,
- ciphers_config.version))
+ cfg.version))
goto err;
}
if ((ssl = SSL_new(ssl_ctx)) == NULL)
goto err;
- if (ciphers_config.use_supported) {
+ if (cfg.use_supported) {
if ((supported_ciphers =
SSL_get1_supported_ciphers(ssl)) == NULL)
goto err;
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
cipher = sk_SSL_CIPHER_value(ciphers, i);
- if (ciphers_config.verbose == 0) {
+ if (cfg.verbose == 0) {
fprintf(stdout, "%s%s", (i ? ":" : ""),
SSL_CIPHER_get_name(cipher));
continue;
}
- if (ciphers_config.verbose > 1) {
+ if (cfg.verbose > 1) {
value = SSL_CIPHER_get_value(cipher);
fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "",
((value >> 8) & 0xff), (value & 0xff));
fprintf(stdout, "%s", desc);
free(desc);
}
- if (ciphers_config.verbose == 0)
+ if (cfg.verbose == 0)
fprintf(stdout, "\n");
goto done;
-/* $OpenBSD: cms.c,v 1.32 2023/03/05 13:08:22 tb Exp $ */
+/* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
char *to;
int verify_retcode;
X509_VERIFY_PARAM *vpm;
-} cms_config;
+} cfg;
static const EVP_CIPHER *
get_cipher_by_name(char *name)
if (*name++ != '-')
return (1);
- if ((cms_config.cipher = get_cipher_by_name(name)) == NULL)
- if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL)
+ if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
+ if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
return (1);
*argsused = 1;
static int
cms_opt_econtent_type(char *arg)
{
- ASN1_OBJECT_free(cms_config.econtent_type);
+ ASN1_OBJECT_free(cfg.econtent_type);
- if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {
+ if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {
BIO_printf(bio_err, "Invalid OID %s\n", arg);
return (1);
}
static int
cms_opt_inkey(char *arg)
{
- if (cms_config.keyfile == NULL) {
- cms_config.keyfile = arg;
+ if (cfg.keyfile == NULL) {
+ cfg.keyfile = arg;
return (0);
}
- if (cms_config.signerfile == NULL) {
+ if (cfg.signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
return (1);
}
- if (cms_config.sksigners == NULL)
- cms_config.sksigners = sk_OPENSSL_STRING_new_null();
- if (cms_config.sksigners == NULL)
+ if (cfg.sksigners == NULL)
+ cfg.sksigners = sk_OPENSSL_STRING_new_null();
+ if (cfg.sksigners == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
return (1);
- cms_config.signerfile = NULL;
+ cfg.signerfile = NULL;
- if (cms_config.skkeys == NULL)
- cms_config.skkeys = sk_OPENSSL_STRING_new_null();
- if (cms_config.skkeys == NULL)
+ if (cfg.skkeys == NULL)
+ cfg.skkeys = sk_OPENSSL_STRING_new_null();
+ if (cfg.skkeys == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile))
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
return (1);
- cms_config.keyfile = arg;
+ cfg.keyfile = arg;
return (0);
}
{
int keyidx = -1;
- if (cms_config.operation == SMIME_ENCRYPT) {
- if (cms_config.encerts != NULL)
- keyidx += sk_X509_num(cms_config.encerts);
+ if (cfg.operation == SMIME_ENCRYPT) {
+ if (cfg.encerts != NULL)
+ keyidx += sk_X509_num(cfg.encerts);
} else {
- if (cms_config.keyfile != NULL || cms_config.signerfile != NULL)
+ if (cfg.keyfile != NULL || cfg.signerfile != NULL)
keyidx++;
- if (cms_config.skkeys != NULL)
- keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys);
+ if (cfg.skkeys != NULL)
+ keyidx += sk_OPENSSL_STRING_num(cfg.skkeys);
}
if (keyidx < 0) {
return (1);
}
- if (cms_config.key_param == NULL ||
- cms_config.key_param->idx != keyidx) {
+ if (cfg.key_param == NULL ||
+ cfg.key_param->idx != keyidx) {
struct cms_key_param *nparam;
if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL)
}
nparam->next = NULL;
- if (cms_config.key_first == NULL)
- cms_config.key_first = nparam;
+ if (cfg.key_first == NULL)
+ cfg.key_first = nparam;
else
- cms_config.key_param->next = nparam;
+ cfg.key_param->next = nparam;
- cms_config.key_param = nparam;
+ cfg.key_param = nparam;
}
- if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg))
return (1);
return (0);
static int
cms_opt_md(char *arg)
{
- if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) {
+ if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
BIO_printf(bio_err, "Unknown digest %s\n", arg);
return (1);
}
static int
cms_opt_print(void)
{
- cms_config.noout = 1;
- cms_config.print = 1;
+ cfg.noout = 1;
+ cfg.print = 1;
return (0);
}
static int
cms_opt_pwri_pass(char *arg)
{
- cms_config.pwri_pass = (unsigned char *)arg;
+ cfg.pwri_pass = (unsigned char *)arg;
return (0);
}
static int
cms_opt_recip(char *arg)
{
- if (cms_config.operation == SMIME_ENCRYPT) {
- if (cms_config.encerts == NULL) {
- if ((cms_config.encerts = sk_X509_new_null()) == NULL)
+ if (cfg.operation == SMIME_ENCRYPT) {
+ if (cfg.encerts == NULL) {
+ if ((cfg.encerts = sk_X509_new_null()) == NULL)
return (1);
}
- cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM,
+ cfg.cert = load_cert(bio_err, arg, FORMAT_PEM,
NULL, "recipient certificate file");
- if (cms_config.cert == NULL)
+ if (cfg.cert == NULL)
return (1);
- if (!sk_X509_push(cms_config.encerts, cms_config.cert))
+ if (!sk_X509_push(cfg.encerts, cfg.cert))
return (1);
- cms_config.cert = NULL;
+ cfg.cert = NULL;
} else {
- cms_config.recipfile = arg;
+ cfg.recipfile = arg;
}
return (0);
}
static int
cms_opt_receipt_request_from(char *arg)
{
- if (cms_config.rr_from == NULL)
- cms_config.rr_from = sk_OPENSSL_STRING_new_null();
- if (cms_config.rr_from == NULL)
+ if (cfg.rr_from == NULL)
+ cfg.rr_from = sk_OPENSSL_STRING_new_null();
+ if (cfg.rr_from == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg))
return (1);
return (0);
static int
cms_opt_receipt_request_to(char *arg)
{
- if (cms_config.rr_to == NULL)
- cms_config.rr_to = sk_OPENSSL_STRING_new_null();
- if (cms_config.rr_to == NULL)
+ if (cfg.rr_to == NULL)
+ cfg.rr_to = sk_OPENSSL_STRING_new_null();
+ if (cfg.rr_to == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg))
return (1);
return (0);
{
long ltmp;
- free(cms_config.secret_key);
+ free(cfg.secret_key);
- if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL) {
+ if ((cfg.secret_key = string_to_hex(arg, <mp)) == NULL) {
BIO_printf(bio_err, "Invalid key %s\n", arg);
return (1);
}
- cms_config.secret_keylen = (size_t)ltmp;
+ cfg.secret_keylen = (size_t)ltmp;
return (0);
}
{
long ltmp;
- free(cms_config.secret_keyid);
+ free(cfg.secret_keyid);
- if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL) {
+ if ((cfg.secret_keyid = string_to_hex(arg, <mp)) == NULL) {
BIO_printf(bio_err, "Invalid id %s\n", arg);
return (1);
}
- cms_config.secret_keyidlen = (size_t)ltmp;
+ cfg.secret_keyidlen = (size_t)ltmp;
return (0);
}
static int
cms_opt_signer(char *arg)
{
- if (cms_config.signerfile == NULL) {
- cms_config.signerfile = arg;
+ if (cfg.signerfile == NULL) {
+ cfg.signerfile = arg;
return (0);
}
- if (cms_config.sksigners == NULL)
- cms_config.sksigners = sk_OPENSSL_STRING_new_null();
- if (cms_config.sksigners == NULL)
+ if (cfg.sksigners == NULL)
+ cfg.sksigners = sk_OPENSSL_STRING_new_null();
+ if (cfg.sksigners == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
return (1);
- if (cms_config.keyfile == NULL)
- cms_config.keyfile = cms_config.signerfile;
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
- if (cms_config.skkeys == NULL)
- cms_config.skkeys = sk_OPENSSL_STRING_new_null();
- if (cms_config.skkeys == NULL)
+ if (cfg.skkeys == NULL)
+ cfg.skkeys = sk_OPENSSL_STRING_new_null();
+ if (cfg.skkeys == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile))
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
return (1);
- cms_config.keyfile = NULL;
+ cfg.keyfile = NULL;
- cms_config.signerfile = arg;
+ cfg.signerfile = arg;
return (0);
}
int oargc = argc;
int badarg = 0;
- if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm))
+ if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
return (1);
if (badarg)
return (1);
static int
cms_opt_verify_receipt(char *arg)
{
- cms_config.operation = SMIME_VERIFY_RECEIPT;
- cms_config.rctfile = arg;
+ cfg.operation = SMIME_VERIFY_RECEIPT;
+ cfg.rctfile = arg;
return (0);
}
.argname = "file",
.desc = "Certificate Authority file",
.type = OPTION_ARG,
- .opt.arg = &cms_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "path",
.desc = "Certificate Authority path",
.type = OPTION_ARG,
- .opt.arg = &cms_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "binary",
.desc = "Do not translate message to text",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_BINARY,
},
{
.argname = "file",
.desc = "Other certificates file",
.type = OPTION_ARG,
- .opt.arg = &cms_config.certfile,
+ .opt.arg = &cfg.certfile,
},
{
.name = "certsout",
.argname = "file",
.desc = "Certificate output file",
.type = OPTION_ARG,
- .opt.arg = &cms_config.certsoutfile,
+ .opt.arg = &cfg.certsoutfile,
},
{
.name = "cmsout",
.desc = "Output CMS structure",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_CMSOUT,
},
{
.name = "compress",
.desc = "Create CMS CompressedData type",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_COMPRESS,
},
{
.argname = "file",
.desc = "Supply or override content for detached signature",
.type = OPTION_ARG,
- .opt.arg = &cms_config.contfile,
+ .opt.arg = &cfg.contfile,
},
{
.name = "crlfeol",
.desc = "Use CRLF as EOL termination instead of CR only",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_CRLFEOL,
},
{
.name = "data_create",
.desc = "Create CMS Data type",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DATA_CREATE,
},
{
.name = "data_out",
.desc = "Output content from the input CMS Data type",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DATAOUT,
},
{
.name = "debug_decrypt",
.desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_DEBUG_DECRYPT,
},
{
.name = "decrypt",
.desc = "Decrypt encrypted message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DECRYPT,
},
{
.name = "digest_create",
.desc = "Create CMS DigestedData type",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DIGEST_CREATE,
},
{
.name = "digest_verify",
.desc = "Verify CMS DigestedData type and output the content",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DIGEST_VERIFY,
},
{
.name = "encrypt",
.desc = "Encrypt message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_ENCRYPT,
},
{
.name = "EncryptedData_decrypt",
.desc = "Decrypt CMS EncryptedData",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_ENCRYPTED_DECRYPT,
},
{
.name = "EncryptedData_encrypt",
.desc = "Encrypt content using supplied symmetric key and algorithm",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_ENCRYPTED_ENCRYPT,
},
{
.argname = "addr",
.desc = "From address",
.type = OPTION_ARG,
- .opt.arg = &cms_config.from,
+ .opt.arg = &cfg.from,
},
{
.name = "in",
.argname = "file",
.desc = "Input file",
.type = OPTION_ARG,
- .opt.arg = &cms_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "indef",
.desc = "Same as -stream",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_STREAM,
},
{
.argname = "fmt",
.desc = "Input format (DER, PEM or SMIME (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &cms_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "inkey",
.argname = "fmt",
.desc = "Input key format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &cms_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "keyid",
.desc = "Use subject key identifier",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_USE_KEYID,
},
{
.name = "no_attr_verify",
.desc = "Do not verify the signer's attribute of a signature",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NO_ATTR_VERIFY,
},
{
.name = "no_content_verify",
.desc = "Do not verify the content of a signed message",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NO_CONTENT_VERIFY,
},
{
.name = "no_signer_cert_verify",
.desc = "Do not verify the signer's certificate",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NO_SIGNER_CERT_VERIFY,
},
{
.name = "noattr",
.desc = "Do not include any signed attributes",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOATTR,
},
{
.name = "nocerts",
.desc = "Do not include signer's certificate when signing",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOCERTS,
},
{
.name = "nodetach",
.desc = "Use opaque signing",
.type = OPTION_VALUE_AND,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = ~CMS_DETACHED,
},
{
.name = "noindef",
.desc = "Disable CMS streaming",
.type = OPTION_VALUE_AND,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = ~CMS_STREAM,
},
{
.name = "nointern",
.desc = "Do not search certificates in message for signer",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOINTERN,
},
{
.name = "nooldmime",
.desc = "Output old S/MIME content type",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOOLDMIMETYPE,
},
{
.name = "noout",
.desc = "Do not output the parsed CMS structure",
.type = OPTION_FLAG,
- .opt.flag = &cms_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "nosigs",
.desc = "Do not verify message signature",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOSIGS,
},
{
.name = "nosmimecap",
.desc = "Omit the SMIMECapabilities attribute",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NOSMIMECAP,
},
{
.name = "noverify",
.desc = "Do not verify signer's certificate",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_NO_SIGNER_CERT_VERIFY,
},
{
.argname = "file",
.desc = "Output file",
.type = OPTION_ARG,
- .opt.arg = &cms_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "fmt",
.desc = "Output format (DER, PEM or SMIME (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &cms_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "src",
.desc = "Private key password source",
.type = OPTION_ARG,
- .opt.arg = &cms_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "print",
.argname = "fmt",
.desc = "Receipt file format (DER, PEM or SMIME (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &cms_config.rctformat,
+ .opt.value = &cfg.rctformat,
},
{
.name = "receipt_request_all",
.desc = "Indicate requests should be provided by all recipients",
.type = OPTION_VALUE,
- .opt.value = &cms_config.rr_allorfirst,
+ .opt.value = &cfg.rr_allorfirst,
.value = 0,
},
{
.name = "receipt_request_first",
.desc = "Indicate requests should be provided by first tier recipient",
.type = OPTION_VALUE,
- .opt.value = &cms_config.rr_allorfirst,
+ .opt.value = &cfg.rr_allorfirst,
.value = 1,
},
{
.name = "receipt_request_print",
.desc = "Print out the contents of any signed receipt requests",
.type = OPTION_FLAG,
- .opt.flag = &cms_config.rr_print,
+ .opt.flag = &cfg.rr_print,
},
{
.name = "receipt_request_to",
.name = "resign",
.desc = "Resign a signed message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_RESIGN,
},
{
.name = "sign",
.desc = "Sign message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_SIGN,
},
{
.name = "sign_receipt",
.desc = "Generate a signed receipt for the message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_SIGN_RECEIPT,
},
{
.name = "stream",
.desc = "Enable CMS streaming",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_STREAM,
},
{
.argname = "s",
.desc = "Subject",
.type = OPTION_ARG,
- .opt.arg = &cms_config.subject,
+ .opt.arg = &cfg.subject,
},
{
.name = "text",
.desc = "Include or delete text MIME headers",
.type = OPTION_VALUE_OR,
- .opt.value = &cms_config.flags,
+ .opt.value = &cfg.flags,
.value = CMS_TEXT,
},
{
.argname = "addr",
.desc = "To address",
.type = OPTION_ARG,
- .opt.arg = &cms_config.to,
+ .opt.arg = &cfg.to,
},
{
.name = "uncompress",
.desc = "Uncompress CMS CompressedData type",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_UNCOMPRESS,
},
{
.name = "verify",
.desc = "Verify signed message",
.type = OPTION_VALUE,
- .opt.value = &cms_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_VERIFY,
},
{
.name = "verify_retcode",
.desc = "Set verification error code to exit code",
.type = OPTION_FLAG,
- .opt.flag = &cms_config.verify_retcode,
+ .opt.flag = &cfg.verify_retcode,
},
{
.name = "check_ss_sig",
exit(1);
}
- memset(&cms_config, 0, sizeof(cms_config));
- cms_config.flags = CMS_DETACHED;
- cms_config.rr_allorfirst = -1;
- cms_config.informat = FORMAT_SMIME;
- cms_config.outformat = FORMAT_SMIME;
- cms_config.rctformat = FORMAT_SMIME;
- cms_config.keyform = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.flags = CMS_DETACHED;
+ cfg.rr_allorfirst = -1;
+ cfg.informat = FORMAT_SMIME;
+ cfg.outformat = FORMAT_SMIME;
+ cfg.rctformat = FORMAT_SMIME;
+ cfg.keyform = FORMAT_PEM;
if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) {
goto argerr;
}
args = argv + argsused;
ret = 1;
- if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) &&
- cms_config.rr_to == NULL) {
+ if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) &&
+ cfg.rr_to == NULL) {
BIO_puts(bio_err, "No Signed Receipts Recipients\n");
goto argerr;
}
- if (!(cms_config.operation & SMIME_SIGNERS) &&
- (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) {
+ if (!(cfg.operation & SMIME_SIGNERS) &&
+ (cfg.rr_to != NULL || cfg.rr_from != NULL)) {
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
goto argerr;
}
- if (!(cms_config.operation & SMIME_SIGNERS) &&
- (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) {
+ if (!(cfg.operation & SMIME_SIGNERS) &&
+ (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
}
- if (cms_config.operation & SMIME_SIGNERS) {
- if (cms_config.keyfile != NULL &&
- cms_config.signerfile == NULL) {
+ if (cfg.operation & SMIME_SIGNERS) {
+ if (cfg.keyfile != NULL &&
+ cfg.signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
}
/* Check to see if any final signer needs to be appended */
- if (cms_config.signerfile != NULL) {
- if (cms_config.sksigners == NULL &&
- (cms_config.sksigners =
+ if (cfg.signerfile != NULL) {
+ if (cfg.sksigners == NULL &&
+ (cfg.sksigners =
sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- if (!sk_OPENSSL_STRING_push(cms_config.sksigners,
- cms_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners,
+ cfg.signerfile))
goto end;
- if (cms_config.skkeys == NULL &&
- (cms_config.skkeys =
+ if (cfg.skkeys == NULL &&
+ (cfg.skkeys =
sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- if (cms_config.keyfile == NULL)
- cms_config.keyfile = cms_config.signerfile;
- if (!sk_OPENSSL_STRING_push(cms_config.skkeys,
- cms_config.keyfile))
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys,
+ cfg.keyfile))
goto end;
}
- if (cms_config.sksigners == NULL) {
+ if (cfg.sksigners == NULL) {
BIO_printf(bio_err,
"No signer certificate specified\n");
badarg = 1;
}
- cms_config.signerfile = NULL;
- cms_config.keyfile = NULL;
- } else if (cms_config.operation == SMIME_DECRYPT) {
- if (cms_config.recipfile == NULL &&
- cms_config.keyfile == NULL &&
- cms_config.secret_key == NULL &&
- cms_config.pwri_pass == NULL) {
+ cfg.signerfile = NULL;
+ cfg.keyfile = NULL;
+ } else if (cfg.operation == SMIME_DECRYPT) {
+ if (cfg.recipfile == NULL &&
+ cfg.keyfile == NULL &&
+ cfg.secret_key == NULL &&
+ cfg.pwri_pass == NULL) {
BIO_printf(bio_err,
"No recipient certificate or key specified\n");
badarg = 1;
}
- } else if (cms_config.operation == SMIME_ENCRYPT) {
- if (*args == NULL && cms_config.secret_key == NULL &&
- cms_config.pwri_pass == NULL &&
- cms_config.encerts == NULL) {
+ } else if (cfg.operation == SMIME_ENCRYPT) {
+ if (*args == NULL && cfg.secret_key == NULL &&
+ cfg.pwri_pass == NULL &&
+ cfg.encerts == NULL) {
BIO_printf(bio_err,
"No recipient(s) certificate(s) specified\n");
badarg = 1;
}
- } else if (!cms_config.operation) {
+ } else if (!cfg.operation) {
badarg = 1;
}
goto end;
}
- if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
ret = 2;
- if (!(cms_config.operation & SMIME_SIGNERS))
- cms_config.flags &= ~CMS_DETACHED;
+ if (!(cfg.operation & SMIME_SIGNERS))
+ cfg.flags &= ~CMS_DETACHED;
- if (cms_config.operation & SMIME_OP) {
- if (cms_config.outformat == FORMAT_ASN1)
+ if (cfg.operation & SMIME_OP) {
+ if (cfg.outformat == FORMAT_ASN1)
outmode = "wb";
} else {
- if (cms_config.flags & CMS_BINARY)
+ if (cfg.flags & CMS_BINARY)
outmode = "wb";
}
- if (cms_config.operation & SMIME_IP) {
- if (cms_config.informat == FORMAT_ASN1)
+ if (cfg.operation & SMIME_IP) {
+ if (cfg.informat == FORMAT_ASN1)
inmode = "rb";
} else {
- if (cms_config.flags & CMS_BINARY)
+ if (cfg.flags & CMS_BINARY)
inmode = "rb";
}
- if (cms_config.operation == SMIME_ENCRYPT) {
- if (cms_config.cipher == NULL) {
+ if (cfg.operation == SMIME_ENCRYPT) {
+ if (cfg.cipher == NULL) {
#ifndef OPENSSL_NO_DES
- cms_config.cipher = EVP_des_ede3_cbc();
+ cfg.cipher = EVP_des_ede3_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
#endif
}
- if (cms_config.secret_key != NULL &&
- cms_config.secret_keyid == NULL) {
+ if (cfg.secret_key != NULL &&
+ cfg.secret_keyid == NULL) {
BIO_printf(bio_err, "No secret key id\n");
goto end;
}
- if (*args != NULL && cms_config.encerts == NULL)
- if ((cms_config.encerts = sk_X509_new_null()) == NULL)
+ if (*args != NULL && cfg.encerts == NULL)
+ if ((cfg.encerts = sk_X509_new_null()) == NULL)
goto end;
while (*args) {
- if ((cms_config.cert = load_cert(bio_err, *args,
+ if ((cfg.cert = load_cert(bio_err, *args,
FORMAT_PEM, NULL,
"recipient certificate file")) == NULL)
goto end;
- if (!sk_X509_push(cms_config.encerts, cms_config.cert))
+ if (!sk_X509_push(cfg.encerts, cfg.cert))
goto end;
- cms_config.cert = NULL;
+ cfg.cert = NULL;
args++;
}
}
- if (cms_config.certfile != NULL) {
- if ((other = load_certs(bio_err, cms_config.certfile,
+ if (cfg.certfile != NULL) {
+ if ((other = load_certs(bio_err, cfg.certfile,
FORMAT_PEM, NULL, "certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (cms_config.recipfile != NULL &&
- (cms_config.operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(bio_err, cms_config.recipfile,
+ if (cfg.recipfile != NULL &&
+ (cfg.operation == SMIME_DECRYPT)) {
+ if ((recip = load_cert(bio_err, cfg.recipfile,
FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (cms_config.operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(bio_err, cms_config.signerfile,
+ if (cfg.operation == SMIME_SIGN_RECEIPT) {
+ if ((signer = load_cert(bio_err, cfg.signerfile,
FORMAT_PEM, NULL,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (cms_config.operation == SMIME_DECRYPT) {
- if (cms_config.keyfile == NULL)
- cms_config.keyfile = cms_config.recipfile;
- } else if ((cms_config.operation == SMIME_SIGN) ||
- (cms_config.operation == SMIME_SIGN_RECEIPT)) {
- if (cms_config.keyfile == NULL)
- cms_config.keyfile = cms_config.signerfile;
+ if (cfg.operation == SMIME_DECRYPT) {
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.recipfile;
+ } else if ((cfg.operation == SMIME_SIGN) ||
+ (cfg.operation == SMIME_SIGN_RECEIPT)) {
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
} else {
- cms_config.keyfile = NULL;
+ cfg.keyfile = NULL;
}
- if (cms_config.keyfile != NULL) {
- key = load_key(bio_err, cms_config.keyfile, cms_config.keyform,
+ if (cfg.keyfile != NULL) {
+ key = load_key(bio_err, cfg.keyfile, cfg.keyform,
0, passin, "signing key file");
if (key == NULL)
goto end;
}
- if (cms_config.infile != NULL) {
- if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) {
+ if (cfg.infile != NULL) {
+ if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
BIO_printf(bio_err,
- "Can't open input file %s\n", cms_config.infile);
+ "Can't open input file %s\n", cfg.infile);
goto end;
}
} else {
goto end;
}
- if (cms_config.operation & SMIME_IP) {
- if (cms_config.informat == FORMAT_SMIME)
+ if (cfg.operation & SMIME_IP) {
+ if (cfg.informat == FORMAT_SMIME)
cms = SMIME_read_CMS(in, &indata);
- else if (cms_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
- else if (cms_config.informat == FORMAT_ASN1)
+ else if (cfg.informat == FORMAT_ASN1)
cms = d2i_CMS_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad input format for CMS file\n");
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
- if (cms_config.contfile != NULL) {
+ if (cfg.contfile != NULL) {
BIO_free(indata);
- if ((indata = BIO_new_file(cms_config.contfile,
+ if ((indata = BIO_new_file(cfg.contfile,
"rb")) == NULL) {
BIO_printf(bio_err,
"Can't read content file %s\n",
- cms_config.contfile);
+ cfg.contfile);
goto end;
}
}
- if (cms_config.certsoutfile != NULL) {
+ if (cfg.certsoutfile != NULL) {
STACK_OF(X509) *allcerts;
if ((allcerts = CMS_get1_certs(cms)) == NULL)
goto end;
- if (!save_certs(cms_config.certsoutfile, allcerts)) {
+ if (!save_certs(cfg.certsoutfile, allcerts)) {
BIO_printf(bio_err,
"Error writing certs to %s\n",
- cms_config.certsoutfile);
+ cfg.certsoutfile);
sk_X509_pop_free(allcerts, X509_free);
ret = 5;
goto end;
sk_X509_pop_free(allcerts, X509_free);
}
}
- if (cms_config.rctfile != NULL) {
- char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ?
+ if (cfg.rctfile != NULL) {
+ char *rctmode = (cfg.rctformat == FORMAT_ASN1) ?
"rb" : "r";
- if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) {
+ if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) {
BIO_printf(bio_err,
- "Can't open receipt file %s\n", cms_config.rctfile);
+ "Can't open receipt file %s\n", cfg.rctfile);
goto end;
}
- if (cms_config.rctformat == FORMAT_SMIME)
+ if (cfg.rctformat == FORMAT_SMIME)
rcms = SMIME_read_CMS(rctin, NULL);
- else if (cms_config.rctformat == FORMAT_PEM)
+ else if (cfg.rctformat == FORMAT_PEM)
rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
- else if (cms_config.rctformat == FORMAT_ASN1)
+ else if (cfg.rctformat == FORMAT_ASN1)
rcms = d2i_CMS_bio(rctin, NULL);
else {
BIO_printf(bio_err, "Bad input format for receipt\n");
goto end;
}
}
- if (cms_config.outfile != NULL) {
- if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) {
+ if (cfg.outfile != NULL) {
+ if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
BIO_printf(bio_err,
- "Can't open output file %s\n", cms_config.outfile);
+ "Can't open output file %s\n", cfg.outfile);
goto end;
}
} else {
goto end;
}
- if ((cms_config.operation == SMIME_VERIFY) ||
- (cms_config.operation == SMIME_VERIFY_RECEIPT)) {
- if ((store = setup_verify(bio_err, cms_config.CAfile,
- cms_config.CApath)) == NULL)
+ if ((cfg.operation == SMIME_VERIFY) ||
+ (cfg.operation == SMIME_VERIFY_RECEIPT)) {
+ if ((store = setup_verify(bio_err, cfg.CAfile,
+ cfg.CApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, cms_cb);
- if (cms_config.vpm != NULL) {
- if (!X509_STORE_set1_param(store, cms_config.vpm))
+ if (cfg.vpm != NULL) {
+ if (!X509_STORE_set1_param(store, cfg.vpm))
goto end;
}
}
ret = 3;
- if (cms_config.operation == SMIME_DATA_CREATE) {
- cms = CMS_data_create(in, cms_config.flags);
- } else if (cms_config.operation == SMIME_DIGEST_CREATE) {
- cms = CMS_digest_create(in, cms_config.sign_md,
- cms_config.flags);
- } else if (cms_config.operation == SMIME_COMPRESS) {
- cms = CMS_compress(in, -1, cms_config.flags);
- } else if (cms_config.operation == SMIME_ENCRYPT) {
+ if (cfg.operation == SMIME_DATA_CREATE) {
+ cms = CMS_data_create(in, cfg.flags);
+ } else if (cfg.operation == SMIME_DIGEST_CREATE) {
+ cms = CMS_digest_create(in, cfg.sign_md,
+ cfg.flags);
+ } else if (cfg.operation == SMIME_COMPRESS) {
+ cms = CMS_compress(in, -1, cfg.flags);
+ } else if (cfg.operation == SMIME_ENCRYPT) {
int i;
- cms_config.flags |= CMS_PARTIAL;
- cms = CMS_encrypt(NULL, in, cms_config.cipher,
- cms_config.flags);
+ cfg.flags |= CMS_PARTIAL;
+ cms = CMS_encrypt(NULL, in, cfg.cipher,
+ cfg.flags);
if (cms == NULL)
goto end;
- for (i = 0; i < sk_X509_num(cms_config.encerts); i++) {
+ for (i = 0; i < sk_X509_num(cfg.encerts); i++) {
CMS_RecipientInfo *ri;
struct cms_key_param *kparam;
- int tflags = cms_config.flags;
+ int tflags = cfg.flags;
X509 *x;
- if ((x = sk_X509_value(cms_config.encerts, i)) == NULL)
+ if ((x = sk_X509_value(cfg.encerts, i)) == NULL)
goto end;
- for (kparam = cms_config.key_first; kparam != NULL;
+ for (kparam = cfg.key_first; kparam != NULL;
kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
}
}
- if (cms_config.secret_key != NULL) {
+ if (cfg.secret_key != NULL) {
if (CMS_add0_recipient_key(cms, NID_undef,
- cms_config.secret_key, cms_config.secret_keylen,
- cms_config.secret_keyid, cms_config.secret_keyidlen,
+ cfg.secret_key, cfg.secret_keylen,
+ cfg.secret_keyid, cfg.secret_keyidlen,
NULL, NULL, NULL) == NULL)
goto end;
/* NULL these because call absorbs them */
- cms_config.secret_key = NULL;
- cms_config.secret_keyid = NULL;
+ cfg.secret_key = NULL;
+ cfg.secret_keyid = NULL;
}
- if (cms_config.pwri_pass != NULL) {
- pwri_tmp = strdup(cms_config.pwri_pass);
+ if (cfg.pwri_pass != NULL) {
+ pwri_tmp = strdup(cfg.pwri_pass);
if (pwri_tmp == NULL)
goto end;
if (CMS_add0_recipient_password(cms, -1, NID_undef,
goto end;
pwri_tmp = NULL;
}
- if (!(cms_config.flags & CMS_STREAM)) {
- if (!CMS_final(cms, in, NULL, cms_config.flags))
+ if (!(cfg.flags & CMS_STREAM)) {
+ if (!CMS_final(cms, in, NULL, cfg.flags))
goto end;
}
- } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) {
- cms = CMS_EncryptedData_encrypt(in, cms_config.cipher,
- cms_config.secret_key, cms_config.secret_keylen,
- cms_config.flags);
+ } else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) {
+ cms = CMS_EncryptedData_encrypt(in, cfg.cipher,
+ cfg.secret_key, cfg.secret_keylen,
+ cfg.flags);
- } else if (cms_config.operation == SMIME_SIGN_RECEIPT) {
+ } else if (cfg.operation == SMIME_SIGN_RECEIPT) {
CMS_ContentInfo *srcms = NULL;
STACK_OF(CMS_SignerInfo) *sis;
CMS_SignerInfo *si;
if (si == NULL)
goto end;
srcms = CMS_sign_receipt(si, signer, key, other,
- cms_config.flags);
+ cfg.flags);
if (srcms == NULL)
goto end;
CMS_ContentInfo_free(cms);
cms = srcms;
- } else if (cms_config.operation & SMIME_SIGNERS) {
+ } else if (cfg.operation & SMIME_SIGNERS) {
int i;
/*
* If detached data content we enable streaming if S/MIME
* output format.
