From 124832c3304eb2d137c9f9231439bb6d6cc18cf0 Mon Sep 17 00:00:00 2001 From: tedu Date: Fri, 18 Apr 2014 02:45:26 +0000 Subject: [PATCH] KaboomNF --- lib/libssl/src/apps/app_rand.c | 28 +- lib/libssl/src/apps/apps.c | 513 +++-- lib/libssl/src/apps/asn1pars.c | 57 +- lib/libssl/src/apps/ca.c | 535 +++--- lib/libssl/src/apps/ciphers.c | 28 +- lib/libssl/src/apps/cms.c | 369 ++-- lib/libssl/src/apps/crl.c | 55 +- lib/libssl/src/apps/crl2p7.c | 48 +- lib/libssl/src/apps/dgst.c | 81 +- lib/libssl/src/apps/dh.c | 35 +- lib/libssl/src/apps/dhparam.c | 45 +- lib/libssl/src/apps/dsa.c | 33 +- lib/libssl/src/apps/dsaparam.c | 32 +- lib/libssl/src/apps/ec.c | 56 +- lib/libssl/src/apps/ecparam.c | 549 +++--- lib/libssl/src/apps/enc.c | 873 ++++----- lib/libssl/src/apps/engine.c | 545 +++--- lib/libssl/src/apps/errstr.c | 7 +- lib/libssl/src/apps/gendh.c | 38 +- lib/libssl/src/apps/gendsa.c | 24 +- lib/libssl/src/apps/genpkey.c | 38 +- lib/libssl/src/apps/genrsa.c | 57 +- lib/libssl/src/apps/nseq.c | 72 +- lib/libssl/src/apps/ocsp.c | 1269 ++++++------- lib/libssl/src/apps/openssl.c | 627 +++--- lib/libssl/src/apps/passwd.c | 324 ++-- lib/libssl/src/apps/pkcs12.c | 1315 +++++++------ lib/libssl/src/apps/pkcs7.c | 314 ++- lib/libssl/src/apps/pkcs8.c | 317 ++-- lib/libssl/src/apps/pkey.c | 206 +- lib/libssl/src/apps/pkeyparam.c | 110 +- lib/libssl/src/apps/pkeyutl.c | 418 ++-- lib/libssl/src/apps/prime.c | 155 +- lib/libssl/src/apps/rand.c | 103 +- lib/libssl/src/apps/req.c | 1945 +++++++++---------- lib/libssl/src/apps/rsa.c | 425 ++--- lib/libssl/src/apps/rsautl.c | 185 +- lib/libssl/src/apps/s_cb.c | 98 +- lib/libssl/src/apps/s_client.c | 2199 ++++++++++----------- lib/libssl/src/apps/s_server.c | 3015 ++++++++++++++--------------- lib/libssl/src/apps/s_socket.c | 62 +- lib/libssl/src/apps/s_time.c | 559 +++--- lib/libssl/src/apps/sess_id.c | 338 ++-- lib/libssl/src/apps/smime.c | 688 +++---- lib/libssl/src/apps/speed.c | 3154 +++++++++++++++---------------- lib/libssl/src/apps/spkac.c | 218 ++- lib/libssl/src/apps/srp.c | 779 ++++---- lib/libssl/src/apps/ts.c | 1028 +++++----- lib/libssl/src/apps/verify.c | 351 ++-- lib/libssl/src/apps/version.c | 132 +- lib/libssl/src/apps/x509.c | 1597 ++++++++-------- 51 files changed, 12180 insertions(+), 13869 deletions(-) diff --git a/lib/libssl/src/apps/app_rand.c b/lib/libssl/src/apps/app_rand.c index 0dbec7d595f..0d5b77e1bdb 100644 --- a/lib/libssl/src/apps/app_rand.c +++ b/lib/libssl/src/apps/app_rand.c @@ -120,7 +120,7 @@ static int seeded = 0; static int egdsocket = 0; int -app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) +app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn) { int consider_randfile = (file == NULL); char buffer[200]; @@ -129,8 +129,10 @@ app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) if (file == NULL) file = RAND_file_name(buffer, sizeof buffer); else if (RAND_egd(file) > 0) { - /* we try if the given filename is an EGD socket. - if it is, we don't write anything back to the file. */ + /* + * we try if the given filename is an EGD socket. if it is, + * we don't write anything back to the file. + */ egdsocket = 1; return 1; } @@ -140,8 +142,9 @@ app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) BIO_printf(bio_e, "unable to load 'random state'\n"); BIO_printf(bio_e, "This means that the random number generator has not been seeded\n"); BIO_printf(bio_e, "with much random data.\n"); - if (consider_randfile) /* explanation does not apply when a file is explicitly named */ - { + if (consider_randfile) { /* explanation does not + * apply when a file is + * explicitly named */ BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n"); BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n"); } @@ -165,8 +168,8 @@ app_RAND_load_files(char *name) last = 0; for (p = name; ((*p != '\0') && (*p != ':')); p++); - if (*p == '\0') - last = 1; + if (*p == '\0') + last = 1; *p = '\0'; n = name; name = p + 1; @@ -187,15 +190,16 @@ app_RAND_load_files(char *name) } int -app_RAND_write_file(const char *file, BIO *bio_e) +app_RAND_write_file(const char *file, BIO * bio_e) { char buffer[200]; if (egdsocket || !seeded) - /* If we did not manage to read the seed file, - * we should not write a low-entropy seed file back -- - * it would suppress a crucial warning the next time - * we want to use it. */ + /* + * If we did not manage to read the seed file, we should not + * write a low-entropy seed file back -- it would suppress a + * crucial warning the next time we want to use it. + */ return 0; if (file == NULL) diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c index 7a8618f9bf8..c0130d4cbc0 100644 --- a/lib/libssl/src/apps/apps.c +++ b/lib/libssl/src/apps/apps.c @@ -146,12 +146,13 @@ typedef struct { static UI_METHOD *ui_method = NULL; -static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); -static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); +static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); +static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) /* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file, +static EVP_PKEY * +load_netscape_key(BIO * err, BIO * key, const char *file, const char *key_descrip, int format); #endif @@ -173,7 +174,7 @@ str2fmt(char *s) else if ((*s == 'M') || (*s == 'm')) return (FORMAT_MSBLOB); else if ((*s == '1') || - (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) || + (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0)) return (FORMAT_PKCS12); else if ((*s == 'E') || (*s == 'e')) @@ -201,7 +202,7 @@ program_name(char *in, char *out, int size) } int -chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) +chopup_args(ARGS * arg, char *buf, int *argc, char **argv[]) { int num, i; char *p; @@ -212,7 +213,7 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) i = 0; if (arg->count == 0) { arg->count = 20; - arg->data = (char **)malloc(sizeof(char *)*arg->count); + arg->data = (char **) malloc(sizeof(char *) * arg->count); } for (i = 0; i < arg->count; i++) arg->data[i] = NULL; @@ -232,8 +233,8 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) if (num >= arg->count) { char **tmp_p; int tlen = arg->count + 20; - tmp_p = (char **)realloc(arg->data, - sizeof(char *)*tlen); + tmp_p = (char **) realloc(arg->data, + sizeof(char *) * tlen); if (tmp_p == NULL) return 0; arg->data = tmp_p; @@ -245,16 +246,16 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) arg->data[num++] = p; /* now look for the end of this */ - if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */ - { - i= *(p++); - arg->data[num - 1]++; /* jump over quote */ + if ((*p == '\'') || (*p == '\"')) { /* scan for closing + * quote */ + i = *(p++); + arg->data[num - 1]++; /* jump over quote */ while (*p && (*p != i)) p++; *p = '\0'; } else { while (*p && ((*p != ' ') && - (*p != '\t') && (*p != '\n'))) + (*p != '\t') && (*p != '\n'))) p++; if (*p == '\0') @@ -278,7 +279,8 @@ app_init(long mesgwin) #endif -int dump_cert_text (BIO *out, X509 *x) +int +dump_cert_text(BIO * out, X509 * x) { char *p; @@ -297,22 +299,22 @@ int dump_cert_text (BIO *out, X509 *x) } static int -ui_open(UI *ui) +ui_open(UI * ui) { - return UI_method_get_opener(UI_OpenSSL())(ui); + return UI_method_get_opener(UI_OpenSSL()) (ui); } static int -ui_read(UI *ui, UI_STRING *uis) +ui_read(UI * ui, UI_STRING * uis) { if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: + case UIT_PROMPT: + case UIT_VERIFY: { const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + ((PW_CB_DATA *) UI_get0_user_data(ui))->password; if (password && password[0] != '\0') { UI_set_result(ui, uis, password); return 1; @@ -322,20 +324,20 @@ ui_read(UI *ui, UI_STRING *uis) break; } } - return UI_method_get_reader(UI_OpenSSL())(ui, uis); + return UI_method_get_reader(UI_OpenSSL()) (ui, uis); } static int -ui_write(UI *ui, UI_STRING *uis) +ui_write(UI * ui, UI_STRING * uis) { if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: + case UIT_PROMPT: + case UIT_VERIFY: { const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + ((PW_CB_DATA *) UI_get0_user_data(ui))->password; if (password && password[0] != '\0') return 1; } @@ -343,13 +345,13 @@ ui_write(UI *ui, UI_STRING *uis) break; } } - return UI_method_get_writer(UI_OpenSSL())(ui, uis); + return UI_method_get_writer(UI_OpenSSL()) (ui, uis); } static int -ui_close(UI *ui) +ui_close(UI * ui) { - return UI_method_get_closer(UI_OpenSSL())(ui); + return UI_method_get_closer(UI_OpenSSL()) (ui); } int @@ -374,13 +376,13 @@ destroy_ui_method(void) int password_callback(char *buf, int bufsiz, int verify, - PW_CB_DATA *cb_tmp) + PW_CB_DATA * cb_tmp) { UI *ui = NULL; int res = 0; const char *prompt_info = NULL; const char *password = NULL; - PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; + PW_CB_DATA *cb_data = (PW_CB_DATA *) cb_tmp; if (cb_data) { if (cb_data->password) @@ -388,7 +390,6 @@ password_callback(char *buf, int bufsiz, int verify, if (cb_data->prompt_info) prompt_info = cb_data->prompt_info; } - if (password) { res = strlen(password); if (res > bufsiz) @@ -396,7 +397,6 @@ password_callback(char *buf, int bufsiz, int verify, memcpy(buf, password, res); return res; } - ui = UI_new_method(ui_method); if (ui) { int ok = 0; @@ -414,7 +414,7 @@ password_callback(char *buf, int bufsiz, int verify, ok = UI_add_input_string(ui, prompt, ui_flags, buf, PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { - buff = (char *)malloc(bufsiz); + buff = (char *) malloc(bufsiz); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } @@ -425,21 +425,20 @@ password_callback(char *buf, int bufsiz, int verify, UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (buff) { - OPENSSL_cleanse(buff, (unsigned int)bufsiz); + OPENSSL_cleanse(buff, (unsigned int) bufsiz); free(buff); } - if (ok >= 0) res = strlen(buf); if (ok == -1) { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); + OPENSSL_cleanse(buf, (unsigned int) bufsiz); res = 0; } if (ok == -2) { BIO_printf(bio_err, "aborted!\n"); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); + OPENSSL_cleanse(buf, (unsigned int) bufsiz); res = 0; } UI_free(ui); @@ -448,10 +447,10 @@ password_callback(char *buf, int bufsiz, int verify, return res; } -static char *app_get_pass(BIO *err, char *arg, int keepbio); +static char *app_get_pass(BIO * err, char *arg, int keepbio); int -app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) +app_passwd(BIO * err, char *arg1, char *arg2, char **pass1, char **pass2) { int same; if (!arg2 || !arg1 || strcmp(arg1, arg2)) @@ -474,7 +473,7 @@ app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) } static char * -app_get_pass(BIO *err, char *arg, int keepbio) +app_get_pass(BIO * err, char *arg, int keepbio) { char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; @@ -496,14 +495,14 @@ app_get_pass(BIO *err, char *arg, int keepbio) BIO_printf(err, "Can't open file %s\n", arg + 5); return NULL; } - /* - * Under _WIN32, which covers even Win64 and CE, file - * descriptors referenced by BIO_s_fd are not inherited - * by child process and therefore below is not an option. - * It could have been an option if bss_fd.c was operating - * on real Windows descriptors, such as those obtained - * with CreateFile. - */ + /* + * Under _WIN32, which covers even Win64 and CE, file + * descriptors referenced by BIO_s_fd are not inherited + * by child process and therefore below is not an option. + * It could have been an option if bss_fd.c was operating + * on real Windows descriptors, such as those obtained + * with CreateFile. + */ } else if (!strncmp(arg, "fd:", 3)) { BIO *btmp; i = atoi(arg + 3); @@ -513,7 +512,10 @@ app_get_pass(BIO *err, char *arg, int keepbio) BIO_printf(err, "Can't access file descriptor %s\n", arg + 3); return NULL; } - /* Can't do BIO_gets on an fd BIO so add a buffering BIO */ + /* + * Can't do BIO_gets on an fd BIO so add a buffering + * BIO + */ btmp = BIO_new(BIO_f_buffer()); pwdbio = BIO_push(btmp, pwdbio); } else if (!strcmp(arg, "stdin")) { @@ -543,10 +545,10 @@ app_get_pass(BIO *err, char *arg, int keepbio) } int -add_oid_section(BIO *err, CONF *conf) +add_oid_section(BIO * err, CONF * conf) { char *p; - STACK_OF(CONF_VALUE) *sktmp; + STACK_OF(CONF_VALUE) * sktmp; CONF_VALUE *cnf; int i; if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) { @@ -569,8 +571,8 @@ add_oid_section(BIO *err, CONF *conf) } static int -load_pkcs12(BIO *err, BIO *in, const char *desc, pem_password_cb *pem_cb, - void *cb_data, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) +load_pkcs12(BIO * err, BIO * in, const char *desc, pem_password_cb * pem_cb, + void *cb_data, EVP_PKEY ** pkey, X509 ** cert, STACK_OF(X509) ** ca) { const char *pass; char tpass[PEM_BUFSIZE]; @@ -586,7 +588,7 @@ load_pkcs12(BIO *err, BIO *in, const char *desc, pem_password_cb *pem_cb, pass = ""; else { if (!pem_cb) - pem_cb = (pem_password_cb *)password_callback; + pem_cb = (pem_password_cb *) password_callback; len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); if (len < 0) { BIO_printf(err, "Passpharse callback error for %s\n", @@ -610,7 +612,7 @@ die: } X509 * -load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, +load_cert(BIO * err, const char *file, int format, const char *pass, ENGINE * e, const char *cert_descrip) { X509 *x = NULL; @@ -620,12 +622,11 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, ERR_print_errors(err); goto end; } - if (file == NULL) { #ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(cert, stdin, BIO_NOCLOSE); } else { @@ -645,8 +646,8 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, if (nx == NULL) goto end; - if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, - nx->header->length) != 0)) { + if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data, + nx->header->length) != 0)) { NETSCAPE_X509_free(nx); BIO_printf(err, "Error reading header on certificate\n"); goto end; @@ -656,10 +657,10 @@ load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, NETSCAPE_X509_free(nx); } else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, - (pem_password_cb *)password_callback, NULL); + (pem_password_cb *) password_callback, NULL); else if (format == FORMAT_PKCS12) { if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, - NULL, &x, NULL)) + NULL, &x, NULL)) goto end; } else { BIO_printf(err, "bad input format specified for %s\n", @@ -677,8 +678,8 @@ end: } EVP_PKEY * -load_key(BIO *err, const char *file, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *key_descrip) +load_key(BIO * err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE * e, const char *key_descrip) { BIO *key = NULL; EVP_PKEY *pkey = NULL; @@ -713,9 +714,9 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin, } if (file == NULL && maybe_stdin) { #ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(key, stdin, BIO_NOCLOSE); } else if (BIO_read_filename(key, file) <= 0) { @@ -728,7 +729,7 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin, pkey = d2i_PrivateKey_bio(key, NULL); } else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PrivateKey(key, NULL, - (pem_password_cb *)password_callback, &cb_data); + (pem_password_cb *) password_callback, &cb_data); } #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) @@ -736,15 +737,15 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin, #endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(err, key, key_descrip, - (pem_password_cb *)password_callback, &cb_data, - &pkey, NULL, NULL)) + (pem_password_cb *) password_callback, &cb_data, + &pkey, NULL, NULL)) goto end; } #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) else if (format == FORMAT_MSBLOB) pkey = b2i_PrivateKey_bio(key); else if (format == FORMAT_PVK) - pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback, + pkey = b2i_PVK_bio(key, (pem_password_cb *) password_callback, &cb_data); #endif else { @@ -762,8 +763,8 @@ end: } EVP_PKEY * -load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *key_descrip) +load_pubkey(BIO * err, const char *file, int format, int maybe_stdin, + const char *pass, ENGINE * e, const char *key_descrip) { BIO *key = NULL; EVP_PKEY *pkey = NULL; @@ -793,9 +794,9 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, } if (file == NULL && maybe_stdin) { #ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF +#ifndef OPENSSL_NO_SETVBUF_IONBF setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ #endif BIO_set_fp(key, stdin, BIO_NOCLOSE); } else if (BIO_read_filename(key, file) <= 0) { @@ -821,7 +822,7 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, } else if (format == FORMAT_PEMRSA) { RSA *rsa; rsa = PEM_read_bio_RSAPublicKey(key, NULL, - (pem_password_cb *)password_callback, &cb_data); + (pem_password_cb *) password_callback, &cb_data); if (rsa) { pkey = EVP_PKEY_new(); if (pkey) @@ -833,7 +834,7 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, #endif else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PUBKEY(key, NULL, - (pem_password_cb *)password_callback, &cb_data); + (pem_password_cb *) password_callback, &cb_data); } #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) @@ -857,12 +858,12 @@ end: #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) static EVP_PKEY * -load_netscape_key(BIO *err, BIO *key, const char *file, +load_netscape_key(BIO * err, BIO * key, const char *file, const char *key_descrip, int format) { EVP_PKEY *pkey; BUF_MEM *buf; - RSA *rsa; + RSA *rsa; const unsigned char *p; int size, i; @@ -872,9 +873,9 @@ load_netscape_key(BIO *err, BIO *key, const char *file, if (buf == NULL || pkey == NULL) goto error; for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024*10)) + if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) goto error; - i = BIO_read(key, &(buf->data[size]), 1024*10); + i = BIO_read(key, &(buf->data[size]), 1024 * 10); size += i; if (i == 0) break; @@ -884,8 +885,8 @@ load_netscape_key(BIO *err, BIO *key, const char *file, goto error; } } - p = (unsigned char *)buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, + p = (unsigned char *) buf->data; + rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL, (format == FORMAT_IISSGC ? 1 : 0)); if (rsa == NULL) goto error; @@ -897,16 +898,16 @@ error: EVP_PKEY_free(pkey); return NULL; } -#endif /* ndef OPENSSL_NO_RC4 */ +#endif /* ndef OPENSSL_NO_RC4 */ static int -load_certs_crls(BIO *err, const char *file, int format, const char *pass, - ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, - STACK_OF(X509_CRL) **pcrls) +load_certs_crls(BIO * err, const char *file, int format, const char *pass, + ENGINE * e, const char *desc, STACK_OF(X509) ** pcerts, + STACK_OF(X509_CRL) ** pcrls) { int i; BIO *bio; - STACK_OF(X509_INFO) *xis = NULL; + STACK_OF(X509_INFO) * xis = NULL; X509_INFO *xi; PW_CB_DATA cb_data; int rv = 0; @@ -918,7 +919,6 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass, BIO_printf(err, "bad input format specified for %s\n", desc); return 0; } - if (file == NULL) bio = BIO_new_fp(stdin, BIO_NOCLOSE); else @@ -930,9 +930,8 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass, ERR_print_errors(err); return 0; } - xis = PEM_X509_INFO_read_bio(bio, NULL, - (pem_password_cb *)password_callback, &cb_data); + (pem_password_cb *) password_callback, &cb_data); BIO_free(bio); @@ -941,15 +940,13 @@ load_certs_crls(BIO *err, const char *file, int format, const char *pass, if (!*pcerts) goto end; } - if (pcrls) { *pcrls = sk_X509_CRL_new_null(); if (!*pcrls) goto end; } - for (i = 0; i < sk_X509_INFO_num(xis); i++) { - xi = sk_X509_INFO_value (xis, i); + xi = sk_X509_INFO_value(xis, i); if (xi->x509 && pcerts) { if (!sk_X509_push(*pcerts, xi->x509)) goto end; @@ -989,20 +986,20 @@ end: } STACK_OF(X509) * -load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, +load_certs(BIO * err, const char *file, int format, const char *pass, ENGINE * e, const char *desc) { - STACK_OF(X509) *certs; + STACK_OF(X509) * certs; if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL)) return NULL; return certs; } STACK_OF(X509_CRL) * -load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e, +load_crls(BIO * err, const char *file, int format, const char *pass, ENGINE * e, const char *desc) { - STACK_OF(X509_CRL) *crls; + STACK_OF(X509_CRL) * crls; if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls)) return NULL; return crls; @@ -1025,25 +1022,25 @@ int set_cert_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL cert_tbl[] = { - { "compatible", X509_FLAG_COMPAT, 0xffffffffl}, - { "ca_default", X509_FLAG_CA, 0xffffffffl}, - { "no_header", X509_FLAG_NO_HEADER, 0}, - { "no_version", X509_FLAG_NO_VERSION, 0}, - { "no_serial", X509_FLAG_NO_SERIAL, 0}, - { "no_signame", X509_FLAG_NO_SIGNAME, 0}, - { "no_validity", X509_FLAG_NO_VALIDITY, 0}, - { "no_subject", X509_FLAG_NO_SUBJECT, 0}, - { "no_issuer", X509_FLAG_NO_ISSUER, 0}, - { "no_pubkey", X509_FLAG_NO_PUBKEY, 0}, - { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, - { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, - { "no_aux", X509_FLAG_NO_AUX, 0}, - { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, - { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, - { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { NULL, 0, 0} + {"compatible", X509_FLAG_COMPAT, 0xffffffffl}, + {"ca_default", X509_FLAG_CA, 0xffffffffl}, + {"no_header", X509_FLAG_NO_HEADER, 0}, + {"no_version", X509_FLAG_NO_VERSION, 0}, + {"no_serial", X509_FLAG_NO_SERIAL, 0}, + {"no_signame", X509_FLAG_NO_SIGNAME, 0}, + {"no_validity", X509_FLAG_NO_VALIDITY, 0}, + {"no_subject", X509_FLAG_NO_SUBJECT, 0}, + {"no_issuer", X509_FLAG_NO_ISSUER, 0}, + {"no_pubkey", X509_FLAG_NO_PUBKEY, 0}, + {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, + {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, + {"no_aux", X509_FLAG_NO_AUX, 0}, + {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, + {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, + {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, + {NULL, 0, 0} }; return set_multi_opts(flags, arg, cert_tbl); } @@ -1052,34 +1049,34 @@ int set_name_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL ex_tbl[] = { - { "esc_2253", ASN1_STRFLGS_ESC_2253, 0}, - { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, - { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, - { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, - { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, - { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, - { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, - { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, - { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, - { "dump_der", ASN1_STRFLGS_DUMP_DER, 0}, - { "compat", XN_FLAG_COMPAT, 0xffffffffL}, - { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, - { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, - { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, - { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, - { "dn_rev", XN_FLAG_DN_REV, 0}, - { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, - { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, - { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, - { "align", XN_FLAG_FN_ALIGN, 0}, - { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, - { "space_eq", XN_FLAG_SPC_EQ, 0}, - { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, - { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, - { "oneline", XN_FLAG_ONELINE, 0xffffffffL}, - { "multiline", XN_FLAG_MULTILINE, 0xffffffffL}, - { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, - { NULL, 0, 0} + {"esc_2253", ASN1_STRFLGS_ESC_2253, 0}, + {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, + {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, + {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, + {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, + {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, + {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, + {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, + {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, + {"dump_der", ASN1_STRFLGS_DUMP_DER, 0}, + {"compat", XN_FLAG_COMPAT, 0xffffffffL}, + {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, + {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, + {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, + {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, + {"dn_rev", XN_FLAG_DN_REV, 0}, + {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, + {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, + {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, + {"align", XN_FLAG_FN_ALIGN, 0}, + {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, + {"space_eq", XN_FLAG_SPC_EQ, 0}, + {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, + {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, + {"oneline", XN_FLAG_ONELINE, 0xffffffffL}, + {"multiline", XN_FLAG_MULTILINE, 0xffffffffL}, + {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, + {NULL, 0, 0} }; return set_multi_opts(flags, arg, ex_tbl); } @@ -1099,9 +1096,9 @@ set_ext_copy(int *copy_type, const char *arg) } int -copy_extensions(X509 *x, X509_REQ *req, int copy_type) +copy_extensions(X509 * x, X509_REQ * req, int copy_type) { - STACK_OF(X509_EXTENSION) *exts = NULL; + STACK_OF(X509_EXTENSION) * exts = NULL; X509_EXTENSION *ext, *tmpext; ASN1_OBJECT *obj; int i, idx, ret = 0; @@ -1139,9 +1136,9 @@ end: } static int -set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) +set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl) { - STACK_OF(CONF_VALUE) *vals; + STACK_OF(CONF_VALUE) * vals; CONF_VALUE *val; int i, ret = 1; if (!arg) @@ -1157,7 +1154,7 @@ set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) } static int -set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) +set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl) { char c; const NAME_EX_TBL *ptbl; @@ -1169,7 +1166,8 @@ set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) } else if (c == '+') { c = 1; arg++; - } else c = 1; + } else + c = 1; for (ptbl = in_tbl; ptbl->name; ptbl++) { if (!strcasecmp(arg, ptbl->name)) { @@ -1185,7 +1183,7 @@ set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) } void -print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) +print_name(BIO * out, const char *title, X509_NAME * nm, unsigned long lflags) { char *buf; char mline = 0; @@ -1211,7 +1209,7 @@ print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) } X509_STORE * -setup_verify(BIO *bp, char *CAfile, char *CApath) +setup_verify(BIO * bp, char *CAfile, char *CApath) { X509_STORE *store; X509_LOOKUP *lookup; @@ -1250,7 +1248,7 @@ end: #ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE * -try_load_engine(BIO *err, const char *engine, int debug) +try_load_engine(BIO * err, const char *engine, int debug) { ENGINE *e = ENGINE_by_id("dynamic"); if (e) { @@ -1264,7 +1262,7 @@ try_load_engine(BIO *err, const char *engine, int debug) } ENGINE * -setup_engine(BIO *err, const char *engine, int debug) +setup_engine(BIO * err, const char *engine, int debug) { ENGINE *e = NULL; @@ -1291,7 +1289,6 @@ setup_engine(BIO *err, const char *engine, int debug) ENGINE_free(e); return NULL; } - BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e)); /* Free our "structural" reference. */ @@ -1302,7 +1299,7 @@ setup_engine(BIO *err, const char *engine, int debug) #endif int -load_config(BIO *err, CONF *cnf) +load_config(BIO * err, CONF * cnf) { static int load_config_called = 0; if (load_config_called) @@ -1340,7 +1337,7 @@ make_config_name() } static unsigned long -index_serial_hash(const OPENSSL_CSTRING *a) +index_serial_hash(const OPENSSL_CSTRING * a) { const char *n; @@ -1351,14 +1348,12 @@ index_serial_hash(const OPENSSL_CSTRING *a) } static int -index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) +index_serial_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b) { const char *aa, *bb; - for (aa = a[DB_serial]; *aa == '0'; aa++) - ; - for (bb = b[DB_serial]; *bb == '0'; bb++) - ; + for (aa = a[DB_serial]; *aa == '0'; aa++); + for (bb = b[DB_serial]; *bb == '0'; bb++); return (strcmp(aa, bb)); } @@ -1369,27 +1364,27 @@ index_name_qual(char **a) } static unsigned long -index_name_hash(const OPENSSL_CSTRING *a) +index_name_hash(const OPENSSL_CSTRING * a) { return (lh_strhash(a[DB_name])); } int -index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) +index_name_cmp(const OPENSSL_CSTRING * a, const OPENSSL_CSTRING * b) { return (strcmp(a[DB_name], b[DB_name])); } -static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) - +static +IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) + static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) + static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) + static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 -BIGNUM * -load_serial(char *serialfile, int create, ASN1_INTEGER **retai) + BIGNUM * + load_serial(char *serialfile, int create, ASN1_INTEGER ** retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1404,7 +1399,6 @@ load_serial(char *serialfile, int create, ASN1_INTEGER **retai) ERR_print_errors(bio_err); goto err; } - if (BIO_read_filename(in, serialfile) <= 0) { if (!create) { perror(serialfile); @@ -1440,8 +1434,8 @@ err: } int -save_serial(char *serialfile, char *suffix, BIGNUM *serial, - ASN1_INTEGER **retai) +save_serial(char *serialfile, char *suffix, BIGNUM * serial, + ASN1_INTEGER ** retai) { char buf[1][BSIZE]; BIO *out = NULL; @@ -1457,7 +1451,6 @@ save_serial(char *serialfile, char *suffix, BIGNUM *serial, BIO_printf(bio_err, "file name too long\n"); goto err; } - if (suffix == NULL) BUF_strlcpy(buf[0], serialfile, BSIZE); else @@ -1474,7 +1467,6 @@ save_serial(char *serialfile, char *suffix, BIGNUM *serial, perror(serialfile); goto err; } - if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) { BIO_printf(bio_err, "error converting serial to ASN.1 format\n"); goto err; @@ -1508,7 +1500,6 @@ rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) BIO_printf(bio_err, "file name too long\n"); goto err; } - (void) snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); (void) snprintf(buf[1], sizeof buf[1], "%s.%s", @@ -1521,7 +1512,7 @@ rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", serialfile, buf[1]); @@ -1546,7 +1537,7 @@ err: } int -rand_serial(BIGNUM *b, ASN1_INTEGER *ai) +rand_serial(BIGNUM * b, ASN1_INTEGER * ai) { BIGNUM *btmp; int ret = 0; @@ -1573,7 +1564,7 @@ error: } CA_DB * -load_index(char *dbfile, DB_ATTR *db_attr) +load_index(char *dbfile, DB_ATTR * db_attr) { CA_DB *retdb = NULL; TXT_DB *tmpdb = NULL; @@ -1599,20 +1590,18 @@ load_index(char *dbfile, DB_ATTR *db_attr) if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { if (errorline > 0) { BIO_printf(bio_err, - "error on line %ld of db attribute file '%s'\n" - , errorline, buf[0]); + "error on line %ld of db attribute file '%s'\n" + ,errorline, buf[0]); goto err; } else { NCONF_free(dbattr_conf); dbattr_conf = NULL; } } - if ((retdb = malloc(sizeof(CA_DB))) == NULL) { fprintf(stderr, "Out of memory\n"); goto err; } - retdb->db = tmpdb; tmpdb = NULL; if (db_attr) @@ -1630,7 +1619,6 @@ load_index(char *dbfile, DB_ATTR *db_attr) retdb->attributes.unique_subject = parse_yesno(p, 1); } } - err: if (dbattr_conf) NCONF_free(dbattr_conf); @@ -1642,20 +1630,19 @@ err: } int -index_index(CA_DB *db) +index_index(CA_DB * db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, - LHASH_HASH_FN(index_serial), - LHASH_COMP_FN(index_serial))) { + LHASH_HASH_FN(index_serial), + LHASH_COMP_FN(index_serial))) { BIO_printf(bio_err, "error creating serial number index:(%ld,%ld,%ld)\n", db->db->error, db->db->arg1, db->db->arg2); return 0; } - if (db->attributes.unique_subject && !TXT_DB_create_index(db->db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) { + LHASH_HASH_FN(index_name), LHASH_COMP_FN(index_name))) { BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n", db->db->error, db->db->arg1, db->db->arg2); return 0; @@ -1664,7 +1651,7 @@ index_index(CA_DB *db) } int -save_index(const char *dbfile, const char *suffix, CA_DB *db) +save_index(const char *dbfile, const char *suffix, CA_DB * db) { char buf[3][BSIZE]; BIO *out = BIO_new(BIO_s_file()); @@ -1674,13 +1661,11 @@ save_index(const char *dbfile, const char *suffix, CA_DB *db) ERR_print_errors(bio_err); goto err; } - j = strlen(dbfile) + strlen(suffix); if (j + 6 >= BSIZE) { BIO_printf(bio_err, "file name too long\n"); goto err; } - (void) snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); (void) snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); (void) snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); @@ -1730,7 +1715,6 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) BIO_printf(bio_err, "file name too long\n"); goto err; } - (void) snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); (void) snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); @@ -1748,7 +1732,7 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]); @@ -1775,7 +1759,7 @@ rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]); @@ -1805,7 +1789,7 @@ err: } void -free_index(CA_DB *db) +free_index(CA_DB * db) { if (db) { if (db->db) @@ -1820,18 +1804,18 @@ parse_yesno(const char *str, int def) int ret = def; if (str) { switch (*str) { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - case '0': /* 0 */ + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ ret = 0; break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - case '1': /* 1 */ + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ ret = 1; break; default: @@ -1849,12 +1833,15 @@ parse_yesno(const char *str, int def) X509_NAME * parse_name(char *subject, long chtype, int multirdn) { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + size_t buflen = strlen(subject) + 1; /* to copy the types and + * values into. due to + * escaping, the copy can + * only become shorter */ char *buf = malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = malloc(max_ne * sizeof (char *)); - char **ne_values = malloc(max_ne * sizeof (char *)); - int *mval = malloc (max_ne * sizeof (int)); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = malloc(max_ne * sizeof(char *)); + char **ne_values = malloc(max_ne * sizeof(char *)); + int *mval = malloc(max_ne * sizeof(int)); char *sp = subject, *bp = buf; int i, ne_num = 0; @@ -1866,12 +1853,11 @@ parse_name(char *subject, long chtype, int multirdn) BIO_printf(bio_err, "malloc error\n"); goto error; } - if (*subject != '/') { BIO_printf(bio_err, "Subject does not start with '/'.\n"); goto error; } - sp++; /* skip leading / */ + sp++; /* skip leading / */ /* no multivalued RDN by default */ mval[ne_num] = 0; @@ -1880,8 +1866,8 @@ parse_name(char *subject, long chtype, int multirdn) /* collect type */ ne_types[ne_num] = bp; while (*sp) { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { + if (*sp == '\\') { /* is there anything to + * escape in the type...? */ if (*++sp) *bp++ = *sp++; else { @@ -1933,13 +1919,11 @@ parse_name(char *subject, long chtype, int multirdn) BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); continue; } - if (!*ne_values[i]) { BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); continue; } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1, -1, mval[i])) + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *) ne_values[i], -1, -1, mval[i])) goto error; } @@ -1964,7 +1948,7 @@ error: int args_verify(char ***pargs, int *pargc, - int *badarg, BIO *err, X509_VERIFY_PARAM **pm) + int *badarg, BIO * err, X509_VERIFY_PARAM ** pm) { ASN1_OBJECT *otmp = NULL; unsigned long flags = 0; @@ -2016,8 +2000,10 @@ args_verify(char ***pargs, int *pargc, *badarg = 1; else { long timestamp; - /* interpret the -attime argument as seconds since - * Epoch */ + /* + * interpret the -attime argument as seconds since + * Epoch + */ if (sscanf(argn, "%li", ×tamp) != 1) { BIO_printf(bio_err, "Error parsing timestamp %s\n", @@ -2033,9 +2019,9 @@ args_verify(char ***pargs, int *pargc, else if (!strcmp(arg, "-issuer_checks")) flags |= X509_V_FLAG_CB_ISSUER_CHECK; else if (!strcmp(arg, "-crl_check")) - flags |= X509_V_FLAG_CRL_CHECK; + flags |= X509_V_FLAG_CRL_CHECK; else if (!strcmp(arg, "-crl_check_all")) - flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL; else if (!strcmp(arg, "-policy_check")) flags |= X509_V_FLAG_POLICY_CHECK; else if (!strcmp(arg, "-explicit_policy")) @@ -2063,12 +2049,10 @@ args_verify(char ***pargs, int *pargc, *pm = NULL; goto end; } - if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) { *badarg = 1; goto end; } - if (otmp) X509_VERIFY_PARAM_add0_policy(*pm, otmp); if (flags) @@ -2097,7 +2081,7 @@ end: */ int -bio_to_mem(unsigned char **out, int maxlen, BIO *in) +bio_to_mem(unsigned char **out, int maxlen, BIO * in) { BIO *mem; int len, ret; @@ -2122,14 +2106,14 @@ bio_to_mem(unsigned char **out, int maxlen, BIO *in) if (maxlen == 0) break; } - ret = BIO_get_mem_data(mem, (char **)out); + ret = BIO_get_mem_data(mem, (char **) out); BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); BIO_free(mem); return ret; } int -pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) +pkey_ctrl_string(EVP_PKEY_CTX * ctx, char *value) { int rv; char *stmp, *vtmp = NULL; @@ -2147,7 +2131,7 @@ pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) } static void -nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes) +nodes_print(BIO * out, const char *name, STACK_OF(X509_POLICY_NODE) * nodes) { X509_POLICY_NODE *node; int i; @@ -2163,7 +2147,7 @@ nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes) } void -policies_print(BIO *out, X509_STORE_CTX *ctx) +policies_print(BIO * out, X509_STORE_CTX * ctx) { X509_POLICY_TREE *tree; int explicit_policy; @@ -2203,7 +2187,7 @@ jpake_init(const char *us, const char *them, q = BN_new(); BN_rshift1(q, p); - BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret); + BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret); ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); BN_free(bnsecret); @@ -2215,7 +2199,7 @@ jpake_init(const char *us, const char *them, } static void -jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) +jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p) { BN_print(conn, p->gx); BIO_puts(conn, "\n"); @@ -2226,7 +2210,7 @@ jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) } static void -jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) +jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx) { JPAKE_STEP1 s1; @@ -2234,48 +2218,48 @@ jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP1_generate(&s1, ctx); jpake_send_part(bconn, &s1.p1); jpake_send_part(bconn, &s1.p2); - (void)BIO_flush(bconn); + (void) BIO_flush(bconn); JPAKE_STEP1_release(&s1); } static void -jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx) +jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx) { JPAKE_STEP2 s2; JPAKE_STEP2_init(&s2); JPAKE_STEP2_generate(&s2, ctx); jpake_send_part(bconn, &s2); - (void)BIO_flush(bconn); + (void) BIO_flush(bconn); JPAKE_STEP2_release(&s2); } static void -jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) +jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx) { JPAKE_STEP3A s3a; JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_generate(&s3a, ctx); BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); - (void)BIO_flush(bconn); + (void) BIO_flush(bconn); JPAKE_STEP3A_release(&s3a); } static void -jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) +jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx) { JPAKE_STEP3B s3b; JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_generate(&s3b, ctx); BIO_write(bconn, s3b.hk, sizeof s3b.hk); - (void)BIO_flush(bconn); + (void) BIO_flush(bconn); JPAKE_STEP3B_release(&s3b); } static void -readbn(BIGNUM **bn, BIO *bconn) +readbn(BIGNUM ** bn, BIO * bconn) { char buf[10240]; int l; @@ -2288,7 +2272,7 @@ readbn(BIGNUM **bn, BIO *bconn) } static void -jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) +jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn) { readbn(&p->gx, bconn); readbn(&p->zkpx.gr, bconn); @@ -2296,7 +2280,7 @@ jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) } static void -jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) +jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn) { JPAKE_STEP1 s1; @@ -2311,7 +2295,7 @@ jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) } static void -jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) +jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn) { JPAKE_STEP2 s2; @@ -2325,7 +2309,7 @@ jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) } static void -jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) +jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn) { JPAKE_STEP3A s3a; int l; @@ -2341,7 +2325,7 @@ jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) } static void -jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) +jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn) { JPAKE_STEP3B s3b; int l; @@ -2357,7 +2341,7 @@ jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) } void -jpake_client_auth(BIO *out, BIO *conn, const char *secret) +jpake_client_auth(BIO * out, BIO * conn, const char *secret) { JPAKE_CTX *ctx; BIO *bconn; @@ -2387,7 +2371,7 @@ jpake_client_auth(BIO *out, BIO *conn, const char *secret) } void -jpake_server_auth(BIO *out, BIO *conn, const char *secret) +jpake_server_auth(BIO * out, BIO * conn, const char *secret) { JPAKE_CTX *ctx; BIO *bconn; @@ -2457,7 +2441,8 @@ next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ +#endif /* !OPENSSL_NO_TLSEXT && + * !OPENSSL_NO_NEXTPROTONEG */ /* * Platform-specific sections @@ -2470,10 +2455,10 @@ next_protos_parse(unsigned short *outlen, const char *in) double app_tminterval(int stop, int usertime) { - double ret = 0; - struct tms rus; - clock_t now = times(&rus); - static clock_t tmstart; + double ret = 0; + struct tms rus; + clock_t now = times(&rus); + static clock_t tmstart; if (usertime) now = rus.tms_utime; @@ -2482,7 +2467,7 @@ app_tminterval(int stop, int usertime) tmstart = now; else { long int tck = sysconf(_SC_CLK_TCK); - ret = (now - tmstart)/(double)tck; + ret = (now - tmstart) / (double) tck; } return (ret); @@ -2495,9 +2480,9 @@ app_tminterval(int stop, int usertime) double app_tminterval(int stop, int usertime) { - double ret = 0; - struct rusage rus; - struct timeval now; + double ret = 0; + struct rusage rus; + struct timeval now; static struct timeval tmstart; if (usertime) @@ -2518,11 +2503,11 @@ app_tminterval(int stop, int usertime) /* app_isdir section */ #include #ifndef S_ISDIR -# if defined(_S_IFMT) && defined(_S_IFDIR) -# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) -# else -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif +#if defined(_S_IFMT) && defined(_S_IFDIR) +#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +#else +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif #endif int @@ -2536,7 +2521,7 @@ app_isdir(const char *name) else return -1; #else - return -1; + return -1; #endif } diff --git a/lib/libssl/src/apps/asn1pars.c b/lib/libssl/src/apps/asn1pars.c index 95fc88d6443..f11f1676f0d 100644 --- a/lib/libssl/src/apps/asn1pars.c +++ b/lib/libssl/src/apps/asn1pars.c @@ -82,7 +82,7 @@ int MAIN(int, char **); -static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); +static int do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf); int MAIN(int argc, char **argv) @@ -97,7 +97,7 @@ MAIN(int argc, char **argv) unsigned char *tmpbuf; const unsigned char *ctmpbuf; BUF_MEM *buf = NULL; - STACK_OF(OPENSSL_STRING) *osk = NULL; + STACK_OF(OPENSSL_STRING) * osk = NULL; ASN1_TYPE *at = NULL; informat = FORMAT_PEM; @@ -106,7 +106,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -126,19 +126,19 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - derfile= *(++argv); + derfile = *(++argv); } else if (strcmp(*argv, "-i") == 0) { indent = 1; - } else - if (strcmp(*argv, "-noout") == 0) noout = 1; - else if (strcmp(*argv, "-oid") == 0) { + } else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-oid") == 0) { if (--argc < 1) goto bad; - oidfile= *(++argv); + oidfile = *(++argv); } else if (strcmp(*argv, "-offset") == 0) { if (--argc < 1) goto bad; @@ -164,11 +164,11 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-genstr") == 0) { if (--argc < 1) goto bad; - genstr= *(++argv); + genstr = *(++argv); } else if (strcmp(*argv, "-genconf") == 0) { if (--argc < 1) goto bad; - genconf= *(++argv); + genconf = *(++argv); } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; @@ -199,7 +199,6 @@ bad: BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n"); goto end; } - ERR_load_crypto_strings(); in = BIO_new(BIO_s_file()); @@ -208,7 +207,7 @@ bad: ERR_print_errors(bio_err); goto end; } - BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); if (oidfile != NULL) { if (BIO_read_filename(in, oidfile) <= 0) { @@ -218,7 +217,6 @@ bad: } OBJ_create_objects(in); } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -235,11 +233,10 @@ bad: goto end; } } - if ((buf = BUF_MEM_new()) == NULL) goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) - goto end; /* Pre-allocate :-) */ + goto end; /* Pre-allocate :-) */ if (genstr || genconf) { num = do_generate(bio_err, genstr, genconf, buf); @@ -259,10 +256,9 @@ bad: in = b64; b64 = tmp; } - num = 0; for (;;) { - if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) + if (!BUF_MEM_grow(buf, (int) num + BUFSIZ)) goto end; i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) @@ -275,7 +271,7 @@ bad: /* If any structs to parse go through in sequence */ if (sk_OPENSSL_STRING_num(osk)) { - tmpbuf = (unsigned char *)str; + tmpbuf = (unsigned char *) str; tmplen = num; for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { ASN1_TYPE *atmp; @@ -310,28 +306,26 @@ bad: tmpbuf = at->value.asn1_string->data; tmplen = at->value.asn1_string->length; } - str = (char *)tmpbuf; + str = (char *) tmpbuf; num = tmplen; } - if (offset >= num) { BIO_printf(bio_err, "Error: offset too large\n"); goto end; } - num -= offset; - if ((length == 0) || ((long)length > num)) - length = (unsigned int)num; + if ((length == 0) || ((long) length > num)) + length = (unsigned int) num; if (derout) { - if (BIO_write(derout, str + offset, length) != (int)length) { + if (BIO_write(derout, str + offset, length) != (int) length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } if (!noout && - !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length, + !ASN1_parse_dump(out, (unsigned char *) &(str[offset]), length, indent, dump)) { ERR_print_errors(bio_err); goto end; @@ -355,11 +349,11 @@ end: sk_OPENSSL_STRING_free(osk); OBJ_cleanup(); apps_shutdown(); - return(ret); + return (ret); } static int -do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) +do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf) { CONF *cnf = NULL; int len; @@ -378,7 +372,6 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) goto err; } } - atyp = ASN1_generate_nconf(genstr, cnf); NCONF_free(cnf); cnf = NULL; @@ -394,14 +387,14 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) if (!BUF_MEM_grow(buf, len)) goto err; - p = (unsigned char *)buf->data; + p = (unsigned char *) buf->data; i2d_ASN1_TYPE(atyp, &p); ASN1_TYPE_free(atyp); return len; - conferr: +conferr: if (errline > 0) BIO_printf(bio, "Error on line %ld of config file '%s'\n", @@ -409,7 +402,7 @@ do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) else BIO_printf(bio, "Error loading config file '%s'\n", genconf); - err: +err: NCONF_free(cnf); ASN1_TYPE_free(atyp); diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c index 0bef50be764..6396249673c 100644 --- a/lib/libssl/src/apps/ca.c +++ b/lib/libssl/src/apps/ca.c @@ -77,16 +77,16 @@ #include #ifndef W_OK -# include +#include #endif #include "apps.h" #ifndef W_OK -# define F_OK 0 -# define X_OK 1 -# define W_OK 2 -# define R_OK 4 +#define F_OK 0 +#define X_OK 1 +#define W_OK 2 +#define R_OK 4 #endif #undef PROG @@ -189,53 +189,56 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(const char *name, const char *tag); -static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, +static int +certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, CONF *conf, + char *enddate, long days, int batch, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); -static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, + STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, CONF *conf, + char *enddate, long days, int batch, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy, ENGINE *e); -static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + int ext_copy, ENGINE * e); + static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, + STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, char *ext_sect, CONF *conf, int verbose, + char *enddate, long days, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); -static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, + static void write_new_certificate(BIO * bp, X509 * x, int output_der, int notext); + static int do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst, + STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, CA_DB * db, + BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, - int verbose, X509_REQ *req, char *ext_sect, CONF *conf, + int verbose, X509_REQ * req, char *ext_sect, CONF * conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); -static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); -static int get_certificate_status(const char *ser_status, CA_DB *db); -static int do_updatedb(CA_DB *db); -static int check_time_format(const char *str); -char *make_revocation_str(int rev_type, char *rev_arg); -int make_revoked(X509_REVOKED *rev, const char *str); -int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); -static CONF *conf = NULL; -static CONF *extconf = NULL; -static char *section = NULL; + static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval); + static int get_certificate_status(const char *ser_status, CA_DB * db); + static int do_updatedb(CA_DB * db); + static int check_time_format(const char *str); + char *make_revocation_str(int rev_type, char *rev_arg); + int make_revoked(X509_REVOKED * rev, const char *str); + int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str); + static CONF *conf = NULL; + static CONF *extconf = NULL; + static char *section = NULL; -static int preserve = 0; -static int msie_hack = 0; + static int preserve = 0; + static int msie_hack = 0; -int MAIN(int, char **); + int MAIN(int, char **); -int -MAIN(int argc, char **argv) + int + MAIN(int argc, char **argv) { ENGINE *e = NULL; char *key = NULL, *passargin = NULL; @@ -302,12 +305,12 @@ MAIN(int argc, char **argv) ASN1_INTEGER *tmpser; char *f; const char *p; - char * const *pp; + char *const * pp; int i, j; const EVP_MD *dgst = NULL; - STACK_OF(CONF_VALUE) *attribs = NULL; - STACK_OF(X509) *cert_sk = NULL; - STACK_OF(OPENSSL_STRING) *sigopts = NULL; + STACK_OF(CONF_VALUE) * attribs = NULL; + STACK_OF(X509) * cert_sk = NULL; + STACK_OF(OPENSSL_STRING) * sigopts = NULL; #undef BSIZE #define BSIZE 256 char buf[3][BSIZE]; @@ -334,7 +337,7 @@ MAIN(int argc, char **argv) msie_hack = 0; if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); argc--; argv++; @@ -344,15 +347,15 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-config") == 0) { if (--argc < 1) goto bad; - configfile= *(++argv); + configfile = *(++argv); } else if (strcmp(*argv, "-name") == 0) { if (--argc < 1) goto bad; - section= *(++argv); + section = *(++argv); } else if (strcmp(*argv, "-subj") == 0) { if (--argc < 1) goto bad; - subj= *(++argv); + subj = *(++argv); /* preserve=1; */ } else if (strcmp(*argv, "-utf8") == 0) chtype = MBSTRING_UTF8; @@ -363,11 +366,11 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-startdate") == 0) { if (--argc < 1) goto bad; - startdate= *(++argv); + startdate = *(++argv); } else if (strcmp(*argv, "-enddate") == 0) { if (--argc < 1) goto bad; - enddate= *(++argv); + enddate = *(++argv); } else if (strcmp(*argv, "-days") == 0) { if (--argc < 1) goto bad; @@ -375,47 +378,46 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-md") == 0) { if (--argc < 1) goto bad; - md= *(++argv); + md = *(++argv); } else if (strcmp(*argv, "-policy") == 0) { if (--argc < 1) goto bad; - policy= *(++argv); + policy = *(++argv); } else if (strcmp(*argv, "-keyfile") == 0) { if (--argc < 1) goto bad; - keyfile= *(++argv); - } - else if (strcmp(*argv, "-keyform") == 0) { + keyfile = *(++argv); + } else if (strcmp(*argv, "-keyform") == 0) { if (--argc < 1) goto bad; keyform = str2fmt(*(++argv)); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; - passargin= *(++argv); + passargin = *(++argv); } else if (strcmp(*argv, "-key") == 0) { if (--argc < 1) goto bad; - key= *(++argv); + key = *(++argv); } else if (strcmp(*argv, "-cert") == 0) { if (--argc < 1) goto bad; - certfile= *(++argv); + certfile = *(++argv); } else if (strcmp(*argv, "-selfsign") == 0) selfsign = 1; else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); req = 1; } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-outdir") == 0) { if (--argc < 1) goto bad; - outdir= *(++argv); + outdir = *(++argv); } else if (strcmp(*argv, "-sigopt") == 0) { if (--argc < 1) goto bad; @@ -465,26 +467,26 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-revoke") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); dorevoke = 1; } else if (strcmp(*argv, "-extensions") == 0) { if (--argc < 1) goto bad; - extensions= *(++argv); + extensions = *(++argv); } else if (strcmp(*argv, "-extfile") == 0) { if (--argc < 1) goto bad; - extfile= *(++argv); + extfile = *(++argv); } else if (strcmp(*argv, "-status") == 0) { if (--argc < 1) goto bad; - ser_status= *(++argv); + ser_status = *(++argv); } else if (strcmp(*argv, "-updatedb") == 0) { doupdatedb = 1; } else if (strcmp(*argv, "-crlexts") == 0) { if (--argc < 1) goto bad; - crl_ext= *(++argv); + crl_ext = *(++argv); } else if (strcmp(*argv, "-crl_reason") == 0) { if (--argc < 1) goto bad; @@ -510,11 +512,11 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else { -bad: + bad: BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; @@ -530,7 +532,6 @@ bad: BIO_printf(bio_err, "%s", *pp2); goto err; } - ERR_load_crypto_strings(); /*****************************************************************/ @@ -550,7 +551,6 @@ bad: BUF_strlcat(tofree, CONFIG_FILE, len); configfile = tofree; } - BIO_printf(bio_err, "Using configuration from %s\n", configfile); conf = NCONF_new(NULL); if (NCONF_load(conf, configfile, &errorline) <= 0) { @@ -559,14 +559,13 @@ bad: configfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n" - , errorline, configfile); + ,errorline, configfile); goto err; } if (tofree) { free(tofree); tofree = NULL; } - if (!load_config(bio_err, conf)) goto err; @@ -582,7 +581,6 @@ bad: goto err; } } - if (conf != NULL) { p = NCONF_get_string(conf, NULL, "oid_file"); if (p == NULL) @@ -607,7 +605,6 @@ bad: goto err; } } - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -621,15 +618,13 @@ bad: BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); goto err; } - - if (chtype != MBSTRING_UTF8){ + if (chtype != MBSTRING_UTF8) { f = NCONF_get_string(conf, section, UTF8_IN); if (!f) ERR_clear_error(); else if (!strcmp(f, "yes")) chtype = MBSTRING_UTF8; } - db_attr.unique_subject = 1; p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { @@ -656,7 +651,6 @@ bad: ERR_print_errors(bio_err); goto err; } - /*****************************************************************/ /* report status of cert with serial number given on command line */ if (ser_status) { @@ -676,12 +670,11 @@ bad: ser_status); goto err; } - /*****************************************************************/ /* we definitely need a private key, so let's get it */ if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf, - section, ENV_PRIVATE_KEY)) == NULL)) { + section, ENV_PRIVATE_KEY)) == NULL)) { lookup_fail(section, ENV_PRIVATE_KEY); goto err; } @@ -699,13 +692,12 @@ bad: /* load_key() has already printed an appropriate message */ goto err; } - /*****************************************************************/ /* we need a certificate */ if (!selfsign || spkac_file || ss_cert_file || gencrl) { if ((certfile == NULL) && ((certfile = NCONF_get_string(conf, - section, ENV_CERTIFICATE)) == NULL)) { + section, ENV_CERTIFICATE)) == NULL)) { lookup_fail(section, ENV_CERTIFICATE); goto err; } @@ -770,34 +762,32 @@ bad: if ((outdir == NULL) && (req)) { if ((outdir = NCONF_get_string(conf, section, - ENV_NEW_CERTS_DIR)) == NULL) { + ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n"); goto err; } - /* outdir is a directory spec, but access() for VMS demands a - filename. In any case, stat(), below, will catch the problem - if outdir is not a directory spec, and the fopen() or open() - will catch an error if there is no write access. - - Presumably, this problem could also be solved by using the DEC - C routines to convert the directory syntax to Unixly, and give - that to access(). However, time's too short to do that just - now. - */ - if (access(outdir, R_OK|W_OK|X_OK) != 0) - { + /* + * outdir is a directory spec, but access() for VMS demands a + * filename. In any case, stat(), below, will catch the + * problem if outdir is not a directory spec, and the fopen() + * or open() will catch an error if there is no write access. + * + * Presumably, this problem could also be solved by using the + * DEC C routines to convert the directory syntax to Unixly, + * and give that to access(). However, time's too short to + * do that just now. + */ + if (access(outdir, R_OK | W_OK | X_OK) != 0) { BIO_printf(bio_err, "I am unable to access the %s directory\n", outdir); perror(outdir); goto err; } - if (app_isdir(outdir) <= 0) { BIO_printf(bio_err, "%s need to be a directory\n", outdir); perror(outdir); goto err; } } - /*****************************************************************/ /* we need to load the database file */ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { @@ -813,16 +803,16 @@ bad: pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { - BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i+1); + BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i + 1); goto err; } if ((pp[DB_type][0] == DB_TYPE_REV) && !make_revoked(NULL, pp[DB_rev_date])) { - BIO_printf(bio_err, " in entry %d\n", i+1); + BIO_printf(bio_err, " in entry %d\n", i + 1); goto err; } - if (!check_time_format((char *)pp[DB_exp_date])) { - BIO_printf(bio_err, "entry %d: invalid expiry date\n", i+1); + if (!check_time_format((char *) pp[DB_exp_date])) { + BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1); goto err; } p = pp[DB_serial]; @@ -831,28 +821,27 @@ bad: p++; j--; } - if ((j&1) || (j < 2)) { - BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i+1, j); + if ((j & 1) || (j < 2)) { + BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i + 1, j); goto err; } while (*p) { - if (!( ((*p >= '0') && (*p <= '9')) || - ((*p >= 'A') && (*p <= 'F')) || - ((*p >= 'a') && (*p <= 'f'))) ) { - BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i+1, (long)(p-pp[DB_serial]), *p); + if (!(((*p >= '0') && (*p <= '9')) || + ((*p >= 'A') && (*p <= 'F')) || + ((*p >= 'a') && (*p <= 'f')))) { + BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i + 1, (long) (p - pp[DB_serial]), *p); goto err; } p++; } } if (verbose) { - BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */ TXT_DB_write(out, db->db); BIO_printf(bio_err, "%d entries loaded from the database\n", sk_OPENSSL_PSTRING_num(db->db->data)); BIO_printf(bio_err, "generating index\n"); } - if (!index_index(db)) goto err; @@ -868,7 +857,8 @@ bad: BIO_printf(bio_err, "Malloc failure\n"); goto err; } else if (i == 0) { - if (verbose) BIO_printf(bio_err, + if (verbose) + BIO_printf(bio_err, "No entries found to mark expired\n"); } else { if (!save_index(dbfile, "new", db)) @@ -877,11 +867,11 @@ bad: if (!rotate_index(dbfile, "new", "old")) goto err; - if (verbose) BIO_printf(bio_err, + if (verbose) + BIO_printf(bio_err, "Done. %d entries marked as expired\n", i); } } - /*****************************************************************/ /* Read extentions config file */ if (extfile) { @@ -892,11 +882,10 @@ bad: extfile); else BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", - errorline, extfile); + errorline, extfile); ret = 1; goto err; } - if (verbose) BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); @@ -904,7 +893,6 @@ bad: if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) extensions = "default"; } - /*****************************************************************/ if (req || gencrl) { if (outfile != NULL) { @@ -913,33 +901,29 @@ bad: goto err; } } else { - BIO_set_fp(Sout, stdout, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); } } - if ((md == NULL) && ((md = NCONF_get_string(conf, - section, ENV_DEFAULT_MD)) == NULL)) { + section, ENV_DEFAULT_MD)) == NULL)) { lookup_fail(section, ENV_DEFAULT_MD); goto err; } - if (!strcmp(md, "default")) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { BIO_puts(bio_err, "no default digest\n"); goto err; } - md = (char *)OBJ_nid2sn(def_nid); + md = (char *) OBJ_nid2sn(def_nid); } - if ((dgst = EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); goto err; } - if (req) { if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf, - section, ENV_DEFAULT_EMAIL_DN)) != NULL )) { + section, ENV_DEFAULT_EMAIL_DN)) != NULL)) { if (strcmp(tmp_email_dn, "no") == 0) email_dn = 0; } @@ -947,7 +931,7 @@ bad: BIO_printf(bio_err, "message digest is %s\n", OBJ_nid2ln(dgst->type)); if ((policy == NULL) && ((policy = NCONF_get_string(conf, - section, ENV_POLICY)) == NULL)) { + section, ENV_POLICY)) == NULL)) { lookup_fail(section, ENV_POLICY); goto err; } @@ -955,14 +939,15 @@ bad: BIO_printf(bio_err, "policy is %s\n", policy); if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL)) - == NULL) { + == NULL) { lookup_fail(section, ENV_SERIAL); goto err; } - if (!extconf) { - /* no '-extfile' option, so we look for extensions - * in the main configuration file */ + /* + * no '-extfile' option, so we look for extensions in + * the main configuration file + */ if (!extensions) { extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS); @@ -975,7 +960,7 @@ bad: X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, - NULL)) { + NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); @@ -984,7 +969,6 @@ bad: } } } - if (startdate == NULL) { startdate = NCONF_get_string(conf, section, ENV_DEFAULT_STARTDATE); @@ -996,7 +980,7 @@ bad: goto err; } if (startdate == NULL) - startdate="today"; + startdate = "today"; if (enddate == NULL) { enddate = NCONF_get_string(conf, section, @@ -1008,7 +992,6 @@ bad: BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto err; } - if (days == 0) { if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) days = 0; @@ -1017,7 +1000,6 @@ bad: BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); goto err; } - if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { BIO_printf(bio_err, "error while loading serial number\n"); goto err; @@ -1032,12 +1014,10 @@ bad: free(f); } } - if ((attribs = NCONF_get_section(conf, policy)) == NULL) { BIO_printf(bio_err, "unable to find 'section' for %s\n", policy); goto err; } - if ((cert_sk = sk_X509_new_null()) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; @@ -1123,14 +1103,15 @@ bad: } } } - /* we have a stack of newly certified certificates - * and a data base and serial number that need - * updating */ + /* + * we have a stack of newly certified certificates and a data + * base and serial number that need updating + */ if (sk_X509_num(cert_sk) > 0) { if (!batch) { BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total); - (void)BIO_flush(bio_err); + (void) BIO_flush(bio_err); buf[0][0] = '\0'; if (!fgets(buf[0], 10, stdin)) { BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); @@ -1143,7 +1124,6 @@ bad: goto err; } } - BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); if (!save_serial(serialfile, "new", serial, NULL)) @@ -1152,7 +1132,6 @@ bad: if (!save_index(dbfile, "new", db)) goto err; } - if (verbose) BIO_printf(bio_err, "writing new certificates\n"); for (i = 0; i < sk_X509_num(cert_sk); i++) { @@ -1162,25 +1141,24 @@ bad: x = sk_X509_value(cert_sk, i); j = x->cert_info->serialNumber->length; - p = (const char *)x->cert_info->serialNumber->data; + p = (const char *) x->cert_info->serialNumber->data; - if (strlen(outdir) >= (size_t)(j ? BSIZE - j*2 - 6 : BSIZE - 8)) { + if (strlen(outdir) >= (size_t) (j ? BSIZE - j * 2 - 6 : BSIZE - 8)) { BIO_printf(bio_err, "certificate file name too long\n"); goto err; } - strlcpy(buf[2], outdir, sizeof(buf[2])); BUF_strlcat(buf[2], "/", sizeof(buf[2])); - n = (char *)&(buf[2][strlen(buf[2])]); + n = (char *) &(buf[2][strlen(buf[2])]); if (j > 0) { for (k = 0; k < j; k++) { if (n >= &(buf[2][sizeof(buf[2])])) break; (void) snprintf(n, &buf[2][0] + sizeof(buf[2]) - n, - "%02X", (unsigned char)*(p++)); + "%02X", (unsigned char) *(p++)); n += 2; } } else { @@ -1214,7 +1192,6 @@ bad: BIO_printf(bio_err, "Data Base Updated\n"); } } - /*****************************************************************/ if (gencrl) { int crl_v2 = 0; @@ -1236,20 +1213,18 @@ bad: goto err; } } - if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) - != NULL) + != NULL) if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) { - BIO_printf(bio_err, "error while loading CRL number\n"); - goto err; - } - + BIO_printf(bio_err, "error while loading CRL number\n"); + goto err; + } if (!crldays && !crlhours && !crlsec) { if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_DAYS, &crldays)) + ENV_DEFAULT_CRL_DAYS, &crldays)) crldays = 0; if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_HOURS, &crlhours)) + ENV_DEFAULT_CRL_HOURS, &crlhours)) crlhours = 0; ERR_clear_error(); } @@ -1257,7 +1232,6 @@ bad: BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n"); goto err; } - if (verbose) BIO_printf(bio_err, "making CRL\n"); if ((crl = X509_CRL_new()) == NULL) @@ -1270,8 +1244,8 @@ bad: goto err; X509_gmtime_adj(tmptm, 0); X509_CRL_set_lastUpdate(crl, tmptm); - if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, - NULL)) { + if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, + NULL)) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); goto err; } @@ -1302,8 +1276,9 @@ bad: } } - /* sort the data so it will be written in serial - * number order */ + /* + * sort the data so it will be written in serial number order + */ X509_CRL_sort(crl); /* we now have a CRL */ @@ -1319,7 +1294,8 @@ bad: if (crl_ext) if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, - crl_ext, crl)) goto err; + crl_ext, crl)) + goto err; if (crlnumberfile != NULL) { tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); if (!tmpser) @@ -1333,11 +1309,10 @@ bad: } if (crl_ext || crl_v2) { if (!X509_CRL_set_version(crl, 1)) - goto err; /* version 2 CRL */ + goto err; /* version 2 CRL */ } - - - if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + if (crlnumberfile != NULL) /* we have a CRL number that + * need updating */ if (!save_serial(crlnumberfile, "new", crlnumber, NULL)) goto err; @@ -1345,7 +1320,6 @@ bad: BN_free(crlnumber); crlnumber = NULL; } - if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts)) goto err; @@ -1412,7 +1386,7 @@ err: NCONF_free(extconf); OBJ_cleanup(); apps_shutdown(); - return(ret); + return (ret); } static void @@ -1422,11 +1396,11 @@ lookup_fail(const char *name, const char *tag) } static int -certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, +certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, CONF *lconf, + char *enddate, long days, int batch, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { @@ -1488,13 +1462,13 @@ err: } static int -certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, +certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, CONF *lconf, + char *enddate, long days, int batch, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy, ENGINE *e) + int ext_copy, ENGINE * e) { X509 *req = NULL; X509_REQ *rreq = NULL; @@ -1542,11 +1516,11 @@ err: } static int -do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, +do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst, + STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, + CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, - int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, + int verbose, X509_REQ * req, char *ext_sect, CONF * lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { @@ -1572,7 +1546,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, BIO_printf(bio_err, "malloc error\n"); return (0); } - for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; @@ -1587,7 +1560,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, req->req_info->enc.modified = 1; X509_NAME_free(n); } - if (default_op) BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n"); @@ -1612,7 +1584,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, (str->type == V_ASN1_PRINTABLESTRING)) str->type = V_ASN1_IA5STRING; } - /* If no EMAIL is wanted in the subject */ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) continue; @@ -1626,14 +1597,13 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) { j = ASN1_PRINTABLE_type(str->data, str->length); if (((j == V_ASN1_T61STRING) && - (str->type != V_ASN1_T61STRING)) || + (str->type != V_ASN1_T61STRING)) || ((j == V_ASN1_IA5STRING) && - (str->type == V_ASN1_PRINTABLESTRING))) { + (str->type == V_ASN1_PRINTABLESTRING))) { BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n"); goto err; } } - if (default_op) old_entry_print(bio_err, obj, str); } @@ -1643,7 +1613,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - /* take a copy of the issuer name before we mess with it. */ if (selfsign) CAname = X509_NAME_dup(name); @@ -1654,7 +1623,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, str = str2 = NULL; for (i = 0; i < sk_CONF_VALUE_num(policy); i++) { - cv=sk_CONF_VALUE_value(policy,i); /* get the object id */ + cv = sk_CONF_VALUE_value(policy, i); /* get the object id */ if ((j = OBJ_txt2nid(cv->name)) == NID_undef) { BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name); goto err; @@ -1692,10 +1661,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name); goto err; } - last2 = -1; -again2: + again2: j = X509_NAME_get_index_by_OBJ(CAname, obj, last2); if ((j < 0) && (last2 == -1)) { BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name); @@ -1710,7 +1678,7 @@ again2: goto again2; } if (j < 0) { - BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL)?"NULL":(char *)str2->data), ((str == NULL)?"NULL":(char *)str->data)); + BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL) ? "NULL" : (char *) str2->data), ((str == NULL) ? "NULL" : (char *) str->data)); goto err; } } else { @@ -1738,18 +1706,21 @@ again2: if (subject == NULL) goto err; } - if (verbose) BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n"); /* Build the correct Subject if no e-mail is wanted in the subject */ - /* and add it later on because of the method extensions are added (altName) */ + /* + * and add it later on because of the method extensions are added + * (altName) + */ if (email_dn) dn_subject = subject; else { X509_NAME_ENTRY *tmpne; - /* Its best to dup the subject DN and then delete any email + /* + * Its best to dup the subject DN and then delete any email * addresses because this retains its structure. */ if (!