*/
- if (cms_config.operation == SMIME_SIGN) {
+ if (cfg.operation == SMIME_SIGN) {
- if (cms_config.flags & CMS_DETACHED) {
- if (cms_config.outformat == FORMAT_SMIME)
- cms_config.flags |= CMS_STREAM;
+ if (cfg.flags & CMS_DETACHED) {
+ if (cfg.outformat == FORMAT_SMIME)
+ cfg.flags |= CMS_STREAM;
}
- cms_config.flags |= CMS_PARTIAL;
- cms = CMS_sign(NULL, NULL, other, in, cms_config.flags);
+ cfg.flags |= CMS_PARTIAL;
+ cms = CMS_sign(NULL, NULL, other, in, cfg.flags);
if (cms == NULL)
goto end;
- if (cms_config.econtent_type != NULL)
+ if (cfg.econtent_type != NULL)
if (!CMS_set1_eContentType(cms,
- cms_config.econtent_type))
+ cfg.econtent_type))
goto end;
- if (cms_config.rr_to != NULL) {
- rr = make_receipt_request(cms_config.rr_to,
- cms_config.rr_allorfirst,
- cms_config.rr_from);
+ if (cfg.rr_to != NULL) {
+ rr = make_receipt_request(cfg.rr_to,
+ cfg.rr_allorfirst,
+ cfg.rr_from);
if (rr == NULL) {
BIO_puts(bio_err,
"Signed Receipt Request Creation Error\n");
}
}
} else {
- cms_config.flags |= CMS_REUSE_DIGEST;
+ cfg.flags |= CMS_REUSE_DIGEST;
}
- for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) {
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
CMS_SignerInfo *si;
struct cms_key_param *kparam;
- int tflags = cms_config.flags;
+ int tflags = cfg.flags;
- cms_config.signerfile = sk_OPENSSL_STRING_value(
- cms_config.sksigners, i);
- cms_config.keyfile = sk_OPENSSL_STRING_value(
- cms_config.skkeys, i);
+ cfg.signerfile = sk_OPENSSL_STRING_value(
+ cfg.sksigners, i);
+ cfg.keyfile = sk_OPENSSL_STRING_value(
+ cfg.skkeys, i);
- signer = load_cert(bio_err, cms_config.signerfile,
+ signer = load_cert(bio_err, cfg.signerfile,
FORMAT_PEM, NULL, "signer certificate");
if (signer == NULL)
goto end;
- key = load_key(bio_err, cms_config.keyfile,
- cms_config.keyform, 0, passin, "signing key file");
+ key = load_key(bio_err, cfg.keyfile,
+ cfg.keyform, 0, passin, "signing key file");
if (key == NULL)
goto end;
- for (kparam = cms_config.key_first; kparam != NULL;
+ for (kparam = cfg.key_first; kparam != NULL;
kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
}
}
si = CMS_add1_signer(cms, signer, key,
- cms_config.sign_md, tflags);
+ cfg.sign_md, tflags);
if (si == NULL)
goto end;
if (kparam != NULL) {
key = NULL;
}
/* If not streaming or resigning finalize structure */
- if ((cms_config.operation == SMIME_SIGN) &&
- !(cms_config.flags & CMS_STREAM)) {
- if (!CMS_final(cms, in, NULL, cms_config.flags))
+ if ((cfg.operation == SMIME_SIGN) &&
+ !(cfg.flags & CMS_STREAM)) {
+ if (!CMS_final(cms, in, NULL, cfg.flags))
goto end;
}
}
goto end;
}
ret = 4;
- if (cms_config.operation == SMIME_DECRYPT) {
- if (cms_config.flags & CMS_DEBUG_DECRYPT)
+ if (cfg.operation == SMIME_DECRYPT) {
+ if (cfg.flags & CMS_DEBUG_DECRYPT)
CMS_decrypt(cms, NULL, NULL, NULL, NULL,
- cms_config.flags);
+ cfg.flags);
- if (cms_config.secret_key != NULL) {
- if (!CMS_decrypt_set1_key(cms, cms_config.secret_key,
- cms_config.secret_keylen, cms_config.secret_keyid,
- cms_config.secret_keyidlen)) {
+ if (cfg.secret_key != NULL) {
+ if (!CMS_decrypt_set1_key(cms, cfg.secret_key,
+ cfg.secret_keylen, cfg.secret_keyid,
+ cfg.secret_keyidlen)) {
BIO_puts(bio_err,
"Error decrypting CMS using secret key\n");
goto end;
goto end;
}
}
- if (cms_config.pwri_pass != NULL) {
+ if (cfg.pwri_pass != NULL) {
if (!CMS_decrypt_set1_password(cms,
- cms_config.pwri_pass, -1)) {
+ cfg.pwri_pass, -1)) {
BIO_puts(bio_err,
"Error decrypting CMS using password\n");
goto end;
}
}
if (!CMS_decrypt(cms, NULL, NULL, indata, out,
- cms_config.flags)) {
+ cfg.flags)) {
BIO_printf(bio_err, "Error decrypting CMS structure\n");
goto end;
}
- } else if (cms_config.operation == SMIME_DATAOUT) {
- if (!CMS_data(cms, out, cms_config.flags))
+ } else if (cfg.operation == SMIME_DATAOUT) {
+ if (!CMS_data(cms, out, cfg.flags))
goto end;
- } else if (cms_config.operation == SMIME_UNCOMPRESS) {
- if (!CMS_uncompress(cms, indata, out, cms_config.flags))
+ } else if (cfg.operation == SMIME_UNCOMPRESS) {
+ if (!CMS_uncompress(cms, indata, out, cfg.flags))
goto end;
- } else if (cms_config.operation == SMIME_DIGEST_VERIFY) {
- if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0)
+ } else if (cfg.operation == SMIME_DIGEST_VERIFY) {
+ if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)
BIO_printf(bio_err, "Verification successful\n");
else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
- } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) {
- if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key,
- cms_config.secret_keylen, indata, out, cms_config.flags))
+ } else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) {
+ if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key,
+ cfg.secret_keylen, indata, out, cfg.flags))
goto end;
- } else if (cms_config.operation == SMIME_VERIFY) {
+ } else if (cfg.operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out,
- cms_config.flags) > 0) {
+ cfg.flags) > 0) {
BIO_printf(bio_err, "Verification successful\n");
} else {
BIO_printf(bio_err, "Verification failure\n");
- if (cms_config.verify_retcode)
+ if (cfg.verify_retcode)
ret = verify_err + 32;
goto end;
}
- if (cms_config.signerfile != NULL) {
+ if (cfg.signerfile != NULL) {
STACK_OF(X509) *signers;
if ((signers = CMS_get0_signers(cms)) == NULL)
goto end;
- if (!save_certs(cms_config.signerfile, signers)) {
+ if (!save_certs(cfg.signerfile, signers)) {
BIO_printf(bio_err,
"Error writing signers to %s\n",
- cms_config.signerfile);
+ cfg.signerfile);
sk_X509_free(signers);
ret = 5;
goto end;
}
sk_X509_free(signers);
}
- if (cms_config.rr_print)
+ if (cfg.rr_print)
receipt_request_print(bio_err, cms);
- } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) {
+ } else if (cfg.operation == SMIME_VERIFY_RECEIPT) {
if (CMS_verify_receipt(rcms, cms, other, store,
- cms_config.flags) > 0) {
+ cfg.flags) > 0) {
BIO_printf(bio_err, "Verification successful\n");
} else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
} else {
- if (cms_config.noout) {
- if (cms_config.print &&
+ if (cfg.noout) {
+ if (cfg.print &&
!CMS_ContentInfo_print_ctx(out, cms, 0, NULL))
goto end;
- } else if (cms_config.outformat == FORMAT_SMIME) {
- if (cms_config.to != NULL)
- BIO_printf(out, "To: %s\n", cms_config.to);
- if (cms_config.from != NULL)
- BIO_printf(out, "From: %s\n", cms_config.from);
- if (cms_config.subject != NULL)
+ } else if (cfg.outformat == FORMAT_SMIME) {
+ if (cfg.to != NULL)
+ BIO_printf(out, "To: %s\n", cfg.to);
+ if (cfg.from != NULL)
+ BIO_printf(out, "From: %s\n", cfg.from);
+ if (cfg.subject != NULL)
BIO_printf(out, "Subject: %s\n",
- cms_config.subject);
- if (cms_config.operation == SMIME_RESIGN)
+ cfg.subject);
+ if (cfg.operation == SMIME_RESIGN)
ret = SMIME_write_CMS(out, cms, indata,
- cms_config.flags);
+ cfg.flags);
else
ret = SMIME_write_CMS(out, cms, in,
- cms_config.flags);
- } else if (cms_config.outformat == FORMAT_PEM) {
+ cfg.flags);
+ } else if (cfg.outformat == FORMAT_PEM) {
ret = PEM_write_bio_CMS_stream(out, cms, in,
- cms_config.flags);
- } else if (cms_config.outformat == FORMAT_ASN1) {
- ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags);
+ cfg.flags);
+ } else if (cfg.outformat == FORMAT_ASN1) {
+ ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags);
} else {
BIO_printf(bio_err, "Bad output format for CMS file\n");
goto end;
if (ret)
ERR_print_errors(bio_err);
- sk_X509_pop_free(cms_config.encerts, X509_free);
+ sk_X509_pop_free(cfg.encerts, X509_free);
sk_X509_pop_free(other, X509_free);
- X509_VERIFY_PARAM_free(cms_config.vpm);
- sk_OPENSSL_STRING_free(cms_config.sksigners);
- sk_OPENSSL_STRING_free(cms_config.skkeys);
- free(cms_config.secret_key);
- free(cms_config.secret_keyid);
+ X509_VERIFY_PARAM_free(cfg.vpm);
+ sk_OPENSSL_STRING_free(cfg.sksigners);
+ sk_OPENSSL_STRING_free(cfg.skkeys);
+ free(cfg.secret_key);
+ free(cfg.secret_keyid);
free(pwri_tmp);
- ASN1_OBJECT_free(cms_config.econtent_type);
+ ASN1_OBJECT_free(cfg.econtent_type);
CMS_ReceiptRequest_free(rr);
- sk_OPENSSL_STRING_free(cms_config.rr_to);
- sk_OPENSSL_STRING_free(cms_config.rr_from);
- for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) {
+ sk_OPENSSL_STRING_free(cfg.rr_to);
+ sk_OPENSSL_STRING_free(cfg.rr_from);
+ for (cfg.key_param = cfg.key_first; cfg.key_param;) {
struct cms_key_param *tparam;
- sk_OPENSSL_STRING_free(cms_config.key_param->param);
- tparam = cms_config.key_param->next;
- free(cms_config.key_param);
- cms_config.key_param = tparam;
+ sk_OPENSSL_STRING_free(cfg.key_param->param);
+ tparam = cfg.key_param->next;
+ free(cfg.key_param);
+ cfg.key_param = tparam;
}
X509_STORE_free(store);
- X509_free(cms_config.cert);
+ X509_free(cfg.cert);
X509_free(recip);
X509_free(signer);
EVP_PKEY_free(key);
-/* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: crl.c,v 1.17 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int outformat;
int text;
int verify;
-} crl_config;
+} cfg;
static const struct option crl_options[] = {
{
.argname = "file",
.desc = "Verify the CRL using certificates in the given file",
.type = OPTION_ARG,
- .opt.arg = &crl_config.cafile,
+ .opt.arg = &cfg.cafile,
},
{
.name = "CApath",
.argname = "path",
.desc = "Verify the CRL using certificates in the given path",
.type = OPTION_ARG,
- .opt.arg = &crl_config.capath,
+ .opt.arg = &cfg.capath,
},
{
.name = "crlnumber",
.desc = "Print the CRL number",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.crlnumber,
+ .opt.flag = &cfg.crlnumber,
},
{
.name = "fingerprint",
.desc = "Print the CRL fingerprint",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.fingerprint,
+ .opt.flag = &cfg.fingerprint,
},
{
.name = "hash",
.desc = "Print the hash of the issuer name",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.hash,
+ .opt.flag = &cfg.hash,
},
{
.name = "hash_old",
.desc = "Print an old-style (MD5) hash of the issuer name",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.hash_old,
+ .opt.flag = &cfg.hash_old,
},
{
.name = "in",
.argname = "file",
.desc = "Input file to read from (stdin if unspecified)",
.type = OPTION_ARG,
- .opt.arg = &crl_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &crl_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "issuer",
.desc = "Print the issuer name",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.issuer,
+ .opt.flag = &cfg.issuer,
},
{
.name = "lastupdate",
.desc = "Print the lastUpdate field",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.lastupdate,
+ .opt.flag = &cfg.lastupdate,
},
{
.name = "nameopt",
.argname = "options",
.desc = "Specify certificate name options",
.type = OPTION_ARG,
- .opt.arg = &crl_config.nameopt,
+ .opt.arg = &cfg.nameopt,
},
{
.name = "nextupdate",
.desc = "Print the nextUpdate field",
.type = OPTION_FLAG_ORD,
- .opt.flag = &crl_config.nextupdate,
+ .opt.flag = &cfg.nextupdate,
},
{
.name = "noout",
.desc = "Do not output the encoded version of the CRL",
.type = OPTION_FLAG,
- .opt.flag = &crl_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file to write to (stdout if unspecified)",
.type = OPTION_ARG,
- .opt.arg = &crl_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &crl_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "text",
.desc = "Print out the CRL in text form",
.type = OPTION_FLAG,
- .opt.flag = &crl_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = "verify",
.desc = "Verify the signature on the CRL",
.type = OPTION_FLAG,
- .opt.flag = &crl_config.verify,
+ .opt.flag = &cfg.verify,
},
{NULL},
};
digest = EVP_sha256();
- memset(&crl_config, 0, sizeof(crl_config));
- crl_config.informat = FORMAT_PEM;
- crl_config.outformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) {
crl_usage();
goto end;
}
- if (crl_config.cafile != NULL || crl_config.capath != NULL)
- crl_config.verify = 1;
+ if (cfg.cafile != NULL || cfg.capath != NULL)
+ cfg.verify = 1;
- if (crl_config.nameopt != NULL) {
- if (set_name_ex(&nmflag, crl_config.nameopt) != 1) {
+ if (cfg.nameopt != NULL) {
+ if (set_name_ex(&nmflag, cfg.nameopt) != 1) {
fprintf(stderr,
"Invalid -nameopt argument '%s'\n",
- crl_config.nameopt);
+ cfg.nameopt);
goto end;
}
}
}
}
- x = load_crl(crl_config.infile, crl_config.informat);
+ x = load_crl(cfg.infile, cfg.informat);
if (x == NULL)
goto end;
- if (crl_config.verify) {
+ if (cfg.verify) {
store = X509_STORE_new();
if (store == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
- if (!X509_LOOKUP_load_file(lookup, crl_config.cafile,
+ if (!X509_LOOKUP_load_file(lookup, cfg.cafile,
X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup, NULL,
X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL)
goto end;
- if (!X509_LOOKUP_add_dir(lookup, crl_config.capath,
+ if (!X509_LOOKUP_add_dir(lookup, cfg.capath,
X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup, NULL,
X509_FILETYPE_DEFAULT);
/* Print requested information the order that the flags were given. */
for (i = 1; i <= argc; i++) {
- if (crl_config.issuer == i) {
+ if (cfg.issuer == i) {
print_name(bio_out, "issuer=",
X509_CRL_get_issuer(x), nmflag);
}
- if (crl_config.crlnumber == i) {
+ if (cfg.crlnumber == i) {
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x,
NID_crl_number, NULL, NULL);
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out, "\n");
}
- if (crl_config.hash == i) {
+ if (cfg.hash == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
#ifndef OPENSSL_NO_MD5
- if (crl_config.hash_old == i) {
+ if (cfg.hash_old == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
- if (crl_config.lastupdate == i) {
+ if (cfg.lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out,
X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out, "\n");
}
- if (crl_config.nextupdate == i) {
+ if (cfg.nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(bio_out,
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
}
- if (crl_config.fingerprint == i) {
+ if (cfg.fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
ERR_print_errors(bio_err);
goto end;
}
- if (crl_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, crl_config.outfile) <= 0) {
- perror(crl_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (crl_config.text)
+ if (cfg.text)
X509_CRL_print(out, x);
- if (crl_config.noout) {
+ if (cfg.noout) {
ret = 0;
goto end;
}
- if (crl_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = (int) i2d_X509_CRL_bio(out, x);
- else if (crl_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_X509_CRL(out, x);
else {
BIO_printf(bio_err,
-/* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int nocrl;
char *outfile;
int outformat;
-} crl2p7_config;
+} cfg;
static int
crl2p7_opt_certfile(char *arg)
{
- if (crl2p7_config.certflst == NULL)
- crl2p7_config.certflst = sk_OPENSSL_STRING_new_null();
- if (crl2p7_config.certflst == NULL) {
+ if (cfg.certflst == NULL)
+ cfg.certflst = sk_OPENSSL_STRING_new_null();
+ if (cfg.certflst == NULL) {
fprintf(stderr, "out of memory\n");
return (1);
}
- if (!sk_OPENSSL_STRING_push(crl2p7_config.certflst, arg)) {
+ if (!sk_OPENSSL_STRING_push(cfg.certflst, arg)) {
fprintf(stderr, "out of memory\n");
return (1);
}
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &crl2p7_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &crl2p7_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "nocrl",
.desc = "Do not read CRL from input or include CRL in output",
.type = OPTION_FLAG,
- .opt.flag = &crl2p7_config.nocrl,
+ .opt.flag = &cfg.nocrl,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &crl2p7_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &crl2p7_config.outformat,
+ .opt.value = &cfg.outformat,
},
{ NULL },
};
exit(1);
}
- memset(&crl2p7_config, 0, sizeof(crl2p7_config));
+ memset(&cfg, 0, sizeof(cfg));
- crl2p7_config.informat = FORMAT_PEM;
- crl2p7_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) {
crl2p7_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (!crl2p7_config.nocrl) {
- if (crl2p7_config.infile == NULL)
+ if (!cfg.nocrl) {
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, crl2p7_config.infile) <= 0) {
- perror(crl2p7_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (crl2p7_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
- else if (crl2p7_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err,
goto end;
p7s->cert = cert_stack;
- if (crl2p7_config.certflst) {
- for (i = 0; i < sk_OPENSSL_STRING_num(crl2p7_config.certflst); i++) {
- certfile = sk_OPENSSL_STRING_value(crl2p7_config.certflst, i);
+ if (cfg.certflst) {
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.certflst); i++) {
+ certfile = sk_OPENSSL_STRING_value(cfg.certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err,
"error loading certificates\n");
}
}
- sk_OPENSSL_STRING_free(crl2p7_config.certflst);
+ sk_OPENSSL_STRING_free(cfg.certflst);
- if (crl2p7_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, crl2p7_config.outfile) <= 0) {
- perror(crl2p7_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (crl2p7_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
- else if (crl2p7_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err,
-/* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *sigfile;
STACK_OF(OPENSSL_STRING) *sigopts;
int want_pub;
-} dgst_config;
+} cfg;
static int
dgst_opt_macopt(char *arg)
if (arg == NULL)
return (1);
- if (dgst_config.macopts == NULL &&
- (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.macopts == NULL &&
+ (cfg.macopts = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.macopts, arg))
return (1);
return (0);
if (*name++ != '-')
return (1);
- if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL)
+ if ((cfg.m = EVP_get_digestbyname(name)) == NULL)
return (1);
- dgst_config.md = dgst_config.m;
+ cfg.md = cfg.m;
*argsused = 1;
return (0);
if (arg == NULL)
return (1);
- dgst_config.keyfile = arg;
- dgst_config.do_verify = 1;
+ cfg.keyfile = arg;
+ cfg.do_verify = 1;
return (0);
}
if (arg == NULL)
return (1);
- if (dgst_config.sigopts == NULL &&
- (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.sigopts == NULL &&
+ (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
return (1);
return (0);
if (arg == NULL)
return (1);
- dgst_config.keyfile = arg;
- dgst_config.want_pub = 1;
- dgst_config.do_verify = 1;
+ cfg.keyfile = arg;
+ cfg.want_pub = 1;
+ cfg.do_verify = 1;
return (0);
}
.name = "binary",
.desc = "Output the digest or signature in binary form",
.type = OPTION_VALUE,
- .opt.value = &dgst_config.out_bin,
+ .opt.value = &cfg.out_bin,
.value = 1,
},
{
.name = "c",
.desc = "Print the digest in two-digit groups separated by colons",
.type = OPTION_VALUE,
- .opt.value = &dgst_config.separator,
+ .opt.value = &cfg.separator,
.value = 1,
},
{
.name = "d",
.desc = "Print BIO debugging information",
.type = OPTION_FLAG,
- .opt.flag = &dgst_config.debug,
+ .opt.flag = &cfg.debug,
},
{
.name = "hex",
.desc = "Output as hex dump",
.type = OPTION_VALUE,
- .opt.value = &dgst_config.out_bin,
+ .opt.value = &cfg.out_bin,
.value = 0,
},
{
.argname = "key",
.desc = "Create hashed MAC with key",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.hmac_key,
+ .opt.arg = &cfg.hmac_key,
},
{
.name = "keyform",
.argname = "format",
.desc = "Key file format (PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dgst_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "mac",
.argname = "algorithm",
.desc = "Create MAC (not necessarily HMAC)",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.mac_name,
+ .opt.arg = &cfg.mac_name,
},
{
.name = "macopt",
.argname = "file",
.desc = "Output to file rather than stdout",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passin",
.argname = "arg",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "prverify",
.name = "r",
.desc = "Output the digest in coreutils format",
.type = OPTION_VALUE,
- .opt.value = &dgst_config.separator,
+ .opt.value = &cfg.separator,
.value = 2,
},
{
.argname = "file",
.desc = "Sign digest using private key in file",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "signature",
.argname = "file",
.desc = "Signature to verify",
.type = OPTION_ARG,
- .opt.arg = &dgst_config.sigfile,
+ .opt.arg = &cfg.sigfile,
},
{
.name = "sigopt",
goto end;
}
- memset(&dgst_config, 0, sizeof(dgst_config));
- dgst_config.keyform = FORMAT_PEM;
- dgst_config.out_bin = -1;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.keyform = FORMAT_PEM;
+ cfg.out_bin = -1;
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
- dgst_config.md = EVP_get_digestbyname(pname);
+ cfg.md = EVP_get_digestbyname(pname);
if (options_parse(argc, argv, dgst_options, NULL,
- &dgst_config.argsused) != 0) {
+ &cfg.argsused) != 0) {
dgst_usage();
goto end;
}
- argc -= dgst_config.argsused;
- argv += dgst_config.argsused;
+ argc -= cfg.argsused;
+ argv += cfg.argsused;
- if (dgst_config.do_verify && !dgst_config.sigfile) {
+ if (cfg.do_verify && !cfg.sigfile) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
goto end;
}
- if (dgst_config.debug) {
+ if (cfg.debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
BIO_set_callback_arg(in, (char *) bio_err);
}
- if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (dgst_config.out_bin == -1) {
- if (dgst_config.keyfile)
- dgst_config.out_bin = 1;
+ if (cfg.out_bin == -1) {
+ if (cfg.keyfile)
+ cfg.out_bin = 1;
else
- dgst_config.out_bin = 0;
+ cfg.out_bin = 0;
}
- if (dgst_config.outfile) {
- if (dgst_config.out_bin)
- out = BIO_new_file(dgst_config.outfile, "wb");
+ if (cfg.outfile) {
+ if (cfg.out_bin)
+ out = BIO_new_file(cfg.outfile, "wb");
else
- out = BIO_new_file(dgst_config.outfile, "w");
+ out = BIO_new_file(cfg.outfile, "w");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
- dgst_config.outfile ? dgst_config.outfile : "(stdout)");
+ cfg.outfile ? cfg.outfile : "(stdout)");
ERR_print_errors(bio_err);
goto end;
}
- if ((!!dgst_config.mac_name + !!dgst_config.keyfile +
- !!dgst_config.hmac_key) > 1) {
+ if ((!!cfg.mac_name + !!cfg.keyfile +
+ !!cfg.hmac_key) > 1) {
BIO_printf(bio_err,
"MAC and Signing key cannot both be specified\n");
goto end;
}
- if (dgst_config.keyfile) {
- if (dgst_config.want_pub)
- sigkey = load_pubkey(bio_err, dgst_config.keyfile,
- dgst_config.keyform, 0, NULL, "key file");
+ if (cfg.keyfile) {
+ if (cfg.want_pub)
+ sigkey = load_pubkey(bio_err, cfg.keyfile,
+ cfg.keyform, 0, NULL, "key file");
else
- sigkey = load_key(bio_err, dgst_config.keyfile,
- dgst_config.keyform, 0, passin, "key file");
+ sigkey = load_key(bio_err, cfg.keyfile,
+ cfg.keyform, 0, passin, "key file");
if (!sigkey) {
/*
* load_[pub]key() has already printed an appropriate
goto end;
}
}
- if (dgst_config.mac_name) {
+ if (cfg.mac_name) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
- if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0))
+ if (!init_gen_str(bio_err, &mac_ctx, cfg.mac_name, 0))
goto mac_end;
- if (dgst_config.macopts) {
+ if (cfg.macopts) {
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(
- dgst_config.macopts); i++) {
+ cfg.macopts); i++) {
macopt = sk_OPENSSL_STRING_value(
- dgst_config.macopts, i);
+ cfg.macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n",
if (r == 0)
goto end;
}
- if (dgst_config.hmac_key) {
+ if (cfg.hmac_key) {
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- (unsigned char *) dgst_config.hmac_key, -1);
+ (unsigned char *) cfg.hmac_key, -1);
if (!sigkey)
goto end;
}
ERR_print_errors(bio_err);
goto end;
}
- if (dgst_config.do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md,
+ if (cfg.do_verify)
+ r = EVP_DigestVerifyInit(mctx, &pctx, cfg.md,
NULL, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md,
+ r = EVP_DigestSignInit(mctx, &pctx, cfg.md,
NULL, sigkey);
if (!r) {
BIO_printf(bio_err, "Error setting context\n");
ERR_print_errors(bio_err);
goto end;
}
- if (dgst_config.sigopts) {
+ if (cfg.sigopts) {
char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(
- dgst_config.sigopts); i++) {
+ cfg.sigopts); i++) {
sigopt = sk_OPENSSL_STRING_value(
- dgst_config.sigopts, i);
+ cfg.sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
BIO_printf(bio_err,
"parameter error \"%s\"\n",
}
/* we use md as a filter, reading from 'in' */
else {
- if (dgst_config.md == NULL)
- dgst_config.md = EVP_sha256();
- if (!BIO_set_md(bmd, dgst_config.md)) {
+ if (cfg.md == NULL)
+ cfg.md = EVP_sha256();
+ if (!BIO_set_md(bmd, cfg.md)) {
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
goto end;
}
}
- if (dgst_config.sigfile && sigkey) {
+ if (cfg.sigfile && sigkey) {
BIO *sigbio;
siglen = EVP_PKEY_size(sigkey);
sigbuf = malloc(siglen);
ERR_print_errors(bio_err);
goto end;
}
- sigbio = BIO_new_file(dgst_config.sigfile, "rb");
+ sigbio = BIO_new_file(cfg.sigfile, "rb");
if (!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n",
- dgst_config.sigfile);
+ cfg.sigfile);
ERR_print_errors(bio_err);
goto end;
}
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n",
- dgst_config.sigfile);
+ cfg.sigfile);
ERR_print_errors(bio_err);
goto end;
}
}
inp = BIO_push(bmd, in);
- if (dgst_config.md == NULL) {
+ if (cfg.md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
- dgst_config.md = EVP_MD_CTX_md(tctx);
+ cfg.md = EVP_MD_CTX_md(tctx);
}
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
- err = do_fp(out, buf, inp, dgst_config.separator,
- dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL,
+ err = do_fp(out, buf, inp, cfg.separator,
+ cfg.out_bin, sigkey, sigbuf, siglen, NULL, NULL,
"stdin", bmd);
} else {
const char *md_name = NULL, *sig_name = NULL;
- if (!dgst_config.out_bin) {
+ if (!cfg.out_bin) {
if (sigkey) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_get0_asn1(sigkey);
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
- md_name = EVP_MD_name(dgst_config.md);
+ md_name = EVP_MD_name(cfg.md);
}
err = 0;
for (i = 0; i < argc; i++) {
err++;
continue;
} else {
- r = do_fp(out, buf, inp, dgst_config.separator,
- dgst_config.out_bin, sigkey, sigbuf, siglen,
+ r = do_fp(out, buf, inp, cfg.separator,
+ cfg.out_bin, sigkey, sigbuf, siglen,
sig_name, md_name, argv[i], bmd);
}
if (r)
free(passin);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
- sk_OPENSSL_STRING_free(dgst_config.sigopts);
- sk_OPENSSL_STRING_free(dgst_config.macopts);
+ sk_OPENSSL_STRING_free(cfg.sigopts);
+ sk_OPENSSL_STRING_free(cfg.macopts);
free(sigbuf);
BIO_free(bmd);
-/* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: dh.c,v 1.15 2023/03/06 14:32:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *outfile;
int outformat;
int text;
-} dh_config;
+} cfg;
static const struct option dh_options[] = {
{
.name = "C",
.desc = "Convert DH parameters into C code",
.type = OPTION_FLAG,
- .opt.flag = &dh_config.C,
+ .opt.flag = &cfg.C,
},
{
.name = "check",
.desc = "Check the DH parameters",
.type = OPTION_FLAG,
- .opt.flag = &dh_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &dh_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dh_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "No output",
.type = OPTION_FLAG,
- .opt.flag = &dh_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &dh_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dh_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "text",
.desc = "Print a text form of the DH parameters",
.type = OPTION_FLAG,
- .opt.flag = &dh_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL },
};
exit(1);
}
- memset(&dh_config, 0, sizeof(dh_config));
+ memset(&cfg, 0, sizeof(cfg));
- dh_config.informat = FORMAT_PEM;
- dh_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) {
dh_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (dh_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, dh_config.infile) <= 0) {
- perror(dh_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (dh_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, dh_config.outfile) <= 0) {
- perror(dh_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (dh_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
- else if (dh_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified\n");
ERR_print_errors(bio_err);
goto end;
}
- if (dh_config.text) {
+ if (cfg.text) {
DHparams_print(out, dh);
}
- if (dh_config.check) {
+ if (cfg.check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
- if (dh_config.C) {
+ if (cfg.C) {
unsigned char *data;
int len, l, bits;
printf("\treturn(dh);\n\t}\n");
free(data);
}
- if (!dh_config.noout) {
- if (dh_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
- else if (dh_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
-/* $OpenBSD: dhparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: dhparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *outfile;
int outformat;
int text;
-} dhparam_config;
+} cfg;
static const struct option dhparam_options[] = {
{
.desc = "Generate DH parameters with a generator value of 2 "
"(default)",
.type = OPTION_VALUE,
- .opt.value = &dhparam_config.g,
+ .opt.value = &cfg.g,
.value = 2,
},
{
.name = "5",
.desc = "Generate DH parameters with a generator value of 5",
.type = OPTION_VALUE,
- .opt.value = &dhparam_config.g,
+ .opt.value = &cfg.g,
.value = 5,
},
{
.name = "C",
.desc = "Convert DH parameters into C code",
.type = OPTION_FLAG,
- .opt.flag = &dhparam_config.C,
+ .opt.flag = &cfg.C,
},
{
.name = "check",
.desc = "Check the DH parameters",
.type = OPTION_FLAG,
- .opt.flag = &dhparam_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "dsaparam",
.desc = "Read or generate DSA parameters and convert to DH",
.type = OPTION_FLAG,
- .opt.flag = &dhparam_config.dsaparam,
+ .opt.flag = &cfg.dsaparam,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &dhparam_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dhparam_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "Do not output encoded version of DH parameters",
.type = OPTION_FLAG,
- .opt.flag = &dhparam_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &dhparam_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dhparam_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "text",
.desc = "Print DH parameters in plain text",
.type = OPTION_FLAG,
- .opt.flag = &dhparam_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL },
};
exit(1);
}
- memset(&dhparam_config, 0, sizeof(dhparam_config));
+ memset(&cfg, 0, sizeof(cfg));
- dhparam_config.informat = FORMAT_PEM;
- dhparam_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) {
dhparam_usage();
}
}
- if (dhparam_config.g && !num)
+ if (cfg.g && !num)
num = DEFBITS;
- if (dhparam_config.dsaparam) {
- if (dhparam_config.g) {
+ if (cfg.dsaparam) {
+ if (cfg.g) {
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
goto end;
}
} else {
/* DH parameters */
- if (num && !dhparam_config.g)
- dhparam_config.g = 2;
+ if (num && !cfg.g)
+ cfg.g = 2;
}
if (num) {
}
BN_GENCB_set(cb, dh_cb, bio_err);
- if (dhparam_config.dsaparam) {
+ if (cfg.dsaparam) {
DSA *dsa = DSA_new();
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
}
} else {
dh = DH_new();
- BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g);
+ BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, cfg.g);
BIO_printf(bio_err, "This is going to take a long time\n");
- if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, cb)) {
+ if (!dh || !DH_generate_parameters_ex(dh, num, cfg.g, cb)) {
ERR_print_errors(bio_err);
goto end;
}
ERR_print_errors(bio_err);
goto end;
}
- if (dhparam_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, dhparam_config.infile) <= 0) {
- perror(dhparam_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (dhparam_config.informat != FORMAT_ASN1 &&
- dhparam_config.informat != FORMAT_PEM) {
+ if (cfg.informat != FORMAT_ASN1 &&
+ cfg.informat != FORMAT_PEM) {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
- if (dhparam_config.dsaparam) {
+ if (cfg.dsaparam) {
DSA *dsa;
- if (dhparam_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
}
} else
{
- if (dhparam_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
ERR_print_errors(bio_err);
goto end;
}
- if (dhparam_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, dhparam_config.outfile) <= 0) {
- perror(dhparam_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (dhparam_config.text) {
+ if (cfg.text) {
DHparams_print(out, dh);
}
- if (dhparam_config.check) {
+ if (cfg.check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
- if (dhparam_config.C) {
+ if (cfg.C) {
unsigned char *data;
int len, l, bits;
printf("\treturn(dh);\n\t}\n");
free(data);
}
- if (!dhparam_config.noout) {
- if (dhparam_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
- else if (dhparam_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
-/* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: dsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int pubout;
int pvk_encr;
int text;
-} dsa_config;
+} cfg;
static int
dsa_opt_enc(int argc, char **argv, int *argsused)
if (*name++ != '-')
return (1);
- if ((dsa_config.enc = EVP_get_cipherbyname(name)) != NULL) {
+ if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) {
*argsused = 1;
return (0);
}
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &dsa_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.desc = "Input format (PEM (default) or any other supported"
" format)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dsa_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "modulus",
.desc = "Print the DSA public value",
.type = OPTION_FLAG,
- .opt.flag = &dsa_config.modulus,
+ .opt.flag = &cfg.modulus,
},
{
.name = "noout",
.desc = "No output",
.type = OPTION_FLAG,
- .opt.flag = &dsa_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &dsa_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER, MSBLOB, PEM (default) or PVK)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dsa_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "source",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &dsa_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "source",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &dsa_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "pubin",
.desc = "Read a public key from the input file instead of"
" private key",
.type = OPTION_FLAG,
- .opt.flag = &dsa_config.pubin,
+ .opt.flag = &cfg.pubin,
},
{
.name = "pubout",
.desc = "Output a public key instead of private key",
.type = OPTION_FLAG,
- .opt.flag = &dsa_config.pubout,
+ .opt.flag = &cfg.pubout,
},
{
.name = "pvk-none",
.desc = "PVK encryption level",
.type = OPTION_VALUE,
.value = 0,
- .opt.value = &dsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "pvk-strong",
.desc = "PVK encryption level (default)",
.type = OPTION_VALUE,
.value = 2,
- .opt.value = &dsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "pvk-weak",
.desc = "PVK encryption level",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &dsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "text",
.desc = "Print the key in text form",
.type = OPTION_FLAG,
- .opt.flag = &dsa_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = NULL,
exit(1);
}
- memset(&dsa_config, 0, sizeof(dsa_config));
+ memset(&cfg, 0, sizeof(cfg));
- dsa_config.pvk_encr = 2;
- dsa_config.informat = FORMAT_PEM;
- dsa_config.outformat = FORMAT_PEM;
+ cfg.pvk_encr = 2;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) {
dsa_usage();
goto end;
}
- if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout,
+ if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
ERR_print_errors(bio_err);
goto end;
}
- if (dsa_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, dsa_config.infile) <= 0) {
- perror(dsa_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
{
EVP_PKEY *pkey;
- if (dsa_config.pubin)
- pkey = load_pubkey(bio_err, dsa_config.infile,
- dsa_config.informat, 1, passin, "Public Key");
+ if (cfg.pubin)
+ pkey = load_pubkey(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "Public Key");
else
- pkey = load_key(bio_err, dsa_config.infile,
- dsa_config.informat, 1, passin, "Private Key");
+ pkey = load_key(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
ERR_print_errors(bio_err);
goto end;
}
- if (dsa_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, dsa_config.outfile) <= 0) {
- perror(dsa_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (dsa_config.text) {
+ if (cfg.text) {
if (!DSA_print(out, dsa, 0)) {
- perror(dsa_config.outfile);
+ perror(cfg.outfile);
ERR_print_errors(bio_err);
goto end;
}
}
- if (dsa_config.modulus) {
+ if (cfg.modulus) {
fprintf(stdout, "Public Key=");
BN_print(out, DSA_get0_pub_key(dsa));
fprintf(stdout, "\n");
}
- if (dsa_config.noout)
+ if (cfg.noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n");
- if (dsa_config.outformat == FORMAT_ASN1) {
- if (dsa_config.pubin || dsa_config.pubout)
+ if (cfg.outformat == FORMAT_ASN1) {
+ if (cfg.pubin || cfg.pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
- } else if (dsa_config.outformat == FORMAT_PEM) {
- if (dsa_config.pubin || dsa_config.pubout)
+ } else if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.pubin || cfg.pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
- i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc,
+ i = PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc,
NULL, 0, NULL, passout);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
- } else if (dsa_config.outformat == FORMAT_MSBLOB ||
- dsa_config.outformat == FORMAT_PVK) {
+ } else if (cfg.outformat == FORMAT_MSBLOB ||
+ cfg.outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
- if (dsa_config.outformat == FORMAT_PVK)
- i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0,
+ if (cfg.outformat == FORMAT_PVK)
+ i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0,
passout);
- else if (dsa_config.pubin || dsa_config.pubout)
+ else if (cfg.pubin || cfg.pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
-/* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: dsaparam.c,v 1.15 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *outfile;
int outformat;
int text;
-} dsaparam_config;
+} cfg;
static const struct option dsaparam_options[] = {
{
.name = "C",
.desc = "Convert DSA parameters into C code",
.type = OPTION_FLAG,
- .opt.flag = &dsaparam_config.C,
+ .opt.flag = &cfg.C,
},
{
.name = "genkey",
.desc = "Generate a DSA key",
.type = OPTION_FLAG,
- .opt.flag = &dsaparam_config.genkey,
+ .opt.flag = &cfg.genkey,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &dsaparam_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dsaparam_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "No output",
.type = OPTION_FLAG,
- .opt.flag = &dsaparam_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &dsaparam_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &dsaparam_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "text",
.desc = "Print as text",
.type = OPTION_FLAG,
- .opt.flag = &dsaparam_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL },
};
exit(1);
}
- memset(&dsaparam_config, 0, sizeof(dsaparam_config));
+ memset(&cfg, 0, sizeof(cfg));
- dsaparam_config.informat = FORMAT_PEM;
- dsaparam_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) {
dsaparam_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (dsaparam_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, dsaparam_config.infile) <= 0) {
- perror(dsaparam_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (dsaparam_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, dsaparam_config.outfile) <= 0) {
- perror(dsaparam_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
- } else if (dsaparam_config.informat == FORMAT_ASN1)
+ } else if (cfg.informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
- else if (dsaparam_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified\n");
ERR_print_errors(bio_err);
goto end;
}
- if (dsaparam_config.text) {
+ if (cfg.text) {
DSAparams_print(out, dsa);
}
- if (dsaparam_config.C) {
+ if (cfg.C) {
unsigned char *data;
int l, len, bits_p;
printf("\tDSA_set0_pqg(dsa, p, q, g);\n");
printf("\treturn(dsa);\n\t}\n");
}
- if (!dsaparam_config.noout) {
- if (dsaparam_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
- else if (dsaparam_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_DSAparams(out, dsa);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
}
- if (dsaparam_config.genkey) {
+ if (cfg.genkey) {
DSA *dsakey;
if ((dsakey = DSAparams_dup(dsa)) == NULL)
DSA_free(dsakey);
goto end;
}
- if (dsaparam_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
- else if (dsaparam_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
-/* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: ec.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
int pubin;
int pubout;
int text;
-} ec_config;
+} cfg;
static int
ec_opt_enc(int argc, char **argv, int *argsused)
if (*name++ != '-')
return (1);
- if ((ec_config.enc = EVP_get_cipherbyname(name)) != NULL) {
+ if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) {
*argsused = 1;
return (0);
}
ec_opt_form(char *arg)
{
if (strcmp(arg, "compressed") == 0)
- ec_config.form = POINT_CONVERSION_COMPRESSED;
+ cfg.form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(arg, "uncompressed") == 0)
- ec_config.form = POINT_CONVERSION_UNCOMPRESSED;
+ cfg.form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(arg, "hybrid") == 0)
- ec_config.form = POINT_CONVERSION_HYBRID;
+ cfg.form = POINT_CONVERSION_HYBRID;
else {
fprintf(stderr, "Invalid point conversion: %s\n", arg);
return (1);
}
- ec_config.new_form = 1;
+ cfg.new_form = 1;
return (0);
}
ec_opt_named(char *arg)
{
if (strcmp(arg, "named_curve") == 0)
- ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(arg, "explicit") == 0)
- ec_config.asn1_flag = 0;
+ cfg.asn1_flag = 0;
else {
fprintf(stderr, "Invalid curve type: %s\n", arg);
return (1);
}
- ec_config.new_asn1_flag = 1;
+ cfg.new_asn1_flag = 1;
return (0);
}
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &ec_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &ec_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "No output",
.type = OPTION_FLAG,
- .opt.flag = &ec_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &ec_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &ec_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "param_enc",
.name = "param_out",
.desc = "Print the elliptic curve parameters",
.type = OPTION_FLAG,
- .opt.flag = &ec_config.param_out,
+ .opt.flag = &cfg.param_out,
},
{
.name = "passin",
.argname = "source",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &ec_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "source",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &ec_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "pubin",
.desc = "Read public key instead of private key from input",
.type = OPTION_FLAG,
- .opt.flag = &ec_config.pubin,
+ .opt.flag = &cfg.pubin,
},
{
.name = "pubout",
.desc = "Output public key instead of private key in output",
.type = OPTION_FLAG,
- .opt.flag = &ec_config.pubout,
+ .opt.flag = &cfg.pubout,
},
{
.name = "text",
.desc = "Print the public/private key components and parameters",
.type = OPTION_FLAG,
- .opt.flag = &ec_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = NULL,
exit(1);
}
- memset(&ec_config, 0, sizeof(ec_config));
+ memset(&cfg, 0, sizeof(cfg));
- ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;
- ec_config.form = POINT_CONVERSION_UNCOMPRESSED;
- ec_config.informat = FORMAT_PEM;
- ec_config.outformat = FORMAT_PEM;
+ cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ cfg.form = POINT_CONVERSION_UNCOMPRESSED;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) {
ec_usage();
goto end;
}
- if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout,
+ if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
ERR_print_errors(bio_err);
goto end;
}
- if (ec_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, ec_config.infile) <= 0) {
- perror(ec_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
BIO_printf(bio_err, "read EC key\n");
- if (ec_config.informat == FORMAT_ASN1) {
- if (ec_config.pubin)
+ if (cfg.informat == FORMAT_ASN1) {
+ if (cfg.pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
- } else if (ec_config.informat == FORMAT_PEM) {
- if (ec_config.pubin)
+ } else if (cfg.informat == FORMAT_PEM) {
+ if (cfg.pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
NULL);
else
ERR_print_errors(bio_err);
goto end;
}
- if (ec_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, ec_config.outfile) <= 0) {
- perror(ec_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
group = EC_KEY_get0_group(eckey);
- if (ec_config.new_form)
- EC_KEY_set_conv_form(eckey, ec_config.form);
+ if (cfg.new_form)
+ EC_KEY_set_conv_form(eckey, cfg.form);
- if (ec_config.new_asn1_flag)
- EC_KEY_set_asn1_flag(eckey, ec_config.asn1_flag);
+ if (cfg.new_asn1_flag)
+ EC_KEY_set_asn1_flag(eckey, cfg.asn1_flag);
- if (ec_config.text)
+ if (cfg.text)
if (!EC_KEY_print(out, eckey, 0)) {
- perror(ec_config.outfile);
+ perror(cfg.outfile);
ERR_print_errors(bio_err);
goto end;
}
- if (ec_config.noout) {
+ if (cfg.noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
- if (ec_config.outformat == FORMAT_ASN1) {
- if (ec_config.param_out)
+ if (cfg.outformat == FORMAT_ASN1) {
+ if (cfg.param_out)
i = i2d_ECPKParameters_bio(out, group);
- else if (ec_config.pubin || ec_config.pubout)
+ else if (cfg.pubin || cfg.pubout)
i = i2d_EC_PUBKEY_bio(out, eckey);
else
i = i2d_ECPrivateKey_bio(out, eckey);
- } else if (ec_config.outformat == FORMAT_PEM) {
- if (ec_config.param_out)
+ } else if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.param_out)
i = PEM_write_bio_ECPKParameters(out, group);
- else if (ec_config.pubin || ec_config.pubout)
+ else if (cfg.pubin || cfg.pubout)
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey,
- ec_config.enc, NULL, 0, NULL, passout);
+ cfg.enc, NULL, 0, NULL, passout);
} else {
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
-/* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */
+/* $OpenBSD: ecparam.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
char *outfile;
int outformat;
int text;
-} ecparam_config;
+} cfg;
static int
ecparam_opt_form(char *arg)
{
if (strcmp(arg, "compressed") == 0)
- ecparam_config.form = POINT_CONVERSION_COMPRESSED;
+ cfg.form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(arg, "uncompressed") == 0)
- ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED;
+ cfg.form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(arg, "hybrid") == 0)
- ecparam_config.form = POINT_CONVERSION_HYBRID;
+ cfg.form = POINT_CONVERSION_HYBRID;
else
return (1);
- ecparam_config.new_form = 1;
+ cfg.new_form = 1;
return (0);
}
ecparam_opt_enctype(char *arg)
{
if (strcmp(arg, "explicit") == 0)
- ecparam_config.asn1_flag = 0;
+ cfg.asn1_flag = 0;
else if (strcmp(arg, "named_curve") == 0)
- ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
else
return (1);
- ecparam_config.new_asn1_flag = 1;
+ cfg.new_asn1_flag = 1;
return (0);
}
.name = "C",
.desc = "Convert the EC parameters into C code",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.C,
+ .opt.flag = &cfg.C,
},
{
.name = "check",
.desc = "Validate the elliptic curve parameters",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "conv_form",
.desc = "Generate an EC private key using the specified "
"parameters",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.genkey,
+ .opt.flag = &cfg.genkey,
},
{
.name = "in",
.argname = "file",
.desc = "Input file to read parameters from (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &ecparam_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &ecparam_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "list_curves",
.desc = "Print list of all currently implemented EC "
"parameter names",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.list_curves,
+ .opt.flag = &cfg.list_curves,
},
{
.name = "name",
.argname = "curve",
.desc = "Use the EC parameters with the specified name",
.type = OPTION_ARG,
- .opt.arg = &ecparam_config.curve_name,
+ .opt.arg = &cfg.curve_name,
},
{
.name = "no_seed",
.desc = "Do not output seed with explicit parameter encoding",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.no_seed,
+ .opt.flag = &cfg.no_seed,
},
{
.name = "noout",
.desc = "Do not output encoded version of EC parameters",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file to write parameters to (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &ecparam_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &ecparam_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "param_enc",
.name = "text",
.desc = "Print out the EC parameters in human readable form",
.type = OPTION_FLAG,
- .opt.flag = &ecparam_config.text,
+ .opt.flag = &cfg.text,
},
{NULL},
};
exit(1);
}
- memset(&ecparam_config, 0, sizeof(ecparam_config));
- ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE;
- ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED;
- ecparam_config.informat = FORMAT_PEM;
- ecparam_config.outformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ cfg.form = POINT_CONVERSION_UNCOMPRESSED;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) {
ecparam_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (ecparam_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, ecparam_config.infile) <= 0) {
- perror(ecparam_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (ecparam_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, ecparam_config.outfile) <= 0) {
- perror(ecparam_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (ecparam_config.list_curves) {
+ if (cfg.list_curves) {
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
size_t n = 0;
ret = 0;
goto end;
}
- if (ecparam_config.curve_name != NULL) {
+ if (cfg.curve_name != NULL) {
int nid;
/*
* secp256r1 (which are the same as the curves prime192v1 and
* prime256v1 defined in X9.62)
*/
- if (!strcmp(ecparam_config.curve_name, "secp192r1")) {
+ if (!strcmp(cfg.curve_name, "secp192r1")) {
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
- } else if (!strcmp(ecparam_config.curve_name, "secp256r1")) {
+ } else if (!strcmp(cfg.curve_name, "secp256r1")) {
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
} else
- nid = OBJ_sn2nid(ecparam_config.curve_name);
+ nid = OBJ_sn2nid(cfg.curve_name);
if (nid == 0)
- nid = EC_curve_nist2nid(ecparam_config.curve_name);
+ nid = EC_curve_nist2nid(cfg.curve_name);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n",
- ecparam_config.curve_name);
+ cfg.curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n",
- ecparam_config.curve_name);
+ cfg.curve_name);
goto end;
}
- EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag);
- EC_GROUP_set_point_conversion_form(group, ecparam_config.form);
- } else if (ecparam_config.informat == FORMAT_ASN1) {
+ EC_GROUP_set_asn1_flag(group, cfg.asn1_flag);
+ EC_GROUP_set_point_conversion_form(group, cfg.form);
+ } else if (cfg.informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
- } else if (ecparam_config.informat == FORMAT_PEM) {
+ } else if (cfg.informat == FORMAT_PEM) {
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
} else {
BIO_printf(bio_err, "bad input format specified\n");
ERR_print_errors(bio_err);
goto end;
}
- if (ecparam_config.new_form)
- EC_GROUP_set_point_conversion_form(group, ecparam_config.form);
+ if (cfg.new_form)
+ EC_GROUP_set_point_conversion_form(group, cfg.form);
- if (ecparam_config.new_asn1_flag)
- EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag);
+ if (cfg.new_asn1_flag)
+ EC_GROUP_set_asn1_flag(group, cfg.asn1_flag);
- if (ecparam_config.no_seed)
+ if (cfg.no_seed)
EC_GROUP_set_seed(group, NULL, 0);
- if (ecparam_config.text) {
+ if (cfg.text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
}
- if (ecparam_config.check) {
+ if (cfg.check) {
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
BIO_printf(bio_err, "ok\n");
}
- if (ecparam_config.C) {
+ if (cfg.C) {
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
}
- if (!ecparam_config.noout) {
- if (ecparam_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
- else if (ecparam_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group);
else {
BIO_printf(bio_err, "bad output format specified for"
goto end;
}
}
- if (ecparam_config.genkey) {
+ if (cfg.genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
EC_KEY_free(eckey);
goto end;
}
- if (ecparam_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
- else if (ecparam_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
else {
-/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */
+/* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int pbkdf2;
int printkey;
int verbose;
-} enc_config;
+} cfg;
static int
enc_opt_cipher(int argc, char **argv, int *argsused)
return (1);
if (strcmp(name, "none") == 0) {
- enc_config.cipher = NULL;
+ cfg.cipher = NULL;
*argsused = 1;
return (0);
}
- if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) {
+ if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) {
*argsused = 1;
return (0);
}
.name = "A",
.desc = "Process base64 data on one line (requires -a)",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.olb64,
+ .opt.flag = &cfg.olb64,
},
{
.name = "a",
.desc = "Perform base64 encoding/decoding (alias -base64)",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.base64,
+ .opt.flag = &cfg.base64,
},
{
.name = "base64",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.base64,
+ .opt.flag = &cfg.base64,
},
{
.name = "bufsize",
.argname = "size",
.desc = "Specify the buffer size to use for I/O",
.type = OPTION_ARG,
- .opt.arg = &enc_config.bufsize,
+ .opt.arg = &cfg.bufsize,
},
{
.name = "d",
.desc = "Decrypt the input data",
.type = OPTION_VALUE,
- .opt.value = &enc_config.enc,
+ .opt.value = &cfg.enc,
.value = 0,
},
{
.name = "debug",
.desc = "Print debugging information",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.debug,
+ .opt.flag = &cfg.debug,
},
{
.name = "e",
.desc = "Encrypt the input data (default)",
.type = OPTION_VALUE,
- .opt.value = &enc_config.enc,
+ .opt.value = &cfg.enc,
.value = 1,
},
{
.argname = "file",
.desc = "Input file to read from (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &enc_config.inf,
+ .opt.arg = &cfg.inf,
},
{
.name = "iter",
.argname = "iterations",
.desc = "Specify iteration count and force use of PBKDF2",
.type = OPTION_ARG_INT,
- .opt.value = &enc_config.iter,
+ .opt.value = &cfg.iter,
},
{
.name = "iv",
.argname = "IV",
.desc = "IV to use, specified as a hexadecimal string",
.type = OPTION_ARG,
- .opt.arg = &enc_config.hiv,
+ .opt.arg = &cfg.hiv,
},
{
.name = "K",
.argname = "key",
.desc = "Key to use, specified as a hexadecimal string",
.type = OPTION_ARG,
- .opt.arg = &enc_config.hkey,
+ .opt.arg = &cfg.hkey,
},
{
.name = "k", /* Superseded by -pass. */
.type = OPTION_ARG,
- .opt.arg = &enc_config.keystr,
+ .opt.arg = &cfg.keystr,
},
{
.name = "kfile", /* Superseded by -pass. */
.type = OPTION_ARG,
- .opt.arg = &enc_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "md",
.argname = "digest",
.desc = "Digest to use to create a key from the passphrase",
.type = OPTION_ARG,
- .opt.arg = &enc_config.md,
+ .opt.arg = &cfg.md,
},
{
.name = "none",
.name = "nopad",
.desc = "Disable standard block padding",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.nopad,
+ .opt.flag = &cfg.nopad,
},
{
.name = "nosalt",
.type = OPTION_VALUE,
- .opt.value = &enc_config.nosalt,
+ .opt.value = &cfg.nosalt,
.value = 1,
},
{
.argname = "file",
.desc = "Output file to write to (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &enc_config.outf,
+ .opt.arg = &cfg.outf,
},
{
.name = "P",
.desc = "Print out the salt, key and IV used, then exit\n"
" (no encryption or decryption is performed)",
.type = OPTION_VALUE,
- .opt.value = &enc_config.printkey,
+ .opt.value = &cfg.printkey,
.value = 2,
},
{
.name = "p",
.desc = "Print out the salt, key and IV used",
.type = OPTION_VALUE,
- .opt.value = &enc_config.printkey,
+ .opt.value = &cfg.printkey,
.value = 1,
},
{
.argname = "source",
.desc = "Password source",
.type = OPTION_ARG,
- .opt.arg = &enc_config.passarg,
+ .opt.arg = &cfg.passarg,
},
{
.name = "pbkdf2",
.desc = "Use the pbkdf2 key derivation function",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.pbkdf2,
+ .opt.flag = &cfg.pbkdf2,
},
{
.name = "S",
.argname = "salt",
.desc = "Salt to use, specified as a hexadecimal string",
.type = OPTION_ARG,
- .opt.arg = &enc_config.hsalt,
+ .opt.arg = &cfg.hsalt,
},
{
.name = "salt",
.desc = "Use a salt in the key derivation routines (default)",
.type = OPTION_VALUE,
- .opt.value = &enc_config.nosalt,
+ .opt.value = &cfg.nosalt,
.value = 0,
},
{
.name = "v",
.desc = "Verbose",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.verbose,
+ .opt.flag = &cfg.verbose,
},
#ifdef ZLIB
{
.name = "z",
.desc = "Perform zlib compression/decompression",
.type = OPTION_FLAG,
- .opt.flag = &enc_config.do_zlib,
+ .opt.flag = &cfg.do_zlib,
},
#endif
{
exit(1);
}
- memset(&enc_config, 0, sizeof(enc_config));
- enc_config.enc = 1;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.enc = 1;
/* first check the program name */
program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
- enc_config.base64 = 1;
+ cfg.base64 = 1;
#ifdef ZLIB
if (strcmp(pname, "zlib") == 0)
- enc_config.do_zlib = 1;
+ cfg.do_zlib = 1;
#endif
- enc_config.cipher = EVP_get_cipherbyname(pname);
+ cfg.cipher = EVP_get_cipherbyname(pname);
#ifdef ZLIB
- if (!enc_config.do_zlib && !enc_config.base64 &&
- enc_config.cipher == NULL && strcmp(pname, "enc") != 0)
+ if (!cfg.do_zlib && !cfg.base64 &&
+ cfg.cipher == NULL && strcmp(pname, "enc") != 0)
#else
- if (!enc_config.base64 && enc_config.cipher == NULL &&
+ if (!cfg.base64 && cfg.cipher == NULL &&
strcmp(pname, "enc") != 0)
#endif
{
goto end;
}
- if (enc_config.keyfile != NULL) {
+ if (cfg.keyfile != NULL) {
static char buf[128];
FILE *infile;
- infile = fopen(enc_config.keyfile, "r");
+ infile = fopen(cfg.keyfile, "r");
if (infile == NULL) {
BIO_printf(bio_err, "unable to read key from '%s'\n",
- enc_config.keyfile);
+ cfg.keyfile);
goto end;
}
buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n",
- enc_config.keyfile);
+ cfg.keyfile);
fclose(infile);
goto end;
}
BIO_printf(bio_err, "zero length password\n");
goto end;
}
- enc_config.keystr = buf;
+ cfg.keystr = buf;
}
- if (enc_config.cipher != NULL &&
- (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
+ if (cfg.cipher != NULL &&
+ (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
BIO_printf(bio_err, "enc does not support AEAD ciphers\n");
goto end;
}
- if (enc_config.cipher != NULL &&
- EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) {
+ if (cfg.cipher != NULL &&
+ EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) {
BIO_printf(bio_err, "enc does not support XTS mode\n");
goto end;
}
- if (enc_config.md != NULL &&
- (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {
+ if (cfg.md != NULL &&
+ (dgst = EVP_get_digestbyname(cfg.md)) == NULL) {
BIO_printf(bio_err,
"%s is an unsupported message digest type\n",
- enc_config.md);
+ cfg.md);
goto end;
}
if (dgst == NULL) {
dgst = EVP_sha256();
}
- if (enc_config.bufsize != NULL) {
- char *p = enc_config.bufsize;
+ if (cfg.bufsize != NULL) {
+ char *p = cfg.bufsize;
unsigned long n;
/* XXX - provide an OPTION_ARG_DISKUNIT. */
goto end;
}
/* It must be large enough for a base64 encoded line. */
- if (enc_config.base64 && n < 80)
+ if (cfg.base64 && n < 80)
n = 80;
bsize = (int)n;
- if (enc_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
strbuf = malloc(SIZE);
ERR_print_errors(bio_err);
goto end;
}
- if (enc_config.debug) {
+ if (cfg.debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *) bio_err);
BIO_set_callback_arg(out, (char *) bio_err);
}
- if (enc_config.inf == NULL) {
- if (enc_config.bufsize != NULL)
+ if (cfg.inf == NULL) {
+ if (cfg.bufsize != NULL)
setvbuf(stdin, (char *) NULL, _IONBF, 0);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
} else {
- if (BIO_read_filename(in, enc_config.inf) <= 0) {
- perror(enc_config.inf);
+ if (BIO_read_filename(in, cfg.inf) <= 0) {
+ perror(cfg.inf);
goto end;
}
}
- if (!enc_config.keystr && enc_config.passarg) {
- if (!app_passwd(bio_err, enc_config.passarg, NULL,
+ if (!cfg.keystr && cfg.passarg) {
+ if (!app_passwd(bio_err, cfg.passarg, NULL,
&pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- enc_config.keystr = pass;
+ cfg.keystr = pass;
}
- if (enc_config.keystr == NULL && enc_config.cipher != NULL &&
- enc_config.hkey == NULL) {
+ if (cfg.keystr == NULL && cfg.cipher != NULL &&
+ cfg.hkey == NULL) {
for (;;) {
char buf[200];
int retval;
retval = snprintf(buf, sizeof buf,
"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)),
- enc_config.enc ? "encryption" : "decryption");
+ OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)),
+ cfg.enc ? "encryption" : "decryption");
if ((size_t)retval >= sizeof buf) {
BIO_printf(bio_err,
"Password prompt too long\n");
}
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, buf,
- enc_config.enc);
+ cfg.enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
goto end;
}
- enc_config.keystr = strbuf;
+ cfg.keystr = strbuf;
break;
}
if (i < 0) {
}
}
}
- if (enc_config.outf == NULL) {
+ if (cfg.outf == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
- if (enc_config.bufsize != NULL)
+ if (cfg.bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
} else {
- if (BIO_write_filename(out, enc_config.outf) <= 0) {
- perror(enc_config.outf);
+ if (BIO_write_filename(out, cfg.outf) <= 0) {
+ perror(cfg.outf);
goto end;
}
}
}
#endif
- if (enc_config.base64) {
+ if (cfg.base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
- if (enc_config.debug) {
+ if (cfg.debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *) bio_err);
}
- if (enc_config.olb64)
+ if (cfg.olb64)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
- if (enc_config.enc)
+ if (cfg.enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
- if (enc_config.cipher != NULL) {
+ if (cfg.cipher != NULL) {
/*
* Note that keystr is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
- if (enc_config.keystr != NULL) {
+ if (cfg.keystr != NULL) {
/*
* Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
- if (enc_config.nosalt)
+ if (cfg.nosalt)
sptr = NULL;
else {
- if (enc_config.enc) {
- if (enc_config.hsalt) {
- if (!set_hex(enc_config.hsalt, salt, sizeof salt)) {
+ if (cfg.enc) {
+ if (cfg.hsalt) {
+ if (!set_hex(cfg.hsalt, salt, sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
* If -P option then don't bother
* writing
*/
- if ((enc_config.printkey != 2)
+ if ((cfg.printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
|| BIO_write(wbio,
}
sptr = salt;
}
- if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) {
+ if (cfg.pbkdf2 == 1 || cfg.iter > 0) {
/*
* derive key and default iv
* concatenated into a temporary buffer
*/
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
- int iklen = EVP_CIPHER_key_length(enc_config.cipher);
- int ivlen = EVP_CIPHER_iv_length(enc_config.cipher);
+ int iklen = EVP_CIPHER_key_length(cfg.cipher);
+ int ivlen = EVP_CIPHER_iv_length(cfg.cipher);
/* not needed if HASH_UPDATE() is fixed : */
int islen = (sptr != NULL ? sizeof(salt) : 0);
- if (enc_config.iter == 0)
- enc_config.iter = 10000;
+ if (cfg.iter == 0)
+ cfg.iter = 10000;
- if (!PKCS5_PBKDF2_HMAC(enc_config.keystr,
- strlen(enc_config.keystr), sptr, islen,
- enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) {
+ if (!PKCS5_PBKDF2_HMAC(cfg.keystr,
+ strlen(cfg.keystr), sptr, islen,
+ cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
goto end;
}
memcpy(iv, tmpkeyiv + iklen, ivlen);
explicit_bzero(tmpkeyiv, sizeof tmpkeyiv);
} else {
- EVP_BytesToKey(enc_config.cipher, dgst, sptr,
- (unsigned char *)enc_config.keystr,
- strlen(enc_config.keystr), 1, key, iv);
+ EVP_BytesToKey(cfg.cipher, dgst, sptr,
+ (unsigned char *)cfg.keystr,
+ strlen(cfg.keystr), 1, key, iv);
}
/*
* the command line bug picked up by Larry J. Hughes
* Jr. <hughes@indiana.edu>
*/
- if (enc_config.keystr == strbuf)
- explicit_bzero(enc_config.keystr, SIZE);
+ if (cfg.keystr == strbuf)
+ explicit_bzero(cfg.keystr, SIZE);
else
- explicit_bzero(enc_config.keystr,
- strlen(enc_config.keystr));
+ explicit_bzero(cfg.keystr,
+ strlen(cfg.keystr));
}
- if (enc_config.hiv != NULL &&
- !set_hex(enc_config.hiv, iv, sizeof iv)) {
+ if (cfg.hiv != NULL &&
+ !set_hex(cfg.hiv, iv, sizeof iv)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
- if (enc_config.hiv == NULL && enc_config.keystr == NULL &&
- EVP_CIPHER_iv_length(enc_config.cipher) != 0) {
+ if (cfg.hiv == NULL && cfg.keystr == NULL &&
+ EVP_CIPHER_iv_length(cfg.cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if (enc_config.hkey != NULL &&
- !set_hex(enc_config.hkey, key, sizeof key)) {
+ if (cfg.hkey != NULL &&
+ !set_hex(cfg.hkey, key, sizeof key)) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
BIO_get_cipher_ctx(benc, &ctx);
- if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL,
- NULL, enc_config.enc)) {
+ if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL,
+ NULL, cfg.enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(enc_config.cipher));
+ EVP_CIPHER_name(cfg.cipher));
ERR_print_errors(bio_err);
goto end;
}
- if (enc_config.nopad)
+ if (cfg.nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv,
- enc_config.enc)) {
+ cfg.enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(enc_config.cipher));
+ EVP_CIPHER_name(cfg.cipher));
ERR_print_errors(bio_err);
goto end;
}
- if (enc_config.debug) {
+ if (cfg.debug) {
BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *) bio_err);
}
- if (enc_config.printkey) {
+ if (cfg.printkey) {
int key_len, iv_len;
- if (!enc_config.nosalt) {
+ if (!cfg.nosalt) {
printf("salt=");
for (i = 0; i < (int) sizeof(salt); i++)
printf("%02X", salt[i]);
printf("\n");
}
- key_len = EVP_CIPHER_key_length(enc_config.cipher);
+ key_len = EVP_CIPHER_key_length(cfg.cipher);
if (key_len > 0) {
printf("key=");
for (i = 0; i < key_len; i++)
printf("%02X", key[i]);
printf("\n");
}
- iv_len = EVP_CIPHER_iv_length(enc_config.cipher);
+ iv_len = EVP_CIPHER_iv_length(cfg.cipher);
if (iv_len > 0) {
printf("iv =");
for (i = 0; i < iv_len; i++)
printf("%02X", iv[i]);
printf("\n");
}
- if (enc_config.printkey == 2) {
+ if (cfg.printkey == 2) {
ret = 0;
goto end;
}
goto end;
}
ret = 0;
- if (enc_config.verbose) {
+ if (cfg.verbose) {
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
}
-/* $OpenBSD: errstr.c,v 1.9 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: errstr.c,v 1.10 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static struct {
int stats;
-} errstr_config;
+} cfg;
static const struct option errstr_options[] = {
{
.name = "stats",
.desc = "Print debugging statistics for the hash table",
.type = OPTION_FLAG,
- .opt.flag = &errstr_config.stats,
+ .opt.flag = &cfg.stats,
},
{ NULL },
};
exit(1);
}
- memset(&errstr_config, 0, sizeof(errstr_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) {
errstr_usage();
return (1);
}
- if (errstr_config.stats) {
+ if (cfg.stats) {
BIO *out;
if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) {
-/* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: gendh.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static struct {
int g;
char *outfile;
-} gendh_config;
+} cfg;
static const struct option gendh_options[] = {
{
"(default)",
.type = OPTION_VALUE,
.value = 2,
- .opt.value = &gendh_config.g,
+ .opt.value = &cfg.g,
},
{
.name = "5",
.desc = "Generate DH parameters with a generator value of 5",
.type = OPTION_VALUE,
.value = 5,
- .opt.value = &gendh_config.g,
+ .opt.value = &cfg.g,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &gendh_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{ NULL },
};
BN_GENCB_set(cb, dh_cb, bio_err);
- memset(&gendh_config, 0, sizeof(gendh_config));
+ memset(&cfg, 0, sizeof(cfg));
- gendh_config.g = 2;
+ cfg.g = 2;
if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) {
gendh_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (gendh_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, gendh_config.outfile) <= 0) {
- perror(gendh_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime,"
- " generator %d\n", numbits, gendh_config.g);
+ " generator %d\n", numbits, cfg.g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (((dh = DH_new()) == NULL) ||
- !DH_generate_parameters_ex(dh, numbits, gendh_config.g, cb))
+ !DH_generate_parameters_ex(dh, numbits, cfg.g, cb))
goto end;
if (!PEM_write_bio_DHparams(out, dh))
-/* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: gendsa.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
const EVP_CIPHER *enc;
char *outfile;
char *passargout;
-} gendsa_config;
+} cfg;
static const EVP_CIPHER *get_cipher_by_name(char *name)
{
if (*name++ != '-')
return (1);
- if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL)
+ if ((cfg.enc = get_cipher_by_name(name)) == NULL)
return (1);
*argsused = 1;
.argname = "file",
.desc = "Output the key to 'file'",
.type = OPTION_ARG,
- .opt.arg = &gendsa_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passout",
.argname = "src",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &gendsa_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{ NULL },
};
exit(1);
}
- memset(&gendsa_config, 0, sizeof(gendsa_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) {
gendsa_usage();
gendsa_usage();
goto end;
}
- if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL,
+ if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
&passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
if (out == NULL)
goto end;
- if (gendsa_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, gendsa_config.outfile) <= 0) {
- perror(gendsa_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
if (!DSA_generate_key(dsa))
goto end;
- if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0,
+ if (!PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, NULL, 0,
NULL, passout))
goto end;
ret = 0;
-/* $OpenBSD: genpkey.c,v 1.15 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: genpkey.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
int outformat;
char *passarg;
int text;
-} genpkey_config;
+} cfg;
static int
genpkey_opt_algorithm(char *arg)
{
- if (!init_gen_str(bio_err, genpkey_config.ctx, arg,
- genpkey_config.do_param))
+ if (!init_gen_str(bio_err, cfg.ctx, arg,
+ cfg.do_param))
return (1);
return (0);
if (*name++ != '-')
return (1);
- if (genpkey_config.do_param == 1)
+ if (cfg.do_param == 1)
return (1);
if (strcmp(name, "none") == 0) {
- genpkey_config.cipher = NULL;
+ cfg.cipher = NULL;
*argsused = 1;
return (0);
}
- if ((genpkey_config.cipher = EVP_get_cipherbyname(name)) != NULL) {
+ if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) {
*argsused = 1;
return (0);
}
static int
genpkey_opt_paramfile(char *arg)
{
- if (genpkey_config.do_param == 1)
+ if (cfg.do_param == 1)
return (1);
- if (!init_keygen_file(bio_err, genpkey_config.ctx, arg))
+ if (!init_keygen_file(bio_err, cfg.ctx, arg))
return (1);
return (0);
static int
genpkey_opt_pkeyopt(char *arg)
{
- if (*genpkey_config.ctx == NULL) {
+ if (*cfg.ctx == NULL) {
BIO_puts(bio_err, "No keytype specified\n");
return (1);
}
- if (pkey_ctrl_string(*genpkey_config.ctx, arg) <= 0) {
+ if (pkey_ctrl_string(*cfg.ctx, arg) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
return (1);
.name = "genparam",
.desc = "Generate a set of parameters instead of a private key",
.type = OPTION_FLAG,
- .opt.flag = &genpkey_config.do_param,
+ .opt.flag = &cfg.do_param,
},
{
.name = "out",
.argname = "file",
.desc = "Output file to write to (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &genpkey_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &genpkey_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "paramfile",
.argname = "arg",
.desc = "Output file password source",
.type = OPTION_ARG,
- .opt.arg = &genpkey_config.passarg,
+ .opt.arg = &cfg.passarg,
},
{
.name = "pkeyopt",
.name = "text",
.desc = "Print the private/public key in human readable form",
.type = OPTION_FLAG,
- .opt.flag = &genpkey_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = NULL,
exit(1);
}
- memset(&genpkey_config, 0, sizeof(genpkey_config));
- genpkey_config.ctx = &ctx;
- genpkey_config.outformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.ctx = &ctx;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) {
genpkey_usage();
goto end;
}
- if (!app_passwd(bio_err, genpkey_config.passarg, NULL, &pass, NULL)) {
+ if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
- if (genpkey_config.outfile != NULL) {
- if ((out = BIO_new_file(genpkey_config.outfile, "wb")) ==
+ if (cfg.outfile != NULL) {
+ if ((out = BIO_new_file(cfg.outfile, "wb")) ==
NULL) {
BIO_printf(bio_err, "Can't open output file %s\n",
- genpkey_config.outfile);
+ cfg.outfile);
goto end;
}
} else {
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
- if (genpkey_config.do_param) {
+ if (cfg.do_param) {
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
}
}
- if (genpkey_config.do_param)
+ if (cfg.do_param)
rv = PEM_write_bio_Parameters(out, pkey);
- else if (genpkey_config.outformat == FORMAT_PEM)
- rv = PEM_write_bio_PrivateKey(out, pkey, genpkey_config.cipher,
+ else if (cfg.outformat == FORMAT_PEM)
+ rv = PEM_write_bio_PrivateKey(out, pkey, cfg.cipher,
NULL, 0, NULL, pass);
- else if (genpkey_config.outformat == FORMAT_ASN1)
+ else if (cfg.outformat == FORMAT_ASN1)
rv = i2d_PrivateKey_bio(out, pkey);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
- if (genpkey_config.text) {
- if (genpkey_config.do_param)
+ if (cfg.text) {
+ if (cfg.do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
-/* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
unsigned long f4;
char *outfile;
char *passargout;
-} genrsa_config;
+} cfg;
static int
set_public_exponent(int argc, char **argv, int *argsused)
char *option = argv[0];
if (strcmp(option, "-3") == 0)
- genrsa_config.f4 = 3;
+ cfg.f4 = 3;
else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0)
- genrsa_config.f4 = RSA_F4;
+ cfg.f4 = RSA_F4;
else
return (1);
if (*name++ != '-')
return (1);
- if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL)
+ if ((cfg.enc = get_cipher_by_name(name)) == NULL)
return (1);
*argsused = 1;
.argname = "file",
.desc = "Output the key to 'file'",
.type = OPTION_ARG,
- .opt.arg = &genrsa_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passout",
.argname = "arg",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &genrsa_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{ NULL },
};
goto err;
}
- memset(&genrsa_config, 0, sizeof(genrsa_config));
- genrsa_config.f4 = RSA_F4;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.f4 = RSA_F4;
if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
genrsa_usage();
goto err;
}
- if (!app_passwd(bio_err, NULL, genrsa_config.passargout, NULL,
+ if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
&passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
- if (genrsa_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, genrsa_config.outfile) <= 0) {
- perror(genrsa_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto err;
}
}
if (!rsa)
goto err;
- if (!BN_set_word(bn, genrsa_config.f4) ||
+ if (!BN_set_word(bn, cfg.f4) ||
!RSA_generate_key_ex(rsa, num, bn, cb))
goto err;
{
PW_CB_DATA cb_data;
cb_data.password = passout;
- cb_data.prompt_info = genrsa_config.outfile;
- if (!PEM_write_bio_RSAPrivateKey(out, rsa, genrsa_config.enc,
+ cb_data.prompt_info = cfg.outfile;
+ if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc,
NULL, 0, password_callback, &cb_data))
goto err;
}
-/* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: nseq.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
char *infile;
char *outfile;
int toseq;
-} nseq_config;
+} cfg;
static const struct option nseq_options[] = {
{
.argname = "file",
.desc = "Input file to read from (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &nseq_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "out",
.argname = "file",
.desc = "Output file to write to (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &nseq_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "toseq",
.desc = "Convert certificates to Netscape certificate sequence",
.type = OPTION_FLAG,
- .opt.flag = &nseq_config.toseq,
+ .opt.flag = &cfg.toseq,
},
{ NULL },
};
exit(1);
}
- memset(&nseq_config, 0, sizeof(nseq_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) {
nseq_usage();
return (1);
}
- if (nseq_config.infile) {
- if (!(in = BIO_new_file(nseq_config.infile, "r"))) {
+ if (cfg.infile) {
+ if (!(in = BIO_new_file(cfg.infile, "r"))) {
BIO_printf(bio_err,
- "Can't open input file %s\n", nseq_config.infile);
+ "Can't open input file %s\n", cfg.infile);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (nseq_config.outfile) {
- if (!(out = BIO_new_file(nseq_config.outfile, "w"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "w"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", nseq_config.outfile);
+ "Can't open output file %s\n", cfg.outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (nseq_config.toseq) {
+ if (cfg.toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new_null();
while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs, x509);
if (!sk_X509_num(seq->certs)) {
- BIO_printf(bio_err, "Error reading certs file %s\n", nseq_config.infile);
+ BIO_printf(bio_err, "Error reading certs file %s\n", cfg.infile);
ERR_print_errors(bio_err);
goto end;
}
goto end;
}
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
- BIO_printf(bio_err, "Error reading sequence file %s\n", nseq_config.infile);
+ BIO_printf(bio_err, "Error reading sequence file %s\n", cfg.infile);
ERR_print_errors(bio_err);
goto end;
}
-/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
int use_ssl;
char *verify_certfile;
unsigned long verify_flags;
-} ocsp_config;
+} cfg;
static int
ocsp_opt_cert(char *arg)
{
- X509_free(ocsp_config.cert);
- ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
+ X509_free(cfg.cert);
+ cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
"certificate");
- if (ocsp_config.cert == NULL) {
- ocsp_config.no_usage = 1;
+ if (cfg.cert == NULL) {
+ cfg.no_usage = 1;
return (1);
}
- if (ocsp_config.cert_id_md == NULL)
- ocsp_config.cert_id_md = EVP_sha1();
- if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert,
- ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) {
- ocsp_config.no_usage = 1;
+ if (cfg.cert_id_md == NULL)
+ cfg.cert_id_md = EVP_sha1();
+ if (!add_ocsp_cert(&cfg.req, cfg.cert,
+ cfg.cert_id_md, cfg.issuer, cfg.ids)) {
+ cfg.no_usage = 1;
return (1);
}
- if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) {
- ocsp_config.no_usage = 1;
+ if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
+ cfg.no_usage = 1;
return (1);
}
return (0);
if (*name++ != '-')
return (1);
- if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL)
+ if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL)
return (1);
*argsused = 1;
if (argc < 3 || argv[1] == NULL || argv[2] == NULL)
return (1);
- if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) {
- ocsp_config.no_usage = 1;
+ if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) {
+ cfg.no_usage = 1;
return (1);
}
static int
ocsp_opt_host(char *arg)
{
- if (ocsp_config.use_ssl != -1)
+ if (cfg.use_ssl != -1)
return (1);
- ocsp_config.host = arg;
+ cfg.host = arg;
return (0);
}
static int
ocsp_opt_issuer(char *arg)
{
- X509_free(ocsp_config.issuer);
- ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL,
+ X509_free(cfg.issuer);
+ cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL,
"issuer certificate");
- if (ocsp_config.issuer == NULL) {
- ocsp_config.no_usage = 1;
+ if (cfg.issuer == NULL) {
+ cfg.no_usage = 1;
return (1);
}
return (0);
{
const char *errstr = NULL;
- ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr);
+ cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal update period %s: %s\n",
arg, errstr);
{
const char *errstr = NULL;
- ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr);
+ cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal update period %s: %s\n",
arg, errstr);
return (1);
}
- if (ocsp_config.ndays != -1)
+ if (cfg.ndays != -1)
return (1);
- ocsp_config.ndays = 0;
+ cfg.ndays = 0;
return (0);
}
{
const char *errstr = NULL;
- ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr);
+ cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal accept count %s: %s\n",
arg, errstr);
static int
ocsp_opt_port(char *arg)
{
- if (ocsp_config.use_ssl != -1)
+ if (cfg.use_ssl != -1)
return (1);
- ocsp_config.port = arg;
+ cfg.port = arg;
return (0);
}
static int
ocsp_opt_serial(char *arg)
{
- if (ocsp_config.cert_id_md == NULL)
- ocsp_config.cert_id_md = EVP_sha1();
- if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md,
- ocsp_config.issuer, ocsp_config.ids)) {
- ocsp_config.no_usage = 1;
+ if (cfg.cert_id_md == NULL)
+ cfg.cert_id_md = EVP_sha1();
+ if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md,
+ cfg.issuer, cfg.ids)) {
+ cfg.no_usage = 1;
return (1);
}
- if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) {
- ocsp_config.no_usage = 1;
+ if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) {
+ cfg.no_usage = 1;
return (1);
}
return (0);
{
const char *errstr = NULL;
- ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr);
+ cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal validity age %s: %s\n",
arg, errstr);
static int
ocsp_opt_text(void)
{
- ocsp_config.req_text = 1;
- ocsp_config.resp_text = 1;
+ cfg.req_text = 1;
+ cfg.resp_text = 1;
return (0);
}
{
const char *errstr = NULL;
- ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr);
+ cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal timeout value %s: %s\n",
arg, errstr);
static int
ocsp_opt_url(char *arg)
{
- if (ocsp_config.host == NULL && ocsp_config.port == NULL &&
- ocsp_config.path == NULL) {
- if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port,
- &ocsp_config.path, &ocsp_config.use_ssl)) {
+ if (cfg.host == NULL && cfg.port == NULL &&
+ cfg.path == NULL) {
+ if (!OCSP_parse_url(arg, &cfg.host, &cfg.port,
+ &cfg.path, &cfg.use_ssl)) {
BIO_printf(bio_err, "Error parsing URL\n");
return (1);
}
static int
ocsp_opt_vafile(char *arg)
{
- ocsp_config.verify_certfile = arg;
- ocsp_config.verify_flags |= OCSP_TRUSTOTHER;
+ cfg.verify_certfile = arg;
+ cfg.verify_flags |= OCSP_TRUSTOTHER;
return (0);
}
{
const char *errstr = NULL;
- ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr);
+ cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "Illegal validity period %s: %s\n",
arg, errstr);
.argname = "file",
.desc = "CA certificate corresponding to the revocation information",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.rca_filename,
+ .opt.arg = &cfg.rca_filename,
},
{
.name = "CAfile",
.argname = "file",
.desc = "Trusted certificates file",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "directory",
.desc = "Trusted certificates directory",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "cert",
.name = "ignore_err",
.desc = "Ignore the invalid response",
.type = OPTION_FLAG,
- .opt.flag = &ocsp_config.ignore_err,
+ .opt.flag = &cfg.ignore_err,
},
{
.name = "index",
.argname = "indexfile",
.desc = "Certificate status index file",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.ridx_filename,
+ .opt.arg = &cfg.ridx_filename,
},
{
.name = "issuer",
.name = "no_cert_checks",
.desc = "Don't do additional checks on signing certificate",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOCHECKS,
},
{
.name = "no_cert_verify",
.desc = "Don't check signing certificate",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOVERIFY,
},
{
.name = "no_certs",
.desc = "Don't include any certificates in signed request",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.sign_flags,
+ .opt.ulvalue = &cfg.sign_flags,
.ulvalue = OCSP_NOCERTS,
},
{
.name = "no_chain",
.desc = "Don't use certificates in the response",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOCHAIN,
},
{
.name = "no_explicit",
.desc = "Don't check the explicit trust for OCSP signing",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOEXPLICIT,
},
{
.name = "no_intern",
.desc = "Don't search certificates contained in response for signer",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOINTERN,
},
{
.name = "no_nonce",
.desc = "Don't add OCSP nonce to request",
.type = OPTION_VALUE,
- .opt.value = &ocsp_config.add_nonce,
+ .opt.value = &cfg.add_nonce,
.value = 0,
},
{
.name = "no_signature_verify",
.desc = "Don't check signature on response",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_NOSIGS,
},
{
.name = "nonce",
.desc = "Add OCSP nonce to request",
.type = OPTION_VALUE,
- .opt.value = &ocsp_config.add_nonce,
+ .opt.value = &cfg.add_nonce,
.value = 2,
},
{
.name = "noverify",
.desc = "Don't verify response at all",
.type = OPTION_FLAG,
- .opt.flag = &ocsp_config.noverify,
+ .opt.flag = &cfg.noverify,
},
{
.name = "nrequest",
.argname = "file",
.desc = "Output filename",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "path",
.argname = "path",
.desc = "Path to use in OCSP request",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.path,
+ .opt.arg = &cfg.path,
},
{
.name = "port",
.name = "req_text",
.desc = "Print text form of request",
.type = OPTION_FLAG,
- .opt.flag = &ocsp_config.req_text,
+ .opt.flag = &cfg.req_text,
},
{
.name = "reqin",
.argname = "file",
.desc = "Read DER encoded OCSP request from \"file\"",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.reqin,
+ .opt.arg = &cfg.reqin,
},
{
.name = "reqout",
.argname = "file",
.desc = "Write DER encoded OCSP request to \"file\"",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.reqout,
+ .opt.arg = &cfg.reqout,
},
{
.name = "resp_key_id",
.desc = "Identify response by signing certificate key ID",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.rflags,
+ .opt.ulvalue = &cfg.rflags,
.ulvalue = OCSP_RESPID_KEY,
},
{
.name = "resp_no_certs",
.desc = "Don't include any certificates in response",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.rflags,
+ .opt.ulvalue = &cfg.rflags,
.ulvalue = OCSP_NOCERTS,
},
{
.name = "resp_text",
.desc = "Print text form of response",
.type = OPTION_FLAG,
- .opt.flag = &ocsp_config.resp_text,
+ .opt.flag = &cfg.resp_text,
},
{
.name = "respin",
.argname = "file",
.desc = "Read DER encoded OCSP response from \"file\"",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.respin,
+ .opt.arg = &cfg.respin,
},
{
.name = "respout",
.argname = "file",
.desc = "Write DER encoded OCSP response to \"file\"",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.respout,
+ .opt.arg = &cfg.respout,
},
{
.name = "rkey",
.argname = "file",
.desc = "Responder key to sign responses with",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.rkeyfile,
+ .opt.arg = &cfg.rkeyfile,
},
{
.name = "rother",
.argname = "file",
.desc = "Other certificates to include in response",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.rcertfile,
+ .opt.arg = &cfg.rcertfile,
},
{
.name = "rsigner",
.argname = "file",
.desc = "Responder certificate to sign responses with",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.rsignfile,
+ .opt.arg = &cfg.rsignfile,
},
{
.name = "serial",
.argname = "file",
.desc = "Additional certificates to include in signed request",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.sign_certfile,
+ .opt.arg = &cfg.sign_certfile,
},
{
.name = "signer",
.argname = "file",
.desc = "Certificate to sign OCSP request with",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.signfile,
+ .opt.arg = &cfg.signfile,
},
{
.name = "signkey",
.argname = "file",
.desc = "Private key to sign OCSP request with",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "status_age",
.name = "trust_other",
.desc = "Don't verify additional certificates",
.type = OPTION_UL_VALUE_OR,
- .opt.ulvalue = &ocsp_config.verify_flags,
+ .opt.ulvalue = &cfg.verify_flags,
.ulvalue = OCSP_TRUSTOTHER,
},
{
.argname = "file",
.desc = "Additional certificates to search for signer",
.type = OPTION_ARG,
- .opt.arg = &ocsp_config.verify_certfile,
+ .opt.arg = &cfg.verify_certfile,
},
{
.name = NULL,
exit(1);
}
- memset(&ocsp_config, 0, sizeof(ocsp_config));
- ocsp_config.accept_count = -1;
- ocsp_config.add_nonce = 1;
- if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL)
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.accept_count = -1;
+ cfg.add_nonce = 1;
+ if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL)
goto end;
- ocsp_config.maxage = -1;
- ocsp_config.ndays = -1;
- ocsp_config.nsec = MAX_VALIDITY_PERIOD;
- ocsp_config.req_timeout = -1;
- if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL)
+ cfg.maxage = -1;
+ cfg.ndays = -1;
+ cfg.nsec = MAX_VALIDITY_PERIOD;
+ cfg.req_timeout = -1;
+ if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- ocsp_config.use_ssl = -1;
+ cfg.use_ssl = -1;
if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) {
- if (ocsp_config.no_usage)
+ if (cfg.no_usage)
goto end;
else
badarg = 1;
}
/* Have we anything to do? */
- if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin &&
- !(ocsp_config.port && ocsp_config.ridx_filename))
+ if (!cfg.req && !cfg.reqin && !cfg.respin &&
+ !(cfg.port && cfg.ridx_filename))
badarg = 1;
if (badarg) {
ocsp_usage();
goto end;
}
- if (ocsp_config.outfile)
- out = BIO_new_file(ocsp_config.outfile, "w");
+ if (cfg.outfile)
+ out = BIO_new_file(cfg.outfile, "w");
else
out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_printf(bio_err, "Error opening output file\n");
goto end;
}
- if (!ocsp_config.req && (ocsp_config.add_nonce != 2))
- ocsp_config.add_nonce = 0;
+ if (!cfg.req && (cfg.add_nonce != 2))
+ cfg.add_nonce = 0;
- if (!ocsp_config.req && ocsp_config.reqin) {
- derbio = BIO_new_file(ocsp_config.reqin, "rb");
+ if (!cfg.req && cfg.reqin) {
+ derbio = BIO_new_file(cfg.reqin, "rb");
if (!derbio) {
BIO_printf(bio_err,
"Error Opening OCSP request file\n");
goto end;
}
- ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+ cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL);
BIO_free(derbio);
- if (!ocsp_config.req) {
+ if (!cfg.req) {
BIO_printf(bio_err, "Error reading OCSP request\n");
goto end;
}
}
- if (!ocsp_config.req && ocsp_config.port) {
- acbio = init_responder(ocsp_config.port);
+ if (!cfg.req && cfg.port) {
+ acbio = init_responder(cfg.port);
if (!acbio)
goto end;
}
- if (ocsp_config.rsignfile && !rdb) {
- if (!ocsp_config.rkeyfile)
- ocsp_config.rkeyfile = ocsp_config.rsignfile;
- rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM,
+ if (cfg.rsignfile && !rdb) {
+ if (!cfg.rkeyfile)
+ cfg.rkeyfile = cfg.rsignfile;
+ rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM,
NULL, "responder certificate");
if (!rsigner) {
BIO_printf(bio_err,
"Error loading responder certificate\n");
goto end;
}
- rca_cert = load_cert(bio_err, ocsp_config.rca_filename,
+ rca_cert = load_cert(bio_err, cfg.rca_filename,
FORMAT_PEM, NULL, "CA certificate");
- if (ocsp_config.rcertfile) {
- rother = load_certs(bio_err, ocsp_config.rcertfile,
+ if (cfg.rcertfile) {
+ rother = load_certs(bio_err, cfg.rcertfile,
FORMAT_PEM, NULL, "responder other certificates");
if (!rother)
goto end;
}
- rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0,
+ rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0,
NULL, "responder private key");
if (!rkey)
goto end;
redo_accept:
if (acbio) {
- if (!do_responder(&ocsp_config.req, &cbio, acbio,
- ocsp_config.port))
+ if (!do_responder(&cfg.req, &cbio, acbio,
+ cfg.port))
goto end;
- if (!ocsp_config.req) {
+ if (!cfg.req) {
resp = OCSP_response_create(
OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
send_ocsp_response(cbio, resp);
goto done_resp;
}
}
- if (!ocsp_config.req &&
- (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host ||
- ocsp_config.add_nonce || ocsp_config.ridx_filename)) {
+ if (!cfg.req &&
+ (cfg.signfile || cfg.reqout || cfg.host ||
+ cfg.add_nonce || cfg.ridx_filename)) {
BIO_printf(bio_err,
"Need an OCSP request for this operation!\n");
goto end;
}
- if (ocsp_config.req && ocsp_config.add_nonce)
- OCSP_request_add1_nonce(ocsp_config.req, NULL, -1);
+ if (cfg.req && cfg.add_nonce)
+ OCSP_request_add1_nonce(cfg.req, NULL, -1);
- if (ocsp_config.signfile) {
- if (!ocsp_config.keyfile)
- ocsp_config.keyfile = ocsp_config.signfile;
- signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM,
+ if (cfg.signfile) {
+ if (!cfg.keyfile)
+ cfg.keyfile = cfg.signfile;
+ signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM,
NULL, "signer certificate");
if (!signer) {
BIO_printf(bio_err,
"Error loading signer certificate\n");
goto end;
}
- if (ocsp_config.sign_certfile) {
+ if (cfg.sign_certfile) {
sign_other = load_certs(bio_err,
- ocsp_config.sign_certfile, FORMAT_PEM, NULL,
+ cfg.sign_certfile, FORMAT_PEM, NULL,
"signer certificates");
if (!sign_other)
goto end;
}
- key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0,
+ key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0,
NULL, "signer private key");
if (!key)
goto end;
- if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL,
- sign_other, ocsp_config.sign_flags)) {
+ if (!OCSP_request_sign(cfg.req, signer, key, NULL,
+ sign_other, cfg.sign_flags)) {
BIO_printf(bio_err, "Error signing OCSP request\n");
goto end;
}
}
- if (ocsp_config.req_text && ocsp_config.req)
- OCSP_REQUEST_print(out, ocsp_config.req, 0);
+ if (cfg.req_text && cfg.req)
+ OCSP_REQUEST_print(out, cfg.req, 0);
- if (ocsp_config.reqout) {
- derbio = BIO_new_file(ocsp_config.reqout, "wb");
+ if (cfg.reqout) {
+ derbio = BIO_new_file(cfg.reqout, "wb");
if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n",
- ocsp_config.reqout);
+ cfg.reqout);
goto end;
}
- i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req);
+ i2d_OCSP_REQUEST_bio(derbio, cfg.req);
BIO_free(derbio);
}
- if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) {
+ if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) {
BIO_printf(bio_err,
"Need a responder certificate, key and CA for this operation!\n");
goto end;
}
- if (ocsp_config.ridx_filename && !rdb) {
- rdb = load_index(ocsp_config.ridx_filename, NULL);
+ if (cfg.ridx_filename && !rdb) {
+ rdb = load_index(cfg.ridx_filename, NULL);
if (!rdb)
goto end;
if (!index_index(rdb))
goto end;
}
if (rdb) {
- i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert,
- rsigner, rkey, rother, ocsp_config.rflags,
- ocsp_config.nmin, ocsp_config.ndays);
+ i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert,
+ rsigner, rkey, rother, cfg.rflags,
+ cfg.nmin, cfg.ndays);
if (cbio)
send_ocsp_response(cbio, resp);
- } else if (ocsp_config.host) {
- resp = process_responder(bio_err, ocsp_config.req,
- ocsp_config.host,
- ocsp_config.path ? ocsp_config.path : "/",
- ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers,
- ocsp_config.req_timeout);
+ } else if (cfg.host) {
+ resp = process_responder(bio_err, cfg.req,
+ cfg.host,
+ cfg.path ? cfg.path : "/",
+ cfg.port, cfg.use_ssl, cfg.headers,
+ cfg.req_timeout);
if (!resp)
goto end;
- } else if (ocsp_config.respin) {
- derbio = BIO_new_file(ocsp_config.respin, "rb");
+ } else if (cfg.respin) {
+ derbio = BIO_new_file(cfg.respin, "rb");
if (!derbio) {
BIO_printf(bio_err,
"Error Opening OCSP response file\n");
done_resp:
- if (ocsp_config.respout) {
- derbio = BIO_new_file(ocsp_config.respout, "wb");
+ if (cfg.respout) {
+ derbio = BIO_new_file(cfg.respout, "wb");
if (!derbio) {
BIO_printf(bio_err, "Error opening file %s\n",
- ocsp_config.respout);
+ cfg.respout);
goto end;
}
i2d_OCSP_RESPONSE_bio(derbio, resp);
if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
BIO_printf(bio_err, "Responder Error: %s (%d)\n",
OCSP_response_status_str(i), i);
- if (ocsp_config.ignore_err)
+ if (cfg.ignore_err)
goto redo_accept;
ret = 1;
goto end;
}
- if (ocsp_config.resp_text)
+ if (cfg.resp_text)
OCSP_RESPONSE_print(out, resp, 0);
/* If running as responder don't verify our own response */
if (cbio) {
- if (ocsp_config.accept_count > 0)
- ocsp_config.accept_count--;
+ if (cfg.accept_count > 0)
+ cfg.accept_count--;
/* Redo if more connections needed */
- if (ocsp_config.accept_count) {
+ if (cfg.accept_count) {
BIO_free_all(cbio);
cbio = NULL;
- OCSP_REQUEST_free(ocsp_config.req);
- ocsp_config.req = NULL;
+ OCSP_REQUEST_free(cfg.req);
+ cfg.req = NULL;
OCSP_RESPONSE_free(resp);
resp = NULL;
goto redo_accept;
goto end;
}
if (!store)
- store = setup_verify(bio_err, ocsp_config.CAfile,
- ocsp_config.CApath);
+ store = setup_verify(bio_err, cfg.CAfile,
+ cfg.CApath);
if (!store)
goto end;
- if (ocsp_config.verify_certfile) {
- verify_other = load_certs(bio_err, ocsp_config.verify_certfile,
+ if (cfg.verify_certfile) {
+ verify_other = load_certs(bio_err, cfg.verify_certfile,
FORMAT_PEM, NULL, "validator certificate");
if (!verify_other)
goto end;
BIO_printf(bio_err, "Error parsing response\n");
goto end;
}
- if (!ocsp_config.noverify) {
- if (ocsp_config.req &&
- ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) {
+ if (!cfg.noverify) {
+ if (cfg.req &&
+ ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) {
if (i == -1) {
BIO_printf(bio_err,
"WARNING: no nonce in response\n");
}
}
i = OCSP_basic_verify(bs, verify_other, store,
- ocsp_config.verify_flags);
+ cfg.verify_flags);
if (i < 0)
i = OCSP_basic_verify(bs, NULL, store, 0);
BIO_printf(bio_err, "Response verify OK\n");
}
}
- if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames,
- ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage))
+ if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames,
+ cfg.ids, cfg.nsec, cfg.maxage))
goto end;
ret = 0;
X509_STORE_free(store);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
- X509_free(ocsp_config.issuer);
- X509_free(ocsp_config.cert);
+ X509_free(cfg.issuer);
+ X509_free(cfg.cert);
X509_free(rsigner);
X509_free(rca_cert);
free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
BIO_free(out);
- OCSP_REQUEST_free(ocsp_config.req);
+ OCSP_REQUEST_free(cfg.req);
OCSP_RESPONSE_free(resp);
OCSP_BASICRESP_free(bs);
- sk_OPENSSL_STRING_free(ocsp_config.reqnames);
- sk_OCSP_CERTID_free(ocsp_config.ids);
+ sk_OPENSSL_STRING_free(cfg.reqnames);
+ sk_OCSP_CERTID_free(cfg.ids);
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
- sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free);
+ sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free);
- if (ocsp_config.use_ssl != -1) {
- free(ocsp_config.host);
- free(ocsp_config.port);
- free(ocsp_config.path);
+ if (cfg.use_ssl != -1) {
+ free(cfg.host);
+ free(cfg.port);
+ free(cfg.path);
}
return (ret);
}
-/* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: passwd.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
#if defined OPENSSL_NO_MD5
#define NO_MD5CRYPT_1
int use1;
int useapr1;
int usecrypt;
-} passwd_config;
+} cfg;
static const struct option passwd_options[] = {
#ifndef NO_MD5CRYPT_1
.name = "1",
.desc = "Use MD5 based BSD password algorithm 1",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.use1,
+ .opt.flag = &cfg.use1,
},
{
.name = "apr1",
.desc = "Use apr1 algorithm (Apache variant of BSD algorithm)",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.useapr1,
+ .opt.flag = &cfg.useapr1,
},
#endif
#ifndef OPENSSL_NO_DES
.name = "crypt",
.desc = "Use crypt algorithm (default)",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.usecrypt,
+ .opt.flag = &cfg.usecrypt,
},
#endif
{
.argname = "file",
.desc = "Read passwords from specified file",
.type = OPTION_ARG,
- .opt.arg = &passwd_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "noverify",
.desc = "Do not verify password",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.noverify,
+ .opt.flag = &cfg.noverify,
},
{
.name = "quiet",
.desc = "Do not output warnings",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.quiet,
+ .opt.flag = &cfg.quiet,
},
{
.name = "reverse",
.desc = "Reverse table columns (requires -table)",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.reverse,
+ .opt.flag = &cfg.reverse,
},
{
.name = "salt",
.argname = "string",
.desc = "Use specified salt",
.type = OPTION_ARG,
- .opt.arg = &passwd_config.salt,
+ .opt.arg = &cfg.salt,
},
{
.name = "stdin",
.desc = "Read passwords from stdin",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.in_stdin,
+ .opt.flag = &cfg.in_stdin,
},
{
.name = "table",
.desc = "Output cleartext and hashed passwords (tab separated)",
.type = OPTION_FLAG,
- .opt.flag = &passwd_config.table,
+ .opt.flag = &cfg.table,
},
{ NULL },
};
exit(1);
}
- memset(&passwd_config, 0, sizeof(passwd_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) {
passwd_usage();
if (argsused < argc)
passwds = &argv[argsused];
- if (passwd_config.salt != NULL)
+ if (cfg.salt != NULL)
passed_salt = 1;
- if (!passwd_config.usecrypt && !passwd_config.use1 &&
- !passwd_config.useapr1)
- passwd_config.usecrypt = 1; /* use default */
- if (passwd_config.usecrypt + passwd_config.use1 +
- passwd_config.useapr1 > 1)
+ if (!cfg.usecrypt && !cfg.use1 &&
+ !cfg.useapr1)
+ cfg.usecrypt = 1; /* use default */
+ if (cfg.usecrypt + cfg.use1 +
+ cfg.useapr1 > 1)
badopt = 1; /* conflicting options */
/* Reject unsupported algorithms */
#ifdef OPENSSL_NO_DES
- if (passwd_config.usecrypt)
+ if (cfg.usecrypt)
badopt = 1;
#endif
#ifdef NO_MD5CRYPT_1
- if (passwd_config.use1 || passwd_config.useapr1)
+ if (cfg.use1 || cfg.useapr1)
badopt = 1;
#endif
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
- if (passwd_config.infile != NULL || passwd_config.in_stdin) {
+ if (cfg.infile != NULL || cfg.in_stdin) {
if ((in = BIO_new(BIO_s_file())) == NULL)
goto err;
- if (passwd_config.infile != NULL) {
- assert(passwd_config.in_stdin == 0);
- if (BIO_read_filename(in, passwd_config.infile) <= 0)
+ if (cfg.infile != NULL) {
+ assert(cfg.in_stdin == 0);
+ if (BIO_read_filename(in, cfg.infile) <= 0)
goto err;
} else {
- assert(passwd_config.in_stdin);
+ assert(cfg.in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
}
}
- if (passwd_config.usecrypt)
+ if (cfg.usecrypt)
pw_maxlen = 8;
- else if (passwd_config.use1 || passwd_config.useapr1)
+ else if (cfg.use1 || cfg.useapr1)
pw_maxlen = 256;/* arbitrary limit, should be enough for most
* passwords */
if (in == NULL)
if (EVP_read_pw_string(passwd_malloc,
passwd_malloc_size, "Password: ",
- !(passed_salt || passwd_config.noverify)) != 0)
+ !(passed_salt || cfg.noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
}
do { /* loop over list of passwords */
passwd = *passwds++;
- if (!do_passwd(passed_salt, &passwd_config.salt,
- &salt_malloc, passwd, out, passwd_config.quiet,
- passwd_config.table, passwd_config.reverse,
- pw_maxlen, passwd_config.usecrypt,
- passwd_config.use1, passwd_config.useapr1))
+ if (!do_passwd(passed_salt, &cfg.salt,
+ &salt_malloc, passwd, out, cfg.quiet,
+ cfg.table, cfg.reverse,
+ pw_maxlen, cfg.usecrypt,
+ cfg.use1, cfg.useapr1))
goto err;
} while (*passwds != NULL);
} else {
while ((r > 0) && (!strchr(trash, '\n')));
}
- if (!do_passwd(passed_salt, &passwd_config.salt,
+ if (!do_passwd(passed_salt, &cfg.salt,
&salt_malloc, passwd, out,
- passwd_config.quiet, passwd_config.table,
- passwd_config.reverse, pw_maxlen,
- passwd_config.usecrypt, passwd_config.use1,
- passwd_config.useapr1))
+ cfg.quiet, cfg.table,
+ cfg.reverse, pw_maxlen,
+ cfg.usecrypt, cfg.use1,
+ cfg.useapr1))
goto err;
}
done = (r <= 0);
-/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
char *passargin;
char *passargout;
int twopass;
-} pkcs12_config;
+} cfg;
static int
pkcs12_opt_canames(char *arg)
{
- if (pkcs12_config.canames == NULL &&
- (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.canames == NULL &&
+ (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.canames, arg))
return (1);
return (0);
static int
pkcs12_opt_cert_pbe(char *arg)
{
- return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg));
+ return (!set_pbe(bio_err, &cfg.cert_pbe, arg));
}
static int
pkcs12_opt_key_pbe(char *arg)
{
- return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg));
+ return (!set_pbe(bio_err, &cfg.key_pbe, arg));
}
static int
pkcs12_opt_passarg(char *arg)
{
- pkcs12_config.passarg = arg;
- pkcs12_config.noprompt = 1;
+ cfg.passarg = arg;
+ cfg.noprompt = 1;
return (0);
}
return (1);
if (strcmp(name, "nodes") == 0)
- pkcs12_config.enc = NULL;
- else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL)
+ cfg.enc = NULL;
+ else if ((cfg.enc = get_cipher_by_name(name)) == NULL)
return (1);
*argsused = 1;
.name = "cacerts",
.desc = "Only output CA certificates",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = CACERTS,
},
{
.argname = "file",
.desc = "PEM format file of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "caname",
.argname = "directory",
.desc = "PEM format directory of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "certfile",
.argname = "file",
.desc = "Add all certs in file",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.certfile,
+ .opt.arg = &cfg.certfile,
},
{
.name = "certpbe",
.name = "chain",
.desc = "Add certificate chain",
.type = OPTION_FLAG,
- .opt.flag = &pkcs12_config.chain,
+ .opt.flag = &cfg.chain,
},
{
.name = "clcerts",
.desc = "Only output client certificates",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = CLCERTS,
},
{
.argname = "name",
.desc = "Microsoft CSP name",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.csp_name,
+ .opt.arg = &cfg.csp_name,
},
{
.name = "descert",
.desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.cert_pbe,
+ .opt.value = &cfg.cert_pbe,
.value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
},
{
.name = "export",
.desc = "Output PKCS#12 file",
.type = OPTION_FLAG,
- .opt.flag = &pkcs12_config.export_cert,
+ .opt.flag = &cfg.export_cert,
},
{
.name = "in",
.argname = "file",
.desc = "Input filename",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "info",
.desc = "Give info about PKCS#12 structure",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = INFO,
},
{
.argname = "file",
.desc = "Private key if not infile",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.keyname,
+ .opt.arg = &cfg.keyname,
},
{
.name = "keyex",
.desc = "Set MS key exchange type",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.keytype,
+ .opt.value = &cfg.keytype,
.value = KEY_EX,
},
{
.name = "keysig",
.desc = "Set MS key signature type",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.keytype,
+ .opt.value = &cfg.keytype,
.value = KEY_SIG,
},
{
.name = "LMK",
.desc = "Add local machine keyset attribute to private key",
.type = OPTION_FLAG,
- .opt.flag = &pkcs12_config.add_lmk,
+ .opt.flag = &cfg.add_lmk,
},
{
.name = "macalg",
.argname = "alg",
.desc = "Digest algorithm used in MAC (default SHA1)",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.macalg,
+ .opt.arg = &cfg.macalg,
},
{
.name = "maciter",
.desc = "Use MAC iteration",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.maciter,
+ .opt.value = &cfg.maciter,
.value = PKCS12_DEFAULT_ITER,
},
{
.argname = "name",
.desc = "Use name as friendly name",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.name,
+ .opt.arg = &cfg.name,
},
{
.name = "nocerts",
.desc = "Don't output certificates",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = NOCERTS,
},
{
.name = "noiter",
.desc = "Don't use encryption iteration",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.iter,
+ .opt.value = &cfg.iter,
.value = 1,
},
{
.name = "nokeys",
.desc = "Don't output private keys",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = NOKEYS,
},
{
.name = "nomac",
.desc = "Don't generate MAC",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.maciter,
+ .opt.value = &cfg.maciter,
.value = -1,
},
{
.name = "nomaciter",
.desc = "Don't use MAC iteration",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.maciter,
+ .opt.value = &cfg.maciter,
.value = 1,
},
{
.name = "nomacver",
.desc = "Don't verify MAC",
.type = OPTION_VALUE,
- .opt.value = &pkcs12_config.macver,
+ .opt.value = &cfg.macver,
.value = 0,
},
{
.name = "noout",
.desc = "Don't output anything, just verify",
.type = OPTION_VALUE_OR,
- .opt.value = &pkcs12_config.options,
+ .opt.value = &cfg.options,
.value = (NOKEYS | NOCERTS),
},
{
.argname = "file",
.desc = "Output filename",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passin",
.argname = "arg",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "arg",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkcs12_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "password",
.name = "twopass",
.desc = "Separate MAC, encryption passwords",
.type = OPTION_FLAG,
- .opt.flag = &pkcs12_config.twopass,
+ .opt.flag = &cfg.twopass,
},
{ NULL },
};
exit(1);
}
- memset(&pkcs12_config, 0, sizeof(pkcs12_config));
- pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
- pkcs12_config.enc = EVP_des_ede3_cbc();
- pkcs12_config.iter = PKCS12_DEFAULT_ITER;
- pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- pkcs12_config.maciter = PKCS12_DEFAULT_ITER;
- pkcs12_config.macver = 1;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ cfg.enc = EVP_des_ede3_cbc();
+ cfg.iter = PKCS12_DEFAULT_ITER;
+ cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ cfg.maciter = PKCS12_DEFAULT_ITER;
+ cfg.macver = 1;
if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) {
pkcs12_usage();
goto end;
}
- if (pkcs12_config.passarg != NULL) {
- if (pkcs12_config.export_cert)
- pkcs12_config.passargout = pkcs12_config.passarg;
+ if (cfg.passarg != NULL) {
+ if (cfg.export_cert)
+ cfg.passargout = cfg.passarg;
else
- pkcs12_config.passargin = pkcs12_config.passarg;
+ cfg.passargin = cfg.passarg;
}
- if (!app_passwd(bio_err, pkcs12_config.passargin,
- pkcs12_config.passargout, &passin, &passout)) {
+ if (!app_passwd(bio_err, cfg.passargin,
+ cfg.passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (cpass == NULL) {
- if (pkcs12_config.export_cert)
+ if (cfg.export_cert)
cpass = passout;
else
cpass = passin;
}
if (cpass != NULL) {
mpass = cpass;
- pkcs12_config.noprompt = 1;
+ cfg.noprompt = 1;
} else {
cpass = pass;
mpass = macpass;
}
- if (pkcs12_config.infile == NULL)
+ if (cfg.infile == NULL)
in = BIO_new_fp(stdin, BIO_NOCLOSE);
else
- in = BIO_new_file(pkcs12_config.infile, "rb");
+ in = BIO_new_file(cfg.infile, "rb");
if (in == NULL) {
BIO_printf(bio_err, "Error opening input file %s\n",
- pkcs12_config.infile ? pkcs12_config.infile : "<stdin>");
- perror(pkcs12_config.infile);
+ cfg.infile ? cfg.infile : "<stdin>");
+ perror(cfg.infile);
goto end;
}
- if (pkcs12_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
} else
- out = BIO_new_file(pkcs12_config.outfile, "wb");
+ out = BIO_new_file(cfg.outfile, "wb");
if (out == NULL) {
BIO_printf(bio_err, "Error opening output file %s\n",
- pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>");
- perror(pkcs12_config.outfile);
+ cfg.outfile ? cfg.outfile : "<stdout>");
+ perror(cfg.outfile);
goto end;
}
- if (pkcs12_config.twopass) {
+ if (cfg.twopass) {
if (EVP_read_pw_string(macpass, sizeof macpass,
- "Enter MAC Password:", pkcs12_config.export_cert)) {
+ "Enter MAC Password:", cfg.export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
}
- if (pkcs12_config.export_cert) {
+ if (cfg.export_cert) {
EVP_PKEY *key = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs = NULL;
unsigned char *catmp = NULL;
int i;
- if ((pkcs12_config.options & (NOCERTS | NOKEYS)) ==
+ if ((cfg.options & (NOCERTS | NOKEYS)) ==
(NOCERTS | NOKEYS)) {
BIO_printf(bio_err, "Nothing to do!\n");
goto export_end;
}
- if (pkcs12_config.options & NOCERTS)
- pkcs12_config.chain = 0;
+ if (cfg.options & NOCERTS)
+ cfg.chain = 0;
- if (!(pkcs12_config.options & NOKEYS)) {
- key = load_key(bio_err, pkcs12_config.keyname ?