(dn_subject = X509_NAME_dup(subject))) { @@ -1772,7 +1743,6 @@ again2: BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - if (db->attributes.unique_subject) { OPENSSL_STRING *crow = row; @@ -1791,35 +1761,43 @@ again2: BIO_printf(bio_err, " check the database/serial_file for corruption\n"); } } - if (rrow != NULL) { BIO_printf(bio_err, "The matching entry has the following details\n"); if (rrow[DB_type][0] == 'E') - p="Expired"; + p = "Expired"; else if (rrow[DB_type][0] == 'R') - p="Revoked"; + p = "Revoked"; else if (rrow[DB_type][0] == 'V') - p="Valid"; + p = "Valid"; else - p="\ninvalid type, Data base error\n"; + p = "\ninvalid type, Data base error\n"; BIO_printf(bio_err, "Type :%s\n", p); if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; if (p == NULL) p="undef"; + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; BIO_printf(bio_err, "Was revoked on:%s\n", p); } - p = rrow[DB_exp_date]; if (p == NULL) p="undef"; + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; if (p == NULL) p="undef"; + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; if (p == NULL) p="undef"; + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; if (p == NULL) p="undef"; + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; BIO_printf(bio_err, "Subject Name :%s\n", p); - ok= -1; /* This is now a 'bad' error. */ + ok = -1; /* This is now a 'bad' error. */ goto err; } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n"); @@ -1869,10 +1847,12 @@ again2: if (ci->version == NULL) if ((ci->version = ASN1_INTEGER_new()) == NULL) goto err; - ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ + ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */ - /* Free the current entries if any, there should not - * be any I believe */ + /* + * Free the current entries if any, there should not be any I + * believe + */ if (ci->extensions != NULL) sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free); @@ -1914,12 +1894,10 @@ again2: ERR_print_errors(bio_err); goto err; } - if (verbose) BIO_printf(bio_err, "Successfully added extensions from config\n"); } } - /* Copy extensions from request (if any) */ if (!copy_extensions(ret, req, ext_copy)) { @@ -1927,20 +1905,20 @@ again2: ERR_print_errors(bio_err); goto err; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0 ) { + if (email_dn == 0) { if (!X509_set_subject_name(ret, dn_subject)) goto err; } - if (!default_op) { BIO_printf(bio_err, "Certificate Details:\n"); - /* Never print signature details because signature not present */ + /* + * Never print signature details because signature not + * present + */ certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; X509_print_ex(bio_err, ret, nameopt, certopt); } - BIO_printf(bio_err, "Certificate is to be certified until "); ASN1_TIME_print(bio_err, X509_get_notAfter(ret)); if (days) @@ -1950,7 +1928,7 @@ again2: if (!batch) { BIO_printf(bio_err, "Sign the certificate? [y/n]:"); - (void)BIO_flush(bio_err); + (void) BIO_flush(bio_err); buf[0] = '\0'; if (!fgets(buf, sizeof(buf) - 1, stdin)) { BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); @@ -1963,7 +1941,6 @@ again2: goto err; } } - pktmp = X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) @@ -1974,17 +1951,17 @@ again2: goto err; /* We now just add it to the database */ - row[DB_type] = (char *)malloc(2); + row[DB_type] = (char *) malloc(2); tm = X509_get_notAfter(ret); - row[DB_exp_date] = (char *)malloc(tm->length + 1); + row[DB_exp_date] = (char *) malloc(tm->length + 1); memcpy(row[DB_exp_date], tm->data, tm->length); row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; /* row[DB_serial] done already */ - row[DB_file] = (char *)malloc(8); + row[DB_file] = (char *) malloc(8); row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || @@ -1996,11 +1973,10 @@ again2: row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) { + if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; @@ -2036,10 +2012,10 @@ err: } static void -write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) +write_new_certificate(BIO * bp, X509 * x, int output_der, int notext) { if (output_der) { - (void)i2d_X509_bio(bp, x); + (void) i2d_X509_bio(bp, x); return; } #if 0 @@ -2060,15 +2036,15 @@ write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) } static int -certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, +certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, + const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, + STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, - char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, + char *enddate, long days, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { - STACK_OF(CONF_VALUE) *sk = NULL; - LHASH_OF(CONF_VALUE) *parms = NULL; + STACK_OF(CONF_VALUE) * sk = NULL; + LHASH_OF(CONF_VALUE) * parms = NULL; X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; @@ -2092,14 +2068,12 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ERR_print_errors(bio_err); goto err; } - sk = CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); CONF_free(parms); goto err; } - /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components @@ -2112,21 +2086,21 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ERR_print_errors(bio_err); goto err; } - /* * Build up the subject name set. */ ri = req->req_info; n = ri->subject; - for (i = 0; ; i++) { + for (i = 0;; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv = sk_CONF_VALUE_value(sk, i); type = cv->name; - /* Skip past any leading X. X: X, etc to allow for - * multiple instances + /* + * Skip past any leading X. X: X, etc to allow for multiple + * instances */ for (buf = cv->name; *buf; buf++) { if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { @@ -2149,9 +2123,8 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, } continue; } - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - (unsigned char *)buf, -1, -1, 0)) + (unsigned char *) buf, -1, -1, 0)) goto err; } if (spki == NULL) { @@ -2159,7 +2132,6 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, infile); goto err; } - /* * Now extract the key from the SPKI structure. */ @@ -2170,7 +2142,6 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "error unpacking SPKAC public key\n"); goto err; } - j = NETSCAPE_SPKI_verify(spki, pktmp); if (j <= 0) { BIO_printf(bio_err, "signature verification failed on SPKAC public key\n"); @@ -2203,7 +2174,7 @@ check_time_format(const char *str) } static int -do_revoke(X509 *x509, CA_DB *db, int type, char *value) +do_revoke(X509 * x509, CA_DB * db, int type, char *value) { ASN1_UTCTIME *tm = NULL; char *row[DB_NUMBER], **rrow, **irow; @@ -2226,25 +2197,26 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value) BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - /* We have to lookup by serial number because name lookup - * skips revoked certs - */ + /* + * We have to lookup by serial number because name lookup skips + * revoked certs + */ rrow = TXT_DB_get_by_index(db->db, DB_serial, row); if (rrow == NULL) { BIO_printf(bio_err, "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); /* We now just add it to the database */ - row[DB_type] = (char *)malloc(2); + row[DB_type] = (char *) malloc(2); tm = X509_get_notAfter(x509); - row[DB_exp_date] = (char *)malloc(tm->length + 1); + row[DB_exp_date] = (char *) malloc(tm->length + 1); memcpy(row[DB_exp_date], tm->data, tm->length); row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; /* row[DB_serial] done already */ - row[DB_file] = (char *)malloc(8); + row[DB_file] = (char *) malloc(8); /* row[DB_name] done already */ @@ -2257,11 +2229,10 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - if ((irow = (char **)malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) { + if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; @@ -2273,7 +2244,6 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value) BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto err; } - /* Revoke Certificate */ ok = do_revoke(x509, db, type, value); @@ -2283,7 +2253,7 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value) BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]); goto err; - } else if (rrow[DB_type][0]=='R') { + } else if (rrow[DB_type][0] == 'R') { BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n", row[DB_serial]); goto err; @@ -2308,7 +2278,7 @@ err: } static int -get_certificate_status(const char *serial, CA_DB *db) +get_certificate_status(const char *serial, CA_DB * db) { char *row[DB_NUMBER], **rrow; int ok = -1, i; @@ -2323,13 +2293,12 @@ get_certificate_status(const char *serial, CA_DB *db) BIO_printf(bio_err, "Malloc failure\n"); goto err; } - if (strlen(serial) % 2) { - /* Set the first char to 0 */; - row[DB_serial][0]='0'; + /* Set the first char to 0 */ ; + row[DB_serial][0] = '0'; /* Copy String from serial to row[DB_serial] */ - memcpy(row[DB_serial]+1, serial, strlen(serial)); + memcpy(row[DB_serial] + 1, serial, strlen(serial)); row[DB_serial][strlen(serial) + 1] = '\0'; } else { /* Copy String from serial to row[DB_serial] */ @@ -2339,7 +2308,7 @@ get_certificate_status(const char *serial, CA_DB *db) /* Make it Upper Case */ for (i = 0; row[DB_serial][i] != '\0'; i++) - row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); + row[DB_serial][i] = toupper((unsigned char) row[DB_serial][i]); ok = 1; @@ -2351,19 +2320,19 @@ get_certificate_status(const char *serial, CA_DB *db) row[DB_serial]); ok = -1; goto err; - } else if (rrow[DB_type][0]=='V') { + } else if (rrow[DB_type][0] == 'V') { BIO_printf(bio_err, "%s=Valid (%c)\n", row[DB_serial], rrow[DB_type][0]); goto err; - } else if (rrow[DB_type][0]=='R') { + } else if (rrow[DB_type][0] == 'R') { BIO_printf(bio_err, "%s=Revoked (%c)\n", row[DB_serial], rrow[DB_type][0]); goto err; - } else if (rrow[DB_type][0]=='E') { + } else if (rrow[DB_type][0] == 'E') { BIO_printf(bio_err, "%s=Expired (%c)\n", row[DB_serial], rrow[DB_type][0]); goto err; - } else if (rrow[DB_type][0]=='S') { + } else if (rrow[DB_type][0] == 'S') { BIO_printf(bio_err, "%s=Suspended (%c)\n", row[DB_serial], rrow[DB_type][0]); goto err; @@ -2380,11 +2349,12 @@ err: return (ok); } -static int do_updatedb (CA_DB *db) +static int +do_updatedb(CA_DB * db) { - ASN1_UTCTIME *a_tm = NULL; + ASN1_UTCTIME *a_tm = NULL; int i, cnt = 0; - int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ + int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); @@ -2396,7 +2366,6 @@ static int do_updatedb (CA_DB *db) cnt = -1; goto err; } - memcpy(a_tm_s, a_tm->data, a_tm->length); a_tm_s[a_tm->length] = '\0'; @@ -2433,7 +2402,6 @@ static int do_updatedb (CA_DB *db) BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); } - } } @@ -2505,7 +2473,6 @@ make_revocation_str(int rev_type, char *rev_arg) BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); return NULL; } - reason = "holdInstruction"; other = rev_arg; break; @@ -2532,17 +2499,19 @@ make_revocation_str(int rev_type, char *rev_arg) i = revtm->length + 1; - if (reason) i += strlen(reason) - + 1; - if (other) i += strlen(other) - + 1; + if (reason) + i += strlen(reason) + + 1; + if (other) + i += strlen(other) + + 1; str = malloc(i); if (!str) return NULL; - BUF_strlcpy(str, (char *)revtm->data, i); + BUF_strlcpy(str, (char *) revtm->data, i); if (reason) { BUF_strlcat(str, ",", i); BUF_strlcat(str, reason, i); @@ -2563,7 +2532,7 @@ make_revocation_str(int rev_type, char *rev_arg) */ int -make_revoked(X509_REVOKED *rev, const char *str) +make_revoked(X509_REVOKED * rev, const char *str) { char *tmp = NULL; int reason_code = -1; @@ -2589,7 +2558,6 @@ make_revoked(X509_REVOKED *rev, const char *str) if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) goto err; } - if (rev && comp_time) { if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) goto err; @@ -2598,7 +2566,6 @@ make_revoked(X509_REVOKED *rev, const char *str) if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) goto err; } - if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) ret = 2; else @@ -2617,7 +2584,7 @@ err: } int -old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) +old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str) { char buf[25], *pbuf, *p; int j; @@ -2640,16 +2607,16 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) else BIO_printf(bp, "ASN.1 %2d:'", str->type); - p = (char *)str->data; + p = (char *) str->data; for (j = str->length; j > 0; j--) { if ((*p >= ' ') && (*p <= '~')) BIO_printf(bp, "%c", *p); else if (*p & 0x80) BIO_printf(bp, "\\0x%02X", *p); - else if ((unsigned char)*p == 0xf7) + else if ((unsigned char) *p == 0xf7) BIO_printf(bp, "^?"); else - BIO_printf(bp, "^%c", *p+'@'); + BIO_printf(bp, "^%c", *p + '@'); p++; } BIO_printf(bp, "'\n"); @@ -2657,8 +2624,8 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) } int -unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, const char *str) +unpack_revinfo(ASN1_TIME ** prevtm, int *preason, ASN1_OBJECT ** phold, + ASN1_GENERALIZEDTIME ** pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; @@ -2683,7 +2650,6 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, arg_str = p + 1; } } - if (prevtm) { *prevtm = ASN1_UTCTIME_new(); if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { @@ -2702,11 +2668,9 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, BIO_printf(bio_err, "invalid reason code %s\n", reason_str); goto err; } - if (reason_code == 7) reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; - else if (reason_code == 8) /* Hold instruction */ - { + else if (reason_code == 8) { /* Hold instruction */ if (!arg_str) { BIO_printf(bio_err, "missing hold instruction\n"); goto err; @@ -2736,7 +2700,6 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; } } - if (preason) *preason = reason_code; if (pinvtm) diff --git a/lib/libssl/src/apps/ciphers.c b/lib/libssl/src/apps/ciphers.c index 1586dc5383f..8e6427582cb 100644 --- a/lib/libssl/src/apps/ciphers.c +++ b/lib/libssl/src/apps/ciphers.c @@ -93,7 +93,7 @@ MAIN(int argc, char **argv) SSL *ssl = NULL; char *ciphers = NULL; const SSL_METHOD *meth = NULL; - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) * sk; char buf[512]; BIO *STDout = NULL; @@ -123,7 +123,7 @@ MAIN(int argc, char **argv) badops = 1; break; } else { - ciphers= *argv; + ciphers = *argv; } argc--; argv++; @@ -134,7 +134,6 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "%s", *pp); goto end; } - OpenSSL_add_ssl_algorithms(); ctx = SSL_CTX_new(meth); @@ -152,7 +151,7 @@ MAIN(int argc, char **argv) if (!verbose) { - for (i = 0; ; i++) { + for (i = 0;; i++) { p = SSL_get_cipher_list(ssl, i); if (p == NULL) break; @@ -161,9 +160,7 @@ MAIN(int argc, char **argv) BIO_printf(STDout, "%s", p); } BIO_printf(STDout, "\n"); - } - else /* verbose */ - { + } else { /* verbose */ sk = SSL_get_ciphers(ssl); for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { @@ -173,19 +170,18 @@ MAIN(int argc, char **argv) if (Verbose) { unsigned long id = SSL_CIPHER_get_id(c); - int id0 = (int)(id >> 24); - int id1 = (int)((id >> 16) & 0xffL); - int id2 = (int)((id >> 8) & 0xffL); - int id3 = (int)(id & 0xffL); + int id0 = (int) (id >> 24); + int id1 = (int) ((id >> 16) & 0xffL); + int id2 = (int) ((id >> 8) & 0xffL); + int id3 = (int) (id & 0xffL); if ((id & 0xff000000L) == 0x02000000L) - BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ + BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ else if ((id & 0xff000000L) == 0x03000000L) - BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ + BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ else - BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ + BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ } - BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); } } @@ -204,5 +200,5 @@ end: if (STDout != NULL) BIO_free_all(STDout); apps_shutdown(); - return(ret); + return (ret); } diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index eda3ccbdf05..7948e4c09ff 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -68,13 +68,13 @@ #undef PROG #define PROG cms_main -static int save_certs(char *signerfile, STACK_OF(X509) *signers); -static int cms_cb(int ok, X509_STORE_CTX *ctx); -static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); +static int save_certs(char *signerfile, STACK_OF(X509) * signers); +static int cms_cb(int ok, X509_STORE_CTX * ctx); +static void receipt_request_print(BIO * out, CMS_ContentInfo * cms); static CMS_ReceiptRequest * -make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, +make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from); + STACK_OF(OPENSSL_STRING) * rr_from); #define SMIME_OP 0x10 #define SMIME_IP 0x20 @@ -96,12 +96,12 @@ make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, #define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) #define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) -int verify_err = 0; + int verify_err = 0; -int MAIN(int, char **); + int MAIN(int, char **); -int -MAIN(int argc, char **argv) + int + MAIN(int argc, char **argv) { ENGINE *e = NULL; int operation = 0; @@ -110,7 +110,7 @@ MAIN(int argc, char **argv) const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL, *rctfile = NULL; char *signerfile = NULL, *recipfile = NULL; - STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; + STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; @@ -118,13 +118,13 @@ MAIN(int argc, char **argv) X509_STORE *store = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL; EVP_PKEY *key = NULL; - STACK_OF(X509) *encerts = NULL, *other = NULL; + STACK_OF(X509) * encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; int badarg = 0; int flags = CMS_DETACHED, noout = 0, print = 0; int verify_retcode = 0; int rr_print = 0, rr_allorfirst = -1; - STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; + STACK_OF(OPENSSL_STRING) * rr_to = NULL, *rr_from = NULL; CMS_ReceiptRequest *rr = NULL; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; @@ -152,26 +152,25 @@ MAIN(int argc, char **argv) if (bio_err == NULL) { if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); } - if (!load_config(bio_err, NULL)) goto end; while (!badarg && *args && *args[0] == '-') { - if (!strcmp (*args, "-encrypt")) + if (!strcmp(*args, "-encrypt")) operation = SMIME_ENCRYPT; - else if (!strcmp (*args, "-decrypt")) + else if (!strcmp(*args, "-decrypt")) operation = SMIME_DECRYPT; - else if (!strcmp (*args, "-sign")) + else if (!strcmp(*args, "-sign")) operation = SMIME_SIGN; - else if (!strcmp (*args, "-sign_receipt")) + else if (!strcmp(*args, "-sign_receipt")) operation = SMIME_SIGN_RECEIPT; - else if (!strcmp (*args, "-resign")) + else if (!strcmp(*args, "-resign")) operation = SMIME_RESIGN; - else if (!strcmp (*args, "-verify")) + else if (!strcmp(*args, "-verify")) operation = SMIME_VERIFY; - else if (!strcmp (*args, "-verify_retcode")) + else if (!strcmp(*args, "-verify_retcode")) verify_retcode = 1; else if (!strcmp(*args, "-verify_receipt")) { operation = SMIME_VERIFY_RECEIPT; @@ -179,40 +178,40 @@ MAIN(int argc, char **argv) goto argerr; args++; rctfile = *args; - } else if (!strcmp (*args, "-cmsout")) + } else if (!strcmp(*args, "-cmsout")) operation = SMIME_CMSOUT; - else if (!strcmp (*args, "-data_out")) + else if (!strcmp(*args, "-data_out")) operation = SMIME_DATAOUT; - else if (!strcmp (*args, "-data_create")) + else if (!strcmp(*args, "-data_create")) operation = SMIME_DATA_CREATE; - else if (!strcmp (*args, "-digest_verify")) + else if (!strcmp(*args, "-digest_verify")) operation = SMIME_DIGEST_VERIFY; - else if (!strcmp (*args, "-digest_create")) + else if (!strcmp(*args, "-digest_create")) operation = SMIME_DIGEST_CREATE; - else if (!strcmp (*args, "-compress")) + else if (!strcmp(*args, "-compress")) operation = SMIME_COMPRESS; - else if (!strcmp (*args, "-uncompress")) + else if (!strcmp(*args, "-uncompress")) operation = SMIME_UNCOMPRESS; - else if (!strcmp (*args, "-EncryptedData_decrypt")) + else if (!strcmp(*args, "-EncryptedData_decrypt")) operation = SMIME_ENCRYPTED_DECRYPT; - else if (!strcmp (*args, "-EncryptedData_encrypt")) + else if (!strcmp(*args, "-EncryptedData_encrypt")) operation = SMIME_ENCRYPTED_ENCRYPT; #ifndef OPENSSL_NO_DES - else if (!strcmp (*args, "-des3")) + else if (!strcmp(*args, "-des3")) cipher = EVP_des_ede3_cbc(); - else if (!strcmp (*args, "-des")) + else if (!strcmp(*args, "-des")) cipher = EVP_des_cbc(); #endif #ifndef OPENSSL_NO_SEED - else if (!strcmp (*args, "-seed")) + else if (!strcmp(*args, "-seed")) cipher = EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_RC2 - else if (!strcmp (*args, "-rc2-40")) + else if (!strcmp(*args, "-rc2-40")) cipher = EVP_rc2_40_cbc(); - else if (!strcmp (*args, "-rc2-128")) + else if (!strcmp(*args, "-rc2-128")) cipher = EVP_rc2_cbc(); - else if (!strcmp (*args, "-rc2-64")) + else if (!strcmp(*args, "-rc2-64")) cipher = EVP_rc2_64_cbc(); #endif #ifndef OPENSSL_NO_AES @@ -231,50 +230,50 @@ MAIN(int argc, char **argv) else if (!strcmp(*args, "-camellia256")) cipher = EVP_camellia_256_cbc(); #endif - else if (!strcmp (*args, "-debug_decrypt")) + else if (!strcmp(*args, "-debug_decrypt")) flags |= CMS_DEBUG_DECRYPT; - else if (!strcmp (*args, "-text")) + else if (!strcmp(*args, "-text")) flags |= CMS_TEXT; - else if (!strcmp (*args, "-nointern")) + else if (!strcmp(*args, "-nointern")) flags |= CMS_NOINTERN; - else if (!strcmp (*args, "-noverify") || - !strcmp (*args, "-no_signer_cert_verify")) + else if (!strcmp(*args, "-noverify") || + !strcmp(*args, "-no_signer_cert_verify")) flags |= CMS_NO_SIGNER_CERT_VERIFY; - else if (!strcmp (*args, "-nocerts")) + else if (!strcmp(*args, "-nocerts")) flags |= CMS_NOCERTS; - else if (!strcmp (*args, "-noattr")) + else if (!strcmp(*args, "-noattr")) flags |= CMS_NOATTR; - else if (!strcmp (*args, "-nodetach")) + else if (!strcmp(*args, "-nodetach")) flags &= ~CMS_DETACHED; - else if (!strcmp (*args, "-nosmimecap")) + else if (!strcmp(*args, "-nosmimecap")) flags |= CMS_NOSMIMECAP; - else if (!strcmp (*args, "-binary")) + else if (!strcmp(*args, "-binary")) flags |= CMS_BINARY; - else if (!strcmp (*args, "-keyid")) + else if (!strcmp(*args, "-keyid")) flags |= CMS_USE_KEYID; - else if (!strcmp (*args, "-nosigs")) + else if (!strcmp(*args, "-nosigs")) flags |= CMS_NOSIGS; - else if (!strcmp (*args, "-no_content_verify")) + else if (!strcmp(*args, "-no_content_verify")) flags |= CMS_NO_CONTENT_VERIFY; - else if (!strcmp (*args, "-no_attr_verify")) + else if (!strcmp(*args, "-no_attr_verify")) flags |= CMS_NO_ATTR_VERIFY; - else if (!strcmp (*args, "-stream")) + else if (!strcmp(*args, "-stream")) flags |= CMS_STREAM; - else if (!strcmp (*args, "-indef")) + else if (!strcmp(*args, "-indef")) flags |= CMS_STREAM; - else if (!strcmp (*args, "-noindef")) + else if (!strcmp(*args, "-noindef")) flags &= ~CMS_STREAM; - else if (!strcmp (*args, "-nooldmime")) + else if (!strcmp(*args, "-nooldmime")) flags |= CMS_NOOLDMIMETYPE; - else if (!strcmp (*args, "-crlfeol")) + else if (!strcmp(*args, "-crlfeol")) flags |= CMS_CRLFEOL; - else if (!strcmp (*args, "-noout")) + else if (!strcmp(*args, "-noout")) noout = 1; - else if (!strcmp (*args, "-receipt_request_print")) + else if (!strcmp(*args, "-receipt_request_print")) rr_print = 1; - else if (!strcmp (*args, "-receipt_request_all")) + else if (!strcmp(*args, "-receipt_request_all")) rr_allorfirst = 0; - else if (!strcmp (*args, "-receipt_request_first")) + else if (!strcmp(*args, "-receipt_request_first")) rr_allorfirst = 1; else if (!strcmp(*args, "-receipt_request_from")) { if (!args[1]) @@ -283,20 +282,17 @@ MAIN(int argc, char **argv) if (!rr_from) rr_from = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_from, *args); - } - else if (!strcmp(*args, "-receipt_request_to")) { + } else if (!strcmp(*args, "-receipt_request_to")) { if (!args[1]) goto argerr; args++; if (!rr_to) rr_to = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_to, *args); - } - else if (!strcmp (*args, "-print")) { + } else if (!strcmp(*args, "-print")) { noout = 1; print = 1; - } - else if (!strcmp(*args, "-secretkey")) { + } else if (!strcmp(*args, "-secretkey")) { long ltmp; if (!args[1]) goto argerr; @@ -306,9 +302,8 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "Invalid key %s\n", *args); goto argerr; } - secret_keylen = (size_t)ltmp; - } - else if (!strcmp(*args, "-secretkeyid")) { + secret_keylen = (size_t) ltmp; + } else if (!strcmp(*args, "-secretkeyid")) { long ltmp; if (!args[1]) goto argerr; @@ -318,13 +313,12 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "Invalid id %s\n", *args); goto argerr; } - secret_keyidlen = (size_t)ltmp; - } - else if (!strcmp(*args, "-pwri_password")) { + secret_keyidlen = (size_t) ltmp; + } else if (!strcmp(*args, "-pwri_password")) { if (!args[1]) goto argerr; args++; - pwri_pass = (unsigned char *)*args; + pwri_pass = (unsigned char *) *args; } else if (!strcmp(*args, "-econtent_type")) { if (!args[1]) goto argerr; @@ -352,23 +346,19 @@ MAIN(int argc, char **argv) if (!args[1]) goto argerr; passargin = *++args; - } - else if (!strcmp (*args, "-to")) { + } else if (!strcmp(*args, "-to")) { if (!args[1]) goto argerr; to = *++args; - } - else if (!strcmp (*args, "-from")) { + } else if (!strcmp(*args, "-from")) { if (!args[1]) goto argerr; from = *++args; - } - else if (!strcmp (*args, "-subject")) { + } else if (!strcmp(*args, "-subject")) { if (!args[1]) goto argerr; subject = *++args; - } - else if (!strcmp (*args, "-signer")) { + } else if (!strcmp(*args, "-signer")) { if (!args[1]) goto argerr; /* If previous -signer argument add signer to list */ @@ -385,15 +375,15 @@ MAIN(int argc, char **argv) keyfile = NULL; } signerfile = *++args; - } else if (!strcmp (*args, "-recip")) { + } else if (!strcmp(*args, "-recip")) { if (!args[1]) goto argerr; recipfile = *++args; - } else if (!strcmp (*args, "-certsout")) { + } else if (!strcmp(*args, "-certsout")) { if (!args[1]) goto argerr; certsoutfile = *++args; - } else if (!strcmp (*args, "-md")) { + } else if (!strcmp(*args, "-md")) { if (!args[1]) goto argerr; sign_md = EVP_get_digestbyname(*++args); @@ -402,7 +392,7 @@ MAIN(int argc, char **argv) *args); goto argerr; } - } else if (!strcmp (*args, "-inkey")) { + } else if (!strcmp(*args, "-inkey")) { if (!args[1]) goto argerr; /* If previous -inkey arument add signer to list */ @@ -420,43 +410,43 @@ MAIN(int argc, char **argv) sk_OPENSSL_STRING_push(skkeys, keyfile); } keyfile = *++args; - } else if (!strcmp (*args, "-keyform")) { + } else if (!strcmp(*args, "-keyform")) { if (!args[1]) goto argerr; keyform = str2fmt(*++args); - } else if (!strcmp (*args, "-rctform")) { + } else if (!strcmp(*args, "-rctform")) { if (!args[1]) goto argerr; rctformat = str2fmt(*++args); - } else if (!strcmp (*args, "-certfile")) { + } else if (!strcmp(*args, "-certfile")) { if (!args[1]) goto argerr; certfile = *++args; - } else if (!strcmp (*args, "-CAfile")) { + } else if (!strcmp(*args, "-CAfile")) { if (!args[1]) goto argerr; CAfile = *++args; - } else if (!strcmp (*args, "-CApath")) { + } else if (!strcmp(*args, "-CApath")) { if (!args[1]) goto argerr; CApath = *++args; - } else if (!strcmp (*args, "-in")) { + } else if (!strcmp(*args, "-in")) { if (!args[1]) goto argerr; infile = *++args; - } else if (!strcmp (*args, "-inform")) { + } else if (!strcmp(*args, "-inform")) { if (!args[1]) goto argerr; informat = str2fmt(*++args); - } else if (!strcmp (*args, "-outform")) { + } else if (!strcmp(*args, "-outform")) { if (!args[1]) goto argerr; outformat = str2fmt(*++args); - } else if (!strcmp (*args, "-out")) { + } else if (!strcmp(*args, "-out")) { if (!args[1]) goto argerr; outfile = *++args; - } else if (!strcmp (*args, "-content")) { + } else if (!strcmp(*args, "-content")) { if (!args[1]) goto argerr; contfile = *++args; @@ -471,8 +461,7 @@ MAIN(int argc, char **argv) BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto argerr; } - - if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { + if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto argerr; } @@ -480,7 +469,6 @@ MAIN(int argc, char **argv) BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; } - if (operation & SMIME_SIGNERS) { if (keyfile && !signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); @@ -519,72 +507,71 @@ MAIN(int argc, char **argv) badarg = 1; if (badarg) { - argerr: - BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); - BIO_printf (bio_err, "where options are\n"); - BIO_printf (bio_err, "-encrypt encrypt message\n"); - BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); - BIO_printf (bio_err, "-sign sign message\n"); - BIO_printf (bio_err, "-verify verify signed message\n"); - BIO_printf (bio_err, "-cmsout output CMS structure\n"); +argerr: + BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n"); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, "-encrypt encrypt message\n"); + BIO_printf(bio_err, "-decrypt decrypt encrypted message\n"); + BIO_printf(bio_err, "-sign sign message\n"); + BIO_printf(bio_err, "-verify verify signed message\n"); + BIO_printf(bio_err, "-cmsout output CMS structure\n"); #ifndef OPENSSL_NO_DES - BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); - BIO_printf (bio_err, "-des encrypt with DES\n"); + BIO_printf(bio_err, "-des3 encrypt with triple DES\n"); + BIO_printf(bio_err, "-des encrypt with DES\n"); #endif #ifndef OPENSSL_NO_SEED - BIO_printf (bio_err, "-seed encrypt with SEED\n"); + BIO_printf(bio_err, "-seed encrypt with SEED\n"); #endif #ifndef OPENSSL_NO_RC2 - BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); - BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); - BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); + BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); + BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n"); + BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n"); #endif #ifndef OPENSSL_NO_AES - BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); - BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); + BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA - BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); - BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); + BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); #endif - BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); - BIO_printf (bio_err, "-nosigs don't verify message signature\n"); - BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); - BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); - BIO_printf (bio_err, "-nodetach use opaque signing\n"); - BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); - BIO_printf (bio_err, "-binary don't translate message to text\n"); - BIO_printf (bio_err, "-certfile file other certificates file\n"); - BIO_printf (bio_err, "-certsout file certificate output file\n"); - BIO_printf (bio_err, "-signer file signer certificate file\n"); - BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); - BIO_printf (bio_err, "-keyid use subject key identifier\n"); - BIO_printf (bio_err, "-in file input file\n"); - BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); - BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); - BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); - BIO_printf (bio_err, "-out file output file\n"); - BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); - BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); - BIO_printf (bio_err, "-to addr to address\n"); - BIO_printf (bio_err, "-from ad from address\n"); - BIO_printf (bio_err, "-subject s subject\n"); - BIO_printf (bio_err, "-text include or delete text MIME headers\n"); - BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); - BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); - BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); + BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n"); + BIO_printf(bio_err, "-nosigs don't verify message signature\n"); + BIO_printf(bio_err, "-noverify don't verify signers certificate\n"); + BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n"); + BIO_printf(bio_err, "-nodetach use opaque signing\n"); + BIO_printf(bio_err, "-noattr don't include any signed attributes\n"); + BIO_printf(bio_err, "-binary don't translate message to text\n"); + BIO_printf(bio_err, "-certfile file other certificates file\n"); + BIO_printf(bio_err, "-certsout file certificate output file\n"); + BIO_printf(bio_err, "-signer file signer certificate file\n"); + BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n"); + BIO_printf(bio_err, "-keyid use subject key identifier\n"); + BIO_printf(bio_err, "-in file input file\n"); + BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); + BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); + BIO_printf(bio_err, "-out file output file\n"); + BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); + BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); + BIO_printf(bio_err, "-to addr to address\n"); + BIO_printf(bio_err, "-from ad from address\n"); + BIO_printf(bio_err, "-subject s subject\n"); + BIO_printf(bio_err, "-text include or delete text MIME headers\n"); + BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); + BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); - BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); + BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); + BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; } - #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif @@ -593,14 +580,12 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); } - ret = 2; if (!(operation & SMIME_SIGNERS)) @@ -631,12 +616,10 @@ MAIN(int argc, char **argv) goto end; #endif } - if (secret_key && !secret_keyid) { BIO_printf(bio_err, "No secret key id\n"); goto end; } - if (*args) encerts = sk_X509_new_null(); while (*args) { @@ -648,31 +631,27 @@ MAIN(int argc, char **argv) args++; } } - if (certfile) { if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, - e, "certificate file"))) { + e, "certificate file"))) { ERR_print_errors(bio_err); goto end; } } - if (recipfile && (operation == SMIME_DECRYPT)) { if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, - e, "recipient certificate file"))) { + e, "recipient certificate file"))) { ERR_print_errors(bio_err); goto end; } } - if (operation == SMIME_SIGN_RECEIPT) { if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, - e, "receipt signer certificate file"))) { + e, "receipt signer certificate file"))) { ERR_print_errors(bio_err); goto end; } } - if (operation == SMIME_DECRYPT) { if (!keyfile) keyfile = recipfile; @@ -688,10 +667,9 @@ MAIN(int argc, char **argv) if (!key) goto end; } - if (infile) { if (!(in = BIO_new_file(infile, inmode))) { - BIO_printf (bio_err, + BIO_printf(bio_err, "Can't open input file %s\n", infile); goto end; } @@ -722,7 +700,7 @@ MAIN(int argc, char **argv) } } if (certsoutfile) { - STACK_OF(X509) *allcerts; + STACK_OF(X509) * allcerts; allcerts = CMS_get1_certs(cms); if (!save_certs(certsoutfile, allcerts)) { BIO_printf(bio_err, @@ -734,15 +712,13 @@ MAIN(int argc, char **argv) sk_X509_pop_free(allcerts, X509_free); } } - if (rctfile) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; if (!(rctin = BIO_new_file(rctfile, rctmode))) { - BIO_printf (bio_err, + BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); goto end; } - if (rctformat == FORMAT_SMIME) rcms = SMIME_read_CMS(rctin, NULL); else if (rctformat == FORMAT_PEM) @@ -759,10 +735,9 @@ MAIN(int argc, char **argv) goto end; } } - if (outfile) { if (!(out = BIO_new_file(outfile, outmode))) { - BIO_printf (bio_err, + BIO_printf(bio_err, "Can't open output file %s\n", outfile); goto end; } @@ -777,8 +752,6 @@ MAIN(int argc, char **argv) if (vpm) X509_STORE_set1_param(store, vpm); } - - ret = 3; if (operation == SMIME_DATA_CREATE) { @@ -794,20 +767,20 @@ MAIN(int argc, char **argv) goto end; if (secret_key) { if (!CMS_add0_recipient_key(cms, NID_undef, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) goto end; /* NULL these because call absorbs them */ secret_key = NULL; secret_keyid = NULL; } if (pwri_pass) { - pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); + pwri_tmp = (unsigned char *) BUF_strdup((char *) pwri_pass); if (!pwri_tmp) goto end; if (!CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, + -1, NID_undef, NID_undef, pwri_tmp, -1, NULL)) goto end; pwri_tmp = NULL; @@ -823,7 +796,7 @@ MAIN(int argc, char **argv) } else if (operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; - STACK_OF(CMS_SignerInfo) *sis; + STACK_OF(CMS_SignerInfo) * sis; CMS_SignerInfo *si; sis = CMS_get0_SignerInfos(cms); if (!sis) @@ -836,8 +809,9 @@ MAIN(int argc, char **argv) cms = srcms; } else if (operation & SMIME_SIGNERS) { int i; - /* If detached data content we enable streaming if - * S/MIME output format. + /* + * If detached data content we enable streaming if S/MIME + * output format. */ if (operation == SMIME_SIGN) { @@ -891,12 +865,10 @@ MAIN(int argc, char **argv) goto end; } } - if (!cms) { BIO_printf(bio_err, "Error creating CMS structure\n"); goto end; } - ret = 4; if (operation == SMIME_DECRYPT) { if (flags & CMS_DEBUG_DECRYPT) @@ -904,14 +876,13 @@ MAIN(int argc, char **argv) if (secret_key) { if (!CMS_decrypt_set1_key(cms, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen)) { + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) { BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); goto end; } } - if (key) { if (!CMS_decrypt_set1_pkey(cms, key, recip)) { BIO_puts(bio_err, @@ -919,7 +890,6 @@ MAIN(int argc, char **argv) goto end; } } - if (pwri_pass) { if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { BIO_puts(bio_err, @@ -927,7 +897,6 @@ MAIN(int argc, char **argv) goto end; } } - if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { BIO_printf(bio_err, "Error decrypting CMS structure\n"); goto end; @@ -947,7 +916,7 @@ MAIN(int argc, char **argv) } } else if (operation == SMIME_ENCRYPTED_DECRYPT) { if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) + indata, out, flags)) goto end; } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) @@ -959,7 +928,7 @@ MAIN(int argc, char **argv) goto end; } if (signerfile) { - STACK_OF(X509) *signers; + STACK_OF(X509) * signers; signers = CMS_get0_signers(cms); if (!save_certs(signerfile, signers)) { BIO_printf(bio_err, @@ -1053,7 +1022,7 @@ end: } static int -save_certs(char *signerfile, STACK_OF(X509) *signers) +save_certs(char *signerfile, STACK_OF(X509) * signers) { int i; BIO *tmp; @@ -1072,7 +1041,7 @@ save_certs(char *signerfile, STACK_OF(X509) *signers) /* Minimal callback just to output policy info (if any) */ static int -cms_cb(int ok, X509_STORE_CTX *ctx) +cms_cb(int ok, X509_STORE_CTX * ctx) { int error; @@ -1090,9 +1059,9 @@ cms_cb(int ok, X509_STORE_CTX *ctx) } static void -gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) +gnames_stack_print(BIO * out, STACK_OF(GENERAL_NAMES) * gns) { - STACK_OF(GENERAL_NAME) *gens; + STACK_OF(GENERAL_NAME) * gens; GENERAL_NAME *gen; int i, j; for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { @@ -1108,13 +1077,13 @@ gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) } static void -receipt_request_print(BIO *out, CMS_ContentInfo *cms) +receipt_request_print(BIO * out, CMS_ContentInfo * cms) { - STACK_OF(CMS_SignerInfo) *sis; + STACK_OF(CMS_SignerInfo) * sis; CMS_SignerInfo *si; CMS_ReceiptRequest *rr; int allorfirst; - STACK_OF(GENERAL_NAMES) *rto, *rlist; + STACK_OF(GENERAL_NAMES) * rto, *rlist; ASN1_STRING *scid; int i, rv; sis = CMS_get0_SignerInfos(cms); @@ -1134,7 +1103,7 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms) &rlist, &rto); BIO_puts(out, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); - id = (char *)ASN1_STRING_data(scid); + id = (char *) ASN1_STRING_data(scid); BIO_dump_indent(out, id, idlen, 4); BIO_puts(out, " Receipts From"); if (rlist) { @@ -1155,10 +1124,10 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms) } static -STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) +STACK_OF(GENERAL_NAMES) * make_names_stack(STACK_OF(OPENSSL_STRING) * ns) { int i; - STACK_OF(GENERAL_NAMES) *ret; + STACK_OF(GENERAL_NAMES) * ret; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; ret = sk_GENERAL_NAMES_new_null(); @@ -1194,10 +1163,10 @@ err: static CMS_ReceiptRequest * -make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from) +make_receipt_request(STACK_OF(OPENSSL_STRING) * rr_to, int rr_allorfirst, + STACK_OF(OPENSSL_STRING) * rr_from) { - STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; + STACK_OF(GENERAL_NAMES) * rct_to, *rct_from; CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); if (!rct_to) diff --git a/lib/libssl/src/apps/crl.c b/lib/libssl/src/apps/crl.c index c89b8818a80..a4a4d7d296b 100644 --- a/lib/libssl/src/apps/crl.c +++ b/lib/libssl/src/apps/crl.c @@ -111,7 +111,8 @@ MAIN(int argc, char **argv) BIO *out = NULL; int informat, outformat; char *infile = NULL, *outfile = NULL; - int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0; + int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, + text = 0; #ifndef OPENSSL_NO_MD5 int hash_old = 0; #endif @@ -129,16 +130,15 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; if (bio_out == NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) { - BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); - } - + BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); + } informat = FORMAT_PEM; outformat = FORMAT_PEM; @@ -150,7 +150,9 @@ MAIN(int argc, char **argv) if (strcmp(*argv, "-p") == 0) { if (--argc < 1) goto bad; - if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ + if (!args_from_file(++argv, Nargc, Nargv)) { + goto end; + } */ } #endif if (strcmp(*argv, "-inform") == 0) { @@ -164,11 +166,11 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; @@ -184,10 +186,10 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-hash") == 0) - hash= ++num; + hash = ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp(*argv, "-hash_old") == 0) - hash_old= ++num; + hash_old = ++num; #endif else if (strcmp(*argv, "-nameopt") == 0) { if (--argc < 1) @@ -195,17 +197,17 @@ MAIN(int argc, char **argv) if (!set_name_ex(&nmflag, *(++argv))) goto bad; } else if (strcmp(*argv, "-issuer") == 0) - issuer= ++num; + issuer = ++num; else if (strcmp(*argv, "-lastupdate") == 0) - lastupdate= ++num; + lastupdate = ++num; else if (strcmp(*argv, "-nextupdate") == 0) - nextupdate= ++num; + nextupdate = ++num; else if (strcmp(*argv, "-noout") == 0) - noout= ++num; + noout = ++num; else if (strcmp(*argv, "-fingerprint") == 0) - fingerprint= ++num; + fingerprint = ++num; else if (strcmp(*argv, "-crlnumber") == 0) - crlnumber= ++num; + crlnumber = ++num; else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { /* ok */ digest = md_alg; @@ -224,13 +226,11 @@ bad: BIO_printf(bio_err, "%s", *pp); goto end; } - ERR_load_crypto_strings(); x = load_crl(infile, informat); if (x == NULL) { goto end; } - if (do_ver) { store = X509_STORE_new(); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); @@ -251,7 +251,6 @@ bad: "Error initialising X509 store\n"); goto end; } - i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, X509_CRL_get_issuer(x), &xobj); if (i <= 0) { @@ -275,7 +274,6 @@ bad: else BIO_printf(bio_err, "verify OK\n"); } - if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { @@ -300,8 +298,8 @@ bad: #ifndef OPENSSL_NO_MD5 if (hash_old == i) { BIO_printf(bio_out, "%08lx\n", - X509_NAME_hash_old( - X509_CRL_get_issuer(x))); + X509_NAME_hash_old( + X509_CRL_get_issuer(x))); } #endif if (lastupdate == i) { @@ -330,20 +328,18 @@ bad: } BIO_printf(bio_out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(digest))); - for (j = 0; j < (int)n; j++) { + for (j = 0; j < (int) n; j++) { BIO_printf(bio_out, "%02X%c", md[j], - (j + 1 == (int)n) ? '\n' : ':'); + (j + 1 == (int) n) ? '\n' : ':'); } } } } - out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } - if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { @@ -360,9 +356,8 @@ bad: ret = 0; goto end; } - if (outformat == FORMAT_ASN1) - i = (int)i2d_X509_CRL_bio(out, x); + i = (int) i2d_X509_CRL_bio(out, x); else if (outformat == FORMAT_PEM) i = PEM_write_bio_X509_CRL(out, x); else { @@ -385,7 +380,7 @@ end: X509_STORE_free(store); } apps_shutdown(); - return(ret); + return (ret); } static X509_CRL * @@ -399,7 +394,6 @@ load_crl(char *infile, int format) ERR_print_errors(bio_err); goto end; } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -421,7 +415,6 @@ load_crl(char *infile, int format) ERR_print_errors(bio_err); goto end; } - end: BIO_free(in); return (x); diff --git a/lib/libssl/src/apps/crl2p7.c b/lib/libssl/src/apps/crl2p7.c index ce782742c4c..b98260d1724 100644 --- a/lib/libssl/src/apps/crl2p7.c +++ b/lib/libssl/src/apps/crl2p7.c @@ -71,7 +71,7 @@ #include #include -static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); +static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile); #undef PROG #define PROG crl2pkcs7_main @@ -93,16 +93,16 @@ MAIN(int argc, char **argv) PKCS7 *p7 = NULL; PKCS7_SIGNED *p7s = NULL; X509_CRL *crl = NULL; - STACK_OF(OPENSSL_STRING) *certflst = NULL; - STACK_OF(X509_CRL) *crl_stack = NULL; - STACK_OF(X509) *cert_stack = NULL; + STACK_OF(OPENSSL_STRING) * certflst = NULL; + STACK_OF(X509_CRL) * crl_stack = NULL; + STACK_OF(X509) * cert_stack = NULL; int ret = 1, nocrl = 0; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); infile = NULL; outfile = NULL; @@ -124,18 +124,19 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-nocrl") == 0) { nocrl = 1; } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-certfile") == 0) { if (--argc < 1) goto bad; - if (!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst, *(++argv)); + if (!certflst) + certflst = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(certflst, *(++argv)); } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; @@ -159,7 +160,6 @@ bad: ret = 1; goto end; } - ERR_load_crypto_strings(); in = BIO_new(BIO_s_file()); @@ -168,7 +168,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (!nocrl) { if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); @@ -193,7 +192,6 @@ bad: goto end; } } - if ((p7 = PKCS7_new()) == NULL) goto end; if ((p7s = PKCS7_SIGNED_new()) == NULL) @@ -209,21 +207,21 @@ bad: p7s->crl = crl_stack; if (crl != NULL) { sk_X509_CRL_push(crl_stack, crl); - crl=NULL; /* now part of p7 for freeing */ + crl = NULL; /* now part of p7 for freeing */ } - if ((cert_stack = sk_X509_new_null()) == NULL) goto end; p7s->cert = cert_stack; - if (certflst) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { - certfile = sk_OPENSSL_STRING_value(certflst, i); - if (add_certs_from_file(cert_stack, certfile) < 0) { - BIO_printf(bio_err, "error loading certificates\n"); - ERR_print_errors(bio_err); - goto end; + if (certflst) + for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { + certfile = sk_OPENSSL_STRING_value(certflst, i); + if (add_certs_from_file(cert_stack, certfile) < 0) { + BIO_printf(bio_err, "error loading certificates\n"); + ERR_print_errors(bio_err); + goto end; + } } - } sk_OPENSSL_STRING_free(certflst); @@ -262,7 +260,7 @@ end: X509_CRL_free(crl); apps_shutdown(); - return(ret); + return (ret); } /* @@ -276,12 +274,12 @@ end: *---------------------------------------------------------------------- */ static int -add_certs_from_file(STACK_OF(X509) *stack, char *certfile) +add_certs_from_file(STACK_OF(X509) * stack, char *certfile) { BIO *in = NULL; int count = 0; int ret = -1; - STACK_OF(X509_INFO) *sk = NULL; + STACK_OF(X509_INFO) * sk = NULL; X509_INFO *xi; in = BIO_new(BIO_s_file()); @@ -289,14 +287,12 @@ add_certs_from_file(STACK_OF(X509) *stack, char *certfile) BIO_printf(bio_err, "error opening the file, %s\n", certfile); goto end; } - /* This loads from a file, a stack of x509/crl/pkey sets */ sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); if (sk == NULL) { BIO_printf(bio_err, "error reading the file, %s\n", certfile); goto end; } - /* scan over it and pull out the CRL's */ while (sk_X509_INFO_num(sk)) { xi = sk_X509_INFO_shift(sk); diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index 08641f1c5c0..a68e3ce562b 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -75,13 +75,13 @@ #define PROG dgst_main int -do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen, +do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout, + EVP_PKEY * key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd); + const char *file, BIO * bmd); static void -list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) +list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg) { const char *mname; /* Skip aliases */ @@ -130,17 +130,17 @@ MAIN(int argc, char **argv) char *hmac_key = NULL; char *mac_name = NULL; int non_fips_allow = 0; - STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; + STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL; apps_startup(); - if ((buf = (unsigned char *)malloc(BUFSIZE)) == NULL) { + if ((buf = (unsigned char *) malloc(BUFSIZE)) == NULL) { BIO_printf(bio_err, "out of memory\n"); goto end; } if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -162,34 +162,34 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) break; - randfile=*(++argv); + randfile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) break; - outfile=*(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-sign") == 0) { if (--argc < 1) break; - keyfile=*(++argv); + keyfile = *(++argv); } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) break; - passargin=*++argv; + passargin = *++argv; } else if (strcmp(*argv, "-verify") == 0) { if (--argc < 1) break; - keyfile=*(++argv); + keyfile = *(++argv); want_pub = 1; do_verify = 1; } else if (strcmp(*argv, "-prverify") == 0) { if (--argc < 1) break; - keyfile=*(++argv); + keyfile = *(++argv); do_verify = 1; } else if (strcmp(*argv, "-signature") == 0) { if (--argc < 1) break; - sigfile=*(++argv); + sigfile = *(++argv); } else if (strcmp(*argv, "-keyform") == 0) { if (--argc < 1) break; @@ -199,7 +199,7 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) break; - engine= *(++argv); + engine = *(++argv); e = setup_engine(bio_err, engine, 0); } #endif @@ -216,11 +216,11 @@ MAIN(int argc, char **argv) else if (!strcmp(*argv, "-hmac")) { if (--argc < 1) break; - hmac_key=*++argv; + hmac_key = *++argv; } else if (!strcmp(*argv, "-mac")) { if (--argc < 1) break; - mac_name=*++argv; + mac_name = *++argv; } else if (strcmp(*argv, "-sigopt") == 0) { if (--argc < 1) break; @@ -248,9 +248,7 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; } - - if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ - { + if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */ BIO_printf(bio_err, "unknown option '%s'\n", *argv); BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "-c to output the digest with separating colons\n"); @@ -275,32 +273,27 @@ MAIN(int argc, char **argv) EVP_MD_do_all_sorted(list_md_fn, bio_err); goto end; } - in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ - BIO_set_callback_arg(in, (char *)bio_err); + BIO_set_callback_arg(in, (char *) bio_err); } - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if ((in == NULL) || (bmd == NULL)) { ERR_print_errors(bio_err); goto end; } - if (out_bin == -1) { if (keyfile) out_bin = 1; else out_bin = 0; } - if (randfile) app_RAND_load_file(randfile, bio_err, 0); @@ -323,7 +316,6 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } - if (keyfile) { if (want_pub) sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, @@ -332,12 +324,13 @@ MAIN(int argc, char **argv) sigkey = load_key(bio_err, keyfile, keyform, 0, passin, e, "key file"); if (!sigkey) { - /* load_[pub]key() has already printed an appropriate - message */ + /* + * load_[pub]key() has already printed an appropriate + * message + */ goto end; } } - if (mac_name) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; @@ -368,20 +361,17 @@ mac_end: if (r == 0) goto end; } - if (non_fips_allow) { EVP_MD_CTX *md_ctx; BIO_get_md_ctx(bmd, &md_ctx); EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } - if (hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, - (unsigned char *)hmac_key, -1); + (unsigned char *) hmac_key, -1); if (!sigkey) goto end; } - if (sigkey) { EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; @@ -452,7 +442,6 @@ mac_end: BIO_get_md_ctx(bmd, &tctx); md = EVP_MD_CTX_md(tctx); } - if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, @@ -483,7 +472,7 @@ mac_end: } if (r) err = r; - (void)BIO_reset(bmd); + (void) BIO_reset(bmd); } } @@ -507,20 +496,20 @@ end: if (bmd != NULL) BIO_free(bmd); apps_shutdown(); - return(err); + return (err); } int -do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen, +do_fp(BIO * out, unsigned char *buf, BIO * bp, int sep, int binout, + EVP_PKEY * key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd) + const char *file, BIO * bmd) { size_t len; int i; for (;;) { - i = BIO_read(bp, (char *)buf, BUFSIZE); + i = BIO_read(bp, (char *) buf, BUFSIZE); if (i < 0) { BIO_printf(bio_err, "Read Error in %s\n", file); ERR_print_errors(bio_err); @@ -532,7 +521,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, if (sigin) { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); - i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); + i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int) siglen); if (i > 0) BIO_printf(out, "Verified OK\n"); else if (i == 0) { @@ -555,8 +544,8 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, return 1; } } else { - len = BIO_gets(bp, (char *)buf, BUFSIZE); - if ((int)len < 0) { + len = BIO_gets(bp, (char *) buf, BUFSIZE); + if ((int) len < 0) { ERR_print_errors(bio_err); return 1; } @@ -565,7 +554,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, if (binout) BIO_write(out, buf, len); else if (sep == 2) { - for (i = 0; i < (int)len; i++) + for (i = 0; i < (int) len; i++) BIO_printf(out, "%02x", buf[i]); BIO_printf(out, " *%s\n", file); } else { @@ -575,7 +564,7 @@ do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, BIO_printf(out, "%s(%s)= ", md_name, file); else BIO_printf(out, "(%s)= ", file); - for (i = 0; i < (int)len; i++) { + for (i = 0; i < (int) len; i++) { if (sep && (i != 0)) BIO_printf(out, ":"); BIO_printf(out, "%02x", buf[i]); diff --git a/lib/libssl/src/apps/dh.c b/lib/libssl/src/apps/dh.c index 109a6c0d40b..1fc536d9097 100644 --- a/lib/libssl/src/apps/dh.c +++ b/lib/libssl/src/apps/dh.c @@ -57,7 +57,7 @@ * [including the GNU Public Licence.] */ -#include /* for OPENSSL_NO_DH */ +#include /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include @@ -102,7 +102,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -123,27 +123,24 @@ MAIN(int argc, char **argv) if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); - } - else if (strcmp(*argv, "-outform") == 0) { + } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); - } - else if (strcmp(*argv, "-in") == 0) { + } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv, "-out") == 0) { + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-check") == 0) @@ -180,7 +177,6 @@ bad: #endif goto end; } - ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE @@ -193,7 +189,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -224,7 +219,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (text) { DHparams_print(out, dh); #ifdef undef @@ -237,7 +231,6 @@ bad: printf("recommended private length=%ld\n", dh->length); #endif } - if (check) { if (!DH_check(dh, &i)) { ERR_print_errors(bio_err); @@ -254,14 +247,13 @@ bad: if (i == 0) printf("DH parameters appear to be ok.\n"); } - if (C) { unsigned char *data; int len, l, bits; len = BN_num_bytes(dh->p); bits = BN_num_bits(dh->p); - data = (unsigned char *)malloc(len); + data = (unsigned char *) malloc(len); if (data == NULL) { perror("malloc"); goto end; @@ -296,7 +288,6 @@ bad: printf("\treturn(dh);\n\t}\n"); free(data); } - if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); @@ -322,12 +313,12 @@ end: if (dh != NULL) DH_free(dh); apps_shutdown(); - return(ret); + return (ret); } -#else /* !OPENSSL_NO_DH */ +#else /* !OPENSSL_NO_DH */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c index c86d5ef0403..8585f8f419b 100644 --- a/lib/libssl/src/apps/dhparam.c +++ b/lib/libssl/src/apps/dhparam.c @@ -109,7 +109,7 @@ * */ -#include /* for OPENSSL_NO_DH */ +#include /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include #include @@ -143,7 +143,7 @@ * -C */ -static int dh_cb(int p, int n, BN_GENCB *cb); +static int dh_cb(int p, int n, BN_GENCB * cb); int MAIN(int, char **); @@ -168,7 +168,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -193,17 +193,17 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-check") == 0) @@ -225,9 +225,8 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; - inrand= *(++argv); - } - else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0))) + inrand = *(++argv); + } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0))) goto bad; argv++; argc--; @@ -259,7 +258,6 @@ bad: BIO_printf(bio_err, " -noout no output\n"); goto end; } - ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE @@ -300,13 +298,12 @@ bad: BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); if (!dsa || !DSA_generate_parameters_ex(dsa, num, - NULL, 0, NULL, NULL, &cb)) { + NULL, 0, NULL, NULL, &cb)) { if (dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } - dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { @@ -346,14 +343,13 @@ bad: BIO_printf(bio_err, "bad input format specified\n"); goto end; } - #ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; if (informat == FORMAT_ASN1) dsa = d2i_DSAparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + else /* informat == FORMAT_PEM */ dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); if (dsa == NULL) { @@ -361,7 +357,6 @@ bad: ERR_print_errors(bio_err); goto end; } - dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { @@ -373,7 +368,7 @@ bad: { if (informat == FORMAT_ASN1) dh = d2i_DHparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + else /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); if (dh == NULL) { @@ -404,7 +399,6 @@ bad: if (text) { DHparams_print(out, dh); } - if (check) { if (!DH_check(dh, &i)) { ERR_print_errors(bio_err); @@ -427,7 +421,7 @@ bad: len = BN_num_bytes(dh->p); bits = BN_num_bits(dh->p); - data = (unsigned char *)malloc(len); + data = (unsigned char *) malloc(len); if (data == NULL) { perror("malloc"); goto end; @@ -468,13 +462,12 @@ bad: printf("\treturn(dh);\n\t}\n"); free(data); } - if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); else if (outformat == FORMAT_PEM) i = PEM_write_bio_DHparams(out, dh); - else { + else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } @@ -494,12 +487,12 @@ end: if (dh != NULL) DH_free(dh); apps_shutdown(); - return(ret); + return (ret); } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ static int -dh_cb(int p, int n, BN_GENCB *cb) +dh_cb(int p, int n, BN_GENCB * cb) { char c = '*'; @@ -512,17 +505,17 @@ dh_cb(int p, int n, BN_GENCB *cb) if (p == 3) c = '\n'; BIO_write(cb->arg, &c, 1); - (void)BIO_flush(cb->arg); + (void) BIO_flush(cb->arg); #ifdef LINT p = n; #endif return 1; } -#else /* !OPENSSL_NO_DH */ +#else /* !OPENSSL_NO_DH */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/dsa.c b/lib/libssl/src/apps/dsa.c index 37b9a3ffb06..a4132de0ea1 100644 --- a/lib/libssl/src/apps/dsa.c +++ b/lib/libssl/src/apps/dsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include /* for OPENSSL_NO_DSA */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include @@ -119,7 +119,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -147,26 +147,25 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv, "-out") == 0) { + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; - passargin= *(++argv); + passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; - passargout= *(++argv); + passargout = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-pvk-strong") == 0) @@ -228,7 +227,6 @@ bad: BIO_printf(bio_err, " -modulus print the DSA public value\n"); goto end; } - ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE @@ -239,14 +237,12 @@ bad: BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -259,7 +255,7 @@ bad: BIO_printf(bio_err, "read DSA key\n"); { - EVP_PKEY *pkey; + EVP_PKEY *pkey; if (pubin) pkey = load_pubkey(bio_err, infile, informat, 1, @@ -278,7 +274,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { @@ -295,13 +290,11 @@ bad: goto end; } } - if (modulus) { fprintf(stdout, "Public Key="); BN_print(out, dsa->pub_key); fprintf(stdout, "\n"); } - if (noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); @@ -350,12 +343,12 @@ end: if (passout) free(passout); apps_shutdown(); - return(ret); + return (ret); } -#else /* !OPENSSL_NO_DSA */ +#else /* !OPENSSL_NO_DSA */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/dsaparam.c b/lib/libssl/src/apps/dsaparam.c index 1efa02fbcfd..e2ae9bec190 100644 --- a/lib/libssl/src/apps/dsaparam.c +++ b/lib/libssl/src/apps/dsaparam.