- pkcs12_config.keyname : pkcs12_config.infile,
+ if (!(cfg.options & NOKEYS)) {
+ key = load_key(bio_err, cfg.keyname ?
+ cfg.keyname : cfg.infile,
FORMAT_PEM, 1, passin, "private key");
if (!key)
goto export_end;
}
/* Load in all certs in input file */
- if (!(pkcs12_config.options & NOCERTS)) {
- certs = load_certs(bio_err, pkcs12_config.infile,
+ if (!(cfg.options & NOCERTS)) {
+ certs = load_certs(bio_err, cfg.infile,
FORMAT_PEM, NULL, "certificates");
if (certs == NULL)
goto export_end;
}
/* Add any more certificates asked for */
- if (pkcs12_config.certfile != NULL) {
+ if (cfg.certfile != NULL) {
STACK_OF(X509) *morecerts = NULL;
if ((morecerts = load_certs(bio_err,
- pkcs12_config.certfile, FORMAT_PEM, NULL,
+ cfg.certfile, FORMAT_PEM, NULL,
"certificates from certfile")) == NULL)
goto export_end;
while (sk_X509_num(morecerts) > 0)
/* If chaining get chain from user cert */
- if (pkcs12_config.chain) {
+ if (cfg.chain) {
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store = X509_STORE_new();
goto export_end;
}
if (!X509_STORE_load_locations(store,
- pkcs12_config.CAfile, pkcs12_config.CApath))
+ cfg.CAfile, cfg.CApath))
X509_STORE_set_default_paths(store);
vret = get_cert_chain(ucert, store, &chain2);
}
/* Add any CA names */
- for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames);
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames);
i++) {
catmp = (unsigned char *) sk_OPENSSL_STRING_value(
- pkcs12_config.canames, i);
+ cfg.canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
- if (pkcs12_config.csp_name != NULL && key != NULL)
+ if (cfg.csp_name != NULL && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC,
- (unsigned char *) pkcs12_config.csp_name, -1);
+ (unsigned char *) cfg.csp_name, -1);
- if (pkcs12_config.add_lmk && key != NULL)
+ if (cfg.add_lmk && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL,
-1);
- if (!pkcs12_config.noprompt &&
+ if (!cfg.noprompt &&
EVP_read_pw_string(pass, sizeof pass,
"Enter Export Password:", 1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
- if (!pkcs12_config.twopass)
+ if (!cfg.twopass)
strlcpy(macpass, pass, sizeof macpass);
- p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert,
- certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe,
- pkcs12_config.iter, -1, pkcs12_config.keytype);
+ p12 = PKCS12_create(cpass, cfg.name, key, ucert,
+ certs, cfg.key_pbe, cfg.cert_pbe,
+ cfg.iter, -1, cfg.keytype);
if (p12 == NULL) {
ERR_print_errors(bio_err);
goto export_end;
}
- if (pkcs12_config.macalg != NULL) {
- macmd = EVP_get_digestbyname(pkcs12_config.macalg);
+ if (cfg.macalg != NULL) {
+ macmd = EVP_get_digestbyname(cfg.macalg);
if (macmd == NULL) {
BIO_printf(bio_err,
"Unknown digest algorithm %s\n",
- pkcs12_config.macalg);
+ cfg.macalg);
}
}
- if (pkcs12_config.maciter != -1)
+ if (cfg.maciter != -1)
PKCS12_set_mac(p12, mpass, -1, NULL, 0,
- pkcs12_config.maciter, macmd);
+ cfg.maciter, macmd);
i2d_PKCS12_bio(out, p12);
ERR_print_errors(bio_err);
goto end;
}
- if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass,
+ if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass,
"Enter Import Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
- if (!pkcs12_config.twopass)
+ if (!cfg.twopass)
strlcpy(macpass, pass, sizeof macpass);
- if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) {
+ if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *iter;
PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12);
BIO_printf(bio_err, "MAC Iteration %ld\n",
iter != NULL ? ASN1_INTEGER_get(iter) : 1);
}
- if (pkcs12_config.macver) {
+ if (cfg.macver) {
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
- if (!pkcs12_config.twopass)
+ if (!cfg.twopass)
cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
BIO_printf(bio_err,
}
BIO_printf(bio_err, "MAC verified OK\n");
}
- if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options,
+ if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options,
passout)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors(bio_err);
PKCS12_free(p12);
BIO_free(in);
BIO_free_all(out);
- sk_OPENSSL_STRING_free(pkcs12_config.canames);
+ sk_OPENSSL_STRING_free(cfg.canames);
free(passin);
free(passout);
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
return 0;
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
- PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0,
+ PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
NULL, pempass);
EVP_PKEY_free(pkey);
break;
}
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0,
+ PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0,
NULL, pempass);
EVP_PKEY_free(pkey);
break;
-/* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */
+/* $OpenBSD: pkcs7.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int p7_print;
int print_certs;
int text;
-} pkcs7_config;
+} cfg;
static const struct option pkcs7_options[] = {
{
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &pkcs7_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkcs7_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "Do not output encoded version of PKCS#7 structure",
.type = OPTION_FLAG,
- .opt.flag = &pkcs7_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &pkcs7_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkcs7_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "print",
.desc = "Output ASN.1 representation of PKCS#7 structure",
.type = OPTION_FLAG,
- .opt.flag = &pkcs7_config.p7_print,
+ .opt.flag = &cfg.p7_print,
},
{
.name = "print_certs",
.desc = "Print out any certificates or CRLs contained in file",
.type = OPTION_FLAG,
- .opt.flag = &pkcs7_config.print_certs,
+ .opt.flag = &cfg.print_certs,
},
{
.name = "text",
.desc = "Print out full certificate details",
.type = OPTION_FLAG,
- .opt.flag = &pkcs7_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL },
};
exit(1);
}
- memset(&pkcs7_config, 0, sizeof(pkcs7_config));
+ memset(&cfg, 0, sizeof(cfg));
- pkcs7_config.informat = FORMAT_PEM;
- pkcs7_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) {
pkcs7_usage();
ERR_print_errors(bio_err);
goto end;
}
- if (pkcs7_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, pkcs7_config.infile) <= 0) {
- perror(pkcs7_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (pkcs7_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
- else if (pkcs7_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
- if (pkcs7_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) {
- perror(pkcs7_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (pkcs7_config.p7_print)
+ if (cfg.p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
- if (pkcs7_config.print_certs) {
+ if (cfg.print_certs) {
STACK_OF(X509) * certs = NULL;
STACK_OF(X509_CRL) * crls = NULL;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
- if (pkcs7_config.text)
+ if (cfg.text)
X509_print(out, x);
else
dump_cert_text(out, x);
- if (!pkcs7_config.noout)
+ if (!cfg.noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n");
}
X509_CRL_print(out, crl);
- if (!pkcs7_config.noout)
+ if (!cfg.noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n");
}
ret = 0;
goto end;
}
- if (!pkcs7_config.noout) {
- if (pkcs7_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
- else if (pkcs7_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
-/* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: pkcs8.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
char *passargout;
int pbe_nid;
int topk8;
-} pkcs8_config;
+} cfg;
static int
pkcs8_opt_v1(char *arg)
{
- if ((pkcs8_config.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) {
+ if ((cfg.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) {
fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg);
return (1);
}
static int
pkcs8_opt_v2(char *arg)
{
- if ((pkcs8_config.cipher = EVP_get_cipherbyname(arg)) == NULL) {
+ if ((cfg.cipher = EVP_get_cipherbyname(arg)) == NULL) {
fprintf(stderr, "Unknown cipher '%s'\n", arg);
return (1);
}
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &pkcs8_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "der | pem",
.desc = "Input format (default PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkcs8_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "nocrypt",
.desc = "Use or expect unencrypted private key",
.type = OPTION_FLAG,
- .opt.flag = &pkcs8_config.nocrypt,
+ .opt.flag = &cfg.nocrypt,
},
{
.name = "noiter",
.desc = "Use 1 as iteration count",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &pkcs8_config.iter,
+ .opt.value = &cfg.iter,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &pkcs8_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "der | pem",
.desc = "Output format (default PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkcs8_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "source",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkcs8_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "source",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkcs8_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "topk8",
.desc = "Read traditional format key and write PKCS#8 format"
" key",
.type = OPTION_FLAG,
- .opt.flag = &pkcs8_config.topk8,
+ .opt.flag = &cfg.topk8,
},
{
.name = "v1",
exit(1);
}
- memset(&pkcs8_config, 0, sizeof(pkcs8_config));
+ memset(&cfg, 0, sizeof(cfg));
- pkcs8_config.iter = PKCS12_DEFAULT_ITER;
- pkcs8_config.informat = FORMAT_PEM;
- pkcs8_config.outformat = FORMAT_PEM;
- pkcs8_config.pbe_nid = -1;
+ cfg.iter = PKCS12_DEFAULT_ITER;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
+ cfg.pbe_nid = -1;
if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) {
pkcs8_usage();
return (1);
}
- if (!app_passwd(bio_err, pkcs8_config.passargin,
- pkcs8_config.passargout, &passin, &passout)) {
+ if (!app_passwd(bio_err, cfg.passargin,
+ cfg.passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
- if ((pkcs8_config.pbe_nid == -1) && !pkcs8_config.cipher)
- pkcs8_config.pbe_nid = NID_pbeWithMD5AndDES_CBC;
+ if ((cfg.pbe_nid == -1) && !cfg.cipher)
+ cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC;
- if (pkcs8_config.infile) {
- if (!(in = BIO_new_file(pkcs8_config.infile, "rb"))) {
+ if (cfg.infile) {
+ if (!(in = BIO_new_file(cfg.infile, "rb"))) {
BIO_printf(bio_err,
"Can't open input file '%s'\n",
- pkcs8_config.infile);
+ cfg.infile);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (pkcs8_config.outfile) {
- if (!(out = BIO_new_file(pkcs8_config.outfile, "wb"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
BIO_printf(bio_err, "Can't open output file '%s'\n",
- pkcs8_config.outfile);
+ cfg.outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (pkcs8_config.topk8) {
- pkey = load_key(bio_err, pkcs8_config.infile,
- pkcs8_config.informat, 1, passin, "key");
+ if (cfg.topk8) {
+ pkey = load_key(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "key");
if (!pkey)
goto end;
if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
ERR_print_errors(bio_err);
goto end;
}
- if (pkcs8_config.nocrypt) {
- if (pkcs8_config.outformat == FORMAT_PEM)
+ if (cfg.nocrypt) {
+ if (cfg.outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
- else if (pkcs8_config.outformat == FORMAT_ASN1)
+ else if (cfg.outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else {
BIO_printf(bio_err,
"Enter Encryption Password:", 1))
goto end;
}
- if (!(p8 = PKCS8_encrypt(pkcs8_config.pbe_nid,
- pkcs8_config.cipher, p8pass, strlen(p8pass),
- NULL, 0, pkcs8_config.iter, p8inf))) {
+ if (!(p8 = PKCS8_encrypt(cfg.pbe_nid,
+ cfg.cipher, p8pass, strlen(p8pass),
+ NULL, 0, cfg.iter, p8inf))) {
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
- if (pkcs8_config.outformat == FORMAT_PEM)
+ if (cfg.outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
- else if (pkcs8_config.outformat == FORMAT_ASN1)
+ else if (cfg.outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else {
BIO_printf(bio_err,
ret = 0;
goto end;
}
- if (pkcs8_config.nocrypt) {
- if (pkcs8_config.informat == FORMAT_PEM)
+ if (cfg.nocrypt) {
+ if (cfg.informat == FORMAT_PEM)
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL,
NULL, NULL);
- else if (pkcs8_config.informat == FORMAT_ASN1)
+ else if (cfg.informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
- if (pkcs8_config.informat == FORMAT_PEM)
+ if (cfg.informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
- else if (pkcs8_config.informat == FORMAT_ASN1)
+ else if (cfg.informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
ERR_print_errors(bio_err);
goto end;
}
- if (pkcs8_config.outformat == FORMAT_PEM)
+ if (cfg.outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL,
passout);
- else if (pkcs8_config.outformat == FORMAT_ASN1)
+ else if (cfg.outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
-/* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: pkey.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
int pubout;
int pubtext;
int text;
-} pkey_config;
+} cfg;
static int
pkey_opt_cipher(int argc, char **argv, int *argsused)
if (*name++ != '-')
return (1);
- if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) {
+ if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) {
BIO_printf(bio_err, "Unknown cipher %s\n", name);
return (1);
}
.name = "check",
.desc = "Check validity of key",
.type = OPTION_FLAG,
- .opt.flag = &pkey_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &pkey_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkey_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "Do not print encoded version of the key",
.type = OPTION_FLAG,
- .opt.flag = &pkey_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &pkey_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkey_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "src",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkey_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "src",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &pkey_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "pubcheck",
.desc = "Check validity of public key",
.type = OPTION_FLAG,
- .opt.flag = &pkey_config.pubcheck,
+ .opt.flag = &cfg.pubcheck,
},
{
.name = "pubin",
.desc = "Expect a public key (default private key)",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &pkey_config.pubin,
+ .opt.value = &cfg.pubin,
},
{
.name = "pubout",
.desc = "Output a public key (default private key)",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &pkey_config.pubout,
+ .opt.value = &cfg.pubout,
},
{
.name = "text",
.desc = "Print the public/private key in plain text",
.type = OPTION_FLAG,
- .opt.flag = &pkey_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = "text_pub",
.desc = "Print out only public key in plain text",
.type = OPTION_FLAG,
- .opt.flag = &pkey_config.pubtext,
+ .opt.flag = &cfg.pubtext,
},
{
.name = NULL,
exit(1);
}
- memset(&pkey_config, 0, sizeof(pkey_config));
- pkey_config.informat = FORMAT_PEM;
- pkey_config.outformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) {
pkey_usage();
goto end;
}
- if (pkey_config.pubtext)
- pkey_config.text = 1;
- if (pkey_config.pubin)
- pkey_config.pubout = pkey_config.pubtext = 1;
+ if (cfg.pubtext)
+ cfg.text = 1;
+ if (cfg.pubin)
+ cfg.pubout = cfg.pubtext = 1;
- if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout,
+ if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
- if (pkey_config.outfile) {
- if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", pkey_config.outfile);
+ "Can't open output file %s\n", cfg.outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (pkey_config.pubin)
- pkey = load_pubkey(bio_err, pkey_config.infile,
- pkey_config.informat, 1, passin, "Public Key");
+ if (cfg.pubin)
+ pkey = load_pubkey(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "Public Key");
else
- pkey = load_key(bio_err, pkey_config.infile,
- pkey_config.informat, 1, passin, "key");
+ pkey = load_key(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "key");
if (!pkey)
goto end;
- if (pkey_config.check) {
+ if (cfg.check) {
if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair"))
goto end;
- } else if (pkey_config.pubcheck) {
+ } else if (cfg.pubcheck) {
if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key"))
goto end;
}
- if (!pkey_config.noout) {
- if (pkey_config.outformat == FORMAT_PEM) {
- if (pkey_config.pubout)
+ if (!cfg.noout) {
+ if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.pubout)
PEM_write_bio_PUBKEY(out, pkey);
else
PEM_write_bio_PrivateKey(out, pkey,
- pkey_config.cipher, NULL, 0, NULL, passout);
- } else if (pkey_config.outformat == FORMAT_ASN1) {
- if (pkey_config.pubout)
+ cfg.cipher, NULL, 0, NULL, passout);
+ } else if (cfg.outformat == FORMAT_ASN1) {
+ if (cfg.pubout)
i2d_PUBKEY_bio(out, pkey);
else
i2d_PrivateKey_bio(out, pkey);
}
}
- if (pkey_config.text) {
- if (pkey_config.pubtext)
+ if (cfg.text) {
+ if (cfg.pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else
EVP_PKEY_print_private(out, pkey, 0, NULL);
-/* $OpenBSD: pkeyparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: pkeyparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
int noout;
char *outfile;
int text;
-} pkeyparam_config;
+} cfg;
static const struct option pkeyparam_options[] = {
{
.name = "check",
.desc = "Check validity of key parameters",
.type = OPTION_FLAG,
- .opt.flag = &pkeyparam_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &pkeyparam_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "noout",
.desc = "Do not print encoded version of the parameters",
.type = OPTION_FLAG,
- .opt.flag = &pkeyparam_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &pkeyparam_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "text",
.desc = "Print out the parameters in plain text",
.type = OPTION_FLAG,
- .opt.flag = &pkeyparam_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL },
};
exit(1);
}
- memset(&pkeyparam_config, 0, sizeof(pkeyparam_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) {
pkeyparam_usage();
return (1);
}
- if (pkeyparam_config.infile) {
- if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) {
+ if (cfg.infile) {
+ if (!(in = BIO_new_file(cfg.infile, "r"))) {
BIO_printf(bio_err, "Can't open input file %s\n",
- pkeyparam_config.infile);
+ cfg.infile);
goto end;
}
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (pkeyparam_config.outfile) {
- if (!(out = BIO_new_file(pkeyparam_config.outfile, "w"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "w"))) {
BIO_printf(bio_err, "Can't open output file %s\n",
- pkeyparam_config.outfile);
+ cfg.outfile);
goto end;
}
} else {
goto end;
}
- if (pkeyparam_config.check) {
+ if (cfg.check) {
if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters"))
goto end;
}
- if (!pkeyparam_config.noout)
+ if (!cfg.noout)
PEM_write_bio_Parameters(out, pkey);
- if (pkeyparam_config.text)
+ if (cfg.text)
EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0;
-/* $OpenBSD: pkeyutl.c,v 1.18 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: pkeyutl.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
int pkey_op;
int rev;
char *sigfile;
-} pkeyutl_config;
+} cfg;
static void pkeyutl_usage(void);
.name = "asn1parse",
.desc = "ASN.1 parse the output data",
.type = OPTION_FLAG,
- .opt.flag = &pkeyutl_config.asn1parse,
+ .opt.flag = &cfg.asn1parse,
},
{
.name = "certin",
.desc = "Input is a certificate containing a public key",
.type = OPTION_VALUE,
.value = KEY_CERT,
- .opt.value = &pkeyutl_config.key_type,
+ .opt.value = &cfg.key_type,
},
{
.name = "decrypt",
.desc = "Decrypt the input data using a private key",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_DECRYPT,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{
.name = "derive",
.desc = "Derive a shared secret using the peer key",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_DERIVE,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{
.name = "encrypt",
.desc = "Encrypt the input data using a public key",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_ENCRYPT,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{
.name = "hexdump",
.desc = "Hex dump the output data",
.type = OPTION_FLAG,
- .opt.flag = &pkeyutl_config.hexdump,
+ .opt.flag = &cfg.hexdump,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &pkeyutl_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inkey",
.argname = "fmt",
.desc = "Input key format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkeyutl_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &pkeyutl_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passin",
.argname = "arg",
.desc = "Key password source",
.type = OPTION_ARG,
- .opt.arg = &pkeyutl_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "peerform",
.argname = "fmt",
.desc = "Input key format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &pkeyutl_config.peerform,
+ .opt.value = &cfg.peerform,
},
{
.name = "peerkey",
.desc = "Input is a public key",
.type = OPTION_VALUE,
.value = KEY_PUBKEY,
- .opt.value = &pkeyutl_config.key_type,
+ .opt.value = &cfg.key_type,
},
{
.name = "rev",
.desc = "Reverse the input data",
.type = OPTION_FLAG,
- .opt.flag = &pkeyutl_config.rev,
+ .opt.flag = &cfg.rev,
},
{
.name = "sigfile",
.argname = "file",
.desc = "Signature file (verify operation only)",
.type = OPTION_ARG,
- .opt.arg = &pkeyutl_config.sigfile,
+ .opt.arg = &cfg.sigfile,
},
{
.name = "sign",
.desc = "Sign the input data using private key",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_SIGN,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{
.name = "verify",
.desc = "Verify the input data using public key",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_VERIFY,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{
.name = "verifyrecover",
.desc = "Verify with public key, recover original data",
.type = OPTION_VALUE,
.value = EVP_PKEY_OP_VERIFYRECOVER,
- .opt.value = &pkeyutl_config.pkey_op,
+ .opt.value = &cfg.pkey_op,
},
{NULL},
exit(1);
}
- memset(&pkeyutl_config, 0, sizeof(pkeyutl_config));
- pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN;
- pkeyutl_config.key_type = KEY_PRIVKEY;
- pkeyutl_config.keyform = FORMAT_PEM;
- pkeyutl_config.peerform = FORMAT_PEM;
- pkeyutl_config.keysize = -1;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.pkey_op = EVP_PKEY_OP_SIGN;
+ cfg.key_type = KEY_PRIVKEY;
+ cfg.keyform = FORMAT_PEM;
+ cfg.peerform = FORMAT_PEM;
+ cfg.keysize = -1;
if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) {
pkeyutl_usage();
goto end;
}
- if (!pkeyutl_config.ctx) {
+ if (!cfg.ctx) {
pkeyutl_usage();
goto end;
}
- if (pkeyutl_config.sigfile &&
- (pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) {
+ if (cfg.sigfile &&
+ (cfg.pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "Signature file specified for non verify\n");
goto end;
}
- if (!pkeyutl_config.sigfile &&
- (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) {
+ if (!cfg.sigfile &&
+ (cfg.pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "No signature file specified for verify\n");
goto end;
}
- if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) {
- if (pkeyutl_config.infile) {
- if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) {
+ if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) {
+ if (cfg.infile) {
+ if (!(in = BIO_new_file(cfg.infile, "rb"))) {
BIO_puts(bio_err,
"Error Opening Input File\n");
ERR_print_errors(bio_err);
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
- if (pkeyutl_config.outfile) {
- if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
BIO_printf(bio_err, "Error Creating Output File\n");
ERR_print_errors(bio_err);
goto end;
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (pkeyutl_config.sigfile) {
- BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb");
+ if (cfg.sigfile) {
+ BIO *sigbio = BIO_new_file(cfg.sigfile, "rb");
if (!sigbio) {
BIO_printf(bio_err, "Can't open signature file %s\n",
- pkeyutl_config.sigfile);
+ cfg.sigfile);
goto end;
}
- siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio);
+ siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio);
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature data\n");
}
if (in) {
/* Read the input data */
- buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in);
+ buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in);
if (buf_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
- if (pkeyutl_config.rev) {
+ if (cfg.rev) {
size_t i;
unsigned char ctmp;
size_t l = (size_t) buf_inlen;
}
}
}
- if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) {
- rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen,
+ if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) {
+ rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen,
buf_in, (size_t) buf_inlen);
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
if (rv >= 0)
goto end;
} else {
- rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL,
+ rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL,
(size_t *)&buf_outlen, buf_in, (size_t) buf_inlen);
if (rv > 0) {
buf_out = malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
- rv = do_keyop(pkeyutl_config.ctx,
- pkeyutl_config.pkey_op,
+ rv = do_keyop(cfg.ctx,
+ cfg.pkey_op,
buf_out, (size_t *) & buf_outlen,
buf_in, (size_t) buf_inlen);
}
goto end;
}
ret = 0;
- if (pkeyutl_config.asn1parse) {
+ if (cfg.asn1parse) {
if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
- } else if (pkeyutl_config.hexdump)
+ } else if (cfg.hexdump)
BIO_dump(out, (char *) buf_out, buf_outlen);
else
BIO_write(out, buf_out, buf_outlen);
end:
- EVP_PKEY_CTX_free(pkeyutl_config.ctx);
+ EVP_PKEY_CTX_free(cfg.ctx);
BIO_free(in);
BIO_free_all(out);
free(buf_in);
int rv = -1;
X509 *x;
- if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN)
- || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT)
- || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE))
- && (pkeyutl_config.key_type != KEY_PRIVKEY)) {
+ if (((cfg.pkey_op == EVP_PKEY_OP_SIGN)
+ || (cfg.pkey_op == EVP_PKEY_OP_DECRYPT)
+ || (cfg.pkey_op == EVP_PKEY_OP_DERIVE))
+ && (cfg.key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err,
"A private key is needed for this operation\n");
goto end;
}
- if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin,
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin,
NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- switch (pkeyutl_config.key_type) {
+ switch (cfg.key_type) {
case KEY_PRIVKEY:
- pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0,
+ pkey = load_key(bio_err, keyfile, cfg.keyform, 0,
passin, "Private Key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0,
+ pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0,
NULL, "Public Key");
break;
case KEY_CERT:
- x = load_cert(bio_err, keyfile, pkeyutl_config.keyform,
+ x = load_cert(bio_err, keyfile, cfg.keyform,
NULL, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
break;
}
- pkeyutl_config.keysize = EVP_PKEY_size(pkey);
+ cfg.keysize = EVP_PKEY_size(pkey);
if (!pkey)
goto end;
- pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL);
+ cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_free(pkey);
- if (!pkeyutl_config.ctx)
+ if (!cfg.ctx)
goto end;
- switch (pkeyutl_config.pkey_op) {
+ switch (cfg.pkey_op) {
case EVP_PKEY_OP_SIGN:
- rv = EVP_PKEY_sign_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_sign_init(cfg.ctx);
break;
case EVP_PKEY_OP_VERIFY:
- rv = EVP_PKEY_verify_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_verify_init(cfg.ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
- rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_verify_recover_init(cfg.ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
- rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_encrypt_init(cfg.ctx);
break;
case EVP_PKEY_OP_DECRYPT:
- rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_decrypt_init(cfg.ctx);
break;
case EVP_PKEY_OP_DERIVE:
- rv = EVP_PKEY_derive_init(pkeyutl_config.ctx);
+ rv = EVP_PKEY_derive_init(cfg.ctx);
break;
}
if (rv <= 0) {
- EVP_PKEY_CTX_free(pkeyutl_config.ctx);
- pkeyutl_config.ctx = NULL;
+ EVP_PKEY_CTX_free(cfg.ctx);
+ cfg.ctx = NULL;
}
end:
free(passin);
- if (!pkeyutl_config.ctx) {
+ if (!cfg.ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
return (1);
EVP_PKEY *peer = NULL;
int ret;
- if (!pkeyutl_config.ctx) {
+ if (!cfg.ctx) {
BIO_puts(bio_err, "-peerkey command before -inkey\n");
return (1);
}
- peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL,
+ peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL,
"Peer Key");
if (!peer) {
ERR_print_errors(bio_err);
return (1);
}
- ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer);
+ ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer);
EVP_PKEY_free(peer);
if (ret <= 0) {
static int
pkeyutl_pkeyopt(char *pkeyopt)
{
- if (!pkeyutl_config.ctx) {
+ if (!cfg.ctx) {
BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
return (1);
- } else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) {
+ } else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) {
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
return (1);
-/* $OpenBSD: prime.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: prime.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
int generate;
int hex;
int safe;
-} prime_config;
+} cfg;
static const struct option prime_options[] = {
{
.argname = "n",
.desc = "Number of bits in the generated prime number",
.type = OPTION_ARG_INT,
- .opt.value = &prime_config.bits,
+ .opt.value = &cfg.bits,
},
{
.name = "checks",
.argname = "n",
.desc = "Miller-Rabin probabilistic primality test iterations",
.type = OPTION_ARG_INT,
- .opt.value = &prime_config.checks,
+ .opt.value = &cfg.checks,
},
{
.name = "generate",
.desc = "Generate a pseudo-random prime number",
.type = OPTION_FLAG,
- .opt.flag = &prime_config.generate,
+ .opt.flag = &cfg.generate,
},
{
.name = "hex",
.desc = "Hexadecimal prime numbers",
.type = OPTION_FLAG,
- .opt.flag = &prime_config.hex,
+ .opt.flag = &cfg.hex,
},
{
.name = "safe",
.desc = "Generate only \"safe\" prime numbers",
.type = OPTION_FLAG,
- .opt.flag = &prime_config.safe,
+ .opt.flag = &cfg.safe,
},
{NULL},
};
exit(1);
}
- memset(&prime_config, 0, sizeof(prime_config));
+ memset(&cfg, 0, sizeof(cfg));
/* Default iterations for Miller-Rabin probabilistic primality test. */
- prime_config.checks = 20;
+ cfg.checks = 20;
if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) {
prime_usage();
return (1);
}
- if (prime == NULL && prime_config.generate == 0) {
+ if (prime == NULL && cfg.generate == 0) {
BIO_printf(bio_err, "No prime specified.\n");
prime_usage();
return (1);
}
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
- if (prime_config.generate != 0) {
- if (prime_config.bits == 0) {
+ if (cfg.generate != 0) {
+ if (cfg.bits == 0) {
BIO_printf(bio_err, "Specify the number of bits.\n");
goto end;
}
BIO_printf(bio_err, "Out of memory.\n");
goto end;
}
- if (!BN_generate_prime_ex(bn, prime_config.bits,
- prime_config.safe, NULL, NULL, NULL)) {
+ if (!BN_generate_prime_ex(bn, cfg.bits,
+ cfg.safe, NULL, NULL, NULL)) {
BIO_printf(bio_err, "Prime generation error.\n");
goto end;
}
- s = prime_config.hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+ s = cfg.hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
if (s == NULL) {
BIO_printf(bio_err, "Out of memory.\n");
goto end;
BIO_printf(bio_out, "%s\n", s);
free(s);
} else {
- if (prime_config.hex) {
+ if (cfg.hex) {
if (!BN_hex2bn(&bn, prime)) {
BIO_printf(bio_err, "%s is an invalid hex "
"value.\n", prime);
}
}
- is_prime = BN_is_prime_ex(bn, prime_config.checks, NULL, NULL);
+ is_prime = BN_is_prime_ex(bn, cfg.checks, NULL, NULL);
if (is_prime < 0) {
BIO_printf(bio_err, "BN_is_prime_ex failed.\n");
goto end;
-/* $OpenBSD: rand.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: rand.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
int base64;
int hex;
char *outfile;
-} rand_config;
+} cfg;
static const struct option rand_options[] = {
{
.name = "base64",
.desc = "Perform base64 encoding on output",
.type = OPTION_FLAG,
- .opt.flag = &rand_config.base64,
+ .opt.flag = &cfg.base64,
},
{
.name = "hex",
.desc = "Hexadecimal output",
.type = OPTION_FLAG,
- .opt.flag = &rand_config.hex,
+ .opt.flag = &cfg.hex,
},
{
.name = "out",
.argname = "file",
.desc = "Write to the given file instead of standard output",
.type = OPTION_ARG,
- .opt.arg = &rand_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{NULL},
};
exit(1);
}
- memset(&rand_config, 0, sizeof(rand_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) {
rand_usage();
} else
badopt = 1;
- if (rand_config.hex && rand_config.base64)
+ if (cfg.hex && cfg.base64)
badopt = 1;
if (badopt) {
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
- if (rand_config.outfile != NULL)
- r = BIO_write_filename(out, rand_config.outfile);
+ if (cfg.outfile != NULL)
+ r = BIO_write_filename(out, cfg.outfile);
else
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
if (r <= 0)
goto err;
- if (rand_config.base64) {
+ if (cfg.base64) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
if (chunk > (int) sizeof(buf))
chunk = sizeof(buf);
arc4random_buf(buf, chunk);
- if (rand_config.hex) {
+ if (cfg.hex) {
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
} else
num -= chunk;
}
- if (rand_config.hex)
+ if (cfg.hex)
BIO_puts(out, "\n");
(void) BIO_flush(out);
-/* $OpenBSD: req.c,v 1.26 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int verbose;
int verify;
int x509;
-} req_config;
+} cfg;
static int
req_opt_addext(char *arg)
{
int i;
- if (req_config.addexts == NULL) {
- req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
+ if (cfg.addexts == NULL) {
+ cfg.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
(LHASH_HASH_FN_TYPE)ext_name_hash,
(LHASH_COMP_FN_TYPE)ext_name_cmp);
- req_config.addext_bio = BIO_new(BIO_s_mem());
- if (req_config.addexts == NULL ||
- req_config.addext_bio == NULL)
+ cfg.addext_bio = BIO_new(BIO_s_mem());
+ if (cfg.addexts == NULL ||
+ cfg.addext_bio == NULL)
return (1);
}
- i = duplicated(req_config.addexts, arg);
+ i = duplicated(cfg.addexts, arg);
if (i == 1)
return (1);
- if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0)
+ if (i < 0 || BIO_printf(cfg.addext_bio, "%s\n", arg) < 0)
return (1);
return (0);
{
const char *errstr;
- req_config.days = strtonum(arg, 1, INT_MAX, &errstr);
+ cfg.days = strtonum(arg, 1, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "bad -days %s, using 0: %s\n",
arg, errstr);
- req_config.days = 30;
+ cfg.days = 30;
}
return (0);
}
if (*name++ != '-')
return (1);
- if ((req_config.digest = EVP_get_digestbyname(name)) == NULL)
+ if ((cfg.digest = EVP_get_digestbyname(name)) == NULL)
return (1);
*argsused = 1;
static int
req_opt_newkey(char *arg)
{
- req_config.keyalg = arg;
- req_config.newreq = 1;
+ cfg.keyalg = arg;
+ cfg.newreq = 1;
return (0);
}
static int
req_opt_nameopt(char *arg)
{
- if (!set_name_ex(&req_config.nmflag, arg))
+ if (!set_name_ex(&cfg.nmflag, arg))
return (1);
return (0);
}
static int
req_opt_pkeyopt(char *arg)
{
- if (req_config.pkeyopts == NULL)
- req_config.pkeyopts = sk_OPENSSL_STRING_new_null();
- if (req_config.pkeyopts == NULL)
+ if (cfg.pkeyopts == NULL)
+ cfg.pkeyopts = sk_OPENSSL_STRING_new_null();
+ if (cfg.pkeyopts == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.pkeyopts, arg))
return (1);
return (0);
}
static int
req_opt_reqopt(char *arg)
{
- if (!set_cert_ex(&req_config.reqflag, arg))
+ if (!set_cert_ex(&cfg.reqflag, arg))
return (1);
return (0);
}
static int
req_opt_set_serial(char *arg)
{
- req_config.serial = s2i_ASN1_INTEGER(NULL, arg);
- if (req_config.serial == NULL)
+ cfg.serial = s2i_ASN1_INTEGER(NULL, arg);
+ if (cfg.serial == NULL)
return (1);
return (0);
}
static int
req_opt_sigopt(char *arg)
{
- if (req_config.sigopts == NULL)
- req_config.sigopts = sk_OPENSSL_STRING_new_null();
- if (req_config.sigopts == NULL)
+ if (cfg.sigopts == NULL)
+ cfg.sigopts = sk_OPENSSL_STRING_new_null();
+ if (cfg.sigopts == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
return (1);
return (0);
}
static int
req_opt_utf8(void)
{
- req_config.chtype = MBSTRING_UTF8;
+ cfg.chtype = MBSTRING_UTF8;
return (0);
}
.name = "batch",
.desc = "Operate in batch mode",
.type = OPTION_FLAG,
- .opt.flag = &req_config.batch,
+ .opt.flag = &cfg.batch,
},
{
.name = "config",
.argname = "file",
.desc = "Configuration file to use as request template",
.type = OPTION_ARG,
- .opt.arg = &req_config.template,
+ .opt.arg = &cfg.template,
},
{
.name = "days",
.argname = "section",
.desc = "Config section to use for certificate extensions",
.type = OPTION_ARG,
- .opt.arg = &req_config.extensions,
+ .opt.arg = &cfg.extensions,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &req_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &req_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "key",
.argname = "file",
.desc = "Private key file",
.type = OPTION_ARG,
- .opt.arg = &req_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "keyform",
.argname = "format",
.desc = "Private key format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &req_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "keyout",
.argname = "file",
.desc = "Private key output file",
.type = OPTION_ARG,
- .opt.arg = &req_config.keyout,
+ .opt.arg = &cfg.keyout,
},
{
.name = "modulus",
.desc = "Print RSA modulus",
.type = OPTION_FLAG,
- .opt.flag = &req_config.modulus,
+ .opt.flag = &cfg.modulus,
},
{
.name = "multivalue-rdn",
.desc = "Enable support for multivalued RDNs",
.type = OPTION_FLAG,
- .opt.flag = &req_config.multirdn,
+ .opt.flag = &cfg.multirdn,
},
{
.name = "nameopt",
.name = "new",
.desc = "New request",
.type = OPTION_FLAG,
- .opt.flag = &req_config.newreq,
+ .opt.flag = &cfg.newreq,
},
{
.name = "newhdr",
.desc = "Include 'NEW' in header lines",
.type = OPTION_FLAG,
- .opt.flag = &req_config.newhdr,
+ .opt.flag = &cfg.newhdr,
},
{
.name = "newkey",
.name = "nodes",
.desc = "Do not encrypt output private key",
.type = OPTION_FLAG,
- .opt.flag = &req_config.nodes,
+ .opt.flag = &cfg.nodes,
},
{
.name = "noout",
.desc = "Do not output request",
.type = OPTION_FLAG,
- .opt.flag = &req_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &req_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &req_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "source",
.desc = "Private key input password source",
.type = OPTION_ARG,
- .opt.arg = &req_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "source",
.desc = "Private key output password source",
.type = OPTION_ARG,
- .opt.arg = &req_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "pkeyopt",
.name = "pubkey",
.desc = "Output the public key",
.type = OPTION_FLAG,
- .opt.flag = &req_config.pubkey,
+ .opt.flag = &cfg.pubkey,
},
{
.name = "reqexts",
.argname = "section",
.desc = "Config section to use for request extensions",
.type = OPTION_ARG,
- .opt.arg = &req_config.req_exts,
+ .opt.arg = &cfg.req_exts,
},
{
.name = "reqopt",
.argname = "name",
.desc = "Set or modify the request subject",
.type = OPTION_ARG,
- .opt.arg = &req_config.subj,
+ .opt.arg = &cfg.subj,
},
{
.name = "subject",
.desc = "Output the subject of the request",
.type = OPTION_FLAG,
- .opt.flag = &req_config.subject,
+ .opt.flag = &cfg.subject,
},
{
.name = "text",
.desc = "Print request in text form",
.type = OPTION_FLAG,
- .opt.flag = &req_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = "utf8",
.name = "verbose",
.desc = "Verbose",
.type = OPTION_FLAG,
- .opt.flag = &req_config.verbose,
+ .opt.flag = &cfg.verbose,
},
{
.name = "verify",
.desc = "Verify signature on request",
.type = OPTION_FLAG,
- .opt.flag = &req_config.verify,
+ .opt.flag = &cfg.verify,
},
{
.name = "x509",
.desc = "Output an X.509 structure instead of a certificate request",
.type = OPTION_FLAG,
- .opt.flag = &req_config.x509,
+ .opt.flag = &cfg.x509,
},
{
.name = NULL,
exit(1);
}
- memset(&req_config, 0, sizeof(req_config));
+ memset(&cfg, 0, sizeof(cfg));
- req_config.chtype = MBSTRING_ASC;
- req_config.days = 30;
- req_config.digest = EVP_sha256();
- req_config.newkey = -1;
- req_config.informat = FORMAT_PEM;
- req_config.keyform = FORMAT_PEM;
- req_config.outformat = FORMAT_PEM;
+ cfg.chtype = MBSTRING_ASC;
+ cfg.days = 30;
+ cfg.digest = EVP_sha256();
+ cfg.newkey = -1;
+ cfg.informat = FORMAT_PEM;
+ cfg.keyform = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, req_options, NULL, NULL) != 0) {
req_usage();
req_conf = NULL;
cipher = EVP_aes_256_cbc();
- if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) {
+ if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
- if (req_config.template != NULL) {
+ if (cfg.template != NULL) {
long errline = -1;
- if (req_config.verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", req_config.template);
+ if (cfg.verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n", cfg.template);
if ((req_conf = NCONF_new(NULL)) == NULL)
goto end;
- if(!NCONF_load(req_conf, req_config.template, &errline)) {
- BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template);
+ if(!NCONF_load(req_conf, cfg.template, &errline)) {
+ BIO_printf(bio_err, "error on line %ld of %s\n", errline, cfg.template);
goto end;
}
} else {
if (req_conf == NULL) {
BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
- if (req_config.newreq)
+ if (cfg.newreq)
goto end;
- } else if (req_config.verbose)
+ } else if (cfg.verbose)
BIO_printf(bio_err, "Using configuration from %s\n",
default_config_file);
}
- if (req_config.addext_bio != NULL) {
+ if (cfg.addext_bio != NULL) {
long errline = -1;
- if (req_config.verbose)
+ if (cfg.verbose)
BIO_printf(bio_err,
"Using additional configuration from command line\n");
if ((addext_conf = NCONF_new(NULL)) == NULL)
goto end;
- if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) {
+ if (!NCONF_load_bio(addext_conf, cfg.addext_bio, &errline)) {
BIO_printf(bio_err,
"req: Error on line %ld of config input\n",
errline);
ERR_clear_error();
if (p != NULL) {
if ((md_alg = EVP_get_digestbyname(p)) != NULL)
- req_config.digest = md_alg;
+ cfg.digest = md_alg;
}
}
- if (!req_config.extensions) {
- req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
- if (!req_config.extensions)
+ if (!cfg.extensions) {
+ cfg.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if (!cfg.extensions)
ERR_clear_error();
}
- if (req_config.extensions) {
+ if (cfg.extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
- if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) {
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.extensions, NULL)) {
BIO_printf(bio_err,
- "Error Loading extension section %s\n", req_config.extensions);
+ "Error Loading extension section %s\n", cfg.extensions);
goto end;
}
}
BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
goto end;
}
- if (req_config.chtype != MBSTRING_UTF8) {
+ if (cfg.chtype != MBSTRING_UTF8) {
p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
if (!p)
ERR_clear_error();
else if (!strcmp(p, "yes"))
- req_config.chtype = MBSTRING_UTF8;
+ cfg.chtype = MBSTRING_UTF8;
}
- if (!req_config.req_exts) {
- req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
- if (!req_config.req_exts)
+ if (!cfg.req_exts) {
+ cfg.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if (!cfg.req_exts)
ERR_clear_error();
}
- if (req_config.req_exts) {
+ if (cfg.req_exts) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
- if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) {
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
- req_config.req_exts);
+ cfg.req_exts);
goto end;
}
}
if ((in == NULL) || (out == NULL))
goto end;
- if (req_config.keyfile != NULL) {
- pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin,
+ if (cfg.keyfile != NULL) {
+ pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin,
"Private Key");
if (!pkey) {
/*
goto end;
}
}
- if (req_config.newreq && (pkey == NULL)) {
- if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) {
- req_config.newkey = DEFAULT_KEY_LENGTH;
+ if (cfg.newreq && (pkey == NULL)) {
+ if (!NCONF_get_number(req_conf, SECTION, BITS, &cfg.newkey)) {
+ cfg.newkey = DEFAULT_KEY_LENGTH;
}
- if (req_config.keyalg) {
- genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey,
+ if (cfg.keyalg) {
+ genctx = set_keygen_ctx(bio_err, cfg.keyalg, &pkey_type, &cfg.newkey,
&keyalgstr);
if (!genctx)