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include /* for OPENSSL_NO_DSA */ +#include /* for OPENSSL_NO_DSA */ /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED @@ -106,7 +106,7 @@ timebomb_sigalarm(int foo) #endif -static int dsa_cb(int p, int n, BN_GENCB *cb); +static int dsa_cb(int p, int n, BN_GENCB * cb); int MAIN(int, char **); @@ -131,7 +131,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -156,11 +156,11 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { @@ -186,7 +186,7 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; - inrand= *(++argv); + inrand = *(++argv); need_rand = 1; } else if (strcmp(*argv, "-noout") == 0) noout = 1; @@ -225,7 +225,6 @@ bad: BIO_printf(bio_err, " number number of bits to use for generating private key\n"); goto end; } - ERR_load_crypto_strings(); in = BIO_new(BIO_s_file()); @@ -234,7 +233,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -262,7 +260,6 @@ bad: BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); } - if (numbits > 0) { BN_GENCB cb; BN_GENCB_set(&cb, dsa_cb, bio_err); @@ -314,18 +311,16 @@ bad: ERR_print_errors(bio_err); goto end; } - if (text) { DSAparams_print(out, dsa); } - if (C) { unsigned char *data; int l, len, bits_p; len = BN_num_bytes(dsa->p); bits_p = BN_num_bits(dsa->p); - data = (unsigned char *)malloc(len + 20); + data = (unsigned char *) malloc(len + 20); if (data == NULL) { perror("malloc"); goto end; @@ -370,7 +365,6 @@ bad: printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\treturn(dsa);\n\t}\n"); } - if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); @@ -420,11 +414,11 @@ end: if (dsa != NULL) DSA_free(dsa); apps_shutdown(); - return(ret); + return (ret); } static int -dsa_cb(int p, int n, BN_GENCB *cb) +dsa_cb(int p, int n, BN_GENCB * cb) { char c = '*'; @@ -437,7 +431,7 @@ dsa_cb(int p, int n, BN_GENCB *cb) if (p == 3) c = '\n'; BIO_write(cb->arg, &c, 1); - (void)BIO_flush(cb->arg); + (void) BIO_flush(cb->arg); #ifdef LINT p = n; #endif @@ -447,10 +441,10 @@ dsa_cb(int p, int n, BN_GENCB *cb) #endif return 1; } -#else /* !OPENSSL_NO_DSA */ +#else /* !OPENSSL_NO_DSA */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/ec.c b/lib/libssl/src/apps/ec.c index 8575ba96821..2d5525d508f 100644 --- a/lib/libssl/src/apps/ec.c +++ b/lib/libssl/src/apps/ec.c @@ -86,27 +86,27 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - int ret = 1; - EC_KEY *eckey = NULL; + int ret = 1; + EC_KEY *eckey = NULL; const EC_GROUP *group; - int i, badops = 0; + int i, badops = 0; const EVP_CIPHER *enc = NULL; - BIO *in = NULL, *out = NULL; - int informat, outformat, text = 0, noout = 0; - int pubin = 0, pubout = 0, param_out = 0; - char *infile, *outfile, *prog, *engine; - char *passargin = NULL, *passargout = NULL; - char *passin = NULL, *passout = NULL; + BIO *in = NULL, *out = NULL; + int informat, outformat, text = 0, noout = 0; + int pubin = 0, pubout = 0, param_out = 0; + char *infile, *outfile, *prog, *engine; + char *passargin = NULL, *passargout = NULL; + char *passin = NULL, *passout = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; - int new_form = 0; - int asn1_flag = OPENSSL_EC_NAMED_CURVE; - int new_asn1_flag = 0; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -132,23 +132,23 @@ MAIN(int argc, char **argv) } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; - infile= *(++argv); + infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; - passargin= *(++argv); + passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; - passargout= *(++argv); + passargout = *(++argv); } else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) @@ -209,8 +209,8 @@ bad: BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device.\n"); BIO_printf(bio_err, " -des encrypt PEM output, " - "instead of 'des' every other \n" - " cipher " + "instead of 'des' every other \n" + " cipher " "supported by OpenSSL can be used\n"); BIO_printf(bio_err, " -text print the key\n"); BIO_printf(bio_err, " -noout don't print key out\n"); @@ -234,7 +234,6 @@ bad: "explicit\n"); goto end; } - ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE @@ -245,14 +244,12 @@ bad: BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } - if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -284,7 +281,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { @@ -308,12 +304,10 @@ bad: ERR_print_errors(bio_err); goto end; } - if (noout) { ret = 0; goto end; } - BIO_printf(bio_err, "writing EC key\n"); if (outformat == FORMAT_ASN1) { if (param_out) @@ -329,7 +323,7 @@ bad: i = PEM_write_bio_EC_PUBKEY(out, eckey); else i = PEM_write_bio_ECPrivateKey(out, eckey, enc, - NULL, 0, NULL, passout); + NULL, 0, NULL, passout); } else { BIO_printf(bio_err, "bad output format specified for " "outfile\n"); @@ -353,12 +347,12 @@ end: if (passout) free(passout); apps_shutdown(); - return(ret); + return (ret); } -#else /* !OPENSSL_NO_EC */ +#else /* !OPENSSL_NO_EC */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c index 1e7020ca7a8..e4b7790f18b 100644 --- a/lib/libssl/src/apps/ecparam.c +++ b/lib/libssl/src/apps/ecparam.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,13 +58,13 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * The elliptic curve binary polynomial software is originally written by + * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * */ @@ -97,7 +97,7 @@ * -C - print a 'C' function creating the parameters * -name arg - use the ec parameters with 'short name' name * -list_curves - prints a list of all currently available curve 'short names' - * -conv_form arg - specifies the point conversion form + * -conv_form arg - specifies the point conversion form * - possible values: compressed * uncompressed (default) * hybrid @@ -112,82 +112,75 @@ */ -static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); +static int ecparam_print_var(BIO *, BIGNUM *, const char *, int, unsigned char *); int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ EC_GROUP *group = NULL; - point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; - int new_form = 0; - int asn1_flag = OPENSSL_EC_NAMED_CURVE; - int new_asn1_flag = 0; - char *curve_name = NULL, *inrand = NULL; - int list_curves = 0, no_seed = 0, check = 0, - badops = 0, text = 0, i, need_rand = 0, genkey = 0; - char *infile = NULL, *outfile = NULL, *prog; - BIO *in = NULL, *out = NULL; - int informat, outformat, noout = 0, C = 0, ret = 1; - char *engine = NULL; - - BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, - *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; + point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; + int new_form = 0; + int asn1_flag = OPENSSL_EC_NAMED_CURVE; + int new_asn1_flag = 0; + char *curve_name = NULL, *inrand = NULL; + int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, + i, need_rand = 0, genkey = 0; + char *infile = NULL, *outfile = NULL, *prog; + BIO *in = NULL, *out = NULL; + int informat, outformat, noout = 0, C = 0, ret = 1; + char *engine = NULL; + + BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, *ec_gen = NULL, + *ec_order = NULL, *ec_cofactor = NULL; unsigned char *buffer = NULL; apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; - prog=argv[0]; + prog = argv[0]; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-text") == 0) + while (argc >= 1) { + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; + outfile = *(++argv); + } else if (strcmp(*argv, "-text") == 0) text = 1; - else if (strcmp(*argv,"-C") == 0) + else if (strcmp(*argv, "-C") == 0) C = 1; - else if (strcmp(*argv,"-check") == 0) + else if (strcmp(*argv, "-check") == 0) check = 1; - else if (strcmp (*argv, "-name") == 0) - { + else if (strcmp(*argv, "-name") == 0) { if (--argc < 1) goto bad; curve_name = *(++argv); - } - else if (strcmp(*argv, "-list_curves") == 0) + } else if (strcmp(*argv, "-list_curves") == 0) list_curves = 1; - else if (strcmp(*argv, "-conv_form") == 0) - { + else if (strcmp(*argv, "-conv_form") == 0) { if (--argc < 1) goto bad; ++argv; @@ -200,9 +193,7 @@ int MAIN(int argc, char **argv) form = POINT_CONVERSION_HYBRID; else goto bad; - } - else if (strcmp(*argv, "-param_enc") == 0) - { + } else if (strcmp(*argv, "-param_enc") == 0) { if (--argc < 1) goto bad; ++argv; @@ -213,153 +204,132 @@ int MAIN(int argc, char **argv) asn1_flag = 0; else goto bad; - } - else if (strcmp(*argv, "-no_seed") == 0) + } else if (strcmp(*argv, "-no_seed") == 0) no_seed = 1; else if (strcmp(*argv, "-noout") == 0) - noout=1; - else if (strcmp(*argv,"-genkey") == 0) - { - genkey=1; - need_rand=1; - } - else if (strcmp(*argv, "-rand") == 0) - { - if (--argc < 1) goto bad; - inrand= *(++argv); - need_rand=1; - } - else if(strcmp(*argv, "-engine") == 0) - { - if (--argc < 1) goto bad; + noout = 1; + else if (strcmp(*argv, "-genkey") == 0) { + genkey = 1; + need_rand = 1; + } else if (strcmp(*argv, "-rand") == 0) { + if (--argc < 1) + goto bad; + inrand = *(++argv); + need_rand = 1; + } else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; engine = *(++argv); - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - BIO_printf(bio_err, "%s [options] outfile\n",prog); + BIO_printf(bio_err, "%s [options] outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - " - "default PEM (DER or PEM)\n"); + "default PEM (DER or PEM)\n"); BIO_printf(bio_err, " -outform arg output format - " - "default PEM\n"); + "default PEM\n"); BIO_printf(bio_err, " -in arg input file - " - "default stdin\n"); + "default stdin\n"); BIO_printf(bio_err, " -out arg output file - " - "default stdout\n"); + "default stdout\n"); BIO_printf(bio_err, " -noout do not print the " - "ec parameter\n"); + "ec parameter\n"); BIO_printf(bio_err, " -text print the ec " - "parameters in text form\n"); + "parameters in text form\n"); BIO_printf(bio_err, " -check validate the ec " - "parameters\n"); + "parameters\n"); BIO_printf(bio_err, " -C print a 'C' " - "function creating the parameters\n"); + "function creating the parameters\n"); BIO_printf(bio_err, " -name arg use the " - "ec parameters with 'short name' name\n"); + "ec parameters with 'short name' name\n"); BIO_printf(bio_err, " -list_curves prints a list of " - "all currently available curve 'short names'\n"); + "all currently available curve 'short names'\n"); BIO_printf(bio_err, " -conv_form arg specifies the " - "point conversion form \n"); + "point conversion form \n"); BIO_printf(bio_err, " possible values:" - " compressed\n"); + " compressed\n"); BIO_printf(bio_err, " " - " uncompressed (default)\n"); + " uncompressed (default)\n"); BIO_printf(bio_err, " " - " hybrid\n"); + " hybrid\n"); BIO_printf(bio_err, " -param_enc arg specifies the way" - " the ec parameters are encoded\n"); + " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " - "encoding\n"); + "encoding\n"); BIO_printf(bio_err, " possible values:" - " named_curve (default)\n"); + " named_curve (default)\n"); BIO_printf(bio_err, " " - " explicit\n"); + " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" - " parameters are chosen do not" - " use the seed\n"); + " parameters are chosen do not" + " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" - " key\n"); + " key\n"); BIO_printf(bio_err, " -rand file files to use for" - " random number input\n"); + " random number input\n"); BIO_printf(bio_err, " -engine e use engine e, " - "possibly a hardware device\n"); + "possibly a hardware device\n"); goto end; - } - + } ERR_load_crypto_strings(); - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; - } - + } if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else { + if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; - } - } - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); } - else - { - if (BIO_write_filename(out,outfile) <= 0) - { + } + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; - } } + } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif - if (list_curves) - { + if (list_curves) { EC_builtin_curve *curves = NULL; size_t crv_len = 0; size_t n = 0; crv_len = EC_get_builtin_curves(NULL, 0); - curves = malloc((int)(sizeof(EC_builtin_curve) * crv_len)); + curves = malloc((int) (sizeof(EC_builtin_curve) * crv_len)); if (curves == NULL) goto end; - if (!EC_get_builtin_curves(curves, crv_len)) - { + if (!EC_get_builtin_curves(curves, crv_len)) { free(curves); goto end; - } - - - for (n = 0; n < crv_len; n++) - { + } + for (n = 0; n < crv_len; n++) { const char *comment; const char *sname; comment = curves[n].comment; - sname = OBJ_nid2sn(curves[n].nid); + sname = OBJ_nid2sn(curves[n].nid); if (comment == NULL) comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) @@ -367,142 +337,112 @@ bad: BIO_printf(out, " %-10s: ", sname); BIO_printf(out, "%s\n", comment); - } + } free(curves); ret = 0; goto end; - } - - if (curve_name != NULL) - { + } + if (curve_name != NULL) { int nid; - /* workaround for the SECG curve names secp192r1 - * and secp256r1 (which are the same as the curves - * prime192v1 and prime256v1 defined in X9.62) + /* + * workaround for the SECG curve names secp192r1 and + * secp256r1 (which are the same as the curves prime192v1 and + * prime256v1 defined in X9.62) */ - if (!strcmp(curve_name, "secp192r1")) - { + if (!strcmp(curve_name, "secp192r1")) { BIO_printf(bio_err, "using curve name prime192v1 " - "instead of secp192r1\n"); + "instead of secp192r1\n"); nid = NID_X9_62_prime192v1; - } - else if (!strcmp(curve_name, "secp256r1")) - { + } else if (!strcmp(curve_name, "secp256r1")) { BIO_printf(bio_err, "using curve name prime256v1 " - "instead of secp256r1\n"); + "instead of secp256r1\n"); nid = NID_X9_62_prime256v1; - } - else + } else nid = OBJ_sn2nid(curve_name); - - if (nid == 0) - { - BIO_printf(bio_err, "unknown curve name (%s)\n", - curve_name); - goto end; - } + if (nid == 0) { + BIO_printf(bio_err, "unknown curve name (%s)\n", + curve_name); + goto end; + } group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - { - BIO_printf(bio_err, "unable to create curve (%s)\n", - curve_name); + if (group == NULL) { + BIO_printf(bio_err, "unable to create curve (%s)\n", + curve_name); goto end; - } + } EC_GROUP_set_asn1_flag(group, asn1_flag); EC_GROUP_set_point_conversion_form(group, form); - } - else if (informat == FORMAT_ASN1) - { + } else if (informat == FORMAT_ASN1) { group = d2i_ECPKParameters_bio(in, NULL); - } - else if (informat == FORMAT_PEM) - { - group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL); - } - else - { + } else if (informat == FORMAT_PEM) { + group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); + } else { BIO_printf(bio_err, "bad input format specified\n"); goto end; - } + } - if (group == NULL) - { - BIO_printf(bio_err, - "unable to load elliptic curve parameters\n"); + if (group == NULL) { + BIO_printf(bio_err, + "unable to load elliptic curve parameters\n"); ERR_print_errors(bio_err); goto end; - } - + } if (new_form) EC_GROUP_set_point_conversion_form(group, form); if (new_asn1_flag) EC_GROUP_set_asn1_flag(group, asn1_flag); - if (no_seed) - { + if (no_seed) { EC_GROUP_set_seed(group, NULL, 0); - } - - if (text) - { + } + if (text) { if (!ECPKParameters_print(out, group, 0)) goto end; - } - - if (check) - { + } + if (check) { if (group == NULL) BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); - if (!EC_GROUP_check(group, NULL)) - { + if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } - else + } else BIO_printf(bio_err, "ok\n"); - - } - if (C) - { - size_t buf_len = 0, tmp_len = 0; + } + if (C) { + size_t buf_len = 0, tmp_len = 0; const EC_POINT *point; - int is_prime, len = 0; + int is_prime, len = 0; const EC_METHOD *meth = EC_GROUP_method_of(group); if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || - (ec_order = BN_new()) == NULL || - (ec_cofactor = BN_new()) == NULL ) - { + (ec_order = BN_new()) == NULL || + (ec_cofactor = BN_new()) == NULL) { perror("malloc"); goto end; - } - - is_prime = (EC_METHOD_get_field_type(meth) == - NID_X9_62_prime_field); + } + is_prime = (EC_METHOD_get_field_type(meth) == + NID_X9_62_prime_field); - if (is_prime) - { + if (is_prime) { if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL)) goto end; - } - else - { + } else { /* TODO */ goto end; - } + } if ((point = EC_GROUP_get0_generator(group)) == NULL) goto end; - if (!EC_POINT_point2bn(group, point, - EC_GROUP_get_point_conversion_form(group), ec_gen, + if (!EC_POINT_point2bn(group, point, + EC_GROUP_get_point_conversion_form(group), ec_gen, NULL)) goto end; if (!EC_GROUP_get_order(group, ec_order, NULL)) @@ -510,40 +450,38 @@ bad: if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) goto end; - if (!ec_p || !ec_a || !ec_b || !ec_gen || - !ec_order || !ec_cofactor) + if (!ec_p || !ec_a || !ec_b || !ec_gen || + !ec_order || !ec_cofactor) goto end; len = BN_num_bits(ec_order); - if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len) buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len) buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len) buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len) buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_order)) > buf_len) buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) + if ((tmp_len = (size_t) BN_num_bytes(ec_cofactor)) > buf_len) buf_len = tmp_len; - buffer = (unsigned char *)malloc(buf_len); + buffer = (unsigned char *) malloc(buf_len); - if (buffer == NULL) - { + if (buffer == NULL) { perror("malloc"); goto end; - } - + } ecparam_print_var(out, ec_p, "ec_p", len, buffer); ecparam_print_var(out, ec_a, "ec_a", len, buffer); ecparam_print_var(out, ec_b, "ec_b", len, buffer); ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); ecparam_print_var(out, ec_order, "ec_order", len, buffer); - ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, - buffer); + ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, + buffer); BIO_printf(out, "\n\n"); @@ -552,42 +490,39 @@ bad: BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); BIO_printf(out, "\tEC_POINT *point = NULL;\n"); BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " - "*tmp_3 = NULL;\n\n"); + "*tmp_3 = NULL;\n\n"); BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " - "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" - "goto err;\n", len, len); + "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " - "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" - "goto err;\n", len, len); + "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " - "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" - "goto err;\n", len, len); - if (is_prime) - { + "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" + "goto err;\n", len, len); + if (is_prime) { BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" - "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" - "\n\t\tgoto err;\n\n"); - } - else - { + "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" + "\n\t\tgoto err;\n\n"); + } else { /* TODO */ goto end; - } + } BIO_printf(out, "\t/* build generator */\n"); BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " - "sizeof(ec_gen_%d), tmp_1)) == NULL)" - "\n\t\tgoto err;\n", len, len); + "sizeof(ec_gen_%d), tmp_1)) == NULL)" + "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " - "NULL, NULL);\n"); + "NULL, NULL);\n"); BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " - "sizeof(ec_order_%d), tmp_2)) == NULL)" - "\n\t\tgoto err;\n", len, len); + "sizeof(ec_order_%d), tmp_2)) == NULL)" + "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " - "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" - "\n\t\tgoto err;\n", len, len); + "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" + "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," - " tmp_2, tmp_3))\n\t\tgoto err;\n"); + " tmp_2, tmp_3))\n\t\tgoto err;\n"); BIO_printf(out, "\n\tok=1;\n"); BIO_printf(out, "err:\n"); BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); @@ -601,38 +536,30 @@ bad: BIO_printf(out, "\t\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n"); } - - if (!noout) - { + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); else if (outformat == FORMAT_PEM) i = PEM_write_bio_ECPKParameters(out, group); - else - { - BIO_printf(bio_err,"bad output format specified for" - " outfile\n"); + else { + BIO_printf(bio_err, "bad output format specified for" + " outfile\n"); goto end; - } - if (!i) - { + } + if (!i) { BIO_printf(bio_err, "unable to write elliptic " - "curve parameters\n"); + "curve parameters\n"); ERR_print_errors(bio_err); goto end; - } } - - if (need_rand) - { + } + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - - if (genkey) - { + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + if (genkey) { EC_KEY *eckey = EC_KEY_new(); if (eckey == NULL) @@ -642,31 +569,28 @@ bad: if (EC_KEY_set_group(eckey, group) == 0) goto end; - - if (!EC_KEY_generate_key(eckey)) - { + + if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); goto end; - } + } if (outformat == FORMAT_ASN1) i = i2d_ECPrivateKey_bio(out, eckey); else if (outformat == FORMAT_PEM) i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, - NULL, 0, NULL, NULL); - else - { + NULL, 0, NULL, NULL); + else { BIO_printf(bio_err, "bad output format specified " - "for outfile\n"); + "for outfile\n"); EC_KEY_free(eckey); goto end; - } - EC_KEY_free(eckey); } - + EC_KEY_free(eckey); + } if (need_rand) app_RAND_write_file(NULL, bio_err); - ret=0; + ret = 0; end: if (ec_p) BN_free(ec_p); @@ -689,37 +613,36 @@ end: if (group != NULL) EC_GROUP_free(group); apps_shutdown(); - return(ret); + return (ret); } -static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, - int len, unsigned char *buffer) - { +static int +ecparam_print_var(BIO * out, BIGNUM * in, const char *var, + int len, unsigned char *buffer) +{ BIO_printf(out, "static unsigned char %s_%d[] = {", var, len); if (BN_is_zero(in)) BIO_printf(out, "\n\t0x00"); - else - { + else { int i, l; l = BN_bn2bin(in, buffer); - for (i=0; i #include -int set_hex(char *in,unsigned char *out,int size); +int set_hex(char *in, unsigned char *out, int size); #undef SIZE #undef BSIZE #undef PROG @@ -79,509 +79,463 @@ int set_hex(char *in,unsigned char *out,int size); #define BSIZE (8*1024) #define PROG enc_main -static void show_ciphers(const OBJ_NAME *name,void *bio_) - { - BIO *bio=bio_; +static void +show_ciphers(const OBJ_NAME * name, void *bio_) +{ + BIO *bio = bio_; static int n; - if(!islower((unsigned char)*name->name)) + if (!islower((unsigned char) *name->name)) return; - BIO_printf(bio,"-%-25s",name->name); - if(++n == 3) - { - BIO_printf(bio,"\n"); - n=0; - } - else - BIO_printf(bio," "); - } + BIO_printf(bio, "-%-25s", name->name); + if (++n == 3) { + BIO_printf(bio, "\n"); + n = 0; + } else + BIO_printf(bio, " "); +} int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - static const char magic[]="Salted__"; - char mbuf[sizeof magic-1]; - char *strbuf=NULL; - unsigned char *buff=NULL,*bufsize=NULL; - int bsize=BSIZE,verbose=0; - int ret=1,inl; +int +MAIN(int argc, char **argv) +{ + static const char magic[] = "Salted__"; + char mbuf[sizeof magic - 1]; + char *strbuf = NULL; + unsigned char *buff = NULL, *bufsize = NULL; + int bsize = BSIZE, verbose = 0; + int ret = 1, inl; int nopad = 0; - unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; - char *str=NULL, *passarg = NULL, *pass = NULL; - char *hkey=NULL,*hiv=NULL,*hsalt = NULL; - char *md=NULL; - int enc=1,printkey=0,i,base64=0; + char *str = NULL, *passarg = NULL, *pass = NULL; + char *hkey = NULL, *hiv = NULL, *hsalt = NULL; + char *md = NULL; + int enc = 1, printkey = 0, i, base64 = 0; #ifdef ZLIB - int do_zlib=0; + int do_zlib = 0; BIO *bzl = NULL; #endif - int debug=0,olb64=0,nosalt=0; - const EVP_CIPHER *cipher=NULL,*c; + int debug = 0, olb64 = 0, nosalt = 0; + const EVP_CIPHER *cipher = NULL, *c; EVP_CIPHER_CTX *ctx = NULL; - char *inf=NULL,*outf=NULL; - BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; + char *inf = NULL, *outf = NULL; + BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL, + *wbio = NULL; #define PROG_NAME_SIZE 39 - char pname[PROG_NAME_SIZE+1]; + char pname[PROG_NAME_SIZE + 1]; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif - const EVP_MD *dgst=NULL; + const EVP_MD *dgst = NULL; int non_fips_allow = 0; apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; /* first check the program name */ - program_name(argv[0],pname,sizeof pname); - if (strcmp(pname,"base64") == 0) - base64=1; + program_name(argv[0], pname, sizeof pname); + if (strcmp(pname, "base64") == 0) + base64 = 1; #ifdef ZLIB - if (strcmp(pname,"zlib") == 0) - do_zlib=1; + if (strcmp(pname, "zlib") == 0) + do_zlib = 1; #endif - cipher=EVP_get_cipherbyname(pname); + cipher = EVP_get_cipherbyname(pname); #ifdef ZLIB if (!do_zlib && !base64 && (cipher == NULL) - && (strcmp(pname,"enc") != 0)) + && (strcmp(pname, "enc") != 0)) #else - if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) + if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) #endif - { - BIO_printf(bio_err,"%s is an unknown cipher\n",pname); + { + BIO_printf(bio_err, "%s is an unknown cipher\n", pname); goto bad; - } - + } argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-e") == 0) - enc=1; - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - inf= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outf= *(++argv); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; - passarg= *(++argv); - } + while (argc >= 1) { + if (strcmp(*argv, "-e") == 0) + enc = 1; + else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; + inf = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; + outf = *(++argv); + } else if (strcmp(*argv, "-pass") == 0) { + if (--argc < 1) + goto bad; + passarg = *(++argv); + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; + engine = *(++argv); + } #endif - else if (strcmp(*argv,"-d") == 0) - enc=0; - else if (strcmp(*argv,"-p") == 0) - printkey=1; - else if (strcmp(*argv,"-v") == 0) - verbose=1; - else if (strcmp(*argv,"-nopad") == 0) - nopad=1; - else if (strcmp(*argv,"-salt") == 0) - nosalt=0; - else if (strcmp(*argv,"-nosalt") == 0) - nosalt=1; - else if (strcmp(*argv,"-debug") == 0) - debug=1; - else if (strcmp(*argv,"-P") == 0) - printkey=2; - else if (strcmp(*argv,"-A") == 0) - olb64=1; - else if (strcmp(*argv,"-a") == 0) - base64=1; - else if (strcmp(*argv,"-base64") == 0) - base64=1; + else if (strcmp(*argv, "-d") == 0) + enc = 0; + else if (strcmp(*argv, "-p") == 0) + printkey = 1; + else if (strcmp(*argv, "-v") == 0) + verbose = 1; + else if (strcmp(*argv, "-nopad") == 0) + nopad = 1; + else if (strcmp(*argv, "-salt") == 0) + nosalt = 0; + else if (strcmp(*argv, "-nosalt") == 0) + nosalt = 1; + else if (strcmp(*argv, "-debug") == 0) + debug = 1; + else if (strcmp(*argv, "-P") == 0) + printkey = 2; + else if (strcmp(*argv, "-A") == 0) + olb64 = 1; + else if (strcmp(*argv, "-a") == 0) + base64 = 1; + else if (strcmp(*argv, "-base64") == 0) + base64 = 1; #ifdef ZLIB - else if (strcmp(*argv,"-z") == 0) - do_zlib=1; + else if (strcmp(*argv, "-z") == 0) + do_zlib = 1; #endif - else if (strcmp(*argv,"-bufsize") == 0) - { - if (--argc < 1) goto bad; - bufsize=(unsigned char *)*(++argv); - } - else if (strcmp(*argv,"-k") == 0) - { - if (--argc < 1) goto bad; - str= *(++argv); - } - else if (strcmp(*argv,"-kfile") == 0) - { + else if (strcmp(*argv, "-bufsize") == 0) { + if (--argc < 1) + goto bad; + bufsize = (unsigned char *) *(++argv); + } else if (strcmp(*argv, "-k") == 0) { + if (--argc < 1) + goto bad; + str = *(++argv); + } else if (strcmp(*argv, "-kfile") == 0) { static char buf[128]; FILE *infile; char *file; - if (--argc < 1) goto bad; - file= *(++argv); - infile=fopen(file,"r"); - if (infile == NULL) - { - BIO_printf(bio_err,"unable to read key from '%s'\n", - file); + if (--argc < 1) goto bad; - } - buf[0]='\0'; - if (!fgets(buf,sizeof buf,infile)) - { - BIO_printf(bio_err,"unable to read key from '%s'\n", - file); + file = *(++argv); + infile = fopen(file, "r"); + if (infile == NULL) { + BIO_printf(bio_err, "unable to read key from '%s'\n", + file); goto bad; - } + } + buf[0] = '\0'; + if (!fgets(buf, sizeof buf, infile)) { + BIO_printf(bio_err, "unable to read key from '%s'\n", + file); + goto bad; + } fclose(infile); - i=strlen(buf); + i = strlen(buf); if ((i > 0) && - ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) - buf[--i]='\0'; + ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) + buf[--i] = '\0'; if ((i > 0) && - ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) - buf[--i]='\0'; - if (i < 1) - { - BIO_printf(bio_err,"zero length password\n"); + ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) + buf[--i] = '\0'; + if (i < 1) { + BIO_printf(bio_err, "zero length password\n"); goto bad; - } - str=buf; - } - else if (strcmp(*argv,"-K") == 0) - { - if (--argc < 1) goto bad; - hkey= *(++argv); - } - else if (strcmp(*argv,"-S") == 0) - { - if (--argc < 1) goto bad; - hsalt= *(++argv); } - else if (strcmp(*argv,"-iv") == 0) - { - if (--argc < 1) goto bad; - hiv= *(++argv); - } - else if (strcmp(*argv,"-md") == 0) - { - if (--argc < 1) goto bad; - md= *(++argv); - } - else if (strcmp(*argv,"-non-fips-allow") == 0) + str = buf; + } else if (strcmp(*argv, "-K") == 0) { + if (--argc < 1) + goto bad; + hkey = *(++argv); + } else if (strcmp(*argv, "-S") == 0) { + if (--argc < 1) + goto bad; + hsalt = *(++argv); + } else if (strcmp(*argv, "-iv") == 0) { + if (--argc < 1) + goto bad; + hiv = *(++argv); + } else if (strcmp(*argv, "-md") == 0) { + if (--argc < 1) + goto bad; + md = *(++argv); + } else if (strcmp(*argv, "-non-fips-allow") == 0) non_fips_allow = 1; - else if ((argv[0][0] == '-') && - ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) - { - cipher=c; - } - else if (strcmp(*argv,"-none") == 0) - cipher=NULL; - else - { - BIO_printf(bio_err,"unknown option '%s'\n",*argv); -bad: - BIO_printf(bio_err,"options are\n"); - BIO_printf(bio_err,"%-14s input file\n","-in "); - BIO_printf(bio_err,"%-14s output file\n","-out "); - BIO_printf(bio_err,"%-14s pass phrase source\n","-pass "); - BIO_printf(bio_err,"%-14s encrypt\n","-e"); - BIO_printf(bio_err,"%-14s decrypt\n","-d"); - BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); - BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); - BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); - BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); - BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); - BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); - BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); - BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); - BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); - BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad"); + else if ((argv[0][0] == '-') && + ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { + cipher = c; + } else if (strcmp(*argv, "-none") == 0) + cipher = NULL; + else { + BIO_printf(bio_err, "unknown option '%s'\n", *argv); + bad: + BIO_printf(bio_err, "options are\n"); + BIO_printf(bio_err, "%-14s input file\n", "-in "); + BIO_printf(bio_err, "%-14s output file\n", "-out "); + BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass "); + BIO_printf(bio_err, "%-14s encrypt\n", "-e"); + BIO_printf(bio_err, "%-14s decrypt\n", "-d"); + BIO_printf(bio_err, "%-14s base64 encode/decode, depending on encryption flag\n", "-a/-base64"); + BIO_printf(bio_err, "%-14s passphrase is the next argument\n", "-k"); + BIO_printf(bio_err, "%-14s passphrase is the first line of the file argument\n", "-kfile"); + BIO_printf(bio_err, "%-14s the next argument is the md to use to create a key\n", "-md"); + BIO_printf(bio_err, "%-14s from a passphrase. One of md2, md5, sha or sha1\n", ""); + BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", "-S"); + BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n", "-K/-iv"); + BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n", "-[pP]"); + BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize "); + BIO_printf(bio_err, "%-14s disable standard block padding\n", "-nopad"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); + BIO_printf(bio_err, "%-14s use engine e, possibly a hardware device.\n", "-engine e"); #endif - BIO_printf(bio_err,"Cipher Types\n"); + BIO_printf(bio_err, "Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, - bio_err); - BIO_printf(bio_err,"\n"); + show_ciphers, + bio_err); + BIO_printf(bio_err, "\n"); goto end; - } + } argc--; argv++; - } + } #ifndef OPENSSL_NO_ENGINE - setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif - if (md && (dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + if (md && (dgst = EVP_get_digestbyname(md)) == NULL) { + BIO_printf(bio_err, "%s is an unsupported message digest type\n", md); goto end; - } - - if (dgst == NULL) - { + } + if (dgst == NULL) { dgst = EVP_md5(); - } - - if (bufsize != NULL) - { + } + if (bufsize != NULL) { unsigned long n; - for (n=0; *bufsize; bufsize++) - { - i= *bufsize; + for (n = 0; *bufsize; bufsize++) { + i = *bufsize; if ((i <= '9') && (i >= '0')) - n=n*10+i-'0'; - else if (i == 'k') - { - n*=1024; + n = n * 10 + i - '0'; + else if (i == 'k') { + n *= 1024; bufsize++; break; - } } - if (*bufsize != '\0') - { - BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + } + if (*bufsize != '\0') { + BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); goto end; - } - - /* It must be large enough for a base64 encoded line */ - if (base64 && n < 80) n=80; - - bsize=(int)n; - if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); } + /* It must be large enough for a base64 encoded line */ + if (base64 && n < 80) + n = 80; - strbuf=malloc(SIZE); - buff=(unsigned char *)malloc(EVP_ENCODE_LENGTH(bsize)); - if ((buff == NULL) || (strbuf == NULL)) - { - BIO_printf(bio_err,"malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); + bsize = (int) n; + if (verbose) + BIO_printf(bio_err, "bufsize=%d\n", bsize); + } + strbuf = malloc(SIZE); + buff = (unsigned char *) malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) { + BIO_printf(bio_err, "malloc failure %ld\n", (long) EVP_ENCODE_LENGTH(bsize)); goto end; - } - - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { + } + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; - } - if (debug) - { - BIO_set_callback(in,BIO_debug_callback); - BIO_set_callback(out,BIO_debug_callback); - BIO_set_callback_arg(in,(char *)bio_err); - BIO_set_callback_arg(out,(char *)bio_err); - } - - if (inf == NULL) - { + } + if (debug) { + BIO_set_callback(in, BIO_debug_callback); + BIO_set_callback(out, BIO_debug_callback); + BIO_set_callback_arg(in, (char *) bio_err); + BIO_set_callback_arg(out, (char *) bio_err); + } + if (inf == NULL) { #ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) - setvbuf(stdin, (char *)NULL, _IONBF, 0); -#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ - BIO_set_fp(in,stdin,BIO_NOCLOSE); - } - else - { - if (BIO_read_filename(in,inf) <= 0) - { + setvbuf(stdin, (char *) NULL, _IONBF, 0); +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + BIO_set_fp(in, stdin, BIO_NOCLOSE); + } else { + if (BIO_read_filename(in, inf) <= 0) { perror(inf); goto end; - } } + } - if(!str && passarg) { - if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { + if (!str && passarg) { + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } str = pass; } - - if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) - { - for (;;) - { + if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { + for (;;) { char buf[200]; - (void) snprintf(buf,sizeof buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); - strbuf[0]='\0'; - i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); - if (i == 0) - { - if (strbuf[0] == '\0') - { - ret=1; + (void) snprintf(buf, sizeof buf, "enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc) ? "encryption" : "decryption"); + strbuf[0] = '\0'; + i = EVP_read_pw_string((char *) strbuf, SIZE, buf, enc); + if (i == 0) { + if (strbuf[0] == '\0') { + ret = 1; goto end; - } - str=strbuf; - break; } - if (i < 0) - { - BIO_printf(bio_err,"bad password read\n"); + str = strbuf; + break; + } + if (i < 0) { + BIO_printf(bio_err, "bad password read\n"); goto end; - } } } - - - if (outf == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); + } + if (outf == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); #ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) - setvbuf(stdout, (char *)NULL, _IONBF, 0); -#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ - } - else - { - if (BIO_write_filename(out,outf) <= 0) - { + setvbuf(stdout, (char *) NULL, _IONBF, 0); +#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + } else { + if (BIO_write_filename(out, outf) <= 0) { perror(outf); goto end; - } } + } - rbio=in; - wbio=out; + rbio = in; + wbio = out; #ifdef ZLIB - if (do_zlib) - { - if ((bzl=BIO_new(BIO_f_zlib())) == NULL) + if (do_zlib) { + if ((bzl = BIO_new(BIO_f_zlib())) == NULL) goto end; if (enc) - wbio=BIO_push(bzl,wbio); + wbio = BIO_push(bzl, wbio); else - rbio=BIO_push(bzl,rbio); - } + rbio = BIO_push(bzl, rbio); + } #endif - if (base64) - { - if ((b64=BIO_new(BIO_f_base64())) == NULL) + if (base64) { + if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; - if (debug) - { - BIO_set_callback(b64,BIO_debug_callback); - BIO_set_callback_arg(b64,(char *)bio_err); - } + if (debug) { + BIO_set_callback(b64, BIO_debug_callback); + BIO_set_callback_arg(b64, (char *) bio_err); + } if (olb64) - BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); if (enc) - wbio=BIO_push(b64,wbio); + wbio = BIO_push(b64, wbio); else - rbio=BIO_push(b64,rbio); - } - - if (cipher != NULL) - { - /* Note that str is NULL if a key was passed on the command + rbio = BIO_push(b64, rbio); + } + if (cipher != NULL) { + /* + * Note that str is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ - if (str != NULL) - { - /* Salt handling: if encrypting generate a salt and + if (str != NULL) { + /* + * Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; - if(nosalt) sptr = NULL; + if (nosalt) + sptr = NULL; else { - if(enc) { - if(hsalt) { - if(!set_hex(hsalt,salt,sizeof salt)) { + if (enc) { + if (hsalt) { + if (!set_hex(hsalt, salt, sizeof salt)) { BIO_printf(bio_err, - "invalid hex salt value\n"); + "invalid hex salt value\n"); goto end; } } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; - /* If -P option then don't bother writing */ - if((printkey != 2) - && (BIO_write(wbio,magic, - sizeof magic-1) != sizeof magic-1 - || BIO_write(wbio, - (char *)salt, - sizeof salt) != sizeof salt)) { - BIO_printf(bio_err,"error writing output file\n"); + /* + * If -P option then don't bother + * writing + */ + if ((printkey != 2) + && (BIO_write(wbio, magic, + sizeof magic - 1) != sizeof magic - 1 + || BIO_write(wbio, + (char *) salt, + sizeof salt) != sizeof salt)) { + BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf - || BIO_read(rbio, - (unsigned char *)salt, - sizeof salt) != sizeof salt) { - BIO_printf(bio_err,"error reading input file\n"); + } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + || BIO_read(rbio, + (unsigned char *) salt, + sizeof salt) != sizeof salt) { + BIO_printf(bio_err, "error reading input file\n"); + goto end; + } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + BIO_printf(bio_err, "bad magic number\n"); goto end; - } else if(memcmp(mbuf,magic,sizeof magic-1)) { - BIO_printf(bio_err,"bad magic number\n"); - goto end; } - sptr = salt; } - EVP_BytesToKey(cipher,dgst,sptr, - (unsigned char *)str, - strlen(str),1,key,iv); - /* zero the complete buffer or the string - * passed from the command line - * bug picked up by - * Larry J. Hughes Jr. */ + EVP_BytesToKey(cipher, dgst, sptr, + (unsigned char *) str, + strlen(str), 1, key, iv); + /* + * zero the complete buffer or the string passed from + * the command line bug picked up by Larry J. Hughes + * Jr. + */ if (str == strbuf) - OPENSSL_cleanse(str,SIZE); + OPENSSL_cleanse(str, SIZE); else - OPENSSL_cleanse(str,strlen(str)); - } - if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) - { - BIO_printf(bio_err,"invalid hex iv value\n"); + OPENSSL_cleanse(str, strlen(str)); + } + if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); goto end; - } + } if ((hiv == NULL) && (str == NULL) - && EVP_CIPHER_iv_length(cipher) != 0) - { - /* No IV was explicitly set and no IV was generated + && EVP_CIPHER_iv_length(cipher) != 0) { + /* + * No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, - * making correct decryption impossible. */ + * making correct decryption impossible. + */ BIO_printf(bio_err, "iv undefined\n"); goto end; - } - if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) - { - BIO_printf(bio_err,"invalid hex key value\n"); + } + if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + BIO_printf(bio_err, "invalid hex key value\n"); goto end; - } - - if ((benc=BIO_new(BIO_f_cipher())) == NULL) + } + if ((benc = BIO_new(BIO_f_cipher())) == NULL) goto end; - /* Since we may be changing parameters work on the encryption + /* + * Since we may be changing parameters work on the encryption * context rather than calling BIO_set_cipher(). */ @@ -589,138 +543,129 @@ bad: if (non_fips_allow) EVP_CIPHER_CTX_set_flags(ctx, - EVP_CIPH_FLAG_NON_FIPS_ALLOW); + EVP_CIPH_FLAG_NON_FIPS_ALLOW); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) - { + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_name(cipher)); ERR_print_errors(bio_err); goto end; - } - + } if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) - { + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_name(cipher)); ERR_print_errors(bio_err); goto end; - } - - if (debug) - { - BIO_set_callback(benc,BIO_debug_callback); - BIO_set_callback_arg(benc,(char *)bio_err); - } - - if (printkey) - { - if (!nosalt) - { + } + if (debug) { + BIO_set_callback(benc, BIO_debug_callback); + BIO_set_callback_arg(benc, (char *) bio_err); + } + if (printkey) { + if (!nosalt) { printf("salt="); - for (i=0; i<(int)sizeof(salt); i++) - printf("%02X",salt[i]); + for (i = 0; i < (int) sizeof(salt); i++) + printf("%02X", salt[i]); printf("\n"); - } - if (cipher->key_len > 0) - { + } + if (cipher->key_len > 0) { printf("key="); - for (i=0; ikey_len; i++) - printf("%02X",key[i]); + for (i = 0; i < cipher->key_len; i++) + printf("%02X", key[i]); printf("\n"); - } - if (cipher->iv_len > 0) - { + } + if (cipher->iv_len > 0) { printf("iv ="); - for (i=0; iiv_len; i++) - printf("%02X",iv[i]); + for (i = 0; i < cipher->iv_len; i++) + printf("%02X", iv[i]); printf("\n"); - } - if (printkey == 2) - { - ret=0; + } + if (printkey == 2) { + ret = 0; goto end; - } } } - + } /* Only encrypt/decrypt as we write the file */ if (benc != NULL) - wbio=BIO_push(benc,wbio); - - for (;;) - { - inl=BIO_read(rbio,(char *)buff,bsize); - if (inl <= 0) break; - if (BIO_write(wbio,(char *)buff,inl) != inl) - { - BIO_printf(bio_err,"error writing output file\n"); + wbio = BIO_push(benc, wbio); + + for (;;) { + inl = BIO_read(rbio, (char *) buff, bsize); + if (inl <= 0) + break; + if (BIO_write(wbio, (char *) buff, inl) != inl) { + BIO_printf(bio_err, "error writing output file\n"); goto end; - } } - if (!BIO_flush(wbio)) - { - BIO_printf(bio_err,"bad decrypt\n"); + } + if (!BIO_flush(wbio)) { + BIO_printf(bio_err, "bad decrypt\n"); goto end; - } - - ret=0; - if (verbose) - { - BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); - BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); - } + } + ret = 0; + if (verbose) { + BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); + BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); + } end: ERR_print_errors(bio_err); - if (strbuf != NULL) free(strbuf); - if (buff != NULL) free(buff); - if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); - if (benc != NULL) BIO_free(benc); - if (b64 != NULL) BIO_free(b64); + if (strbuf != NULL) + free(strbuf); + if (buff != NULL) + free(buff); + if (in != NULL) + BIO_free(in); + if (out != NULL) + BIO_free_all(out); + if (benc != NULL) + BIO_free(benc); + if (b64 != NULL) + BIO_free(b64); #ifdef ZLIB - if (bzl != NULL) BIO_free(bzl); + if (bzl != NULL) + BIO_free(bzl); #endif - if(pass) free(pass); + if (pass) + free(pass); apps_shutdown(); - return(ret); - } + return (ret); +} -int set_hex(char *in, unsigned char *out, int size) - { - int i,n; +int +set_hex(char *in, unsigned char *out, int size) +{ + int i, n; unsigned char j; - n=strlen(in); - if (n > (size*2)) - { - BIO_printf(bio_err,"hex string is too long\n"); - return(0); - } - memset(out,0,size); - for (i=0; i (size * 2)) { + BIO_printf(bio_err, "hex string is too long\n"); + return (0); + } + memset(out, 0, size); + for (i = 0; i < n; i++) { + j = (unsigned char) *in; + *(in++) = '\0'; + if (j == 0) + break; if ((j >= '0') && (j <= '9')) - j-='0'; + j -= '0'; else if ((j >= 'A') && (j <= 'F')) - j=j-'A'+10; + j = j - 'A' + 10; else if ((j >= 'a') && (j <= 'f')) - j=j-'a'+10; - else - { - BIO_printf(bio_err,"non-hex digit\n"); - return(0); - } - if (i&1) - out[i/2]|=j; - else - out[i/2]=(j<<4); + j = j - 'a' + 10; + else { + BIO_printf(bio_err, "non-hex digit\n"); + return (0); } - return(1); + if (i & 1) + out[i / 2] |= j; + else + out[i / 2] = (j << 4); } + return (1); +} diff --git a/lib/libssl/src/apps/engine.c b/lib/libssl/src/apps/engine.c index b9f3121b9fb..5cfd3e7677d 100644 --- a/lib/libssl/src/apps/engine.c +++ b/lib/libssl/src/apps/engine.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -72,53 +72,51 @@ #undef PROG #define PROG engine_main -static const char *engine_usage[]={ -"usage: engine opts [engine ...]\n", -" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", -" -vv will additionally display each command's description\n", -" -vvv will also add the input flags for each command\n", -" -vvvv will also show internal input flags\n", -" -c - for each engine, also list the capabilities\n", -" -t[t] - for each engine, check that they are really available\n", -" -tt will display error trace for unavailable engines\n", -" -pre - runs command 'cmd' against the ENGINE before any attempts\n", -" to load it (if -t is used)\n", -" -post - runs command 'cmd' against the ENGINE after loading it\n", -" (only used if -t is also provided)\n", -" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", -" line, or all supported ENGINEs if none are specified.\n", -" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", -" argument \"/lib/libdriver.so\".\n", -NULL +static const char *engine_usage[] = { + "usage: engine opts [engine ...]\n", + " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", + " -vv will additionally display each command's description\n", + " -vvv will also add the input flags for each command\n", + " -vvvv will also show internal input flags\n", + " -c - for each engine, also list the capabilities\n", + " -t[t] - for each engine, check that they are really available\n", + " -tt will display error trace for unavailable engines\n", + " -pre - runs command 'cmd' against the ENGINE before any attempts\n", + " to load it (if -t is used)\n", + " -post - runs command 'cmd' against the ENGINE after loading it\n", + " (only used if -t is also provided)\n", + " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", + " line, or all supported ENGINEs if none are specified.\n", + " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", + " argument \"/lib/libdriver.so\".\n", + NULL }; -static void identity(char *ptr) - { +static void +identity(char *ptr) +{ return; - } +} -static int append_buf(char **buf, const char *s, int *size, int step) - { +static int +append_buf(char **buf, const char *s, int *size, int step) +{ int l = strlen(s); - if (*buf == NULL) - { + if (*buf == NULL) { *size = step; *buf = malloc(*size); if (*buf == NULL) return 0; **buf = '\0'; - } - + } if (**buf != '\0') l += 2; /* ", " */ - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) - { + if (strlen(*buf) + strlen(s) >= (unsigned int) *size) { *size += step; *buf = realloc(*buf, *size); - } - + } if (*buf == NULL) return 0; @@ -127,72 +125,70 @@ static int append_buf(char **buf, const char *s, int *size, int step) BUF_strlcat(*buf, s, *size); return 1; - } +} -static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) - { +static int +util_flags(BIO * bio_out, unsigned int flags, const char *indent) +{ int started = 0, err = 0; /* Indent before displaying input flags */ BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); - if(flags == 0) - { + if (flags == 0) { BIO_printf(bio_out, "\n"); return 1; - } - /* If the object is internal, mark it in a way that shows instead of - * having it part of all the other flags, even if it really is. */ - if(flags & ENGINE_CMD_FLAG_INTERNAL) - { + } + /* + * If the object is internal, mark it in a way that shows instead of + * having it part of all the other flags, even if it really is. + */ + if (flags & ENGINE_CMD_FLAG_INTERNAL) { BIO_printf(bio_out, "[Internal] "); - } - - if(flags & ENGINE_CMD_FLAG_NUMERIC) - { + } + if (flags & ENGINE_CMD_FLAG_NUMERIC) { BIO_printf(bio_out, "NUMERIC"); started = 1; - } - /* Now we check that no combinations of the mutually exclusive NUMERIC, - * STRING, and NO_INPUT flags have been used. Future flags that can be - * OR'd together with these would need to added after these to preserve - * the testing logic. */ - if(flags & ENGINE_CMD_FLAG_STRING) - { - if(started) - { + } + /* + * Now we check that no combinations of the mutually exclusive + * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags + * that can be OR'd together with these would need to added after + * these to preserve the testing logic. + */ + if (flags & ENGINE_CMD_FLAG_STRING) { + if (started) { BIO_printf(bio_out, "|"); err = 1; - } + } BIO_printf(bio_out, "STRING"); started = 1; - } - if(flags & ENGINE_CMD_FLAG_NO_INPUT) - { - if(started) - { + } + if (flags & ENGINE_CMD_FLAG_NO_INPUT) { + if (started) { BIO_printf(bio_out, "|"); err = 1; - } + } BIO_printf(bio_out, "NO_INPUT"); started = 1; - } + } /* Check for unknown flags */ flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & - ~ENGINE_CMD_FLAG_STRING & - ~ENGINE_CMD_FLAG_NO_INPUT & - ~ENGINE_CMD_FLAG_INTERNAL; - if(flags) - { - if(started) BIO_printf(bio_out, "|"); + ~ENGINE_CMD_FLAG_STRING & + ~ENGINE_CMD_FLAG_NO_INPUT & + ~ENGINE_CMD_FLAG_INTERNAL; + if (flags) { + if (started) + BIO_printf(bio_out, "|"); BIO_printf(bio_out, "<0x%04X>", flags); - } - if(err) + } + if (err) BIO_printf(bio_out, " "); BIO_printf(bio_out, "\n"); return 1; - } +} -static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) - { +static int +util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent) +{ static const int line_wrap = 78; int num; int ret = 0; @@ -200,344 +196,321 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent char *desc = NULL; int flags; int xpos = 0; - STACK_OF(OPENSSL_STRING) *cmds = NULL; - if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) - { + STACK_OF(OPENSSL_STRING) * cmds = NULL; + if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || + ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, + 0, NULL, NULL)) <= 0)) { #if 0 BIO_printf(bio_out, "%s\n", indent); #endif return 1; - } - + } cmds = sk_OPENSSL_STRING_new_null(); - if(!cmds) + if (!cmds) goto err; do { int len; /* Get the command input flags */ - if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, - NULL, NULL)) < 0) + if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, + NULL, NULL)) < 0) goto err; - if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) - { - /* Get the command name */ - if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, - NULL, NULL)) <= 0) - goto err; - if((name = malloc(len + 1)) == NULL) - goto err; - if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, - NULL) <= 0) - goto err; - /* Get the command description */ - if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, - NULL, NULL)) < 0) - goto err; - if(len > 0) - { - if((desc = malloc(len + 1)) == NULL) - goto err; - if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, - NULL) <= 0) - goto err; - } - /* Now decide on the output */ - if(xpos == 0) - /* Do an indent */ - xpos = BIO_puts(bio_out, indent); - else - /* Otherwise prepend a ", " */ - xpos += BIO_printf(bio_out, ", "); - if(verbose == 1) - { - /* We're just listing names, comma-delimited */ - if((xpos > (int)strlen(indent)) && - (xpos + (int)strlen(name) > line_wrap)) - { - BIO_printf(bio_out, "\n"); - xpos = BIO_puts(bio_out, indent); - } - xpos += BIO_printf(bio_out, "%s", name); - } - else - { - /* We're listing names plus descriptions */ - BIO_printf(bio_out, "%s: %s\n", name, - (desc == NULL) ? "" : desc); - /* ... and sometimes input flags */ - if((verbose >= 3) && !util_flags(bio_out, flags, - indent)) - goto err; - xpos = 0; - } - } - free(name); name = NULL; - if(desc) { free(desc); desc = NULL; } + if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { + /* Get the command name */ + if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, + NULL, NULL)) <= 0) + goto err; + if ((name = malloc(len + 1)) == NULL) + goto err; + if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, + NULL) <= 0) + goto err; + /* Get the command description */ + if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, + NULL, NULL)) < 0) + goto err; + if (len > 0) { + if ((desc = malloc(len + 1)) == NULL) + goto err; + if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, + NULL) <= 0) + goto err; + } + /* Now decide on the output */ + if (xpos == 0) + /* Do an indent */ + xpos = BIO_puts(bio_out, indent); + else + /* Otherwise prepend a ", " */ + xpos += BIO_printf(bio_out, ", "); + if (verbose == 1) { + /* We're just listing names, comma-delimited */ + if ((xpos > (int) strlen(indent)) && + (xpos + (int) strlen(name) > line_wrap)) { + BIO_printf(bio_out, "\n"); + xpos = BIO_puts(bio_out, indent); + } + xpos += BIO_printf(bio_out, "%s", name); + } else { + /* We're listing names plus descriptions */ + BIO_printf(bio_out, "%s: %s\n", name, + (desc == NULL) ? "" : desc); + /* ... and sometimes input flags */ + if ((verbose >= 3) && !util_flags(bio_out, flags, + indent)) + goto err; + xpos = 0; + } + } + free(name); + name = NULL; + if (desc) { + free(desc); + desc = NULL; + } /* Move to the next command */ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, - num, NULL, NULL); - } while(num > 0); - if(xpos > 0) + num, NULL, NULL); + } while (num > 0); + if (xpos > 0) BIO_printf(bio_out, "\n"); ret = 1; err: - if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); - if(name) free(name); - if(desc) free(desc); + if (cmds) + sk_OPENSSL_STRING_pop_free(cmds, identity); + if (name) + free(name); + if (desc) + free(desc); return ret; - } +} -static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, - BIO *bio_out, const char *indent) - { +static void +util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds, + BIO * bio_out, const char *indent) +{ int loop, res, num = sk_OPENSSL_STRING_num(cmds); - if(num < 0) - { + if (num < 0) { BIO_printf(bio_out, "[Error]: internal stack error\n"); return; - } - for(loop = 0; loop < num; loop++) - { + } + for (loop = 0; loop < num; loop++) { char buf[256]; const char *cmd, *arg; cmd = sk_OPENSSL_STRING_value(cmds, loop); - res = 1; /* assume success */ + res = 1; /* assume success */ /* Check if this command has no ":arg" */ - if((arg = strstr(cmd, ":")) == NULL) - { - if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) + if ((arg = strstr(cmd, ":")) == NULL) { + if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) res = 0; - } - else - { - if((int)(arg - cmd) > 254) - { - BIO_printf(bio_out,"[Error]: command name too long\n"); + } else { + if ((int) (arg - cmd) > 254) { + BIO_printf(bio_out, "[Error]: command name too long\n"); return; - } - memcpy(buf, cmd, (int)(arg - cmd)); - buf[arg-cmd] = '\0'; - arg++; /* Move past the ":" */ + } + memcpy(buf, cmd, (int) (arg - cmd)); + buf[arg - cmd] = '\0'; + arg++; /* Move past the ":" */ /* Call the command with the argument */ - if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) + if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) res = 0; - } - if(res) + } + if (res) BIO_printf(bio_out, "[Success]: %s\n", cmd); - else - { + else { BIO_printf(bio_out, "[Failure]: %s\n", cmd); ERR_print_errors(bio_out); - } } } +} int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - int ret=1,i; +int +MAIN(int argc, char **argv) +{ + int ret = 1, i; const char **pp; - int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; + int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; ENGINE *e; - STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); - STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); - STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); - int badops=1; - BIO *bio_out=NULL; + STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null(); + STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null(); + STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null(); + int badops = 1; + BIO *bio_out = NULL; const char *indent = " "; apps_startup(); SSL_load_error_strings(); if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; - bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); + bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); argc--; argv++; - while (argc >= 1) - { - if (strncmp(*argv,"-v",2) == 0) - { - if(strspn(*argv + 1, "v") < strlen(*argv + 1)) + while (argc >= 1) { + if (strncmp(*argv, "-v", 2) == 0) { + if (strspn(*argv + 1, "v") < strlen(*argv + 1)) goto skip_arg_loop; - if((verbose=strlen(*argv + 1)) > 4) + if ((verbose = strlen(*argv + 1)) > 4) goto skip_arg_loop; - } - else if (strcmp(*argv,"-c") == 0) - list_cap=1; - else if (strncmp(*argv,"-t",2) == 0) - { - test_avail=1; - if(strspn(*argv + 1, "t") < strlen(*argv + 1)) + } else if (strcmp(*argv, "-c") == 0) + list_cap = 1; + else if (strncmp(*argv, "-t", 2) == 0) { + test_avail = 1; + if (strspn(*argv + 1, "t") < strlen(*argv + 1)) goto skip_arg_loop; - if((test_avail_noise = strlen(*argv + 1) - 1) > 1) + if ((test_avail_noise = strlen(*argv + 1) - 1) > 1) goto skip_arg_loop; - } - else if (strcmp(*argv,"-pre") == 0) - { - argc--; argv++; + } else if (strcmp(*argv, "-pre") == 0) { + argc--; + argv++; if (argc == 0) goto skip_arg_loop; - sk_OPENSSL_STRING_push(pre_cmds,*argv); - } - else if (strcmp(*argv,"-post") == 0) - { - argc--; argv++; + sk_OPENSSL_STRING_push(pre_cmds, *argv); + } else if (strcmp(*argv, "-post") == 0) { + argc--; + argv++; if (argc == 0) goto skip_arg_loop; - sk_OPENSSL_STRING_push(post_cmds,*argv); - } - else if ((strncmp(*argv,"-h",2) == 0) || - (strcmp(*argv,"-?") == 0)) + sk_OPENSSL_STRING_push(post_cmds, *argv); + } else if ((strncmp(*argv, "-h", 2) == 0) || + (strcmp(*argv, "-?") == 0)) goto skip_arg_loop; else - sk_OPENSSL_STRING_push(engines,*argv); + sk_OPENSSL_STRING_push(engines, *argv); argc--; argv++; - } + } /* Looks like everything went OK */ badops = 0; skip_arg_loop: - if (badops) - { - for (pp=engine_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,"%s",*pp); + if (badops) { + for (pp = engine_usage; (*pp != NULL); pp++) + BIO_printf(bio_err, "%s", *pp); goto end; + } + if (sk_OPENSSL_STRING_num(engines) == 0) { + for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { + sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e)); } - - if (sk_OPENSSL_STRING_num(engines) == 0) - { - for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) - { - sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e)); - } - } - - for (i=0; i 0) && !util_verbose(e, verbose, bio_out, indent)) + } + if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) goto end; ENGINE_free(e); - } - else + } else ERR_print_errors(bio_err); - } + } - ret=0; + ret = 0; end: ERR_print_errors(bio_err); sk_OPENSSL_STRING_pop_free(engines, identity); sk_OPENSSL_STRING_pop_free(pre_cmds, identity); sk_OPENSSL_STRING_pop_free(post_cmds, identity); - if (bio_out != NULL) BIO_free_all(bio_out); + if (bio_out != NULL) + BIO_free_all(bio_out); apps_shutdown(); - return(ret); - } + return (ret); +} #else -# if PEDANTIC -static void *dummy=&dummy; -# endif +#if PEDANTIC +static void *dummy = &dummy; +#endif #endif diff --git a/lib/libssl/src/apps/errstr.c b/lib/libssl/src/apps/errstr.c index 2a26c4ed156..77d2ea6a7c5 100644 --- a/lib/libssl/src/apps/errstr.c +++ b/lib/libssl/src/apps/errstr.c @@ -81,7 +81,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); SSL_load_error_strings(); @@ -102,9 +102,8 @@ MAIN(int argc, char **argv) argc--; argv++; } - for (i = 1; i < argc; i++) { - if (sscanf(argv[i], "%lx",&l)) { + if (sscanf(argv[i], "%lx", &l)) { ERR_error_string_n(l, buf, sizeof buf); printf("%s\n", buf); } else { @@ -114,5 +113,5 @@ MAIN(int argc, char **argv) } } apps_shutdown(); - return(ret); + return (ret); } diff --git a/lib/libssl/src/apps/gendh.c b/lib/libssl/src/apps/gendh.c index 531e37a25b0..644ef87bd25 100644 --- a/lib/libssl/src/apps/gendh.c +++ b/lib/libssl/src/apps/gendh.c @@ -82,7 +82,7 @@ #undef PROG #define PROG gendh_main -static int dh_cb(int p, int n, BN_GENCB *cb); +static int dh_cb(int p, int n, BN_GENCB * cb); int MAIN(int, char **); @@ -105,7 +105,7 @@ MAIN(int argc, char **argv) BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -118,35 +118,39 @@ MAIN(int argc, char **argv) if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-2") == 0) g = 2; - /* else if (strcmp(*argv,"-3") == 0) - g=3; */ + /* + * else if (strcmp(*argv,"-3") == 0) g=3; + */ else if (strcmp(*argv, "-5") == 0) g = 5; #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; - inrand= *(++argv); + inrand = *(++argv); } else break; argv++; argc--; } - if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) { + if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: gendh [args] [numbits]\n"); BIO_printf(bio_err, " -out file - output the key to 'file\n"); BIO_printf(bio_err, " -2 - use 2 as the generator value\n"); - /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ + /* + * BIO_printf(bio_err," -3 - use 3 as the generator + * value\n"); + */ BIO_printf(bio_err, " -5 - use 5 as the generator value\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n"); @@ -156,7 +160,6 @@ bad: BIO_printf(bio_err, " the random number generator\n"); goto end; } - #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif @@ -166,7 +169,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { @@ -183,7 +185,7 @@ bad: BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); - BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); + BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); BIO_printf(bio_err, "This is going to take a long time\n"); if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) @@ -202,11 +204,11 @@ end: if (dh != NULL) DH_free(dh); apps_shutdown(); - return(ret); + return (ret); } static int -dh_cb(int p, int n, BN_GENCB *cb) +dh_cb(int p, int n, BN_GENCB * cb) { char c = '*'; @@ -219,16 +221,16 @@ dh_cb(int p, int n, BN_GENCB *cb) if (p == 3) c = '\n'; BIO_write(cb->arg, &c, 1); - (void)BIO_flush(cb->arg); + (void) BIO_flush(cb->arg); #ifdef LINT p = n; #endif return 1; } -#else /* !OPENSSL_NO_DH */ +#else /* !OPENSSL_NO_DH */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/gendsa.c b/lib/libssl/src/apps/gendsa.c index c4e5415cdc1..2042f69f68c 100644 --- a/lib/libssl/src/apps/gendsa.c +++ b/lib/libssl/src/apps/gendsa.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include /* for OPENSSL_NO_DSA */ +#include /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include #include @@ -94,7 +94,7 @@ MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; @@ -107,23 +107,23 @@ MAIN(int argc, char **argv) if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; - passargout= *(++argv); + passargout = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; - inrand= *(++argv); + inrand = *(++argv); } else if (strcmp(*argv, "-") == 0) goto bad; #ifndef OPENSSL_NO_DES @@ -197,7 +197,6 @@ bad: BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n"); goto end; } - #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif @@ -206,14 +205,11 @@ bad: BIO_printf(bio_err, "Error getting password\n"); goto end; } - - in = BIO_new(BIO_s_file()); if (!(BIO_read_filename(in, dsaparams))) { perror(dsaparams); goto end; } - if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) { BIO_printf(bio_err, "unable to load DSA parameter file\n"); goto end; @@ -263,12 +259,12 @@ end: if (passout) free(passout); apps_shutdown(); - return(ret); + return (ret); } -#else /* !OPENSSL_NO_DSA */ +#else /* !OPENSSL_NO_DSA */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/genpkey.c b/lib/libssl/src/apps/genpkey.c index de375a571bf..ec7e5b2f256 100644 --- a/lib/libssl/src/apps/genpkey.c +++ b/lib/libssl/src/apps/genpkey.c @@ -65,9 +65,10 @@ #include #endif -static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, const char *file, - ENGINE *e); -static int genpkey_cb(EVP_PKEY_CTX *ctx); +static int +init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file, + ENGINE * e); +static int genpkey_cb(EVP_PKEY_CTX * ctx); #define PROG genpkey_main @@ -112,7 +113,7 @@ MAIN(int argc, char **argv) } else if (!strcmp(*args, "-pass")) { if (!args[1]) goto bad; - passarg= *(++args); + passarg = *(++args); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*args, "-engine") == 0) { @@ -121,7 +122,7 @@ MAIN(int argc, char **argv) e = setup_engine(bio_err, *(++args), 0); } #endif - else if (!strcmp (*args, "-paramfile")) { + else if (!strcmp(*args, "-paramfile")) { if (!args[1]) goto bad; args++; @@ -129,7 +130,7 @@ MAIN(int argc, char **argv) goto bad; if (!init_keygen_file(bio_err, &ctx, *args, e)) goto end; - } else if (!strcmp (*args, "-out")) { + } else if (!strcmp(*args, "-out")) { if (args[1]) { args++; outfile = *args; @@ -193,20 +194,18 @@ bad: BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n"); goto end; } - if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_puts(bio_err, "Error getting password\n"); goto end; } - if (outfile) { - if (!(out = BIO_new_file (outfile, "wb"))) { + if (!(out = BIO_new_file(outfile, "wb"))) { BIO_printf(bio_err, "Can't open output file %s\n", outfile); goto end; } } else { - out = BIO_new_fp (stdout, BIO_NOCLOSE); + out = BIO_new_fp(stdout, BIO_NOCLOSE); } EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); @@ -242,7 +241,6 @@ bad: BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); } - if (text) { if (do_param) rv = EVP_PKEY_print_params(out, pkey, 0, NULL); @@ -254,7 +252,6 @@ bad: ERR_print_errors(bio_err); } } - ret = 0; end: @@ -272,8 +269,8 @@ end: } static int -init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, - const char *file, ENGINE *e) +init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, + const char *file, ENGINE * e) { BIO *pbio; EVP_PKEY *pkey = NULL; @@ -282,13 +279,11 @@ init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, BIO_puts(err, "Parameters already set!