goto end;
}
- if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+ if (cfg.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
BIO_printf(bio_err, "private key length is too short,\n");
- BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey);
+ BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, cfg.newkey);
goto end;
}
if (!genctx) {
- genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey,
+ genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &cfg.newkey,
&keyalgstr);
if (!genctx)
goto end;
}
- if (req_config.pkeyopts) {
+ if (cfg.pkeyopts) {
char *genopt;
- for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) {
- genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i);
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.pkeyopts); i++) {
+ genopt = sk_OPENSSL_STRING_value(cfg.pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0) {
BIO_printf(bio_err,
"parameter error \"%s\"\n",
}
}
BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
- req_config.newkey, keyalgstr);
+ cfg.newkey, keyalgstr);
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
- if (req_config.keyout == NULL) {
- req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
- if (req_config.keyout == NULL)
+ if (cfg.keyout == NULL) {
+ cfg.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
+ if (cfg.keyout == NULL)
ERR_clear_error();
}
- if (req_config.keyout == NULL) {
+ if (cfg.keyout == NULL) {
BIO_printf(bio_err, "writing new private key to stdout\n");
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout);
- if (BIO_write_filename(out, req_config.keyout) <= 0) {
- perror(req_config.keyout);
+ BIO_printf(bio_err, "writing new private key to '%s'\n", cfg.keyout);
+ if (BIO_write_filename(out, cfg.keyout) <= 0) {
+ perror(cfg.keyout);
goto end;
}
}
}
if ((p != NULL) && (strcmp(p, "no") == 0))
cipher = NULL;
- if (req_config.nodes)
+ if (cfg.nodes)
cipher = NULL;
i = 0;
}
BIO_printf(bio_err, "-----\n");
}
- if (!req_config.newreq) {
- if (req_config.infile == NULL)
+ if (!cfg.newreq) {
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, req_config.infile) <= 0) {
- perror(req_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
goto end;
}
}
- if (req_config.informat == FORMAT_ASN1)
+ if (cfg.informat == FORMAT_ASN1)
req = d2i_X509_REQ_bio(in, NULL);
- else if (req_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for X509 request\n");
goto end;
}
}
- if (req_config.newreq || req_config.x509) {
+ if (cfg.newreq || cfg.x509) {
if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
if (req == NULL) {
goto end;
}
- i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype);
- req_config.subj = NULL; /* done processing '-subj' option */
+ i = make_REQ(req, pkey, cfg.subj, cfg.multirdn, !cfg.x509, cfg.chtype);
+ cfg.subj = NULL; /* done processing '-subj' option */
if (!i) {
BIO_printf(bio_err, "problems making Certificate Request\n");
goto end;
}
}
- if (req_config.x509) {
+ if (cfg.x509) {
EVP_PKEY *tmppkey;
X509V3_CTX ext_ctx;
goto end;
/* Set version to V3 */
- if ((req_config.extensions != NULL || addext_conf != NULL) &&
+ if ((cfg.extensions != NULL || addext_conf != NULL) &&
!X509_set_version(x509ss, 2))
goto end;
- if (req_config.serial) {
- if (!X509_set_serialNumber(x509ss, req_config.serial))
+ if (cfg.serial) {
+ if (!X509_set_serialNumber(x509ss, cfg.serial))
goto end;
} else {
if (!rand_serial(NULL,
goto end;
if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
goto end;
- if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL))
+ if (!X509_time_adj_ex(X509_get_notAfter(x509ss), cfg.days, 0, NULL))
goto end;
if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
goto end;
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf,
- &ext_ctx, req_config.extensions, x509ss)) {
+ if (cfg.extensions && !X509V3_EXT_add_nconf(req_conf,
+ &ext_ctx, cfg.extensions, x509ss)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
- req_config.extensions);
+ cfg.extensions);
goto end;
}
if (addext_conf != NULL &&
"Error Loading command line extensions\n");
goto end;
}
- i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts);
+ i = do_X509_sign(bio_err, x509ss, pkey, cfg.digest, cfg.sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
- &ext_ctx, req_config.req_exts, req)) {
+ if (cfg.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
+ &ext_ctx, cfg.req_exts, req)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
- req_config.req_exts);
+ cfg.req_exts);
goto end;
}
if (addext_conf != NULL &&
"Error Loading command line extensions\n");
goto end;
}
- i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts);
+ i = do_X509_REQ_sign(bio_err, req, pkey, cfg.digest, cfg.sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
}
}
}
- if (req_config.subj && req_config.x509) {
+ if (cfg.subj && cfg.x509) {
BIO_printf(bio_err, "Cannot modify certificate subject\n");
goto end;
}
- if (req_config.subj && !req_config.x509) {
- if (req_config.verbose) {
+ if (cfg.subj && !cfg.x509) {
+ if (cfg.verbose) {
BIO_printf(bio_err, "Modifying Request's Subject\n");
- print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
+ print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
}
- if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) {
+ if (build_subject(req, cfg.subj, cfg.chtype, cfg.multirdn) == 0) {
BIO_printf(bio_err, "ERROR: cannot modify subject\n");
ex = 1;
goto end;
}
- if (req_config.verbose) {
- print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
+ if (cfg.verbose) {
+ print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
}
}
- if (req_config.verify && !req_config.x509) {
+ if (cfg.verify && !cfg.x509) {
EVP_PKEY *pubkey = pkey;
if (pubkey == NULL)
} else /* if (i > 0) */
BIO_printf(bio_err, "verify OK\n");
}
- if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) {
+ if (cfg.noout && !cfg.text && !cfg.modulus && !cfg.subject && !cfg.pubkey) {
ex = 0;
goto end;
}
- if (req_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0))
- i = (int) BIO_append_filename(out, req_config.outfile);
+ if ((cfg.keyout != NULL) && (strcmp(cfg.outfile, cfg.keyout) == 0))
+ i = (int) BIO_append_filename(out, cfg.outfile);
else
- i = (int) BIO_write_filename(out, req_config.outfile);
+ i = (int) BIO_write_filename(out, cfg.outfile);
if (!i) {
- perror(req_config.outfile);
+ perror(cfg.outfile);
goto end;
}
}
- if (req_config.pubkey) {
+ if (cfg.pubkey) {
EVP_PKEY *tpubkey;
if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) {
}
PEM_write_bio_PUBKEY(out, tpubkey);
}
- if (req_config.text) {
- if (req_config.x509)
- X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag);
+ if (cfg.text) {
+ if (cfg.x509)
+ X509_print_ex(out, x509ss, cfg.nmflag, cfg.reqflag);
else
- X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag);
+ X509_REQ_print_ex(out, req, cfg.nmflag, cfg.reqflag);
}
- if (req_config.subject) {
- if (req_config.x509)
- print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag);
+ if (cfg.subject) {
+ if (cfg.x509)
+ print_name(out, "subject=", X509_get_subject_name(x509ss), cfg.nmflag);
else
- print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
+ print_name(out, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag);
}
- if (req_config.modulus) {
+ if (cfg.modulus) {
EVP_PKEY *tpubkey;
- if (req_config.x509)
+ if (cfg.x509)
tpubkey = X509_get0_pubkey(x509ss);
else
tpubkey = X509_REQ_get0_pubkey(req);
fprintf(stdout, "Wrong Algorithm type");
fprintf(stdout, "\n");
}
- if (!req_config.noout && !req_config.x509) {
- if (req_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout && !cfg.x509) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_X509_REQ_bio(out, req);
- else if (req_config.outformat == FORMAT_PEM) {
- if (req_config.newhdr)
+ else if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.newhdr)
i = PEM_write_bio_X509_REQ_NEW(out, req);
else
i = PEM_write_bio_X509_REQ(out, req);
goto end;
}
}
- if (!req_config.noout && req_config.x509 && (x509ss != NULL)) {
- if (req_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout && cfg.x509 && (x509ss != NULL)) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x509ss);
- else if (req_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_X509(out, x509ss);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
if ((req_conf != NULL) && (req_conf != config))
NCONF_free(req_conf);
NCONF_free(addext_conf);
- BIO_free(req_config.addext_bio);
+ BIO_free(cfg.addext_bio);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
if (genctx)
EVP_PKEY_CTX_free(genctx);
- if (req_config.pkeyopts)
- sk_OPENSSL_STRING_free(req_config.pkeyopts);
- if (req_config.sigopts)
- sk_OPENSSL_STRING_free(req_config.sigopts);
- lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup);
- lh_OPENSSL_STRING_free(req_config.addexts);
+ if (cfg.pkeyopts)
+ sk_OPENSSL_STRING_free(cfg.pkeyopts);
+ if (cfg.sigopts)
+ sk_OPENSSL_STRING_free(cfg.sigopts);
+ lh_OPENSSL_STRING_doall(cfg.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup);
+ lh_OPENSSL_STRING_free(cfg.addexts);
free(keyalgstr);
X509_REQ_free(req);
X509_free(x509ss);
- ASN1_INTEGER_free(req_config.serial);
- if (req_config.passargin && passin)
+ ASN1_INTEGER_free(cfg.serial);
+ if (cfg.passargin && passin)
free(passin);
- if (req_config.passargout && passout)
+ if (cfg.passargout && passout)
free(passout);
OBJ_cleanup();
X509_NAME *subj;
subj = X509_REQ_get_subject_name(req);
- if (!req_config.batch) {
+ if (!cfg.batch) {
BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n");
BIO_printf(bio_err, "into your certificate request.\n");
BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n");
}
if (attribs) {
if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) &&
- (!req_config.batch)) {
+ (!cfg.batch)) {
BIO_printf(bio_err,
"\nPlease enter the following 'extra' attributes\n");
BIO_printf(bio_err,
int i, ret = 0;
char buf[1024];
start:
- if (!req_config.batch)
+ if (!cfg.batch)
BIO_printf(bio_err, "%s [%s]:", text, def);
(void) BIO_flush(bio_err);
if (value != NULL) {
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
- if (!req_config.batch) {
+ if (!cfg.batch) {
if (!fgets(buf, sizeof buf, stdin))
return 0;
} else {
static char buf[1024];
start:
- if (!req_config.batch)
+ if (!cfg.batch)
BIO_printf(bio_err, "%s [%s]:", text, def);
(void) BIO_flush(bio_err);
if (value != NULL) {
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
- if (!req_config.batch) {
+ if (!cfg.batch) {
if (!fgets(buf, sizeof buf, stdin))
return 0;
} else {
-/* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: rsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int pubout;
int pvk_encr;
int text;
-} rsa_config;
+} cfg;
static int
rsa_opt_cipher(int argc, char **argv, int *argsused)
if (*name++ != '-')
return (1);
- if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) {
+ if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) {
fprintf(stderr, "Invalid cipher '%s'\n", name);
return (1);
}
.name = "check",
.desc = "Check consistency of RSA private key",
.type = OPTION_FLAG,
- .opt.flag = &rsa_config.check,
+ .opt.flag = &cfg.check,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &rsa_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER, NET or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &rsa_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "modulus",
.desc = "Print the RSA key modulus",
.type = OPTION_FLAG,
- .opt.flag = &rsa_config.modulus,
+ .opt.flag = &cfg.modulus,
},
{
.name = "noout",
.desc = "Do not print encoded version of the key",
.type = OPTION_FLAG,
- .opt.flag = &rsa_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &rsa_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER, NET or PEM (default PEM))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &rsa_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "src",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &rsa_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "passout",
.argname = "src",
.desc = "Output file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &rsa_config.passargout,
+ .opt.arg = &cfg.passargout,
},
{
.name = "pubin",
.desc = "Expect a public key (default private key)",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &rsa_config.pubin,
+ .opt.value = &cfg.pubin,
},
{
.name = "pubout",
.desc = "Output a public key (default private key)",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &rsa_config.pubout,
+ .opt.value = &cfg.pubout,
},
{
.name = "pvk-none",
.type = OPTION_VALUE,
.value = 0,
- .opt.value = &rsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "pvk-strong",
.type = OPTION_VALUE,
.value = 2,
- .opt.value = &rsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "pvk-weak",
.type = OPTION_VALUE,
.value = 1,
- .opt.value = &rsa_config.pvk_encr,
+ .opt.value = &cfg.pvk_encr,
},
{
.name = "RSAPublicKey_in",
.type = OPTION_VALUE,
.value = 2,
- .opt.value = &rsa_config.pubin,
+ .opt.value = &cfg.pubin,
},
{
.name = "RSAPublicKey_out",
.type = OPTION_VALUE,
.value = 2,
- .opt.value = &rsa_config.pubout,
+ .opt.value = &cfg.pubout,
},
{
.name = "text",
.desc = "Print in plain text in addition to encoded",
.type = OPTION_FLAG,
- .opt.flag = &rsa_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = NULL,
exit(1);
}
- memset(&rsa_config, 0, sizeof(rsa_config));
- rsa_config.pvk_encr = 2;
- rsa_config.informat = FORMAT_PEM;
- rsa_config.outformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.pvk_encr = 2;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
rsa_usage();
goto end;
}
- if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
+ if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
- if (rsa_config.check && rsa_config.pubin) {
+ if (cfg.check && cfg.pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
}
{
EVP_PKEY *pkey;
- if (rsa_config.pubin) {
+ if (cfg.pubin) {
int tmpformat = -1;
- if (rsa_config.pubin == 2) {
- if (rsa_config.informat == FORMAT_PEM)
+ if (cfg.pubin == 2) {
+ if (cfg.informat == FORMAT_PEM)
tmpformat = FORMAT_PEMRSA;
- else if (rsa_config.informat == FORMAT_ASN1)
+ else if (cfg.informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
} else
- tmpformat = rsa_config.informat;
+ tmpformat = cfg.informat;
- pkey = load_pubkey(bio_err, rsa_config.infile,
+ pkey = load_pubkey(bio_err, cfg.infile,
tmpformat, 1, passin, "Public Key");
} else
- pkey = load_key(bio_err, rsa_config.infile,
- rsa_config.informat, 1, passin, "Private Key");
+ pkey = load_key(bio_err, cfg.infile,
+ cfg.informat, 1, passin, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
ERR_print_errors(bio_err);
goto end;
}
- if (rsa_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, rsa_config.outfile) <= 0) {
- perror(rsa_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
- if (rsa_config.text)
+ if (cfg.text)
if (!RSA_print(out, rsa, 0)) {
- perror(rsa_config.outfile);
+ perror(cfg.outfile);
ERR_print_errors(bio_err);
goto end;
}
- if (rsa_config.modulus) {
+ if (cfg.modulus) {
BIO_printf(out, "Modulus=");
BN_print(out, RSA_get0_n(rsa));
BIO_printf(out, "\n");
}
- if (rsa_config.check) {
+ if (cfg.check) {
int r = RSA_check_key(rsa);
if (r == 1)
goto end;
}
}
- if (rsa_config.noout) {
+ if (cfg.noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing RSA key\n");
- if (rsa_config.outformat == FORMAT_ASN1) {
- if (rsa_config.pubout || rsa_config.pubin) {
- if (rsa_config.pubout == 2)
+ if (cfg.outformat == FORMAT_ASN1) {
+ if (cfg.pubout || cfg.pubin) {
+ if (cfg.pubout == 2)
i = i2d_RSAPublicKey_bio(out, rsa);
else
i = i2d_RSA_PUBKEY_bio(out, rsa);
} else
i = i2d_RSAPrivateKey_bio(out, rsa);
- } else if (rsa_config.outformat == FORMAT_PEM) {
- if (rsa_config.pubout || rsa_config.pubin) {
- if (rsa_config.pubout == 2)
+ } else if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.pubout || cfg.pubin) {
+ if (cfg.pubout == 2)
i = PEM_write_bio_RSAPublicKey(out, rsa);
else
i = PEM_write_bio_RSA_PUBKEY(out, rsa);
} else
i = PEM_write_bio_RSAPrivateKey(out, rsa,
- rsa_config.enc, NULL, 0, NULL, passout);
+ cfg.enc, NULL, 0, NULL, passout);
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
- } else if (rsa_config.outformat == FORMAT_MSBLOB ||
- rsa_config.outformat == FORMAT_PVK) {
+ } else if (cfg.outformat == FORMAT_MSBLOB ||
+ cfg.outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_RSA(pk, rsa);
- if (rsa_config.outformat == FORMAT_PVK)
- i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0,
+ if (cfg.outformat == FORMAT_PVK)
+ i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0,
passout);
- else if (rsa_config.pubin || rsa_config.pubout)
+ else if (cfg.pubin || cfg.pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
-/* $OpenBSD: rsautl.c,v 1.20 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
char *passargin;
int rev;
int rsa_mode;
-} rsautl_config;
+} cfg;
static const struct option rsautl_options[] = {
{
.name = "asn1parse",
.desc = "ASN.1 parse the output data",
.type = OPTION_FLAG,
- .opt.flag = &rsautl_config.asn1parse,
+ .opt.flag = &cfg.asn1parse,
},
{
.name = "certin",
.desc = "Input is a certificate containing an RSA public key",
.type = OPTION_VALUE,
.value = KEY_CERT,
- .opt.value = &rsautl_config.key_type,
+ .opt.value = &cfg.key_type,
},
{
.name = "decrypt",
.desc = "Decrypt the input data using RSA private key",
.type = OPTION_VALUE,
.value = RSA_DECRYPT,
- .opt.value = &rsautl_config.rsa_mode,
+ .opt.value = &cfg.rsa_mode,
},
{
.name = "encrypt",
.desc = "Encrypt the input data using RSA public key",
.type = OPTION_VALUE,
.value = RSA_ENCRYPT,
- .opt.value = &rsautl_config.rsa_mode,
+ .opt.value = &cfg.rsa_mode,
},
{
.name = "hexdump",
.desc = "Hex dump the output data",
.type = OPTION_FLAG,
- .opt.flag = &rsautl_config.hexdump,
+ .opt.flag = &cfg.hexdump,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &rsautl_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inkey",
.argname = "file",
.desc = "Input key file",
.type = OPTION_ARG,
- .opt.arg = &rsautl_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "keyform",
.argname = "fmt",
.desc = "Input key format (DER, TXT or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &rsautl_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "oaep",
.desc = "Use PKCS#1 OAEP padding",
.type = OPTION_VALUE,
.value = RSA_PKCS1_OAEP_PADDING,
- .opt.value = &rsautl_config.pad,
+ .opt.value = &cfg.pad,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &rsautl_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passin",
.argname = "arg",
.desc = "Key password source",
.type = OPTION_ARG,
- .opt.arg = &rsautl_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "pkcs",
.desc = "Use PKCS#1 v1.5 padding (default)",
.type = OPTION_VALUE,
.value = RSA_PKCS1_PADDING,
- .opt.value = &rsautl_config.pad,
+ .opt.value = &cfg.pad,
},
{
.name = "pubin",
.desc = "Input is an RSA public key",
.type = OPTION_VALUE,
.value = KEY_PUBKEY,
- .opt.value = &rsautl_config.key_type,
+ .opt.value = &cfg.key_type,
},
{
.name = "raw",
.desc = "Use no padding",
.type = OPTION_VALUE,
.value = RSA_NO_PADDING,
- .opt.value = &rsautl_config.pad,
+ .opt.value = &cfg.pad,
},
{
.name = "rev",
.desc = "Reverse the input data",
.type = OPTION_FLAG,
- .opt.flag = &rsautl_config.rev,
+ .opt.flag = &cfg.rev,
},
{
.name = "sign",
.desc = "Sign the input data using RSA private key",
.type = OPTION_VALUE,
.value = RSA_SIGN,
- .opt.value = &rsautl_config.rsa_mode,
+ .opt.value = &cfg.rsa_mode,
},
{
.name = "verify",
.desc = "Verify the input data using RSA public key",
.type = OPTION_VALUE,
.value = RSA_VERIFY,
- .opt.value = &rsautl_config.rsa_mode,
+ .opt.value = &cfg.rsa_mode,
},
{
.name = "x931",
.desc = "Use ANSI X9.31 padding",
.type = OPTION_VALUE,
.value = RSA_X931_PADDING,
- .opt.value = &rsautl_config.pad,
+ .opt.value = &cfg.pad,
},
{NULL},
exit(1);
}
- memset(&rsautl_config, 0, sizeof(rsautl_config));
- rsautl_config.keyform = FORMAT_PEM;
- rsautl_config.key_type = KEY_PRIVKEY;
- rsautl_config.pad = RSA_PKCS1_PADDING;
- rsautl_config.rsa_mode = RSA_VERIFY;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.keyform = FORMAT_PEM;
+ cfg.key_type = KEY_PRIVKEY;
+ cfg.pad = RSA_PKCS1_PADDING;
+ cfg.rsa_mode = RSA_VERIFY;
if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {
rsautl_usage();
return (1);
}
- if (rsautl_config.rsa_mode == RSA_SIGN ||
- rsautl_config.rsa_mode == RSA_DECRYPT)
+ if (cfg.rsa_mode == RSA_SIGN ||
+ cfg.rsa_mode == RSA_DECRYPT)
need_priv = 1;
- if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) {
+ if (need_priv && cfg.key_type != KEY_PRIVKEY) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
- if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- switch (rsautl_config.key_type) {
+ switch (cfg.key_type) {
case KEY_PRIVKEY:
- pkey = load_key(bio_err, rsautl_config.keyfile,
- rsautl_config.keyform, 0, passin, "Private Key");
+ pkey = load_key(bio_err, cfg.keyfile,
+ cfg.keyform, 0, passin, "Private Key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, rsautl_config.keyfile,
- rsautl_config.keyform, 0, NULL, "Public Key");
+ pkey = load_pubkey(bio_err, cfg.keyfile,
+ cfg.keyform, 0, NULL, "Public Key");
break;
case KEY_CERT:
- x = load_cert(bio_err, rsautl_config.keyfile,
- rsautl_config.keyform, NULL, "Certificate");
+ x = load_cert(bio_err, cfg.keyfile,
+ cfg.keyform, NULL, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
ERR_print_errors(bio_err);
goto end;
}
- if (rsautl_config.infile) {
- if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) {
+ if (cfg.infile) {
+ if (!(in = BIO_new_file(cfg.infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err);
goto end;
} else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
- if (rsautl_config.outfile) {
- if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) {
+ if (cfg.outfile) {
+ if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err);
goto end;
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
- if (rsautl_config.rev) {
+ if (cfg.rev) {
int i;
unsigned char ctmp;
for (i = 0; i < rsa_inlen / 2; i++) {
}
}
- switch (rsautl_config.rsa_mode) {
+ switch (cfg.rsa_mode) {
case RSA_VERIFY:
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,
- rsa, rsautl_config.pad);
+ rsa, cfg.pad);
break;
case RSA_SIGN:
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,
- rsa, rsautl_config.pad);
+ rsa, cfg.pad);
break;
case RSA_ENCRYPT:
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,
- rsa, rsautl_config.pad);
+ rsa, cfg.pad);
break;
case RSA_DECRYPT:
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,
- rsa, rsautl_config.pad);
+ rsa, cfg.pad);
break;
}
goto end;
}
ret = 0;
- if (rsautl_config.asn1parse) {
+ if (cfg.asn1parse) {
if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
- } else if (rsautl_config.hexdump)
+ } else if (cfg.hexdump)
BIO_dump(out, (char *) rsa_out, rsa_outlen);
else
BIO_write(out, rsa_out, rsa_outlen);
-/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int verify;
X509_VERIFY_PARAM *vpm;
char *xmpphost;
-} s_client_config;
+} cfg;
static int
s_client_opt_keymatexportlen(char *arg)
{
- s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX,
- &s_client_config.errstr);
- if (s_client_config.errstr != NULL) {
+ cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
+ &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_client_config.errstr);
+ arg, cfg.errstr);
return (1);
}
return (0);
static int
s_client_opt_mtu(char *arg)
{
- s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX,
- &s_client_config.errstr);
- if (s_client_config.errstr != NULL) {
+ cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
+ &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_client_config.errstr);
+ arg, cfg.errstr);
return (1);
}
return (0);
if (*arg == '\0')
return (1);
- s_client_config.port = arg;
+ cfg.port = arg;
return (0);
}
static int
s_client_opt_protocol_version_dtls(void)
{
- s_client_config.meth = DTLS_client_method();
- s_client_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_client_method();
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_client_opt_protocol_version_dtls1(void)
{
- s_client_config.meth = DTLS_client_method();
- s_client_config.min_version = DTLS1_VERSION;
- s_client_config.max_version = DTLS1_VERSION;
- s_client_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_client_method();
+ cfg.min_version = DTLS1_VERSION;
+ cfg.max_version = DTLS1_VERSION;
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_client_opt_protocol_version_dtls1_2(void)
{
- s_client_config.meth = DTLS_client_method();
- s_client_config.min_version = DTLS1_2_VERSION;
- s_client_config.max_version = DTLS1_2_VERSION;
- s_client_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_client_method();
+ cfg.min_version = DTLS1_2_VERSION;
+ cfg.max_version = DTLS1_2_VERSION;
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_client_opt_protocol_version_tls1(void)
{
- s_client_config.min_version = TLS1_VERSION;
- s_client_config.max_version = TLS1_VERSION;
+ cfg.min_version = TLS1_VERSION;
+ cfg.max_version = TLS1_VERSION;
return (0);
}
static int
s_client_opt_protocol_version_tls1_1(void)
{
- s_client_config.min_version = TLS1_1_VERSION;
- s_client_config.max_version = TLS1_1_VERSION;
+ cfg.min_version = TLS1_1_VERSION;
+ cfg.max_version = TLS1_1_VERSION;
return (0);
}
static int
s_client_opt_protocol_version_tls1_2(void)
{
- s_client_config.min_version = TLS1_2_VERSION;
- s_client_config.max_version = TLS1_2_VERSION;
+ cfg.min_version = TLS1_2_VERSION;
+ cfg.max_version = TLS1_2_VERSION;
return (0);
}
static int
s_client_opt_protocol_version_tls1_3(void)
{
- s_client_config.min_version = TLS1_3_VERSION;
- s_client_config.max_version = TLS1_3_VERSION;
+ cfg.min_version = TLS1_3_VERSION;
+ cfg.max_version = TLS1_3_VERSION;
return (0);
}
static int
s_client_opt_quiet(void)
{
- s_client_config.quiet = 1;
- s_client_config.ign_eof = 1;
+ cfg.quiet = 1;
+ cfg.ign_eof = 1;
return (0);
}
s_client_opt_starttls(char *arg)
{
if (strcmp(arg, "smtp") == 0)
- s_client_config.starttls_proto = PROTO_SMTP;
+ cfg.starttls_proto = PROTO_SMTP;
else if (strcmp(arg, "lmtp") == 0)
- s_client_config.starttls_proto = PROTO_LMTP;
+ cfg.starttls_proto = PROTO_LMTP;
else if (strcmp(arg, "pop3") == 0)
- s_client_config.starttls_proto = PROTO_POP3;
+ cfg.starttls_proto = PROTO_POP3;
else if (strcmp(arg, "imap") == 0)
- s_client_config.starttls_proto = PROTO_IMAP;
+ cfg.starttls_proto = PROTO_IMAP;
else if (strcmp(arg, "ftp") == 0)
- s_client_config.starttls_proto = PROTO_FTP;
+ cfg.starttls_proto = PROTO_FTP;
else if (strcmp(arg, "xmpp") == 0)
- s_client_config.starttls_proto = PROTO_XMPP;
+ cfg.starttls_proto = PROTO_XMPP;
else
return (1);
return (0);
static int
s_client_opt_verify(char *arg)
{
- s_client_config.verify = SSL_VERIFY_PEER;
+ cfg.verify = SSL_VERIFY_PEER;
- verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr);
- if (s_client_config.errstr != NULL) {
+ verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_client_config.errstr);
+ arg, cfg.errstr);
return (1);
}
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
int badarg = 0;
if (!args_verify(&pargs, &pargc, &badarg, bio_err,
- &s_client_config.vpm)) {
+ &cfg.vpm)) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
return (1);
}
.name = "4",
.desc = "Use IPv4 only",
.type = OPTION_VALUE,
- .opt.value = &s_client_config.af,
+ .opt.value = &cfg.af,
.value = AF_INET,
},
{
.name = "6",
.desc = "Use IPv6 only",
.type = OPTION_VALUE,
- .opt.value = &s_client_config.af,
+ .opt.value = &cfg.af,
.value = AF_INET6,
},
{
.desc = "Set the advertised protocols for ALPN"
" (comma-separated list)",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.alpn_in,
+ .opt.arg = &cfg.alpn_in,
},
{
.name = "bugs",
.desc = "Enable various workarounds for buggy implementations",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.bugs,
+ .opt.flag = &cfg.bugs,
},
{
.name = "CAfile",
.argname = "file",
.desc = "PEM format file of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "directory",
.desc = "PEM format directory of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "cert",
.argname = "file",
.desc = "Certificate file to use, PEM format assumed",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.cert_file,
+ .opt.arg = &cfg.cert_file,
},
{
.name = "certform",
.argname = "fmt",
.desc = "Certificate format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_client_config.cert_format,
+ .opt.value = &cfg.cert_format,
},
{
.name = "cipher",
.argname = "cipherlist",
.desc = "Preferred cipher to use (see 'openssl ciphers')",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.cipher,
+ .opt.arg = &cfg.cipher,
},
{
.name = "connect",
.argname = "host:port",
.desc = "Who to connect to (default is localhost:4433)",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.connect,
+ .opt.arg = &cfg.connect,
},
{
.name = "crlf",
.desc = "Convert LF from terminal into CRLF",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.crlf,
+ .opt.flag = &cfg.crlf,
},
{
.name = "debug",
.desc = "Print extensive debugging information",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.debug,
+ .opt.flag = &cfg.debug,
},
#ifndef OPENSSL_NO_DTLS
{
.argname = "list",
.desc = "Specify EC groups (colon-separated list)",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.groups_in,
+ .opt.arg = &cfg.groups_in,
},
{
.name = "host",
.argname = "host",
.desc = "Use -connect instead",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.host,
+ .opt.arg = &cfg.host,
},
{
.name = "ign_eof",
.desc = "Ignore input EOF (default when -quiet)",
.type = OPTION_VALUE,
- .opt.value = &s_client_config.ign_eof,
+ .opt.value = &cfg.ign_eof,
.value = 1,
},
{
.argname = "file",
.desc = "Private key file to use, if not, -cert file is used",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.key_file,
+ .opt.arg = &cfg.key_file,
},
{
.name = "keyform",
.argname = "fmt",
.desc = "Key format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_client_config.key_format,
+ .opt.value = &cfg.key_format,
},
{
.name = "keymatexport",
.argname = "label",
.desc = "Export keying material using label",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.keymatexportlabel,
+ .opt.arg = &cfg.keymatexportlabel,
},
{
.name = "keymatexportlen",
.name = "legacy_server_connect",
.desc = "Allow initial connection to servers that don't support RI",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_LEGACY_SERVER_CONNECT,
},
{
.name = "msg",
.desc = "Show all protocol messages with hex dump",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.msg,
+ .opt.flag = &cfg.msg,
},
#ifndef OPENSSL_NO_DTLS
{
.name = "nbio",
.desc = "Turn on non-blocking I/O",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.nbio,
+ .opt.flag = &cfg.nbio,
},
{
.name = "nbio_test",
.desc = "Test non-blocking I/O",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.nbio_test,
+ .opt.flag = &cfg.nbio_test,
},
{
.name = "nextprotoneg",
.argname = "protocols",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.npn_in, /* Ignored. */
+ .opt.arg = &cfg.npn_in, /* Ignored. */
},
{
.name = "no_comp",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_COMPRESSION,
},
{
.name = "no_ign_eof",
.desc = "Don't ignore input EOF",
.type = OPTION_VALUE,
- .opt.value = &s_client_config.ign_eof,
+ .opt.value = &cfg.ign_eof,
.value = 0,
},
{
.name = "no_legacy_server_connect",
.desc = "Disallow initial connection to servers that don't support RI",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.clr,
+ .opt.value = &cfg.clr,
.value = SSL_OP_LEGACY_SERVER_CONNECT,
},
{
.name = "no_servername",
.desc = "Do not send a Server Name Indication (SNI) extension",
.type = OPTION_FLAG,
- .opt.value = &s_client_config.no_servername,
+ .opt.value = &cfg.no_servername,
},
{
.name = "no_ssl2",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_SSLv2,
},
{
.name = "no_ssl3",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_SSLv3,
},
{
.name = "no_ticket",
.desc = "Disable use of RFC4507 session ticket support",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TICKET,
},
{
.name = "no_tls1",
.desc = "Disable the use of TLSv1",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1,
},
{
.name = "no_tls1_1",
.desc = "Disable the use of TLSv1.1",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_1,
},
{
.name = "no_tls1_2",
.desc = "Disable the use of TLSv1.2",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_2,
},
{
.name = "no_tls1_3",
.desc = "Disable the use of TLSv1.3",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_3,
},
{
.name = "noservername",
.type = OPTION_FLAG,
- .opt.value = &s_client_config.no_servername,
+ .opt.value = &cfg.no_servername,
},
{
.name = "pass",
.argname = "arg",
.desc = "Private key file pass phrase source",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.passarg,
+ .opt.arg = &cfg.passarg,
},
{
.name = "pause",
.desc = "Pause 1 second between each read and write call",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.pause,
+ .opt.flag = &cfg.pause,
},
{
.name = "peekaboo",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.peekaboo,
+ .opt.flag = &cfg.peekaboo,
},
{
.name = "port",
.name = "prexit",
.desc = "Print session information when the program exits",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.prexit,
+ .opt.flag = &cfg.prexit,
},
{
.name = "proxy",
.argname = "host:port",
.desc = "Connect to http proxy",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.proxy,
+ .opt.arg = &cfg.proxy,
},
{
.name = "quiet",
.name = "reconnect",
.desc = "Drop and re-make the connection with the same Session-ID",
.type = OPTION_VALUE,
- .opt.value = &s_client_config.reconnect,
+ .opt.value = &cfg.reconnect,
.value = 5,
},
{
.argname = "name",
.desc = "Set TLS extension servername in ClientHello (SNI)",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.servername,
+ .opt.arg = &cfg.servername,
},
{
.name = "serverpref",
.desc = "Use server's cipher preferences",
.type = OPTION_VALUE_OR,
- .opt.value = &s_client_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_CIPHER_SERVER_PREFERENCE,
},
{
.argname = "file",
.desc = "File to read TLS session from",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.sess_in,
+ .opt.arg = &cfg.sess_in,
},
{
.name = "sess_out",
.argname = "file",
.desc = "File to write TLS session to",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.sess_out,
+ .opt.arg = &cfg.sess_out,
},
{
.name = "showcerts",
.desc = "Show all server certificates in the chain",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.showcerts,
+ .opt.flag = &cfg.showcerts,
},
{
.name = "starttls",
.name = "state",
.desc = "Print the TLS session states",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.state,
+ .opt.flag = &cfg.state,
},
{
.name = "status",
.desc = "Send a certificate status request to the server (OCSP)",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.status_req,
+ .opt.flag = &cfg.status_req,
},
#ifndef OPENSSL_NO_DTLS
{
.name = "timeout",
.desc = "Enable send/receive timeout on DTLS connections",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.enable_timeouts,
+ .opt.flag = &cfg.enable_timeouts,
},
#endif
{
.name = "tlsextdebug",
.desc = "Hex dump of all TLS extensions received",
.type = OPTION_FLAG,
- .opt.flag = &s_client_config.tlsextdebug,
+ .opt.flag = &cfg.tlsextdebug,
},
#ifndef OPENSSL_NO_SRTP
{
.argname = "profiles",
.desc = "Offer SRTP key management with a colon-separated profiles",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.srtp_profiles,
+ .opt.arg = &cfg.srtp_profiles,
},
#endif
{
.argname = "host",
.desc = "Connect to this virtual host on the xmpp server",
.type = OPTION_ARG,
- .opt.arg = &s_client_config.xmpphost,
+ .opt.arg = &cfg.xmpphost,
},
{
.name = NULL,
exit(1);
}
- memset(&s_client_config, 0, sizeof(s_client_config));
- s_client_config.af = AF_UNSPEC;
- s_client_config.cert_format = FORMAT_PEM;
- s_client_config.host = SSL_HOST_NAME;
- s_client_config.key_format = FORMAT_PEM;
- s_client_config.keymatexportlen = 20;
- s_client_config.meth = TLS_client_method();
- s_client_config.port = PORT_STR;
- s_client_config.socket_type = SOCK_STREAM;
- s_client_config.starttls_proto = PROTO_OFF;
- s_client_config.verify = SSL_VERIFY_NONE;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.af = AF_UNSPEC;
+ cfg.cert_format = FORMAT_PEM;
+ cfg.host = SSL_HOST_NAME;
+ cfg.key_format = FORMAT_PEM;
+ cfg.keymatexportlen = 20;
+ cfg.meth = TLS_client_method();
+ cfg.port = PORT_STR;
+ cfg.socket_type = SOCK_STREAM;
+ cfg.starttls_proto = PROTO_OFF;
+ cfg.verify = SSL_VERIFY_NONE;
if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
((sbuf = malloc(BUFSIZZ)) == NULL) ||
badop = 1;
goto bad;
}
- if (s_client_config.proxy != NULL) {
- if (!extract_host_port(s_client_config.proxy,
- &s_client_config.host, NULL, &s_client_config.port))
+ if (cfg.proxy != NULL) {
+ if (!extract_host_port(cfg.proxy,
+ &cfg.host, NULL, &cfg.port))
goto bad;
- if (s_client_config.connect == NULL)
- s_client_config.connect = SSL_HOST_NAME;
- } else if (s_client_config.connect != NULL) {
- if (!extract_host_port(s_client_config.connect,
- &s_client_config.host, NULL, &s_client_config.port))
+ if (cfg.connect == NULL)
+ cfg.connect = SSL_HOST_NAME;
+ } else if (cfg.connect != NULL) {
+ if (!extract_host_port(cfg.connect,
+ &cfg.host, NULL, &cfg.port))
goto bad;
}
if (badop) {
bad:
- if (s_client_config.errstr == NULL)
+ if (cfg.errstr == NULL)
sc_usage();
goto end;
}
- if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) {
+ if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (s_client_config.key_file == NULL)
- s_client_config.key_file = s_client_config.cert_file;
+ if (cfg.key_file == NULL)
+ cfg.key_file = cfg.cert_file;
- if (s_client_config.key_file) {
+ if (cfg.key_file) {
- key = load_key(bio_err, s_client_config.key_file,
- s_client_config.key_format, 0, pass,
+ key = load_key(bio_err, cfg.key_file,
+ cfg.key_format, 0, pass,
"client certificate private key file");
if (!key) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (s_client_config.cert_file) {
- cert = load_cert(bio_err, s_client_config.cert_file,
- s_client_config.cert_format,
+ if (cfg.cert_file) {
+ cert = load_cert(bio_err, cfg.cert_file,
+ cfg.cert_format,
NULL, "client certificate file");
if (!cert) {
goto end;
}
}
- if (s_client_config.quiet && !s_client_config.debug &&
- !s_client_config.msg) {
+ if (cfg.quiet && !cfg.debug &&
+ !cfg.msg) {
if ((bio_c_out = BIO_new(BIO_s_null())) == NULL)
goto end;
} else {
goto end;
}
- ctx = SSL_CTX_new(s_client_config.meth);
+ ctx = SSL_CTX_new(cfg.meth);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
- if (s_client_config.vpm)
- SSL_CTX_set1_param(ctx, s_client_config.vpm);
+ if (cfg.vpm)
+ SSL_CTX_set1_param(ctx, cfg.vpm);
- if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version))
+ if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
goto end;
- if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version))
+ if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
goto end;
#ifndef OPENSSL_NO_SRTP
- if (s_client_config.srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles);
+ if (cfg.srtp_profiles != NULL)
+ SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
#endif
- if (s_client_config.bugs)
- SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off);
+ if (cfg.bugs)
+ SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off);
else
- SSL_CTX_set_options(ctx, s_client_config.off);
+ SSL_CTX_set_options(ctx, cfg.off);
- if (s_client_config.clr)
- SSL_CTX_clear_options(ctx, s_client_config.clr);
+ if (cfg.clr)
+ SSL_CTX_clear_options(ctx, cfg.clr);
- if (s_client_config.alpn_in) {
+ if (cfg.alpn_in) {
unsigned short alpn_len;
unsigned char *alpn;
- alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in);
+ alpn = next_protos_parse(&alpn_len, cfg.alpn_in);
if (alpn == NULL) {
BIO_printf(bio_err, "Error parsing -alpn argument\n");
goto end;
SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
free(alpn);
}
- if (s_client_config.groups_in != NULL) {
- if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) {
+ if (cfg.groups_in != NULL) {
+ if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
BIO_printf(bio_err, "Failed to set groups '%s'\n",
- s_client_config.groups_in);
+ cfg.groups_in);
goto end;
}
}
- if (s_client_config.state)
+ if (cfg.state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
- if (s_client_config.cipher != NULL)
- if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) {
+ if (cfg.cipher != NULL)
+ if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
- SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback);
+ SSL_CTX_set_verify(ctx, cfg.verify, verify_callback);
if (!set_cert_key_stuff(ctx, cert, key))
goto end;
- if ((s_client_config.CAfile || s_client_config.CApath)
- && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile,
- s_client_config.CApath))
+ if ((cfg.CAfile || cfg.CApath)
+ && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
+ cfg.CApath))
ERR_print_errors(bio_err);
if (!SSL_CTX_set_default_verify_paths(ctx))
ERR_print_errors(bio_err);
con = SSL_new(ctx);
- if (s_client_config.sess_in) {
+ if (cfg.sess_in) {
SSL_SESSION *sess;
- BIO *stmp = BIO_new_file(s_client_config.sess_in, "r");
+ BIO *stmp = BIO_new_file(cfg.sess_in, "r");
if (!stmp) {
BIO_printf(bio_err, "Can't open session file %s\n",
- s_client_config.sess_in);
+ cfg.sess_in);
ERR_print_errors(bio_err);
goto end;
}
BIO_free(stmp);
if (!sess) {
BIO_printf(bio_err, "Can't open session file %s\n",
- s_client_config.sess_in);
+ cfg.sess_in);
ERR_print_errors(bio_err);
goto end;
}
}
/* Attempt to opportunistically use the host name for SNI. */
- servername = s_client_config.servername;
+ servername = cfg.servername;
if (servername == NULL)
- servername = s_client_config.host;
+ servername = cfg.host;
- if (!s_client_config.no_servername && servername != NULL &&
+ if (!cfg.no_servername && servername != NULL &&
!SSL_set_tlsext_host_name(con, servername)) {
long ssl_err = ERR_peek_error();
- if (s_client_config.servername != NULL ||
+ if (cfg.servername != NULL ||
ERR_GET_LIB(ssl_err) != ERR_LIB_SSL ||
ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) {
BIO_printf(bio_err,
servername = NULL;
ERR_clear_error();
}
- if (!s_client_config.no_servername && servername != NULL) {
+ if (!cfg.no_servername && servername != NULL) {
tlsextcbp.biodebug = bio_err;
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
re_start:
- if (init_client(&s, s_client_config.host, s_client_config.port,
- s_client_config.socket_type, s_client_config.af) == 0) {
+ if (init_client(&s, cfg.host, cfg.port,
+ cfg.socket_type, cfg.af) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", errno);
goto end;
}
BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
- if (s_client_config.nbio) {
- if (!s_client_config.quiet)
+ if (cfg.nbio) {
+ if (!cfg.quiet)
BIO_printf(bio_c_out, "turning on non blocking io\n");
if (!BIO_socket_nbio(s, 1)) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (s_client_config.pause & 0x01)
+ if (cfg.pause & 0x01)
SSL_set_debug(con, 1);
if (SSL_is_dtls(con)) {
}
(void) BIO_ctrl_set_connected(sbio, 1, &peer);
- if (s_client_config.enable_timeouts) {
+ if (cfg.enable_timeouts) {
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
&timeout);
}
- if (s_client_config.socket_mtu > 28) {
+ if (cfg.socket_mtu > 28) {
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, s_client_config.socket_mtu - 28);
+ SSL_set_mtu(con, cfg.socket_mtu - 28);
} else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
} else
sbio = BIO_new_socket(s, BIO_NOCLOSE);
- if (s_client_config.nbio_test) {
+ if (cfg.nbio_test) {
BIO *test;
test = BIO_new(BIO_f_nbio_test());
sbio = BIO_push(test, sbio);
}
- if (s_client_config.debug) {
+ if (cfg.debug) {
SSL_set_debug(con, 1);
BIO_set_callback(sbio, bio_dump_callback);
BIO_set_callback_arg(sbio, (char *) bio_c_out);
}
- if (s_client_config.msg) {
+ if (cfg.msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_out);
}
- if (s_client_config.tlsextdebug) {
+ if (cfg.tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_c_out);
}
- if (s_client_config.status_req) {
+ if (cfg.status_req) {
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
* push a buffering BIO into the chain that is removed again later on
* to not disturb the rest of the s_client operation.