\n"); return 0; } - pbio = BIO_new_file(file, "r"); if (!pbio) { BIO_printf(err, "Can't open parameter file %s\n", file); return 0; } - pkey = PEM_read_bio_Parameters(pbio, NULL); BIO_free(pbio); @@ -296,7 +291,6 @@ init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, BIO_printf(bio_err, "Error reading parameter file %s\n", file); return 0; } - ctx = EVP_PKEY_CTX_new(pkey, e); if (!ctx) goto err; @@ -318,8 +312,8 @@ err: } int -init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, - const char *algname, ENGINE *e, int do_param) +init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx, + const char *algname, ENGINE * e, int do_param) { EVP_PKEY_CTX *ctx = NULL; const EVP_PKEY_ASN1_METHOD *ameth; @@ -330,7 +324,6 @@ init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, BIO_puts(err, "Algorithm already set!\n"); return 0; } - ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); #ifndef OPENSSL_NO_ENGINE @@ -342,7 +335,6 @@ init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, BIO_printf(bio_err, "Algorithm %s not found\n", algname); return 0; } - ERR_clear_error(); EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); @@ -375,7 +367,7 @@ err: } static int -genpkey_cb(EVP_PKEY_CTX *ctx) +genpkey_cb(EVP_PKEY_CTX * ctx) { char c = '*'; BIO *b = EVP_PKEY_CTX_get_app_data(ctx); @@ -390,7 +382,7 @@ genpkey_cb(EVP_PKEY_CTX *ctx) if (p == 3) c = '\n'; BIO_write(b, &c, 1); - (void)BIO_flush(b); + (void) BIO_flush(b); #ifdef LINT p = n; #endif diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c index e6e9877cb93..67e68fc20a6 100644 --- a/lib/libssl/src/apps/genrsa.c +++ b/lib/libssl/src/apps/genrsa.c @@ -82,7 +82,7 @@ #undef PROG #define PROG genrsa_main -static int genrsa_cb(int p, int n, BN_GENCB *cb); +static int genrsa_cb(int p, int n, BN_GENCB * cb); int MAIN(int, char **); @@ -108,14 +108,15 @@ MAIN(int argc, char **argv) BIGNUM *bn = BN_new(); RSA *rsa = NULL; - if (!bn) goto err; + if (!bn) + goto err; - apps_startup(); + apps_startup(); BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; @@ -123,7 +124,6 @@ MAIN(int argc, char **argv) BIO_printf(bio_err, "unable to create BIO for output\n"); goto err; } - argv++; argc--; for (;;) { @@ -132,22 +132,22 @@ MAIN(int argc, char **argv) if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; - outfile= *(++argv); + outfile = *(++argv); } else if (strcmp(*argv, "-3") == 0) f4 = 3; - else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv,"-f4") == 0) + else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) f4 = RSA_F4; #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; - engine= *(++argv); + engine = *(++argv); } #endif else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; - inrand= *(++argv); + inrand = *(++argv); } #ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) @@ -182,13 +182,13 @@ MAIN(int argc, char **argv) else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; - passargout= *(++argv); + passargout = *(++argv); } else break; argv++; argc--; } - if ((argc >= 1) && ((sscanf(*argv, "%d",&num) == 0) || (num < 0))) { + if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); @@ -220,14 +220,12 @@ bad: BIO_printf(bio_err, " the random number generator\n"); goto err; } - ERR_load_crypto_strings(); if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } - #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif @@ -264,23 +262,25 @@ bad: app_RAND_write_file(NULL, bio_err); - /* We need to do the following for when the base number size is < - * long, esp windows 3.1 :-(. */ + /* + * We need to do the following for when the base number size is < + * long, esp windows 3.1 :-(. + */ l = 0L; for (i = 0; i < rsa->e->top; i++) { #ifndef SIXTY_FOUR_BIT - l<<=BN_BITS4; - l<<=BN_BITS4; + l <<= BN_BITS4; + l <<= BN_BITS4; #endif l += rsa->e->d[i]; } - BIO_printf(bio_err, "e is %ld (0x%lX)\n",l,l); + BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l); { PW_CB_DATA cb_data; cb_data.password = passout; cb_data.prompt_info = outfile; if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, - (pem_password_cb *)password_callback, &cb_data)) + (pem_password_cb *) password_callback, &cb_data)) goto err; } @@ -292,15 +292,16 @@ err: RSA_free(rsa); if (out) BIO_free_all(out); - if (passout) free(passout); - if (ret != 0) - ERR_print_errors(bio_err); + if (passout) + free(passout); + if (ret != 0) + ERR_print_errors(bio_err); apps_shutdown(); - return(ret); + return (ret); } static int -genrsa_cb(int p, int n, BN_GENCB *cb) +genrsa_cb(int p, int n, BN_GENCB * cb) { char c = '*'; @@ -313,16 +314,16 @@ genrsa_cb(int p, int n, BN_GENCB *cb) if (p == 3) c = '\n'; BIO_write(cb->arg, &c, 1); - (void)BIO_flush(cb->arg); + (void) BIO_flush(cb->arg); #ifdef LINT p = n; #endif return 1; } -#else /* !OPENSSL_NO_RSA */ +#else /* !OPENSSL_NO_RSA */ -# if PEDANTIC +#if PEDANTIC static void *dummy = &dummy; -# endif +#endif #endif diff --git a/lib/libssl/src/apps/nseq.c b/lib/libssl/src/apps/nseq.c index cb83570562e..43f3073635a 100644 --- a/lib/libssl/src/apps/nseq.c +++ b/lib/libssl/src/apps/nseq.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,7 +67,8 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) +int +MAIN(int argc, char **argv) { char **args, *infile = NULL, *outfile = NULL; BIO *in = NULL, *out = NULL; @@ -76,47 +77,52 @@ int MAIN(int argc, char **argv) NETSCAPE_CERT_SEQUENCE *seq = NULL; int i, ret = 1; int badarg = 0; - if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); ERR_load_crypto_strings(); args = argv + 1; while (!badarg && *args && *args[0] == '-') { - if (!strcmp (*args, "-toseq")) toseq = 1; - else if (!strcmp (*args, "-in")) { + if (!strcmp(*args, "-toseq")) + toseq = 1; + else if (!strcmp(*args, "-in")) { if (args[1]) { args++; infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { + } else + badarg = 1; + } else if (!strcmp(*args, "-out")) { if (args[1]) { args++; outfile = *args; - } else badarg = 1; - } else badarg = 1; + } else + badarg = 1; + } else + badarg = 1; args++; } if (badarg) { - BIO_printf (bio_err, "Netscape certificate sequence utility\n"); - BIO_printf (bio_err, "Usage nseq [options]\n"); - BIO_printf (bio_err, "where options are\n"); - BIO_printf (bio_err, "-in file input file\n"); - BIO_printf (bio_err, "-out file output file\n"); - BIO_printf (bio_err, "-toseq output NS Sequence file\n"); - return(1); + BIO_printf(bio_err, "Netscape certificate sequence utility\n"); + BIO_printf(bio_err, "Usage nseq [options]\n"); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, "-in file input file\n"); + BIO_printf(bio_err, "-out file output file\n"); + BIO_printf(bio_err, "-toseq output NS Sequence file\n"); + return (1); } - if (infile) { - if (!(in = BIO_new_file (infile, "r"))) { - BIO_printf (bio_err, - "Can't open input file %s\n", infile); + if (!(in = BIO_new_file(infile, "r"))) { + BIO_printf(bio_err, + "Can't open input file %s\n", infile); goto end; } - } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + } else + in = BIO_new_fp(stdin, BIO_NOCLOSE); if (outfile) { - if (!(out = BIO_new_file (outfile, "w"))) { - BIO_printf (bio_err, - "Can't open output file %s\n", outfile); + if (!(out = BIO_new_file(outfile, "w"))) { + BIO_printf(bio_err, + "Can't open output file %s\n", outfile); goto end; } } else { @@ -125,12 +131,11 @@ int MAIN(int argc, char **argv) if (toseq) { seq = NETSCAPE_CERT_SEQUENCE_new(); seq->certs = sk_X509_new_null(); - while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) - sk_X509_push(seq->certs,x509); + while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) + sk_X509_push(seq->certs, x509); - if(!sk_X509_num(seq->certs)) - { - BIO_printf (bio_err, "Error reading certs file %s\n", infile); + if (!sk_X509_num(seq->certs)) { + BIO_printf(bio_err, "Error reading certs file %s\n", infile); ERR_print_errors(bio_err); goto end; } @@ -138,14 +143,12 @@ int MAIN(int argc, char **argv) ret = 0; goto end; } - if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { - BIO_printf (bio_err, "Error reading sequence file %s\n", infile); + BIO_printf(bio_err, "Error reading sequence file %s\n", infile); ERR_print_errors(bio_err); goto end; } - - for(i = 0; i < sk_X509_num(seq->certs); i++) { + for (i = 0; i < sk_X509_num(seq->certs); i++) { x509 = sk_X509_value(seq->certs, i); dump_cert_text(out, x509); PEM_write_bio_X509(out, x509); @@ -156,6 +159,5 @@ end: BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); - return(ret); + return (ret); } - diff --git a/lib/libssl/src/apps/ocsp.c b/lib/libssl/src/apps/ocsp.c index e68589f4a84..330d850890d 100644 --- a/lib/libssl/src/apps/ocsp.c +++ b/lib/libssl/src/apps/ocsp.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,7 +61,8 @@ #include #include #include -#include "apps.h" /* needs to be included before the openssl headers! */ +#include "apps.h" /* needs to be included before the openssl + * headers! */ #include #include #include @@ -71,52 +72,53 @@ #include #if defined(NETWARE_CLIB) -# ifdef NETWARE_BSDSOCK -# include -# include -# else -# include -# endif +#ifdef NETWARE_BSDSOCK +#include +#include +#else +#include +#endif #elif defined(NETWARE_LIBC) -# ifdef NETWARE_BSDSOCK -# include -# else -# include -# endif +#ifdef NETWARE_BSDSOCK +#include +#else +#include #endif - +#endif + /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); -static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage); - -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, - X509 *ca, X509 *rcert, EVP_PKEY *rkey, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays); - -static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); -static BIO *init_responder(char *port); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); -static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); -static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, - STACK_OF(CONF_VALUE) *headers, - OCSP_REQUEST *req, int req_timeout); +static int +add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer, + STACK_OF(OCSP_CERTID) * ids); + static int add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer, + STACK_OF(OCSP_CERTID) * ids); + static int print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req, + STACK_OF(OPENSSL_STRING) * names, + STACK_OF(OCSP_CERTID) * ids, long nsec, + long maxage); + + static int make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db, + X509 * ca, X509 * rcert, EVP_PKEY * rkey, + STACK_OF(X509) * rother, unsigned long flags, + int nmin, int ndays); + + static char **lookup_serial(CA_DB * db, ASN1_INTEGER * ser); + static BIO *init_responder(char *port); + static int do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port); + static int send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp); + static OCSP_RESPONSE *query_responder(BIO * err, BIO * cbio, char *path, + STACK_OF(CONF_VALUE) * headers, + OCSP_REQUEST * req, int req_timeout); #undef PROG #define PROG ocsp_main -int MAIN(int, char **); + int MAIN(int, char **); -int MAIN(int argc, char **argv) - { + int MAIN(int argc, char **argv) +{ ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; @@ -126,7 +128,7 @@ int MAIN(int argc, char **argv) char *rsignfile = NULL, *rkeyfile = NULL; char *outfile = NULL; int add_nonce = 1, noverify = 0, use_ssl = -1; - STACK_OF(CONF_VALUE) *headers = NULL; + STACK_OF(CONF_VALUE) * headers = NULL; OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_BASICRESP *bs = NULL; @@ -141,7 +143,7 @@ int MAIN(int argc, char **argv) long nsec = MAX_VALIDITY_PERIOD, maxage = -1; char *CAfile = NULL, *CApath = NULL; X509_STORE *store = NULL; - STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; + STACK_OF(X509) * sign_other = NULL, *verify_other = NULL, *rother = NULL; char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; int ret = 1; @@ -149,8 +151,8 @@ int MAIN(int argc, char **argv) int badarg = 0; int i; int ignore_err = 0; - STACK_OF(OPENSSL_STRING) *reqnames = NULL; - STACK_OF(OCSP_CERTID) *ids = NULL; + STACK_OF(OPENSSL_STRING) * reqnames = NULL; + STACK_OF(OCSP_CERTID) * ids = NULL; X509 *rca_cert = NULL; char *ridx_filename = NULL; @@ -159,7 +161,8 @@ int MAIN(int argc, char **argv) int nmin = 0, ndays = -1; const EVP_MD *cert_id_md = NULL; - if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; @@ -168,75 +171,54 @@ int MAIN(int argc, char **argv) args = argv + 1; reqnames = sk_OPENSSL_STRING_new_null(); ids = sk_OCSP_CERTID_new_null(); - while (!badarg && *args && *args[0] == '-') - { - if (!strcmp(*args, "-out")) - { - if (args[1]) - { + while (!badarg && *args && *args[0] == '-') { + if (!strcmp(*args, "-out")) { + if (args[1]) { args++; outfile = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-timeout")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-timeout")) { + if (args[1]) { args++; req_timeout = atol(*args); - if (req_timeout < 0) - { + if (req_timeout < 0) { BIO_printf(bio_err, - "Illegal timeout value %s\n", - *args); + "Illegal timeout value %s\n", + *args); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp(*args, "-url")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-url")) { + if (args[1]) { args++; - if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) - { + if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) { BIO_printf(bio_err, "Error parsing URL\n"); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp(*args, "-host")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-host")) { + if (args[1]) { args++; host = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-port")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-port")) { + if (args[1]) { args++; port = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-header")) - { - if (args[1] && args[2]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-header")) { + if (args[1] && args[2]) { if (!X509V3_add_value(args[1], args[2], &headers)) goto end; args += 2; - } - else badarg = 1; - } - else if (!strcmp(*args, "-ignore_err")) + } else + badarg = 1; + } else if (!strcmp(*args, "-ignore_err")) ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; @@ -264,571 +246,459 @@ int MAIN(int argc, char **argv) verify_flags |= OCSP_TRUSTOTHER; else if (!strcmp(*args, "-no_intern")) verify_flags |= OCSP_NOINTERN; - else if (!strcmp(*args, "-text")) - { + else if (!strcmp(*args, "-text")) { req_text = 1; resp_text = 1; - } - else if (!strcmp(*args, "-req_text")) + } else if (!strcmp(*args, "-req_text")) req_text = 1; else if (!strcmp(*args, "-resp_text")) resp_text = 1; - else if (!strcmp(*args, "-reqin")) - { - if (args[1]) - { + else if (!strcmp(*args, "-reqin")) { + if (args[1]) { args++; reqin = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-respin")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-respin")) { + if (args[1]) { args++; respin = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-signer")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-signer")) { + if (args[1]) { args++; signfile = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-VAfile")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-VAfile")) { + if (args[1]) { args++; verify_certfile = *args; verify_flags |= OCSP_TRUSTOTHER; - } - else badarg = 1; - } - else if (!strcmp(*args, "-sign_other")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-sign_other")) { + if (args[1]) { args++; sign_certfile = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-verify_other")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-verify_other")) { + if (args[1]) { args++; verify_certfile = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-CAfile")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-CAfile")) { + if (args[1]) { args++; CAfile = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-CApath")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-CApath")) { + if (args[1]) { args++; CApath = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-validity_period")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-validity_period")) { + if (args[1]) { args++; nsec = atol(*args); - if (nsec < 0) - { + if (nsec < 0) { BIO_printf(bio_err, - "Illegal validity period %s\n", - *args); + "Illegal validity period %s\n", + *args); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp (*args, "-status_age")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-status_age")) { + if (args[1]) { args++; maxage = atol(*args); - if (maxage < 0) - { + if (maxage < 0) { BIO_printf(bio_err, - "Illegal validity age %s\n", - *args); + "Illegal validity age %s\n", + *args); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp(*args, "-signkey")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-signkey")) { + if (args[1]) { args++; keyfile = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-reqout")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-reqout")) { + if (args[1]) { args++; reqout = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-respout")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-respout")) { + if (args[1]) { args++; respout = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-path")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-path")) { + if (args[1]) { args++; path = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-issuer")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-issuer")) { + if (args[1]) { args++; X509_free(issuer); issuer = load_cert(bio_err, *args, FORMAT_PEM, - NULL, e, "issuer certificate"); - if(!issuer) goto end; - } - else badarg = 1; - } - else if (!strcmp (*args, "-cert")) - { - if (args[1]) - { + NULL, e, "issuer certificate"); + if (!issuer) + goto end; + } else + badarg = 1; + } else if (!strcmp(*args, "-cert")) { + if (args[1]) { args++; X509_free(cert); cert = load_cert(bio_err, *args, FORMAT_PEM, - NULL, e, "certificate"); - if(!cert) goto end; - if (!cert_id_md) cert_id_md = EVP_sha1(); - if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) + NULL, e, "certificate"); + if (!cert) goto end; - if(!sk_OPENSSL_STRING_push(reqnames, *args)) + if (!cert_id_md) + cert_id_md = EVP_sha1(); + if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) goto end; - } - else badarg = 1; - } - else if (!strcmp(*args, "-serial")) - { - if (args[1]) - { + if (!sk_OPENSSL_STRING_push(reqnames, *args)) + goto end; + } else + badarg = 1; + } else if (!strcmp(*args, "-serial")) { + if (args[1]) { args++; - if (!cert_id_md) cert_id_md = EVP_sha1(); - if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) + if (!cert_id_md) + cert_id_md = EVP_sha1(); + if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) goto end; - if(!sk_OPENSSL_STRING_push(reqnames, *args)) + if (!sk_OPENSSL_STRING_push(reqnames, *args)) goto end; - } - else badarg = 1; - } - else if (!strcmp(*args, "-index")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-index")) { + if (args[1]) { args++; ridx_filename = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-CA")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-CA")) { + if (args[1]) { args++; rca_filename = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-nmin")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-nmin")) { + if (args[1]) { args++; nmin = atol(*args); - if (nmin < 0) - { + if (nmin < 0) { BIO_printf(bio_err, - "Illegal update period %s\n", - *args); + "Illegal update period %s\n", + *args); badarg = 1; - } } - if (ndays == -1) - ndays = 0; - else badarg = 1; } - else if (!strcmp (*args, "-nrequest")) - { - if (args[1]) - { + if (ndays == -1) + ndays = 0; + else + badarg = 1; + } else if (!strcmp(*args, "-nrequest")) { + if (args[1]) { args++; accept_count = atol(*args); - if (accept_count < 0) - { + if (accept_count < 0) { BIO_printf(bio_err, - "Illegal accept count %s\n", - *args); + "Illegal accept count %s\n", + *args); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp (*args, "-ndays")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-ndays")) { + if (args[1]) { args++; ndays = atol(*args); - if (ndays < 0) - { + if (ndays < 0) { BIO_printf(bio_err, - "Illegal update period %s\n", - *args); + "Illegal update period %s\n", + *args); badarg = 1; - } } - else badarg = 1; - } - else if (!strcmp(*args, "-rsigner")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-rsigner")) { + if (args[1]) { args++; rsignfile = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-rkey")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-rkey")) { + if (args[1]) { args++; rkeyfile = *args; - } - else badarg = 1; - } - else if (!strcmp(*args, "-rother")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-rother")) { + if (args[1]) { args++; rcertfile = *args; - } - else badarg = 1; - } - else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL) - { + } else + badarg = 1; + } else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) { badarg = 1; - } - args++; } + args++; + } /* Have we anything to do? */ - if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1; - - if (badarg) - { - BIO_printf (bio_err, "OCSP utility\n"); - BIO_printf (bio_err, "Usage ocsp [options]\n"); - BIO_printf (bio_err, "where options are\n"); - BIO_printf (bio_err, "-out file output filename\n"); - BIO_printf (bio_err, "-issuer file issuer certificate\n"); - BIO_printf (bio_err, "-cert file certificate to check\n"); - BIO_printf (bio_err, "-serial n serial number to check\n"); - BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); - BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); - BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); - BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); - BIO_printf (bio_err, "-req_text print text form of request\n"); - BIO_printf (bio_err, "-resp_text print text form of response\n"); - BIO_printf (bio_err, "-text print text form of request and response\n"); - BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); - BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); - BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); - BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); - BIO_printf (bio_err, "-nonce add OCSP nonce to request\n"); - BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n"); - BIO_printf (bio_err, "-url URL OCSP responder URL\n"); - BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n"); - BIO_printf (bio_err, "-path path to use in OCSP request\n"); - BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); - BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf (bio_err, "-VAfile file validator certificates file\n"); - BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); - BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); - BIO_printf (bio_err, "-noverify don't verify response at all\n"); - BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); - BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); - BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); - BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); - BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); - BIO_printf (bio_err, "-no_chain don't chain verify response\n"); - BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); - BIO_printf (bio_err, "-port num port to run responder on\n"); - BIO_printf (bio_err, "-index file certificate status index file\n"); - BIO_printf (bio_err, "-CA file CA certificate\n"); - BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); - BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); - BIO_printf (bio_err, "-rother file other certificates to include in response\n"); - BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); - BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); - BIO_printf (bio_err, "-ndays n number of days before next update\n"); - BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); - BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); - BIO_printf (bio_err, "- use specified digest in the request\n"); + if (!req && !reqin && !respin && !(port && ridx_filename)) + badarg = 1; + + if (badarg) { + BIO_printf(bio_err, "OCSP utility\n"); + BIO_printf(bio_err, "Usage ocsp [options]\n"); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, "-out file output filename\n"); + BIO_printf(bio_err, "-issuer file issuer certificate\n"); + BIO_printf(bio_err, "-cert file certificate to check\n"); + BIO_printf(bio_err, "-serial n serial number to check\n"); + BIO_printf(bio_err, "-signer file certificate to sign OCSP request with\n"); + BIO_printf(bio_err, "-signkey file private key to sign OCSP request with\n"); + BIO_printf(bio_err, "-sign_other file additional certificates to include in signed request\n"); + BIO_printf(bio_err, "-no_certs don't include any certificates in signed request\n"); + BIO_printf(bio_err, "-req_text print text form of request\n"); + BIO_printf(bio_err, "-resp_text print text form of response\n"); + BIO_printf(bio_err, "-text print text form of request and response\n"); + BIO_printf(bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n"); + BIO_printf(bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n"); + BIO_printf(bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n"); + BIO_printf(bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n"); + BIO_printf(bio_err, "-nonce add OCSP nonce to request\n"); + BIO_printf(bio_err, "-no_nonce don't add OCSP nonce to request\n"); + BIO_printf(bio_err, "-url URL OCSP responder URL\n"); + BIO_printf(bio_err, "-host host:n send OCSP request to host on port n\n"); + BIO_printf(bio_err, "-path path to use in OCSP request\n"); + BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, "-VAfile file validator certificates file\n"); + BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); + BIO_printf(bio_err, "-status_age n maximum status age in seconds\n"); + BIO_printf(bio_err, "-noverify don't verify response at all\n"); + BIO_printf(bio_err, "-verify_other file additional certificates to search for signer\n"); + BIO_printf(bio_err, "-trust_other don't verify additional certificates\n"); + BIO_printf(bio_err, "-no_intern don't search certificates contained in response for signer\n"); + BIO_printf(bio_err, "-no_signature_verify don't check signature on response\n"); + BIO_printf(bio_err, "-no_cert_verify don't check signing certificate\n"); + BIO_printf(bio_err, "-no_chain don't chain verify response\n"); + BIO_printf(bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); + BIO_printf(bio_err, "-port num port to run responder on\n"); + BIO_printf(bio_err, "-index file certificate status index file\n"); + BIO_printf(bio_err, "-CA file CA certificate\n"); + BIO_printf(bio_err, "-rsigner file responder certificate to sign responses with\n"); + BIO_printf(bio_err, "-rkey file responder key to sign responses with\n"); + BIO_printf(bio_err, "-rother file other certificates to include in response\n"); + BIO_printf(bio_err, "-resp_no_certs don't include any certificates in response\n"); + BIO_printf(bio_err, "-nmin n number of minutes before next update\n"); + BIO_printf(bio_err, "-ndays n number of days before next update\n"); + BIO_printf(bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); + BIO_printf(bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); + BIO_printf(bio_err, "- use specified digest in the request\n"); goto end; - } - - if(outfile) out = BIO_new_file(outfile, "w"); - else out = BIO_new_fp(stdout, BIO_NOCLOSE); + } + if (outfile) + out = BIO_new_file(outfile, "w"); + else + out = BIO_new_fp(stdout, BIO_NOCLOSE); - if(!out) - { + if (!out) { BIO_printf(bio_err, "Error opening output file\n"); goto end; - } - - if (!req && (add_nonce != 2)) add_nonce = 0; + } + if (!req && (add_nonce != 2)) + add_nonce = 0; - if (!req && reqin) - { + if (!req && reqin) { derbio = BIO_new_file(reqin, "rb"); - if (!derbio) - { + if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP request file\n"); goto end; - } + } req = d2i_OCSP_REQUEST_bio(derbio, NULL); BIO_free(derbio); - if(!req) - { + if (!req) { BIO_printf(bio_err, "Error reading OCSP request\n"); goto end; - } } - - if (!req && port) - { + } + if (!req && port) { acbio = init_responder(port); if (!acbio) goto end; - } - - if (rsignfile && !rdb) - { - if (!rkeyfile) rkeyfile = rsignfile; + } + if (rsignfile && !rdb) { + if (!rkeyfile) + rkeyfile = rsignfile; rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, - NULL, e, "responder certificate"); - if (!rsigner) - { + NULL, e, "responder certificate"); + if (!rsigner) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; - } + } rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, - NULL, e, "CA certificate"); - if (rcertfile) - { + NULL, e, "CA certificate"); + if (rcertfile) { rother = load_certs(bio_err, rcertfile, FORMAT_PEM, - NULL, e, "responder other certificates"); - if (!rother) goto end; - } + NULL, e, "responder other certificates"); + if (!rother) + goto end; + } rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, - "responder private key"); + "responder private key"); if (!rkey) goto end; - } - if(acbio) + } + if (acbio) BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); - redo_accept: +redo_accept: - if (acbio) - { + if (acbio) { if (!do_responder(&req, &cbio, acbio, port)) goto end; - if (!req) - { + if (!req) { resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); send_ocsp_response(cbio, resp); goto done_resp; - } } - - if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) - { + } + if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) { BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); goto end; - } - - if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); + } + if (req && add_nonce) + OCSP_request_add1_nonce(req, NULL, -1); - if (signfile) - { - if (!keyfile) keyfile = signfile; + if (signfile) { + if (!keyfile) + keyfile = signfile; signer = load_cert(bio_err, signfile, FORMAT_PEM, - NULL, e, "signer certificate"); - if (!signer) - { + NULL, e, "signer certificate"); + if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; - } - if (sign_certfile) - { + } + if (sign_certfile) { sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, - NULL, e, "signer certificates"); - if (!sign_other) goto end; - } + NULL, e, "signer certificates"); + if (!sign_other) + goto end; + } key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, - "signer private key"); + "signer private key"); if (!key) goto end; - if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) - { + if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) { BIO_printf(bio_err, "Error signing OCSP request\n"); goto end; - } } + } + if (req_text && req) + OCSP_REQUEST_print(out, req, 0); - if (req_text && req) OCSP_REQUEST_print(out, req, 0); - - if (reqout) - { + if (reqout) { derbio = BIO_new_file(reqout, "wb"); - if(!derbio) - { + if (!derbio) { BIO_printf(bio_err, "Error opening file %s\n", reqout); goto end; - } + } i2d_OCSP_REQUEST_bio(derbio, req); BIO_free(derbio); - } - - if (ridx_filename && (!rkey || !rsigner || !rca_cert)) - { + } + if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); goto end; - } - - if (ridx_filename && !rdb) - { + } + if (ridx_filename && !rdb) { rdb = load_index(ridx_filename, NULL); - if (!rdb) goto end; - if (!index_index(rdb)) goto end; - } - - if (rdb) - { + if (!rdb) + goto end; + if (!index_index(rdb)) + goto end; + } + if (rdb) { i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); if (cbio) send_ocsp_response(cbio, resp); - } - else if (host) - { + } else if (host) { #ifndef OPENSSL_NO_SOCK resp = process_responder(bio_err, req, host, path, - port, use_ssl, headers, req_timeout); + port, use_ssl, headers, req_timeout); if (!resp) goto end; #else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; #endif - } - else if (respin) - { + } else if (respin) { derbio = BIO_new_file(respin, "rb"); - if (!derbio) - { + if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP response file\n"); goto end; - } + } resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); BIO_free(derbio); - if(!resp) - { + if (!resp) { BIO_printf(bio_err, "Error reading OCSP response\n"); goto end; - } - } - else - { + } else { ret = 0; goto end; - } + } - done_resp: +done_resp: - if (respout) - { + if (respout) { derbio = BIO_new_file(respout, "wb"); - if(!derbio) - { + if (!derbio) { BIO_printf(bio_err, "Error opening file %s\n", respout); goto end; - } + } i2d_OCSP_RESPONSE_bio(derbio, resp); BIO_free(derbio); - } - + } i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) - { + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); + OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; ret = 0; goto end; - } - - if (resp_text) OCSP_RESPONSE_print(out, resp, 0); + } + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); /* If running as responder don't verify our own response */ - if (cbio) - { + if (cbio) { if (accept_count > 0) accept_count--; /* Redo if more connections needed */ - if (accept_count) - { + if (accept_count) { BIO_free_all(cbio); cbio = NULL; OCSP_REQUEST_free(req); @@ -836,55 +706,45 @@ int MAIN(int argc, char **argv) OCSP_RESPONSE_free(resp); resp = NULL; goto redo_accept; - } - goto end; } - + goto end; + } if (!store) store = setup_verify(bio_err, CAfile, CApath); if (!store) goto end; - if (verify_certfile) - { + if (verify_certfile) { verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, - NULL, e, "validator certificate"); - if (!verify_other) goto end; - } - + NULL, e, "validator certificate"); + if (!verify_other) + goto end; + } bs = OCSP_response_get1_basic(resp); - if (!bs) - { + if (!bs) { BIO_printf(bio_err, "Error parsing response\n"); goto end; - } - - if (!noverify) - { - if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) - { + } + if (!noverify) { + if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) { if (i == -1) BIO_printf(bio_err, "WARNING: no nonce in response\n"); - else - { + else { BIO_printf(bio_err, "Nonce Verify error\n"); goto end; - } } - + } i = OCSP_basic_verify(bs, verify_other, store, verify_flags); - if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); + if (i < 0) + i = OCSP_basic_verify(bs, NULL, store, 0); - if(i <= 0) - { + if (i <= 0) { BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); - } - else + } else BIO_printf(bio_err, "Response verify OK\n"); - } - + } if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) goto end; @@ -913,75 +773,81 @@ end: sk_X509_pop_free(verify_other, X509_free); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); - if (use_ssl != -1) - { + if (use_ssl != -1) { free(host); free(port); free(path); - } - - return(ret); + } + return (ret); } -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) - { +static int +add_ocsp_cert(OCSP_REQUEST ** req, X509 * cert, const EVP_MD * cert_id_md, X509 * issuer, + STACK_OF(OCSP_CERTID) * ids) +{ OCSP_CERTID *id; - if(!issuer) - { + if (!issuer) { BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; - } - if(!*req) *req = OCSP_REQUEST_new(); - if(!*req) goto err; + } + if (!*req) + *req = OCSP_REQUEST_new(); + if (!*req) + goto err; id = OCSP_cert_to_id(cert_id_md, cert, issuer); - if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; - if(!OCSP_request_add0_id(*req, id)) goto err; + if (!id || !sk_OCSP_CERTID_push(ids, id)) + goto err; + if (!OCSP_request_add0_id(*req, id)) + goto err; return 1; - err: +err: BIO_printf(bio_err, "Error Creating OCSP request\n"); return 0; - } +} -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) - { +static int +add_ocsp_serial(OCSP_REQUEST ** req, char *serial, const EVP_MD * cert_id_md, X509 * issuer, + STACK_OF(OCSP_CERTID) * ids) +{ OCSP_CERTID *id; X509_NAME *iname; ASN1_BIT_STRING *ikey; ASN1_INTEGER *sno; - if(!issuer) - { + if (!issuer) { BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; - } - if(!*req) *req = OCSP_REQUEST_new(); - if(!*req) goto err; + } + if (!*req) + *req = OCSP_REQUEST_new(); + if (!*req) + goto err; iname = X509_get_subject_name(issuer); ikey = X509_get0_pubkey_bitstr(issuer); sno = s2i_ASN1_INTEGER(NULL, serial); - if(!sno) - { + if (!sno) { BIO_printf(bio_err, "Error converting serial number %s\n", serial); return 0; - } + } id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); ASN1_INTEGER_free(sno); - if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; - if(!OCSP_request_add0_id(*req, id)) goto err; + if (!id || !sk_OCSP_CERTID_push(ids, id)) + goto err; + if (!OCSP_request_add0_id(*req, id)) + goto err; return 1; - err: +err: BIO_printf(bio_err, "Error Creating OCSP request\n"); return 0; - } +} -static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage) - { +static int +print_ocsp_summary(BIO * out, OCSP_BASICRESP * bs, OCSP_REQUEST * req, + STACK_OF(OPENSSL_STRING) * names, + STACK_OF(OCSP_CERTID) * ids, long nsec, + long maxage) +{ OCSP_CERTID *id; char *name; int i; @@ -993,61 +859,57 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) return 1; - for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) - { + for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) { id = sk_OCSP_CERTID_value(ids, i); name = sk_OPENSSL_STRING_value(names, i); BIO_printf(out, "%s: ", name); - if(!OCSP_resp_find_status(bs, id, &status, &reason, - &rev, &thisupd, &nextupd)) - { + if (!OCSP_resp_find_status(bs, id, &status, &reason, + &rev, &thisupd, &nextupd)) { BIO_puts(out, "ERROR: No Status found.\n"); continue; - } - - /* Check validity: if invalid write to output BIO so we - * know which response this refers to. + } + /* + * Check validity: if invalid write to output BIO so we know + * which response this refers to. */ - if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) - { + if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) { BIO_puts(out, "WARNING: Status times invalid.\n"); ERR_print_errors(out); - } + } BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); BIO_puts(out, "\tThis Update: "); ASN1_GENERALIZEDTIME_print(out, thisupd); BIO_puts(out, "\n"); - if(nextupd) - { + if (nextupd) { BIO_puts(out, "\tNext Update: "); ASN1_GENERALIZEDTIME_print(out, nextupd); BIO_puts(out, "\n"); - } - + } if (status != V_OCSP_CERTSTATUS_REVOKED) continue; if (reason != -1) BIO_printf(out, "\tReason: %s\n", - OCSP_crl_reason_str(reason)); + OCSP_crl_reason_str(reason)); BIO_puts(out, "\tRevocation Time: "); ASN1_GENERALIZEDTIME_print(out, rev); BIO_puts(out, "\n"); - } + } return 1; - } +} -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, - X509 *ca, X509 *rcert, EVP_PKEY *rkey, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays) - { +static int +make_ocsp_response(OCSP_RESPONSE ** resp, OCSP_REQUEST * req, CA_DB * db, + X509 * ca, X509 * rcert, EVP_PKEY * rkey, + STACK_OF(X509) * rother, unsigned long flags, + int nmin, int ndays) +{ ASN1_TIME *thisupd = NULL, *nextupd = NULL; OCSP_CERTID *cid, *ca_id = NULL; OCSP_BASICRESP *bs = NULL; @@ -1055,21 +917,17 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db id_count = OCSP_request_onereq_count(req); - if (id_count <= 0) - { + if (id_count <= 0) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); goto end; - } - - + } bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 ); + nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); /* Examine each certificate id in the request */ - for (i = 0; i < id_count; i++) - { + for (i = 0; i < id_count; i++) { OCSP_ONEREQ *one; ASN1_INTEGER *serial; char **inf; @@ -1078,41 +936,39 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db one = OCSP_request_onereq_get0(req, i); cid = OCSP_onereq_get0_id(one); - OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); + OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid); - cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); - if (! cert_id_md) - { + cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); + if (!cert_id_md) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); - goto end; - } - if (ca_id) OCSP_CERTID_free(ca_id); + NULL); + goto end; + } + if (ca_id) + OCSP_CERTID_free(ca_id); ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); /* Is this request about our CA? */ - if (OCSP_id_issuer_cmp(ca_id, cid)) - { + if (OCSP_id_issuer_cmp(ca_id, cid)) { OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, - thisupd, nextupd); + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, + thisupd, nextupd); continue; - } + } OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); inf = lookup_serial(db, serial); if (!inf) OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, - thisupd, nextupd); + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, + thisupd, nextupd); else if (inf[DB_type][0] == DB_TYPE_VAL) OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_GOOD, - 0, NULL, - thisupd, nextupd); - else if (inf[DB_type][0] == DB_TYPE_REV) - { + V_OCSP_CERTSTATUS_GOOD, + 0, NULL, + thisupd, nextupd); + else if (inf[DB_type][0] == DB_TYPE_REV) { ASN1_OBJECT *inst = NULL; ASN1_TIME *revtm = NULL; ASN1_GENERALIZEDTIME *invtm = NULL; @@ -1120,9 +976,9 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db int reason = -1; unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); single = OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_REVOKED, - reason, revtm, - thisupd, nextupd); + V_OCSP_CERTSTATUS_REVOKED, + reason, revtm, + thisupd, nextupd); if (invtm) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); else if (inst) @@ -1130,50 +986,54 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db ASN1_OBJECT_free(inst); ASN1_TIME_free(revtm); ASN1_GENERALIZEDTIME_free(invtm); - } } + } OCSP_copy_nonce(bs, req); - + OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); - end: +end: ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); OCSP_CERTID_free(ca_id); OCSP_BASICRESP_free(bs); return ret; - } +} -static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) - { +static char ** +lookup_serial(CA_DB * db, ASN1_INTEGER * ser) +{ int i; BIGNUM *bn = NULL; - char *itmp, *row[DB_NUMBER],**rrow; - for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; - bn = ASN1_INTEGER_to_BN(ser,NULL); - OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ + char *itmp, *row[DB_NUMBER], **rrow; + for (i = 0; i < DB_NUMBER; i++) + row[i] = NULL; + bn = ASN1_INTEGER_to_BN(ser, NULL); + OPENSSL_assert(bn); /* FIXME: should report an error at this + * point and abort */ if (BN_is_zero(bn)) itmp = BUF_strdup("00"); else itmp = BN_bn2hex(bn); row[DB_serial] = itmp; BN_free(bn); - rrow=TXT_DB_get_by_index(db->db,DB_serial,row); + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); free(itmp); return rrow; - } +} /* Quick and dirty OCSP server: read in and parse input request */ -static BIO *init_responder(char *port) - { +static BIO * +init_responder(char *port) +{ BIO *acbio = NULL, *bufbio = NULL; bufbio = BIO_new(BIO_f_buffer()); - if (!bufbio) + if (!bufbio) goto err; #ifndef OPENSSL_NO_SOCK acbio = BIO_new_accept(port); @@ -1185,91 +1045,85 @@ static BIO *init_responder(char *port) BIO_set_accept_bios(acbio, bufbio); bufbio = NULL; - if (BIO_do_accept(acbio) <= 0) - { - BIO_printf(bio_err, "Error setting up accept BIO\n"); - ERR_print_errors(bio_err); - goto err; - } - + if (BIO_do_accept(acbio) <= 0) { + BIO_printf(bio_err, "Error setting up accept BIO\n"); + ERR_print_errors(bio_err); + goto err; + } return acbio; - err: +err: BIO_free_all(acbio); BIO_free(bufbio); return NULL; - } +} -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port) - { +static int +do_responder(OCSP_REQUEST ** preq, BIO ** pcbio, BIO * acbio, char *port) +{ int have_post = 0, len; OCSP_REQUEST *req = NULL; char inbuf[1024]; BIO *cbio = NULL; - if (BIO_do_accept(acbio) <= 0) - { - BIO_printf(bio_err, "Error accepting connection\n"); - ERR_print_errors(bio_err); - return 0; - } - + if (BIO_do_accept(acbio) <= 0) { + BIO_printf(bio_err, "Error accepting connection\n"); + ERR_print_errors(bio_err); + return 0; + } cbio = BIO_pop(acbio); *pcbio = cbio; - for(;;) - { + for (;;) { len = BIO_gets(cbio, inbuf, sizeof inbuf); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ - if (!have_post) - { - if(strncmp(inbuf, "POST", 4)) - { + if (!have_post) { + if (strncmp(inbuf, "POST", 4)) { BIO_printf(bio_err, "Invalid request\n"); return 1; - } - have_post = 1; } + have_post = 1; + } /* Look for end of headers */ if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) break; - } + } /* Try to read OCSP request */ req = d2i_OCSP_REQUEST_bio(cbio, NULL); - if (!req) - { + if (!req) { BIO_printf(bio_err, "Error parsing OCSP request\n"); ERR_print_errors(bio_err); - } - + } *preq = req; return 1; - } +} -static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) - { - static const char http_resp[] = - "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" - "Content-Length: %d\r\n\r\n"; +static int +send_ocsp_response(BIO * cbio, OCSP_RESPONSE * resp) +{ + static const char http_resp[] = + "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" + "Content-Length: %d\r\n\r\n"; if (!cbio) return 0; BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); i2d_OCSP_RESPONSE_bio(cbio, resp); - (void)BIO_flush(cbio); + (void) BIO_flush(cbio); return 1; - } +} -static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, - STACK_OF(CONF_VALUE) *headers, - OCSP_REQUEST *req, int req_timeout) - { +static OCSP_RESPONSE * +query_responder(BIO * err, BIO * cbio, char *path, + STACK_OF(CONF_VALUE) * headers, + OCSP_REQUEST * req, int req_timeout) +{ int fd; int rv; int i; @@ -1283,49 +1137,39 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, rv = BIO_do_connect(cbio); - if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) - { + if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) { BIO_puts(err, "Error connecting BIO\n"); return NULL; - } - - if (BIO_get_fd(cbio, &fd) <= 0) - { + } + if (BIO_get_fd(cbio, &fd) <= 0) { BIO_puts(err, "Can't get connection fd\n"); goto err; - } - - if (req_timeout != -1 && rv <= 0) - { + } + if (req_timeout != -1 && rv <= 0) { FD_ZERO(&confds); openssl_fdset(fd, &confds); tv.tv_usec = 0; tv.tv_sec = req_timeout; - rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); - if (rv == 0) - { + rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv); + if (rv == 0) { BIO_puts(err, "Timeout on connect\n"); return NULL; - } } - - + } ctx = OCSP_sendreq_new(cbio, path, NULL, -1); if (!ctx) return NULL; - for (i = 0; i < sk_CONF_VALUE_num(headers); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) goto err; - } + } if (!OCSP_REQ_CTX_set1_req(ctx, req)) goto err; - - for (;;) - { + + for (;;) { rv = OCSP_sendreq_nbio(&rsp, ctx); if (rv != -1) break; @@ -1336,70 +1180,65 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, tv.tv_usec = 0; tv.tv_sec = req_timeout; if (BIO_should_read(cbio)) - rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); + rv = select(fd + 1, (void *) &confds, NULL, NULL, &tv); else if (BIO_should_write(cbio)) - rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); - else - { + rv = select(fd + 1, NULL, (void *) &confds, NULL, &tv); + else { BIO_puts(err, "Unexpected retry condition\n"); goto err; - } - if (rv == 0) - { + } + if (rv == 0) { BIO_puts(err, "Timeout on request\n"); break; - } - if (rv == -1) - { + } + if (rv == -1) { BIO_puts(err, "Select error\n"); break; - } - } - err: + } +err: if (ctx) OCSP_REQ_CTX_free(ctx); return rsp; - } +} -OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, - char *host, char *path, char *port, int use_ssl, - STACK_OF(CONF_VALUE) *headers, - int req_timeout) - { +OCSP_RESPONSE * +process_responder(BIO * err, OCSP_REQUEST * req, + char *host, char *path, char *port, int use_ssl, + STACK_OF(CONF_VALUE) * headers, + int req_timeout) +{ BIO *cbio = NULL; SSL_CTX *ctx = NULL; OCSP_RESPONSE *resp = NULL; cbio = BIO_new_connect(host); - if (!cbio) - { + if (!cbio) { BIO_printf(err, "Error creating connect BIO\n"); goto end; - } - if (port) BIO_set_conn_port(cbio, port); - if (use_ssl == 1) - { + } + if (port) + BIO_set_conn_port(cbio, port); + if (use_ssl == 1) { BIO *sbio; ctx = SSL_CTX_new(SSLv23_client_method()); - if (ctx == NULL) - { + if (ctx == NULL) { BIO_printf(err, "Error creating SSL context.\n"); goto end; - } + } SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); sbio = BIO_new_ssl(ctx, 1); cbio = BIO_push(sbio, cbio); - } + } resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) BIO_printf(bio_err, "Error querying OCSP responder\n"); - end: +end: if (cbio) BIO_free_all(cbio); if (ctx) SSL_CTX_free(ctx); return resp; - } +} #endif diff --git a/lib/libssl/src/apps/openssl.c b/lib/libssl/src/apps/openssl.c index 8b2f699cba8..9f01e3c5766 100644 --- a/lib/libssl/src/apps/openssl.c +++ b/lib/libssl/src/apps/openssl.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -113,7 +113,8 @@ #include #include #include -#define OPENSSL_C /* tells apps.h to use complete apps_startup() */ +#define OPENSSL_C /* tells apps.h to use complete + * apps_startup() */ #include "apps.h" #include #include @@ -135,256 +136,236 @@ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper * functions. */ -static LHASH_OF(FUNCTION) *prog_init(void ); -static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]); -static void list_pkey(BIO *out); -static void list_cipher(BIO *out); -static void list_md(BIO *out); -char *default_config_file=NULL; +static LHASH_OF(FUNCTION) * prog_init(void); +static int do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]); +static void list_pkey(BIO * out); +static void list_cipher(BIO * out); +static void list_md(BIO * out); +char *default_config_file = NULL; -CONF *config=NULL; -BIO *bio_err=NULL; +CONF *config = NULL; +BIO *bio_err = NULL; -static void lock_dbg_cb(int mode, int type, const char *file, int line) - { - static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ +static void +lock_dbg_cb(int mode, int type, const char *file, int line) +{ + static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ const char *errstr = NULL; int rw; - - rw = mode & (CRYPTO_READ|CRYPTO_WRITE); - if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) - { + + rw = mode & (CRYPTO_READ | CRYPTO_WRITE); + if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) { errstr = "invalid mode"; goto err; - } - - if (type < 0 || type >= CRYPTO_NUM_LOCKS) - { + } + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; - } - - if (mode & CRYPTO_LOCK) - { - if (modes[type]) - { + } + if (mode & CRYPTO_LOCK) { + if (modes[type]) { errstr = "already locked"; - /* must not happen in a single-threaded program - * (would deadlock) */ + /* + * must not happen in a single-threaded program + * (would deadlock) + */ goto err; - } - - modes[type] = rw; } - else if (mode & CRYPTO_UNLOCK) - { - if (!modes[type]) - { + modes[type] = rw; + } else if (mode & CRYPTO_UNLOCK) { + if (!modes[type]) { errstr = "not locked"; goto err; - } - - if (modes[type] != rw) - { + } + if (modes[type] != rw) { errstr = (rw == CRYPTO_READ) ? - "CRYPTO_r_unlock on write lock" : - "CRYPTO_w_unlock on read lock"; - } - - modes[type] = 0; + "CRYPTO_r_unlock on write lock" : + "CRYPTO_w_unlock on read lock"; } - else - { + modes[type] = 0; + } else { errstr = "invalid mode"; goto err; - } + } - err: - if (errstr) - { +err: + if (errstr) { /* we cannot use bio_err here */ fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", - errstr, mode, type, file, line); - } + errstr, mode, type, file, line); } +} -# define ARGV Argv +#define ARGV Argv -int main(int Argc, char *ARGV[]) - { +int +main(int Argc, char *ARGV[]) +{ ARGS arg; #define PROG_NAME_SIZE 39 - char pname[PROG_NAME_SIZE+1]; - FUNCTION f,*fp; + char pname[PROG_NAME_SIZE + 1]; + FUNCTION f, *fp; const char *prompt; char buf[1024]; - char *to_free=NULL; - int n,i,ret=0; + char *to_free = NULL; + int n, i, ret = 0; int argc; - char **argv,*p; - LHASH_OF(FUNCTION) *prog=NULL; + char **argv, *p; + LHASH_OF(FUNCTION) * prog = NULL; long errline; - arg.data=NULL; - arg.count=0; + arg.data = NULL; + arg.count = 0; if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */ - { - if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) - { + if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use + * compiled-in library + * defaults */ + if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) { CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { + } else { /* OPENSSL_DEBUG_MEMORY=off */ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } } + } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #if 0 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) #endif - { + { CRYPTO_set_locking_callback(lock_dbg_cb); - } - - if(getenv("OPENSSL_FIPS")) { + } + if (getenv("OPENSSL_FIPS")) { #ifdef OPENSSL_FIPS if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); exit(1); } #else fprintf(stderr, "FIPS mode not supported.\n"); exit(1); #endif - } - + } apps_startup(); /* Lets load up our environment a little */ - p=getenv("OPENSSL_CONF"); + p = getenv("OPENSSL_CONF"); if (p == NULL) - p=getenv("SSLEAY_CONF"); + p = getenv("SSLEAY_CONF"); if (p == NULL) - p=to_free=make_config_name(); + p = to_free = make_config_name(); - default_config_file=p; + default_config_file = p; - config=NCONF_new(NULL); - i=NCONF_load(config,p,&errline); - if (i == 0) - { + config = NCONF_new(NULL); + i = NCONF_load(config, p, &errline); + if (i == 0) { if (ERR_GET_REASON(ERR_peek_last_error()) - == CONF_R_NO_SUCH_FILE) - { + == CONF_R_NO_SUCH_FILE) { BIO_printf(bio_err, - "WARNING: can't open config file: %s\n",p); + "WARNING: can't open config file: %s\n", p); ERR_clear_error(); NCONF_free(config); config = NULL; - } - else - { + } else { ERR_print_errors(bio_err); NCONF_free(config); exit(1); - } } - - prog=prog_init(); + } + prog = prog_init(); /* first check the program name */ - program_name(Argv[0],pname,sizeof pname); - - f.name=pname; - fp=lh_FUNCTION_retrieve(prog,&f); - if (fp != NULL) - { - Argv[0]=pname; - ret=fp->func(Argc,Argv); - goto end; - } + program_name(Argv[0], pname, sizeof pname); - /* ok, now check that there are not arguments, if there are, - * run with them, shifting the ssleay off the front */ - if (Argc != 1) - { + f.name = pname; + fp = lh_FUNCTION_retrieve(prog, &f); + if (fp != NULL) { + Argv[0] = pname; + ret = fp->func(Argc, Argv); + goto end; + } + /* + * ok, now check that there are not arguments, if there are, run with + * them, shifting the ssleay off the front + */ + if (Argc != 1) { Argc--; Argv++; - ret=do_cmd(prog,Argc,Argv); - if (ret < 0) ret=0; + ret = do_cmd(prog, Argc, Argv); + if (ret < 0) + ret = 0; goto end; - } - + } /* ok, lets enter the old 'OpenSSL>' mode */ - - for (;;) - { - ret=0; - p=buf; - n=sizeof buf; - i=0; - for (;;) - { - p[0]='\0'; + + for (;;) { + ret = 0; + p = buf; + n = sizeof buf; + i = 0; + for (;;) { + p[0] = '\0'; if (i++) - prompt=">"; - else prompt="OpenSSL> "; - fputs(prompt,stdout); + prompt = ">"; + else + prompt = "OpenSSL> "; + fputs(prompt, stdout); fflush(stdout); - if (!fgets(p,n,stdin)) + if (!fgets(p, n, stdin)) goto end; - if (p[0] == '\0') goto end; - i=strlen(p); - if (i <= 1) break; - if (p[i-2] != '\\') break; - i-=2; - p+=i; - n-=i; - } - if (!chopup_args(&arg,buf,&argc,&argv)) break; + if (p[0] == '\0') + goto end; + i = strlen(p); + if (i <= 1) + break; + if (p[i - 2] != '\\') + break; + i -= 2; + p += i; + n -= i; + } + if (!chopup_args(&arg, buf, &argc, &argv)) + break; - ret=do_cmd(prog,argc,argv); - if (ret < 0) - { - ret=0; + ret = do_cmd(prog, argc, argv); + if (ret < 0) { + ret = 0; goto end; - } - if (ret != 0) - BIO_printf(bio_err,"error in %s\n",argv[0]); - (void)BIO_flush(bio_err); } - BIO_printf(bio_err,"bad exit\n"); - ret=1; + if (ret != 0) + BIO_printf(bio_err, "error in %s\n", argv[0]); + (void) BIO_flush(bio_err); + } + BIO_printf(bio_err, "bad exit\n"); + ret = 1; end: if (to_free) free(to_free); - if (config != NULL) - { + if (config != NULL) { NCONF_free(config); - config=NULL; - } - if (prog != NULL) lh_FUNCTION_free(prog); - if (arg.data != NULL) free(arg.data); + config = NULL; + } + if (prog != NULL) + lh_FUNCTION_free(prog); + if (arg.data != NULL) + free(arg.data); apps_shutdown(); CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) - { + if (bio_err != NULL) { BIO_free(bio_err); - bio_err=NULL; - } - return(ret); + bio_err = NULL; } + return (ret); +} #define LIST_STANDARD_COMMANDS "list-standard-commands" #define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" @@ -394,257 +375,241 @@ end: #define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms" -static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) - { - FUNCTION f,*fp; - int i,ret=1,tp,nl; - - if ((argc <= 0) || (argv[0] == NULL)) - { ret=0; goto end; } - f.name=argv[0]; - fp=lh_FUNCTION_retrieve(prog,&f); - if (fp == NULL) - { - if (EVP_get_digestbyname(argv[0])) - { +static int +do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]) +{ + FUNCTION f, *fp; + int i, ret = 1, tp, nl; + + if ((argc <= 0) || (argv[0] == NULL)) { + ret = 0; + goto end; + } + f.name = argv[0]; + fp = lh_FUNCTION_retrieve(prog, &f); + if (fp == NULL) { + if (EVP_get_digestbyname(argv[0])) { f.type = FUNC_TYPE_MD; f.func = dgst_main; fp = &f; - } - else if (EVP_get_cipherbyname(argv[0])) - { + } else if (EVP_get_cipherbyname(argv[0])) { f.type = FUNC_TYPE_CIPHER; f.func = enc_main; fp = &f; - } } - if (fp != NULL) - { - ret=fp->func(argc,argv); - } - else if ((strncmp(argv[0],"no-",3)) == 0) - { - BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); - f.name=argv[0]+3; - ret = (lh_FUNCTION_retrieve(prog,&f) != NULL); + } + if (fp != NULL) { + ret = fp->func(argc, argv); + } else if ((strncmp(argv[0], "no-", 3)) == 0) { + BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE); + f.name = argv[0] + 3; + ret = (lh_FUNCTION_retrieve(prog, &f) != NULL); if (!ret) BIO_printf(bio_stdout, "%s\n", argv[0]); else - BIO_printf(bio_stdout, "%s\n", argv[0]+3); + BIO_printf(bio_stdout, "%s\n", argv[0] + 3); BIO_free_all(bio_stdout); goto end; - } - else if ((strcmp(argv[0],"quit") == 0) || - (strcmp(argv[0],"q") == 0) || - (strcmp(argv[0],"exit") == 0) || - (strcmp(argv[0],"bye") == 0)) - { - ret= -1; + } else if ((strcmp(argv[0], "quit") == 0) || + (strcmp(argv[0], "q") == 0) || + (strcmp(argv[0], "exit") == 0) || + (strcmp(argv[0], "bye") == 0)) { + ret = -1; goto end; - } - else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || - (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || - (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || - (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) || - (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) || - (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)) - { + } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) || + (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) || + (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || + (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0) || + (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0) || + (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) { int list_type; BIO *bio_stdout; - if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) + if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) list_type = FUNC_TYPE_GENERAL; - else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) + else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) list_type = FUNC_TYPE_MD; - else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) + else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) list_type = FUNC_TYPE_MD_ALG; - else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0) + else if (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0) list_type = FUNC_TYPE_PKEY; - else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) + else if (strcmp(argv[0], LIST_CIPHER_ALGORITHMS) == 0) list_type = FUNC_TYPE_CIPHER_ALG; - else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ + else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ list_type = FUNC_TYPE_CIPHER; - bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; if (list_type == FUNC_TYPE_PKEY) - list_pkey(bio_stdout); + list_pkey(bio_stdout); if (list_type == FUNC_TYPE_MD_ALG) - list_md(bio_stdout); + list_md(bio_stdout); if (list_type == FUNC_TYPE_CIPHER_ALG) - list_cipher(bio_stdout); - else - { - for (fp=functions; fp->name != NULL; fp++) + list_cipher(bio_stdout); + else { + for (fp = functions; fp->name != NULL; fp++) if (fp->type == list_type) BIO_printf(bio_stdout, "%s\n", - fp->name); - } + fp->name); + } BIO_free_all(bio_stdout); - ret=0; + ret = 0; goto end; - } - else - { - BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n", - argv[0]); + } else { + BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n", + argv[0]); BIO_printf(bio_err, "\nStandard commands"); - i=0; - tp=0; - for (fp=functions; fp->name != NULL; fp++) - { - nl=0; + i = 0; + tp = 0; + for (fp = functions; fp->name != NULL; fp++) { + nl = 0; #ifdef OPENSSL_NO_CAMELLIA if (((i++) % 5) == 0) #else if (((i++) % 4) == 0) #endif - { - BIO_printf(bio_err,"\n"); - nl=1; - } - if (fp->type != tp) - { - tp=fp->type; - if (!nl) BIO_printf(bio_err,"\n"); - if (tp == FUNC_TYPE_MD) - { - i=1; + { + BIO_printf(bio_err, "\n"); + nl = 1; + } + if (fp->type != tp) { + tp = fp->type; + if (!nl) + BIO_printf(bio_err, "\n"); + if (tp == FUNC_TYPE_MD) { + i = 1; BIO_printf(bio_err, - "\nMessage Digest commands (see the `dgst' command for more details)\n"); - } - else if (tp == FUNC_TYPE_CIPHER) - { - i=1; - BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); - } + "\nMessage Digest commands (see the `dgst' command for more details)\n"); + } else if (tp == FUNC_TYPE_CIPHER) { + i = 1; + BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n"); } + } #ifdef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err,"%-15s",fp->name); + BIO_printf(bio_err, "%-15s", fp->name); #else - BIO_printf(bio_err,"%-18s",fp->name); + BIO_printf(bio_err, "%-18s", fp->name); #endif - } - BIO_printf(bio_err,"\n\n"); - ret=0; } -end: - return(ret); + BIO_printf(bio_err, "\n\n"); + ret = 0; } - -static int SortFnByName(const void *_f1,const void *_f2) - { - const FUNCTION *f1=_f1; - const FUNCTION *f2=_f2; - - if(f1->type != f2->type) - return f1->type-f2->type; - return strcmp(f1->name,f2->name); - } - -static void list_pkey(BIO *out) - { +end: + return (ret); +} + +static int +SortFnByName(const void *_f1, const void *_f2) +{ + const FUNCTION *f1 = _f1; + const FUNCTION *f2 = _f2; + + if (f1->type != f2->type) + return f1->type - f2->type; + return strcmp(f1->name, f2->name); +} + +static void +list_pkey(BIO * out) +{ int i; - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) - { + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { const EVP_PKEY_ASN1_METHOD *ameth; int pkey_id, pkey_base_id, pkey_flags; const char *pinfo, *pem_str; ameth = EVP_PKEY_asn1_get0(i); EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, - &pinfo, &pem_str, ameth); - if (pkey_flags & ASN1_PKEY_ALIAS) - { - BIO_printf(out, "Name: %s\n", - OBJ_nid2ln(pkey_id)); + &pinfo, &pem_str, ameth); + if (pkey_flags & ASN1_PKEY_ALIAS) { + BIO_printf(out, "Name: %s\n", + OBJ_nid2ln(pkey_id)); BIO_printf(out, "\tType: Alias to %s\n", - OBJ_nid2ln(pkey_base_id)); - } - else - { + OBJ_nid2ln(pkey_base_id)); + } else { BIO_printf(out, "Name: %s\n", pinfo); - BIO_printf(out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? - "External" : "Builtin"); + BIO_printf(out, "\tType: %s Algorithm\n", + pkey_flags & ASN1_PKEY_DYNAMIC ? + "External" : "Builtin"); BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); if (pem_str == NULL) pem_str = "(none)"; BIO_printf(out, "\tPEM string: %s\n", pem_str); - } - } + } +} -static void list_cipher_fn(const EVP_CIPHER *c, - const char *from, const char *to, void *arg) - { +static void +list_cipher_fn(const EVP_CIPHER * c, + const char *from, const char *to, void *arg) +{ if (c) BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); - else - { + else { if (!from) from = ""; if (!to) to = ""; BIO_printf(arg, "%s => %s\n", from, to); - } } +} -static void list_cipher(BIO *out) - { +static void +list_cipher(BIO * out) +{ EVP_CIPHER_do_all_sorted(list_cipher_fn, out); - } +} -static void list_md_fn(const EVP_MD *m, - const char *from, const char *to, void *arg) - { +static void +list_md_fn(const EVP_MD * m, + const char *from, const char *to, void *arg) +{ if (m) BIO_printf(arg, "%s\n", EVP_MD_name(m)); - else - { + else { if (!from) from = ""; if (!to) to = ""; BIO_printf(arg, "%s => %s\n", from, to); - } } +} -static void list_md(BIO *out) - { +static void +list_md(BIO * out) +{ EVP_MD_do_all_sorted(list_md_fn, out); - } - -static int function_cmp(const FUNCTION *a, const FUNCTION *b) - { - return strncmp(a->name,b->name,8); - } -static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) - -static unsigned long function_hash(const FUNCTION *a) - { +} + +static int +function_cmp(const FUNCTION * a, const FUNCTION * b) +{ + return strncmp(a->name, b->name, 8); +} +static +IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) + static unsigned long function_hash(const FUNCTION * a) +{ return lh_strhash(a->name); - } -static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION) - -static LHASH_OF(FUNCTION) *prog_init(void) - { - LHASH_OF(FUNCTION) *ret; +} +static +IMPLEMENT_LHASH_HASH_FN(function, FUNCTION) + static LHASH_OF(FUNCTION) * prog_init(void) +{ + LHASH_OF(FUNCTION) * ret; FUNCTION *f; size_t i; /* Purely so it looks nice when the user hits ? */ - for(i=0,f=functions ; f->name != NULL ; ++f,++i) - ; - qsort(functions,i,sizeof *functions,SortFnByName); - - if ((ret=lh_FUNCTION_new()) == NULL) - return(NULL); + for (i = 0, f = functions; f->name != NULL; ++f, ++i); + qsort(functions, i, sizeof *functions, SortFnByName); - for (f=functions; f->name != NULL; f++) - (void)lh_FUNCTION_insert(ret,f); - return(ret); - } + if ((ret = lh_FUNCTION_new()) == NULL) + return (NULL); + for (f = functions; f->name != NULL; f++) + (void) lh_FUNCTION_insert(ret, f); + return (ret); +} diff --git a/lib/libssl/src/apps/passwd.c b/lib/libssl/src/apps/passwd.c index 7f99e3fd236..92f6b776b69 100644 --- a/lib/libssl/src/apps/passwd.c +++ b/lib/libssl/src/apps/passwd.c @@ -1,7 +1,7 @@ /* apps/passwd.c */ #if defined OPENSSL_NO_MD5 -# define NO_MD5CRYPT_1 +#define NO_MD5CRYPT_1 #endif #if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) @@ -16,10 +16,10 @@ #include #include #ifndef OPENSSL_NO_DES -# include +#include #endif #ifndef NO_MD5CRYPT_1 -# include +#include #endif @@ -27,21 +27,22 @@ #define PROG passwd_main -static unsigned const char cov_2char[64]={ +static unsigned const char cov_2char[64] = { /* from crypto/des/fcrypt.c */ - 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, - 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, - 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, - 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, - 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, - 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, - 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, - 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, + 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, + 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, + 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, + 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A }; -static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, int reverse, - size_t pw_maxlen, int usecrypt, int use1, int useapr1); +static int +do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, + char *passwd, BIO * out, int quiet, int table, int reverse, + size_t pw_maxlen, int usecrypt, int use1, int useapr1); /* -crypt - standard Unix password algorithm (default) * -1 - MD5-based password algorithm @@ -57,8 +58,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ int ret = 1; char *infile = NULL; int in_stdin = 0; @@ -76,8 +78,8 @@ int MAIN(int argc, char **argv) apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; @@ -88,45 +90,32 @@ int MAIN(int argc, char **argv) badopt = 0, opt_done = 0; i = 0; - while (!badopt && !opt_done && argv[++i] != NULL) - { + while (!badopt && !opt_done && argv[++i] != NULL) { if (strcmp(argv[i], "-crypt") == 0) usecrypt = 1; else if (strcmp(argv[i], "-1") == 0) use1 = 1; else if (strcmp(argv[i], "-apr1") == 0) useapr1 = 1; - else if (strcmp(argv[i], "-salt") == 0) - { - if ((argv[i+1] != NULL) && (salt == NULL)) - { + else if (strcmp(argv[i], "-salt") == 0) { + if ((argv[i + 1] != NULL) && (salt == NULL)) { passed_salt = 1; salt = argv[++i]; - } - else + } else badopt = 1; - } - else if (strcmp(argv[i], "-in") == 0) - { - if ((argv[i+1] != NULL) && !pw_source_defined) - { + } else if (strcmp(argv[i], "-in") == 0) { + if ((argv[i + 1] != NULL) && !pw_source_defined) { pw_source_defined = 1; infile = argv[++i]; - } - else + } else badopt = 1; - } - else if (strcmp(argv[i], "-stdin") == 0) - { - if (!pw_source_defined) - { + } else if (strcmp(argv[i], "-stdin") == 0) { + if (!pw_source_defined) { pw_source_defined = 1; in_stdin = 1; - } - else + } else badopt = 1; - } - else if (strcmp(argv[i], "-noverify") == 0) + } else if (strcmp(argv[i], "-noverify") == 0) in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; @@ -138,30 +127,30 @@ int MAIN(int argc, char **argv) badopt = 1; else if (!pw_source_defined) /* non-option arguments, use as passwords */ - { + { pw_source_defined = 1; passwds = &argv[i]; opt_done = 1; - } - else + } else badopt = 1; - } + } - if (!usecrypt && !use1 && !useapr1) /* use default */ + if (!usecrypt && !use1 && !useapr1) /* use default */ usecrypt = 1; - if (usecrypt + use1 + useapr1 > 1) /* conflict */ + if (usecrypt + use1 + useapr1 > 1) /* conflict */ badopt = 1; /* reject unsupported algorithms */ #ifdef OPENSSL_NO_DES - if (usecrypt) badopt = 1; + if (usecrypt) + badopt = 1; #endif #ifdef NO_MD5CRYPT_1 - if (use1 || useapr1) badopt = 1; + if (use1 || useapr1) + badopt = 1; #endif - if (badopt) - { + if (badopt) { BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); BIO_printf(bio_err, "where options are\n"); #ifndef OPENSSL_NO_DES @@ -178,35 +167,29 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); - - goto err; - } - if ((infile != NULL) || in_stdin) - { + goto err; + } + if ((infile != NULL) || in_stdin) { in = BIO_new(BIO_s_file()); if (in == NULL) goto err; - if (infile != NULL) - { + if (infile != NULL) { assert(in_stdin == 0); if (BIO_read_filename(in, infile) <= 0) goto err; - } - else - { + } else { assert(in_stdin); BIO_set_fp(in, stdin, BIO_NOCLOSE); - } } - + } if (usecrypt) pw_maxlen = 8; else if (use1 || useapr1) - pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ + pw_maxlen = 256;/* arbitrary limit, should be enough for most + * passwords */ - if (passwds == NULL) - { + if (passwds == NULL) { /* no passwords on the command line */ passwd_malloc_size = pw_maxlen + 2; @@ -214,65 +197,56 @@ int MAIN(int argc, char **argv) passwd = passwd_malloc = malloc(passwd_malloc_size); if (passwd_malloc == NULL) goto err; - } - - if ((in == NULL) && (passwds == NULL)) - { + } + if ((in == NULL) && (passwds == NULL)) { /* build a null-terminated list */ static char *passwds_static[2] = {NULL, NULL}; - + passwds = passwds_static; if (in == NULL) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; - } - - if (in == NULL) - { + } + if (in == NULL) { assert(passwds != NULL); assert(*passwds != NULL); - - do /* loop over list of passwords */ - { + + do { /* loop over list of passwords */ passwd = *passwds++; if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; - } - while (*passwds != NULL); } - else + while (*passwds != NULL); + } else /* in != NULL */ - { + { int done; - assert (passwd != NULL); - do - { + assert(passwd != NULL); + do { int r = BIO_gets(in, passwd, pw_maxlen + 1); - if (r > 0) - { - char *c = (strchr(passwd, '\n')) ; + if (r > 0) { + char *c = (strchr(passwd, '\n')); if (c != NULL) - *c = 0; /* truncate at newline */ - else - { + *c = 0; /* truncate at newline */ + else { /* ignore rest of line */ char trash[BUFSIZ]; do r = BIO_gets(in, trash, sizeof trash); while ((r > 0) && (!strchr(trash, '\n'))); - } - + } + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; - } - done = (r <= 0); } - while (!done); + done = (r <= 0); } + while (!done); + } ret = 0; err: @@ -286,8 +260,8 @@ err: if (out) BIO_free_all(out); apps_shutdown(); - return(ret); - } + return (ret); +} #ifndef NO_MD5CRYPT_1 @@ -301,38 +275,40 @@ err: * 'magic' string was changed -- the laziest application of the NIH principle * I've ever encountered.) */ -static char *md5crypt(const char *passwd, const char *magic, const char *salt) - { - static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ +static char * +md5crypt(const char *passwd, const char *magic, const char *salt) +{ + static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5h + * ash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n; unsigned int i; - EVP_MD_CTX md,md2; + EVP_MD_CTX md, md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); out_buf[0] = '$'; out_buf[1] = 0; - assert(strlen(magic) <= 4); /* "1" or "apr1" */ + assert(strlen(magic) <= 4); /* "1" or "apr1" */ strlcat(out_buf, magic, sizeof(out_buf)); strlcat(out_buf, "$", sizeof(out_buf)); strlcat(out_buf, salt, sizeof(out_buf)); - assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ + assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); assert(salt_len <= 8); - + EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md,EVP_md5(), NULL); + EVP_DigestInit_ex(&md, EVP_md5(), NULL); EVP_DigestUpdate(&md, passwd, passwd_len); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, magic, strlen(magic)); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, salt_out, salt_len); - + EVP_MD_CTX_init(&md2); - EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, passwd, passwd_len); @@ -341,33 +317,31 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = passwd_len; i > sizeof buf; i -= sizeof buf) EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, i); - + n = passwd_len; - while (n) - { + while (n) { EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; - } + } EVP_DigestFinal_ex(&md, buf, NULL); - for (i = 0; i < 1000; i++) - { - EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + for (i = 0; i < 1000; i++) { + EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + (i & 1) ? passwd_len : sizeof buf); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, - (i & 1) ? sizeof buf : passwd_len); + (i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); - } + } EVP_MD_CTX_cleanup(&md2); - - { + + { /* transform buf into output string */ - + unsigned char buf_perm[sizeof buf]; int dest, source; char *output; @@ -377,99 +351,96 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[dest] = buf[source]; buf_perm[14] = buf[5]; buf_perm[15] = buf[11]; -#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */ +#ifndef PEDANTIC /* Unfortunately, this generates a "no + * effect" warning */ assert(16 == sizeof buf_perm); #endif - + output = salt_out + salt_len; assert(output == out_buf + strlen(out_buf)); - + *output++ = '$'; - for (i = 0; i < 15; i += 3) - { - *output++ = cov_2char[buf_perm[i+2] & 0x3f]; - *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) | - (buf_perm[i+2] >> 6)]; + for (i = 0; i < 15; i += 3) { + *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; + *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | + (buf_perm[i + 2] >> 6)]; *output++ = cov_2char[((buf_perm[i] & 3) << 4) | - (buf_perm[i+1] >> 4)]; + (buf_perm[i + 1] >> 4)]; *output++ = cov_2char[buf_perm[i] >> 2]; - } + } assert(i == 15); *output++ = cov_2char[buf_perm[i] & 0x3f]; *output++ = cov_2char[buf_perm[i] >> 6]; *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); - } + } EVP_MD_CTX_cleanup(&md); return out_buf; - } +} #endif -static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, int reverse, - size_t pw_maxlen, int usecrypt, int use1, int useapr1) - { +static int +do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, + char *passwd, BIO * out, int quiet, int table, int reverse, + size_t pw_maxlen, int usecrypt, int use1, int useapr1) +{ char *hash = NULL; assert(salt_p != NULL); assert(salt_malloc_p != NULL); /* first make sure we have a salt */ - if (!passed_salt) - { + if (!passed_salt) { #ifndef OPENSSL_NO_DES - if (usecrypt) - { - if (*salt_malloc_p == NULL) - { + if (usecrypt) { + if (*salt_malloc_p == NULL) { *salt_p = *salt_malloc_p = malloc(3); if (*salt_malloc_p == NULL) goto err; - } - if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) + } + if (RAND_pseudo_bytes((unsigned char *) *salt_p, 2) < 0) goto err; - (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ - (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ + (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ + (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ (*salt_p)[2] = 0; - } -#endif /* !OPENSSL_NO_DES */ + } +#endif /* !OPENSSL_NO_DES */ #ifndef NO_MD5CRYPT_1 - if (use1 || useapr1) - { + if (use1 || useapr1) { int i; - - if (*salt_malloc_p == NULL) - { + + if (*salt_malloc_p == NULL) { *salt_p = *salt_malloc_p = malloc(9); if (*salt_malloc_p == NULL) goto err; - } - if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) + } + if (RAND_pseudo_bytes((unsigned char *) *salt_p, 8) < 0) goto err; - + for (i = 0; i < 8; i++) - (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ + (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[8] = 0; - } -#endif /* !NO_MD5CRYPT_1 */ } - +#endif /* !NO_MD5CRYPT_1 */ + } assert(*salt_p != NULL); - + /* truncate password if necessary */ - if ((strlen(passwd) > pw_maxlen)) - { + if ((strlen(passwd) > pw_maxlen)) { if (!quiet) - /* XXX: really we should know how to print a size_t, not cast it */ - BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); + /* + * XXX: really we should know how to print a size_t, + * not cast it + */ + BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned) pw_maxlen); passwd[pw_maxlen] = 0; - } + } assert(strlen(passwd) <= pw_maxlen); - + /* now compute password hash */ #ifndef OPENSSL_NO_DES if (usecrypt) @@ -488,15 +459,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, else BIO_printf(out, "%s\n", hash); return 1; - + err: return 0; - } +} #else -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ fputs("Program not available.\n", stderr) - return(1); - } + return (1); +} #endif diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index ca6824efcc0..783abe277e5 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -79,739 +79,786 @@ const EVP_CIPHER *enc; #define CLCERTS 0x8 #define CACERTS 0x10 -int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); -int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); -int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, - int passlen, int options, char *pempass); -int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); -int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); -void hex_prin(BIO *out, unsigned char *buf, int len); -int alg_print(BIO *x, X509_ALGOR *alg); -int cert_load(BIO *in, STACK_OF(X509) *sk); -static int set_pbe(BIO *err, int *ppbe, const char *str); - -int MAIN(int, char **); - -int MAIN(int argc, char **argv) +int get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain); +int dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass, int passlen, int options, char *pempass); +int +dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags, char *pass, + int passlen, int options, char *pempass); + int dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bags, char *pass, int passlen, int options, char *pempass); + int print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name); + void hex_prin(BIO * out, unsigned char *buf, int len); + int alg_print(BIO * x, X509_ALGOR * alg); + int cert_load(BIO * in, STACK_OF(X509) * sk); + static int set_pbe(BIO * err, int *ppbe, const char *str); + + int MAIN(int, char **); + + int MAIN(int argc, char **argv) { - ENGINE *e = NULL; - char *infile=NULL, *outfile=NULL, *keyname = NULL; - char *certfile=NULL; - BIO *in=NULL, *out = NULL; - char **args; - char *name = NULL; - char *csp_name = NULL; - int add_lmk = 0; - PKCS12 *p12 = NULL; - char pass[50], macpass[50]; - int export_cert = 0; - int options = 0; - int chain = 0; - int badarg = 0; - int iter = PKCS12_DEFAULT_ITER; - int maciter = PKCS12_DEFAULT_ITER; - int twopass = 0; - int keytype = 0; - int cert_pbe; - int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - int ret = 1; - int macver = 1; - int noprompt = 0; - STACK_OF(OPENSSL_STRING) *canames = NULL; - char *cpass = NULL, *mpass = NULL; - char *passargin = NULL, *passargout = NULL, *passarg = NULL; - char *passin = NULL, *passout = NULL; - char *inrand = NULL; - char *macalg = NULL; - char *CApath = NULL, *CAfile = NULL; + ENGINE *e = NULL; + char *infile = NULL, *outfile = NULL, *keyname = NULL; + char *certfile = NULL; + BIO *in = NULL, *out = NULL; + char **args; + char *name = NULL; + char *csp_name = NULL; + int add_lmk = 0; + PKCS12 *p12 = NULL; + char pass[50], macpass[50]; + int export_cert = 0; + int options = 0; + int chain = 0; + int badarg = 0; + int iter = PKCS12_DEFAULT_ITER; + int maciter = PKCS12_DEFAULT_ITER; + int twopass = 0; + int keytype = 0; + int cert_pbe; + int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + int ret = 1; + int macver = 1; + int noprompt = 0; + STACK_OF(OPENSSL_STRING) * canames = NULL; + char *cpass = NULL, *mpass = NULL; + char *passargin = NULL, *passargout = NULL, *passarg = NULL; + char *passin = NULL, *passout = NULL; + char *inrand = NULL; + char *macalg = NULL; + char *CApath = NULL, *CAfile = NULL; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif - apps_startup(); + apps_startup(); - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); - if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + enc = EVP_des_ede3_cbc(); + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; - args = argv + 1; - - - while (*args) { - if (*args[0] == '-') { - if (!strcmp (*args, "-nokeys")) options |= NOKEYS; - else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; - else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; - else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; - else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; - else if (!strcmp (*args, "-cacerts")) options |= CACERTS; - else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); - else if (!strcmp (*args, "-info")) options |= INFO; - else if (!strcmp (*args, "-chain")) chain = 1; - else if (!strcmp (*args, "-twopass")) twopass = 1; - else if (!strcmp (*args, "-nomacver")) macver = 0; - else if (!strcmp (*args, "-descert")) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else if (!strcmp (*args, "-export")) export_cert = 1; - else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); - else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); + args = argv + 1; + + + while (*args) { + if (*args[0] == '-') { + if (!strcmp(*args, "-nokeys")) + options |= NOKEYS; + else if (!strcmp(*args, "-keyex")) + keytype = KEY_EX; + else if (!strcmp(*args, "-keysig")) + keytype = KEY_SIG; + else if (!strcmp(*args, "-nocerts")) + options |= NOCERTS; + else if (!strcmp(*args, "-clcerts")) + options |= CLCERTS; + else if (!strcmp(*args, "-cacerts")) + options |= CACERTS; + else if (!strcmp(*args, "-noout")) + options |= (NOKEYS | NOCERTS); + else if (!strcmp(*args, "-info")) + options |= INFO; + else if (!strcmp(*args, "-chain")) + chain = 1; + else if (!strcmp(*args, "-twopass")) + twopass = 1; + else if (!strcmp(*args, "-nomacver")) + macver = 0; + else if (!strcmp(*args, "-descert")) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else if (!strcmp(*args, "-export")) + export_cert = 1; + else if (!strcmp(*args, "-des")) + enc = EVP_des_cbc(); + else if (!strcmp(*args, "-des3")) + enc = EVP_des_ede3_cbc(); #ifndef OPENSSL_NO_IDEA - else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); + else if (!strcmp(*args, "-idea")) + enc = EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_SEED - else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); + else if (!strcmp(*args, "-seed")) + enc = EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_AES - else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); - else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); - else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); + else if (!strcmp(*args, "-aes128")) + enc = EVP_aes_128_cbc(); + else if (!strcmp(*args, "-aes192")) + enc = EVP_aes_192_cbc(); + else if (!strcmp(*args, "-aes256")) + enc = EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); - else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); - else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); -#endif - else if (!strcmp (*args, "-noiter")) iter = 1; - else if (!strcmp (*args, "-maciter")) - maciter = PKCS12_DEFAULT_ITER; - else if (!strcmp (*args, "-nomaciter")) - maciter = 1; - else if (!strcmp (*args, "-nomac")) - maciter = -1; - else if (!strcmp (*args, "-macalg")) - if (args[1]) { - args++; - macalg = *args; - } else badarg = 1; - else if (!strcmp (*args, "-nodes")) enc=NULL; - else if (!strcmp (*args, "-certpbe")) { - if (!set_pbe(bio_err, &cert_pbe, *++args)) - badarg = 1; - } else if (!strcmp (*args, "-keypbe")) { - if (!set_pbe(bio_err, &key_pbe, *++args)) - badarg = 1; - } else if (!strcmp (*args, "-rand")) { - if (args[1]) { - args++; - inrand = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inkey")) { - if (args[1]) { - args++; - keyname = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-certfile")) { - if (args[1]) { - args++; - certfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-name")) { - if (args[1]) { - args++; - name = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-LMK")) - add_lmk = 1; - else if (!strcmp (*args, "-CSP")) { - if (args[1]) { - args++; - csp_name = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-caname")) { - if (args[1]) { - args++; - if (!canames) canames = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(canames, *args); - } else badarg = 1; - } else if (!strcmp (*args, "-in")) { - if (args[1]) { - args++; - infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { - if (args[1]) { - args++; - outfile = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-passin")) { - if (args[1]) { - args++; - passargin = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-passout")) { - if (args[1]) { - args++; - passargout = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-password")) { - if (args[1]) { - args++; - passarg = *args; - noprompt = 1; - } else badarg = 1; - } else if (!strcmp(*args,"-CApath")) { - if (args[1]) { - args++; - CApath = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-CAfile")) { - if (args[1]) { - args++; - CAfile = *args; - } else badarg = 1; + else if (!strcmp(*args, "-camellia128")) + enc = EVP_camellia_128_cbc(); + else if (!strcmp(*args, "-camellia192")) + enc = EVP_camellia_192_cbc(); + else if (!strcmp(*args, "-camellia256")) + enc = EVP_camellia_256_cbc(); +#endif + else if (!strcmp(*args, "-noiter")) + iter = 1; + else if (!strcmp(*args, "-maciter")) + maciter = PKCS12_DEFAULT_ITER; + else if (!strcmp(*args, "-nomaciter")) + maciter = 1; + else if (!strcmp(*args, "-nomac")) + maciter = -1; + else if (!strcmp(*args, "-macalg")) + if (args[1]) { + args++; + macalg = *args; + } else + badarg = 1; + else if (!strcmp(*args, "-nodes")) + enc = NULL; + else if (!strcmp(*args, "-certpbe")) { + if (!set_pbe(bio_err, &cert_pbe, *++args)) + badarg = 1; + } else if (!strcmp(*args, "-keypbe")) { + if (!set_pbe(bio_err, &key_pbe, *++args)) + badarg = 1; + } else if (!strcmp(*args, "-rand")) { + if (args[1]) { + args++; + inrand = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-inkey")) { + if (args[1]) { + args++; + keyname = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-certfile")) { + if (args[1]) { + args++; + certfile = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-name")) { + if (args[1]) { + args++; + name = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-LMK")) + add_lmk = 1; + else if (!strcmp(*args, "-CSP")) { + if (args[1]) { + args++; + csp_name = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-caname")) { + if (args[1]) { + args++; + if (!canames) + canames = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(canames, *args); + } else + badarg = 1; + } else if (!strcmp(*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-passin")) { + if (args[1]) { + args++; + passargin = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-passout")) { + if (args[1]) { + args++; + passargout = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-password")) { + if (args[1]) { + args++; + passarg = *args; + noprompt = 1; + } else + badarg = 1; + } else if (!strcmp(*args, "-CApath")) { + if (args[1]) { + args++; + CApath = *args; + } else + badarg = 1; + } else if (!strcmp(*args, "-CAfile")) { + if (args[1]) { + args++; + CAfile = *args; + } else + badarg = 1; #ifndef OPENSSL_NO_ENGINE - } else if (!strcmp(*args,"-engine")) { - if (args[1]) { - args++; - engine = *args; - } else badarg = 1; -#endif - } else badarg = 1; - - } else badarg = 1; - args++; - } - - if (badarg) { - BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); - BIO_printf (bio_err, "where options are\n"); - BIO_printf (bio_err, "-export output PKCS12 file\n"); - BIO_printf (bio_err, "-chain add certificate chain\n"); - BIO_printf (bio_err, "-inkey file private key if not infile\n"); - BIO_printf (bio_err, "-certfile f add all certs in f\n"); - BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n"); - BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n"); - BIO_printf (bio_err, "-name \"name\" use name as friendly name\n"); - BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); - BIO_printf (bio_err, "-in infile input filename\n"); - BIO_printf (bio_err, "-out outfile output filename\n"); - BIO_printf (bio_err, "-noout don't output anything, just verify.\n"); - BIO_printf (bio_err, "-nomacver don't verify MAC.\n"); - BIO_printf (bio_err, "-nocerts don't output certificates.\n"); - BIO_printf (bio_err, "-clcerts only output client certificates.\n"); - BIO_printf (bio_err, "-cacerts only output CA certificates.\n"); - BIO_printf (bio_err, "-nokeys don't output private keys.\n"); - BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n"); - BIO_printf (bio_err, "-des encrypt private keys with DES\n"); - BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n"); + } else if (!strcmp(*args, "-engine")) { + if (args[1]) { + args++; + engine = *args; + } else + badarg = 1; +#endif + } else + badarg = 1; + + } else + badarg = 1; + args++; + } + + if (badarg) { + BIO_printf(bio_err, "Usage: pkcs12 [options]\n"); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, "-export output PKCS12 file\n"); + BIO_printf(bio_err, "-chain add certificate chain\n"); + BIO_printf(bio_err, "-inkey file private key if not infile\n"); + BIO_printf(bio_err, "-certfile f add all certs in f\n"); + BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, "-name \"name\" use name as friendly name\n"); + BIO_printf(bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n"); + BIO_printf(bio_err, "-in infile input filename\n"); + BIO_printf(bio_err, "-out outfile output filename\n"); + BIO_printf(bio_err, "-noout don't output anything, just verify.\n"); + BIO_printf(bio_err, "-nomacver don't verify MAC.\n"); + BIO_printf(bio_err, "-nocerts don't output certificates.\n"); + BIO_printf(bio_err, "-clcerts only output client certificates.\n"); + BIO_printf(bio_err, "-cacerts only output CA certificates.\n"); + BIO_printf(bio_err, "-nokeys don't output private keys.\n"); + BIO_printf(bio_err, "-info give info about PKCS#12 structure.\n"); + BIO_printf(bio_err, "-des encrypt private keys with DES\n"); + BIO_printf(bio_err, "-des3 encrypt private keys with triple DES (default)\n"); #ifndef OPENSSL_NO_IDEA - BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); + BIO_printf(bio_err, "-idea encrypt private keys with idea\n"); #endif #ifndef OPENSSL_NO_SEED - BIO_printf (bio_err, "-seed encrypt private keys with seed\n"); + BIO_printf(bio_err, "-seed encrypt private keys with seed\n"); #endif #ifndef OPENSSL_NO_AES - BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); - BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); + BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA - BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); - BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); - BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); - BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); - BIO_printf (bio_err, "-maciter use MAC iteration\n"); - BIO_printf (bio_err, "-nomac don't generate MAC\n"); - BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); - BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); - BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); - BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); - BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n"); - BIO_printf (bio_err, "-keyex set MS key exchange type\n"); - BIO_printf (bio_err, "-keysig set MS key signature type\n"); - BIO_printf (bio_err, "-password p set import/export password source\n"); - BIO_printf (bio_err, "-passin p input file pass phrase source\n"); - BIO_printf (bio_err, "-passout p output file pass phrase source\n"); + BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); +#endif + BIO_printf(bio_err, "-nodes don't encrypt private keys\n"); + BIO_printf(bio_err, "-noiter don't use encryption iteration\n"); + BIO_printf(bio_err, "-nomaciter don't use MAC iteration\n"); + BIO_printf(bio_err, "-maciter use MAC iteration\n"); + BIO_printf(bio_err, "-nomac don't generate MAC\n"); + BIO_printf(bio_err, "-twopass separate MAC, encryption passwords\n"); + BIO_printf(bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); + BIO_printf(bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); + BIO_printf(bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); + BIO_printf(bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n"); + BIO_printf(bio_err, "-keyex set MS key exchange type\n"); + BIO_printf(bio_err, "-keysig set MS key signature type\n"); + BIO_printf(bio_err, "-password p set import/export password source\n"); + BIO_printf(bio_err, "-passin p input file pass phrase source\n"); + BIO_printf(bio_err, "-passout p output file pass phrase source\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':'); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); - BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); - BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); - goto end; - } - + BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':'); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); + BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); + goto end; + } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); -#endif - - if(passarg) { - if(export_cert) passargout = passarg; - else passargin = passarg; - } - - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - if(!cpass) { - if(export_cert) cpass = passout; - else cpass = passin; - } - - if(cpass) { - mpass = cpass; - noprompt = 1; - } else { - cpass = pass; - mpass = macpass; - } - - if(export_cert || inrand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - ERR_load_crypto_strings(); - -#ifdef CRYPTO_MDEBUG - CRYPTO_push_info("read files"); + e = setup_engine(bio_err, engine, 0); #endif - if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE); - else in = BIO_new_file(infile, "rb"); - if (!in) { - BIO_printf(bio_err, "Error opening input file %s\n", - infile ? infile : ""); - perror (infile); - goto end; - } + if (passarg) { + if (export_cert) + passargout = passarg; + else + passargin = passarg; + } + if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + if (!cpass) { + if (export_cert) + cpass = passout; + else + cpass = passin; + } + if (cpass) { + mpass = cpass; + noprompt = 1; + } else { + cpass = pass; + mpass = macpass; + } + + if (export_cert || inrand) { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + ERR_load_crypto_strings(); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("write files"); -#endif - - if (!outfile) { - out = BIO_new_fp(stdout, BIO_NOCLOSE); - } else out = BIO_new_file(outfile, "wb"); - if (!out) { - BIO_printf(bio_err, "Error opening output file %s\n", - outfile ? outfile : ""); - perror (outfile); - goto end; - } - if (twopass) { -#ifdef CRYPTO_MDEBUG - CRYPTO_push_info("read MAC password"); + CRYPTO_push_info("read files"); #endif - if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) - { - BIO_printf (bio_err, "Can't read Password\n"); - goto end; - } + + if (!infile) + in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_file(infile, "rb"); + if (!in) { + BIO_printf(bio_err, "Error opening input file %s\n", + infile ? infile : ""); + perror(infile); + goto end; + } #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); + CRYPTO_pop_info(); + CRYPTO_push_info("write files"); #endif - } - if (export_cert) { - EVP_PKEY *key = NULL; - X509 *ucert = NULL, *x = NULL; - STACK_OF(X509) *certs=NULL; - const EVP_MD *macmd = NULL; - unsigned char *catmp = NULL; - int i; - - if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) - { - BIO_printf(bio_err, "Nothing to do!\n"); - goto export_end; + if (!outfile) { + out = BIO_new_fp(stdout, BIO_NOCLOSE); + } else + out = BIO_new_file(outfile, "wb"); + if (!out) { + BIO_printf(bio_err, "Error opening output file %s\n", + outfile ? outfile : ""); + perror(outfile); + goto end; + } + if (twopass) { +#ifdef CRYPTO_MDEBUG + CRYPTO_push_info("read MAC password"); +#endif + if (EVP_read_pw_string(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto end; } - - if (options & NOCERTS) - chain = 0; - #ifdef CRYPTO_MDEBUG - CRYPTO_push_info("process -export_cert"); - CRYPTO_push_info("reading private key"); -#endif - if (!(options & NOKEYS)) - { - key = load_key(bio_err, keyname ? keyname : infile, - FORMAT_PEM, 1, passin, e, "private key"); - if (!key) + CRYPTO_pop_info(); +#endif + } + if (export_cert) { + EVP_PKEY *key = NULL; + X509 *ucert = NULL, *x = NULL; + STACK_OF(X509) * certs = NULL; + const EVP_MD *macmd = NULL; + unsigned char *catmp = NULL; + int i; + + if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { + BIO_printf(bio_err, "Nothing to do!\n"); goto export_end; } + if (options & NOCERTS) + chain = 0; #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from input"); + CRYPTO_push_info("process -export_cert"); + CRYPTO_push_info("reading private key"); +#endif + if (!(options & NOKEYS)) { + key = load_key(bio_err, keyname ? keyname : infile, + FORMAT_PEM, 1, passin, e, "private key"); + if (!key) + goto export_end; + } +#ifdef CRYPTO_MDEBUG + CRYPTO_pop_info(); + CRYPTO_push_info("reading certs from input"); #endif - /* Load in all certs in input file */ - if(!(options & NOCERTS)) - { - certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, - "certificates"); - if (!certs) - goto export_end; + /* Load in all certs in input file */ + if (!(options & NOCERTS)) { + certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, + "certificates"); + if (!certs) + goto export_end; - if (key) - { - /* Look for matching private key */ - for(i = 0; i < sk_X509_num(certs); i++) - { - x = sk_X509_value(certs, i); - if(X509_check_private_key(x, key)) - { - ucert = x; - /* Zero keyid and alias */ - X509_keyid_set1(ucert, NULL, 0); - X509_alias_set1(ucert, NULL, 0); - /* Remove from list */ - (void)sk_X509_delete(certs, i); - break; + if (key) { + /* Look for matching private key */ + for (i = 0; i < sk_X509_num(certs); i++) { + x = sk_X509_value(certs, i); + if (X509_check_private_key(x, key)) { + ucert = x; + /* Zero keyid and alias */ + X509_keyid_set1(ucert, NULL, 0); + X509_alias_set1(ucert, NULL, 0); + /* Remove from list */ + (void) sk_X509_delete(certs, i); + break; } } - if (!ucert) - { - BIO_printf(bio_err, "No certificate matches private key\n"); - goto export_end; + if (!ucert) { + BIO_printf(bio_err, "No certificate matches private key\n"); + goto export_end; } } - } - #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from input 2"); + CRYPTO_pop_info(); + CRYPTO_push_info("reading certs from input 2"); #endif - /* Add any more certificates asked for */ - if(certfile) - { - STACK_OF(X509) *morecerts=NULL; - if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, - NULL, e, - "certificates from certfile"))) - goto export_end; - while(sk_X509_num(morecerts) > 0) - sk_X509_push(certs, sk_X509_shift(morecerts)); - sk_X509_free(morecerts); - } - + /* Add any more certificates asked for */ + if (certfile) { + STACK_OF(X509) * morecerts = NULL; + if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, + NULL, e, + "certificates from certfile"))) + goto export_end; + while (sk_X509_num(morecerts) > 0) + sk_X509_push(certs, sk_X509_shift(morecerts)); + sk_X509_free(morecerts); + } #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading certs from certfile"); + CRYPTO_pop_info(); + CRYPTO_push_info("reading certs from certfile"); #endif #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("building chain"); + CRYPTO_pop_info(); + CRYPTO_push_info("building chain"); #endif - /* If chaining get chain from user cert */ - if (chain) { - int vret; - STACK_OF(X509) *chain2; - X509_STORE *store = X509_STORE_new(); - if (!store) - { - BIO_printf (bio_err, "Memory allocation error\n"); - goto export_end; + /* If chaining get chain from user cert */ + if (chain) { + int vret; + STACK_OF(X509) * chain2; + X509_STORE *store = X509_STORE_new(); + if (!store) { + BIO_printf(bio_err, "Memory allocation error\n"); + goto export_end; } - if (!X509_STORE_load_locations(store, CAfile, CApath)) - X509_STORE_set_default_paths (store); - - vret = get_cert_chain (ucert, store, &chain2); - X509_STORE_free(store); - - if (!vret) { - /* Exclude verified certificate */ - for (i = 1; i < sk_X509_num (chain2) ; i++) - sk_X509_push(certs, sk_X509_value (chain2, i)); - /* Free first certificate */ - X509_free(sk_X509_value(chain2, 0)); - sk_X509_free(chain2); - } else { - if (vret >= 0) - BIO_printf (bio_err, "Error %s getting chain.\n", - X509_verify_cert_error_string(vret)); - else - ERR_print_errors(bio_err); - goto export_end; - } - } - - /* Add any CA names */ + if (!X509_STORE_load_locations(store, CAfile, CApath)) + X509_STORE_set_default_paths(store); + + vret = get_cert_chain(ucert, store, &chain2); + X509_STORE_free(store); + + if (!vret) { + /* Exclude verified certificate */ + for (i = 1; i < sk_X509_num(chain2); i++) + sk_X509_push(certs, sk_X509_value(chain2, i)); + /* Free first certificate */ + X509_free(sk_X509_value(chain2, 0)); + sk_X509_free(chain2); + } else { + if (vret >= 0) + BIO_printf(bio_err, "Error %s getting chain.\n", + X509_verify_cert_error_string(vret)); + else + ERR_print_errors(bio_err); + goto export_end; + } + } + /* Add any CA names */ - for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) - { - catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); - X509_alias_set1(sk_X509_value(certs, i), catmp, -1); + for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { + catmp = (unsigned char *) sk_OPENSSL_STRING_value(canames, i); + X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } - if (csp_name && key) - EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)csp_name, -1); + if (csp_name && key) + EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *) csp_name, -1); - if (add_lmk && key) - EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); + if (add_lmk && key) + EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("reading password"); + CRYPTO_pop_info(); + CRYPTO_push_info("reading password"); #endif - if(!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) - { - BIO_printf (bio_err, "Can't read Password\n"); - goto export_end; - } - if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); + if (!noprompt && + EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto export_end; + } + if (!twopass) + BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("creating PKCS#12 structure"); + CRYPTO_pop_info(); + CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_create(cpass, name, key, ucert, certs, - key_pbe, cert_pbe, iter, -1, keytype); + p12 = PKCS12_create(cpass, name, key, ucert, certs, + key_pbe, cert_pbe, iter, -1, keytype); - if (!p12) - { - ERR_print_errors (bio_err); - goto export_end; + if (!p12) { + ERR_print_errors(bio_err); + goto export_end; } - - if (macalg) - { - macmd = EVP_get_digestbyname(macalg); - if (!macmd) - { - BIO_printf(bio_err, "Unknown digest algorithm %s\n", - macalg); + if (macalg) { + macmd = EVP_get_digestbyname(macalg); + if (!macmd) { + BIO_printf(bio_err, "Unknown digest algorithm %s\n", + macalg); } } - - if (maciter != -1) - PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); + if (maciter != -1) + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_push_info("writing pkcs12"); + CRYPTO_pop_info(); + CRYPTO_push_info("writing pkcs12"); #endif - i2d_PKCS12_bio(out, p12); + i2d_PKCS12_bio(out, p12); - ret = 0; + ret = 0; - export_end: +export_end: #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); - CRYPTO_pop_info(); - CRYPTO_push_info("process -export_cert: freeing"); + CRYPTO_pop_info(); + CRYPTO_pop_info(); + CRYPTO_push_info("process -export_cert: freeing"); #endif - if (key) EVP_PKEY_free(key); - if (certs) sk_X509_pop_free(certs, X509_free); - if (ucert) X509_free(ucert); + if (key) + EVP_PKEY_free(key); + if (certs) + sk_X509_pop_free(certs, X509_free); + if (ucert) + X509_free(ucert); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); + CRYPTO_pop_info(); #endif - goto end; - - } - - if (!(p12 = d2i_PKCS12_bio (in, NULL))) { - ERR_print_errors(bio_err); - goto end; - } + goto end; + } + if (!(p12 = d2i_PKCS12_bio(in, NULL))) { + ERR_print_errors(bio_err); + goto end; + } #ifdef CRYPTO_MDEBUG - CRYPTO_push_info("read import password"); + CRYPTO_push_info("read import password"); #endif - if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { - BIO_printf (bio_err, "Can't read Password\n"); - goto end; - } + if (!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto end; + } #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); + CRYPTO_pop_info(); #endif - if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); + if (!twopass) + BUF_strlcpy(macpass, pass, sizeof macpass); - if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); - if(macver) { + if ((options & INFO) && p12->mac) + BIO_printf(bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); + if (macver) { #ifdef CRYPTO_MDEBUG - CRYPTO_push_info("verify MAC"); -#endif - /* If we enter empty password try no password first */ - if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { - /* If mac and crypto pass the same set it to NULL too */ - if(!twopass) cpass = NULL; - } else if (!PKCS12_verify_mac(p12, mpass, -1)) { - BIO_printf (bio_err, "Mac verify error: invalid password?\n"); - ERR_print_errors (bio_err); - goto end; - } - BIO_printf (bio_err, "MAC verified OK\n"); + CRYPTO_push_info("verify MAC"); +#endif + /* If we enter empty password try no password first */ + if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + /* If mac and crypto pass the same set it to NULL too */ + if (!twopass) + cpass = NULL; + } else if (!PKCS12_verify_mac(p12, mpass, -1)) { + BIO_printf(bio_err, "Mac verify error: invalid password?\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err, "MAC verified OK\n"); #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); + CRYPTO_pop_info(); #endif - } - + } #ifdef CRYPTO_MDEBUG - CRYPTO_push_info("output keys and certificates"); + CRYPTO_push_info("output keys and certificates"); #endif - if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) { - BIO_printf(bio_err, "Error outputting keys and certificates\n"); - ERR_print_errors (bio_err); - goto end; - } + if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) { + BIO_printf(bio_err, "Error outputting keys and certificates\n"); + ERR_print_errors(bio_err); + goto end; + } #ifdef CRYPTO_MDEBUG - CRYPTO_pop_info(); + CRYPTO_pop_info(); #endif - ret = 0; - end: - if (p12) PKCS12_free(p12); - if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); + ret = 0; +end: + if (p12) + PKCS12_free(p12); + if (export_cert || inrand) + app_RAND_write_file(NULL, bio_err); #ifdef CRYPTO_MDEBUG - CRYPTO_remove_all_info(); -#endif - BIO_free(in); - BIO_free_all(out); - if (canames) sk_OPENSSL_STRING_free(canames); - if(passin) free(passin); - if(passout) free(passout); - apps_shutdown(); - return(ret); + CRYPTO_remove_all_info(); +#endif + BIO_free(in); + BIO_free_all(out); + if (canames) + sk_OPENSSL_STRING_free(canames); + if (passin) + free(passin); + if (passout) + free(passout); + apps_shutdown(); + return (ret); } -int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, - int passlen, int options, char *pempass) +int +dump_certs_keys_p12(BIO * out, PKCS12 * p12, char *pass, + int passlen, int options, char *pempass) { - STACK_OF(PKCS7) *asafes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags; + STACK_OF(PKCS7) * asafes = NULL; + STACK_OF(PKCS12_SAFEBAG) * bags; int i, bagnid; int ret = 0; PKCS7 *p7; - if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0; - for (i = 0; i < sk_PKCS7_num (asafes); i++) { - p7 = sk_PKCS7_value (asafes, i); - bagnid = OBJ_obj2nid (p7->type); + if (!(asafes = PKCS12_unpack_authsafes(p12))) + return 0; + for (i = 0; i < sk_PKCS7_num(asafes); i++) { + p7 = sk_PKCS7_value(asafes, i); + bagnid = OBJ_obj2nid(p7->type); if (bagnid == NID_pkcs7_data) { bags = PKCS12_unpack_p7data(p7); - if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n"); + if (options & INFO) + BIO_printf(bio_err, "PKCS7 Data\n"); } else if (bagnid == NID_pkcs7_encrypted) { if (options & INFO) { BIO_printf(bio_err, "PKCS7 Encrypted data: "); - alg_print(bio_err, - p7->d.encrypted->enc_data->algorithm); + alg_print(bio_err, + p7->d.encrypted->enc_data->algorithm); } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else continue; - if (!bags) goto err; - if (!dump_certs_pkeys_bags (out, bags, pass, passlen, - options, pempass)) { - sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); + } else + continue; + if (!bags) + goto err; + if (!dump_certs_pkeys_bags(out, bags, pass, passlen, + options, pempass)) { + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); goto err; } - sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); bags = NULL; } ret = 1; - err: +err: if (asafes) - sk_PKCS7_pop_free (asafes, PKCS7_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); return ret; } -int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, - char *pass, int passlen, int options, char *pempass) +int +dump_certs_pkeys_bags(BIO * out, STACK_OF(PKCS12_SAFEBAG) * bags, + char *pass, int passlen, int options, char *pempass) { int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) { - if (!dump_certs_pkeys_bag (out, - sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, - options, pempass)) - return 0; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!dump_certs_pkeys_bag(out, + sk_PKCS12_SAFEBAG_value(bags, i), + pass, passlen, + options, pempass)) + return 0; } return 1; } -int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, - int passlen, int options, char *pempass) +int +dump_certs_pkeys_bag(BIO * out, PKCS12_SAFEBAG * bag, char *pass, + int passlen, int options, char *pempass) { EVP_PKEY *pkey; PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - - switch (M_PKCS12_bag_type(bag)) - { + + switch (M_PKCS12_bag_type(bag)) { case NID_keyBag: - if (options & INFO) BIO_printf (bio_err, "Key bag\n"); - if (options & NOKEYS) return 1; - print_attribs (out, bag->attrib, "Bag Attributes"); + if (options & INFO) + BIO_printf(bio_err, "Key bag\n"); + if (options & NOKEYS) + return 1; + print_attribs(out, bag->attrib, "Bag Attributes"); p8 = bag->value.keybag; - if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; - print_attribs (out, p8->attributes, "Key Attributes"); - PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); + if (!(pkey = EVP_PKCS82PKEY(p8))) + return 0; + print_attribs(out, p8->attributes, "Key Attributes"); + PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); - break; + break; case NID_pkcs8ShroudedKeyBag: if (options & INFO) { - BIO_printf (bio_err, "Shrouded Keybag: "); - alg_print (bio_err, bag->value.shkeybag->algor); + BIO_printf(bio_err, "Shrouded Keybag: "); + alg_print(bio_err, bag->value.shkeybag->algor); } - if (options & NOKEYS) return 1; - print_attribs (out, bag->attrib, "Bag Attributes"); + if (options & NOKEYS) + return 1; + print_attribs(out, bag->attrib, "Bag Attributes"); if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) - return 0; - if (!(pkey = EVP_PKCS82PKEY (p8))) { + return 0; + if (!(pkey = EVP_PKCS82PKEY(p8))) { PKCS8_PRIV_KEY_INFO_free(p8); return 0; } - print_attribs (out, p8->attributes, "Key Attributes"); + print_attribs(out, p8->attributes, "Key Attributes"); PKCS8_PRIV_KEY_INFO_free(p8); - PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); + PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); - break; + break; case NID_certBag: - if (options & INFO) BIO_printf (bio_err, "Certificate bag\n"); - if (options & NOCERTS) return 1; - if (PKCS12_get_attr(bag, NID_localKeyID)) { - if (options & CACERTS) return 1; - } else if (options & CLCERTS) return 1; - print_attribs (out, bag->attrib, "Bag Attributes"); - if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - dump_cert_text (out, x509); - PEM_write_bio_X509 (out, x509); + if (options & INFO) + BIO_printf(bio_err, "Certificate bag\n"); + if (options & NOCERTS) + return 1; + if (PKCS12_get_attr(bag, NID_localKeyID)) { + if (options & CACERTS) + return 1; + } else if (options & CLCERTS) + return 1; + print_attribs(out, bag->attrib, "Bag Attributes"); + if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + dump_cert_text(out, x509); + PEM_write_bio_X509(out, x509); X509_free(x509); - break; + break; case NID_safeContentsBag: - if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); - print_attribs (out, bag->attrib, "Bag Attributes"); - return dump_certs_pkeys_bags (out, bag->value.safes, pass, - passlen, options, pempass); - + if (options & INFO) + BIO_printf(bio_err, "Safe Contents bag\n"); + print_attribs(out, bag->attrib, "Bag Attributes"); + return dump_certs_pkeys_bags(out, bag->value.safes, pass, + passlen, options, pempass); + default: - BIO_printf (bio_err, "Warning unsupported bag type: "); - i2a_ASN1_OBJECT (bio_err, bag->type); - BIO_printf (bio_err, "\n"); + BIO_printf(bio_err, "Warning unsupported bag type: "); + i2a_ASN1_OBJECT(bio_err, bag->type); + BIO_printf(bio_err, "\n"); return 1; - break; + break; } return 1; } @@ -820,21 +867,26 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, /* Hope this is OK .... */ -int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) +int +get_cert_chain(X509 * cert, X509_STORE * store, STACK_OF(X509) ** chain) { X509_STORE_CTX store_ctx; - STACK_OF(X509) *chn; + STACK_OF(X509) * chn; int i = 0; - /* FIXME: Should really check the return status of X509_STORE_CTX_init - * for an error, but how that fits into the return value of this - * function is less obvious. */ + /* + * FIXME: Should really check the return status of + * X509_STORE_CTX_init for an error, but how that fits into the + * return value of this function is less obvious. + */ X509_STORE_CTX_init(&store_ctx, store, cert, NULL); if (X509_verify_cert(&store_ctx) <= 0) { - i = X509_STORE_CTX_get_error (&store_ctx); + i = X509_STORE_CTX_get_error(&store_ctx); if (i == 0) - /* avoid returning 0 if X509_verify_cert() did not - * set an appropriate error value in the context */ + /* + * avoid returning 0 if X509_verify_cert() did not + * set an appropriate error value in the context + */ i = -1; chn = NULL; goto err; @@ -843,11 +895,12 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) err: X509_STORE_CTX_cleanup(&store_ctx); *chain = chn; - + return i; -} +} -int alg_print (BIO *x, X509_ALGOR *alg) +int +alg_print(BIO * x, X509_ALGOR * alg) { PBEPARAM *pbe; const unsigned char *p; @@ -855,16 +908,17 @@ int alg_print (BIO *x, X509_ALGOR *alg) pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); if (!pbe) return 1; - BIO_printf (bio_err, "%s, Iteration %ld\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), - ASN1_INTEGER_get(pbe->iter)); - PBEPARAM_free (pbe); + BIO_printf(bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); + PBEPARAM_free(pbe); return 1; } /* Load all certificates from a given file */ -int cert_load(BIO *in, STACK_OF(X509) *sk) +int +cert_load(BIO * in, STACK_OF(X509) * sk) { int ret; X509 *cert; @@ -872,7 +926,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("cert_load(): reading one cert"); #endif - while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { + while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); #endif @@ -885,89 +939,94 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); #endif - if(ret) ERR_clear_error(); + if (ret) + ERR_clear_error(); return ret; } /* Generalised attribute print: handle PKCS#8 and bag attributes */ -int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) +int +print_attribs(BIO * out, STACK_OF(X509_ATTRIBUTE) * attrlst, const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av; char *value; int i, attr_nid; - if(!attrlst) { + if (!attrlst) { BIO_printf(out, "%s: \n", name); return 1; } - if(!sk_X509_ATTRIBUTE_num(attrlst)) { + if (!sk_X509_ATTRIBUTE_num(attrlst)) { BIO_printf(out, "%s: \n", name); return 1; } BIO_printf(out, "%s\n", name); - for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { attr = sk_X509_ATTRIBUTE_value(attrlst, i); attr_nid = OBJ_obj2nid(attr->object); BIO_printf(out, " "); - if(attr_nid == NID_undef) { - i2a_ASN1_OBJECT (out, attr->object); + if (attr_nid == NID_undef) { + i2a_ASN1_OBJECT(out, attr->object); BIO_printf(out, ": "); - } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); + } else + BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); - if(sk_ASN1_TYPE_num(attr->value.set)) { + if (sk_ASN1_TYPE_num(attr->value.set)) { av = sk_ASN1_TYPE_value(attr->value.set, 0); - switch(av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); + switch (av->type) { + case V_ASN1_BMPSTRING: + value = OPENSSL_uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); BIO_printf(out, "%s\n", value); free(value); break; - case V_ASN1_OCTET_STRING: + case V_ASN1_OCTET_STRING: hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); + av->value.octet_string->length); + BIO_printf(out, "\n"); break; - case V_ASN1_BIT_STRING: + case V_ASN1_BIT_STRING: hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); + av->value.bit_string->length); + BIO_printf(out, "\n"); break; - default: - BIO_printf(out, "\n", av->type); + default: + BIO_printf(out, "\n", av->type); break; } - } else BIO_printf(out, "\n"); + } else + BIO_printf(out, "\n"); } return 1; } -void hex_prin(BIO *out, unsigned char *buf, int len) +void +hex_prin(BIO * out, unsigned char *buf, int len) { int i; - for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); + for (i = 0; i < len; i++) + BIO_printf(out, "%02X ", buf[i]); } -static int set_pbe(BIO *err, int *ppbe, const char *str) - { +static int +set_pbe(BIO * err, int *ppbe, const char *str) +{ if (!str) return 0; - if (!strcmp(str, "NONE")) - { + if (!strcmp(str, "NONE")) { *ppbe = -1; return 1; - } - *ppbe=OBJ_txt2nid(str); - if (*ppbe == NID_undef) - { + } + *ppbe = OBJ_txt2nid(str); + if (*ppbe == NID_undef) { BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); return 0; - } - return 1; } - + return 1; +} + #endif diff --git a/lib/libssl/src/apps/pkcs7.c b/lib/libssl/src/apps/pkcs7.c index 8a0e878e49e..3c5cf09680b 100644 --- a/lib/libssl/src/apps/pkcs7.c +++ b/lib/libssl/src/apps/pkcs7.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -80,235 +80,215 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - PKCS7 *p7=NULL; - int i,badops=0; - BIO *in=NULL,*out=NULL; - int informat,outformat; - char *infile,*outfile,*prog; - int print_certs=0,text=0,noout=0,p7_print=0; - int ret=1; +int +MAIN(int argc, char **argv) +{ + PKCS7 *p7 = NULL; + int i, badops = 0; + BIO *in = NULL, *out = NULL; + int informat, outformat; + char *infile, *outfile, *prog; + int print_certs = 0, text = 0, noout = 0, p7_print = 0; + int ret = 1; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; - infile=NULL; - outfile=NULL; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; - prog=argv[0]; + prog = argv[0]; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-noout") == 0) - noout=1; - else if (strcmp(*argv,"-text") == 0) - text=1; - else if (strcmp(*argv,"-print") == 0) - p7_print=1; - else if (strcmp(*argv,"-print_certs") == 0) - print_certs=1; + while (argc >= 1) { + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; + outfile = *(++argv); + } else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-text") == 0) + text = 1; + else if (strcmp(*argv, "-print") == 0) + p7_print = 1; + else if (strcmp(*argv, "-print_certs") == 0) + print_certs = 1; #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; + engine = *(++argv); + } #endif - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - BIO_printf(bio_err,"%s [options] outfile\n",prog); - BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); - BIO_printf(bio_err," -text print full details of certificates\n"); - BIO_printf(bio_err," -noout don't output encoded data\n"); + BIO_printf(bio_err, "%s [options] outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -print_certs print any certs or crl in the input\n"); + BIO_printf(bio_err, " -text print full details of certificates\n"); + BIO_printf(bio_err, " -noout don't output encoded data\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif ret = 1; goto end; - } - + } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); - goto end; - } - + goto end; + } if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - if (in == NULL) - { - perror(infile); - goto end; + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else { + if (BIO_read_filename(in, infile) <= 0) + if (in == NULL) { + perror(infile); + goto end; } - } + } - if (informat == FORMAT_ASN1) - p7=d2i_PKCS7_bio(in,NULL); + if (informat == FORMAT_ASN1) + p7 = d2i_PKCS7_bio(in, NULL); else if (informat == FORMAT_PEM) - p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); - else - { - BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); + p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); + else { + BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); goto end; - } - if (p7 == NULL) - { - BIO_printf(bio_err,"unable to load PKCS7 object\n"); + } + if (p7 == NULL) { + BIO_printf(bio_err, "unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; - } - - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (BIO_write_filename(out,outfile) <= 0) - { + } + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; - } } + } if (p7_print) PKCS7_print_ctx(out, p7, 0, NULL); - if (print_certs) - { - STACK_OF(X509) *certs=NULL; - STACK_OF(X509_CRL) *crls=NULL; + if (print_certs) { + STACK_OF(X509) * certs = NULL; + STACK_OF(X509_CRL) * crls = NULL; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - certs=p7->d.sign->cert; - crls=p7->d.sign->crl; + certs = p7->d.sign->cert; + crls = p7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: - certs=p7->d.signed_and_enveloped->cert; - crls=p7->d.signed_and_enveloped->crl; + certs = p7->d.signed_and_enveloped->cert; + crls = p7->d.signed_and_enveloped->crl; break; default: break; - } + } - if (certs != NULL) - { + if (certs != NULL) { X509 *x; - for (i=0; ibroken) - { + } + if (p8inf->broken) { BIO_printf(bio_err, "Warning: broken key encoding: "); - switch (p8inf->broken) - { - case PKCS8_NO_OCTET: + switch (p8inf->broken) { + case PKCS8_NO_OCTET: BIO_printf(bio_err, "No Octet String in PrivateKey\n"); break; - case PKCS8_EMBEDDED_PARAM: + case PKCS8_EMBEDDED_PARAM: BIO_printf(bio_err, "DSA parameters included in PrivateKey\n"); break; - case PKCS8_NS_DB: + case PKCS8_NS_DB: BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); break; - case PKCS8_NEG_PRIVKEY: + case PKCS8_NEG_PRIVKEY: BIO_printf(bio_err, "DSA private key value is negative\n"); break; - default: + default: BIO_printf(bio_err, "Unknown broken type\n"); break; } } - - if (outformat == FORMAT_PEM) + if (outformat == FORMAT_PEM) PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); else if (outformat == FORMAT_ASN1) i2d_PrivateKey_bio(out, pkey); - else - { + else { BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } + goto end; + } ret = 0; - end: +end: X509_SIG_free(p8); PKCS8_PRIV_KEY_INFO_free(p8inf); EVP_PKEY_free(pkey); @@ -430,4 +373,4 @@ int MAIN(int argc, char **argv) free(passout); return ret; - } +} diff --git a/lib/libssl/src/apps/pkey.c b/lib/libssl/src/apps/pkey.c index 82c67b732bd..963ab92368c 100644 --- a/lib/libssl/src/apps/pkey.c +++ b/lib/libssl/src/apps/pkey.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,8 +66,9 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ ENGINE *e = NULL; char **args, *infile = NULL, *outfile = NULL; char *passargin = NULL, *passargout = NULL; @@ -75,114 +76,93 @@ int MAIN(int argc, char **argv) const EVP_CIPHER *cipher = NULL; int informat, outformat; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; char *passin = NULL, *passout = NULL; int badarg = 0; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif int ret = 1; if (bio_err == NULL) - bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); args = argv + 1; - while (!badarg && *args && *args[0] == '-') - { - if (!strcmp(*args,"-inform")) - { - if (args[1]) - { + while (!badarg && *args && *args[0] == '-') { + if (!strcmp(*args, "-inform")) { + if (args[1]) { args++; - informat=str2fmt(*args); - } - else badarg = 1; - } - else if (!strcmp(*args,"-outform")) - { - if (args[1]) - { + informat = str2fmt(*args); + } else + badarg = 1; + } else if (!strcmp(*args, "-outform")) { + if (args[1]) { args++; - outformat=str2fmt(*args); - } - else badarg = 1; - } - else if (!strcmp(*args,"-passin")) - { - if (!args[1]) goto bad; - passargin= *(++args); - } - else if (!strcmp(*args,"-passout")) - { - if (!args[1]) goto bad; - passargout= *(++args); - } + outformat = str2fmt(*args); + } else + badarg = 1; + } else if (!strcmp(*args, "-passin")) { + if (!args[1]) + goto bad; + passargin = *(++args); + } else if (!strcmp(*args, "-passout")) { + if (!args[1]) + goto bad; + passargout = *(++args); + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*args,"-engine") == 0) - { - if (!args[1]) goto bad; - engine= *(++args); - } + else if (strcmp(*args, "-engine") == 0) { + if (!args[1]) + goto bad; + engine = *(++args); + } #endif - else if (!strcmp (*args, "-in")) - { - if (args[1]) - { + else if (!strcmp(*args, "-in")) { + if (args[1]) { args++; infile = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-out")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-out")) { + if (args[1]) { args++; outfile = *args; - } - else badarg = 1; - } - else if (strcmp(*args,"-pubin") == 0) - { - pubin=1; - pubout=1; - pubtext=1; - } - else if (strcmp(*args,"-pubout") == 0) - pubout=1; - else if (strcmp(*args,"-text_pub") == 0) - { - pubtext=1; - text=1; - } - else if (strcmp(*args,"-text") == 0) - text=1; - else if (strcmp(*args,"-noout") == 0) - noout=1; - else - { + } else + badarg = 1; + } else if (strcmp(*args, "-pubin") == 0) { + pubin = 1; + pubout = 1; + pubtext = 1; + } else if (strcmp(*args, "-pubout") == 0) + pubout = 1; + else if (strcmp(*args, "-text_pub") == 0) { + pubtext = 1; + text = 1; + } else if (strcmp(*args, "-text") == 0) + text = 1; + else if (strcmp(*args, "-noout") == 0) + noout = 1; + else { cipher = EVP_get_cipherbyname(*args + 1); - if (!cipher) - { + if (!cipher) { BIO_printf(bio_err, "Unknown cipher %s\n", - *args + 1); + *args + 1); badarg = 1; - } } - args++; } + args++; + } - if (badarg) - { - bad: + if (badarg) { +bad: BIO_printf(bio_err, "Usage pkey [options]\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-in file input file\n"); @@ -195,77 +175,61 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif return 1; - } - + } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) - { + if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; - } - - if (outfile) - { - if (!(out = BIO_new_file (outfile, "wb"))) - { + } + if (outfile) { + if (!(out = BIO_new_file(outfile, "wb"))) { BIO_printf(bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", outfile); goto end; - } - } - else - { - out = BIO_new_fp (stdout, BIO_NOCLOSE); } + } else { + out = BIO_new_fp(stdout, BIO_NOCLOSE); + } if (pubin) pkey = load_pubkey(bio_err, infile, informat, 1, - passin, e, "Public Key"); + passin, e, "Public Key"); else pkey = load_key(bio_err, infile, informat, 1, - passin, e, "key"); + passin, e, "key"); if (!pkey) goto end; - if (!noout) - { - if (outformat == FORMAT_PEM) - { + if (!noout) { + if (outformat == FORMAT_PEM) { if (pubout) - PEM_write_bio_PUBKEY(out,pkey); + PEM_write_bio_PUBKEY(out, pkey); else PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout); - } - else if (outformat == FORMAT_ASN1) - { + NULL, 0, NULL, passout); + } else if (outformat == FORMAT_ASN1) { if (pubout) i2d_PUBKEY_bio(out, pkey); else i2d_PrivateKey_bio(out, pkey); - } - else - { + } else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; - } - } - if (text) - { + } + if (text) { if (pubtext) EVP_PKEY_print_public(out, pkey, 0, NULL); else EVP_PKEY_print_private(out, pkey, 0, NULL); - } - + } ret = 0; - end: +end: EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); @@ -275,4 +239,4 @@ int MAIN(int argc, char **argv) free(passout); return ret; - } +} diff --git a/lib/libssl/src/apps/pkeyparam.c b/lib/libssl/src/apps/pkeyparam.c index 6a46c8ac499..06c295dfe87 100644 --- a/lib/libssl/src/apps/pkeyparam.c +++ b/lib/libssl/src/apps/pkeyparam.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,20 +66,21 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ char **args, *infile = NULL, *outfile = NULL; BIO *in = NULL, *out = NULL; int text = 0, noout = 0; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; int badarg = 0; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif int ret = 1; if (bio_err == NULL) - bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; @@ -87,45 +88,38 @@ int MAIN(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); args = argv + 1; - while (!badarg && *args && *args[0] == '-') - { - if (!strcmp (*args, "-in")) - { - if (args[1]) - { + while (!badarg && *args && *args[0] == '-') { + if (!strcmp(*args, "-in")) { + if (args[1]) { args++; infile = *args; - } - else badarg = 1; - } - else if (!strcmp (*args, "-out")) - { - if (args[1]) - { + } else + badarg = 1; + } else if (!strcmp(*args, "-out")) { + if (args[1]) { args++; outfile = *args; - } - else badarg = 1; - } + } else + badarg = 1; + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*args,"-engine") == 0) - { - if (!args[1]) goto bad; - engine= *(++args); - } + else if (strcmp(*args, "-engine") == 0) { + if (!args[1]) + goto bad; + engine = *(++args); + } #endif - else if (strcmp(*args,"-text") == 0) - text=1; - else if (strcmp(*args,"-noout") == 0) - noout=1; + else if (strcmp(*args, "-text") == 0) + text = 1; + else if (strcmp(*args, "-noout") == 0) + noout = 1; args++; - } + } - if (badarg) - { + if (badarg) { #ifndef OPENSSL_NO_ENGINE - bad: +bad: #endif BIO_printf(bio_err, "Usage pkeyparam [options]\n"); BIO_printf(bio_err, "where options are\n"); @@ -137,58 +131,48 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif return 1; - } - + } #ifndef OPENSSL_NO_ENGINE - setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif - if (infile) - { - if (!(in = BIO_new_file (infile, "r"))) - { + if (infile) { + if (!(in = BIO_new_file(infile, "r"))) { BIO_printf(bio_err, - "Can't open input file %s\n", infile); + "Can't open input file %s\n", infile); goto end; - } } - else - in = BIO_new_fp (stdin, BIO_NOCLOSE); + } else + in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (outfile) - { - if (!(out = BIO_new_file (outfile, "w"))) - { + if (outfile) { + if (!