*/
- if (s_client_config.starttls_proto == PROTO_SMTP ||
- s_client_config.starttls_proto == PROTO_LMTP) {
+ if (cfg.starttls_proto == PROTO_SMTP ||
+ cfg.starttls_proto == PROTO_LMTP) {
int foundit = 0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
while (mbuf_len > 3 && mbuf[3] == '-');
/* STARTTLS command requires EHLO... */
BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
- s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L');
+ cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L');
(void) BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
do {
" try anyway...\n");
BIO_printf(sbio, "STARTTLS\r\n");
BIO_read(sbio, sbuf, BUFSIZZ);
- } else if (s_client_config.starttls_proto == PROTO_POP3) {
+ } else if (cfg.starttls_proto == PROTO_POP3) {
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
if (mbuf_len == -1) {
BIO_printf(bio_err, "BIO_read failed\n");
}
BIO_printf(sbio, "STLS\r\n");
BIO_read(sbio, sbuf, BUFSIZZ);
- } else if (s_client_config.starttls_proto == PROTO_IMAP) {
+ } else if (cfg.starttls_proto == PROTO_IMAP) {
int foundit = 0;
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
" try anyway...\n");
BIO_printf(sbio, ". STARTTLS\r\n");
BIO_read(sbio, sbuf, BUFSIZZ);
- } else if (s_client_config.starttls_proto == PROTO_FTP) {
+ } else if (cfg.starttls_proto == PROTO_FTP) {
BIO *fbio = BIO_new(BIO_f_buffer());
BIO_push(fbio, sbio);
/* wait for multi-line response to end from FTP */
BIO_free(fbio);
BIO_printf(sbio, "AUTH TLS\r\n");
BIO_read(sbio, sbuf, BUFSIZZ);
- } else if (s_client_config.starttls_proto == PROTO_XMPP) {
+ } else if (cfg.starttls_proto == PROTO_XMPP) {
int seen = 0;
BIO_printf(sbio, "<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>",
- s_client_config.xmpphost ?
- s_client_config.xmpphost : s_client_config.host);
+ cfg.xmpphost ?
+ cfg.xmpphost : cfg.host);
seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
if (!strstr(sbuf, "<proceed"))
goto shut;
mbuf[0] = 0;
- } else if (s_client_config.proxy != NULL) {
+ } else if (cfg.proxy != NULL) {
BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n",
- s_client_config.connect);
+ cfg.connect);
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
if (mbuf_len == -1) {
BIO_printf(bio_err, "BIO_read failed\n");
tty_on = 1;
if (in_init) {
in_init = 0;
- if (s_client_config.sess_out) {
+ if (cfg.sess_out) {
BIO *stmp = BIO_new_file(
- s_client_config.sess_out, "w");
+ cfg.sess_out, "w");
if (stmp) {
PEM_write_bio_SSL_SESSION(stmp,
SSL_get_session(con));
} else
BIO_printf(bio_err,
"Error writing session file %s\n",
- s_client_config.sess_out);
+ cfg.sess_out);
}
print_stuff(bio_c_out, con, full_log);
if (full_log > 0)
full_log--;
- if (s_client_config.starttls_proto) {
+ if (cfg.starttls_proto) {
BIO_write(bio_err, mbuf, mbuf_len);
/* We don't need to know any more */
- s_client_config.starttls_proto = PROTO_OFF;
+ cfg.starttls_proto = PROTO_OFF;
}
- if (s_client_config.reconnect) {
- s_client_config.reconnect--;
+ if (cfg.reconnect) {
+ cfg.reconnect--;
BIO_printf(bio_c_out,
"drop connection and then reconnect\n");
SSL_shutdown(con);
}
}
#endif
- if (s_client_config.peekaboo) {
+ if (cfg.peekaboo) {
k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
pending = SSL_pending(con);
if (SSL_get_error(con, p) == SSL_ERROR_NONE) {
goto end;
sbuf_off = 0;
sbuf_len = k;
- if (s_client_config.peekaboo) {
+ if (cfg.peekaboo) {
if (p != pending) {
ret = -1;
BIO_printf(bio_err,
BIO_printf(bio_err, "poll error");
goto shut;
}
- if (s_client_config.crlf) {
+ if (cfg.crlf) {
int j, lf_num;
i = read(fileno(stdin), cbuf, BUFSIZZ / 2);
} else
i = read(fileno(stdin), cbuf, BUFSIZZ);
- if ((!s_client_config.ign_eof) &&
+ if ((!cfg.ign_eof) &&
((i <= 0) || (cbuf[0] == 'Q'))) {
BIO_printf(bio_err, "DONE\n");
ret = 0;
goto shut;
}
- if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) {
+ if ((!cfg.ign_eof) && (cbuf[0] == 'R')) {
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
close(SSL_get_fd(con));
end:
if (con != NULL) {
- if (s_client_config.prexit != 0)
+ if (cfg.prexit != 0)
print_stuff(bio_c_out, con, 1);
SSL_free(con);
}
X509_free(cert);
EVP_PKEY_free(key);
free(pass);
- X509_VERIFY_PARAM_free(s_client_config.vpm);
+ X509_VERIFY_PARAM_free(cfg.vpm);
freezero(cbuf, BUFSIZZ);
freezero(sbuf, BUFSIZZ);
freezero(pbuf, BUFSIZZ);
X509_NAME_oneline(X509_get_issuer_name(
sk_X509_value(sk, i)), buf, sizeof buf);
BIO_printf(bio, " i:%s\n", buf);
- if (s_client_config.showcerts)
+ if (cfg.showcerts)
PEM_write_bio_X509(bio,
sk_X509_value(sk, i));
}
peer = SSL_get_peer_certificate(s);
if (peer != NULL) {
BIO_printf(bio, "Server certificate\n");
- if (!(s_client_config.showcerts && got_a_chain)) {
+ if (!(cfg.showcerts && got_a_chain)) {
/* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio, peer);
}
#endif
SSL_SESSION_print(bio, SSL_get_session(s));
- if (s_client_config.keymatexportlabel != NULL) {
+ if (cfg.keymatexportlabel != NULL) {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n",
- s_client_config.keymatexportlabel);
+ cfg.keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n",
- s_client_config.keymatexportlen);
- exportedkeymat = malloc(s_client_config.keymatexportlen);
+ cfg.keymatexportlen);
+ exportedkeymat = malloc(cfg.keymatexportlen);
if (exportedkeymat != NULL) {
if (!SSL_export_keying_material(s, exportedkeymat,
- s_client_config.keymatexportlen,
- s_client_config.keymatexportlabel,
- strlen(s_client_config.keymatexportlabel),
+ cfg.keymatexportlen,
+ cfg.keymatexportlabel,
+ strlen(cfg.keymatexportlabel),
NULL, 0, 0)) {
BIO_printf(bio, " Error\n");
} else {
BIO_printf(bio, " Keying material: ");
- for (i = 0; i < s_client_config.keymatexportlen; i++)
+ for (i = 0; i < cfg.keymatexportlen; i++)
BIO_printf(bio, "%02X",
exportedkeymat[i]);
BIO_printf(bio, "\n");
-/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int tlsextstatus;
X509_VERIFY_PARAM *vpm;
int www;
-} s_server_config;
+} cfg;
static int
s_server_opt_context(char *arg)
{
- s_server_config.context = (unsigned char *) arg;
+ cfg.context = (unsigned char *) arg;
return (0);
}
static int
s_server_opt_keymatexportlen(char *arg)
{
- s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX,
- &s_server_config.errstr);
- if (s_server_config.errstr != NULL) {
+ cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
+ &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_server_config.errstr);
+ arg, cfg.errstr);
return (1);
}
return (0);
static int
s_server_opt_mtu(char *arg)
{
- s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX,
- &s_server_config.errstr);
- if (s_server_config.errstr != NULL) {
+ cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
+ &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_server_config.errstr);
+ arg, cfg.errstr);
return (1);
}
return (0);
static int
s_server_opt_protocol_version_dtls(void)
{
- s_server_config.meth = DTLS_server_method();
- s_server_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_server_method();
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_server_opt_protocol_version_dtls1(void)
{
- s_server_config.meth = DTLS_server_method();
- s_server_config.min_version = DTLS1_VERSION;
- s_server_config.max_version = DTLS1_VERSION;
- s_server_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_server_method();
+ cfg.min_version = DTLS1_VERSION;
+ cfg.max_version = DTLS1_VERSION;
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_server_opt_protocol_version_dtls1_2(void)
{
- s_server_config.meth = DTLS_server_method();
- s_server_config.min_version = DTLS1_2_VERSION;
- s_server_config.max_version = DTLS1_2_VERSION;
- s_server_config.socket_type = SOCK_DGRAM;
+ cfg.meth = DTLS_server_method();
+ cfg.min_version = DTLS1_2_VERSION;
+ cfg.max_version = DTLS1_2_VERSION;
+ cfg.socket_type = SOCK_DGRAM;
return (0);
}
#endif
static int
s_server_opt_protocol_version_tls1(void)
{
- s_server_config.min_version = TLS1_VERSION;
- s_server_config.max_version = TLS1_VERSION;
+ cfg.min_version = TLS1_VERSION;
+ cfg.max_version = TLS1_VERSION;
return (0);
}
static int
s_server_opt_protocol_version_tls1_1(void)
{
- s_server_config.min_version = TLS1_1_VERSION;
- s_server_config.max_version = TLS1_1_VERSION;
+ cfg.min_version = TLS1_1_VERSION;
+ cfg.max_version = TLS1_1_VERSION;
return (0);
}
static int
s_server_opt_protocol_version_tls1_2(void)
{
- s_server_config.min_version = TLS1_2_VERSION;
- s_server_config.max_version = TLS1_2_VERSION;
+ cfg.min_version = TLS1_2_VERSION;
+ cfg.max_version = TLS1_2_VERSION;
return (0);
}
static int
s_server_opt_protocol_version_tls1_3(void)
{
- s_server_config.min_version = TLS1_3_VERSION;
- s_server_config.max_version = TLS1_3_VERSION;
+ cfg.min_version = TLS1_3_VERSION;
+ cfg.max_version = TLS1_3_VERSION;
return (0);
}
static int
s_server_opt_nbio_test(void)
{
- s_server_config.nbio = 1;
- s_server_config.nbio_test = 1;
+ cfg.nbio = 1;
+ cfg.nbio_test = 1;
return (0);
}
static int
s_server_opt_port(char *arg)
{
- if (!extract_port(arg, &s_server_config.port))
+ if (!extract_port(arg, &cfg.port))
return (1);
return (0);
}
static int
s_server_opt_status_timeout(char *arg)
{
- s_server_config.tlsextstatus = 1;
- s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX,
- &s_server_config.errstr);
- if (s_server_config.errstr != NULL) {
+ cfg.tlsextstatus = 1;
+ cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX,
+ &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_server_config.errstr);
+ arg, cfg.errstr);
return (1);
}
return (0);
static int
s_server_opt_status_url(char *arg)
{
- s_server_config.tlsextstatus = 1;
- if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host,
- &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path,
- &s_server_config.tlscstatp.use_ssl)) {
+ cfg.tlsextstatus = 1;
+ if (!OCSP_parse_url(arg, &cfg.tlscstatp.host,
+ &cfg.tlscstatp.port, &cfg.tlscstatp.path,
+ &cfg.tlscstatp.use_ssl)) {
BIO_printf(bio_err, "Error parsing URL\n");
return (1);
}
static int
s_server_opt_status_verbose(void)
{
- s_server_config.tlsextstatus = 1;
- s_server_config.tlscstatp.verbose = 1;
+ cfg.tlsextstatus = 1;
+ cfg.tlscstatp.verbose = 1;
return (0);
}
static int
s_server_opt_verify(char *arg)
{
- s_server_config.server_verify = SSL_VERIFY_PEER |
+ cfg.server_verify = SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE;
- verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr);
- if (s_server_config.errstr != NULL) {
+ verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_server_config.errstr);
+ arg, cfg.errstr);
return (1);
}
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
static int
s_server_opt_verify_fail(char *arg)
{
- s_server_config.server_verify = SSL_VERIFY_PEER |
+ cfg.server_verify = SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
- verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr);
- if (s_server_config.errstr != NULL) {
+ verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
+ if (cfg.errstr != NULL) {
BIO_printf(bio_err, "invalid argument %s: %s\n",
- arg, s_server_config.errstr);
+ arg, cfg.errstr);
return (1);
}
BIO_printf(bio_err, "verify depth is %d, must return a certificate\n",
int badarg = 0;
if (!args_verify(&pargs, &pargc, &badarg, bio_err,
- &s_server_config.vpm)) {
+ &cfg.vpm)) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
return (1);
}
.desc = "Set the advertised protocols for the ALPN extension"
" (comma-separated list)",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.alpn_in,
+ .opt.arg = &cfg.alpn_in,
},
{
.name = "bugs",
.desc = "Turn on SSL bug compatibility",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.bugs,
+ .opt.flag = &cfg.bugs,
},
{
.name = "CAfile",
.argname = "file",
.desc = "PEM format file of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "directory",
.desc = "PEM format directory of CA certificates",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "cert",
.desc = "Certificate file to use\n"
"(default is " TEST_CERT ")",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.cert_file,
+ .opt.arg = &cfg.cert_file,
},
{
.name = "cert2",
.desc = "Certificate file to use for servername\n"
"(default is " TEST_CERT2 ")",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.cert_file2,
+ .opt.arg = &cfg.cert_file2,
},
{
.name = "certform",
.argname = "fmt",
.desc = "Certificate format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_server_config.cert_format,
+ .opt.value = &cfg.cert_format,
},
#ifndef OPENSSL_NO_DTLS
{
.name = "chain",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.cert_chain,
+ .opt.flag = &cfg.cert_chain,
},
#endif
{
.argname = "list",
.desc = "List of ciphers to enable (see `openssl ciphers`)",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.cipher,
+ .opt.arg = &cfg.cipher,
},
{
.name = "context",
.name = "crlf",
.desc = "Convert LF from terminal into CRLF",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.crlf,
+ .opt.flag = &cfg.crlf,
},
{
.name = "dcert",
.argname = "file",
.desc = "Second certificate file to use (usually for DSA)",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.dcert_file,
+ .opt.arg = &cfg.dcert_file,
},
{
.name = "dcertform",
.argname = "fmt",
.desc = "Second certificate format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_server_config.dcert_format,
+ .opt.value = &cfg.dcert_format,
},
{
.name = "debug",
.desc = "Print more output",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.debug,
+ .opt.flag = &cfg.debug,
},
{
.name = "dhparam",
.argname = "file",
.desc = "DH parameter file to use, in cert file if not specified",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.dhfile,
+ .opt.arg = &cfg.dhfile,
},
{
.name = "dkey",
.argname = "file",
.desc = "Second private key file to use (usually for DSA)",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.dkey_file,
+ .opt.arg = &cfg.dkey_file,
},
{
.name = "dkeyform",
.argname = "fmt",
.desc = "Second key format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_server_config.dkey_format,
+ .opt.value = &cfg.dkey_format,
},
{
.name = "dpass",
.argname = "arg",
.desc = "Second private key file pass phrase source",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.dpassarg,
+ .opt.arg = &cfg.dpassarg,
},
#ifndef OPENSSL_NO_DTLS
{
.argname = "list",
.desc = "Specify EC groups (colon-separated list)",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.groups_in,
+ .opt.arg = &cfg.groups_in,
},
{
.name = "HTTP",
.desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
.type = OPTION_VALUE,
- .opt.value = &s_server_config.www,
+ .opt.value = &cfg.www,
.value = 3,
},
{
.argname = "arg",
.desc = "Generate SSL/TLS session IDs prefixed by 'arg'",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.session_id_prefix,
+ .opt.arg = &cfg.session_id_prefix,
},
{
.name = "key",
.desc = "Private Key file to use, in cert file if\n"
"not specified (default is " TEST_CERT ")",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.key_file,
+ .opt.arg = &cfg.key_file,
},
{
.name = "key2",
.desc = "Private Key file to use for servername, in cert file if\n"
"not specified (default is " TEST_CERT2 ")",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.key_file2,
+ .opt.arg = &cfg.key_file2,
},
{
.name = "keyform",
.argname = "fmt",
.desc = "Key format (PEM or DER) PEM default",
.type = OPTION_ARG_FORMAT,
- .opt.value = &s_server_config.key_format,
+ .opt.value = &cfg.key_format,
},
{
.name = "keymatexport",
.argname = "label",
.desc = "Export keying material using label",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.keymatexportlabel,
+ .opt.arg = &cfg.keymatexportlabel,
},
{
.name = "keymatexportlen",
.name = "msg",
.desc = "Show protocol messages",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.msg,
+ .opt.flag = &cfg.msg,
},
#ifndef OPENSSL_NO_DTLS
{
.argname = "num",
.desc = "Terminate after num connections",
.type = OPTION_ARG_INT,
- .opt.value = &s_server_config.naccept
+ .opt.value = &cfg.naccept
},
{
.name = "named_curve",
.argname = "arg",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.named_curve,
+ .opt.arg = &cfg.named_curve,
},
{
.name = "nbio",
.desc = "Run with non-blocking I/O",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.nbio,
+ .opt.flag = &cfg.nbio,
},
{
.name = "nbio_test",
.name = "nextprotoneg",
.argname = "arg",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.npn_in, /* Ignored. */
+ .opt.arg = &cfg.npn_in, /* Ignored. */
},
{
.name = "no_cache",
.desc = "Disable session cache",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.no_cache,
+ .opt.flag = &cfg.no_cache,
},
{
.name = "no_comp",
.desc = "Disable SSL/TLS compression",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_COMPRESSION,
},
{
.name = "no_dhe",
.desc = "Disable ephemeral DH",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.no_dhe,
+ .opt.flag = &cfg.no_dhe,
},
{
.name = "no_ecdhe",
.desc = "Disable ephemeral ECDH",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.no_ecdhe,
+ .opt.flag = &cfg.no_ecdhe,
},
{
.name = "no_ticket",
.desc = "Disable use of RFC4507bis session tickets",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TICKET,
},
{
.name = "no_ssl2",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_SSLv2,
},
{
.name = "no_ssl3",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_SSLv3,
},
{
.name = "no_tls1",
.desc = "Just disable TLSv1",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1,
},
{
.name = "no_tls1_1",
.desc = "Just disable TLSv1.1",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_1,
},
{
.name = "no_tls1_2",
.desc = "Just disable TLSv1.2",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_2,
},
{
.name = "no_tls1_3",
.desc = "Just disable TLSv1.3",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_NO_TLSv1_3,
},
{
.name = "nocert",
.desc = "Don't use any certificates (Anon-DH)",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.nocert,
+ .opt.flag = &cfg.nocert,
},
{
.name = "pass",
.argname = "arg",
.desc = "Private key file pass phrase source",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.passarg,
+ .opt.arg = &cfg.passarg,
},
{
.name = "port",
.name = "quiet",
.desc = "Inhibit printing of session and certificate information",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.quiet,
+ .opt.flag = &cfg.quiet,
},
{
.name = "servername",
.argname = "name",
.desc = "Servername for HostName TLS extension",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.tlsextcbp.servername,
+ .opt.arg = &cfg.tlsextcbp.servername,
},
{
.name = "servername_fatal",
.desc = "On mismatch send fatal alert (default warning alert)",
.type = OPTION_VALUE,
- .opt.value = &s_server_config.tlsextcbp.extension_error,
+ .opt.value = &cfg.tlsextcbp.extension_error,
.value = SSL_TLSEXT_ERR_ALERT_FATAL,
},
{
.name = "serverpref",
.desc = "Use server's cipher preferences",
.type = OPTION_VALUE_OR,
- .opt.value = &s_server_config.off,
+ .opt.value = &cfg.off,
.value = SSL_OP_CIPHER_SERVER_PREFERENCE,
},
{
.name = "state",
.desc = "Print the SSL states",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.state,
+ .opt.flag = &cfg.state,
},
{
.name = "status",
.desc = "Respond to certificate status requests",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.tlsextstatus,
+ .opt.flag = &cfg.tlsextstatus,
},
{
.name = "status_timeout",
.name = "timeout",
.desc = "Enable timeouts",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.enable_timeouts,
+ .opt.flag = &cfg.enable_timeouts,
},
#endif
{
.name = "tlsextdebug",
.desc = "Hex dump of all TLS extensions received",
.type = OPTION_FLAG,
- .opt.flag = &s_server_config.tlsextdebug,
+ .opt.flag = &cfg.tlsextdebug,
},
#ifndef OPENSSL_NO_SRTP
{
.argname = "profiles",
.desc = "Offer SRTP key management with a colon-separated profile list",
.type = OPTION_ARG,
- .opt.arg = &s_server_config.srtp_profiles,
+ .opt.arg = &cfg.srtp_profiles,
},
#endif
{
.name = "WWW",
.desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
.type = OPTION_VALUE,
- .opt.value = &s_server_config.www,
+ .opt.value = &cfg.www,
.value = 2,
},
{
.name = "www",
.desc = "Respond to a 'GET /' with a status page",
.type = OPTION_VALUE,
- .opt.value = &s_server_config.www,
+ .opt.value = &cfg.www,
.value = 1,
},
{
s_server_init(void)
{
accept_socket = -1;
- s_server_config.cipher = NULL;
- s_server_config.server_verify = SSL_VERIFY_NONE;
- s_server_config.dcert_file = NULL;
- s_server_config.dkey_file = NULL;
- s_server_config.cert_file = TEST_CERT;
- s_server_config.key_file = NULL;
- s_server_config.cert_file2 = TEST_CERT2;
- s_server_config.key_file2 = NULL;
+ cfg.cipher = NULL;
+ cfg.server_verify = SSL_VERIFY_NONE;
+ cfg.dcert_file = NULL;
+ cfg.dkey_file = NULL;
+ cfg.cert_file = TEST_CERT;
+ cfg.key_file = NULL;
+ cfg.cert_file2 = TEST_CERT2;
+ cfg.key_file2 = NULL;
ctx2 = NULL;
- s_server_config.nbio = 0;
- s_server_config.nbio_test = 0;
+ cfg.nbio = 0;
+ cfg.nbio_test = 0;
ctx = NULL;
- s_server_config.www = 0;
+ cfg.www = 0;
bio_s_out = NULL;
- s_server_config.debug = 0;
- s_server_config.msg = 0;
- s_server_config.quiet = 0;
+ cfg.debug = 0;
+ cfg.msg = 0;
+ cfg.quiet = 0;
}
static void
exit(1);
}
- memset(&s_server_config, 0, sizeof(s_server_config));
- s_server_config.keymatexportlen = 20;
- s_server_config.meth = TLS_server_method();
- s_server_config.naccept = -1;
- s_server_config.port = PORT;
- s_server_config.cert_file = TEST_CERT;
- s_server_config.cert_file2 = TEST_CERT2;
- s_server_config.cert_format = FORMAT_PEM;
- s_server_config.dcert_format = FORMAT_PEM;
- s_server_config.dkey_format = FORMAT_PEM;
- s_server_config.key_format = FORMAT_PEM;
- s_server_config.server_verify = SSL_VERIFY_NONE;
- s_server_config.socket_type = SOCK_STREAM;
- s_server_config.tlscstatp.timeout = -1;
- s_server_config.tlsextcbp.extension_error =
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.keymatexportlen = 20;
+ cfg.meth = TLS_server_method();
+ cfg.naccept = -1;
+ cfg.port = PORT;
+ cfg.cert_file = TEST_CERT;
+ cfg.cert_file2 = TEST_CERT2;
+ cfg.cert_format = FORMAT_PEM;
+ cfg.dcert_format = FORMAT_PEM;
+ cfg.dkey_format = FORMAT_PEM;
+ cfg.key_format = FORMAT_PEM;
+ cfg.server_verify = SSL_VERIFY_NONE;
+ cfg.socket_type = SOCK_STREAM;
+ cfg.tlscstatp.timeout = -1;
+ cfg.tlsextcbp.extension_error =
SSL_TLSEXT_ERR_ALERT_WARNING;
local_argc = argc;
verify_depth = 0;
if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) {
- if (s_server_config.errstr == NULL)
+ if (cfg.errstr == NULL)
sv_usage();
goto end;
}
- if (!app_passwd(bio_err, s_server_config.passarg,
- s_server_config.dpassarg, &pass, &dpass)) {
+ if (!app_passwd(bio_err, cfg.passarg,
+ cfg.dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (s_server_config.key_file == NULL)
- s_server_config.key_file = s_server_config.cert_file;
- if (s_server_config.key_file2 == NULL)
- s_server_config.key_file2 = s_server_config.cert_file2;
-
- if (s_server_config.nocert == 0) {
- s_key = load_key(bio_err, s_server_config.key_file,
- s_server_config.key_format, 0, pass,
+ if (cfg.key_file == NULL)
+ cfg.key_file = cfg.cert_file;
+ if (cfg.key_file2 == NULL)
+ cfg.key_file2 = cfg.cert_file2;
+
+ if (cfg.nocert == 0) {
+ s_key = load_key(bio_err, cfg.key_file,
+ cfg.key_format, 0, pass,
"server certificate private key file");
if (!s_key) {
ERR_print_errors(bio_err);
goto end;
}
- s_cert = load_cert(bio_err, s_server_config.cert_file,
- s_server_config.cert_format,
+ s_cert = load_cert(bio_err, cfg.cert_file,
+ cfg.cert_format,
NULL, "server certificate file");
if (!s_cert) {
ERR_print_errors(bio_err);
goto end;
}
- if (s_server_config.tlsextcbp.servername) {
- s_key2 = load_key(bio_err, s_server_config.key_file2,
- s_server_config.key_format, 0, pass,
+ if (cfg.tlsextcbp.servername) {
+ s_key2 = load_key(bio_err, cfg.key_file2,
+ cfg.key_format, 0, pass,
"second server certificate private key file");
if (!s_key2) {
ERR_print_errors(bio_err);
goto end;
}
- s_cert2 = load_cert(bio_err, s_server_config.cert_file2,
- s_server_config.cert_format,
+ s_cert2 = load_cert(bio_err, cfg.cert_file2,
+ cfg.cert_format,
NULL, "second server certificate file");
if (!s_cert2) {
}
}
alpn_ctx.data = NULL;
- if (s_server_config.alpn_in) {
+ if (cfg.alpn_in) {
unsigned short len;
alpn_ctx.data = next_protos_parse(&len,
- s_server_config.alpn_in);
+ cfg.alpn_in);
if (alpn_ctx.data == NULL)
goto end;
alpn_ctx.len = len;
}
- if (s_server_config.dcert_file) {
+ if (cfg.dcert_file) {
- if (s_server_config.dkey_file == NULL)
- s_server_config.dkey_file = s_server_config.dcert_file;
+ if (cfg.dkey_file == NULL)
+ cfg.dkey_file = cfg.dcert_file;
- s_dkey = load_key(bio_err, s_server_config.dkey_file,
- s_server_config.dkey_format,
+ s_dkey = load_key(bio_err, cfg.dkey_file,
+ cfg.dkey_format,
0, dpass, "second certificate private key file");
if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
}
- s_dcert = load_cert(bio_err, s_server_config.dcert_file,
- s_server_config.dcert_format,
+ s_dcert = load_cert(bio_err, cfg.dcert_file,
+ cfg.dcert_format,
NULL, "second server certificate file");
if (!s_dcert) {
}
}
if (bio_s_out == NULL) {
- if (s_server_config.quiet && !s_server_config.debug &&
- !s_server_config.msg) {
+ if (cfg.quiet && !cfg.debug &&
+ !cfg.msg) {
bio_s_out = BIO_new(BIO_s_null());
} else {
if (bio_s_out == NULL)
bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
- if (s_server_config.nocert) {
- s_server_config.cert_file = NULL;
- s_server_config.key_file = NULL;
- s_server_config.dcert_file = NULL;
- s_server_config.dkey_file = NULL;
- s_server_config.cert_file2 = NULL;
- s_server_config.key_file2 = NULL;
+ if (cfg.nocert) {
+ cfg.cert_file = NULL;
+ cfg.key_file = NULL;
+ cfg.dcert_file = NULL;
+ cfg.dkey_file = NULL;
+ cfg.cert_file2 = NULL;
+ cfg.key_file2 = NULL;
}
- ctx = SSL_CTX_new(s_server_config.meth);
+ ctx = SSL_CTX_new(cfg.meth);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
- if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version))
+ if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
goto end;
- if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version))
+ if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
goto end;
- if (s_server_config.session_id_prefix) {
- if (strlen(s_server_config.session_id_prefix) >= 32)
+ if (cfg.session_id_prefix) {
+ if (strlen(cfg.session_id_prefix) >= 32)
BIO_printf(bio_err,
"warning: id_prefix is too long, only one new session will be possible\n");
- else if (strlen(s_server_config.session_id_prefix) >= 16)
+ else if (strlen(cfg.session_id_prefix) >= 16)
BIO_printf(bio_err,
"warning: id_prefix is too long if you use SSLv2\n");
if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
goto end;
}
BIO_printf(bio_err, "id_prefix '%s' set.\n",
- s_server_config.session_id_prefix);
+ cfg.session_id_prefix);
}
SSL_CTX_set_quiet_shutdown(ctx, 1);
- if (s_server_config.bugs)
+ if (cfg.bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL);
- SSL_CTX_set_options(ctx, s_server_config.off);
+ SSL_CTX_set_options(ctx, cfg.off);
- if (s_server_config.state)
+ if (cfg.state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
- if (s_server_config.no_cache)
+ if (cfg.no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx, 128);
#ifndef OPENSSL_NO_SRTP
- if (s_server_config.srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles);
+ if (cfg.srtp_profiles != NULL)
+ SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
#endif
- if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile,
- s_server_config.CApath)) ||
+ if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
+ cfg.CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
- if (s_server_config.vpm)
- SSL_CTX_set1_param(ctx, s_server_config.vpm);
+ if (cfg.vpm)
+ SSL_CTX_set1_param(ctx, cfg.vpm);
if (s_cert2) {
- ctx2 = SSL_CTX_new(s_server_config.meth);
+ ctx2 = SSL_CTX_new(cfg.meth);
if (ctx2 == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (!SSL_CTX_set_min_proto_version(ctx2,
- s_server_config.min_version))
+ cfg.min_version))
goto end;
if (!SSL_CTX_set_max_proto_version(ctx2,
- s_server_config.max_version))
+ cfg.max_version))
goto end;
SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY);
}
if (ctx2) {
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
- if (s_server_config.session_id_prefix) {
- if (strlen(s_server_config.session_id_prefix) >= 32)
+ if (cfg.session_id_prefix) {
+ if (strlen(cfg.session_id_prefix) >= 32)
BIO_printf(bio_err,
"warning: id_prefix is too long, only one new session will be possible\n");
- else if (strlen(s_server_config.session_id_prefix) >= 16)
+ else if (strlen(cfg.session_id_prefix) >= 16)
BIO_printf(bio_err,
"warning: id_prefix is too long if you use SSLv2\n");
if (!SSL_CTX_set_generate_session_id(ctx2,
goto end;
}
BIO_printf(bio_err, "id_prefix '%s' set.\n",
- s_server_config.session_id_prefix);
+ cfg.session_id_prefix);
}
SSL_CTX_set_quiet_shutdown(ctx2, 1);
- if (s_server_config.bugs)
+ if (cfg.bugs)
SSL_CTX_set_options(ctx2, SSL_OP_ALL);
- SSL_CTX_set_options(ctx2, s_server_config.off);
+ SSL_CTX_set_options(ctx2, cfg.off);
- if (s_server_config.state)
+ if (cfg.state)
SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
- if (s_server_config.no_cache)
+ if (cfg.no_cache)
SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx2, 128);
if ((!SSL_CTX_load_verify_locations(ctx2,
- s_server_config.CAfile, s_server_config.CApath)) ||
+ cfg.CAfile, cfg.CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx2))) {
ERR_print_errors(bio_err);
}
- if (s_server_config.vpm)
- SSL_CTX_set1_param(ctx2, s_server_config.vpm);
+ if (cfg.vpm)
+ SSL_CTX_set1_param(ctx2, cfg.vpm);
}
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
- if (s_server_config.groups_in != NULL) {
- if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) {
+ if (cfg.groups_in != NULL) {
+ if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
BIO_printf(bio_err, "Failed to set groups '%s'\n",
- s_server_config.groups_in);
+ cfg.groups_in);
goto end;
}
}
#ifndef OPENSSL_NO_DH
- if (!s_server_config.no_dhe) {
+ if (!cfg.no_dhe) {
DH *dh = NULL;
- if (s_server_config.dhfile)
- dh = load_dh_param(s_server_config.dhfile);
- else if (s_server_config.cert_file)
- dh = load_dh_param(s_server_config.cert_file);
+ if (cfg.dhfile)
+ dh = load_dh_param(cfg.dhfile);
+ else if (cfg.cert_file)
+ dh = load_dh_param(cfg.cert_file);
if (dh != NULL)
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
}
if (ctx2) {
- if (!s_server_config.dhfile) {
+ if (!cfg.dhfile) {
DH *dh2 = NULL;
- if (s_server_config.cert_file2 != NULL)
+ if (cfg.cert_file2 != NULL)
dh2 = load_dh_param(
- s_server_config.cert_file2);
+ cfg.cert_file2);
if (dh2 != NULL) {
BIO_printf(bio_s_out,
"Setting temp DH parameters\n");
}
#endif
- if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) {
+ if (!cfg.no_ecdhe && cfg.named_curve != NULL) {
EC_KEY *ecdh = NULL;
int nid;
- if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) {
+ if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n",
- s_server_config.named_curve);
+ cfg.named_curve);
goto end;
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n",
- s_server_config.named_curve);
+ cfg.named_curve);
goto end;
}
BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
goto end;
}
- if (s_server_config.cipher != NULL) {
- if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) {
+ if (cfg.cipher != NULL) {
+ if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,
- s_server_config.cipher)) {
+ cfg.cipher)) {
BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
}
- SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback);
+ SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx,
(void *) &s_server_session_id_context,
sizeof s_server_session_id_context);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
if (ctx2) {
- SSL_CTX_set_verify(ctx2, s_server_config.server_verify,
+ SSL_CTX_set_verify(ctx2, cfg.server_verify,
verify_callback);
SSL_CTX_set_session_id_context(ctx2,
(void *) &s_server_session_id_context,
sizeof s_server_session_id_context);
- s_server_config.tlsextcbp.biodebug = bio_s_out;
+ cfg.tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx2,
- &s_server_config.tlsextcbp);
+ &cfg.tlsextcbp);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(ctx,
- &s_server_config.tlsextcbp);
+ &cfg.tlsextcbp);
}
- if (s_server_config.CAfile != NULL) {
+ if (cfg.CAfile != NULL) {
SSL_CTX_set_client_CA_list(ctx,
- SSL_load_client_CA_file(s_server_config.CAfile));
+ SSL_load_client_CA_file(cfg.CAfile));
if (ctx2)
SSL_CTX_set_client_CA_list(ctx2,
- SSL_load_client_CA_file(s_server_config.CAfile));
+ SSL_load_client_CA_file(cfg.CAfile));
}
BIO_printf(bio_s_out, "ACCEPT\n");
(void) BIO_flush(bio_s_out);
- if (s_server_config.www)
- do_server(s_server_config.port, s_server_config.socket_type,
- &accept_socket, www_body, s_server_config.context,
- s_server_config.naccept);
+ if (cfg.www)
+ do_server(cfg.port, cfg.socket_type,
+ &accept_socket, www_body, cfg.context,
+ cfg.naccept);
else
- do_server(s_server_config.port, s_server_config.socket_type,
- &accept_socket, sv_body, s_server_config.context,
- s_server_config.naccept);
+ do_server(cfg.port, cfg.socket_type,
+ &accept_socket, sv_body, cfg.context,
+ cfg.naccept);
print_stats(bio_s_out, ctx);
ret = 0;
end:
EVP_PKEY_free(s_dkey);
free(pass);
free(dpass);
- X509_VERIFY_PARAM_free(s_server_config.vpm);
- free(s_server_config.tlscstatp.host);
- free(s_server_config.tlscstatp.port);
- free(s_server_config.tlscstatp.path);
+ X509_VERIFY_PARAM_free(cfg.vpm);
+ free(cfg.tlscstatp.host);
+ free(cfg.tlscstatp.port);
+ free(cfg.tlscstatp.path);
SSL_CTX_free(ctx2);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_printf(bio_err, "out of memory\n");
goto err;
}
- if (s_server_config.nbio) {
- if (!s_server_config.quiet)
+ if (cfg.nbio) {
+ if (!cfg.quiet)
BIO_printf(bio_err, "turning on non blocking io\n");
if (!BIO_socket_nbio(s, 1))
ERR_print_errors(bio_err);
if (con == NULL) {
con = SSL_new(ctx);
- if (s_server_config.tlsextdebug) {
+ if (cfg.tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (s_server_config.tlsextstatus) {
+ if (cfg.tlsextstatus) {
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
- s_server_config.tlscstatp.err = bio_err;
+ cfg.tlscstatp.err = bio_err;
SSL_CTX_set_tlsext_status_arg(ctx,
- &s_server_config.tlscstatp);
+ &cfg.tlscstatp);
}
if (context)
SSL_set_session_id_context(con, context,
if (SSL_is_dtls(con)) {
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
- if (s_server_config.enable_timeouts) {
+ if (cfg.enable_timeouts) {
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
&timeout);
}
- if (s_server_config.socket_mtu > 28) {
+ if (cfg.socket_mtu > 28) {
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, s_server_config.socket_mtu - 28);
+ SSL_set_mtu(con, cfg.socket_mtu - 28);
} else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
} else
sbio = BIO_new_socket(s, BIO_NOCLOSE);
- if (s_server_config.nbio_test) {
+ if (cfg.nbio_test) {
BIO *test;
test = BIO_new(BIO_f_nbio_test());
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
- if (s_server_config.debug) {
+ if (cfg.debug) {
SSL_set_debug(con, 1);
BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
}
- if (s_server_config.msg) {
+ if (cfg.msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_out);
}
- if (s_server_config.tlsextdebug) {
+ if (cfg.tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
}
}
if (read_from_terminal) {
- if (s_server_config.crlf) {
+ if (cfg.crlf) {
int j, lf_num;
i = read(fileno(stdin), buf, bufsize / 2);
assert(lf_num == 0);
} else
i = read(fileno(stdin), buf, bufsize);
- if (!s_server_config.quiet) {
+ if (!cfg.quiet) {
if ((i <= 0) || (buf[0] == 'Q')) {
BIO_printf(bio_s_out, "DONE\n");
shutdown(s, SHUT_RD);
BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
- if (s_server_config.keymatexportlabel != NULL) {
+ if (cfg.keymatexportlabel != NULL) {
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n",
- s_server_config.keymatexportlabel);
+ cfg.keymatexportlabel);
BIO_printf(bio_s_out, " Length: %i bytes\n",
- s_server_config.keymatexportlen);
- exportedkeymat = malloc(s_server_config.keymatexportlen);
+ cfg.keymatexportlen);
+ exportedkeymat = malloc(cfg.keymatexportlen);
if (exportedkeymat != NULL) {
if (!SSL_export_keying_material(con, exportedkeymat,
- s_server_config.keymatexportlen,
- s_server_config.keymatexportlabel,
- strlen(s_server_config.keymatexportlabel),
+ cfg.keymatexportlen,
+ cfg.keymatexportlabel,
+ strlen(cfg.keymatexportlabel),
NULL, 0, 0)) {
BIO_printf(bio_s_out, " Error\n");
} else {
BIO_printf(bio_s_out, " Keying material: ");
- for (i = 0; i < s_server_config.keymatexportlen; i++)
+ for (i = 0; i < cfg.keymatexportlen; i++)
BIO_printf(bio_s_out, "%02X",
exportedkeymat[i]);
BIO_printf(bio_s_out, "\n");
if ((io == NULL) || (ssl_bio == NULL))
goto err;
- if (s_server_config.nbio) {
- if (!s_server_config.quiet)
+ if (cfg.nbio) {
+ if (!cfg.quiet)
BIO_printf(bio_err, "turning on non blocking io\n");
if (!BIO_socket_nbio(s, 1))
ERR_print_errors(bio_err);
if ((con = SSL_new(ctx)) == NULL)
goto err;
- if (s_server_config.tlsextdebug) {
+ if (cfg.tlsextdebug) {
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
strlen((char *) context));
sbio = BIO_new_socket(s, BIO_NOCLOSE);
- if (s_server_config.nbio_test) {
+ if (cfg.nbio_test) {
BIO *test;
test = BIO_new(BIO_f_nbio_test());
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
- if (s_server_config.debug) {
+ if (cfg.debug) {
SSL_set_debug(con, 1);
BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
}
- if (s_server_config.msg) {
+ if (cfg.msg) {
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_out);
}
i = BIO_gets(io, buf, bufsize - 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io)) {
- if (!s_server_config.quiet)
+ if (!cfg.quiet)
ERR_print_errors(bio_err);
goto err;
} else {
- if (s_server_config.debug) {
+ if (cfg.debug) {
BIO_printf(bio_s_out, "read R BLOCK\n");
sleep(1);
}
goto end;
}
/* else we have data */
- if (((s_server_config.www == 1) &&
+ if (((cfg.www == 1) &&
(strncmp("GET ", buf, 4) == 0)) ||
- ((s_server_config.www == 2) &&
+ ((cfg.www == 2) &&
(strncmp("GET /stats ", buf, 11) == 0))) {
char *p;
X509 *peer;
"no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
break;
- } else if ((s_server_config.www == 2 ||
- s_server_config.www == 3) &&
+ } else if ((cfg.www == 2 ||
+ cfg.www == 3) &&
(strncmp("GET /", buf, 5) == 0)) {
BIO *file;
char *p, *e;
ERR_print_errors(io);
break;
}
- if (!s_server_config.quiet)
+ if (!cfg.quiet)
BIO_printf(bio_err, "FILE:%s\n", p);
- if (s_server_config.www == 2) {
+ if (cfg.www == 2) {
i = strlen(p);
if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
* 1 session ID (ie. the prefix!) so all future session
* negotiations will fail due to conflicts.