(out = BIO_new_file(outfile, "w"))) { BIO_printf(bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", outfile); goto end; - } - } - else - { - out = BIO_new_fp (stdout, BIO_NOCLOSE); } + } else { + out = BIO_new_fp(stdout, BIO_NOCLOSE); + } pkey = PEM_read_bio_Parameters(in, NULL); - if (!pkey) - { + if (!pkey) { BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err); goto end; - } - + } if (!noout) - PEM_write_bio_Parameters(out,pkey); + PEM_write_bio_Parameters(out, pkey); if (text) EVP_PKEY_print_params(out, pkey, 0, NULL); ret = 0; - end: +end: EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); return ret; - } +} diff --git a/lib/libssl/src/apps/pkeyutl.c b/lib/libssl/src/apps/pkeyutl.c index 3627839e05f..226bb25220e 100644 --- a/lib/libssl/src/apps/pkeyutl.c +++ b/lib/libssl/src/apps/pkeyutl.c @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -72,20 +72,24 @@ static void usage(void); #define PROG pkeyutl_main -static EVP_PKEY_CTX *init_ctx(int *pkeysize, - char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e); +static EVP_PKEY_CTX * +init_ctx(int *pkeysize, + char *keyfile, int keyform, int key_type, + char *passargin, int pkey_op, ENGINE * e); -static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file); +static int +setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform, + const char *file); -static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - unsigned char *in, size_t inlen); +static int +do_keyop(EVP_PKEY_CTX * ctx, int pkey_op, + unsigned char *out, size_t * poutlen, + unsigned char *in, size_t inlen); int MAIN(int argc, char **); -int MAIN(int argc, char **argv) +int +MAIN(int argc, char **argv) { BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL, *sigfile = NULL; @@ -107,265 +111,223 @@ int MAIN(int argc, char **argv) argc--; argv++; - if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + if (!bio_err) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); - - while(argc >= 1) - { - if (!strcmp(*argv,"-in")) - { - if (--argc < 1) badarg = 1; - else infile= *(++argv); - } - else if (!strcmp(*argv,"-out")) - { - if (--argc < 1) badarg = 1; - else outfile= *(++argv); - } - else if (!strcmp(*argv,"-sigfile")) - { - if (--argc < 1) badarg = 1; - else sigfile= *(++argv); - } - else if(!strcmp(*argv, "-inkey")) - { + + while (argc >= 1) { + if (!strcmp(*argv, "-in")) { + if (--argc < 1) + badarg = 1; + else + infile = *(++argv); + } else if (!strcmp(*argv, "-out")) { if (--argc < 1) badarg = 1; else - { + outfile = *(++argv); + } else if (!strcmp(*argv, "-sigfile")) { + if (--argc < 1) + badarg = 1; + else + sigfile = *(++argv); + } else if (!strcmp(*argv, "-inkey")) { + if (--argc < 1) + badarg = 1; + else { ctx = init_ctx(&keysize, - *(++argv), keyform, key_type, - passargin, pkey_op, e); - if (!ctx) - { + *(++argv), keyform, key_type, + passargin, pkey_op, e); + if (!ctx) { BIO_puts(bio_err, - "Error initializing context\n"); + "Error initializing context\n"); ERR_print_errors(bio_err); badarg = 1; - } } } - else if (!strcmp(*argv,"-peerkey")) - { + } else if (!strcmp(*argv, "-peerkey")) { if (--argc < 1) badarg = 1; else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) badarg = 1; - } - else if (!strcmp(*argv,"-passin")) - { - if (--argc < 1) badarg = 1; - else passargin= *(++argv); - } - else if (strcmp(*argv,"-peerform") == 0) - { - if (--argc < 1) badarg = 1; - else peerform=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) badarg = 1; - else keyform=str2fmt(*(++argv)); - } + } else if (!strcmp(*argv, "-passin")) { + if (--argc < 1) + badarg = 1; + else + passargin = *(++argv); + } else if (strcmp(*argv, "-peerform") == 0) { + if (--argc < 1) + badarg = 1; + else + peerform = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + badarg = 1; + else + keyform = str2fmt(*(++argv)); + } #ifndef OPENSSL_NO_ENGINE - else if(!strcmp(*argv, "-engine")) - { + else if (!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; else e = setup_engine(bio_err, *(++argv), 0); - } + } #endif - else if(!strcmp(*argv, "-pubin")) + else if (!strcmp(*argv, "-pubin")) key_type = KEY_PUBKEY; - else if(!strcmp(*argv, "-certin")) + else if (!strcmp(*argv, "-certin")) key_type = KEY_CERT; - else if(!strcmp(*argv, "-asn1parse")) + else if (!strcmp(*argv, "-asn1parse")) asn1parse = 1; - else if(!strcmp(*argv, "-hexdump")) + else if (!strcmp(*argv, "-hexdump")) hexdump = 1; - else if(!strcmp(*argv, "-sign")) + else if (!strcmp(*argv, "-sign")) pkey_op = EVP_PKEY_OP_SIGN; - else if(!strcmp(*argv, "-verify")) + else if (!strcmp(*argv, "-verify")) pkey_op = EVP_PKEY_OP_VERIFY; - else if(!strcmp(*argv, "-verifyrecover")) + else if (!strcmp(*argv, "-verifyrecover")) pkey_op = EVP_PKEY_OP_VERIFYRECOVER; - else if(!strcmp(*argv, "-rev")) + else if (!strcmp(*argv, "-rev")) rev = 1; - else if(!strcmp(*argv, "-encrypt")) + else if (!strcmp(*argv, "-encrypt")) pkey_op = EVP_PKEY_OP_ENCRYPT; - else if(!strcmp(*argv, "-decrypt")) + else if (!strcmp(*argv, "-decrypt")) pkey_op = EVP_PKEY_OP_DECRYPT; - else if(!strcmp(*argv, "-derive")) + else if (!strcmp(*argv, "-derive")) pkey_op = EVP_PKEY_OP_DERIVE; - else if (strcmp(*argv,"-pkeyopt") == 0) - { + else if (strcmp(*argv, "-pkeyopt") == 0) { if (--argc < 1) badarg = 1; - else if (!ctx) - { + else if (!ctx) { BIO_puts(bio_err, - "-pkeyopt command before -inkey\n"); + "-pkeyopt command before -inkey\n"); badarg = 1; - } - else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) - { + } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) { BIO_puts(bio_err, "parameter setting error\n"); ERR_print_errors(bio_err); goto end; - } } - else badarg = 1; - if(badarg) - { + } else + badarg = 1; + if (badarg) { usage(); goto end; - } + } argc--; argv++; - } + } - if (!ctx) - { + if (!ctx) { usage(); goto end; - } - - if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) - { + } + if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_puts(bio_err, "Signature file specified for non verify\n"); goto end; - } - - if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) - { + } + if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_puts(bio_err, "No signature file specified for verify\n"); goto end; - } - + } /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); - if (pkey_op != EVP_PKEY_OP_DERIVE) - { - if(infile) - { - if(!(in = BIO_new_file(infile, "rb"))) - { + if (pkey_op != EVP_PKEY_OP_DERIVE) { + if (infile) { + if (!(in = BIO_new_file(infile, "rb"))) { BIO_puts(bio_err, - "Error Opening Input File\n"); - ERR_print_errors(bio_err); + "Error Opening Input File\n"); + ERR_print_errors(bio_err); goto end; - } } - else + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - } - - if(outfile) - { - if(!(out = BIO_new_file(outfile, "wb"))) - { + } + if (outfile) { + if (!(out = BIO_new_file(outfile, "wb"))) { BIO_printf(bio_err, "Error Creating Output File\n"); - ERR_print_errors(bio_err); + ERR_print_errors(bio_err); goto end; - } } - else - { + } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (sigfile) - { + if (sigfile) { BIO *sigbio = BIO_new_file(sigfile, "rb"); - if (!sigbio) - { + if (!sigbio) { BIO_printf(bio_err, "Can't open signature file %s\n", - sigfile); + sigfile); goto end; - } + } siglen = bio_to_mem(&sig, keysize * 10, sigbio); BIO_free(sigbio); - if (siglen <= 0) - { + if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature data\n"); goto end; - } } - - if (in) - { + } + if (in) { /* Read the input data */ buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); - if(buf_inlen <= 0) - { + if (buf_inlen <= 0) { BIO_printf(bio_err, "Error reading input Data\n"); exit(1); - } - if(rev) - { + } + if (rev) { size_t i; unsigned char ctmp; - size_t l = (size_t)buf_inlen; - for(i = 0; i < l/2; i++) - { + size_t l = (size_t) buf_inlen; + for (i = 0; i < l / 2; i++) { ctmp = buf_in[i]; buf_in[i] = buf_in[l - 1 - i]; buf_in[l - 1 - i] = ctmp; - } } } - - if(pkey_op == EVP_PKEY_OP_VERIFY) - { - rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, - buf_in, (size_t)buf_inlen); + } + if (pkey_op == EVP_PKEY_OP_VERIFY) { + rv = EVP_PKEY_verify(ctx, sig, (size_t) siglen, + buf_in, (size_t) buf_inlen); if (rv == 0) BIO_puts(out, "Signature Verification Failure\n"); else if (rv == 1) BIO_puts(out, "Signature Verified Successfully\n"); if (rv >= 0) goto end; - } - else - { - rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); - if (rv > 0) - { + } else { + rv = do_keyop(ctx, pkey_op, NULL, (size_t *) & buf_outlen, + buf_in, (size_t) buf_inlen); + if (rv > 0) { buf_out = malloc(buf_outlen); if (!buf_out) rv = -1; else rv = do_keyop(ctx, pkey_op, - buf_out, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); - } + buf_out, (size_t *) & buf_outlen, + buf_in, (size_t) buf_inlen); } + } - if(rv <= 0) - { + if (rv <= 0) { BIO_printf(bio_err, "Public Key operation error\n"); ERR_print_errors(bio_err); goto end; - } + } ret = 0; - if(asn1parse) - { - if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) + if (asn1parse) { + if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) ERR_print_errors(bio_err); - } - else if(hexdump) - BIO_dump(out, (char *)buf_out, buf_outlen); + } else if (hexdump) + BIO_dump(out, (char *) buf_out, buf_outlen); else BIO_write(out, buf_out, buf_outlen); - end: +end: if (ctx) EVP_PKEY_CTX_free(ctx); BIO_free(in); @@ -379,7 +341,8 @@ int MAIN(int argc, char **argv) return ret; } -static void usage() +static void +usage() { BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); BIO_printf(bio_err, "-in file input file\n"); @@ -404,50 +367,47 @@ static void usage() } -static EVP_PKEY_CTX *init_ctx(int *pkeysize, - char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e) - { +static EVP_PKEY_CTX * +init_ctx(int *pkeysize, + char *keyfile, int keyform, int key_type, + char *passargin, int pkey_op, ENGINE * e) +{ EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; char *passin = NULL; int rv = -1; X509 *x; - if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) + if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) || (pkey_op == EVP_PKEY_OP_DERIVE)) - && (key_type != KEY_PRIVKEY)) - { + && (key_type != KEY_PRIVKEY)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; - } - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) - { + } + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; - } - switch(key_type) - { - case KEY_PRIVKEY: + } + switch (key_type) { + case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, 0, - passin, e, "Private Key"); + passin, e, "Private Key"); break; - case KEY_PUBKEY: + case KEY_PUBKEY: pkey = load_pubkey(bio_err, keyfile, keyform, 0, - NULL, e, "Public Key"); + NULL, e, "Public Key"); break; - case KEY_CERT: + case KEY_CERT: x = load_cert(bio_err, keyfile, keyform, - NULL, e, "Certificate"); - if(x) - { + NULL, e, "Certificate"); + if (x) { pkey = X509_get_pubkey(x); X509_free(x); - } + } break; - } + } *pkeysize = EVP_PKEY_size(pkey); @@ -461,40 +421,37 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, if (!ctx) goto end; - switch(pkey_op) - { - case EVP_PKEY_OP_SIGN: + switch (pkey_op) { + case EVP_PKEY_OP_SIGN: rv = EVP_PKEY_sign_init(ctx); break; - case EVP_PKEY_OP_VERIFY: + case EVP_PKEY_OP_VERIFY: rv = EVP_PKEY_verify_init(ctx); break; - case EVP_PKEY_OP_VERIFYRECOVER: + case EVP_PKEY_OP_VERIFYRECOVER: rv = EVP_PKEY_verify_recover_init(ctx); break; - case EVP_PKEY_OP_ENCRYPT: + case EVP_PKEY_OP_ENCRYPT: rv = EVP_PKEY_encrypt_init(ctx); break; - case EVP_PKEY_OP_DECRYPT: + case EVP_PKEY_OP_DECRYPT: rv = EVP_PKEY_decrypt_init(ctx); break; - case EVP_PKEY_OP_DERIVE: + case EVP_PKEY_OP_DERIVE: rv = EVP_PKEY_derive_init(ctx); break; - } + } - if (rv <= 0) - { + if (rv <= 0) { EVP_PKEY_CTX_free(ctx); ctx = NULL; - } - - end: + } +end: if (passin) free(passin); @@ -502,63 +459,60 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, return ctx; - } +} -static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file) - { +static int +setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform, + const char *file) +{ EVP_PKEY *peer = NULL; int ret; - if (!ctx) - { + if (!ctx) { BIO_puts(err, "-peerkey command before -inkey\n"); return 0; - } - + } peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); - if (!peer) - { + if (!peer) { BIO_printf(bio_err, "Error reading peer key %s\n", file); ERR_print_errors(err); return 0; - } - + } ret = EVP_PKEY_derive_set_peer(ctx, peer); EVP_PKEY_free(peer); if (ret <= 0) ERR_print_errors(err); return ret; - } +} -static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - unsigned char *in, size_t inlen) - { +static int +do_keyop(EVP_PKEY_CTX * ctx, int pkey_op, + unsigned char *out, size_t * poutlen, + unsigned char *in, size_t inlen) +{ int rv = 0; - switch(pkey_op) - { - case EVP_PKEY_OP_VERIFYRECOVER: - rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); + switch (pkey_op) { + case EVP_PKEY_OP_VERIFYRECOVER: + rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); break; - case EVP_PKEY_OP_SIGN: - rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); + case EVP_PKEY_OP_SIGN: + rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); break; - case EVP_PKEY_OP_ENCRYPT: - rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); + case EVP_PKEY_OP_ENCRYPT: + rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); break; - case EVP_PKEY_OP_DECRYPT: - rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); - break; + case EVP_PKEY_OP_DECRYPT: + rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); + break; - case EVP_PKEY_OP_DERIVE: - rv = EVP_PKEY_derive(ctx, out, poutlen); + case EVP_PKEY_OP_DERIVE: + rv = EVP_PKEY_derive(ctx, out, poutlen); break; - } - return rv; } + return rv; +} diff --git a/lib/libssl/src/apps/prime.c b/lib/libssl/src/apps/prime.c index 690f03ef324..4bd53a69bf9 100644 --- a/lib/libssl/src/apps/prime.c +++ b/lib/libssl/src/apps/prime.c @@ -6,7 +6,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,97 +58,88 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - int hex=0; - int checks=20; - int generate=0; - int bits=0; - int safe=0; - BIGNUM *bn=NULL; - BIO *bio_out; +int +MAIN(int argc, char **argv) +{ + int hex = 0; + int checks = 20; + int generate = 0; + int bits = 0; + int safe = 0; + BIGNUM *bn = NULL; + BIO *bio_out; - apps_startup(); + apps_startup(); - if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if (bio_err == NULL) + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - --argc; - ++argv; - while (argc >= 1 && **argv == '-') - { - if(!strcmp(*argv,"-hex")) - hex=1; - else if(!strcmp(*argv,"-generate")) - generate=1; - else if(!strcmp(*argv,"-bits")) - if(--argc < 1) - goto bad; - else - bits=atoi(*++argv); - else if(!strcmp(*argv,"-safe")) - safe=1; - else if(!strcmp(*argv,"-checks")) - if(--argc < 1) - goto bad; - else - checks=atoi(*++argv); - else - { - BIO_printf(bio_err,"Unknown option '%s'\n",*argv); - goto bad; - } --argc; ++argv; + while (argc >= 1 && **argv == '-') { + if (!strcmp(*argv, "-hex")) + hex = 1; + else if (!strcmp(*argv, "-generate")) + generate = 1; + else if (!strcmp(*argv, "-bits")) + if (--argc < 1) + goto bad; + else + bits = atoi(*++argv); + else if (!strcmp(*argv, "-safe")) + safe = 1; + else if (!strcmp(*argv, "-checks")) + if (--argc < 1) + goto bad; + else + checks = atoi(*++argv); + else { + BIO_printf(bio_err, "Unknown option '%s'\n", *argv); + goto bad; + } + --argc; + ++argv; } - if (argv[0] == NULL && !generate) - { - BIO_printf(bio_err,"No prime specified\n"); - goto bad; - } - - if ((bio_out=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + if (argv[0] == NULL && !generate) { + BIO_printf(bio_err, "No prime specified\n"); + goto bad; } - - if(generate) - { - char *s; - - if(!bits) - { - BIO_printf(bio_err,"Specifiy the number of bits.\n"); - return 1; - } - bn=BN_new(); - BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); - s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); - BIO_printf(bio_out,"%s\n",s); - free(s); + if ((bio_out = BIO_new(BIO_s_file())) != NULL) { + BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); } - else - { - if(hex) - BN_hex2bn(&bn,argv[0]); - else - BN_dec2bn(&bn,argv[0]); - - BN_print(bio_out,bn); - BIO_printf(bio_out," is %sprime\n", - BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + if (generate) { + char *s; + + if (!bits) { + BIO_printf(bio_err, "Specifiy the number of bits.\n"); + return 1; + } + bn = BN_new(); + BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL); + s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn); + BIO_printf(bio_out, "%s\n", s); + free(s); + } else { + if (hex) + BN_hex2bn(&bn, argv[0]); + else + BN_dec2bn(&bn, argv[0]); + + BN_print(bio_out, bn); + BIO_printf(bio_out, " is %sprime\n", + BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not "); } - BN_free(bn); - BIO_free_all(bio_out); + BN_free(bn); + BIO_free_all(bio_out); - return 0; + return 0; - bad: - BIO_printf(bio_err,"options are\n"); - BIO_printf(bio_err,"%-14s hex\n","-hex"); - BIO_printf(bio_err,"%-14s number of checks\n","-checks "); - return 1; - } +bad: + BIO_printf(bio_err, "options are\n"); + BIO_printf(bio_err, "%-14s hex\n", "-hex"); + BIO_printf(bio_err, "%-14s number of checks\n", "-checks "); + return 1; +} diff --git a/lib/libssl/src/apps/rand.c b/lib/libssl/src/apps/rand.c index c01df530ae1..443a64d848d 100644 --- a/lib/libssl/src/apps/rand.c +++ b/lib/libssl/src/apps/rand.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -75,8 +75,9 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -86,82 +87,68 @@ int MAIN(int argc, char **argv) BIO *out = NULL; int num = -1; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; badopt = 0; i = 0; - while (!badopt && argv[++i] != NULL) - { - if (strcmp(argv[i], "-out") == 0) - { - if ((argv[i+1] != NULL) && (outfile == NULL)) + while (!badopt && argv[++i] != NULL) { + if (strcmp(argv[i], "-out") == 0) { + if ((argv[i + 1] != NULL) && (outfile == NULL)) outfile = argv[++i]; else badopt = 1; - } + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(argv[i], "-engine") == 0) - { - if ((argv[i+1] != NULL) && (engine == NULL)) + else if (strcmp(argv[i], "-engine") == 0) { + if ((argv[i + 1] != NULL) && (engine == NULL)) engine = argv[++i]; else badopt = 1; - } + } #endif - else if (strcmp(argv[i], "-rand") == 0) - { - if ((argv[i+1] != NULL) && (inrand == NULL)) + else if (strcmp(argv[i], "-rand") == 0) { + if ((argv[i + 1] != NULL) && (inrand == NULL)) inrand = argv[++i]; else badopt = 1; - } - else if (strcmp(argv[i], "-base64") == 0) - { + } else if (strcmp(argv[i], "-base64") == 0) { if (!base64) base64 = 1; else badopt = 1; - } - else if (strcmp(argv[i], "-hex") == 0) - { + } else if (strcmp(argv[i], "-hex") == 0) { if (!hex) hex = 1; else badopt = 1; - } - else if (isdigit((unsigned char)argv[i][0])) - { - if (num < 0) - { + } else if (isdigit((unsigned char) argv[i][0])) { + if (num < 0) { r = sscanf(argv[i], "%d", &num); if (r == 0 || num < 0) badopt = 1; - } - else + } else badopt = 1; - } - else + } else badopt = 1; - } + } if (hex && base64) badopt = 1; if (num < 0) badopt = 1; - - if (badopt) - { + + if (badopt) { BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); @@ -172,68 +159,62 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-base64 - base64 encode output\n"); BIO_printf(bio_err, "-hex - hex encode output\n"); goto err; - } - + } #ifndef OPENSSL_NO_ENGINE - setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); out = BIO_new(BIO_s_file()); if (out == NULL) goto err; if (outfile != NULL) r = BIO_write_filename(out, outfile); - else - { + else { r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - } + } if (r <= 0) goto err; - if (base64) - { + if (base64) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) goto err; out = BIO_push(b64, out); - } - - while (num > 0) - { + } + while (num > 0) { unsigned char buf[4096]; int chunk; chunk = num; - if (chunk > (int)sizeof(buf)) + if (chunk > (int) sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) goto err; - if (!hex) + if (!hex) BIO_write(out, buf, chunk); - else - { + else { for (i = 0; i < chunk; i++) BIO_printf(out, "%02x", buf[i]); - } - num -= chunk; } + num -= chunk; + } if (hex) BIO_puts(out, "\n"); - (void)BIO_flush(out); + (void) BIO_flush(out); app_RAND_write_file(NULL, bio_err); ret = 0; - + err: ERR_print_errors(bio_err); if (out) BIO_free_all(out); apps_shutdown(); - return(ret); - } + return (ret); +} diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c index d28a1f32585..923837c4f91 100644 --- a/lib/libssl/src/apps/req.c +++ b/lib/libssl/src/apps/req.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -125,706 +125,617 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, - int attribs,unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, - int multirdn); -static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, - unsigned long chtype); -static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, - STACK_OF(CONF_VALUE) *attr, int attribs, - unsigned long chtype); -static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, - int n_max, unsigned long chtype); -static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, - int nid,int n_min,int n_max, unsigned long chtype, int mval); -static int genpkey_cb(EVP_PKEY_CTX *ctx); -static int req_check_len(int len,int n_min,int n_max); -static int check_end(const char *str, const char *end); -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, - long *pkeylen, char **palgnam, - ENGINE *keygen_engine); -static CONF *req_conf=NULL; -static int batch=0; - -int MAIN(int, char **); - -int MAIN(int argc, char **argv) - { +static int +make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *dn, int mutlirdn, + int attribs, unsigned long chtype); +static int +build_subject(X509_REQ * req, char *subj, unsigned long chtype, + int multirdn); +static int +prompt_info(X509_REQ * req, + STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect, + STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs, + unsigned long chtype); + static int auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * sk, + STACK_OF(CONF_VALUE) * attr, int attribs, + unsigned long chtype); + static int add_attribute_object(X509_REQ * req, char *text, const char *def, + char *value, int nid, int n_min, + int n_max, unsigned long chtype); + static int add_DN_object(X509_NAME * n, char *text, const char *def, char *value, + int nid, int n_min, int n_max, unsigned long chtype, int mval); + static int genpkey_cb(EVP_PKEY_CTX * ctx); + static int req_check_len(int len, int n_min, int n_max); + static int check_end(const char *str, const char *end); + static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE * keygen_engine); + static CONF *req_conf = NULL; + static int batch = 0; + + int MAIN(int, char **); + + int MAIN(int argc, char **argv) +{ ENGINE *e = NULL, *gen_eng = NULL; unsigned long nmflag = 0, reqflag = 0; - int ex=1,x509=0,days=30; - X509 *x509ss=NULL; - X509_REQ *req=NULL; + int ex = 1, x509 = 0, days = 30; + X509 *x509ss = NULL; + X509_REQ *req = NULL; EVP_PKEY_CTX *genctx = NULL; const char *keyalg = NULL; char *keyalgstr = NULL; - STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL; - EVP_PKEY *pkey=NULL; - int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; + STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL; + EVP_PKEY *pkey = NULL; + int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1; long newkey = -1; - BIO *in=NULL,*out=NULL; - int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; - int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; - char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + BIO *in = NULL, *out = NULL; + int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM; + int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0; + char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL, + *keyout = NULL; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif char *extensions = NULL; char *req_exts = NULL; - const EVP_CIPHER *cipher=NULL; + const EVP_CIPHER *cipher = NULL; ASN1_INTEGER *serial = NULL; - int modulus=0; - char *inrand=NULL; + int modulus = 0; + char *inrand = NULL; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; int multirdn = 0; - const EVP_MD *md_alg=NULL,*digest=NULL; + const EVP_MD *md_alg = NULL, *digest = NULL; unsigned long chtype = MBSTRING_ASC; req_conf = NULL; #ifndef OPENSSL_NO_DES - cipher=EVP_des_ede3_cbc(); + cipher = EVP_des_ede3_cbc(); #endif apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - infile=NULL; - outfile=NULL; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; - prog=argv[0]; + prog = argv[0]; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } + while (argc >= 1) { + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } - else if (strcmp(*argv,"-keygen_engine") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; + engine = *(++argv); + } else if (strcmp(*argv, "-keygen_engine") == 0) { + if (--argc < 1) + goto bad; gen_eng = ENGINE_by_id(*(++argv)); - if (gen_eng == NULL) - { + if (gen_eng == NULL) { BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); goto end; - } } + } #endif - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - keyfile= *(++argv); - } - else if (strcmp(*argv,"-pubkey") == 0) - { - pubkey=1; - } - else if (strcmp(*argv,"-new") == 0) - { - newreq=1; - } - else if (strcmp(*argv,"-config") == 0) - { - if (--argc < 1) goto bad; - template= *(++argv); - } - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; - keyform=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-keyout") == 0) - { - if (--argc < 1) goto bad; - keyout= *(++argv); - } - else if (strcmp(*argv,"-passin") == 0) - { - if (--argc < 1) goto bad; - passargin= *(++argv); - } - else if (strcmp(*argv,"-passout") == 0) - { - if (--argc < 1) goto bad; - passargout= *(++argv); - } - else if (strcmp(*argv,"-rand") == 0) - { - if (--argc < 1) goto bad; - inrand= *(++argv); - } - else if (strcmp(*argv,"-newkey") == 0) - { + else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + keyfile = *(++argv); + } else if (strcmp(*argv, "-pubkey") == 0) { + pubkey = 1; + } else if (strcmp(*argv, "-new") == 0) { + newreq = 1; + } else if (strcmp(*argv, "-config") == 0) { + if (--argc < 1) + goto bad; + template = *(++argv); + } else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + goto bad; + keyform = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; + outfile = *(++argv); + } else if (strcmp(*argv, "-keyout") == 0) { + if (--argc < 1) + goto bad; + keyout = *(++argv); + } else if (strcmp(*argv, "-passin") == 0) { + if (--argc < 1) + goto bad; + passargin = *(++argv); + } else if (strcmp(*argv, "-passout") == 0) { + if (--argc < 1) + goto bad; + passargout = *(++argv); + } else if (strcmp(*argv, "-rand") == 0) { + if (--argc < 1) + goto bad; + inrand = *(++argv); + } else if (strcmp(*argv, "-newkey") == 0) { if (--argc < 1) goto bad; keyalg = *(++argv); - newreq=1; - } - else if (strcmp(*argv,"-pkeyopt") == 0) - { + newreq = 1; + } else if (strcmp(*argv, "-pkeyopt") == 0) { if (--argc < 1) goto bad; if (!pkeyopts) pkeyopts = sk_OPENSSL_STRING_new_null(); if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-sigopt") == 0) - { + } else if (strcmp(*argv, "-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-batch") == 0) - batch=1; - else if (strcmp(*argv,"-newhdr") == 0) - newhdr=1; - else if (strcmp(*argv,"-modulus") == 0) - modulus=1; - else if (strcmp(*argv,"-verify") == 0) - verify=1; - else if (strcmp(*argv,"-nodes") == 0) - nodes=1; - else if (strcmp(*argv,"-noout") == 0) - noout=1; - else if (strcmp(*argv,"-verbose") == 0) - verbose=1; - else if (strcmp(*argv,"-utf8") == 0) + } else if (strcmp(*argv, "-batch") == 0) + batch = 1; + else if (strcmp(*argv, "-newhdr") == 0) + newhdr = 1; + else if (strcmp(*argv, "-modulus") == 0) + modulus = 1; + else if (strcmp(*argv, "-verify") == 0) + verify = 1; + else if (strcmp(*argv, "-nodes") == 0) + nodes = 1; + else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-verbose") == 0) + verbose = 1; + else if (strcmp(*argv, "-utf8") == 0) chtype = MBSTRING_UTF8; - else if (strcmp(*argv,"-nameopt") == 0) - { - if (--argc < 1) goto bad; - if (!set_name_ex(&nmflag, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-reqopt") == 0) - { - if (--argc < 1) goto bad; - if (!set_cert_ex(&reqflag, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-subject") == 0) - subject=1; - else if (strcmp(*argv,"-text") == 0) - text=1; - else if (strcmp(*argv,"-x509") == 0) - x509=1; - else if (strcmp(*argv,"-asn1-kludge") == 0) - kludge=1; - else if (strcmp(*argv,"-no-asn1-kludge") == 0) - kludge=0; - else if (strcmp(*argv,"-subj") == 0) - { - if (--argc < 1) goto bad; - subj= *(++argv); - } - else if (strcmp(*argv,"-multivalue-rdn") == 0) - multirdn=1; - else if (strcmp(*argv,"-days") == 0) - { - if (--argc < 1) goto bad; - days= atoi(*(++argv)); - if (days == 0) days=30; - } - else if (strcmp(*argv,"-set_serial") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-nameopt") == 0) { + if (--argc < 1) + goto bad; + if (!set_name_ex(&nmflag, *(++argv))) + goto bad; + } else if (strcmp(*argv, "-reqopt") == 0) { + if (--argc < 1) + goto bad; + if (!set_cert_ex(&reqflag, *(++argv))) + goto bad; + } else if (strcmp(*argv, "-subject") == 0) + subject = 1; + else if (strcmp(*argv, "-text") == 0) + text = 1; + else if (strcmp(*argv, "-x509") == 0) + x509 = 1; + else if (strcmp(*argv, "-asn1-kludge") == 0) + kludge = 1; + else if (strcmp(*argv, "-no-asn1-kludge") == 0) + kludge = 0; + else if (strcmp(*argv, "-subj") == 0) { + if (--argc < 1) + goto bad; + subj = *(++argv); + } else if (strcmp(*argv, "-multivalue-rdn") == 0) + multirdn = 1; + else if (strcmp(*argv, "-days") == 0) { + if (--argc < 1) + goto bad; + days = atoi(*(++argv)); + if (days == 0) + days = 30; + } else if (strcmp(*argv, "-set_serial") == 0) { + if (--argc < 1) + goto bad; serial = s2i_ASN1_INTEGER(NULL, *(++argv)); - if (!serial) goto bad; - } - else if (strcmp(*argv,"-extensions") == 0) - { - if (--argc < 1) goto bad; + if (!serial) + goto bad; + } else if (strcmp(*argv, "-extensions") == 0) { + if (--argc < 1) + goto bad; extensions = *(++argv); - } - else if (strcmp(*argv,"-reqexts") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-reqexts") == 0) { + if (--argc < 1) + goto bad; req_exts = *(++argv); - } - else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) - { + } else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) { /* ok */ - digest=md_alg; - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + digest = md_alg; + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - BIO_printf(bio_err,"%s [options] outfile\n",prog); - BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -text text form of request\n"); - BIO_printf(bio_err," -pubkey output public key\n"); - BIO_printf(bio_err," -noout do not output REQ\n"); - BIO_printf(bio_err," -verify verify signature on REQ\n"); - BIO_printf(bio_err," -modulus RSA modulus\n"); - BIO_printf(bio_err," -nodes don't encrypt the output key\n"); + BIO_printf(bio_err, "%s [options] outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -text text form of request\n"); + BIO_printf(bio_err, " -pubkey output public key\n"); + BIO_printf(bio_err, " -noout do not output REQ\n"); + BIO_printf(bio_err, " -verify verify signature on REQ\n"); + BIO_printf(bio_err, " -modulus RSA modulus\n"); + BIO_printf(bio_err, " -nodes don't encrypt the output key\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); + BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device\n"); #endif - BIO_printf(bio_err," -subject output the request's subject\n"); - BIO_printf(bio_err," -passin private key password source\n"); - BIO_printf(bio_err," -key file use the private key contained in file\n"); - BIO_printf(bio_err," -keyform arg key file format\n"); - BIO_printf(bio_err," -keyout arg file to send the key to\n"); - BIO_printf(bio_err," -rand file:file:...\n"); - BIO_printf(bio_err," load the file (or the files in the directory) into\n"); - BIO_printf(bio_err," the random number generator\n"); - BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); - BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); + BIO_printf(bio_err, " -subject output the request's subject\n"); + BIO_printf(bio_err, " -passin private key password source\n"); + BIO_printf(bio_err, " -key file use the private key contained in file\n"); + BIO_printf(bio_err, " -keyform arg key file format\n"); + BIO_printf(bio_err, " -keyout arg file to send the key to\n"); + BIO_printf(bio_err, " -rand file:file:...\n"); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); + BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); + BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); #ifndef OPENSSL_NO_ECDSA - BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); + BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); #endif - BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); - BIO_printf(bio_err," -config file request template file.\n"); - BIO_printf(bio_err," -subj arg set or modify request subject\n"); - BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); - BIO_printf(bio_err," -new new request.\n"); - BIO_printf(bio_err," -batch do not ask anything during request generation\n"); - BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); - BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n"); - BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n"); - BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n"); - BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); - BIO_printf(bio_err," have been reported as requiring\n"); - BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); - BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); - BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); - BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); + BIO_printf(bio_err, " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); + BIO_printf(bio_err, " -config file request template file.\n"); + BIO_printf(bio_err, " -subj arg set or modify request subject\n"); + BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n"); + BIO_printf(bio_err, " -new new request.\n"); + BIO_printf(bio_err, " -batch do not ask anything during request generation\n"); + BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n"); + BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n"); + BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n"); + BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n"); + BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); + BIO_printf(bio_err, " have been reported as requiring\n"); + BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n"); + BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n"); + BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n"); + BIO_printf(bio_err, " -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err, " -reqopt arg - various request text options\n\n"); goto end; - } - + } ERR_load_crypto_strings(); - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - - if (template != NULL) - { + if (template != NULL) { long errline = -1; - if( verbose ) - BIO_printf(bio_err,"Using configuration from %s\n",template); - req_conf=NCONF_new(NULL); - i=NCONF_load(req_conf,template,&errline); - if (i == 0) - { - BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); + if (verbose) + BIO_printf(bio_err, "Using configuration from %s\n", template); + req_conf = NCONF_new(NULL); + i = NCONF_load(req_conf, template, &errline); + if (i == 0) { + BIO_printf(bio_err, "error on line %ld of %s\n", errline, template); goto end; - } } - else - { - req_conf=config; + } else { + req_conf = config; - if (req_conf == NULL) - { - BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file); + if (req_conf == NULL) { + BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); if (newreq) goto end; - } - else if( verbose ) - BIO_printf(bio_err,"Using configuration from %s\n", - default_config_file); - } + } else if (verbose) + BIO_printf(bio_err, "Using configuration from %s\n", + default_config_file); + } - if (req_conf != NULL) - { + if (req_conf != NULL) { if (!load_config(bio_err, req_conf)) goto end; - p=NCONF_get_string(req_conf,NULL,"oid_file"); + p = NCONF_get_string(req_conf, NULL, "oid_file"); if (p == NULL) ERR_clear_error(); - if (p != NULL) - { + if (p != NULL) { BIO *oid_bio; - oid_bio=BIO_new_file(p,"r"); - if (oid_bio == NULL) - { + oid_bio = BIO_new_file(p, "r"); + if (oid_bio == NULL) { /* BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); ERR_print_errors(bio_err); */ - } - else - { + } else { OBJ_create_objects(oid_bio); BIO_free(oid_bio); - } } } - if(!add_oid_section(bio_err, req_conf)) goto end; + } + if (!add_oid_section(bio_err, req_conf)) + goto end; - if (md_alg == NULL) - { - p=NCONF_get_string(req_conf,SECTION,"default_md"); + if (md_alg == NULL) { + p = NCONF_get_string(req_conf, SECTION, "default_md"); if (p == NULL) ERR_clear_error(); - if (p != NULL) - { - if ((md_alg=EVP_get_digestbyname(p)) != NULL) - digest=md_alg; - } + if (p != NULL) { + if ((md_alg = EVP_get_digestbyname(p)) != NULL) + digest = md_alg; } - - if (!extensions) - { + } + if (!extensions) { extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); if (!extensions) ERR_clear_error(); - } + } if (extensions) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, req_conf); - if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { + if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, - "Error Loading extension section %s\n", extensions); + "Error Loading extension section %s\n", extensions); goto end; } } - - if(!passin) - { + if (!passin) { passin = NCONF_get_string(req_conf, SECTION, "input_password"); if (!passin) ERR_clear_error(); - } - - if(!passout) - { + } + if (!passout) { passout = NCONF_get_string(req_conf, SECTION, "output_password"); if (!passout) ERR_clear_error(); - } - + } p = NCONF_get_string(req_conf, SECTION, STRING_MASK); if (!p) ERR_clear_error(); - if(p && !ASN1_STRING_set_default_mask_asc(p)) { + if (p && !ASN1_STRING_set_default_mask_asc(p)) { BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); goto end; } - - if (chtype != MBSTRING_UTF8) - { + if (chtype != MBSTRING_UTF8) { p = NCONF_get_string(req_conf, SECTION, UTF8_IN); if (!p) ERR_clear_error(); else if (!strcmp(p, "yes")) chtype = MBSTRING_UTF8; - } - - - if(!req_exts) - { + } + if (!req_exts) { req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if (!req_exts) ERR_clear_error(); - } - if(req_exts) { + } + if (req_exts) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, req_conf); - if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { + if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, - "Error Loading request extension section %s\n", - req_exts); + "Error Loading request extension section %s\n", + req_exts); goto end; } } - - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) goto end; #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if (keyfile != NULL) - { + if (keyfile != NULL) { pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, - "Private Key"); - if (!pkey) - { - /* load_key() has already printed an appropriate - message */ + "Private Key"); + if (!pkey) { + /* + * load_key() has already printed an appropriate + * message + */ goto end; - } - else - { - char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); + } else { + char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); - } } - - if (newreq && (pkey == NULL)) - { - char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); + } + if (newreq && (pkey == NULL)) { + char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); if (inrand) app_RAND_load_files(inrand); - if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) - { - newkey=DEFAULT_KEY_LENGTH; - } - - if (keyalg) - { + if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { + newkey = DEFAULT_KEY_LENGTH; + } + if (keyalg) { genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, - &keyalgstr, gen_eng); + &keyalgstr, gen_eng); if (!genctx) goto end; - } - - if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) - { - BIO_printf(bio_err,"private key length is too short,\n"); - BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); + } + if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { + BIO_printf(bio_err, "private key length is too short,\n"); + BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, newkey); goto end; - } - - if (!genctx) - { + } + if (!genctx) { genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, - &keyalgstr, gen_eng); + &keyalgstr, gen_eng); if (!genctx) goto end; - } - - if (pkeyopts) - { + } + if (pkeyopts) { char *genopt; - for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) { genopt = sk_OPENSSL_STRING_value(pkeyopts, i); - if (pkey_ctrl_string(genctx, genopt) <= 0) - { + if (pkey_ctrl_string(genctx, genopt) <= 0) { BIO_printf(bio_err, - "parameter error \"%s\"\n", - genopt); + "parameter error \"%s\"\n", + genopt); ERR_print_errors(bio_err); goto end; - } } } - - BIO_printf(bio_err,"Generating a %ld bit %s private key\n", - newkey, keyalgstr); + } + BIO_printf(bio_err, "Generating a %ld bit %s private key\n", + newkey, keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); - if (EVP_PKEY_keygen(genctx, &pkey) <= 0) - { + if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { BIO_puts(bio_err, "Error Generating Key\n"); goto end; - } - + } EVP_PKEY_CTX_free(genctx); genctx = NULL; app_RAND_write_file(randfile, bio_err); - if (keyout == NULL) - { - keyout=NCONF_get_string(req_conf,SECTION,KEYFILE); + if (keyout == NULL) { + keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); if (keyout == NULL) ERR_clear_error(); - } - - if (keyout == NULL) - { - BIO_printf(bio_err,"writing new private key to stdout\n"); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); - if (BIO_write_filename(out,keyout) <= 0) - { + } + if (keyout == NULL) { + BIO_printf(bio_err, "writing new private key to stdout\n"); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + BIO_printf(bio_err, "writing new private key to '%s'\n", keyout); + if (BIO_write_filename(out, keyout) <= 0) { perror(keyout); goto end; - } } + } - p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); - if (p == NULL) - { + p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key"); + if (p == NULL) { ERR_clear_error(); - p=NCONF_get_string(req_conf,SECTION,"encrypt_key"); + p = NCONF_get_string(req_conf, SECTION, "encrypt_key"); if (p == NULL) ERR_clear_error(); - } - if ((p != NULL) && (strcmp(p,"no") == 0)) - cipher=NULL; - if (nodes) cipher=NULL; - - i=0; + } + if ((p != NULL) && (strcmp(p, "no") == 0)) + cipher = NULL; + if (nodes) + cipher = NULL; + + i = 0; loop: - if (!PEM_write_bio_PrivateKey(out,pkey,cipher, - NULL,0,NULL,passout)) - { + if (!PEM_write_bio_PrivateKey(out, pkey, cipher, + NULL, 0, NULL, passout)) { if ((ERR_GET_REASON(ERR_peek_error()) == - PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) - { + PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) { ERR_clear_error(); i++; goto loop; - } - goto end; } - BIO_printf(bio_err,"-----\n"); + goto end; } - - if (!newreq) - { - /* Since we are using a pre-existing certificate - * request, the kludge 'format' info should not be - * changed. */ - kludge= -1; + BIO_printf(bio_err, "-----\n"); + } + if (!newreq) { + /* + * Since we are using a pre-existing certificate request, the + * kludge 'format' info should not be changed. + */ + kludge = -1; if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else { + if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; - } } + } - if (informat == FORMAT_ASN1) - req=d2i_X509_REQ_bio(in,NULL); + if (informat == FORMAT_ASN1) + req = d2i_X509_REQ_bio(in, NULL); else if (informat == FORMAT_PEM) - req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); - else - { - BIO_printf(bio_err,"bad input format specified for X509 request\n"); + req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); + else { + BIO_printf(bio_err, "bad input format specified for X509 request\n"); goto end; - } - if (req == NULL) - { - BIO_printf(bio_err,"unable to load X509 request\n"); + } + if (req == NULL) { + BIO_printf(bio_err, "unable to load X509 request\n"); goto end; - } } - - if (newreq || x509) - { - if (pkey == NULL) - { - BIO_printf(bio_err,"you need to specify a private key\n"); + } + if (newreq || x509) { + if (pkey == NULL) { + BIO_printf(bio_err, "you need to specify a private key\n"); goto end; - } - - if (req == NULL) - { - req=X509_REQ_new(); - if (req == NULL) - { + } + if (req == NULL) { + req = X509_REQ_new(); + if (req == NULL) { goto end; - } - - i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); - subj=NULL; /* done processing '-subj' option */ - if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) - { + } + i = make_REQ(req, pkey, subj, multirdn, !x509, chtype); + subj = NULL; /* done processing '-subj' option */ + if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { sk_X509_ATTRIBUTE_free(req->req_info->attributes); req->req_info->attributes = NULL; - } - if (!i) - { - BIO_printf(bio_err,"problems making Certificate Request\n"); + } + if (!i) { + BIO_printf(bio_err, "problems making Certificate Request\n"); goto end; - } } - if (x509) - { + } + if (x509) { EVP_PKEY *tmppkey; X509V3_CTX ext_ctx; - if ((x509ss=X509_new()) == NULL) goto end; + if ((x509ss = X509_new()) == NULL) + goto end; /* Set version to V3 */ - if(extensions && !X509_set_version(x509ss, 2)) goto end; - if (serial) - { - if (!X509_set_serialNumber(x509ss, serial)) goto end; - } - else - { + if (extensions && !X509_set_version(x509ss, 2)) + goto end; + if (serial) { + if (!X509_set_serialNumber(x509ss, serial)) + goto end; + } else { if (!rand_serial(NULL, X509_get_serialNumber(x509ss))) - goto end; - } + goto end; + } - if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; - if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; - if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end; - if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; + if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) + goto end; + if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) + goto end; + if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) + goto end; + if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) + goto end; tmppkey = X509_REQ_get_pubkey(req); - if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end; + if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey)) + goto end; EVP_PKEY_free(tmppkey); /* Set up V3 context struct */ @@ -833,24 +744,19 @@ loop: X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(extensions && !X509V3_EXT_add_nconf(req_conf, - &ext_ctx, extensions, x509ss)) - { + if (extensions && !X509V3_EXT_add_nconf(req_conf, + &ext_ctx, extensions, x509ss)) { BIO_printf(bio_err, - "Error Loading extension section %s\n", - extensions); + "Error Loading extension section %s\n", + extensions); goto end; - } - - i=do_X509_sign(bio_err, x509ss, pkey, digest, sigopts); - if (!i) - { + } + i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts); + if (!i) { ERR_print_errors(bio_err); goto end; - } } - else - { + } else { X509V3_CTX ext_ctx; /* Set up V3 context struct */ @@ -859,199 +765,161 @@ loop: X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, - &ext_ctx, req_exts, req)) - { + if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, + &ext_ctx, req_exts, req)) { BIO_printf(bio_err, - "Error Loading extension section %s\n", - req_exts); + "Error Loading extension section %s\n", + req_exts); goto end; - } - i=do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts); - if (!i) - { + } + i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts); + if (!i) { ERR_print_errors(bio_err); goto end; - } } } - - if (subj && x509) - { + } + if (subj && x509) { BIO_printf(bio_err, "Cannot modifiy certificate subject\n"); goto end; - } - - if (subj && !x509) - { - if (verbose) - { + } + if (subj && !x509) { + if (verbose) { BIO_printf(bio_err, "Modifying Request's Subject\n"); print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); - } - - if (build_subject(req, subj, chtype, multirdn) == 0) - { + } + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); - ex=1; + ex = 1; goto end; - } - + } req->req_info->enc.modified = 1; - if (verbose) - { + if (verbose) { print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag); - } } + } + if (verify && !x509) { + int tmp = 0; - if (verify && !x509) - { - int tmp=0; - - if (pkey == NULL) - { - pkey=X509_REQ_get_pubkey(req); - tmp=1; - if (pkey == NULL) goto end; - } - - i=X509_REQ_verify(req,pkey); + if (pkey == NULL) { + pkey = X509_REQ_get_pubkey(req); + tmp = 1; + if (pkey == NULL) + goto end; + } + i = X509_REQ_verify(req, pkey); if (tmp) { EVP_PKEY_free(pkey); - pkey=NULL; + pkey = NULL; } - - if (i < 0) - { + if (i < 0) { goto end; - } - else if (i == 0) - { - BIO_printf(bio_err,"verify failure\n"); + } else if (i == 0) { + BIO_printf(bio_err, "verify failure\n"); ERR_print_errors(bio_err); - } - else /* if (i > 0) */ - BIO_printf(bio_err,"verify OK\n"); - } - - if (noout && !text && !modulus && !subject && !pubkey) - { - ex=0; + } else /* if (i > 0) */ + BIO_printf(bio_err, "verify OK\n"); + } + if (noout && !text && !modulus && !subject && !pubkey) { + ex = 0; goto end; - } - - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) - i=(int)BIO_append_filename(out,outfile); + } + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if ((keyout != NULL) && (strcmp(outfile, keyout) == 0)) + i = (int) BIO_append_filename(out, outfile); else - i=(int)BIO_write_filename(out,outfile); - if (!i) - { + i = (int) BIO_write_filename(out, outfile); + if (!i) { perror(outfile); goto end; - } } + } - if (pubkey) - { - EVP_PKEY *tpubkey; - tpubkey=X509_REQ_get_pubkey(req); - if (tpubkey == NULL) - { - BIO_printf(bio_err,"Error getting public key\n"); + if (pubkey) { + EVP_PKEY *tpubkey; + tpubkey = X509_REQ_get_pubkey(req); + if (tpubkey == NULL) { + BIO_printf(bio_err, "Error getting public key\n"); ERR_print_errors(bio_err); goto end; - } + } PEM_write_bio_PUBKEY(out, tpubkey); EVP_PKEY_free(tpubkey); - } - - if (text) - { + } + if (text) { if (x509) X509_print_ex(out, x509ss, nmflag, reqflag); - else + else X509_REQ_print_ex(out, req, nmflag, reqflag); - } - - if(subject) - { - if(x509) + } + if (subject) { + if (x509) print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); else print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); - } - - if (modulus) - { + } + if (modulus) { EVP_PKEY *tpubkey; if (x509) - tpubkey=X509_get_pubkey(x509ss); + tpubkey = X509_get_pubkey(x509ss); else - tpubkey=X509_REQ_get_pubkey(req); - if (tpubkey == NULL) - { - fprintf(stdout,"Modulus=unavailable\n"); - goto end; - } - fprintf(stdout,"Modulus="); + tpubkey = X509_REQ_get_pubkey(req); + if (tpubkey == NULL) { + fprintf(stdout, "Modulus=unavailable\n"); + goto end; + } + fprintf(stdout, "Modulus="); #ifndef OPENSSL_NO_RSA if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) - BN_print(out,tpubkey->pkey.rsa->n); + BN_print(out, tpubkey->pkey.rsa->n); else #endif - fprintf(stdout,"Wrong Algorithm type"); + fprintf(stdout, "Wrong Algorithm type"); EVP_PKEY_free(tpubkey); - fprintf(stdout,"\n"); - } - - if (!noout && !x509) - { - if (outformat == FORMAT_ASN1) - i=i2d_X509_REQ_bio(out,req); + fprintf(stdout, "\n"); + } + if (!noout && !x509) { + if (outformat == FORMAT_ASN1) + i = i2d_X509_REQ_bio(out, req); else if (outformat == FORMAT_PEM) { - if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req); - else i=PEM_write_bio_X509_REQ(out,req); + if (newhdr) + i = PEM_write_bio_X509_REQ_NEW(out, req); + else + i = PEM_write_bio_X509_REQ(out, req); } else { - BIO_printf(bio_err,"bad output format specified for outfile\n"); + BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; - } - if (!i) - { - BIO_printf(bio_err,"unable to write X509 request\n"); + } + if (!i) { + BIO_printf(bio_err, "unable to write X509 request\n"); goto end; - } } - if (!noout && x509 && (x509ss != NULL)) - { - if (outformat == FORMAT_ASN1) - i=i2d_X509_bio(out,x509ss); + } + if (!noout && x509 && (x509ss != NULL)) { + if (outformat == FORMAT_ASN1) + i = i2d_X509_bio(out, x509ss); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_X509(out,x509ss); - else { - BIO_printf(bio_err,"bad output format specified for outfile\n"); + i = PEM_write_bio_X509(out, x509ss); + else { + BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; - } - if (!i) - { - BIO_printf(bio_err,"unable to write X509 certificate\n"); + } + if (!i) { + BIO_printf(bio_err, "unable to write X509 certificate\n"); goto end; - } } - ex=0; + } + ex = 0; end: - if (ex) - { + if (ex) { ERR_print_errors(bio_err); - } - if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); + } + if ((req_conf != NULL) && (req_conf != config)) + NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); @@ -1070,502 +938,459 @@ end: X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); - if(passargin && passin) free(passin); - if(passargout && passout) free(passout); + if (passargin && passin) + free(passin); + if (passargout && passout) + free(passout); OBJ_cleanup(); apps_shutdown(); - return(ex); - } + return (ex); +} -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, - int attribs, unsigned long chtype) - { - int ret=0,i; +static int +make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) +{ + int ret = 0, i; char no_prompt = 0; - STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; - char *tmp, *dn_sect,*attr_sect; + STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL; + char *tmp, *dn_sect, *attr_sect; - tmp=NCONF_get_string(req_conf,SECTION,PROMPT); + tmp = NCONF_get_string(req_conf, SECTION, PROMPT); if (tmp == NULL) ERR_clear_error(); - if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; + if ((tmp != NULL) && !strcmp(tmp, "no")) + no_prompt = 1; - dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); - if (dn_sect == NULL) - { - BIO_printf(bio_err,"unable to find '%s' in config\n", - DISTINGUISHED_NAME); + dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME); + if (dn_sect == NULL) { + BIO_printf(bio_err, "unable to find '%s' in config\n", + DISTINGUISHED_NAME); goto err; - } - dn_sk=NCONF_get_section(req_conf,dn_sect); - if (dn_sk == NULL) - { - BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); + } + dn_sk = NCONF_get_section(req_conf, dn_sect); + if (dn_sk == NULL) { + BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); goto err; - } - - attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES); - if (attr_sect == NULL) - { - ERR_clear_error(); - attr_sk=NULL; - } - else - { - attr_sk=NCONF_get_section(req_conf,attr_sect); - if (attr_sk == NULL) - { - BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); + } + attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES); + if (attr_sect == NULL) { + ERR_clear_error(); + attr_sk = NULL; + } else { + attr_sk = NCONF_get_section(req_conf, attr_sect); + if (attr_sk == NULL) { + BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect); goto err; - } } + } /* setup version number */ - if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */ + if (!X509_REQ_set_version(req, 0L)) + goto err; /* version 1 */ - if (no_prompt) + if (no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs, chtype); - else - { + else { if (subj) i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); - } - if(!i) goto err; + } + if (!i) + goto err; - if (!X509_REQ_set_pubkey(req,pkey)) goto err; + if (!X509_REQ_set_pubkey(req, pkey)) + goto err; - ret=1; + ret = 1; err: - return(ret); - } + return (ret); +} /* * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) - { +static int +build_subject(X509_REQ * req, char *subject, unsigned long chtype, int multirdn) +{ X509_NAME *n; if (!(n = parse_name(subject, chtype, multirdn))) return 0; - if (!X509_REQ_set_subject_name(req, n)) - { + if (!X509_REQ_set_subject_name(req, n)) { X509_NAME_free(n); return 0; - } + } X509_NAME_free(n); return 1; } -static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, - unsigned long chtype) - { +static int +prompt_info(X509_REQ * req, + STACK_OF(CONF_VALUE) * dn_sk, char *dn_sect, + STACK_OF(CONF_VALUE) * attr_sk, char *attr_sect, int attribs, + unsigned long chtype) +{ int i; - char *p,*q; + char *p, *q; char buf[100]; int nid, mval; - long n_min,n_max; + long n_min, n_max; char *type, *value; const char *def; CONF_VALUE *v; X509_NAME *subj; subj = X509_REQ_get_subject_name(req); - if(!batch) - { - BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); - BIO_printf(bio_err,"into your certificate request.\n"); - BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); - BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); - BIO_printf(bio_err,"For some fields there will be a default value,\n"); - BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); - BIO_printf(bio_err,"-----\n"); - } - - - if (sk_CONF_VALUE_num(dn_sk)) - { - i= -1; -start: for (;;) - { + if (!batch) { + BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); + BIO_printf(bio_err, "into your certificate request.\n"); + BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); + BIO_printf(bio_err, "There are quite a few fields but you can leave some blank\n"); + BIO_printf(bio_err, "For some fields there will be a default value,\n"); + BIO_printf(bio_err, "If you enter '.', the field will be left blank.\n"); + BIO_printf(bio_err, "-----\n"); + } + if (sk_CONF_VALUE_num(dn_sk)) { + i = -1; +start: for (;;) { int ret; i++; - if (sk_CONF_VALUE_num(dn_sk) <= i) break; - - v=sk_CONF_VALUE_value(dn_sk,i); - p=q=NULL; - type=v->name; - if(!check_end(type,"_min") || !check_end(type,"_max") || - !check_end(type,"_default") || - !check_end(type,"_value")) continue; - /* Skip past any leading X. X: X, etc to allow for - * multiple instances + if (sk_CONF_VALUE_num(dn_sk) <= i) + break; + + v = sk_CONF_VALUE_value(dn_sk, i); + p = q = NULL; + type = v->name; + if (!check_end(type, "_min") || !check_end(type, "_max") || + !check_end(type, "_default") || + !check_end(type, "_value")) + continue; + /* + * Skip past any leading X. X: X, etc to allow for + * multiple instances */ - for(p = v->name; *p ; p++) + for (p = v->name; *p; p++) if ((*p == ':') || (*p == ',') || - (*p == '.')) { + (*p == '.')) { p++; - if(*p) type = p; + if (*p) + type = p; break; } - if (*type == '+') - { + if (*type == '+') { mval = -1; type++; - } - else + } else mval = 0; /* If OBJ not recognised ignore it */ - if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; - ret = snprintf(buf,sizeof buf,"%s_default",v->name); - if (ret == -1 || ret >= sizeof(buf)) - { - BIO_printf(bio_err,"Name '%s' too long\n",v->name); - return 0; - } - - if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) - { + if ((nid = OBJ_txt2nid(type)) == NID_undef) + goto start; + ret = snprintf(buf, sizeof buf, "%s_default", v->name); + if (ret == -1 || ret >= sizeof(buf)) { + BIO_printf(bio_err, "Name '%s' too long\n", v->name); + return 0; + } + if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); - def=""; - } - - (void) snprintf(buf,sizeof buf,"%s_value",v->name); - if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) - { + def = ""; + } + (void) snprintf(buf, sizeof buf, "%s_value", v->name); + if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); - value=NULL; - } - - (void) snprintf(buf,sizeof buf,"%s_min",v->name); - if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) - { + value = NULL; + } + (void) snprintf(buf, sizeof buf, "%s_min", v->name); + if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; - } - - (void) snprintf(buf,sizeof buf,"%s_max",v->name); - if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) - { + } + (void) snprintf(buf, sizeof buf, "%s_max", v->name); + if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; - } - - if (!add_DN_object(subj,v->value,def,value,nid, - n_min,n_max, chtype, mval)) - return 0; } - if (X509_NAME_entry_count(subj) == 0) - { - BIO_printf(bio_err,"error, no objects specified in config file\n"); + if (!add_DN_object(subj, v->value, def, value, nid, + n_min, n_max, chtype, mval)) + return 0; + } + if (X509_NAME_entry_count(subj) == 0) { + BIO_printf(bio_err, "error, no objects specified in config file\n"); return 0; + } + if (attribs) { + if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) { + BIO_printf(bio_err, "\nPlease enter the following 'extra' attributes\n"); + BIO_printf(bio_err, "to be sent with your certificate request\n"); } - - if (attribs) - { - if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) - { - BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); - BIO_printf(bio_err,"to be sent with your certificate request\n"); - } - - i= -1; -start2: for (;;) - { + i = -1; + start2: for (;;) { int ret; i++; if ((attr_sk == NULL) || - (sk_CONF_VALUE_num(attr_sk) <= i)) + (sk_CONF_VALUE_num(attr_sk) <= i)) break; - v=sk_CONF_VALUE_value(attr_sk,i); - type=v->name; - if ((nid=OBJ_txt2nid(type)) == NID_undef) + v = sk_CONF_VALUE_value(attr_sk, i); + type = v->name; + if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - ret = snprintf(buf,sizeof buf,"%s_default",type); - if (ret == -1 || ret >= sizeof(buf)) - { - BIO_printf(bio_err,"Name '%s' too long\n",v->name); - return 0; - } - - if ((def=NCONF_get_string(req_conf,attr_sect,buf)) - == NULL) - { + ret = snprintf(buf, sizeof buf, "%s_default", type); + if (ret == -1 || ret >= sizeof(buf)) { + BIO_printf(bio_err, "Name '%s' too long\n", v->name); + return 0; + } + if ((def = NCONF_get_string(req_conf, attr_sect, buf)) + == NULL) { ERR_clear_error(); - def=""; - } - - - (void) snprintf(buf,sizeof buf,"%s_value",type); - if ((value=NCONF_get_string(req_conf,attr_sect,buf)) - == NULL) - { + def = ""; + } + (void) snprintf(buf, sizeof buf, "%s_value", type); + if ((value = NCONF_get_string(req_conf, attr_sect, buf)) + == NULL) { ERR_clear_error(); - value=NULL; - } - - (void) snprintf(buf,sizeof buf,"%s_min",type); - if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) - { + value = NULL; + } + (void) snprintf(buf, sizeof buf, "%s_min", type); + if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; - } - - (void) snprintf(buf,sizeof buf,"%s_max",type); - if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) - { + } + (void) snprintf(buf, sizeof buf, "%s_max", type); + if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; - } - + } if (!add_attribute_object(req, - v->value,def,value,nid,n_min,n_max, chtype)) + v->value, def, value, nid, n_min, n_max, chtype)) return 0; - } } } - else - { - BIO_printf(bio_err,"No template, please set one up.\n"); + } else { + BIO_printf(bio_err, "No template, please set one up.