*/
- memcpy(id, s_server_config.session_id_prefix,
- (strlen(s_server_config.session_id_prefix) < *id_len) ?
- strlen(s_server_config.session_id_prefix) : *id_len);
+ memcpy(id, cfg.session_id_prefix,
+ (strlen(cfg.session_id_prefix) < *id_len) ?
+ strlen(cfg.session_id_prefix) : *id_len);
}
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++count < MAX_SESSION_ID_ATTEMPTS));
{
tlsextalpnctx *alpn_ctx = arg;
- if (!s_server_config.quiet) {
+ if (!cfg.quiet) {
/* We can assume that in is syntactically valid. */
unsigned i;
alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
return (SSL_TLSEXT_ERR_NOACK);
- if (!s_server_config.quiet) {
+ if (!cfg.quiet) {
BIO_printf(bio_s_out, "ALPN protocols selected: ");
BIO_write(bio_s_out, *out, *outlen);
BIO_write(bio_s_out, "\n", 1);
-/* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: s_time.c,v 1.38 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int verify;
int verify_depth;
char *www_path;
-} s_time_config;
+} cfg;
static const struct option s_time_options[] = {
{
.name = "bugs",
.desc = "Enable workarounds for known SSL/TLS bugs",
.type = OPTION_FLAG,
- .opt.flag = &s_time_config.bugs,
+ .opt.flag = &cfg.bugs,
},
{
.name = "CAfile",
.argname = "file",
.desc = "File containing trusted certificates in PEM format",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "path",
.desc = "Directory containing trusted certificates",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "cert",
.argname = "file",
.desc = "Client certificate to use, if one is requested",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.certfile,
+ .opt.arg = &cfg.certfile,
},
{
.name = "cipher",
.argname = "list",
.desc = "List of cipher suites to send to the server",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.cipher,
+ .opt.arg = &cfg.cipher,
},
{
.name = "connect",
.desc = "Host and port to connect to (default "
SSL_CONNECT_NAME ")",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.host,
+ .opt.arg = &cfg.host,
},
{
.name = "key",
.argname = "file",
.desc = "Client private key to use, if one is required",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "nbio",
.desc = "Use non-blocking I/O",
.type = OPTION_FLAG,
- .opt.flag = &s_time_config.nbio,
+ .opt.flag = &cfg.nbio,
},
{
.name = "new",
.desc = "Use a new session ID for each connection",
.type = OPTION_VALUE,
- .opt.value = &s_time_config.perform,
+ .opt.value = &cfg.perform,
.value = 1,
},
{
.name = "no_shutdown",
.desc = "Shut down the connection without notifying the server",
.type = OPTION_FLAG,
- .opt.flag = &s_time_config.no_shutdown,
+ .opt.flag = &cfg.no_shutdown,
},
{
.name = "reuse",
.desc = "Reuse the same session ID for each connection",
.type = OPTION_VALUE,
- .opt.value = &s_time_config.perform,
+ .opt.value = &cfg.perform,
.value = 2,
},
{
.argname = "seconds",
.desc = "Duration to perform timing tests for (default 30)",
.type = OPTION_ARG_TIME,
- .opt.tvalue = &s_time_config.maxtime,
+ .opt.tvalue = &cfg.maxtime,
},
{
.name = "verify",
.argname = "depth",
.desc = "Enable peer certificate verification with given depth",
.type = OPTION_ARG_INT,
- .opt.value = &s_time_config.verify_depth,
+ .opt.value = &cfg.verify_depth,
},
{
.name = "www",
.argname = "page",
.desc = "Page to GET from the server (default none)",
.type = OPTION_ARG,
- .opt.arg = &s_time_config.www_path,
+ .opt.arg = &cfg.www_path,
},
{ NULL },
};
verify_depth = 0;
- memset(&s_time_config, 0, sizeof(s_time_config));
+ memset(&cfg, 0, sizeof(cfg));
- s_time_config.host = SSL_CONNECT_NAME;
- s_time_config.maxtime = SECONDS;
- s_time_config.perform = 3;
- s_time_config.verify = SSL_VERIFY_NONE;
- s_time_config.verify_depth = -1;
+ cfg.host = SSL_CONNECT_NAME;
+ cfg.maxtime = SECONDS;
+ cfg.perform = 3;
+ cfg.verify = SSL_VERIFY_NONE;
+ cfg.verify_depth = -1;
if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) {
s_time_usage();
goto end;
}
- if (s_time_config.verify_depth >= 0) {
- s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
- verify_depth = s_time_config.verify_depth;
+ if (cfg.verify_depth >= 0) {
+ cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+ verify_depth = cfg.verify_depth;
BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
}
- if (s_time_config.www_path != NULL &&
- strlen(s_time_config.www_path) > MYBUFSIZ - 100) {
+ if (cfg.www_path != NULL &&
+ strlen(cfg.www_path) > MYBUFSIZ - 100) {
BIO_printf(bio_err, "-www option too long\n");
goto end;
}
SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
- if (s_time_config.bugs)
+ if (cfg.bugs)
SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
- if (s_time_config.cipher != NULL) {
- if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) {
+ if (cfg.cipher != NULL) {
+ if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) {
BIO_printf(bio_err, "error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
}
- SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL);
+ SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL);
- if (!set_cert_stuff(tm_ctx, s_time_config.certfile,
- s_time_config.keyfile))
+ if (!set_cert_stuff(tm_ctx, cfg.certfile,
+ cfg.keyfile))
goto end;
- if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile,
- s_time_config.CApath)) ||
+ if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile,
+ cfg.CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx))) {
/*
* BIO_printf(bio_err,"error setting default verify
}
/* Loop and time how long it takes to make connections */
- if (s_time_config.perform & 1) {
+ if (cfg.perform & 1) {
printf("Collecting connection statistics for %lld seconds\n",
- (long long)s_time_config.maxtime);
+ (long long)cfg.maxtime);
if (benchmark(0))
goto end;
}
* Now loop and time connections using the same session id over and
* over
*/
- if (s_time_config.perform & 2) {
+ if (cfg.perform & 2) {
printf("\n\nNow timing with session id reuse.\n");
if (benchmark(1))
goto end;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return 0;
- BIO_set_conn_hostname(conn, s_time_config.host);
+ BIO_set_conn_hostname(conn, cfg.host);
SSL_set_connect_state(scon);
SSL_set_bio(scon, conn, conn);
for (;;) {
ERR_print_errors(bio_err);
return 0;
}
- if (s_time_config.www_path != NULL) {
+ if (cfg.www_path != NULL) {
retval = snprintf(buf, sizeof buf,
- "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path);
+ "GET %s HTTP/1.0\r\n\r\n", cfg.www_path);
if (retval < 0 || retval >= sizeof buf) {
fprintf(stderr, "URL too long\n");
return 0;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
- if (s_time_config.no_shutdown)
+ if (cfg.no_shutdown)
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN |
SSL_RECEIVED_SHUTDOWN);
else
app_timer_user(TM_RESET);
for (;;) {
elapsed = app_timer_real(TM_GET);
- if (elapsed > s_time_config.maxtime)
+ if (elapsed > cfg.maxtime)
break;
if (scon == NULL) {
if ((scon = SSL_new(tm_ctx)) == NULL)
-/* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: sess_id.c,v 1.12 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *outfile;
int outformat;
int text;
-} sess_id_config;
+} cfg;
static const struct option sess_id_options[] = {
{
.name = "cert",
.desc = "Output certificate if present in session",
.type = OPTION_FLAG,
- .opt.flag = &sess_id_config.cert,
+ .opt.flag = &cfg.cert,
},
{
.name = "context",
.argname = "id",
.desc = "Set the session ID context for output",
.type = OPTION_ARG,
- .opt.arg = &sess_id_config.context,
+ .opt.arg = &cfg.context,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &sess_id_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "format",
.desc = "Input format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &sess_id_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "noout",
.desc = "Do not output the encoded session info",
.type = OPTION_FLAG,
- .opt.flag = &sess_id_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &sess_id_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "format",
.desc = "Output format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &sess_id_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "text",
.desc = "Print various public or private key components in"
" plain text",
.type = OPTION_FLAG,
- .opt.flag = &sess_id_config.text,
+ .opt.flag = &cfg.text,
},
{ NULL }
};
exit(1);
}
- memset(&sess_id_config, 0, sizeof(sess_id_config));
+ memset(&cfg, 0, sizeof(cfg));
- sess_id_config.informat = FORMAT_PEM;
- sess_id_config.outformat = FORMAT_PEM;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) {
sess_id_usage();
return (1);
}
- x = load_sess_id(sess_id_config.infile, sess_id_config.informat);
+ x = load_sess_id(cfg.infile, cfg.informat);
if (x == NULL) {
goto end;
}
peer = SSL_SESSION_get0_peer(x);
- if (sess_id_config.context) {
- size_t ctx_len = strlen(sess_id_config.context);
+ if (cfg.context) {
+ size_t ctx_len = strlen(cfg.context);
if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
BIO_printf(bio_err, "Context too long\n");
goto end;
}
SSL_SESSION_set1_id_context(x,
- (unsigned char *)sess_id_config.context, ctx_len);
+ (unsigned char *)cfg.context, ctx_len);
}
- if (!sess_id_config.noout || sess_id_config.text) {
+ if (!cfg.noout || cfg.text) {
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
- if (sess_id_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, sess_id_config.outfile)
+ if (BIO_write_filename(out, cfg.outfile)
<= 0) {
- perror(sess_id_config.outfile);
+ perror(cfg.outfile);
goto end;
}
}
}
- if (sess_id_config.text) {
+ if (cfg.text) {
SSL_SESSION_print(out, x);
- if (sess_id_config.cert) {
+ if (cfg.cert) {
if (peer == NULL)
BIO_puts(out, "No certificate present\n");
else
X509_print(out, peer);
}
}
- if (!sess_id_config.noout && !sess_id_config.cert) {
- if (sess_id_config.outformat == FORMAT_ASN1)
+ if (!cfg.noout && !cfg.cert) {
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_SSL_SESSION_bio(out, x);
- else if (sess_id_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_SSL_SESSION(out, x);
else {
BIO_printf(bio_err,
BIO_printf(bio_err, "unable to write SSL_SESSION\n");
goto end;
}
- } else if (!sess_id_config.noout && (peer != NULL)) {
+ } else if (!cfg.noout && (peer != NULL)) {
/* just print the certificate */
- if (sess_id_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = (int) i2d_X509_bio(out, peer);
- else if (sess_id_config.outformat == FORMAT_PEM)
+ else if (cfg.outformat == FORMAT_PEM)
i = PEM_write_bio_X509(out, peer);
else {
BIO_printf(bio_err,
-/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
char *subject;
char *to;
X509_VERIFY_PARAM *vpm;
-} smime_config;
+} cfg;
static const EVP_CIPHER *
get_cipher_by_name(char *name)
if (*name++ != '-')
return (1);
- if ((smime_config.cipher = get_cipher_by_name(name)) == NULL)
- if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL)
+ if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
+ if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
return (1);
*argsused = 1;
static int
smime_opt_inkey(char *arg)
{
- if (smime_config.keyfile == NULL) {
- smime_config.keyfile = arg;
+ if (cfg.keyfile == NULL) {
+ cfg.keyfile = arg;
return (0);
}
- if (smime_config.signerfile == NULL) {
+ if (cfg.signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
return (1);
}
- if (smime_config.sksigners == NULL) {
- if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.sksigners == NULL) {
+ if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
}
- if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
- smime_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners,
+ cfg.signerfile))
return (1);
- smime_config.signerfile = NULL;
+ cfg.signerfile = NULL;
- if (smime_config.skkeys == NULL) {
- if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.skkeys == NULL) {
+ if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
}
- if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
return (1);
- smime_config.keyfile = arg;
+ cfg.keyfile = arg;
return (0);
}
static int
smime_opt_md(char *arg)
{
- if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) {
+ if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
BIO_printf(bio_err, "Unknown digest %s\n", arg);
return (1);
}
static int
smime_opt_signer(char *arg)
{
- if (smime_config.signerfile == NULL) {
- smime_config.signerfile = arg;
+ if (cfg.signerfile == NULL) {
+ cfg.signerfile = arg;
return (0);
}
- if (smime_config.sksigners == NULL) {
- if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.sksigners == NULL) {
+ if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
}
- if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
- smime_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners,
+ cfg.signerfile))
return (1);
- if (smime_config.keyfile == NULL)
- smime_config.keyfile = smime_config.signerfile;
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
- if (smime_config.skkeys == NULL) {
- if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.skkeys == NULL) {
+ if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
}
- if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
return (1);
- smime_config.keyfile = NULL;
+ cfg.keyfile = NULL;
- smime_config.signerfile = arg;
+ cfg.signerfile = arg;
return (0);
}
int oargc = argc;
int badarg = 0;
- if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm))
+ if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
return (1);
if (badarg)
return (1);
.argname = "file",
.desc = "Certificate Authority file",
.type = OPTION_ARG,
- .opt.arg = &smime_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "path",
.desc = "Certificate Authority path",
.type = OPTION_ARG,
- .opt.arg = &smime_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "binary",
.desc = "Do not translate message to text",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_BINARY,
},
{
.argname = "file",
.desc = "Other certificates file",
.type = OPTION_ARG,
- .opt.arg = &smime_config.certfile,
+ .opt.arg = &cfg.certfile,
},
{
.name = "content",
.argname = "file",
.desc = "Supply or override content for detached signature",
.type = OPTION_ARG,
- .opt.arg = &smime_config.contfile,
+ .opt.arg = &cfg.contfile,
},
{
.name = "crlfeol",
.desc = "Use CRLF as EOL termination instead of CR only",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_CRLFEOL,
},
{
.name = "decrypt",
.desc = "Decrypt encrypted message",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_DECRYPT,
},
{
.name = "encrypt",
.desc = "Encrypt message",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_ENCRYPT,
},
{
.argname = "addr",
.desc = "From address",
.type = OPTION_ARG,
- .opt.arg = &smime_config.from,
+ .opt.arg = &cfg.from,
},
{
.name = "in",
.argname = "file",
.desc = "Input file",
.type = OPTION_ARG,
- .opt.arg = &smime_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "indef",
.desc = "Same as -stream",
.type = OPTION_VALUE,
- .opt.value = &smime_config.indef,
+ .opt.value = &cfg.indef,
.value = 1,
},
{
.argname = "fmt",
.desc = "Input format (DER, PEM or SMIME (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &smime_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "inkey",
.argname = "fmt",
.desc = "Input key format (DER or PEM (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &smime_config.keyform,
+ .opt.value = &cfg.keyform,
},
{
.name = "md",
.name = "noattr",
.desc = "Do not include any signed attributes",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOATTR,
},
{
.name = "nocerts",
.desc = "Do not include signer's certificate when signing",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOCERTS,
},
{
.name = "nochain",
.desc = "Do not chain verification of signer's certificates",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOCHAIN,
},
{
.name = "nodetach",
.desc = "Use opaque signing",
.type = OPTION_VALUE_AND,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = ~PKCS7_DETACHED,
},
{
.name = "noindef",
.desc = "Disable streaming I/O",
.type = OPTION_VALUE,
- .opt.value = &smime_config.indef,
+ .opt.value = &cfg.indef,
.value = 0,
},
{
.name = "nointern",
.desc = "Do not search certificates in message for signer",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOINTERN,
},
{
.name = "nooldmime",
.desc = "Output old S/MIME content type",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOOLDMIMETYPE,
},
{
.name = "nosigs",
.desc = "Do not verify message signature",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOSIGS,
},
{
.name = "nosmimecap",
.desc = "Omit the SMIMECapabilities attribute",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOSMIMECAP,
},
{
.name = "noverify",
.desc = "Do not verify signer's certificate",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_NOVERIFY,
},
{
.argname = "file",
.desc = "Output file",
.type = OPTION_ARG,
- .opt.arg = &smime_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "fmt",
.desc = "Output format (DER, PEM or SMIME (default))",
.type = OPTION_ARG_FORMAT,
- .opt.value = &smime_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "src",
.desc = "Private key password source",
.type = OPTION_ARG,
- .opt.arg = &smime_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "pk7out",
.desc = "Output PKCS#7 structure",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_PK7OUT,
},
{
.argname = "file",
.desc = "Recipient certificate file for decryption",
.type = OPTION_ARG,
- .opt.arg = &smime_config.recipfile,
+ .opt.arg = &cfg.recipfile,
},
{
.name = "resign",
.desc = "Resign a signed message",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_RESIGN,
},
{
.name = "sign",
.desc = "Sign message",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_SIGN,
},
{
.name = "stream",
.desc = "Enable streaming I/O",
.type = OPTION_VALUE,
- .opt.value = &smime_config.indef,
+ .opt.value = &cfg.indef,
.value = 1,
},
{
.argname = "s",
.desc = "Subject",
.type = OPTION_ARG,
- .opt.arg = &smime_config.subject,
+ .opt.arg = &cfg.subject,
},
{
.name = "text",
.desc = "Include or delete text MIME headers",
.type = OPTION_VALUE_OR,
- .opt.value = &smime_config.flags,
+ .opt.value = &cfg.flags,
.value = PKCS7_TEXT,
},
{
.argname = "addr",
.desc = "To address",
.type = OPTION_ARG,
- .opt.arg = &smime_config.to,
+ .opt.arg = &cfg.to,
},
{
.name = "verify",
.desc = "Verify signed message",
.type = OPTION_VALUE,
- .opt.value = &smime_config.operation,
+ .opt.value = &cfg.operation,
.value = SMIME_VERIFY,
},
{
exit(1);
}
- memset(&smime_config, 0, sizeof(smime_config));
- smime_config.flags = PKCS7_DETACHED;
- smime_config.informat = FORMAT_SMIME;
- smime_config.outformat = FORMAT_SMIME;
- smime_config.keyform = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.flags = PKCS7_DETACHED;
+ cfg.informat = FORMAT_SMIME;
+ cfg.outformat = FORMAT_SMIME;
+ cfg.keyform = FORMAT_PEM;
if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) {
goto argerr;
}
args = argv + argsused;
ret = 1;
- if (!(smime_config.operation & SMIME_SIGNERS) &&
- (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) {
+ if (!(cfg.operation & SMIME_SIGNERS) &&
+ (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
}
- if (smime_config.operation & SMIME_SIGNERS) {
+ if (cfg.operation & SMIME_SIGNERS) {
/* Check to see if any final signer needs to be appended */
- if (smime_config.keyfile != NULL &&
- smime_config.signerfile == NULL) {
+ if (cfg.keyfile != NULL &&
+ cfg.signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
}
- if (smime_config.signerfile != NULL) {
- if (smime_config.sksigners == NULL) {
- if ((smime_config.sksigners =
+ if (cfg.signerfile != NULL) {
+ if (cfg.sksigners == NULL) {
+ if ((cfg.sksigners =
sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
}
- if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
- smime_config.signerfile))
+ if (!sk_OPENSSL_STRING_push(cfg.sksigners,
+ cfg.signerfile))
goto end;
- if (smime_config.skkeys == NULL) {
- if ((smime_config.skkeys =
+ if (cfg.skkeys == NULL) {
+ if ((cfg.skkeys =
sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
}
- if (smime_config.keyfile == NULL)
- smime_config.keyfile = smime_config.signerfile;
- if (!sk_OPENSSL_STRING_push(smime_config.skkeys,
- smime_config.keyfile))
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
+ if (!sk_OPENSSL_STRING_push(cfg.skkeys,
+ cfg.keyfile))
goto end;
}
- if (smime_config.sksigners == NULL) {
+ if (cfg.sksigners == NULL) {
BIO_printf(bio_err,
"No signer certificate specified\n");
badarg = 1;
}
- smime_config.signerfile = NULL;
- smime_config.keyfile = NULL;
- } else if (smime_config.operation == SMIME_DECRYPT) {
- if (smime_config.recipfile == NULL &&
- smime_config.keyfile == NULL) {
+ cfg.signerfile = NULL;
+ cfg.keyfile = NULL;
+ } else if (cfg.operation == SMIME_DECRYPT) {
+ if (cfg.recipfile == NULL &&
+ cfg.keyfile == NULL) {
BIO_printf(bio_err,
"No recipient certificate or key specified\n");
badarg = 1;
}
- } else if (smime_config.operation == SMIME_ENCRYPT) {
+ } else if (cfg.operation == SMIME_ENCRYPT) {
if (*args == NULL) {
BIO_printf(bio_err,
"No recipient(s) certificate(s) specified\n");
badarg = 1;
}
- } else if (!smime_config.operation) {
+ } else if (!cfg.operation) {
badarg = 1;
}
goto end;
}
- if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
ret = 2;
- if (!(smime_config.operation & SMIME_SIGNERS))
- smime_config.flags &= ~PKCS7_DETACHED;
+ if (!(cfg.operation & SMIME_SIGNERS))
+ cfg.flags &= ~PKCS7_DETACHED;
- if (smime_config.operation & SMIME_OP) {
- if (smime_config.outformat == FORMAT_ASN1)
+ if (cfg.operation & SMIME_OP) {
+ if (cfg.outformat == FORMAT_ASN1)
outmode = "wb";
} else {
- if (smime_config.flags & PKCS7_BINARY)
+ if (cfg.flags & PKCS7_BINARY)
outmode = "wb";
}
- if (smime_config.operation & SMIME_IP) {
- if (smime_config.informat == FORMAT_ASN1)
+ if (cfg.operation & SMIME_IP) {
+ if (cfg.informat == FORMAT_ASN1)
inmode = "rb";
} else {
- if (smime_config.flags & PKCS7_BINARY)
+ if (cfg.flags & PKCS7_BINARY)
inmode = "rb";
}
- if (smime_config.operation == SMIME_ENCRYPT) {
- if (smime_config.cipher == NULL) {
+ if (cfg.operation == SMIME_ENCRYPT) {
+ if (cfg.cipher == NULL) {
#ifndef OPENSSL_NO_RC2
- smime_config.cipher = EVP_rc2_40_cbc();
+ cfg.cipher = EVP_rc2_40_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
args++;
}
}
- if (smime_config.certfile != NULL) {
- if ((other = load_certs(bio_err, smime_config.certfile,
+ if (cfg.certfile != NULL) {
+ if ((other = load_certs(bio_err, cfg.certfile,
FORMAT_PEM, NULL, "certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (smime_config.recipfile != NULL &&
- (smime_config.operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(bio_err, smime_config.recipfile,
+ if (cfg.recipfile != NULL &&
+ (cfg.operation == SMIME_DECRYPT)) {
+ if ((recip = load_cert(bio_err, cfg.recipfile,
FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
- if (smime_config.operation == SMIME_DECRYPT) {
- if (smime_config.keyfile == NULL)
- smime_config.keyfile = smime_config.recipfile;
- } else if (smime_config.operation == SMIME_SIGN) {
- if (smime_config.keyfile == NULL)
- smime_config.keyfile = smime_config.signerfile;
+ if (cfg.operation == SMIME_DECRYPT) {
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.recipfile;
+ } else if (cfg.operation == SMIME_SIGN) {
+ if (cfg.keyfile == NULL)
+ cfg.keyfile = cfg.signerfile;
} else {
- smime_config.keyfile = NULL;
+ cfg.keyfile = NULL;
}
- if (smime_config.keyfile != NULL) {
- key = load_key(bio_err, smime_config.keyfile,
- smime_config.keyform, 0, passin, "signing key file");
+ if (cfg.keyfile != NULL) {
+ key = load_key(bio_err, cfg.keyfile,
+ cfg.keyform, 0, passin, "signing key file");
if (key == NULL)
goto end;
}
- if (smime_config.infile != NULL) {
- if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) {
+ if (cfg.infile != NULL) {
+ if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
BIO_printf(bio_err,
- "Can't open input file %s\n", smime_config.infile);
+ "Can't open input file %s\n", cfg.infile);
goto end;
}
} else {
goto end;
}
- if (smime_config.operation & SMIME_IP) {
- if (smime_config.informat == FORMAT_SMIME)
+ if (cfg.operation & SMIME_IP) {
+ if (cfg.informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
- else if (smime_config.informat == FORMAT_PEM)
+ else if (cfg.informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
- else if (smime_config.informat == FORMAT_ASN1)
+ else if (cfg.informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else {
BIO_printf(bio_err,
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
- if (smime_config.contfile != NULL) {
+ if (cfg.contfile != NULL) {
BIO_free(indata);
- if ((indata = BIO_new_file(smime_config.contfile,
+ if ((indata = BIO_new_file(cfg.contfile,
"rb")) == NULL) {
BIO_printf(bio_err,
"Can't read content file %s\n",
- smime_config.contfile);
+ cfg.contfile);
goto end;
}
}
}
- if (smime_config.outfile != NULL) {
- if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) {
+ if (cfg.outfile != NULL) {
+ if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
BIO_printf(bio_err,
"Can't open output file %s\n",
- smime_config.outfile);
+ cfg.outfile);
goto end;
}
} else {
goto end;
}
- if (smime_config.operation == SMIME_VERIFY) {
- if ((store = setup_verify(bio_err, smime_config.CAfile,
- smime_config.CApath)) == NULL)
+ if (cfg.operation == SMIME_VERIFY) {
+ if ((store = setup_verify(bio_err, cfg.CAfile,
+ cfg.CApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
- if (smime_config.vpm != NULL) {
- if (!X509_STORE_set1_param(store, smime_config.vpm))
+ if (cfg.vpm != NULL) {
+ if (!X509_STORE_set1_param(store, cfg.vpm))
goto end;
}
}
ret = 3;
- if (smime_config.operation == SMIME_ENCRYPT) {
- if (smime_config.indef)
- smime_config.flags |= PKCS7_STREAM;
- p7 = PKCS7_encrypt(encerts, in, smime_config.cipher,
- smime_config.flags);
- } else if (smime_config.operation & SMIME_SIGNERS) {
+ if (cfg.operation == SMIME_ENCRYPT) {
+ if (cfg.indef)
+ cfg.flags |= PKCS7_STREAM;
+ p7 = PKCS7_encrypt(encerts, in, cfg.cipher,
+ cfg.flags);
+ } else if (cfg.operation & SMIME_SIGNERS) {
int i;
/*
* If detached data content we only enable streaming if
* S/MIME output format.
*/
- if (smime_config.operation == SMIME_SIGN) {
- if (smime_config.flags & PKCS7_DETACHED) {
- if (smime_config.outformat == FORMAT_SMIME)
- smime_config.flags |= PKCS7_STREAM;
- } else if (smime_config.indef) {
- smime_config.flags |= PKCS7_STREAM;
+ if (cfg.operation == SMIME_SIGN) {
+ if (cfg.flags & PKCS7_DETACHED) {
+ if (cfg.outformat == FORMAT_SMIME)
+ cfg.flags |= PKCS7_STREAM;
+ } else if (cfg.indef) {
+ cfg.flags |= PKCS7_STREAM;
}
- smime_config.flags |= PKCS7_PARTIAL;
+ cfg.flags |= PKCS7_PARTIAL;
p7 = PKCS7_sign(NULL, NULL, other, in,
- smime_config.flags);
+ cfg.flags);
if (p7 == NULL)
goto end;
} else {
- smime_config.flags |= PKCS7_REUSE_DIGEST;
+ cfg.flags |= PKCS7_REUSE_DIGEST;
}
- for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) {
- smime_config.signerfile =
- sk_OPENSSL_STRING_value(smime_config.sksigners, i);
- smime_config.keyfile =
- sk_OPENSSL_STRING_value(smime_config.skkeys, i);
- signer = load_cert(bio_err, smime_config.signerfile,
+ for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
+ cfg.signerfile =
+ sk_OPENSSL_STRING_value(cfg.sksigners, i);
+ cfg.keyfile =
+ sk_OPENSSL_STRING_value(cfg.skkeys, i);
+ signer = load_cert(bio_err, cfg.signerfile,
FORMAT_PEM, NULL, "signer certificate");
if (signer == NULL)
goto end;
- key = load_key(bio_err, smime_config.keyfile,
- smime_config.keyform, 0, passin,
+ key = load_key(bio_err, cfg.keyfile,
+ cfg.keyform, 0, passin,
"signing key file");
if (key == NULL)
goto end;
if (PKCS7_sign_add_signer(p7, signer, key,
- smime_config.sign_md, smime_config.flags) == NULL)
+ cfg.sign_md, cfg.flags) == NULL)
goto end;
X509_free(signer);
signer = NULL;
key = NULL;
}
/* If not streaming or resigning finalize structure */
- if ((smime_config.operation == SMIME_SIGN) &&
- !(smime_config.flags & PKCS7_STREAM)) {
- if (!PKCS7_final(p7, in, smime_config.flags))
+ if ((cfg.operation == SMIME_SIGN) &&
+ !(cfg.flags & PKCS7_STREAM)) {
+ if (!PKCS7_final(p7, in, cfg.flags))
goto end;
}
}
}
ret = 4;
- if (smime_config.operation == SMIME_DECRYPT) {
- if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) {
+ if (cfg.operation == SMIME_DECRYPT) {
+ if (!PKCS7_decrypt(p7, key, recip, out, cfg.flags)) {
BIO_printf(bio_err,
"Error decrypting PKCS#7 structure\n");
goto end;
}
- } else if (smime_config.operation == SMIME_VERIFY) {
+ } else if (cfg.operation == SMIME_VERIFY) {
STACK_OF(X509) *signers;
if (PKCS7_verify(p7, other, store, indata, out,
- smime_config.flags)) {
+ cfg.flags)) {
BIO_printf(bio_err, "Verification successful\n");
} else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
if ((signers = PKCS7_get0_signers(p7, other,
- smime_config.flags)) == NULL)
+ cfg.flags)) == NULL)
goto end;
- if (!save_certs(smime_config.signerfile, signers)) {
+ if (!save_certs(cfg.signerfile, signers)) {
BIO_printf(bio_err, "Error writing signers to %s\n",
- smime_config.signerfile);
+ cfg.signerfile);
sk_X509_free(signers);
ret = 5;
goto end;
}
sk_X509_free(signers);
- } else if (smime_config.operation == SMIME_PK7OUT) {
+ } else if (cfg.operation == SMIME_PK7OUT) {
PEM_write_bio_PKCS7(out, p7);
} else {
- if (smime_config.to != NULL)
- BIO_printf(out, "To: %s\n", smime_config.to);
- if (smime_config.from != NULL)
- BIO_printf(out, "From: %s\n", smime_config.from);
- if (smime_config.subject != NULL)
- BIO_printf(out, "Subject: %s\n", smime_config.subject);
- if (smime_config.outformat == FORMAT_SMIME) {
- if (smime_config.operation == SMIME_RESIGN) {
+ if (cfg.to != NULL)
+ BIO_printf(out, "To: %s\n", cfg.to);
+ if (cfg.from != NULL)
+ BIO_printf(out, "From: %s\n", cfg.from);
+ if (cfg.subject != NULL)
+ BIO_printf(out, "Subject: %s\n", cfg.subject);
+ if (cfg.outformat == FORMAT_SMIME) {
+ if (cfg.operation == SMIME_RESIGN) {
if (!SMIME_write_PKCS7(out, p7, indata,
- smime_config.flags))
+ cfg.flags))
goto end;
} else {
if (!SMIME_write_PKCS7(out, p7, in,
- smime_config.flags))
+ cfg.flags))
goto end;
}
- } else if (smime_config.outformat == FORMAT_PEM) {
+ } else if (cfg.outformat == FORMAT_PEM) {
if (!PEM_write_bio_PKCS7_stream(out, p7, in,
- smime_config.flags))
+ cfg.flags))
goto end;
- } else if (smime_config.outformat == FORMAT_ASN1) {
+ } else if (cfg.outformat == FORMAT_ASN1) {
if (!i2d_PKCS7_bio_stream(out, p7, in,
- smime_config.flags))
+ cfg.flags))
goto end;
} else {
BIO_printf(bio_err,
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
- X509_VERIFY_PARAM_free(smime_config.vpm);
- sk_OPENSSL_STRING_free(smime_config.sksigners);
- sk_OPENSSL_STRING_free(smime_config.skkeys);
+ X509_VERIFY_PARAM_free(cfg.vpm);
+ sk_OPENSSL_STRING_free(cfg.sksigners);
+ sk_OPENSSL_STRING_free(cfg.skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
-/* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: spkac.c,v 1.13 2023/03/06 14:32:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999. Based on an original idea by Massimiliano Pala
* (madwolf@openca.org).
char *spkac;
char *spksect;
int verify;
-} spkac_config;
+} cfg;
static const struct option spkac_options[] = {
{
.argname = "string",
.desc = "Specify challenge string if SPKAC is generated",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.challenge,
+ .opt.arg = &cfg.challenge,
},
{
.name = "in",
.argname = "file",
.desc = "Input file (default stdin)",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "key",
.argname = "file",
.desc = "Create SPKAC using private key file",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.keyfile,
+ .opt.arg = &cfg.keyfile,
},
{
.name = "noout",
.desc = "Do not print text version of SPKAC",
.type = OPTION_FLAG,
- .opt.flag = &spkac_config.noout,
+ .opt.flag = &cfg.noout,
},
{
.name = "out",
.argname = "file",
.desc = "Output file (default stdout)",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "passin",
.argname = "src",
.desc = "Input file passphrase source",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "pubkey",
.desc = "Output public key of an SPKAC (not used if creating)",
.type = OPTION_FLAG,
- .opt.flag = &spkac_config.pubkey,
+ .opt.flag = &cfg.pubkey,
},
{
.name = "spkac",
.argname = "name",
.desc = "SPKAC name (default \"SPKAC\")",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.spkac,
+ .opt.arg = &cfg.spkac,
},
{
.name = "spksect",
.desc = "Name of the section containing SPKAC (default"
" \"default\")",
.type = OPTION_ARG,
- .opt.arg = &spkac_config.spksect,
+ .opt.arg = &cfg.spksect,
},
{
.name = "verify",
.desc = "Verify digital signature on supplied SPKAC",
.type = OPTION_FLAG,
- .opt.flag = &spkac_config.verify,
+ .opt.flag = &cfg.verify,
},
{ NULL }
};
exit(1);
}
- memset(&spkac_config, 0, sizeof(spkac_config));
- spkac_config.spkac = "SPKAC";
- spkac_config.spksect = "default";
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.spkac = "SPKAC";
+ cfg.spksect = "default";
if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) {
spkac_usage();
return (1);
}
- if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (spkac_config.keyfile) {
+ if (cfg.keyfile) {
pkey = load_key(bio_err,
- strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile
+ strcmp(cfg.keyfile, "-") ? cfg.keyfile
: NULL, FORMAT_PEM, 1, passin, "private key");
if (!pkey) {
goto end;
}
spki = NETSCAPE_SPKI_new();
- if (spkac_config.challenge)
+ if (cfg.challenge)
ASN1_STRING_set(spki->spkac->challenge,
- spkac_config.challenge,
- (int) strlen(spkac_config.challenge));
+ cfg.challenge,
+ (int) strlen(cfg.challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
goto end;
}
- if (spkac_config.outfile)
- out = BIO_new_file(spkac_config.outfile, "w");
+ if (cfg.outfile)
+ out = BIO_new_file(cfg.outfile, "w");
else
out = BIO_new_fp(stdout, BIO_NOCLOSE);
free(spkstr);
goto end;
}
- if (spkac_config.infile)
- in = BIO_new_file(spkac_config.infile, "r");
+ if (cfg.infile)
+ in = BIO_new_file(cfg.infile, "r");
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
ERR_print_errors(bio_err);
goto end;
}
- spkstr = NCONF_get_string(conf, spkac_config.spksect,
- spkac_config.spkac);
+ spkstr = NCONF_get_string(conf, cfg.spksect,
+ cfg.spkac);
if (!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n",
- spkac_config.spkac);
+ cfg.spkac);
ERR_print_errors(bio_err);
goto end;
}
ERR_print_errors(bio_err);
goto end;
}
- if (spkac_config.outfile)
- out = BIO_new_file(spkac_config.outfile, "w");
+ if (cfg.outfile)
+ out = BIO_new_file(cfg.outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
ERR_print_errors(bio_err);
goto end;
}
- if (!spkac_config.noout)
+ if (!cfg.noout)
NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
- if (spkac_config.verify) {
+ if (cfg.verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
BIO_printf(bio_err, "Signature OK\n");
goto end;
}
}
- if (spkac_config.pubkey)
+ if (cfg.pubkey)
PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
-/* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
int token_in;
int token_out;
char *untrusted;
-} ts_config;
+} cfg;
static int
ts_opt_md(int argc, char **argv, int *argsused)
if (*name++ != '-')
return (1);
- if ((ts_config.md = EVP_get_digestbyname(name)) == NULL)
+ if ((cfg.md = EVP_get_digestbyname(name)) == NULL)
return (1);
*argsused = 1;
static int
ts_opt_query(void)
{
- if (ts_config.mode != CMD_NONE)
+ if (cfg.mode != CMD_NONE)
return (1);
- ts_config.mode = CMD_QUERY;
+ cfg.mode = CMD_QUERY;
return (0);
}
static int
ts_opt_reply(void)
{
- if (ts_config.mode != CMD_NONE)
+ if (cfg.mode != CMD_NONE)
return (1);
- ts_config.mode = CMD_REPLY;
+ cfg.mode = CMD_REPLY;
return (0);
}
static int
ts_opt_verify(void)
{
- if (ts_config.mode != CMD_NONE)
+ if (cfg.mode != CMD_NONE)
return (1);
- ts_config.mode = CMD_VERIFY;
+ cfg.mode = CMD_VERIFY;
return (0);
}
.argname = "file",
.desc = "Certificate Authority file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.ca_file,
+ .opt.arg = &cfg.ca_file,
},
{
.name = "CApath",
.argname = "path",
.desc = "Certificate Authority path",
.type = OPTION_ARG,
- .opt.arg = &ts_config.ca_path,
+ .opt.arg = &cfg.ca_path,
},
{
.name = "cert",
.desc = "Include signing certificate in the response",
.type = OPTION_FLAG,
- .opt.flag = &ts_config.cert,
+ .opt.flag = &cfg.cert,
},
{
.name = "chain",
.argname = "file",
.desc = "PEM certificates that will be included in the response",
.type = OPTION_ARG,
- .opt.arg = &ts_config.chain,
+ .opt.arg = &cfg.chain,
},
{
.name = "config",
.argname = "file",
.desc = "Specify an alternative configuration file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.configfile,
+ .opt.arg = &cfg.configfile,
},
{
.name = "data",
.argname = "file",
.desc = "Data file for which the time stamp request needs to be created",
.type = OPTION_ARG,
- .opt.arg = &ts_config.data,
+ .opt.arg = &cfg.data,
},
{
.name = "digest",
.argname = "arg",
.desc = "Specify the message imprint explicitly without the data file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.digest,
+ .opt.arg = &cfg.digest,
},
{
.name = "in",
.argname = "file",
.desc = "Input file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.in,
+ .opt.arg = &cfg.in,
},
{
.name = "inkey",
.argname = "file",
.desc = "Input key file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.inkey,
+ .opt.arg = &cfg.inkey,
},
{
.name = "no_nonce",
.desc = "Specify no nonce in the request",
.type = OPTION_FLAG,
- .opt.flag = &ts_config.no_nonce,
+ .opt.flag = &cfg.no_nonce,
},
{
.name = "out",
.argname = "file",
.desc = "Output file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.out,
+ .opt.arg = &cfg.out,
},
{
.name = "passin",
.argname = "src",
.desc = "Private key password source",
.type = OPTION_ARG,
- .opt.arg = &ts_config.passin,
+ .opt.arg = &cfg.passin,
},
{
.name = "policy",
.argname = "object_id",
.desc = "Policy for the TSA to use when creating the time stamp token",
.type = OPTION_ARG,
- .opt.arg = &ts_config.policy,
+ .opt.arg = &cfg.policy,
},
{
.name = "query",
.argname = "file",
.desc = "File containing a DER-encoded time stamp request",
.type = OPTION_ARG,
- .opt.arg = &ts_config.queryfile,
+ .opt.arg = &cfg.queryfile,
},
{
.name = "reply",
.argname = "arg",
.desc = "TSA section containing the settings for response generation",
.type = OPTION_ARG,
- .opt.arg = &ts_config.section,
+ .opt.arg = &cfg.section,
},
{
.name = "signer",
.argname = "file",
.desc = "Signer certificate file",
.type = OPTION_ARG,
- .opt.arg = &ts_config.signer,
+ .opt.arg = &cfg.signer,
},
{
.name = "text",
.desc = "Output in human-readable text format",
.type = OPTION_FLAG,
- .opt.flag = &ts_config.text,
+ .opt.flag = &cfg.text,
},
{
.name = "token_in",
.desc = "Input is a DER-encoded time stamp token",
.type = OPTION_FLAG,
- .opt.flag = &ts_config.token_in,
+ .opt.flag = &cfg.token_in,
},
{
.name = "token_out",
.desc = "Output is a DER-encoded time stamp token",
.type = OPTION_FLAG,
- .opt.flag = &ts_config.token_out,
+ .opt.flag = &cfg.token_out,
},
{
.name = "untrusted",
.argname = "file",
.desc = "File containing untrusted certificates",
.type = OPTION_ARG,
- .opt.arg = &ts_config.untrusted,
+ .opt.arg = &cfg.untrusted,
},
{
.name = "verify",
exit(1);
}
- memset(&ts_config, 0, sizeof(ts_config));
- ts_config.mode = CMD_NONE;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.mode = CMD_NONE;
if (options_parse(argc, argv, ts_options, NULL, NULL) != 0)
goto usage;
/* Get the password if required. */
- if (ts_config.mode == CMD_REPLY && ts_config.passin != NULL &&
- !app_passwd(bio_err, ts_config.passin, NULL, &password, NULL)) {
+ if (cfg.mode == CMD_REPLY && cfg.passin != NULL &&
+ !app_passwd(bio_err, cfg.passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");
goto cleanup;
}
* Check consistency of parameters and execute the appropriate
* function.