\n"); return 0; - } + } return 1; - } +} -static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, - STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype) - { +static int +auto_info(X509_REQ * req, STACK_OF(CONF_VALUE) * dn_sk, + STACK_OF(CONF_VALUE) * attr_sk, int attribs, unsigned long chtype) +{ int i; - char *p,*q; + char *p, *q; char *type; CONF_VALUE *v; X509_NAME *subj; subj = X509_REQ_get_subject_name(req); - for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { int mval; - v=sk_CONF_VALUE_value(dn_sk,i); - p=q=NULL; - type=v->name; - /* Skip past any leading X. X: X, etc to allow for - * multiple instances + v = sk_CONF_VALUE_value(dn_sk, i); + p = q = NULL; + type = v->name; + /* + * Skip past any leading X. X: X, etc to allow for multiple + * instances */ - for(p = v->name; *p ; p++) + for (p = v->name; *p; p++) if ((*p == ':') || (*p == ',') || (*p == '.')) { p++; - if(*p) type = p; + if (*p) + type = p; break; } - if (*p == '+') - { + if (*p == '+') { p++; mval = -1; - } - else + } else mval = 0; - if (!X509_NAME_add_entry_by_txt(subj,type, chtype, - (unsigned char *) v->value,-1,-1,mval)) return 0; + if (!X509_NAME_add_entry_by_txt(subj, type, chtype, + (unsigned char *) v->value, -1, -1, mval)) + return 0; - } + } - if (!X509_NAME_entry_count(subj)) - { - BIO_printf(bio_err,"error, no objects specified in config file\n"); - return 0; - } - if (attribs) - { - for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) - { - v=sk_CONF_VALUE_value(attr_sk,i); - if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype, - (unsigned char *)v->value, -1)) return 0; - } - } - return 1; + if (!X509_NAME_entry_count(subj)) { + BIO_printf(bio_err, "error, no objects specified in config file\n"); + return 0; } + if (attribs) { + for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) { + v = sk_CONF_VALUE_value(attr_sk, i); + if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype, + (unsigned char *) v->value, -1)) + return 0; + } + } + return 1; +} -static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, - int nid, int n_min, int n_max, unsigned long chtype, int mval) - { - int i,ret=0; +static int +add_DN_object(X509_NAME * n, char *text, const char *def, char *value, + int nid, int n_min, int n_max, unsigned long chtype, int mval) +{ + int i, ret = 0; char buf[1024]; start: - if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); - (void)BIO_flush(bio_err); - if(value != NULL) - { - BUF_strlcpy(buf,value,sizeof buf); - BUF_strlcat(buf,"\n",sizeof buf); - BIO_printf(bio_err,"%s\n",value); - } - else - { - buf[0]='\0'; - if (!batch) - { - if (!fgets(buf,sizeof buf,stdin)) + if (!batch) + BIO_printf(bio_err, "%s [%s]:", text, def); + (void) BIO_flush(bio_err); + if (value != NULL) { + BUF_strlcpy(buf, value, sizeof buf); + BUF_strlcat(buf, "\n", sizeof buf); + BIO_printf(bio_err, "%s\n", value); + } else { + buf[0] = '\0'; + if (!batch) { + if (!fgets(buf, sizeof buf, stdin)) return 0; - } - else - { + } else { buf[0] = '\n'; buf[1] = '\0'; - } } + } - if (buf[0] == '\0') return(0); - else if (buf[0] == '\n') - { + if (buf[0] == '\0') + return (0); + else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) - return(1); - BUF_strlcpy(buf,def,sizeof buf); - BUF_strlcat(buf,"\n",sizeof buf); - } - else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); - - i=strlen(buf); - if (buf[i-1] != '\n') - { - BIO_printf(bio_err,"weird input :-(\n"); - return(0); - } - buf[--i]='\0'; - if(!req_check_len(i, n_min, n_max)) goto start; - if (!X509_NAME_add_entry_by_NID(n,nid, chtype, - (unsigned char *) buf, -1,-1,mval)) goto err; - ret=1; -err: - return(ret); + return (1); + BUF_strlcpy(buf, def, sizeof buf); + BUF_strlcat(buf, "\n", sizeof buf); + } else if ((buf[0] == '.') && (buf[1] == '\n')) + return (1); + + i = strlen(buf); + if (buf[i - 1] != '\n') { + BIO_printf(bio_err, "weird input :-(\n"); + return (0); } + buf[--i] = '\0'; + if (!req_check_len(i, n_min, n_max)) + goto start; + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, + (unsigned char *) buf, -1, -1, mval)) + goto err; + ret = 1; +err: + return (ret); +} -static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, - int n_max, unsigned long chtype) - { +static int +add_attribute_object(X509_REQ * req, char *text, const char *def, + char *value, int nid, int n_min, + int n_max, unsigned long chtype) +{ int i; static char buf[1024]; start: - if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def); - (void)BIO_flush(bio_err); - if (value != NULL) - { - BUF_strlcpy(buf,value,sizeof buf); - BUF_strlcat(buf,"\n",sizeof buf); - BIO_printf(bio_err,"%s\n",value); - } - else - { - buf[0]='\0'; - if (!batch) - { - if (!fgets(buf,sizeof buf,stdin)) + if (!batch) + BIO_printf(bio_err, "%s [%s]:", text, def); + (void) BIO_flush(bio_err); + if (value != NULL) { + BUF_strlcpy(buf, value, sizeof buf); + BUF_strlcat(buf, "\n", sizeof buf); + BIO_printf(bio_err, "%s\n", value); + } else { + buf[0] = '\0'; + if (!batch) { + if (!fgets(buf, sizeof buf, stdin)) return 0; - } - else - { + } else { buf[0] = '\n'; buf[1] = '\0'; - } } + } - if (buf[0] == '\0') return(0); - else if (buf[0] == '\n') - { + if (buf[0] == '\0') + return (0); + else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) - return(1); - BUF_strlcpy(buf,def,sizeof buf); - BUF_strlcat(buf,"\n",sizeof buf); - } - else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); - - i=strlen(buf); - if (buf[i-1] != '\n') - { - BIO_printf(bio_err,"weird input :-(\n"); - return(0); - } - buf[--i]='\0'; - if(!req_check_len(i, n_min, n_max)) goto start; + return (1); + BUF_strlcpy(buf, def, sizeof buf); + BUF_strlcat(buf, "\n", sizeof buf); + } else if ((buf[0] == '.') && (buf[1] == '\n')) + return (1); + + i = strlen(buf); + if (buf[i - 1] != '\n') { + BIO_printf(bio_err, "weird input :-(\n"); + return (0); + } + buf[--i] = '\0'; + if (!req_check_len(i, n_min, n_max)) + goto start; - if(!X509_REQ_add1_attr_by_NID(req, nid, chtype, - (unsigned char *)buf, -1)) { + if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, + (unsigned char *) buf, -1)) { BIO_printf(bio_err, "Error adding attribute\n"); ERR_print_errors(bio_err); goto err; } - - return(1); + return (1); err: - return(0); - } + return (0); +} -static int req_check_len(int len, int n_min, int n_max) - { - if ((n_min > 0) && (len < n_min)) - { - BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); - return(0); - } - if ((n_max >= 0) && (len > n_max)) - { - BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); - return(0); - } - return(1); +static int +req_check_len(int len, int n_min, int n_max) +{ + if ((n_min > 0) && (len < n_min)) { + BIO_printf(bio_err, "string is too short, it needs to be at least %d bytes long\n", n_min); + return (0); + } + if ((n_max >= 0) && (len > n_max)) { + BIO_printf(bio_err, "string is too long, it needs to be less than %d bytes long\n", n_max); + return (0); } + return (1); +} /* Check if the end of a string matches 'end' */ -static int check_end(const char *str, const char *end) +static int +check_end(const char *str, const char *end) { - int elen, slen; + int elen, slen; const char *tmp; elen = strlen(end); slen = strlen(str); - if(elen > slen) return 1; + if (elen > slen) + return 1; tmp = str + slen - elen; return strcmp(tmp, end); } -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, - long *pkeylen, char **palgnam, - ENGINE *keygen_engine) - { +static EVP_PKEY_CTX * +set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE * keygen_engine) +{ EVP_PKEY_CTX *gctx = NULL; EVP_PKEY *param = NULL; long keylen = -1; BIO *pbio = NULL; const char *paramfile = NULL; - if (gstr == NULL) - { + if (gstr == NULL) { *pkey_type = EVP_PKEY_RSA; keylen = *pkeylen; - } - else if (gstr[0] >= '0' && gstr[0] <= '9') - { + } else if (gstr[0] >= '0' && gstr[0] <= '9') { *pkey_type = EVP_PKEY_RSA; keylen = atol(gstr); *pkeylen = keylen; - } - else if (!strncmp(gstr, "param:", 6)) + } else if (!strncmp(gstr, "param:", 6)) paramfile = gstr + 6; - else - { + else { const char *p = strchr(gstr, ':'); int len; ENGINE *tmpeng; @@ -1575,178 +1400,160 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, len = p - gstr; else len = strlen(gstr); - /* The lookup of a the string will cover all engines so - * keep a note of the implementation. + /* + * The lookup of a the string will cover all engines so keep + * a note of the implementation. */ ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); - if (!ameth) - { + if (!ameth) { BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr); return NULL; - } - + } EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, - ameth); + ameth); #ifndef OPENSSL_NO_ENGINE if (tmpeng) ENGINE_finish(tmpeng); #endif - if (*pkey_type == EVP_PKEY_RSA) - { - if (p) - { + if (*pkey_type == EVP_PKEY_RSA) { + if (p) { keylen = atol(p + 1); *pkeylen = keylen; - } - else + } else keylen = *pkeylen; - } - else if (p) + } else if (p) paramfile = p + 1; - } + } - if (paramfile) - { + if (paramfile) { pbio = BIO_new_file(paramfile, "r"); - if (!pbio) - { + if (!pbio) { BIO_printf(err, "Can't open parameter file %s\n", - paramfile); + paramfile); return NULL; - } + } param = PEM_read_bio_Parameters(pbio, NULL); - if (!param) - { + if (!param) { X509 *x; - (void)BIO_reset(pbio); + (void) BIO_reset(pbio); x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); - if (x) - { + if (x) { param = X509_get_pubkey(x); X509_free(x); - } } - + } BIO_free(pbio); - if (!param) - { + if (!param) { BIO_printf(err, "Error reading parameter file %s\n", - paramfile); + paramfile); return NULL; - } + } if (*pkey_type == -1) *pkey_type = EVP_PKEY_id(param); - else if (*pkey_type != EVP_PKEY_base_id(param)) - { + else if (*pkey_type != EVP_PKEY_base_id(param)) { BIO_printf(err, "Key Type does not match parameters\n"); EVP_PKEY_free(param); return NULL; - } } - - if (palgnam) - { + } + if (palgnam) { const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *tmpeng; const char *anam; ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); - if (!ameth) - { + if (!ameth) { BIO_puts(err, "Internal error: can't find key algorithm\n"); return NULL; - } + } EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); *palgnam = BUF_strdup(anam); #ifndef OPENSSL_NO_ENGINE if (tmpeng) ENGINE_finish(tmpeng); #endif - } - - if (param) - { + } + if (param) { gctx = EVP_PKEY_CTX_new(param, keygen_engine); *pkeylen = EVP_PKEY_bits(param); EVP_PKEY_free(param); - } - else + } else gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); - if (!gctx) - { + if (!gctx) { BIO_puts(err, "Error allocating keygen context\n"); ERR_print_errors(err); return NULL; - } - - if (EVP_PKEY_keygen_init(gctx) <= 0) - { + } + if (EVP_PKEY_keygen_init(gctx) <= 0) { BIO_puts(err, "Error initializing keygen context\n"); ERR_print_errors(err); return NULL; - } + } #ifndef OPENSSL_NO_RSA - if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) - { - if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) - { + if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { + if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) { BIO_puts(err, "Error setting RSA keysize\n"); ERR_print_errors(err); EVP_PKEY_CTX_free(gctx); return NULL; - } } + } #endif return gctx; - } +} -static int genpkey_cb(EVP_PKEY_CTX *ctx) - { - char c='*'; +static int +genpkey_cb(EVP_PKEY_CTX * ctx) +{ + char c = '*'; BIO *b = EVP_PKEY_CTX_get_app_data(ctx); int p; p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - BIO_write(b,&c,1); - (void)BIO_flush(b); + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(b, &c, 1); + (void) BIO_flush(b); #ifdef LINT - p=n; + p = n; #endif return 1; - } +} -static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey, - const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) - { +static int +do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey, + const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts) +{ EVP_PKEY_CTX *pkctx = NULL; int i; EVP_MD_CTX_init(ctx); if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; - for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); - if (pkey_ctrl_string(pkctx, sigopt) <= 0) - { + if (pkey_ctrl_string(pkctx, sigopt) <= 0) { BIO_printf(err, "parameter error \"%s\"\n", sigopt); ERR_print_errors(bio_err); return 0; - } } - return 1; } + return 1; +} -int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, - STACK_OF(OPENSSL_STRING) *sigopts) - { +int +do_X509_sign(BIO * err, X509 * x, EVP_PKEY * pkey, const EVP_MD * md, + STACK_OF(OPENSSL_STRING) * sigopts) +{ int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); @@ -1755,12 +1562,13 @@ int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, rv = X509_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; - } +} -int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, - STACK_OF(OPENSSL_STRING) *sigopts) - { +int +do_X509_REQ_sign(BIO * err, X509_REQ * x, EVP_PKEY * pkey, const EVP_MD * md, + STACK_OF(OPENSSL_STRING) * sigopts) +{ int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); @@ -1769,13 +1577,14 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, rv = X509_REQ_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; - } - - +} + + -int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, - STACK_OF(OPENSSL_STRING) *sigopts) - { +int +do_X509_CRL_sign(BIO * err, X509_CRL * x, EVP_PKEY * pkey, const EVP_MD * md, + STACK_OF(OPENSSL_STRING) * sigopts) +{ int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); @@ -1784,6 +1593,4 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; - } - - +} diff --git a/lib/libssl/src/apps/rsa.c b/lib/libssl/src/apps/rsa.c index b367f235518..e3f4989aeb2 100644 --- a/lib/libssl/src/apps/rsa.c +++ b/lib/libssl/src/apps/rsa.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -97,312 +97,279 @@ int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ ENGINE *e = NULL; - int ret=1; - RSA *rsa=NULL; - int i,badops=0, sgckey=0; - const EVP_CIPHER *enc=NULL; - BIO *out=NULL; - int informat,outformat,text=0,check=0,noout=0; + int ret = 1; + RSA *rsa = NULL; + int i, badops = 0, sgckey = 0; + const EVP_CIPHER *enc = NULL; + BIO *out = NULL; + int informat, outformat, text = 0, check = 0, noout = 0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog; + char *infile, *outfile, *prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif - int modulus=0; + int modulus = 0; int pvk_encr = 2; apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; - infile=NULL; - outfile=NULL; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; - prog=argv[0]; + prog = argv[0]; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-passin") == 0) - { - if (--argc < 1) goto bad; - passargin= *(++argv); - } - else if (strcmp(*argv,"-passout") == 0) - { - if (--argc < 1) goto bad; - passargout= *(++argv); - } + while (argc >= 1) { + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; + infile = *(++argv); + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; + outfile = *(++argv); + } else if (strcmp(*argv, "-passin") == 0) { + if (--argc < 1) + goto bad; + passargin = *(++argv); + } else if (strcmp(*argv, "-passout") == 0) { + if (--argc < 1) + goto bad; + passargout = *(++argv); + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; + engine = *(++argv); + } #endif - else if (strcmp(*argv,"-sgckey") == 0) - sgckey=1; - else if (strcmp(*argv,"-pubin") == 0) - pubin=1; - else if (strcmp(*argv,"-pubout") == 0) - pubout=1; - else if (strcmp(*argv,"-RSAPublicKey_in") == 0) + else if (strcmp(*argv, "-sgckey") == 0) + sgckey = 1; + else if (strcmp(*argv, "-pubin") == 0) + pubin = 1; + else if (strcmp(*argv, "-pubout") == 0) + pubout = 1; + else if (strcmp(*argv, "-RSAPublicKey_in") == 0) pubin = 2; - else if (strcmp(*argv,"-RSAPublicKey_out") == 0) + else if (strcmp(*argv, "-RSAPublicKey_out") == 0) pubout = 2; - else if (strcmp(*argv,"-pvk-strong") == 0) - pvk_encr=2; - else if (strcmp(*argv,"-pvk-weak") == 0) - pvk_encr=1; - else if (strcmp(*argv,"-pvk-none") == 0) - pvk_encr=0; - else if (strcmp(*argv,"-noout") == 0) - noout=1; - else if (strcmp(*argv,"-text") == 0) - text=1; - else if (strcmp(*argv,"-modulus") == 0) - modulus=1; - else if (strcmp(*argv,"-check") == 0) - check=1; - else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + else if (strcmp(*argv, "-pvk-strong") == 0) + pvk_encr = 2; + else if (strcmp(*argv, "-pvk-weak") == 0) + pvk_encr = 1; + else if (strcmp(*argv, "-pvk-none") == 0) + pvk_encr = 0; + else if (strcmp(*argv, "-noout") == 0) + noout = 1; + else if (strcmp(*argv, "-text") == 0) + text = 1; + else if (strcmp(*argv, "-modulus") == 0) + modulus = 1; + else if (strcmp(*argv, "-check") == 0) + check = 1; + else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - BIO_printf(bio_err,"%s [options] outfile\n",prog); - BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); - BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); - BIO_printf(bio_err," -passin arg input file pass phrase source\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -passout arg output file pass phrase source\n"); - BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); - BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); + BIO_printf(bio_err, "%s [options] outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err, " -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n"); + BIO_printf(bio_err, " -passin arg input file pass phrase source\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); + BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA - BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); + BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n"); #endif #ifndef OPENSSL_NO_SEED - BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); + BIO_printf(bio_err, " -seed encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES - BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); - BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); + BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); + BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); #endif - BIO_printf(bio_err," -text print the key in text\n"); - BIO_printf(bio_err," -noout don't print key out\n"); - BIO_printf(bio_err," -modulus print the RSA key modulus\n"); - BIO_printf(bio_err," -check verify key consistency\n"); - BIO_printf(bio_err," -pubin expect a public key in input file\n"); - BIO_printf(bio_err," -pubout output a public key\n"); + BIO_printf(bio_err, " -text print the key in text\n"); + BIO_printf(bio_err, " -noout don't print key out\n"); + BIO_printf(bio_err, " -modulus print the RSA key modulus\n"); + BIO_printf(bio_err, " -check verify key consistency\n"); + BIO_printf(bio_err, " -pubin expect a public key in input file\n"); + BIO_printf(bio_err, " -pubout output a public key\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif goto end; - } - + } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - - if(check && pubin) { + if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } - - out=BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - if (pubin) - { - int tmpformat=-1; - if (pubin == 2) - { + if (pubin) { + int tmpformat = -1; + if (pubin == 2) { if (informat == FORMAT_PEM) tmpformat = FORMAT_PEMRSA; else if (informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; - } - else if (informat == FORMAT_NETSCAPE && sgckey) + } else if (informat == FORMAT_NETSCAPE && sgckey) tmpformat = FORMAT_IISSGC; else tmpformat = informat; - + pkey = load_pubkey(bio_err, infile, tmpformat, 1, - passin, e, "Public Key"); - } - else + passin, e, "Public Key"); + } else pkey = load_key(bio_err, infile, - (informat == FORMAT_NETSCAPE && sgckey ? - FORMAT_IISSGC : informat), 1, - passin, e, "Private Key"); + (informat == FORMAT_NETSCAPE && sgckey ? + FORMAT_IISSGC : informat), 1, + passin, e, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } - if (rsa == NULL) - { + if (rsa == NULL) { ERR_print_errors(bio_err); goto end; - } - - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (BIO_write_filename(out,outfile) <= 0) - { + } + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; - } } + } - if (text) - if (!RSA_print(out,rsa,0)) - { + if (text) + if (!RSA_print(out, rsa, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; - } - - if (modulus) - { - BIO_printf(out,"Modulus="); - BN_print(out,rsa->n); - BIO_printf(out,"\n"); } - - if (check) - { + if (modulus) { + BIO_printf(out, "Modulus="); + BN_print(out, rsa->n); + BIO_printf(out, "\n"); + } + if (check) { int r = RSA_check_key(rsa); if (r == 1) - BIO_printf(out,"RSA key ok\n"); - else if (r == 0) - { + BIO_printf(out, "RSA key ok\n"); + else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && - ERR_GET_LIB(err) == ERR_LIB_RSA && - ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && - ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) - { + ERR_GET_LIB(err) == ERR_LIB_RSA && + ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && + ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); - ERR_get_error(); /* remove e from error stack */ - } + ERR_get_error(); /* remove e from error + * stack */ } - - if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ - { + } + if (r == -1 || ERR_peek_error() != 0) { /* should happen only if + * r == -1 */ ERR_print_errors(bio_err); goto end; - } } - - if (noout) - { + } + if (noout) { ret = 0; goto end; - } - BIO_printf(bio_err,"writing RSA key\n"); - if (outformat == FORMAT_ASN1) { - if(pubout || pubin) - { + } + BIO_printf(bio_err, "writing RSA key\n"); + if (outformat == FORMAT_ASN1) { + if (pubout || pubin) { if (pubout == 2) - i=i2d_RSAPublicKey_bio(out,rsa); + i = i2d_RSAPublicKey_bio(out, rsa); else - i=i2d_RSA_PUBKEY_bio(out,rsa); - } - else i=i2d_RSAPrivateKey_bio(out,rsa); + i = i2d_RSA_PUBKEY_bio(out, rsa); + } else + i = i2d_RSAPrivateKey_bio(out, rsa); } #ifndef OPENSSL_NO_RC4 - else if (outformat == FORMAT_NETSCAPE) - { - unsigned char *p,*pp; + else if (outformat == FORMAT_NETSCAPE) { + unsigned char *p, *pp; int size; - i=1; - size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); - if ((p=(unsigned char *)malloc(size)) == NULL) - { - BIO_printf(bio_err,"Memory allocation failure\n"); + i = 1; + size = i2d_RSA_NET(rsa, NULL, NULL, sgckey); + if ((p = (unsigned char *) malloc(size)) == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto end; - } - pp=p; - i2d_RSA_NET(rsa,&p,NULL, sgckey); - BIO_write(out,(char *)pp,size); - free(pp); } + pp = p; + i2d_RSA_NET(rsa, &p, NULL, sgckey); + BIO_write(out, (char *) pp, size); + free(pp); + } #endif else if (outformat == FORMAT_PEM) { - if(pubout || pubin) - { + if (pubout || pubin) { if (pubout == 2) - i=PEM_write_bio_RSAPublicKey(out,rsa); + i = PEM_write_bio_RSAPublicKey(out, rsa); else - i=PEM_write_bio_RSA_PUBKEY(out,rsa); - } - else i=PEM_write_bio_RSAPrivateKey(out,rsa, - enc,NULL,0,NULL,passout); + i = PEM_write_bio_RSA_PUBKEY(out, rsa); + } else + i = PEM_write_bio_RSAPrivateKey(out, rsa, + enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; @@ -416,29 +383,31 @@ bad: i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); #endif - } else { - BIO_printf(bio_err,"bad output format specified for outfile\n"); + } else { + BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; - } - if (i <= 0) - { - BIO_printf(bio_err,"unable to write key\n"); + } + if (i <= 0) { + BIO_printf(bio_err, "unable to write key\n"); ERR_print_errors(bio_err); - } - else - ret=0; + } else + ret = 0; end: - if(out != NULL) BIO_free_all(out); - if(rsa != NULL) RSA_free(rsa); - if(passin) free(passin); - if(passout) free(passout); + if (out != NULL) + BIO_free_all(out); + if (rsa != NULL) + RSA_free(rsa); + if (passin) + free(passin); + if (passout) + free(passout); apps_shutdown(); - return(ret); - } -#else /* !OPENSSL_NO_RSA */ + return (ret); +} +#else /* !OPENSSL_NO_RSA */ -# if PEDANTIC -static void *dummy=&dummy; -# endif +#if PEDANTIC +static void *dummy = &dummy; +#endif #endif diff --git a/lib/libssl/src/apps/rsautl.c b/lib/libssl/src/apps/rsautl.c index ba9758c94b2..9b8a040853e 100644 --- a/lib/libssl/src/apps/rsautl.c +++ b/lib/libssl/src/apps/rsautl.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -82,7 +82,8 @@ static void usage(void); int MAIN(int argc, char **); -int MAIN(int argc, char **argv) +int +MAIN(int argc, char **argv) { ENGINE *e = NULL; BIO *in = NULL, *out = NULL; @@ -108,71 +109,81 @@ int MAIN(int argc, char **argv) argc--; argv++; - if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + if (!bio_err) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); pad = RSA_PKCS1_PADDING; - - while(argc >= 1) - { - if (!strcmp(*argv,"-in")) { + + while (argc >= 1) { + if (!strcmp(*argv, "-in")) { if (--argc < 1) badarg = 1; else - infile= *(++argv); - } else if (!strcmp(*argv,"-out")) { + infile = *(++argv); + } else if (!strcmp(*argv, "-out")) { if (--argc < 1) badarg = 1; else - outfile= *(++argv); - } else if(!strcmp(*argv, "-inkey")) { + outfile = *(++argv); + } else if (!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; else keyfile = *(++argv); - } else if (!strcmp(*argv,"-passin")) { + } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) badarg = 1; else - passargin= *(++argv); - } else if (strcmp(*argv,"-keyform") == 0) { + passargin = *(++argv); + } else if (strcmp(*argv, "-keyform") == 0) { if (--argc < 1) badarg = 1; else - keyform=str2fmt(*(++argv)); + keyform = str2fmt(*(++argv)); #ifndef OPENSSL_NO_ENGINE - } else if(!strcmp(*argv, "-engine")) { + } else if (!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; else engine = *(++argv); #endif - } else if(!strcmp(*argv, "-pubin")) { + } else if (!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; - } else if(!strcmp(*argv, "-certin")) { + } else if (!strcmp(*argv, "-certin")) { key_type = KEY_CERT; - } - else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; - else if(!strcmp(*argv, "-hexdump")) hexdump = 1; - else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; - else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; - else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; - else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; - else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING; - else if(!strcmp(*argv, "-sign")) { + } else if (!strcmp(*argv, "-asn1parse")) + asn1parse = 1; + else if (!strcmp(*argv, "-hexdump")) + hexdump = 1; + else if (!strcmp(*argv, "-raw")) + pad = RSA_NO_PADDING; + else if (!strcmp(*argv, "-oaep")) + pad = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(*argv, "-ssl")) + pad = RSA_SSLV23_PADDING; + else if (!strcmp(*argv, "-pkcs")) + pad = RSA_PKCS1_PADDING; + else if (!strcmp(*argv, "-x931")) + pad = RSA_X931_PADDING; + else if (!strcmp(*argv, "-sign")) { rsa_mode = RSA_SIGN; need_priv = 1; - } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY; - else if(!strcmp(*argv, "-rev")) rev = 1; - else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT; - else if(!strcmp(*argv, "-decrypt")) { + } else if (!strcmp(*argv, "-verify")) + rsa_mode = RSA_VERIFY; + else if (!strcmp(*argv, "-rev")) + rev = 1; + else if (!strcmp(*argv, "-encrypt")) + rsa_mode = RSA_ENCRYPT; + else if (!strcmp(*argv, "-decrypt")) { rsa_mode = RSA_DECRYPT; need_priv = 1; - } else badarg = 1; - if(badarg) { + } else + badarg = 1; + if (badarg) { usage(); goto end; } @@ -180,69 +191,65 @@ int MAIN(int argc, char **argv) argv++; } - if(need_priv && (key_type != KEY_PRIVKEY)) { + if (need_priv && (key_type != KEY_PRIVKEY)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } - #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); - - switch(key_type) { - case KEY_PRIVKEY: + + switch (key_type) { + case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, 0, - passin, e, "Private Key"); + passin, e, "Private Key"); break; - case KEY_PUBKEY: + case KEY_PUBKEY: pkey = load_pubkey(bio_err, keyfile, keyform, 0, - NULL, e, "Public Key"); + NULL, e, "Public Key"); break; - case KEY_CERT: + case KEY_CERT: x = load_cert(bio_err, keyfile, keyform, - NULL, e, "Certificate"); - if(x) { + NULL, e, "Certificate"); + if (x) { pkey = X509_get_pubkey(x); X509_free(x); } break; } - if(!pkey) { + if (!pkey) { return 1; } - rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); - if(!rsa) { + if (!rsa) { BIO_printf(bio_err, "Error getting RSA key\n"); ERR_print_errors(bio_err); goto end; } - - - if(infile) { - if(!(in = BIO_new_file(infile, "rb"))) { + if (infile) { + if (!(in = BIO_new_file(infile, "rb"))) { BIO_printf(bio_err, "Error Reading Input File\n"); - ERR_print_errors(bio_err); + ERR_print_errors(bio_err); goto end; } - } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + } else + in = BIO_new_fp(stdin, BIO_NOCLOSE); - if(outfile) { - if(!(out = BIO_new_file(outfile, "wb"))) { + if (outfile) { + if (!(out = BIO_new_file(outfile, "wb"))) { BIO_printf(bio_err, "Error Reading Output File\n"); - ERR_print_errors(bio_err); + ERR_print_errors(bio_err); goto end; } } else { @@ -256,62 +263,68 @@ int MAIN(int argc, char **argv) /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); - if(rsa_inlen <= 0) { + if (rsa_inlen <= 0) { BIO_printf(bio_err, "Error reading input Data\n"); exit(1); } - if(rev) { + if (rev) { int i; unsigned char ctmp; - for(i = 0; i < rsa_inlen/2; i++) { + for (i = 0; i < rsa_inlen / 2; i++) { ctmp = rsa_in[i]; rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; rsa_in[rsa_inlen - 1 - i] = ctmp; } } - switch(rsa_mode) { + switch (rsa_mode) { - case RSA_VERIFY: - rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + case RSA_VERIFY: + rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); break; - case RSA_SIGN: - rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + case RSA_SIGN: + rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); break; - case RSA_ENCRYPT: - rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + case RSA_ENCRYPT: + rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); break; - case RSA_DECRYPT: - rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + case RSA_DECRYPT: + rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); break; } - if(rsa_outlen <= 0) { + if (rsa_outlen <= 0) { BIO_printf(bio_err, "RSA operation error\n"); ERR_print_errors(bio_err); goto end; } ret = 0; - if(asn1parse) { - if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { + if (asn1parse) { + if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { ERR_print_errors(bio_err); } - } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen); - else BIO_write(out, rsa_out, rsa_outlen); - end: + } else if (hexdump) + BIO_dump(out, (char *) rsa_out, rsa_outlen); + else + BIO_write(out, rsa_out, rsa_outlen); +end: RSA_free(rsa); BIO_free(in); BIO_free_all(out); - if(rsa_in) free(rsa_in); - if(rsa_out) free(rsa_out); - if(passin) free(passin); + if (rsa_in) + free(rsa_in); + if (rsa_out) + free(rsa_out); + if (passin) + free(passin); return ret; } -static void usage() +static void +usage() { BIO_printf(bio_err, "Usage: rsautl [options]\n"); BIO_printf(bio_err, "-in file input file\n"); @@ -331,15 +344,15 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); - BIO_printf (bio_err, "-passin arg pass phrase source\n"); + BIO_printf(bio_err, "-passin arg pass phrase source\n"); #endif } -#else /* !OPENSSL_NO_RSA */ +#else /* !OPENSSL_NO_RSA */ -# if PEDANTIC -static void *dummy=&dummy; -# endif +#if PEDANTIC +static void *dummy = &dummy; +#endif #endif diff --git a/lib/libssl/src/apps/s_cb.c b/lib/libssl/src/apps/s_cb.c index b5dc40c53a8..1d1a2bd6df7 100644 --- a/lib/libssl/src/apps/s_cb.c +++ b/lib/libssl/src/apps/s_cb.c @@ -133,7 +133,7 @@ unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; int cookie_initialized = 0; int -verify_callback(int ok, X509_STORE_CTX *ctx) +verify_callback(int ok, X509_STORE_CTX * ctx) { X509 *err_cert; int err, depth; @@ -192,7 +192,7 @@ verify_callback(int ok, X509_STORE_CTX *ctx) } int -set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) +set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) { if (cert_file != NULL) { /* @@ -201,7 +201,7 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) */ if (SSL_CTX_use_certificate_file(ctx, cert_file, - SSL_FILETYPE_PEM) <= 0) { + SSL_FILETYPE_PEM) <= 0) { BIO_printf(bio_err, "unable to get certificate from '%s'\n", cert_file); ERR_print_errors(bio_err); @@ -210,13 +210,12 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) if (key_file == NULL) key_file = cert_file; if (SSL_CTX_use_PrivateKey_file(ctx, key_file, - SSL_FILETYPE_PEM) <= 0) { + SSL_FILETYPE_PEM) <= 0) { BIO_printf(bio_err, "unable to get private key from '%s'\n", key_file); ERR_print_errors(bio_err); return (0); } - /* In theory this is no longer needed ssl=SSL_new(ctx); @@ -232,12 +231,16 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) SSL_free(ssl); */ - /* If we are using DSA, we can copy the parameters from - * the private key */ + /* + * If we are using DSA, we can copy the parameters from the + * private key + */ - /* Now we know that a key and cert have been set against - * the SSL context */ + /* + * Now we know that a key and cert have been set against the + * SSL context + */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, "Private key does not match the certificate public key\n"); @@ -248,9 +251,9 @@ set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) } int -set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) +set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) { - if (cert == NULL) + if (cert == NULL) return 1; if (SSL_CTX_use_certificate(ctx, cert) <= 0) { BIO_printf(bio_err, "error setting certificate\n"); @@ -262,9 +265,10 @@ set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) ERR_print_errors(bio_err); return 0; } - - /* Now we know that a key and cert have been set against - * the SSL context */ + /* + * Now we know that a key and cert have been set against the SSL + * context + */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, "Private key does not match the certificate public key\n"); @@ -274,32 +278,32 @@ set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) } long -bio_dump_callback(BIO *bio, int cmd, const char *argp, +bio_dump_callback(BIO * bio, int cmd, const char *argp, int argi, long argl, long ret) { BIO *out; - out = (BIO *)BIO_get_callback_arg(bio); + out = (BIO *) BIO_get_callback_arg(bio); if (out == NULL) return (ret); - if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { + if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio, argp, (unsigned long)argi, ret, ret); - BIO_dump(out, argp, (int)ret); + (void *) bio, argp, (unsigned long) argi, ret, ret); + BIO_dump(out, argp, (int) ret); return (ret); - } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { + } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", - (void *)bio, argp, (unsigned long)argi, ret, ret); - BIO_dump(out, argp, (int)ret); + (void *) bio, argp, (unsigned long) argi, ret, ret); + BIO_dump(out, argp, (int) ret); } return (ret); } void -apps_ssl_info_callback(const SSL *s, int where, int ret) +apps_ssl_info_callback(const SSL * s, int where, int ret) { const char *str; int w; @@ -333,10 +337,11 @@ apps_ssl_info_callback(const SSL *s, int where, int ret) void -msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) +msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) { BIO *bio = arg; - const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; + const char *str_write_p, *str_version, *str_content_type = "", + *str_details1 = "", *str_details2 = ""; str_write_p = write_p ? ">>>" : "<<<"; @@ -370,12 +375,12 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, str_details1 = "???"; if (len > 0) { - switch (((const unsigned char*)buf)[0]) { + switch (((const unsigned char *) buf)[0]) { case 0: str_details1 = ", ERROR:"; str_details2 = " ???"; if (len >= 3) { - unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; + unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; switch (err) { case 0x0001: @@ -392,7 +397,6 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, break; } } - break; case 1: str_details1 = ", CLIENT-HELLO"; @@ -421,7 +425,6 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, } } } - if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { @@ -437,12 +440,11 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, break; } - if (content_type == 21) /* Alert */ - { + if (content_type == 21) { /* Alert */ str_details1 = ", ???"; if (len == 2) { - switch (((const unsigned char*)buf)[0]) { + switch (((const unsigned char *) buf)[0]) { case 1: str_details1 = ", warning"; break; @@ -452,7 +454,7 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, } str_details2 = " ???"; - switch (((const unsigned char*)buf)[1]) { + switch (((const unsigned char *) buf)[1]) { case 0: str_details2 = " close_notify"; break; @@ -543,13 +545,11 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, } } } - - if (content_type == 22) /* Handshake */ - { + if (content_type == 22) { /* Handshake */ str_details1 = "???"; if (len > 0) { - switch (((const unsigned char*)buf)[0]) { + switch (((const unsigned char *) buf)[0]) { case 0: str_details1 = ", HelloRequest"; break; @@ -587,9 +587,8 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, } } } - BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, - str_version, str_content_type, (unsigned long)len, + str_version, str_content_type, (unsigned long) len, str_details1, str_details2); if (len > 0) { @@ -605,17 +604,17 @@ msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); BIO_printf(bio, " %02x", - ((const unsigned char*)buf)[i]); + ((const unsigned char *) buf)[i]); } if (i < len) BIO_printf(bio, " ..."); BIO_printf(bio, "\n"); } - (void)BIO_flush(bio); + (void) BIO_flush(bio); } void -tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, +tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, void *arg) { BIO *bio = arg; @@ -713,12 +712,12 @@ tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", client_server ? "server" : "client", extname, type, len); - BIO_dump(bio, (char *)data, len); - (void)BIO_flush(bio); + BIO_dump(bio, (char *) data, len); + (void) BIO_flush(bio); } int -generate_cookie_callback(SSL *ssl, unsigned char *cookie, +generate_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; @@ -740,9 +739,8 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie, } cookie_initialized = 1; } - /* Read peer information */ - (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = 0; @@ -767,7 +765,6 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "out of memory\n"); return 0; } - switch (peer.sa.sa_family) { case AF_INET: memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); @@ -798,7 +795,7 @@ generate_cookie_callback(SSL *ssl, unsigned char *cookie, } int -verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) +verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; @@ -815,7 +812,7 @@ verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) return 0; /* Read peer information */ - (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = 0; @@ -840,7 +837,6 @@ verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) BIO_printf(bio_err, "out of memory\n"); return 0; } - switch (peer.sa.sa_family) { case AF_INET: memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index d7552b1f1fe..20b0ace5830 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -174,7 +174,7 @@ /*#define SSL_HOST_NAME "193.118.187.102" */ #define SSL_HOST_NAME "localhost" -/*#define TEST_CERT "client.pem" */ /* no default cert. */ + /*#define TEST_CERT "client.pem" *//* no default cert. */ #undef BUFSIZZ #define BUFSIZZ 1024*8 @@ -184,247 +184,247 @@ extern int verify_error; extern int verify_return_error; #ifdef FIONBIO -static int c_nbio=0; +static int c_nbio = 0; #endif -static int c_Pause=0; -static int c_debug=0; +static int c_Pause = 0; +static int c_debug = 0; #ifndef OPENSSL_NO_TLSEXT -static int c_tlsextdebug=0; -static int c_status_req=0; +static int c_tlsextdebug = 0; +static int c_status_req = 0; #endif -static int c_msg=0; -static int c_showcerts=0; +static int c_msg = 0; +static int c_showcerts = 0; -static char *keymatexportlabel=NULL; -static int keymatexportlen=20; +static char *keymatexportlabel = NULL; +static int keymatexportlen = 20; static void sc_usage(void); -static void print_stuff(BIO *berr,SSL *con,int full); +static void print_stuff(BIO * berr, SSL * con, int full); #ifndef OPENSSL_NO_TLSEXT -static int ocsp_resp_cb(SSL *s, void *arg); +static int ocsp_resp_cb(SSL * s, void *arg); #endif -static BIO *bio_c_out=NULL; -static int c_quiet=0; -static int c_ign_eof=0; +static BIO *bio_c_out = NULL; +static int c_quiet = 0; +static int c_ign_eof = 0; #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ -static char *psk_identity="Client_identity"; +static char *psk_identity = "Client_identity"; /*char *psk_key=NULL; by default PSK is not used */ -static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len) - { +static unsigned int +psk_client_cb(SSL * ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len) +{ unsigned int psk_len = 0; size_t maxlen = 0; int ret; - BIGNUM *bn=NULL; + BIGNUM *bn = NULL; if (c_debug) BIO_printf(bio_c_out, "psk_client_cb\n"); if (max_identity_len > INT_MAX) goto out_err; maxlen = max_identity_len; - if (!hint) - { - /* no ServerKeyExchange message*/ + if (!hint) { + /* no ServerKeyExchange message */ if (c_debug) - BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n"); - } - else if (c_debug) + BIO_printf(bio_c_out, "NULL received PSK identity hint, continuing anyway\n"); + } else if (c_debug) BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); - /* lookup PSK identity and PSK key based on the given identity hint here */ + /* + * lookup PSK identity and PSK key based on the given identity hint + * here + */ ret = snprintf(identity, maxlen, "%s", psk_identity); if (ret == -1 || ret >= maxlen) goto out_err; if (c_debug) BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret); - ret=BN_hex2bn(&bn, psk_key); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); - return 0; - } - - if ((unsigned int)BN_num_bytes(bn) > max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); - return 0; - } - - psk_len=BN_bn2bin(bn, psk); - BN_free(bn); - if (psk_len == 0) - goto out_err; + ret = BN_hex2bn(&bn, psk_key); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); + if (bn) + BN_free(bn); + return 0; + } + if ((unsigned int) BN_num_bytes(bn) > max_psk_len) { + BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + psk_len = BN_bn2bin(bn, psk); + BN_free(bn); + if (psk_len == 0) + goto out_err; if (c_debug) BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); - return psk_len; - out_err: + return psk_len; +out_err: if (c_debug) BIO_printf(bio_err, "Error in PSK client callback\n"); - return 0; - } + return 0; +} #endif -static void sc_usage(void) - { - BIO_printf(bio_err,"usage: s_client args\n"); - BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -4 - Force IPv4\n"); - BIO_printf(bio_err," -6 - Force IPv6\n"); - BIO_printf(bio_err," -host host - use -connect instead\n"); - BIO_printf(bio_err," -port port - use -connect instead\n"); - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); - BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); - BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); - BIO_printf(bio_err," not specified but cert file is.\n"); - BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); - BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); - BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); - BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); - BIO_printf(bio_err," -debug - extra output\n"); +static void +sc_usage(void) +{ + BIO_printf(bio_err, "usage: s_client args\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -4 - Force IPv4\n"); + BIO_printf(bio_err, " -6 - Force IPv6\n"); + BIO_printf(bio_err, " -host host - use -connect instead\n"); + BIO_printf(bio_err, " -port port - use -connect instead\n"); + BIO_printf(bio_err, " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); + + BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err, " -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, " -key arg - Private key file to use, in cert file if\n"); + BIO_printf(bio_err, " not specified but cert file is.\n"); + BIO_printf(bio_err, " -keyform arg - key format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err, " -showcerts - show all certificates in the chain\n"); + BIO_printf(bio_err, " -debug - extra output\n"); #ifdef WATT32 - BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n"); + BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); #endif - BIO_printf(bio_err," -msg - Show protocol messages\n"); - BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); - BIO_printf(bio_err," -state - print the 'ssl' states\n"); + BIO_printf(bio_err, " -msg - Show protocol messages\n"); + BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err, " -state - print the 'ssl' states\n"); #ifdef FIONBIO - BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); + BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); #endif - BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); - BIO_printf(bio_err," -quiet - no s_client output\n"); - BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); - BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); + BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); + BIO_printf(bio_err, " -quiet - no s_client output\n"); + BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n"); + BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); #ifndef OPENSSL_NO_PSK - BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); - BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); -# ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); -# endif + BIO_printf(bio_err, " -psk_identity arg - PSK identity\n"); + BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); +#ifndef OPENSSL_NO_JPAKE + BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); +#endif #endif #ifndef OPENSSL_NO_SRP - BIO_printf(bio_err," -srpuser user - SRP authentification for 'user'\n"); - BIO_printf(bio_err," -srppass arg - password for 'user'\n"); - BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n"); - BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n"); - BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N); -#endif - BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); - BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n"); - BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); - BIO_printf(bio_err," -tls1 - just use TLSv1\n"); - BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); - BIO_printf(bio_err," -mtu - set the link layer MTU\n"); - BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); - BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); - BIO_printf(bio_err," command to see what is available\n"); - BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); - BIO_printf(bio_err," for those protocols that support it, where\n"); - BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); - BIO_printf(bio_err," are supported.\n"); + BIO_printf(bio_err, " -srpuser user - SRP authentification for 'user'\n"); + BIO_printf(bio_err, " -srppass arg - password for 'user'\n"); + BIO_printf(bio_err, " -srp_lateuser - SRP username into second ClientHello message\n"); + BIO_printf(bio_err, " -srp_moregroups - Tolerate other than the known g N values.\n"); + BIO_printf(bio_err, " -srp_strength int - minimal mength in bits for N (default %d).\n", SRP_MINIMAL_N); +#endif + BIO_printf(bio_err, " -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); + BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); + BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); + BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); + BIO_printf(bio_err, " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); + BIO_printf(bio_err, " command to see what is available\n"); + BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n"); + BIO_printf(bio_err, " for those protocols that support it, where\n"); + BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); + BIO_printf(bio_err, " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); + BIO_printf(bio_err, " are supported.\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':'); - BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); - BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); + BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':'); + BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); + BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -status - request certificate status from server\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); -# ifndef OPENSSL_NO_NEXTPROTONEG - BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); -# endif -#endif - BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); + BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err, " -status - request certificate status from server\n"); + BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); +#ifndef OPENSSL_NO_NEXTPROTONEG + BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); +#endif +#endif + BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #ifndef OPENSSL_NO_SRTP - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); + BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); #endif - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); - } + BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); +} #ifndef OPENSSL_NO_TLSEXT /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { - BIO * biodebug; - int ack; + BIO *biodebug; + int ack; } tlsextctx; -static int ssl_servername_cb(SSL *s, int *ad, void *arg) - { - tlsextctx * p = (tlsextctx *) arg; - const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (SSL_get_servername_type(s) != -1) - p->ack = !SSL_session_reused(s) && hn != NULL; - else - BIO_printf(bio_err,"Can't use SSL_get_servername\n"); - +static int +ssl_servername_cb(SSL * s, int *ad, void *arg) +{ + tlsextctx *p = (tlsextctx *) arg; + const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (SSL_get_servername_type(s) != -1) + p->ack = !SSL_session_reused(s) && hn != NULL; + else + BIO_printf(bio_err, "Can't use SSL_get_servername\n"); + return SSL_TLSEXT_ERR_OK; - } +} #ifndef OPENSSL_NO_SRP /* This is a context that we pass to all callbacks */ -typedef struct srp_arg_st - { +typedef struct srp_arg_st { char *srppassin; char *srplogin; - int msg; /* copy from c_msg */ - int debug; /* copy from c_debug */ - int amp; /* allow more groups */ + int msg; /* copy from c_msg */ + int debug; /* copy from c_debug */ + int amp; /* allow more groups */ int strength /* minimal size for N */ ; - } SRP_ARG; +} SRP_ARG; #define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 -static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) - { +static int +srp_Verify_N_and_g(BIGNUM * N, BIGNUM * g) +{ BN_CTX *bn_ctx = BN_CTX_new(); BIGNUM *p = BN_new(); BIGNUM *r = BN_new(); int ret = - g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && - BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && - p != NULL && BN_rshift1(p, N) && + g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && + BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && + p != NULL && BN_rshift1(p, N) && - /* p = (N-1)/2 */ - BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && - r != NULL && + /* p = (N-1)/2 */ + BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) && + r != NULL && - /* verify g^((N-1)/2) == -1 (mod N) */ - BN_mod_exp(r, g, p, N, bn_ctx) && - BN_add_word(r, 1) && - BN_cmp(r, N) == 0; + /* verify g^((N-1)/2) == -1 (mod N) */ + BN_mod_exp(r, g, p, N, bn_ctx) && + BN_add_word(r, 1) && + BN_cmp(r, N) == 0; - if(r) + if (r) BN_free(r); - if(p) + if (p) BN_free(p); - if(bn_ctx) + if (bn_ctx) BN_CTX_free(bn_ctx); return ret; - } +} /* This callback is used here for two purposes: - extended debugging @@ -432,34 +432,34 @@ static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) The callback is only called for a non default group. An application does not need the call back at all if - only the stanard groups are used. In real life situations, - client and server already share well known groups, - thus there is no need to verify them. + only the stanard groups are used. In real life situations, + client and server already share well known groups, + thus there is no need to verify them. Furthermore, in case that a server actually proposes a group that - is not one of those defined in RFC 5054, it is more appropriate - to add the group to a static list and then compare since + is not one of those defined in RFC 5054, it is more appropriate + to add the group to a static list and then compare since primality tests are rather cpu consuming. */ -static int ssl_srp_verify_param_cb(SSL *s, void *arg) - { - SRP_ARG *srp_arg = (SRP_ARG *)arg; +static int +ssl_srp_verify_param_cb(SSL * s, void *arg) +{ + SRP_ARG *srp_arg = (SRP_ARG *) arg; BIGNUM *N = NULL, *g = NULL; if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) return 0; - if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) - { - BIO_printf(bio_err, "SRP parameters:\n"); - BIO_printf(bio_err,"\tN="); BN_print(bio_err,N); - BIO_printf(bio_err,"\n\tg="); BN_print(bio_err,g); - BIO_printf(bio_err,"\n"); - } - - if (SRP_check_known_gN_param(g,N)) + if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { + BIO_printf(bio_err, "SRP parameters:\n"); + BIO_printf(bio_err, "\tN="); + BN_print(bio_err, N); + BIO_printf(bio_err, "\n\tg="); + BN_print(bio_err, g); + BIO_printf(bio_err, "\n"); + } + if (SRP_check_known_gN_param(g, N)) return 1; - if (srp_arg->amp == 1) - { + if (srp_arg->amp == 1) { if (srp_arg->debug) BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n"); @@ -467,41 +467,41 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg) Implementors should rather add the value to the known ones. The minimal size has already been tested. */ - if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g)) + if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) return 1; - } + } BIO_printf(bio_err, "SRP param N and g rejected.\n"); return 0; - } +} #define PWD_STRLEN 1024 -static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) - { - SRP_ARG *srp_arg = (SRP_ARG *)arg; - char *pass = (char *)malloc(PWD_STRLEN+1); +static char * +ssl_give_srp_client_pwd_cb(SSL * s, void *arg) +{ + SRP_ARG *srp_arg = (SRP_ARG *) arg; + char *pass = (char *) malloc(PWD_STRLEN + 1); PW_CB_DATA cb_tmp; int l; - cb_tmp.password = (char *)srp_arg->srppassin; + cb_tmp.password = (char *) srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; - if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp))<0) - { - BIO_printf (bio_err, "Can't read Password\n"); + if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { + BIO_printf(bio_err, "Can't read Password\n"); free(pass); return NULL; - } - *(pass+l)= '\0'; + } + *(pass + l) = '\0'; return pass; - } +} #endif #ifndef OPENSSL_NO_SRTP - char *srtp_profiles = NULL; +char *srtp_profiles = NULL; #endif -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -511,34 +511,31 @@ typedef struct tlsextnextprotoctx_st { static tlsextnextprotoctx next_proto; -static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) - { +static int +next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ tlsextnextprotoctx *ctx = arg; - if (!c_quiet) - { + if (!c_quiet) { /* We can assume that |in| is syntactically valid. */ unsigned i; BIO_printf(bio_c_out, "Protocols advertised by server: "); - for (i = 0; i < inlen; ) - { + for (i = 0; i < inlen;) { if (i) BIO_write(bio_c_out, ", ", 2); BIO_write(bio_c_out, &in[i + 1], in[i]); i += in[i] + 1; - } - BIO_write(bio_c_out, "\n", 1); } - + BIO_write(bio_c_out, "\n", 1); + } ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; - } -# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +} +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ #endif -enum -{ - PROTO_OFF = 0, +enum { + PROTO_OFF = 0, PROTO_SMTP, PROTO_POP3, PROTO_IMAP, @@ -548,439 +545,406 @@ enum int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - unsigned int off=0, clr=0; - SSL *con=NULL; +int +MAIN(int argc, char **argv) +{ + unsigned int off = 0, clr = 0; + SSL *con = NULL; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif - int s,k,width,state=0, af=AF_UNSPEC; - char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; - int cbuf_len,cbuf_off; - int sbuf_len,sbuf_off; - fd_set readfds,writefds; - char *port=PORT_STR; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; + int s, k, width, state = 0, af = AF_UNSPEC; + char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; + int cbuf_len, cbuf_off; + int sbuf_len, sbuf_off; + fd_set readfds, writefds; + char *port = PORT_STR; + int full_log = 1; + char *host = SSL_HOST_NAME; + char *cert_file = NULL, *key_file = NULL; int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; - char *CApath=NULL,*CAfile=NULL,*cipher=NULL; - int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; - int crlf=0; - int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; - SSL_CTX *ctx=NULL; - int ret=1,in_init=1,i,nbio_test=0; + char *CApath = NULL, *CAfile = NULL, *cipher = NULL; + int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0; + int crlf = 0; + int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; + SSL_CTX *ctx = NULL; + int ret = 1, in_init = 1, i, nbio_test = 0; int starttls_proto = PROTO_OFF; int prexit = 0; X509_VERIFY_PARAM *vpm = NULL; int badarg = 0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; + const SSL_METHOD *meth = NULL; + int socket_type = SOCK_STREAM; BIO *sbio; - char *inrand=NULL; - int mbuf_len=0; + char *inrand = NULL; + int mbuf_len = 0; struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE - char *engine_id=NULL; - char *ssl_client_engine_id=NULL; - ENGINE *ssl_client_engine=NULL; + char *engine_id = NULL; + char *ssl_client_engine_id = NULL; + ENGINE *ssl_client_engine = NULL; #endif - ENGINE *e=NULL; + ENGINE *e = NULL; #ifndef OPENSSL_NO_TLSEXT - char *servername = NULL; - tlsextctx tlsextcbp = - {NULL,0}; -# ifndef OPENSSL_NO_NEXTPROTONEG + char *servername = NULL; + tlsextctx tlsextcbp = + {NULL, 0}; +#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; -# endif +#endif #endif char *sess_in = NULL; char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); - int enable_timeouts = 0 ; + int enable_timeouts = 0; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif #ifndef OPENSSL_NO_SRP - char * srppass = NULL; + char *srppass = NULL; int srp_lateuser = 0; - SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024}; + SRP_ARG srp_arg = {NULL, NULL, 0, 0, 0, 1024}; #endif - meth=SSLv23_client_method(); + meth = SSLv23_client_method(); apps_startup(); - c_Pause=0; - c_quiet=0; - c_ign_eof=0; - c_debug=0; - c_msg=0; - c_showcerts=0; + c_Pause = 0; + c_quiet = 0; + c_ign_eof = 0; + c_debug = 0; + c_msg = 0; + c_showcerts = 0; if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; - if ( ((cbuf=malloc(BUFSIZZ)) == NULL) || - ((sbuf=malloc(BUFSIZZ)) == NULL) || - ((mbuf=malloc(BUFSIZZ + 1)) == NULL)) /* NUL byte */ - { - BIO_printf(bio_err,"out of memory\n"); + if (((cbuf = malloc(BUFSIZZ)) == NULL) || + ((sbuf = malloc(BUFSIZZ)) == NULL) || + ((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */ + BIO_printf(bio_err, "out of memory\n"); goto end; - } - - verify_depth=0; - verify_error=X509_V_OK; + } + verify_depth = 0; + verify_error = X509_V_OK; #ifdef FIONBIO - c_nbio=0; + c_nbio = 0; #endif argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-host") == 0) - { - if (--argc < 1) goto bad; - host= *(++argv); - } - else if (strcmp(*argv,"-port") == 0) - { - if (--argc < 1) goto bad; - port= *(++argv); - if (port == NULL || *port == '\0') goto bad; - } - else if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; - if (!extract_host_port(*(++argv),&host,NULL,&port)) + while (argc >= 1) { + if (strcmp(*argv, "-host") == 0) { + if (--argc < 1) + goto bad; + host = *(++argv); + } else if (strcmp(*argv, "-port") == 0) { + if (--argc < 1) + goto bad; + port = *(++argv); + if (port == NULL || *port == '\0') + goto bad; + } else if (strcmp(*argv, "-connect") == 0) { + if (--argc < 1) + goto bad; + if (!extract_host_port(*(++argv), &host, NULL, &port)) + goto bad; + } else if (strcmp(*argv, "-verify") == 0) { + verify = SSL_VERIFY_PEER; + if (--argc < 1) + goto bad; + verify_depth = atoi(*(++argv)); + BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; + cert_file = *(++argv); + } else if (strcmp(*argv, "-sess_out") == 0) { + if (--argc < 1) goto bad; - } - else if (strcmp(*argv,"-verify") == 0) - { - verify=SSL_VERIFY_PEER; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d\n",verify_depth); - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - cert_file= *(++argv); - } - else if (strcmp(*argv,"-sess_out") == 0) - { - if (--argc < 1) goto bad; sess_out = *(++argv); - } - else if (strcmp(*argv,"-sess_in") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-sess_in") == 0) { + if (--argc < 1) + goto bad; sess_in = *(++argv); - } - else if (strcmp(*argv,"-certform") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-certform") == 0) { + if (--argc < 1) + goto bad; cert_format = str2fmt(*(++argv)); - } - else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) - { + } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { if (badarg) goto bad; continue; - } - else if (strcmp(*argv,"-verify_return_error") == 0) + } else if (strcmp(*argv, "-verify_return_error") == 0) verify_return_error = 1; - else if (strcmp(*argv,"-prexit") == 0) - prexit=1; - else if (strcmp(*argv,"-crlf") == 0) - crlf=1; - else if (strcmp(*argv,"-quiet") == 0) - { - c_quiet=1; - c_ign_eof=1; - } - else if (strcmp(*argv,"-ign_eof") == 0) - c_ign_eof=1; - else if (strcmp(*argv,"-no_ign_eof") == 0) - c_ign_eof=0; - else if (strcmp(*argv,"-pause") == 0) - c_Pause=1; - else if (strcmp(*argv,"-debug") == 0) - c_debug=1; + else if (strcmp(*argv, "-prexit") == 0) + prexit = 1; + else if (strcmp(*argv, "-crlf") == 0) + crlf = 1; + else if (strcmp(*argv, "-quiet") == 0) { + c_quiet = 1; + c_ign_eof = 1; + } else if (strcmp(*argv, "-ign_eof") == 0) + c_ign_eof = 1; + else if (strcmp(*argv, "-no_ign_eof") == 0) + c_ign_eof = 0; + else if (strcmp(*argv, "-pause") == 0) + c_Pause = 1; + else if (strcmp(*argv, "-debug") == 0) + c_debug = 1; #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-tlsextdebug") == 0) - c_tlsextdebug=1; - else if (strcmp(*argv,"-status") == 0) - c_status_req=1; + else if (strcmp(*argv, "-tlsextdebug") == 0) + c_tlsextdebug = 1; + else if (strcmp(*argv, "-status") == 0) + c_status_req = 1; #endif #ifdef WATT32 - else if (strcmp(*argv,"-wdebug") == 0) + else if (strcmp(*argv, "-wdebug") == 0) dbug_init(); #endif - else if (strcmp(*argv,"-msg") == 0) - c_msg=1; - else if (strcmp(*argv,"-showcerts") == 0) - c_showcerts=1; - else if (strcmp(*argv,"-nbio_test") == 0) - nbio_test=1; - else if (strcmp(*argv,"-state") == 0) - state=1; + else if (strcmp(*argv, "-msg") == 0) + c_msg = 1; + else if (strcmp(*argv, "-showcerts") == 0) + c_showcerts = 1; + else if (strcmp(*argv, "-nbio_test") == 0) + nbio_test = 1; + else if (strcmp(*argv, "-state") == 0) + state = 1; #ifndef OPENSSL_NO_PSK - else if (strcmp(*argv,"-psk_identity") == 0) - { - if (--argc < 1) goto bad; - psk_identity=*(++argv); - } - else if (strcmp(*argv,"-psk") == 0) - { - size_t j; - - if (--argc < 1) goto bad; - psk_key=*(++argv); - for (j = 0; j < strlen(psk_key); j++) - { - if (isxdigit((unsigned char)psk_key[j])) - continue; - BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); - goto bad; - } + else if (strcmp(*argv, "-psk_identity") == 0) { + if (--argc < 1) + goto bad; + psk_identity = *(++argv); + } else if (strcmp(*argv, "-psk") == 0) { + size_t j; + + if (--argc < 1) + goto bad; + psk_key = *(++argv); + for (j = 0; j < strlen(psk_key); j++) { + if (isxdigit((unsigned char) psk_key[j])) + continue; + BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + goto bad; } + } #endif #ifndef OPENSSL_NO_SRP - else if (strcmp(*argv,"-srpuser") == 0) - { - if (--argc < 1) goto bad; - srp_arg.srplogin= *(++argv); - meth=TLSv1_client_method(); - } - else if (strcmp(*argv,"-srppass") == 0) - { - if (--argc < 1) goto bad; - srppass= *(++argv); - meth=TLSv1_client_method(); - } - else if (strcmp(*argv,"-srp_strength") == 0) - { - if (--argc < 1) goto bad; - srp_arg.strength=atoi(*(++argv)); - BIO_printf(bio_err,"SRP minimal length for N is %d\n",srp_arg.strength); - meth=TLSv1_client_method(); - } - else if (strcmp(*argv,"-srp_lateuser") == 0) - { - srp_lateuser= 1; - meth=TLSv1_client_method(); - } - else if (strcmp(*argv,"-srp_moregroups") == 0) - { - srp_arg.amp=1; - meth=TLSv1_client_method(); - } + else if (strcmp(*argv, "-srpuser") == 0) { + if (--argc < 1) + goto bad; + srp_arg.srplogin = *(++argv); + meth = TLSv1_client_method(); + } else if (strcmp(*argv, "-srppass") == 0) { + if (--argc < 1) + goto bad; + srppass = *(++argv); + meth = TLSv1_client_method(); + } else if (strcmp(*argv, "-srp_strength") == 0) { + if (--argc < 1) + goto bad; + srp_arg.strength = atoi(*(++argv)); + BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength); + meth = TLSv1_client_method(); + } else if (strcmp(*argv, "-srp_lateuser") == 0) { + srp_lateuser = 1; + meth = TLSv1_client_method(); + } else if (strcmp(*argv, "-srp_moregroups") == 0) { + srp_arg.amp = 1; + meth = TLSv1_client_method(); + } #endif - else if (strcmp(*argv,"-ssl3") == 0) - meth=SSLv3_client_method(); - else if (strcmp(*argv,"-tls1_2") == 0) - meth=TLSv1_2_client_method(); - else if (strcmp(*argv,"-tls1_1") == 0) - meth=TLSv1_1_client_method(); - else if (strcmp(*argv,"-tls1") == 0) - meth=TLSv1_client_method(); + else if (strcmp(*argv, "-ssl3") == 0) + meth = SSLv3_client_method(); + else if (strcmp(*argv, "-tls1_2") == 0) + meth = TLSv1_2_client_method(); + else if (strcmp(*argv, "-tls1_1") == 0) + meth = TLSv1_1_client_method(); + else if (strcmp(*argv, "-tls1") == 0) + meth = TLSv1_client_method(); #ifndef OPENSSL_NO_DTLS1 - else if (strcmp(*argv,"-dtls1") == 0) - { - meth=DTLSv1_client_method(); - socket_type=SOCK_DGRAM; - } - else if (strcmp(*argv,"-timeout") == 0) - enable_timeouts=1; - else if (strcmp(*argv,"-mtu") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-dtls1") == 0) { + meth = DTLSv1_client_method(); + socket_type = SOCK_DGRAM; + } else if (strcmp(*argv, "-timeout") == 0) + enable_timeouts = 1; + else if (strcmp(*argv, "-mtu") == 0) { + if (--argc < 1) + goto bad; socket_mtu = atol(*(++argv)); - } + } #endif - else if (strcmp(*argv,"-bugs") == 0) - bugs=1; - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-bugs") == 0) + bugs = 1; + else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + goto bad; key_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-pass") == 0) { + if (--argc < 1) + goto bad; passarg = *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - key_file= *(++argv); - } - else if (strcmp(*argv,"-reconnect") == 0) - { - reconnect=5; - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } - else if (strcmp(*argv,"-no_tls1_2") == 0) - off|=SSL_OP_NO_TLSv1_2; - else if (strcmp(*argv,"-no_tls1_1") == 0) - off|=SSL_OP_NO_TLSv1_1; - else if (strcmp(*argv,"-no_tls1") == 0) - off|=SSL_OP_NO_TLSv1; - else if (strcmp(*argv,"-no_ssl3") == 0) - off|=SSL_OP_NO_SSLv3; - else if (strcmp(*argv,"-no_ssl2") == 0) - off|=SSL_OP_NO_SSLv2; - else if (strcmp(*argv,"-no_comp") == 0) - { off|=SSL_OP_NO_COMPRESSION; } + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + key_file = *(++argv); + } else if (strcmp(*argv, "-reconnect") == 0) { + reconnect = 5; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } else if (strcmp(*argv, "-no_tls1_2") == 0) + off |= SSL_OP_NO_TLSv1_2; + else if (strcmp(*argv, "-no_tls1_1") == 0) + off |= SSL_OP_NO_TLSv1_1; + else if (strcmp(*argv, "-no_tls1") == 0) + off |= SSL_OP_NO_TLSv1; + else if (strcmp(*argv, "-no_ssl3") == 0) + off |= SSL_OP_NO_SSLv3; + else if (strcmp(*argv, "-no_ssl2") == 0) + off |= SSL_OP_NO_SSLv2; + else if (strcmp(*argv, "-no_comp") == 0) { + off |= SSL_OP_NO_COMPRESSION; + } #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-no_ticket") == 0) - { off|=SSL_OP_NO_TICKET; } -# ifndef OPENSSL_NO_NEXTPROTONEG - else if (strcmp(*argv,"-nextprotoneg") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-no_ticket") == 0) { + off |= SSL_OP_NO_TICKET; + } +#ifndef OPENSSL_NO_NEXTPROTONEG + else if (strcmp(*argv, "-nextprotoneg") == 0) { + if (--argc < 1) + goto bad; next_proto_neg_in = *(++argv); - } -# endif -#endif - else if (strcmp(*argv,"-serverpref") == 0) - off|=SSL_OP_CIPHER_SERVER_PREFERENCE; - else if (strcmp(*argv,"-legacy_renegotiation") == 0) - off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-legacy_server_connect") == 0) - { off|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-no_legacy_server_connect") == 0) - { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; - cipher= *(++argv); - } + } +#endif +#endif + else if (strcmp(*argv, "-serverpref") == 0) + off |= SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv, "-legacy_renegotiation") == 0) + off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv, "-legacy_server_connect") == 0) { + off |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { + clr |= SSL_OP_LEGACY_SERVER_CONNECT; + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } #ifdef FIONBIO - else if (strcmp(*argv,"-nbio") == 0) - { c_nbio=1; } + else if (strcmp(*argv, "-nbio") == 0) { + c_nbio = 1; + } #endif - else if (strcmp(*argv,"-starttls") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-starttls") == 0) { + if (--argc < 1) + goto bad; ++argv; - if (strcmp(*argv,"smtp") == 0) + if (strcmp(*argv, "smtp") == 0) starttls_proto = PROTO_SMTP; - else if (strcmp(*argv,"pop3") == 0) + else if (strcmp(*argv, "pop3") == 0) starttls_proto = PROTO_POP3; - else if (strcmp(*argv,"imap") == 0) + else if (strcmp(*argv, "imap") == 0) starttls_proto = PROTO_IMAP; - else if (strcmp(*argv,"ftp") == 0) + else if (strcmp(*argv, "ftp") == 0) starttls_proto = PROTO_FTP; else if (strcmp(*argv, "xmpp") == 0) starttls_proto = PROTO_XMPP; else goto bad; - } + } #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-engine") == 0) { + if (--argc < 1) + goto bad; engine_id = *(++argv); - } - else if (strcmp(*argv,"-ssl_client_engine") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-ssl_client_engine") == 0) { + if (--argc < 1) + goto bad; ssl_client_engine_id = *(++argv); - } + } #endif - else if (strcmp(*argv,"-rand") == 0) - { - if (--argc < 1) goto bad; - inrand= *(++argv); - } - else if (strcmp(*argv,"-4") == 0) { af = AF_INET;} - else if (strcmp(*argv,"-6") == 0) { af = AF_INET6;} + else if (strcmp(*argv, "-rand") == 0) { + if (--argc < 1) + goto bad; + inrand = *(++argv); + } else if (strcmp(*argv, "-4") == 0) { + af = AF_INET; + } else if (strcmp(*argv, "-6") == 0) { + af = AF_INET6; + } #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-servername") == 0) - { - if (--argc < 1) goto bad; - servername= *(++argv); + else if (strcmp(*argv, "-servername") == 0) { + if (--argc < 1) + goto bad; + servername = *(++argv); /* meth=TLSv1_client_method(); */ - } + } #endif #ifndef OPENSSL_NO_JPAKE - else if (strcmp(*argv,"-jpake") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-jpake") == 0) { + if (--argc < 1) + goto bad; jpake_secret = *++argv; - } + } #endif #ifndef OPENSSL_NO_SRTP - else if (strcmp(*argv,"-use_srtp") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-use_srtp") == 0) { + if (--argc < 1) + goto bad; srtp_profiles = *(++argv); - } + } #endif - else if (strcmp(*argv,"-keymatexport") == 0) - { - if (--argc < 1) goto bad; - keymatexportlabel= *(++argv); - } - else if (strcmp(*argv,"-keymatexportlen") == 0) - { - if (--argc < 1) goto bad; - keymatexportlen=atoi(*(++argv)); - if (keymatexportlen == 0) goto bad; - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badop=1; + else if (strcmp(*argv, "-keymatexport") == 0) { + if (--argc < 1) + goto bad; + keymatexportlabel = *(++argv); + } else if (strcmp(*argv, "-keymatexportlen") == 0) { + if (--argc < 1) + goto bad; + keymatexportlen = atoi(*(++argv)); + if (keymatexportlen == 0) + goto bad; + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badop = 1; break; - } + } argc--; argv++; - } - if (badop) - { + } + if (badop) { bad: sc_usage(); goto end; - } - + } #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - if (jpake_secret) - { - if (psk_key) - { + if (jpake_secret) { + if (psk_key) { BIO_printf(bio_err, - "Can't use JPAKE and PSK together\n"); + "Can't use JPAKE and PSK together\n"); goto end; - } + } psk_identity = "JPAKE"; - if (cipher) - { + if (cipher) { BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); goto end; - } - cipher = "PSK"; } + cipher = "PSK"; + } #endif OpenSSL_add_ssl_algorithms(); @@ -988,122 +952,94 @@ bad: #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; - if (next_proto_neg_in) - { + if (next_proto_neg_in) { next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); - if (next_proto.data == NULL) - { + if (next_proto.data == NULL) { BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); goto end; - } } - else + } else next_proto.data = NULL; #endif #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine_id, 1); - if (ssl_client_engine_id) - { + e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) { ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); - if (!ssl_client_engine) - { + if (!ssl_client_engine) { BIO_printf(bio_err, - "Error getting client auth engine\n"); + "Error getting client auth engine\n"); goto end; - } } - + } #endif - if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) - { + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; - } - + } if (key_file == NULL) key_file = cert_file; - if (key_file) - - { + if (key_file) { key = load_key(bio_err, key_file, key_format, 0, pass, e, - "client certificate private key file"); - if (!key) - { + "client certificate private key file"); + if (!key) { ERR_print_errors(bio_err); goto end; - } - } + } + if (cert_file) { + cert = load_cert(bio_err, cert_file, cert_format, + NULL, e, "client certificate file"); - if (cert_file) - - { - cert = load_cert(bio_err,cert_file,cert_format, - NULL, e, "client certificate file"); - - if (!cert) - { + if (!cert) { ERR_print_errors(bio_err); goto end; - } } - + } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL - && !RAND_status()) - { - BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); - } + && !RAND_status()) { + BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); + } if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); - if (bio_c_out == NULL) - { - if (c_quiet && !c_debug && !c_msg) - { - bio_c_out=BIO_new(BIO_s_null()); - } - else - { + if (bio_c_out == NULL) { + if (c_quiet && !c_debug && !c_msg) { + bio_c_out = BIO_new(BIO_s_null()); + } else { if (bio_c_out == NULL) - bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); - } + bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE); } - + } #ifndef OPENSSL_NO_SRP - if(!