*/
- switch (ts_config.mode) {
+ switch (cfg.mode) {
case CMD_NONE:
goto usage;
case CMD_QUERY:
* Data file and message imprint cannot be specified at the
* same time.
*/
- ret = ts_config.data != NULL && ts_config.digest != NULL;
+ ret = cfg.data != NULL && cfg.digest != NULL;
if (ret)
goto usage;
/* Load the config file for possible policy OIDs. */
- conf = load_config_file(ts_config.configfile);
- ret = !query_command(ts_config.data, ts_config.digest,
- ts_config.md, ts_config.policy, ts_config.no_nonce,
- ts_config.cert, ts_config.in, ts_config.out,
- ts_config.text);
+ conf = load_config_file(cfg.configfile);
+ ret = !query_command(cfg.data, cfg.digest,
+ cfg.md, cfg.policy, cfg.no_nonce,
+ cfg.cert, cfg.in, cfg.out,
+ cfg.text);
break;
case CMD_REPLY:
- conf = load_config_file(ts_config.configfile);
- if (ts_config.in == NULL) {
- ret = !(ts_config.queryfile != NULL && conf != NULL &&
- !ts_config.token_in);
+ conf = load_config_file(cfg.configfile);
+ if (cfg.in == NULL) {
+ ret = !(cfg.queryfile != NULL && conf != NULL &&
+ !cfg.token_in);
if (ret)
goto usage;
} else {
/* 'in' and 'queryfile' are exclusive. */
- ret = !(ts_config.queryfile == NULL);
+ ret = !(cfg.queryfile == NULL);
if (ret)
goto usage;
}
- ret = !reply_command(conf, ts_config.section,
- ts_config.queryfile, password, ts_config.inkey,
- ts_config.signer, ts_config.chain, ts_config.policy,
- ts_config.in, ts_config.token_in, ts_config.out,
- ts_config.token_out, ts_config.text);
+ ret = !reply_command(conf, cfg.section,
+ cfg.queryfile, password, cfg.inkey,
+ cfg.signer, cfg.chain, cfg.policy,
+ cfg.in, cfg.token_in, cfg.out,
+ cfg.token_out, cfg.text);
break;
case CMD_VERIFY:
- ret = !(((ts_config.queryfile != NULL && ts_config.data == NULL &&
- ts_config.digest == NULL) ||
- (ts_config.queryfile == NULL && ts_config.data != NULL &&
- ts_config.digest == NULL) ||
- (ts_config.queryfile == NULL && ts_config.data == NULL &&
- ts_config.digest != NULL)) &&
- ts_config.in != NULL);
+ ret = !(((cfg.queryfile != NULL && cfg.data == NULL &&
+ cfg.digest == NULL) ||
+ (cfg.queryfile == NULL && cfg.data != NULL &&
+ cfg.digest == NULL) ||
+ (cfg.queryfile == NULL && cfg.data == NULL &&
+ cfg.digest != NULL)) &&
+ cfg.in != NULL);
if (ret)
goto usage;
- ret = !verify_command(ts_config.data, ts_config.digest,
- ts_config.queryfile, ts_config.in, ts_config.token_in,
- ts_config.ca_path, ts_config.ca_file, ts_config.untrusted);
+ ret = !verify_command(cfg.data, cfg.digest,
+ cfg.queryfile, cfg.in, cfg.token_in,
+ cfg.ca_path, cfg.ca_file, cfg.untrusted);
}
goto cleanup;
-/* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: verify.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *untfile;
int verbose;
X509_VERIFY_PARAM *vpm;
-} verify_config;
+} cfg;
static int
verify_opt_args(int argc, char **argv, int *argsused)
int oargc = argc;
int badarg = 0;
- if (!args_verify(&argv, &argc, &badarg, bio_err, &verify_config.vpm))
+ if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
return (1);
if (badarg)
return (1);
.argname = "file",
.desc = "Certificate Authority file",
.type = OPTION_ARG,
- .opt.arg = &verify_config.CAfile,
+ .opt.arg = &cfg.CAfile,
},
{
.name = "CApath",
.argname = "path",
.desc = "Certificate Authority path",
.type = OPTION_ARG,
- .opt.arg = &verify_config.CApath,
+ .opt.arg = &cfg.CApath,
},
{
.name = "CRLfile",
.argname = "file",
.desc = "Certificate Revocation List file",
.type = OPTION_ARG,
- .opt.arg = &verify_config.crlfile,
+ .opt.arg = &cfg.crlfile,
},
{
.name = "trusted",
.argname = "file",
.desc = "Trusted certificates file",
.type = OPTION_ARG,
- .opt.arg = &verify_config.trustfile,
+ .opt.arg = &cfg.trustfile,
},
{
.name = "untrusted",
.argname = "file",
.desc = "Untrusted certificates file",
.type = OPTION_ARG,
- .opt.arg = &verify_config.untfile,
+ .opt.arg = &cfg.untfile,
},
{
.name = "verbose",
.desc = "Verbose",
.type = OPTION_FLAG,
- .opt.flag = &verify_config.verbose,
+ .opt.flag = &cfg.verbose,
},
{
.name = NULL,
exit(1);
}
- memset(&verify_config, 0, sizeof(verify_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) {
verify_usage();
goto end;
X509_STORE_set_verify_cb(cert_ctx, cb);
- if (verify_config.vpm)
- X509_STORE_set1_param(cert_ctx, verify_config.vpm);
+ if (cfg.vpm)
+ X509_STORE_set1_param(cert_ctx, cfg.vpm);
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
if (lookup == NULL)
abort(); /* XXX */
- if (verify_config.CAfile) {
- if (!X509_LOOKUP_load_file(lookup, verify_config.CAfile,
+ if (cfg.CAfile) {
+ if (!X509_LOOKUP_load_file(lookup, cfg.CAfile,
X509_FILETYPE_PEM)) {
BIO_printf(bio_err, "Error loading file %s\n",
- verify_config.CAfile);
+ cfg.CAfile);
ERR_print_errors(bio_err);
goto end;
}
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
if (lookup == NULL)
abort(); /* XXX */
- if (verify_config.CApath) {
- if (!X509_LOOKUP_add_dir(lookup, verify_config.CApath,
+ if (cfg.CApath) {
+ if (!X509_LOOKUP_add_dir(lookup, cfg.CApath,
X509_FILETYPE_PEM)) {
BIO_printf(bio_err, "Error loading directory %s\n",
- verify_config.CApath);
+ cfg.CApath);
ERR_print_errors(bio_err);
goto end;
}
ERR_clear_error();
- if (verify_config.untfile) {
- untrusted = load_certs(bio_err, verify_config.untfile,
+ if (cfg.untfile) {
+ untrusted = load_certs(bio_err, cfg.untfile,
FORMAT_PEM, NULL, "untrusted certificates");
if (!untrusted)
goto end;
}
- if (verify_config.trustfile) {
- trusted = load_certs(bio_err, verify_config.trustfile,
+ if (cfg.trustfile) {
+ trusted = load_certs(bio_err, cfg.trustfile,
FORMAT_PEM, NULL, "trusted certificates");
if (!trusted)
goto end;
}
- if (verify_config.crlfile) {
- crls = load_crls(bio_err, verify_config.crlfile, FORMAT_PEM,
+ if (cfg.crlfile) {
+ crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM,
NULL, "other CRLs");
if (!crls)
goto end;
}
end:
- if (verify_config.vpm)
- X509_VERIFY_PARAM_free(verify_config.vpm);
+ if (cfg.vpm)
+ X509_VERIFY_PARAM_free(cfg.vpm);
if (cert_ctx != NULL)
X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
}
if (cert_error == X509_V_OK && ok == 2)
policies_print(NULL, ctx);
- if (!verify_config.verbose)
+ if (!cfg.verbose)
ERR_clear_error();
return (ok);
}
-/* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: version.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int options;
int platform;
int version;
-} version_config;
+} cfg;
static int
version_all_opts(void)
{
- version_config.cflags = 1;
- version_config.date = 1;
- version_config.dir= 1;
- version_config.options = 1;
- version_config.platform = 1;
- version_config.version = 1;
+ cfg.cflags = 1;
+ cfg.date = 1;
+ cfg.dir= 1;
+ cfg.options = 1;
+ cfg.platform = 1;
+ cfg.version = 1;
return (0);
}
.name = "b",
.desc = "Date the current version of OpenSSL was built",
.type = OPTION_FLAG,
- .opt.flag = &version_config.date,
+ .opt.flag = &cfg.date,
},
{
.name = "d",
.desc = "OPENSSLDIR value",
.type = OPTION_FLAG,
- .opt.flag = &version_config.dir,
+ .opt.flag = &cfg.dir,
},
{
.name = "f",
.desc = "Compilation flags",
.type = OPTION_FLAG,
- .opt.flag = &version_config.cflags,
+ .opt.flag = &cfg.cflags,
},
{
.name = "o",
.desc = "Option information",
.type = OPTION_FLAG,
- .opt.flag = &version_config.options,
+ .opt.flag = &cfg.options,
},
{
.name = "p",
.desc = "Platform settings",
.type = OPTION_FLAG,
- .opt.flag = &version_config.platform,
+ .opt.flag = &cfg.platform,
},
{
.name = "v",
.desc = "Current OpenSSL version",
.type = OPTION_FLAG,
- .opt.flag = &version_config.version,
+ .opt.flag = &cfg.version,
},
{NULL},
};
exit(1);
}
- memset(&version_config, 0, sizeof(version_config));
+ memset(&cfg, 0, sizeof(cfg));
if (options_parse(argc, argv, version_options, NULL, NULL) != 0) {
version_usage();
}
if (argc == 1)
- version_config.version = 1;
+ cfg.version = 1;
- if (version_config.version) {
+ if (cfg.version) {
if (SSLeay() == SSLEAY_VERSION_NUMBER) {
printf("%s\n", SSLeay_version(SSLEAY_VERSION));
} else {
SSLeay_version(SSLEAY_VERSION));
}
}
- if (version_config.date)
+ if (cfg.date)
printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
- if (version_config.platform)
+ if (cfg.platform)
printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
- if (version_config.options) {
+ if (cfg.options) {
printf("options: ");
printf("%s ", BN_options());
#ifndef OPENSSL_NO_RC4
#endif
printf("\n");
}
- if (version_config.cflags)
+ if (cfg.cflags)
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
- if (version_config.dir)
+ if (cfg.dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
return (0);
-/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */
+/* $OpenBSD: x509.c,v 1.31 2023/03/06 14:32:06 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
STACK_OF(ASN1_OBJECT) *trust;
int trustout;
int x509req;
-} x509_config;
+} cfg;
static int
x509_opt_addreject(char *arg)
{
- if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
+ if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
BIO_printf(bio_err, "Invalid reject object value %s\n", arg);
return (1);
}
- if (x509_config.reject == NULL &&
- (x509_config.reject = sk_ASN1_OBJECT_new_null()) == NULL)
+ if (cfg.reject == NULL &&
+ (cfg.reject = sk_ASN1_OBJECT_new_null()) == NULL)
return (1);
- if (!sk_ASN1_OBJECT_push(x509_config.reject, x509_config.objtmp))
+ if (!sk_ASN1_OBJECT_push(cfg.reject, cfg.objtmp))
return (1);
- x509_config.trustout = 1;
+ cfg.trustout = 1;
return (0);
}
static int
x509_opt_addtrust(char *arg)
{
- if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
+ if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
BIO_printf(bio_err, "Invalid trust object value %s\n", arg);
return (1);
}
- if (x509_config.trust == NULL &&
- (x509_config.trust = sk_ASN1_OBJECT_new_null()) == NULL)
+ if (cfg.trust == NULL &&
+ (cfg.trust = sk_ASN1_OBJECT_new_null()) == NULL)
return (1);
- if (!sk_ASN1_OBJECT_push(x509_config.trust, x509_config.objtmp))
+ if (!sk_ASN1_OBJECT_push(cfg.trust, cfg.objtmp))
return (1);
- x509_config.trustout = 1;
+ cfg.trustout = 1;
return (0);
}
static int
x509_opt_ca(char *arg)
{
- x509_config.CAfile = arg;
- x509_config.CA_flag = ++x509_config.num;
+ cfg.CAfile = arg;
+ cfg.CA_flag = ++cfg.num;
return (0);
}
static int
x509_opt_certopt(char *arg)
{
- if (!set_cert_ex(&x509_config.certflag, arg))
+ if (!set_cert_ex(&cfg.certflag, arg))
return (1);
return (0);
{
const char *errstr;
- x509_config.checkoffset = strtonum(arg, 0, INT_MAX, &errstr);
+ cfg.checkoffset = strtonum(arg, 0, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "checkend unusable: %s\n", errstr);
return (1);
}
- x509_config.checkend = 1;
+ cfg.checkend = 1;
return (0);
}
static int
x509_opt_dates(void)
{
- x509_config.startdate = ++x509_config.num;
- x509_config.enddate = ++x509_config.num;
+ cfg.startdate = ++cfg.num;
+ cfg.enddate = ++cfg.num;
return (0);
}
{
const char *errstr;
- x509_config.days = strtonum(arg, 1, INT_MAX, &errstr);
+ cfg.days = strtonum(arg, 1, INT_MAX, &errstr);
if (errstr != NULL) {
BIO_printf(bio_err, "bad number of days: %s\n", errstr);
return (1);
if (*name++ != '-')
return (1);
- if ((x509_config.md_alg = EVP_get_digestbyname(name)) != NULL) {
- x509_config.digest = x509_config.md_alg;
+ if ((cfg.md_alg = EVP_get_digestbyname(name)) != NULL) {
+ cfg.digest = cfg.md_alg;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
- x509_config.badops = 1;
+ cfg.badops = 1;
return (1);
}
static int
x509_opt_nameopt(char *arg)
{
- if (!set_name_ex(&x509_config.nmflag, arg))
+ if (!set_name_ex(&cfg.nmflag, arg))
return (1);
return (0);
static int
x509_opt_set_serial(char *arg)
{
- ASN1_INTEGER_free(x509_config.sno);
- if ((x509_config.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL)
+ ASN1_INTEGER_free(cfg.sno);
+ if ((cfg.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL)
return (1);
return (0);
static int
x509_opt_setalias(char *arg)
{
- x509_config.alias = arg;
- x509_config.trustout = 1;
+ cfg.alias = arg;
+ cfg.trustout = 1;
return (0);
}
static int
x509_opt_signkey(char *arg)
{
- x509_config.keyfile = arg;
- x509_config.sign_flag = ++x509_config.num;
+ cfg.keyfile = arg;
+ cfg.sign_flag = ++cfg.num;
return (0);
}
static int
x509_opt_sigopt(char *arg)
{
- if (x509_config.sigopts == NULL &&
- (x509_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
+ if (cfg.sigopts == NULL &&
+ (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
return (1);
- if (!sk_OPENSSL_STRING_push(x509_config.sigopts, arg))
+ if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
return (1);
return (0);
.name = "C",
.desc = "Convert the certificate into C code",
.type = OPTION_ORDER,
- .opt.order = &x509_config.C,
- .order = &x509_config.num,
+ .opt.order = &cfg.C,
+ .order = &cfg.num,
},
{
.name = "addreject",
.name = "alias",
.desc = "Output certificate alias",
.type = OPTION_ORDER,
- .opt.order = &x509_config.aliasout,
- .order = &x509_config.num,
+ .opt.order = &cfg.aliasout,
+ .order = &cfg.num,
},
{
.name = "CA",
.name = "CAcreateserial",
.desc = "Create serial number file if it does not exist",
.type = OPTION_ORDER,
- .opt.order = &x509_config.CA_createserial,
- .order = &x509_config.num,
+ .opt.order = &cfg.CA_createserial,
+ .order = &cfg.num,
},
{
.name = "CAform",
.argname = "fmt",
.desc = "CA format - default PEM",
.type = OPTION_ARG_FORMAT,
- .opt.value = &x509_config.CAformat,
+ .opt.value = &cfg.CAformat,
},
{
.name = "CAkey",
.desc = "CA key in PEM format unless -CAkeyform is specified\n"
"if omitted, the key is assumed to be in the CA file",
.type = OPTION_ARG,
- .opt.arg = &x509_config.CAkeyfile,
+ .opt.arg = &cfg.CAkeyfile,
},
{
.name = "CAkeyform",
.argname = "fmt",
.desc = "CA key format - default PEM",
.type = OPTION_ARG_FORMAT,
- .opt.value = &x509_config.CAkeyformat,
+ .opt.value = &cfg.CAkeyformat,
},
{
.name = "CAserial",
.argname = "file",
.desc = "Serial file",
.type = OPTION_ARG,
- .opt.arg = &x509_config.CAserial,
+ .opt.arg = &cfg.CAserial,
},
{
.name = "certopt",
.name = "clrext",
.desc = "Clear all extensions",
.type = OPTION_FLAG,
- .opt.flag = &x509_config.clrext,
+ .opt.flag = &cfg.clrext,
},
{
.name = "clrreject",
.desc = "Clear all rejected purposes",
.type = OPTION_ORDER,
- .opt.order = &x509_config.clrreject,
- .order = &x509_config.num,
+ .opt.order = &cfg.clrreject,
+ .order = &cfg.num,
},
{
.name = "clrtrust",
.desc = "Clear all trusted purposes",
.type = OPTION_ORDER,
- .opt.order = &x509_config.clrtrust,
- .order = &x509_config.num,
+ .opt.order = &cfg.clrtrust,
+ .order = &cfg.num,
},
{
.name = "dates",
.name = "email",
.desc = "Print email address(es)",
.type = OPTION_ORDER,
- .opt.order = &x509_config.email,
- .order = &x509_config.num,
+ .opt.order = &cfg.email,
+ .order = &cfg.num,
},
{
.name = "enddate",
.desc = "Print notAfter field",
.type = OPTION_ORDER,
- .opt.order = &x509_config.enddate,
- .order = &x509_config.num,
+ .opt.order = &cfg.enddate,
+ .order = &cfg.num,
},
{
.name = "extensions",
.argname = "section",
.desc = "Section from config file with X509V3 extensions to add",
.type = OPTION_ARG,
- .opt.arg = &x509_config.extsect,
+ .opt.arg = &cfg.extsect,
},
{
.name = "extfile",
.argname = "file",
.desc = "Configuration file with X509V3 extensions to add",
.type = OPTION_ARG,
- .opt.arg = &x509_config.extfile,
+ .opt.arg = &cfg.extfile,
},
{
.name = "fingerprint",
.desc = "Print the certificate fingerprint",
.type = OPTION_ORDER,
- .opt.order = &x509_config.fingerprint,
- .order = &x509_config.num,
+ .opt.order = &cfg.fingerprint,
+ .order = &cfg.num,
},
{
.name = "hash",
.desc = "Synonym for -subject_hash",
.type = OPTION_ORDER,
- .opt.order = &x509_config.subject_hash,
- .order = &x509_config.num,
+ .opt.order = &cfg.subject_hash,
+ .order = &cfg.num,
},
{
.name = "in",
.argname = "file",
.desc = "Input file - default stdin",
.type = OPTION_ARG,
- .opt.arg = &x509_config.infile,
+ .opt.arg = &cfg.infile,
},
{
.name = "inform",
.argname = "fmt",
.desc = "Input format - default PEM (one of DER, NET or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &x509_config.informat,
+ .opt.value = &cfg.informat,
},
{
.name = "issuer",
.desc = "Print issuer name",
.type = OPTION_ORDER,
- .opt.order = &x509_config.issuer,
- .order = &x509_config.num,
+ .opt.order = &cfg.issuer,
+ .order = &cfg.num,
},
{
.name = "issuer_hash",
.desc = "Print issuer hash value",
.type = OPTION_ORDER,
- .opt.order = &x509_config.issuer_hash,
- .order = &x509_config.num,
+ .opt.order = &cfg.issuer_hash,
+ .order = &cfg.num,
},
#ifndef OPENSSL_NO_MD5
{
.name = "issuer_hash_old",
.desc = "Print old-style (MD5) issuer hash value",
.type = OPTION_ORDER,
- .opt.order = &x509_config.issuer_hash_old,
- .order = &x509_config.num,
+ .opt.order = &cfg.issuer_hash_old,
+ .order = &cfg.num,
},
#endif
{
.argname = "fmt",
.desc = "Private key format - default PEM",
.type = OPTION_ARG_FORMAT,
- .opt.value = &x509_config.keyformat,
+ .opt.value = &cfg.keyformat,
},
{
.name = "modulus",
.desc = "Print the RSA key modulus",
.type = OPTION_ORDER,
- .opt.order = &x509_config.modulus,
- .order = &x509_config.num,
+ .opt.order = &cfg.modulus,
+ .order = &cfg.num,
},
{
.name = "nameopt",
.name = "next_serial",
.desc = "Print the next serial number",
.type = OPTION_ORDER,
- .opt.order = &x509_config.next_serial,
- .order = &x509_config.num,
+ .opt.order = &cfg.next_serial,
+ .order = &cfg.num,
},
{
.name = "noout",
.desc = "No certificate output",
.type = OPTION_ORDER,
- .opt.order = &x509_config.noout,
- .order = &x509_config.num,
+ .opt.order = &cfg.noout,
+ .order = &cfg.num,
},
{
.name = "ocsp_uri",
.desc = "Print OCSP Responder URL(s)",
.type = OPTION_ORDER,
- .opt.order = &x509_config.ocsp_uri,
- .order = &x509_config.num,
+ .opt.order = &cfg.ocsp_uri,
+ .order = &cfg.num,
},
{
.name = "ocspid",
.desc = "Print OCSP hash values for the subject name and public key",
.type = OPTION_ORDER,
- .opt.order = &x509_config.ocspid,
- .order = &x509_config.num,
+ .opt.order = &cfg.ocspid,
+ .order = &cfg.num,
},
{
.name = "out",
.argname = "file",
.desc = "Output file - default stdout",
.type = OPTION_ARG,
- .opt.arg = &x509_config.outfile,
+ .opt.arg = &cfg.outfile,
},
{
.name = "outform",
.argname = "fmt",
.desc = "Output format - default PEM (one of DER, NET or PEM)",
.type = OPTION_ARG_FORMAT,
- .opt.value = &x509_config.outformat,
+ .opt.value = &cfg.outformat,
},
{
.name = "passin",
.argname = "src",
.desc = "Private key password source",
.type = OPTION_ARG,
- .opt.arg = &x509_config.passargin,
+ .opt.arg = &cfg.passargin,
},
{
.name = "pubkey",
.desc = "Output the public key",
.type = OPTION_ORDER,
- .opt.order = &x509_config.pubkey,
- .order = &x509_config.num,
+ .opt.order = &cfg.pubkey,
+ .order = &cfg.num,
},
{
.name = "purpose",
.desc = "Print out certificate purposes",
.type = OPTION_ORDER,
- .opt.order = &x509_config.pprint,
- .order = &x509_config.num,
+ .opt.order = &cfg.pprint,
+ .order = &cfg.num,
},
{
.name = "req",
.desc = "Input is a certificate request, sign and output",
.type = OPTION_FLAG,
- .opt.flag = &x509_config.reqfile,
+ .opt.flag = &cfg.reqfile,
},
{
.name = "serial",
.desc = "Print serial number value",
.type = OPTION_ORDER,
- .opt.order = &x509_config.serial,
- .order = &x509_config.num,
+ .opt.order = &cfg.serial,
+ .order = &cfg.num,
},
{
.name = "set_serial",
.name = "startdate",
.desc = "Print notBefore field",
.type = OPTION_ORDER,
- .opt.order = &x509_config.startdate,
- .order = &x509_config.num,
+ .opt.order = &cfg.startdate,
+ .order = &cfg.num,
},
{
.name = "subject",
.desc = "Print subject name",
.type = OPTION_ORDER,
- .opt.order = &x509_config.subject,
- .order = &x509_config.num,
+ .opt.order = &cfg.subject,
+ .order = &cfg.num,
},
{
.name = "subject_hash",
.desc = "Print subject hash value",
.type = OPTION_ORDER,
- .opt.order = &x509_config.subject_hash,
- .order = &x509_config.num,
+ .opt.order = &cfg.subject_hash,
+ .order = &cfg.num,
},
#ifndef OPENSSL_NO_MD5
{
.name = "subject_hash_old",
.desc = "Print old-style (MD5) subject hash value",
.type = OPTION_ORDER,
- .opt.order = &x509_config.subject_hash_old,
- .order = &x509_config.num,
+ .opt.order = &cfg.subject_hash_old,
+ .order = &cfg.num,
},
#endif
{
.name = "text",
.desc = "Print the certificate in text form",
.type = OPTION_ORDER,
- .opt.order = &x509_config.text,
- .order = &x509_config.num,
+ .opt.order = &cfg.text,
+ .order = &cfg.num,
},
{
.name = "trustout",
.desc = "Output a trusted certificate",
.type = OPTION_FLAG,
- .opt.flag = &x509_config.trustout,
+ .opt.flag = &cfg.trustout,
},
{
.name = "x509toreq",
.desc = "Output a certification request object",
.type = OPTION_ORDER,
- .opt.order = &x509_config.x509req,
- .order = &x509_config.num,
+ .opt.order = &cfg.x509req,
+ .order = &cfg.num,
},
{
.name = NULL,
exit(1);
}
- memset(&x509_config, 0, sizeof(x509_config));
- x509_config.days = DEF_DAYS;
- x509_config.informat = FORMAT_PEM;
- x509_config.outformat = FORMAT_PEM;
- x509_config.keyformat = FORMAT_PEM;
- x509_config.CAformat = FORMAT_PEM;
- x509_config.CAkeyformat = FORMAT_PEM;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.days = DEF_DAYS;
+ cfg.informat = FORMAT_PEM;
+ cfg.outformat = FORMAT_PEM;
+ cfg.keyformat = FORMAT_PEM;
+ cfg.CAformat = FORMAT_PEM;
+ cfg.CAkeyformat = FORMAT_PEM;
STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
if (options_parse(argc, argv, x509_options, NULL, NULL) != 0)
goto bad;
- if (x509_config.badops) {
+ if (cfg.badops) {
bad:
x509_usage();
goto end;
}
- if (!app_passwd(bio_err, x509_config.passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
ERR_print_errors(bio_err);
goto end;
}
- if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) &&
- (x509_config.CAformat == FORMAT_PEM)) {
- x509_config.CAkeyfile = x509_config.CAfile;
- } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) {
+ if ((cfg.CAkeyfile == NULL) && (cfg.CA_flag) &&
+ (cfg.CAformat == FORMAT_PEM)) {
+ cfg.CAkeyfile = cfg.CAfile;
+ } else if ((cfg.CA_flag) && (cfg.CAkeyfile == NULL)) {
BIO_printf(bio_err,
"need to specify a CAkey if using the CA command\n");
goto end;
}
- if (x509_config.extfile != NULL) {
+ if (cfg.extfile != NULL) {
long errorline = -1;
X509V3_CTX ctx2;
extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, x509_config.extfile, &errorline)) {
+ if (!NCONF_load(extconf, cfg.extfile, &errorline)) {
if (errorline <= 0)
BIO_printf(bio_err,
"error loading the config file '%s'\n",
- x509_config.extfile);
+ cfg.extfile);
else
BIO_printf(bio_err,
"error on line %ld of config file '%s'\n",
- errorline, x509_config.extfile);
+ errorline, cfg.extfile);
goto end;
}
- if (x509_config.extsect == NULL) {
- x509_config.extsect = NCONF_get_string(extconf,
+ if (cfg.extsect == NULL) {
+ cfg.extsect = NCONF_get_string(extconf,
"default", "extensions");
- if (x509_config.extsect == NULL) {
+ if (cfg.extsect == NULL) {
ERR_clear_error();
- x509_config.extsect = "default";
+ cfg.extsect = "default";
}
}
X509V3_set_ctx_test(&ctx2);
X509V3_set_nconf(&ctx2, extconf);
- if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect,
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, cfg.extsect,
NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
- x509_config.extsect);
+ cfg.extsect);
ERR_print_errors(bio_err);
goto end;
}
}
- if (x509_config.reqfile) {
+ if (cfg.reqfile) {
EVP_PKEY *pkey;
BIO *in;
- if (!x509_config.sign_flag && !x509_config.CA_flag) {
+ if (!cfg.sign_flag && !cfg.CA_flag) {
BIO_printf(bio_err,
"We need a private key to sign with\n");
goto end;
ERR_print_errors(bio_err);
goto end;
}
- if (x509_config.infile == NULL)
+ if (cfg.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
else {
- if (BIO_read_filename(in, x509_config.infile) <= 0) {
- perror(x509_config.infile);
+ if (BIO_read_filename(in, cfg.infile) <= 0) {
+ perror(cfg.infile);
BIO_free(in);
goto end;
}
BIO_printf(bio_err, "Signature ok\n");
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
- x509_config.nmflag);
+ cfg.nmflag);
if ((x = X509_new()) == NULL)
goto end;
- if (x509_config.sno == NULL) {
- x509_config.sno = ASN1_INTEGER_new();
- if (x509_config.sno == NULL ||
- !rand_serial(NULL, x509_config.sno))
+ if (cfg.sno == NULL) {
+ cfg.sno = ASN1_INTEGER_new();
+ if (cfg.sno == NULL ||
+ !rand_serial(NULL, cfg.sno))
goto end;
- if (!X509_set_serialNumber(x, x509_config.sno))
+ if (!X509_set_serialNumber(x, cfg.sno))
goto end;
- ASN1_INTEGER_free(x509_config.sno);
- x509_config.sno = NULL;
- } else if (!X509_set_serialNumber(x, x509_config.sno))
+ ASN1_INTEGER_free(cfg.sno);
+ cfg.sno = NULL;
+ } else if (!X509_set_serialNumber(x, cfg.sno))
goto end;
if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto end;
- if (X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0,
+ if (X509_time_adj_ex(X509_get_notAfter(x), cfg.days, 0,
NULL) == NULL)
goto end;
goto end;
}
} else {
- x = load_cert(bio_err, x509_config.infile, x509_config.informat,
+ x = load_cert(bio_err, cfg.infile, cfg.informat,
NULL, "Certificate");
}
if (x == NULL)
goto end;
- if (x509_config.CA_flag) {
- xca = load_cert(bio_err, x509_config.CAfile,
- x509_config.CAformat, NULL, "CA Certificate");
+ if (cfg.CA_flag) {
+ xca = load_cert(bio_err, cfg.CAfile,
+ cfg.CAformat, NULL, "CA Certificate");
if (xca == NULL)
goto end;
}
- if (!x509_config.noout || x509_config.text || x509_config.next_serial) {
+ if (!cfg.noout || cfg.text || cfg.next_serial) {
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
out = BIO_new(BIO_s_file());
ERR_print_errors(bio_err);
goto end;
}
- if (x509_config.outfile == NULL) {
+ if (cfg.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
- if (BIO_write_filename(out, x509_config.outfile) <= 0) {
- perror(x509_config.outfile);
+ if (BIO_write_filename(out, cfg.outfile) <= 0) {
+ perror(cfg.outfile);
goto end;
}
}
}
- if (x509_config.alias != NULL) {
- if (!X509_alias_set1(x, (unsigned char *)x509_config.alias, -1))
+ if (cfg.alias != NULL) {
+ if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1))
goto end;
}
- if (x509_config.clrtrust)
+ if (cfg.clrtrust)
X509_trust_clear(x);
- if (x509_config.clrreject)
+ if (cfg.clrreject)
X509_reject_clear(x);
- if (x509_config.trust != NULL) {
- for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) {
- x509_config.objtmp = sk_ASN1_OBJECT_value(
- x509_config.trust, i);
- if (!X509_add1_trust_object(x, x509_config.objtmp))
+ if (cfg.trust != NULL) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(cfg.trust); i++) {
+ cfg.objtmp = sk_ASN1_OBJECT_value(
+ cfg.trust, i);
+ if (!X509_add1_trust_object(x, cfg.objtmp))
goto end;
}
}
- if (x509_config.reject != NULL) {
- for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) {
- x509_config.objtmp = sk_ASN1_OBJECT_value(
- x509_config.reject, i);
- if (!X509_add1_reject_object(x, x509_config.objtmp))
+ if (cfg.reject != NULL) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(cfg.reject); i++) {
+ cfg.objtmp = sk_ASN1_OBJECT_value(
+ cfg.reject, i);
+ if (!X509_add1_reject_object(x, cfg.objtmp))
goto end;
}
}
- if (x509_config.num) {
- for (i = 1; i <= x509_config.num; i++) {
- if (x509_config.issuer == i) {
+ if (cfg.num) {
+ for (i = 1; i <= cfg.num; i++) {
+ if (cfg.issuer == i) {
print_name(STDout, "issuer= ",
X509_get_issuer_name(x),
- x509_config.nmflag);
- } else if (x509_config.subject == i) {
+ cfg.nmflag);
+ } else if (cfg.subject == i) {
print_name(STDout, "subject= ",
X509_get_subject_name(x),
- x509_config.nmflag);
- } else if (x509_config.serial == i) {
+ cfg.nmflag);
+ } else if (cfg.serial == i) {
BIO_printf(STDout, "serial=");
i2a_ASN1_INTEGER(STDout,
X509_get_serialNumber(x));
BIO_printf(STDout, "\n");
- } else if (x509_config.next_serial == i) {
+ } else if (cfg.next_serial == i) {
BIGNUM *bnser;
ASN1_INTEGER *ser;
ser = X509_get_serialNumber(x);
i2a_ASN1_INTEGER(out, ser);
ASN1_INTEGER_free(ser);
BIO_puts(out, "\n");
- } else if ((x509_config.email == i) ||
- (x509_config.ocsp_uri == i)) {
+ } else if ((cfg.email == i) ||
+ (cfg.ocsp_uri == i)) {
int j;
STACK_OF(OPENSSL_STRING) *emlst;
- if (x509_config.email == i)
+ if (cfg.email == i)
emlst = X509_get1_email(x);
else
emlst = X509_get1_ocsp(x);
BIO_printf(STDout, "%s\n",
sk_OPENSSL_STRING_value(emlst, j));
X509_email_free(emlst);
- } else if (x509_config.aliasout == i) {
+ } else if (cfg.aliasout == i) {
unsigned char *albuf;
int buflen;
albuf = X509_alias_get0(x, &buflen);
buflen, albuf);
else
BIO_puts(STDout, "<No Alias>\n");
- } else if (x509_config.subject_hash == i) {
+ } else if (cfg.subject_hash == i) {
BIO_printf(STDout, "%08lx\n",
X509_subject_name_hash(x));
}
#ifndef OPENSSL_NO_MD5
- else if (x509_config.subject_hash_old == i) {
+ else if (cfg.subject_hash_old == i) {
BIO_printf(STDout, "%08lx\n",
X509_subject_name_hash_old(x));
}
#endif
- else if (x509_config.issuer_hash == i) {
+ else if (cfg.issuer_hash == i) {
BIO_printf(STDout, "%08lx\n",
X509_issuer_name_hash(x));
}
#ifndef OPENSSL_NO_MD5
- else if (x509_config.issuer_hash_old == i) {
+ else if (cfg.issuer_hash_old == i) {
BIO_printf(STDout, "%08lx\n",
X509_issuer_name_hash_old(x));
}
#endif
- else if (x509_config.pprint == i) {
+ else if (cfg.pprint == i) {
X509_PURPOSE *ptmp;
int j;
BIO_printf(STDout, "Certificate purposes:\n");
ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp);
}
- } else if (x509_config.modulus == i) {
+ } else if (cfg.modulus == i) {
EVP_PKEY *pkey;
pkey = X509_get0_pubkey(x);
BIO_printf(STDout,
"Wrong Algorithm type");
BIO_printf(STDout, "\n");
- } else if (x509_config.pubkey == i) {
+ } else if (cfg.pubkey == i) {
EVP_PKEY *pkey;
pkey = X509_get0_pubkey(x);
goto end;
}
PEM_write_bio_PUBKEY(STDout, pkey);
- } else if (x509_config.C == i) {
+ } else if (cfg.C == i) {
unsigned char *d;
char *m;
int y, z;
BIO_printf(STDout, "};\n");
free(m);
- } else if (x509_config.text == i) {
- if(!X509_print_ex(STDout, x, x509_config.nmflag,
- x509_config.certflag))
+ } else if (cfg.text == i) {
+ if(!X509_print_ex(STDout, x, cfg.nmflag,
+ cfg.certflag))
goto end;
- } else if (x509_config.startdate == i) {
+ } else if (cfg.startdate == i) {
ASN1_TIME *nB = X509_get_notBefore(x);
BIO_puts(STDout, "notBefore=");
if (ASN1_time_parse(nB->data, nB->length, NULL,
else
ASN1_TIME_print(STDout, nB);
BIO_puts(STDout, "\n");
- } else if (x509_config.enddate == i) {
+ } else if (cfg.enddate == i) {
ASN1_TIME *nA = X509_get_notAfter(x);
BIO_puts(STDout, "notAfter=");
if (ASN1_time_parse(nA->data, nA->length, NULL,
else
ASN1_TIME_print(STDout, nA);
BIO_puts(STDout, "\n");
- } else if (x509_config.fingerprint == i) {
+ } else if (cfg.fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
- const EVP_MD *fdig = x509_config.digest;
+ const EVP_MD *fdig = cfg.digest;
if (fdig == NULL)
fdig = EVP_sha256();
}
/* should be in the library */
- } else if ((x509_config.sign_flag == i) &&
- (x509_config.x509req == 0)) {
+ } else if ((cfg.sign_flag == i) &&
+ (cfg.x509req == 0)) {
BIO_printf(bio_err, "Getting Private key\n");
if (Upkey == NULL) {
Upkey = load_key(bio_err,
- x509_config.keyfile,
- x509_config.keyformat, 0, passin,
+ cfg.keyfile,
+ cfg.keyformat, 0, passin,
"Private key");
if (Upkey == NULL)
goto end;
}
- if (!sign(x, Upkey, x509_config.days,
- x509_config.clrext, x509_config.digest,
- extconf, x509_config.extsect))
+ if (!sign(x, Upkey, cfg.days,
+ cfg.clrext, cfg.digest,
+ extconf, cfg.extsect))
goto end;
- } else if (x509_config.CA_flag == i) {
+ } else if (cfg.CA_flag == i) {
BIO_printf(bio_err, "Getting CA Private Key\n");
- if (x509_config.CAkeyfile != NULL) {
+ if (cfg.CAkeyfile != NULL) {
CApkey = load_key(bio_err,
- x509_config.CAkeyfile,
- x509_config.CAkeyformat, 0, passin,
+ cfg.CAkeyfile,
+ cfg.CAkeyformat, 0, passin,
"CA Private Key");
if (CApkey == NULL)
goto end;
}
- if (!x509_certify(ctx, x509_config.CAfile,
- x509_config.digest, x, xca, CApkey,
- x509_config.sigopts, x509_config.CAserial,
- x509_config.CA_createserial,
- x509_config.days, x509_config.clrext,
- extconf, x509_config.extsect,
- x509_config.sno))
+ if (!x509_certify(ctx, cfg.CAfile,
+ cfg.digest, x, xca, CApkey,
+ cfg.sigopts, cfg.CAserial,
+ cfg.CA_createserial,
+ cfg.days, cfg.clrext,
+ extconf, cfg.extsect,
+ cfg.sno))
goto end;
- } else if (x509_config.x509req == i) {
+ } else if (cfg.x509req == i) {
EVP_PKEY *pk;
BIO_printf(bio_err,
"Getting request Private Key\n");
- if (x509_config.keyfile == NULL) {
+ if (cfg.keyfile == NULL) {
BIO_printf(bio_err,
"no request key file specified\n");
goto end;
} else {
pk = load_key(bio_err,
- x509_config.keyfile,
- x509_config.keyformat, 0, passin,
+ cfg.keyfile,
+ cfg.keyformat, 0, passin,
"request key");
if (pk == NULL)
goto end;
BIO_printf(bio_err,
"Generating certificate request\n");
- rq = X509_to_X509_REQ(x, pk, x509_config.digest);
+ rq = X509_to_X509_REQ(x, pk, cfg.digest);
EVP_PKEY_free(pk);
if (rq == NULL) {
ERR_print_errors(bio_err);
goto end;
}
- if (!x509_config.noout) {
+ if (!cfg.noout) {
if (!X509_REQ_print(out, rq))
goto end;
if (!PEM_write_bio_X509_REQ(out, rq))
goto end;
}
- x509_config.noout = 1;
- } else if (x509_config.ocspid == i) {
+ cfg.noout = 1;
+ } else if (cfg.ocspid == i) {
if (!X509_ocspid_print(out, x))
goto end;
}
}
}
- if (x509_config.checkend) {
- time_t tcheck = time(NULL) + x509_config.checkoffset;
+ if (cfg.checkend) {
+ time_t tcheck = time(NULL) + cfg.checkoffset;
int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck);
if (timecheck == 0) {
BIO_printf(out, "Certificate expiry time is invalid\n");
}
goto end;
}
- if (x509_config.noout) {
+ if (cfg.noout) {
ret = 0;
goto end;
}
- if (x509_config.outformat == FORMAT_ASN1)
+ if (cfg.outformat == FORMAT_ASN1)
i = i2d_X509_bio(out, x);
- else if (x509_config.outformat == FORMAT_PEM) {
- if (x509_config.trustout)
+ else if (cfg.outformat == FORMAT_PEM) {
+ if (cfg.trustout)
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
X509_free(xca);
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
- sk_OPENSSL_STRING_free(x509_config.sigopts);
+ sk_OPENSSL_STRING_free(cfg.sigopts);
X509_REQ_free(rq);
- ASN1_INTEGER_free(x509_config.sno);
- sk_ASN1_OBJECT_pop_free(x509_config.trust, ASN1_OBJECT_free);
- sk_ASN1_OBJECT_pop_free(x509_config.reject, ASN1_OBJECT_free);
+ ASN1_INTEGER_free(cfg.sno);
+ sk_ASN1_OBJECT_pop_free(cfg.trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(cfg.reject, ASN1_OBJECT_free);
free(passin);
return (ret);
*/
X509_STORE_CTX_set_cert(xsc, x);
X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
- if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0)
+ if (!cfg.reqfile && X509_verify_cert(xsc) <= 0)
goto end;
if (!X509_check_private_key(xca, pkey)) {
projects / openbsd / commitdiff