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) - { + if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; - } + } #endif - ctx=SSL_CTX_new(meth); - if (ctx == NULL) - { + ctx = SSL_CTX_new(meth); + if (ctx == NULL) { ERR_print_errors(bio_err); goto end; - } - + } if (vpm) SSL_CTX_set1_param(ctx, vpm); #ifndef OPENSSL_NO_ENGINE - if (ssl_client_engine) - { - if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) - { + if (ssl_client_engine) { + if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { BIO_puts(bio_err, "Error setting client auth engine\n"); ERR_print_errors(bio_err); ENGINE_free(ssl_client_engine); goto end; - } - ENGINE_free(ssl_client_engine); } + ENGINE_free(ssl_client_engine); + } #endif #ifndef OPENSSL_NO_PSK @@ -1112,126 +1048,120 @@ bad: #else if (psk_key != NULL || jpake_secret) #endif - { + { if (c_debug) BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); - } + } #endif #ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif if (bugs) - SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + SSL_CTX_set_options(ctx, SSL_OP_ALL | off); else - SSL_CTX_set_options(ctx,off); + SSL_CTX_set_options(ctx, off); if (clr) SSL_CTX_clear_options(ctx, clr); - /* DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. + /* + * DTLS: partial reads end up discarding unread UDP bytes :-( Setting + * read ahead solves this problem. */ - if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); + if (socket_type == SOCK_DGRAM) + SSL_CTX_set_read_ahead(ctx, 1); #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); #endif - if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (state) + SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); if (cipher != NULL) - if(!SSL_CTX_set_cipher_list(ctx,cipher)) { - BIO_printf(bio_err,"error setting cipher list\n"); - ERR_print_errors(bio_err); - goto end; - } + if (!SSL_CTX_set_cipher_list(ctx, cipher)) { + BIO_printf(bio_err, "error setting cipher list\n"); + ERR_print_errors(bio_err); + goto end; + } #if 0 - else - SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); + else + SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); #endif - SSL_CTX_set_verify(ctx,verify,verify_callback); - if (!set_cert_key_stuff(ctx,cert,key)) + SSL_CTX_set_verify(ctx, verify, verify_callback); + if (!set_cert_key_stuff(ctx, cert, key)) goto end; - if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) - { - /* BIO_printf(bio_err,"error setting default verify locations\n"); */ + if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) { + /* + * BIO_printf(bio_err,"error setting default verify + * locations\n"); + */ ERR_print_errors(bio_err); /* goto end; */ - } - + } #ifndef OPENSSL_NO_TLSEXT - if (servername != NULL) - { + if (servername != NULL) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); - } + } #ifndef OPENSSL_NO_SRP - if (srp_arg.srplogin) - { - if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) - { - BIO_printf(bio_err,"Unable to set SRP username\n"); + if (srp_arg.srplogin) { + if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) { + BIO_printf(bio_err, "Unable to set SRP username\n"); goto end; - } + } srp_arg.msg = c_msg; - srp_arg.debug = c_debug ; - SSL_CTX_set_srp_cb_arg(ctx,&srp_arg); + srp_arg.debug = c_debug; + SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); SSL_CTX_set_srp_strength(ctx, srp_arg.strength); if (c_msg || c_debug || srp_arg.amp == 0) SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb); - } - + } #endif #endif - con=SSL_new(ctx); - if (sess_in) - { + con = SSL_new(ctx); + if (sess_in) { SSL_SESSION *sess; BIO *stmp = BIO_new_file(sess_in, "r"); - if (!stmp) - { + if (!stmp) { BIO_printf(bio_err, "Can't open session file %s\n", - sess_in); + sess_in); ERR_print_errors(bio_err); goto end; - } + } sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); BIO_free(stmp); - if (!sess) - { + if (!sess) { BIO_printf(bio_err, "Can't open session file %s\n", - sess_in); + sess_in); ERR_print_errors(bio_err); goto end; - } + } SSL_set_session(con, sess); SSL_SESSION_free(sess); - } + } #ifndef OPENSSL_NO_TLSEXT - if (servername != NULL) - { - if (!SSL_set_tlsext_host_name(con,servername)) - { - BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); + if (servername != NULL) { + if (!SSL_set_tlsext_host_name(con, servername)) { + BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; - } } + } #endif #ifndef OPENSSL_NO_KRB5 - if (con && (kctx = kssl_ctx_new()) != NULL) - { + if (con && (kctx = kssl_ctx_new()) != NULL) { SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVER, host); - } -#endif /* OPENSSL_NO_KRB5 */ + kssl_ctx_setstring(kctx, KSSL_SERVER, host); + } +#endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ #if 0 #ifdef TLSEXT_TYPE_opaque_prf_input @@ -1241,564 +1171,499 @@ bad: re_start: - if (init_client(&s,host,port,socket_type,af) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",errno); + if (init_client(&s, host, port, socket_type, af) == 0) { + BIO_printf(bio_err, "connect:errno=%d\n", errno); shutdown(s, SHUT_RD); close(s); goto end; - } - BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + } + BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); #ifdef FIONBIO - if (c_nbio) - { - unsigned long l=1; - BIO_printf(bio_c_out,"turning on non blocking io\n"); - if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) - { + if (c_nbio) { + unsigned long l = 1; + BIO_printf(bio_c_out, "turning on non blocking io\n"); + if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) { ERR_print_errors(bio_err); goto end; - } } -#endif - if (c_Pause & 0x01) SSL_set_debug(con, 1); + } +#endif + if (c_Pause & 0x01) + SSL_set_debug(con, 1); - if ( SSL_version(con) == DTLS1_VERSION) - { + if (SSL_version(con) == DTLS1_VERSION) { - sbio=BIO_new_dgram(s,BIO_NOCLOSE); - if (getsockname(s, &peer, (void *)&peerlen) < 0) - { + sbio = BIO_new_dgram(s, BIO_NOCLOSE); + if (getsockname(s, &peer, (void *) &peerlen) < 0) { BIO_printf(bio_err, "getsockname:errno=%d\n", - errno); + errno); shutdown(s, SHUT_RD); close(s); goto end; - } - - (void)BIO_ctrl_set_connected(sbio, 1, &peer); + } + (void) BIO_ctrl_set_connected(sbio, 1, &peer); - if (enable_timeouts) - { + if (enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); - + timeout.tv_sec = 0; timeout.tv_usec = DGRAM_SND_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); - } - - if (socket_mtu > 28) - { + } + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); SSL_set_mtu(con, socket_mtu - 28); - } - else + } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); - } - else - sbio=BIO_new_socket(s,BIO_NOCLOSE); + } else + sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (nbio_test) - { + if (nbio_test) { BIO *test; - test=BIO_new(BIO_f_nbio_test()); - sbio=BIO_push(test,sbio); - } - - if (c_debug) - { + test = BIO_new(BIO_f_nbio_test()); + sbio = BIO_push(test, sbio); + } + if (c_debug) { SSL_set_debug(con, 1); - BIO_set_callback(sbio,bio_dump_callback); - BIO_set_callback_arg(sbio,(char *)bio_c_out); - } - if (c_msg) - { + BIO_set_callback(sbio, bio_dump_callback); + BIO_set_callback_arg(sbio, (char *) bio_c_out); + } + if (c_msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_out); - } + } #ifndef OPENSSL_NO_TLSEXT - if (c_tlsextdebug) - { + if (c_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); - } - if (c_status_req) - { + } + if (c_status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); #if 0 -{ -STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); -OCSP_RESPID *id = OCSP_RESPID_new(); -id->value.byKey = ASN1_OCTET_STRING_new(); -id->type = V_OCSP_RESPID_KEY; -ASN1_STRING_set(id->value.byKey, "Hello World", -1); -sk_OCSP_RESPID_push(ids, id); -SSL_set_tlsext_status_ids(con, ids); -} -#endif + { + STACK_OF(OCSP_RESPID) * ids = sk_OCSP_RESPID_new_null(); + OCSP_RESPID *id = OCSP_RESPID_new(); + id->value.byKey = ASN1_OCTET_STRING_new(); + id->type = V_OCSP_RESPID_KEY; + ASN1_STRING_set(id->value.byKey, "Hello World", -1); + sk_OCSP_RESPID_push(ids, id); + SSL_set_tlsext_status_ids(con, ids); } +#endif + } #endif #ifndef OPENSSL_NO_JPAKE if (jpake_secret) jpake_client_auth(bio_c_out, sbio, jpake_secret); #endif - SSL_set_bio(con,sbio,sbio); + SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); /* ok, lets connect */ - width=SSL_get_fd(con)+1; - - read_tty=1; - write_tty=0; - tty_on=0; - read_ssl=1; - write_ssl=1; - - cbuf_len=0; - cbuf_off=0; - sbuf_len=0; - sbuf_off=0; + width = SSL_get_fd(con) + 1; + + read_tty = 1; + write_tty = 0; + tty_on = 0; + read_ssl = 1; + write_ssl = 1; + + cbuf_len = 0; + cbuf_off = 0; + sbuf_len = 0; + sbuf_off = 0; /* This is an ugly hack that does a lot of assumptions */ - /* We do have to handle multi-line responses which may come - in a single packet or not. We therefore have to use - BIO_gets() which does need a buffering BIO. So during - the initial chitchat we do push a buffering BIO into the - chain that is removed again later on to not disturb the - rest of the s_client operation. */ - if (starttls_proto == PROTO_SMTP) - { - int foundit=0; + /* + * We do have to handle multi-line responses which may come in a + * single packet or not. We therefore have to use BIO_gets() which + * does need a buffering BIO. So during the initial chitchat we do + * push a buffering BIO into the chain that is removed again later on + * to not disturb the rest of the s_client operation. + */ + if (starttls_proto == PROTO_SMTP) { + int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from SMTP */ - do - { - mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); - } - while (mbuf_len>3 && mbuf[3]=='-'); + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + } + while (mbuf_len > 3 && mbuf[3] == '-'); /* STARTTLS command requires EHLO... */ - BIO_printf(fbio,"EHLO openssl.client.net\r\n"); - (void)BIO_flush(fbio); + BIO_printf(fbio, "EHLO openssl.client.net\r\n"); + (void) BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ - do - { - mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); - if (strstr(mbuf,"STARTTLS")) - foundit=1; - } - while (mbuf_len>3 && mbuf[3]=='-'); - (void)BIO_flush(fbio); + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } + while (mbuf_len > 3 && mbuf[3] == '-'); + (void) BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't found starttls in server response," - " try anyway...\n"); - BIO_printf(sbio,"STARTTLS\r\n"); - BIO_read(sbio,sbuf,BUFSIZZ); - } - else if (starttls_proto == PROTO_POP3) - { - mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); - if (mbuf_len == -1) - { - BIO_printf(bio_err,"BIO_read failed\n"); + "didn't found starttls in server response," + " try anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } else if (starttls_proto == PROTO_POP3) { + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len == -1) { + BIO_printf(bio_err, "BIO_read failed\n"); goto end; - } - BIO_printf(sbio,"STLS\r\n"); - BIO_read(sbio,sbuf,BUFSIZZ); } - else if (starttls_proto == PROTO_IMAP) - { - int foundit=0; + BIO_printf(sbio, "STLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } else if (starttls_proto == PROTO_IMAP) { + int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); - BIO_gets(fbio,mbuf,BUFSIZZ); + BIO_gets(fbio, mbuf, BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ - BIO_printf(fbio,". CAPABILITY\r\n"); - (void)BIO_flush(fbio); + BIO_printf(fbio, ". CAPABILITY\r\n"); + (void) BIO_flush(fbio); /* wait for multi-line CAPABILITY response */ - do - { - mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); - if (strstr(mbuf,"STARTTLS")) - foundit=1; - } - while (mbuf_len>3 && mbuf[0]!='.'); - (void)BIO_flush(fbio); + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } + while (mbuf_len > 3 && mbuf[0] != '.'); + (void) BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't found STARTTLS in server response," - " try anyway...\n"); - BIO_printf(sbio,". STARTTLS\r\n"); - BIO_read(sbio,sbuf,BUFSIZZ); - } - else if (starttls_proto == PROTO_FTP) - { + "didn't found STARTTLS in server response," + " try anyway...\n"); + BIO_printf(sbio, ". STARTTLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } else if (starttls_proto == PROTO_FTP) { BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ - do - { - mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); - } - while (mbuf_len>3 && mbuf[3]=='-'); - (void)BIO_flush(fbio); + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + } + while (mbuf_len > 3 && mbuf[3] == '-'); + (void) BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); - BIO_printf(sbio,"AUTH TLS\r\n"); - BIO_read(sbio,sbuf,BUFSIZZ); - } - if (starttls_proto == PROTO_XMPP) - { + BIO_printf(sbio, "AUTH TLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } + if (starttls_proto == PROTO_XMPP) { int seen = 0; - BIO_printf(sbio,"", host); - seen = BIO_read(sbio,mbuf,BUFSIZZ); + seen = BIO_read(sbio, mbuf, BUFSIZZ); mbuf[seen] = 0; - while (!strstr(mbuf, "")) goto shut; - seen = BIO_read(sbio,mbuf,BUFSIZZ); + seen = BIO_read(sbio, mbuf, BUFSIZZ); mbuf[seen] = 0; - } + } BIO_printf(sbio, ""); - seen = BIO_read(sbio,sbuf,BUFSIZZ); + seen = BIO_read(sbio, sbuf, BUFSIZZ); sbuf[seen] = 0; if (!strstr(sbuf, " 0) full_log--; + } + print_stuff(bio_c_out, con, full_log); + if (full_log > 0) + full_log--; - if (starttls_proto) - { + if (starttls_proto) { BIO_write(bio_err, mbuf, mbuf_len); /* We don't need to know any more */ starttls_proto = PROTO_OFF; - } - - if (reconnect) - { + } + if (reconnect) { reconnect--; - BIO_printf(bio_c_out,"drop connection and then reconnect\n"); + BIO_printf(bio_c_out, "drop connection and then reconnect\n"); SSL_shutdown(con); SSL_set_connect_state(con); shutdown(SSL_get_fd(con), SHUT_RD); close(SSL_get_fd(con)); goto re_start; - } } } + } ssl_pending = read_ssl && SSL_pending(con); - if (!ssl_pending) - { - if (tty_on) - { - if (read_tty) openssl_fdset(fileno(stdin),&readfds); - if (write_tty) openssl_fdset(fileno(stdout),&writefds); - } + if (!ssl_pending) { + if (tty_on) { + if (read_tty) + openssl_fdset(fileno(stdin), &readfds); + if (write_tty) + openssl_fdset(fileno(stdout), &writefds); + } if (read_ssl) - openssl_fdset(SSL_get_fd(con),&readfds); + openssl_fdset(SSL_get_fd(con), &readfds); if (write_ssl) - openssl_fdset(SSL_get_fd(con),&writefds); + openssl_fdset(SSL_get_fd(con), &writefds); /* printf("mode tty(%d %d%d) ssl(%d%d)\n", tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ - /* Note: under VMS with SOCKETSHR the second parameter - * is currently of type (int *) whereas under other - * systems it is (void *) if you don't have a cast it - * will choke the compiler: if you do have a cast then - * you can either go for (int *) or (void *). + /* + * Note: under VMS with SOCKETSHR the second + * parameter is currently of type (int *) whereas + * under other systems it is (void *) if you don't + * have a cast it will choke the compiler: if you do + * have a cast then you can either go for (int *) or + * (void *). */ - i=select(width,(void *)&readfds,(void *)&writefds, - NULL,timeoutp); - if ( i < 0) - { - BIO_printf(bio_err,"bad select %d\n", + i = select(width, (void *) &readfds, (void *) &writefds, + NULL, timeoutp); + if (i < 0) { + BIO_printf(bio_err, "bad select %d\n", errno); goto shut; /* goto end; */ - } - } - - if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) - { - BIO_printf(bio_err,"TIMEOUT occured\n"); } - - if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) - { - k=SSL_write(con,&(cbuf[cbuf_off]), - (unsigned int)cbuf_len); - switch (SSL_get_error(con,k)) - { + } + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { + BIO_printf(bio_err, "TIMEOUT occured\n"); + } + if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { + k = SSL_write(con, &(cbuf[cbuf_off]), + (unsigned int) cbuf_len); + switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: - cbuf_off+=k; - cbuf_len-=k; - if (k <= 0) goto end; + cbuf_off += k; + cbuf_len -= k; + if (k <= 0) + goto end; /* we have done a write(con,NULL,0); */ - if (cbuf_len <= 0) - { - read_tty=1; - write_ssl=0; - } - else /* if (cbuf_len > 0) */ - { - read_tty=0; - write_ssl=1; - } + if (cbuf_len <= 0) { + read_tty = 1; + write_ssl = 0; + } else { /* if (cbuf_len > 0) */ + read_tty = 0; + write_ssl = 1; + } break; case SSL_ERROR_WANT_WRITE: - BIO_printf(bio_c_out,"write W BLOCK\n"); - write_ssl=1; - read_tty=0; + BIO_printf(bio_c_out, "write W BLOCK\n"); + write_ssl = 1; + read_tty = 0; break; case SSL_ERROR_WANT_READ: - BIO_printf(bio_c_out,"write R BLOCK\n"); - write_tty=0; - read_ssl=1; - write_ssl=0; + BIO_printf(bio_c_out, "write R BLOCK\n"); + write_tty = 0; + read_ssl = 1; + write_ssl = 0; break; case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_c_out,"write X BLOCK\n"); + BIO_printf(bio_c_out, "write X BLOCK\n"); break; case SSL_ERROR_ZERO_RETURN: - if (cbuf_len != 0) - { - BIO_printf(bio_c_out,"shutdown\n"); + if (cbuf_len != 0) { + BIO_printf(bio_c_out, "shutdown\n"); ret = 0; goto shut; - } - else - { - read_tty=1; - write_ssl=0; + } else { + read_tty = 1; + write_ssl = 0; break; - } - + } + case SSL_ERROR_SYSCALL: - if ((k != 0) || (cbuf_len != 0)) - { - BIO_printf(bio_err,"write:errno=%d\n", - errno); + if ((k != 0) || (cbuf_len != 0)) { + BIO_printf(bio_err, "write:errno=%d\n", + errno); goto shut; - } - else - { - read_tty=1; - write_ssl=0; - } + } else { + read_tty = 1; + write_ssl = 0; + } break; case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; - } } - else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) - { - i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len); + } else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds)) { + i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); - if (i <= 0) - { - BIO_printf(bio_c_out,"DONE\n"); + if (i <= 0) { + BIO_printf(bio_c_out, "DONE\n"); ret = 0; goto shut; /* goto end; */ - } - - sbuf_len-=i; - sbuf_off+=i; - if (sbuf_len <= 0) - { - read_ssl=1; - write_tty=0; - } } - else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds)) - { + sbuf_len -= i; + sbuf_off += i; + if (sbuf_len <= 0) { + read_ssl = 1; + write_tty = 0; + } + } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { #ifdef RENEG -{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } + { + static int iiii; + if (++iiii == 52) { + SSL_renegotiate(con); + iiii = 0; + } + } #endif #if 1 - k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); + k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); #else /* Demo for pending and peek :-) */ - k=SSL_read(con,sbuf,16); -{ char zbuf[10240]; -printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); -} + k = SSL_read(con, sbuf, 16); + { + char zbuf[10240]; + printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), SSL_peek(con, zbuf, 10240)); + } #endif - switch (SSL_get_error(con,k)) - { + switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: if (k <= 0) goto end; - sbuf_off=0; - sbuf_len=k; + sbuf_off = 0; + sbuf_len = k; - read_ssl=0; - write_tty=1; + read_ssl = 0; + write_tty = 1; break; case SSL_ERROR_WANT_WRITE: - BIO_printf(bio_c_out,"read W BLOCK\n"); - write_ssl=1; - read_tty=0; + BIO_printf(bio_c_out, "read W BLOCK\n"); + write_ssl = 1; + read_tty = 0; break; case SSL_ERROR_WANT_READ: - BIO_printf(bio_c_out,"read R BLOCK\n"); - write_tty=0; - read_ssl=1; + BIO_printf(bio_c_out, "read R BLOCK\n"); + write_tty = 0; + read_ssl = 1; if ((read_tty == 0) && (write_ssl == 0)) - write_ssl=1; + write_ssl = 1; break; case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_c_out,"read X BLOCK\n"); + BIO_printf(bio_c_out, "read X BLOCK\n"); break; case SSL_ERROR_SYSCALL: - ret=errno; - BIO_printf(bio_err,"read:errno=%d\n",ret); + ret = errno; + BIO_printf(bio_err, "read:errno=%d\n", ret); goto shut; case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_c_out,"closed\n"); - ret=0; + BIO_printf(bio_c_out, "closed\n"); + ret = 0; goto shut; case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; /* break; */ - } } - - else if (FD_ISSET(fileno(stdin),&readfds)) - { - if (crlf) - { + } else if (FD_ISSET(fileno(stdin), &readfds)) { + if (crlf) { int j, lf_num; - i=raw_read_stdin(cbuf,BUFSIZZ/2); + i = raw_read_stdin(cbuf, BUFSIZZ / 2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) if (cbuf[j] == '\n') lf_num++; - for (j = i-1; j >= 0; j--) - { - cbuf[j+lf_num] = cbuf[j]; - if (cbuf[j] == '\n') - { + for (j = i - 1; j >= 0; j--) { + cbuf[j + lf_num] = cbuf[j]; + if (cbuf[j] == '\n') { lf_num--; i++; - cbuf[j+lf_num] = '\r'; - } + cbuf[j + lf_num] = '\r'; } - assert(lf_num == 0); } - else - i=raw_read_stdin(cbuf,BUFSIZZ); + assert(lf_num == 0); + } else + i = raw_read_stdin(cbuf, BUFSIZZ); - if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) - { - BIO_printf(bio_err,"DONE\n"); - ret=0; + if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { + BIO_printf(bio_err, "DONE\n"); + ret = 0; goto shut; - } - - if ((!c_ign_eof) && (cbuf[0] == 'R')) - { - BIO_printf(bio_err,"RENEGOTIATING\n"); + } + if ((!c_ign_eof) && (cbuf[0] == 'R')) { + BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); - cbuf_len=0; - } - else - { - cbuf_len=i; - cbuf_off=0; - } - - write_ssl=1; - read_tty=0; + cbuf_len = 0; + } else { + cbuf_len = i; + cbuf_off = 0; } + + write_ssl = 1; + read_tty = 0; } + } - ret=0; + ret = 0; shut: if (in_init) - print_stuff(bio_c_out,con,full_log); + print_stuff(bio_c_out, con, full_log); SSL_shutdown(con); shutdown(SSL_get_fd(con), SHUT_RD); close(SSL_get_fd(con)); end: - if (con != NULL) - { + if (con != NULL) { if (prexit != 0) - print_stuff(bio_c_out,con,1); + print_stuff(bio_c_out, con, 1); SSL_free(con); - } + } #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) free(next_proto.data); #endif - if (ctx != NULL) SSL_CTX_free(ctx); + if (ctx != NULL) + SSL_CTX_free(ctx); if (cert) X509_free(cert); if (key) @@ -1807,156 +1672,154 @@ end: free(pass); if (vpm) X509_VERIFY_PARAM_free(vpm); - if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); free(cbuf); } - if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); free(sbuf); } - if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); free(mbuf); } - if (bio_c_out != NULL) - { + if (cbuf != NULL) { + OPENSSL_cleanse(cbuf, BUFSIZZ); + free(cbuf); + } + if (sbuf != NULL) { + OPENSSL_cleanse(sbuf, BUFSIZZ); + free(sbuf); + } + if (mbuf != NULL) { + OPENSSL_cleanse(mbuf, BUFSIZZ); + free(mbuf); + } + if (bio_c_out != NULL) { BIO_free(bio_c_out); - bio_c_out=NULL; - } - apps_shutdown(); - return(ret); + bio_c_out = NULL; } + apps_shutdown(); + return (ret); +} -static void print_stuff(BIO *bio, SSL *s, int full) - { - X509 *peer=NULL; +static void +print_stuff(BIO * bio, SSL * s, int full) +{ + X509 *peer = NULL; char *p; - static const char *space=" "; + static const char *space = " "; char buf[BUFSIZ]; - STACK_OF(X509) *sk; - STACK_OF(X509_NAME) *sk2; + STACK_OF(X509) * sk; + STACK_OF(X509_NAME) * sk2; const SSL_CIPHER *c; X509_NAME *xn; - int j,i; + int j, i; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif unsigned char *exportedkeymat; - if (full) - { + if (full) { int got_a_chain = 0; - sk=SSL_get_peer_cert_chain(s); - if (sk != NULL) - { - got_a_chain = 1; /* we don't have it for SSL2 (yet) */ + sk = SSL_get_peer_cert_chain(s); + if (sk != NULL) { + got_a_chain = 1; /* we don't have it for SSL2 + * (yet) */ - BIO_printf(bio,"---\nCertificate chain\n"); - for (i=0; i 0)) - { - BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); - for (i=0; i 0)) { + BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); + for (i = 0; i < sk_X509_NAME_num(sk2); i++) { + xn = sk_X509_NAME_value(sk2, i); + X509_NAME_oneline(xn, buf, sizeof(buf)); + BIO_write(bio, buf, strlen(buf)); + BIO_write(bio, "\n", 1); + } + } else { + BIO_printf(bio, "---\nNo client certificate CA names sent\n"); + } + p = SSL_get_shared_ciphers(s, buf, sizeof buf); + if (p != NULL) { + /* + * This works only for SSL 2. In later protocol * versions, the client does not know what other - * ciphers (in addition to the one to be used - * in the current connection) the server supports. */ - - BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); - j=i=0; - while (*p) - { - if (*p == ':') - { - BIO_write(bio,space,15-j%25); + * ciphers (in addition to the one to be used in the + * current connection) the server supports. + */ + + BIO_printf(bio, "---\nCiphers common between both SSL endpoints:\n"); + j = i = 0; + while (*p) { + if (*p == ':') { + BIO_write(bio, space, 15 - j % 25); i++; - j=0; - BIO_write(bio,((i%3)?" ":"\n"),1); - } - else - { - BIO_write(bio,p,1); + j = 0; + BIO_write(bio, ((i % 3) ? " " : "\n"), 1); + } else { + BIO_write(bio, p, 1); j++; - } - p++; } - BIO_write(bio,"\n",1); + p++; } - - BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", - BIO_number_read(SSL_get_rbio(s)), - BIO_number_written(SSL_get_wbio(s))); + BIO_write(bio, "\n", 1); } - BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, ")); - c=SSL_get_current_cipher(s); - BIO_printf(bio,"%s, Cipher is %s\n", - SSL_CIPHER_get_version(c), - SSL_CIPHER_get_name(c)); + BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(s)), + BIO_number_written(SSL_get_wbio(s))); + } + BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, ")); + c = SSL_get_current_cipher(s); + BIO_printf(bio, "%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(peer); - BIO_printf(bio,"Server public key is %d bit\n", - EVP_PKEY_bits(pktmp)); + BIO_printf(bio, "Server public key is %d bit\n", + EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); + SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP - comp=SSL_get_current_compression(s); - expansion=SSL_get_current_expansion(s); - BIO_printf(bio,"Compression: %s\n", - comp ? SSL_COMP_get_name(comp) : "NONE"); - BIO_printf(bio,"Expansion: %s\n", - expansion ? SSL_COMP_get_name(expansion) : "NONE"); -#endif - + comp = SSL_get_current_compression(s); + expansion = SSL_get_current_expansion(s); + BIO_printf(bio, "Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio, "Expansion: %s\n", + expansion ? SSL_COMP_get_name(expansion) : "NONE"); +#endif + #ifdef SSL_DEBUG { - /* Print out local port of connection: useful for debugging */ - int sock; - struct sockaddr_in ladd; - socklen_t ladd_size = sizeof(ladd); - sock = SSL_get_fd(s); - getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); - BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); + /* Print out local port of connection: useful for debugging */ + int sock; + struct sockaddr_in ladd; + socklen_t ladd_size = sizeof(ladd); + sock = SSL_get_fd(s); + getsockname(sock, (struct sockaddr *) & ladd, &ladd_size); + BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); } #endif @@ -1972,76 +1835,70 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif #ifndef OPENSSL_NO_SRTP - { - SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); - - if(srtp_profile) - BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); + { + SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s); + + if (srtp_profile) + BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", + srtp_profile->name); } #endif - - SSL_SESSION_print(bio,SSL_get_session(s)); - if (keymatexportlabel != NULL) - { + + SSL_SESSION_print(bio, SSL_get_session(s)); + if (keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); exportedkeymat = malloc(keymatexportlen); - if (exportedkeymat != NULL) - { + if (exportedkeymat != NULL) { if (!SSL_export_keying_material(s, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0)) - { + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0)) { BIO_printf(bio, " Error\n"); - } - else - { + } else { BIO_printf(bio, " Keying material: "); - for (i=0; ip=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if ((dh = DH_new()) == NULL) + return (NULL); + dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((dh->p == NULL) || (dh->g == NULL)) - return(NULL); - return(dh); - } + return (NULL); + return (dh); +} #endif @@ -232,8 +235,8 @@ static DH *get_dh512(void) #undef BUFSIZZ #define BUFSIZZ 16*1024 -static int bufsize=BUFSIZZ; -static int accept_socket= -1; +static int bufsize = BUFSIZZ; +static int accept_socket = -1; #define TEST_CERT "server.pem" #ifndef OPENSSL_NO_TLSEXT @@ -244,43 +247,43 @@ static int accept_socket= -1; extern int verify_depth, verify_return_error; -static char *cipher=NULL; -static int s_server_verify=SSL_VERIFY_NONE; -static int s_server_session_id_context = 1; /* anything will do */ -static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; +static char *cipher = NULL; +static int s_server_verify = SSL_VERIFY_NONE; +static int s_server_session_id_context = 1; /* anything will do */ +static const char *s_cert_file = TEST_CERT, *s_key_file = NULL; #ifndef OPENSSL_NO_TLSEXT -static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; +static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; #endif -static char *s_dcert_file=NULL,*s_dkey_file=NULL; +static char *s_dcert_file = NULL, *s_dkey_file = NULL; #ifdef FIONBIO -static int s_nbio=0; +static int s_nbio = 0; #endif -static int s_nbio_test=0; -int s_crlf=0; -static SSL_CTX *ctx=NULL; +static int s_nbio_test = 0; +int s_crlf = 0; +static SSL_CTX *ctx = NULL; #ifndef OPENSSL_NO_TLSEXT -static SSL_CTX *ctx2=NULL; +static SSL_CTX *ctx2 = NULL; #endif -static int www=0; +static int www = 0; -static BIO *bio_s_out=NULL; -static int s_debug=0; +static BIO *bio_s_out = NULL; +static int s_debug = 0; #ifndef OPENSSL_NO_TLSEXT -static int s_tlsextdebug=0; -static int s_tlsextstatus=0; -static int cert_status_cb(SSL *s, void *arg); +static int s_tlsextdebug = 0; +static int s_tlsextstatus = 0; +static int cert_status_cb(SSL * s, void *arg); #endif -static int s_msg=0; -static int s_quiet=0; +static int s_msg = 0; +static int s_quiet = 0; -static char *keymatexportlabel=NULL; -static int keymatexportlen=20; +static char *keymatexportlabel = NULL; +static int keymatexportlen = 20; -static int hack=0; +static int hack = 0; #ifndef OPENSSL_NO_ENGINE -static char *engine_id=NULL; +static char *engine_id = NULL; #endif -static const char *session_id_prefix=NULL; +static const char *session_id_prefix = NULL; static int enable_timeouts = 0; static long socket_mtu; @@ -290,303 +293,296 @@ static int cert_chain = 0; #ifndef OPENSSL_NO_PSK -static char *psk_identity="Client_identity"; -char *psk_key=NULL; /* by default PSK is not used */ +static char *psk_identity = "Client_identity"; +char *psk_key = NULL; /* by default PSK is not used */ -static unsigned int psk_server_cb(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len) - { +static unsigned int +psk_server_cb(SSL * ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len) +{ unsigned int psk_len = 0; int ret; BIGNUM *bn = NULL; if (s_debug) - BIO_printf(bio_s_out,"psk_server_cb\n"); - if (!identity) - { - BIO_printf(bio_err,"Error: client did not send PSK identity\n"); + BIO_printf(bio_s_out, "psk_server_cb\n"); + if (!identity) { + BIO_printf(bio_err, "Error: client did not send PSK identity\n"); goto out_err; - } + } if (s_debug) - BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); + BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", + identity ? (int) strlen(identity) : 0, identity); /* here we could lookup the given identity e.g. from a database */ - if (strcmp(identity, psk_identity) != 0) - { - BIO_printf(bio_s_out, "PSK error: client identity not found" - " (got '%s' expected '%s')\n", identity, - psk_identity); + if (strcmp(identity, psk_identity) != 0) { + BIO_printf(bio_s_out, "PSK error: client identity not found" + " (got '%s' expected '%s')\n", identity, + psk_identity); goto out_err; - } + } if (s_debug) BIO_printf(bio_s_out, "PSK client identity found\n"); /* convert the PSK key to binary */ ret = BN_hex2bn(&bn, psk_key); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); if (bn) BN_free(bn); return 0; - } - if (BN_num_bytes(bn) > (int)max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); + } + if (BN_num_bytes(bn) > (int) max_psk_len) { + BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); BN_free(bn); return 0; - } - + } ret = BN_bn2bin(bn, psk); BN_free(bn); if (ret < 0) goto out_err; - psk_len = (unsigned int)ret; + psk_len = (unsigned int) ret; if (s_debug) BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); - return psk_len; - out_err: + return psk_len; +out_err: if (s_debug) BIO_printf(bio_err, "Error in PSK server callback\n"); return 0; - } +} #endif #ifndef OPENSSL_NO_SRP /* This is a context that we pass to callbacks */ -typedef struct srpsrvparm_st - { +typedef struct srpsrvparm_st { char *login; SRP_VBASE *vb; SRP_user_pwd *user; - } srpsrvparm; +} srpsrvparm; /* This callback pretends to require some asynchronous logic in order to obtain a verifier. When the callback is called for a new connection we return with a negative value. This will provoke the accept etc to return with - an LOOKUP_X509. The main logic of the reinvokes the suspended call + an LOOKUP_X509. The main logic of the reinvokes the suspended call (which would normally occur after a worker has finished) and we - set the user parameters. + set the user parameters. */ -static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) - { - srpsrvparm *p = (srpsrvparm *)arg; - if (p->login == NULL && p->user == NULL ) - { +static int +ssl_srp_server_param_cb(SSL * s, int *ad, void *arg) +{ + srpsrvparm *p = (srpsrvparm *) arg; + if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); - return (-1) ; - } - - if (p->user == NULL) - { + return (-1); + } + if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); return SSL3_AL_FATAL; - } + } if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, - p->user->info) < 0) - { + p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; - } - BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); + } + BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info); /* need to check whether there are memory leaks */ p->user = NULL; p->login = NULL; return SSL_ERROR_NONE; - } +} #endif -static void s_server_init(void) - { - accept_socket=-1; - cipher=NULL; - s_server_verify=SSL_VERIFY_NONE; - s_dcert_file=NULL; - s_dkey_file=NULL; - s_cert_file=TEST_CERT; - s_key_file=NULL; +static void +s_server_init(void) +{ + accept_socket = -1; + cipher = NULL; + s_server_verify = SSL_VERIFY_NONE; + s_dcert_file = NULL; + s_dkey_file = NULL; + s_cert_file = TEST_CERT; + s_key_file = NULL; #ifndef OPENSSL_NO_TLSEXT - s_cert_file2=TEST_CERT2; - s_key_file2=NULL; - ctx2=NULL; + s_cert_file2 = TEST_CERT2; + s_key_file2 = NULL; + ctx2 = NULL; #endif #ifdef FIONBIO - s_nbio=0; + s_nbio = 0; #endif - s_nbio_test=0; - ctx=NULL; - www=0; + s_nbio_test = 0; + ctx = NULL; + www = 0; - bio_s_out=NULL; - s_debug=0; - s_msg=0; - s_quiet=0; - hack=0; + bio_s_out = NULL; + s_debug = 0; + s_msg = 0; + s_quiet = 0; + hack = 0; #ifndef OPENSSL_NO_ENGINE - engine_id=NULL; + engine_id = NULL; #endif - } +} -static void sv_usage(void) - { - BIO_printf(bio_err,"usage: s_server [args ...]\n"); - BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); - BIO_printf(bio_err," -context arg - set session ID context\n"); - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); - BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); - BIO_printf(bio_err," -cert arg - certificate file to use\n"); - BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ - " The CRL(s) are appended to the certificate file\n"); - BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ - " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ - " the certificate file.\n"); - BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); - BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); - BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); - BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); - BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); - BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); - BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); - BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); - BIO_printf(bio_err," or a default set of parameters is used\n"); +static void +sv_usage(void) +{ + BIO_printf(bio_err, "usage: s_server [args ...]\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -accept arg - port to accept on (default is %d)\n", PORT); + BIO_printf(bio_err, " -context arg - set session ID context\n"); + BIO_printf(bio_err, " -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err, " -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err, " -cert arg - certificate file to use\n"); + BIO_printf(bio_err, " (default is %s)\n", TEST_CERT); + BIO_printf(bio_err, " -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err, " -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); + BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, " -key arg - Private Key file to use, in cert file if\n"); + BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT); + BIO_printf(bio_err, " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n"); + BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err, " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); + BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); + BIO_printf(bio_err, " or a default set of parameters is used\n"); #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ - " Use \"openssl ecparam -list_curves\" for all names\n" \ - " (default is nistp256).\n"); + BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ + " Use \"openssl ecparam -list_curves\" for all names\n" \ + " (default is nistp256).\n"); #endif #ifdef FIONBIO - BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); -#endif - BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); - BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); - BIO_printf(bio_err," -debug - Print more output\n"); - BIO_printf(bio_err," -msg - Show protocol messages\n"); - BIO_printf(bio_err," -state - Print the SSL states\n"); - BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); - BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); - BIO_printf(bio_err," -quiet - No server output\n"); - BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); + BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n"); + BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); + BIO_printf(bio_err, " -debug - Print more output\n"); + BIO_printf(bio_err, " -msg - Show protocol messages\n"); + BIO_printf(bio_err, " -state - Print the SSL states\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); + BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); + BIO_printf(bio_err, " -quiet - No server output\n"); + BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n"); #ifndef OPENSSL_NO_PSK - BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); - BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); -# ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); -# endif + BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n"); + BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); +#ifndef OPENSSL_NO_JPAKE + BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); +#endif #endif #ifndef OPENSSL_NO_SRP - BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); - BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); -#endif - BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); - BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); - BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n"); - BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); - BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); - BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); - BIO_printf(bio_err," -timeout - Enable timeouts\n"); - BIO_printf(bio_err," -mtu - Set link layer MTU\n"); - BIO_printf(bio_err," -chain - Read a certificate chain\n"); - BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); - BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); - BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); - BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); - BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n"); + BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n"); + BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n"); +#endif + BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n"); + BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); + BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); + BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); + BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n"); + BIO_printf(bio_err, " -timeout - Enable timeouts\n"); + BIO_printf(bio_err, " -mtu - Set link layer MTU\n"); + BIO_printf(bio_err, " -chain - Read a certificate chain\n"); + BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n"); + BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n"); + BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n"); + BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n"); + BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n"); #ifndef OPENSSL_NO_DH - BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); + BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); #endif #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); + BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n"); #endif - BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); - BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); - BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); - BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); - BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); + BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err, " -www - Respond to a 'GET /' with a status page\n"); + BIO_printf(bio_err, " -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); + BIO_printf(bio_err, " -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); + BIO_printf(bio_err, " with the assumption it contains a complete HTTP response.\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); - BIO_printf(bio_err," -rand file%cfile%c...\n", ':', ':'); + BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); + BIO_printf(bio_err, " -rand file%cfile%c...\n", ':', ':'); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); - BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); - BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); - BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); - BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); - BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); - BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); -# ifndef OPENSSL_NO_NEXTPROTONEG - BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); -# endif -# ifndef OPENSSL_NO_SRTP - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); -# endif -#endif - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); - } - -static int local_argc=0; + BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n"); + BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); + BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n"); + BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2); + BIO_printf(bio_err, " -key2 arg - Private Key file to use for servername, in cert file if\n"); + BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); + BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +#ifndef OPENSSL_NO_NEXTPROTONEG + BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); +#endif +#ifndef OPENSSL_NO_SRTP + BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +#endif +#endif + BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); +} + +static int local_argc = 0; static char **local_argv; #ifndef OPENSSL_NO_TLSEXT /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { - char * servername; - BIO * biodebug; - int extension_error; + char *servername; + BIO *biodebug; + int extension_error; } tlsextctx; -static int ssl_servername_cb(SSL *s, int *ad, void *arg) - { - tlsextctx * p = (tlsextctx *) arg; - const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (servername && p->biodebug) - BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); - +static int +ssl_servername_cb(SSL * s, int *ad, void *arg) +{ + tlsextctx *p = (tlsextctx *) arg; + const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (servername && p->biodebug) + BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername); + if (!p->servername) return SSL_TLSEXT_ERR_NOACK; - - if (servername) - { - if (strcmp(servername,p->servername)) + + if (servername) { + if (strcmp(servername, p->servername)) return p->extension_error; - if (ctx2) - { - BIO_printf(p->biodebug,"Switching server context.\n"); - SSL_set_SSL_CTX(s,ctx2); - } + if (ctx2) { + BIO_printf(p->biodebug, "Switching server context.\n"); + SSL_set_SSL_CTX(s, ctx2); } + } return SSL_TLSEXT_ERR_OK; } /* Structure passed to cert status callback */ typedef struct tlsextstatusctx_st { - /* Default responder to use */ - char *host, *path, *port; - int use_ssl; - int timeout; - BIO *err; - int verbose; + /* Default responder to use */ + char *host, *path, *port; + int use_ssl; + int timeout; + BIO *err; + int verbose; } tlsextstatusctx; static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; @@ -602,70 +598,65 @@ static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; * considered "expired". */ -static int cert_status_cb(SSL *s, void *arg) - { +static int +cert_status_cb(SSL * s, void *arg) +{ tlsextstatusctx *srctx = arg; BIO *err = srctx->err; char *host, *port, *path; int use_ssl; unsigned char *rspder = NULL; int rspderlen; - STACK_OF(OPENSSL_STRING) *aia = NULL; + STACK_OF(OPENSSL_STRING) * aia = NULL; X509 *x = NULL; X509_STORE_CTX inctx; X509_OBJECT obj; OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_CERTID *id = NULL; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) * exts; int ret = SSL_TLSEXT_ERR_NOACK; int i; #if 0 -STACK_OF(OCSP_RESPID) *ids; -SSL_get_tlsext_status_ids(s, &ids); -BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); + STACK_OF(OCSP_RESPID) * ids; + SSL_get_tlsext_status_ids(s, &ids); + BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); #endif if (srctx->verbose) BIO_puts(err, "cert_status: callback called\n"); /* Build up OCSP query from server certificate */ x = SSL_get_certificate(s); aia = X509_get1_ocsp(x); - if (aia) - { + if (aia) { if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, &path, &use_ssl)) - { + &host, &port, &path, &use_ssl)) { BIO_puts(err, "cert_status: can't parse AIA URL\n"); goto err; - } + } if (srctx->verbose) BIO_printf(err, "cert_status: AIA URL: %s\n", - sk_OPENSSL_STRING_value(aia, 0)); - } - else - { - if (!srctx->host) - { + sk_OPENSSL_STRING_value(aia, 0)); + } else { + if (!srctx->host) { BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); goto done; - } + } host = srctx->host; path = srctx->path; port = srctx->port; use_ssl = srctx->use_ssl; - } - + } + if (!X509_STORE_CTX_init(&inctx, - SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), - NULL, NULL)) + SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), + NULL, NULL)) goto err; - if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, - X509_get_issuer_name(x),&obj) <= 0) - { + if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, + X509_get_issuer_name(x), &obj) <= 0) { BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); X509_STORE_CTX_cleanup(&inctx); goto done; - } + } req = OCSP_REQUEST_new(); if (!req) goto err; @@ -679,39 +670,35 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); id = NULL; /* Add any extensions to the request */ SSL_get_tlsext_status_exts(s, &exts); - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) - { + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); if (!OCSP_REQUEST_add_ext(req, ext, -1)) goto err; - } + } resp = process_responder(err, req, host, path, port, use_ssl, NULL, - srctx->timeout); - if (!resp) - { + srctx->timeout); + if (!resp) { BIO_puts(err, "cert_status: error querying responder\n"); goto done; - } + } rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); if (rspderlen <= 0) goto err; SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); - if (srctx->verbose) - { + if (srctx->verbose) { BIO_puts(err, "cert_status: ocsp response sent:\n"); OCSP_RESPONSE_print(err, resp, 2); - } + } ret = SSL_TLSEXT_ERR_OK; - done: +done: if (ret != SSL_TLSEXT_ERR_OK) ERR_print_errors(err); - if (aia) - { + if (aia) { free(host); free(path); free(port); X509_email_free(aia); - } + } if (id) OCSP_CERTID_free(id); if (req) @@ -719,28 +706,29 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); if (resp) OCSP_RESPONSE_free(resp); return ret; - err: +err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; goto done; - } +} -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; unsigned int len; } tlsextnextprotoctx; -static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) - { +static int +next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) +{ tlsextnextprotoctx *next_proto = arg; *data = next_proto->data; *len = next_proto->len; return SSL_TLSEXT_ERR_OK; - } -# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +} +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ #endif @@ -751,32 +739,33 @@ int MAIN(int, char **); static char *jpake_secret = NULL; #endif #ifndef OPENSSL_NO_SRP - static srpsrvparm srp_callback_parm; +static srpsrvparm srp_callback_parm; #endif #ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; #endif -int MAIN(int argc, char *argv[]) - { +int +MAIN(int argc, char *argv[]) +{ X509_VERIFY_PARAM *vpm = NULL; int badarg = 0; - short port=PORT; - char *CApath=NULL,*CAfile=NULL; + short port = PORT; + char *CApath = NULL, *CAfile = NULL; unsigned char *context = NULL; char *dhfile = NULL; #ifndef OPENSSL_NO_ECDH char *named_curve = NULL; #endif - int badop=0,bugs=0; - int ret=1; - int off=0; - int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; - int state=0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; - ENGINE *e=NULL; - char *inrand=NULL; + int badop = 0, bugs = 0; + int ret = 1; + int off = 0; + int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; + int state = 0; + const SSL_METHOD *meth = NULL; + int socket_type = SOCK_STREAM; + ENGINE *e = NULL; + char *inrand = NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; char *dpassarg = NULL, *dpass = NULL; @@ -787,428 +776,388 @@ int MAIN(int argc, char *argv[]) #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; - tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; -# ifndef OPENSSL_NO_NEXTPROTONEG + tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; +#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto; -# endif +#endif #endif #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ - static char *psk_identity_hint=NULL; + static char *psk_identity_hint = NULL; #endif #ifndef OPENSSL_NO_SRP char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif - meth=SSLv23_server_method(); + meth = SSLv23_server_method(); - local_argc=argc; - local_argv=argv; + local_argc = argc; + local_argv = argv; apps_startup(); s_server_init(); if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; - verify_depth=0; + verify_depth = 0; #ifdef FIONBIO - s_nbio=0; + s_nbio = 0; #endif - s_nbio_test=0; + s_nbio_test = 0; argc--; argv++; - while (argc >= 1) - { - if ((strcmp(*argv,"-port") == 0) || - (strcmp(*argv,"-accept") == 0)) - { - if (--argc < 1) goto bad; - if (!extract_port(*(++argv),&port)) + while (argc >= 1) { + if ((strcmp(*argv, "-port") == 0) || + (strcmp(*argv, "-accept") == 0)) { + if (--argc < 1) + goto bad; + if (!extract_port(*(++argv), &port)) + goto bad; + } else if (strcmp(*argv, "-verify") == 0) { + s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) + goto bad; + verify_depth = atoi(*(++argv)); + BIO_printf(bio_err, "verify depth is %d\n", verify_depth); + } else if (strcmp(*argv, "-Verify") == 0) { + s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | + SSL_VERIFY_CLIENT_ONCE; + if (--argc < 1) + goto bad; + verify_depth = atoi(*(++argv)); + BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth); + } else if (strcmp(*argv, "-context") == 0) { + if (--argc < 1) + goto bad; + context = (unsigned char *) *(++argv); + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; + s_cert_file = *(++argv); + } else if (strcmp(*argv, "-certform") == 0) { + if (--argc < 1) goto bad; - } - else if (strcmp(*argv,"-verify") == 0) - { - s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d\n",verify_depth); - } - else if (strcmp(*argv,"-Verify") == 0) - { - s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| - SSL_VERIFY_CLIENT_ONCE; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); - } - else if (strcmp(*argv,"-context") == 0) - { - if (--argc < 1) goto bad; - context= (unsigned char *)*(++argv); - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - s_cert_file= *(++argv); - } - else if (strcmp(*argv,"-certform") == 0) - { - if (--argc < 1) goto bad; s_cert_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - s_key_file= *(++argv); - } - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + s_key_file = *(++argv); + } else if (strcmp(*argv, "-keyform") == 0) { + if (--argc < 1) + goto bad; s_key_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-pass") == 0) { + if (--argc < 1) + goto bad; passarg = *(++argv); - } - else if (strcmp(*argv,"-dhparam") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-dhparam") == 0) { + if (--argc < 1) + goto bad; dhfile = *(++argv); - } -#ifndef OPENSSL_NO_ECDH - else if (strcmp(*argv,"-named_curve") == 0) - { - if (--argc < 1) goto bad; + } +#ifndef OPENSSL_NO_ECDH + else if (strcmp(*argv, "-named_curve") == 0) { + if (--argc < 1) + goto bad; named_curve = *(++argv); - } + } #endif - else if (strcmp(*argv,"-dcertform") == 0) - { - if (--argc < 1) goto bad; + else if (strcmp(*argv, "-dcertform") == 0) { + if (--argc < 1) + goto bad; s_dcert_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-dcert") == 0) - { - if (--argc < 1) goto bad; - s_dcert_file= *(++argv); - } - else if (strcmp(*argv,"-dkeyform") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-dcert") == 0) { + if (--argc < 1) + goto bad; + s_dcert_file = *(++argv); + } else if (strcmp(*argv, "-dkeyform") == 0) { + if (--argc < 1) + goto bad; s_dkey_format = str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-dpass") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-dpass") == 0) { + if (--argc < 1) + goto bad; dpassarg = *(++argv); - } - else if (strcmp(*argv,"-dkey") == 0) - { - if (--argc < 1) goto bad; - s_dkey_file= *(++argv); - } - else if (strcmp(*argv,"-nocert") == 0) - { - nocert=1; - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-no_cache") == 0) + } else if (strcmp(*argv, "-dkey") == 0) { + if (--argc < 1) + goto bad; + s_dkey_file = *(++argv); + } else if (strcmp(*argv, "-nocert") == 0) { + nocert = 1; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-no_cache") == 0) no_cache = 1; - else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) - { + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { if (badarg) goto bad; continue; - } - else if (strcmp(*argv,"-verify_return_error") == 0) + } else if (strcmp(*argv, "-verify_return_error") == 0) verify_return_error = 1; - else if (strcmp(*argv,"-serverpref") == 0) - { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } - else if (strcmp(*argv,"-legacy_renegotiation") == 0) - off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; - cipher= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } -#ifdef FIONBIO - else if (strcmp(*argv,"-nbio") == 0) - { s_nbio=1; } + else if (strcmp(*argv, "-serverpref") == 0) { + off |= SSL_OP_CIPHER_SERVER_PREFERENCE; + } else if (strcmp(*argv, "-legacy_renegotiation") == 0) + off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv, "-nbio") == 0) { + s_nbio = 1; + } #endif - else if (strcmp(*argv,"-nbio_test") == 0) - { -#ifdef FIONBIO - s_nbio=1; + else if (strcmp(*argv, "-nbio_test") == 0) { +#ifdef FIONBIO + s_nbio = 1; #endif - s_nbio_test=1; - } - else if (strcmp(*argv,"-debug") == 0) - { s_debug=1; } + s_nbio_test = 1; + } else if (strcmp(*argv, "-debug") == 0) { + s_debug = 1; + } #ifndef OPENSSL_NO_TLSEXT - else if (strcmp(*argv,"-tlsextdebug") == 0) - s_tlsextdebug=1; - else if (strcmp(*argv,"-status") == 0) - s_tlsextstatus=1; - else if (strcmp(*argv,"-status_verbose") == 0) - { - s_tlsextstatus=1; + else if (strcmp(*argv, "-tlsextdebug") == 0) + s_tlsextdebug = 1; + else if (strcmp(*argv, "-status") == 0) + s_tlsextstatus = 1; + else if (strcmp(*argv, "-status_verbose") == 0) { + s_tlsextstatus = 1; tlscstatp.verbose = 1; - } - else if (!strcmp(*argv, "-status_timeout")) - { - s_tlsextstatus=1; - if (--argc < 1) goto bad; + } else if (!strcmp(*argv, "-status_timeout")) { + s_tlsextstatus = 1; + if (--argc < 1) + goto bad; tlscstatp.timeout = atoi(*(++argv)); - } - else if (!strcmp(*argv, "-status_url")) - { - s_tlsextstatus=1; - if (--argc < 1) goto bad; + } else if (!strcmp(*argv, "-status_url")) { + s_tlsextstatus = 1; + if (--argc < 1) + goto bad; if (!OCSP_parse_url(*(++argv), - &tlscstatp.host, - &tlscstatp.port, - &tlscstatp.path, - &tlscstatp.use_ssl)) - { + &tlscstatp.host, + &tlscstatp.port, + &tlscstatp.path, + &tlscstatp.use_ssl)) { BIO_printf(bio_err, "Error parsing URL\n"); goto bad; - } } + } #endif - else if (strcmp(*argv,"-msg") == 0) - { s_msg=1; } - else if (strcmp(*argv,"-hack") == 0) - { hack=1; } - else if (strcmp(*argv,"-state") == 0) - { state=1; } - else if (strcmp(*argv,"-crlf") == 0) - { s_crlf=1; } - else if (strcmp(*argv,"-quiet") == 0) - { s_quiet=1; } - else if (strcmp(*argv,"-bugs") == 0) - { bugs=1; } - else if (strcmp(*argv,"-no_tmp_rsa") == 0) - { no_tmp_rsa=1; } - else if (strcmp(*argv,"-no_dhe") == 0) - { no_dhe=1; } - else if (strcmp(*argv,"-no_ecdhe") == 0) - { no_ecdhe=1; } + else if (strcmp(*argv, "-msg") == 0) { + s_msg = 1; + } else if (strcmp(*argv, "-hack") == 0) { + hack = 1; + } else if (strcmp(*argv, "-state") == 0) { + state = 1; + } else if (strcmp(*argv, "-crlf") == 0) { + s_crlf = 1; + } else if (strcmp(*argv, "-quiet") == 0) { + s_quiet = 1; + } else if (strcmp(*argv, "-bugs") == 0) { + bugs = 1; + } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { + no_tmp_rsa = 1; + } else if (strcmp(*argv, "-no_dhe") == 0) { + no_dhe = 1; + } else if (strcmp(*argv, "-no_ecdhe") == 0) { + no_ecdhe = 1; + } #ifndef OPENSSL_NO_PSK - else if (strcmp(*argv,"-psk_hint") == 0) - { - if (--argc < 1) goto bad; - psk_identity_hint= *(++argv); - } - else if (strcmp(*argv,"-psk") == 0) - { + else if (strcmp(*argv, "-psk_hint") == 0) { + if (--argc < 1) + goto bad; + psk_identity_hint = *(++argv); + } else if (strcmp(*argv, "-psk") == 0) { size_t i; - if (--argc < 1) goto bad; - psk_key=*(++argv); - for (i=0; i= 32) + } + if (session_id_prefix) { + if (strlen(session_id_prefix) >= 32) BIO_printf(bio_err, -"warning: id_prefix is too long, only one new session will be possible\n"); - else if(strlen(session_id_prefix) >= 16) + "warning: id_prefix is too long, only one new session will be possible\n"); + else if (strlen(session_id_prefix) >= 16) BIO_printf(bio_err, -"warning: id_prefix is too long if you use SSLv2\n"); - if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) - { - BIO_printf(bio_err,"error setting 'id_prefix'\n"); + "warning: id_prefix is too long if you use SSLv2\n"); + if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { + BIO_printf(bio_err, "error setting 'id_prefix'\n"); ERR_print_errors(bio_err); goto end; - } - BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx,1); - if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); - if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); - SSL_CTX_set_options(ctx,off); - /* DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. + BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); + } + SSL_CTX_set_quiet_shutdown(ctx, 1); + if (bugs) + SSL_CTX_set_options(ctx, SSL_OP_ALL); + if (hack) + SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + SSL_CTX_set_options(ctx, off); + /* + * DTLS: partial reads end up discarding unread UDP bytes :-( Setting + * read ahead solves this problem. */ - if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); + if (socket_type == SOCK_DGRAM) + SSL_CTX_set_read_ahead(ctx, 1); - if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (state) + SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); if (no_cache) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); else - SSL_CTX_sess_set_cache_size(ctx,128); + SSL_CTX_sess_set_cache_size(ctx, 128); #ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) @@ -1379,232 +1304,205 @@ bad: #endif #if 0 - if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + if (cipher == NULL) + cipher = getenv("SSL_CIPHER"); #endif #if 0 - if (s_cert_file == NULL) - { - BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); + if (s_cert_file == NULL) { + BIO_printf(bio_err, "You must specify a certificate file for the server to use\n"); goto end; - } + } #endif - if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) - { + if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ - } + } if (vpm) SSL_CTX_set1_param(ctx, vpm); #ifndef OPENSSL_NO_TLSEXT - if (s_cert2) - { - ctx2=SSL_CTX_new(meth); - if (ctx2 == NULL) - { + if (s_cert2) { + ctx2 = SSL_CTX_new(meth); + if (ctx2 == NULL) { ERR_print_errors(bio_err); goto end; - } } - - if (ctx2) - { - BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); - - if (session_id_prefix) - { - if(strlen(session_id_prefix) >= 32) + } + if (ctx2) { + BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); + + if (session_id_prefix) { + if (strlen(session_id_prefix) >= 32) BIO_printf(bio_err, - "warning: id_prefix is too long, only one new session will be possible\n"); - else if(strlen(session_id_prefix) >= 16) + "warning: id_prefix is too long, only one new session will be possible\n"); + else if (strlen(session_id_prefix) >= 16) BIO_printf(bio_err, - "warning: id_prefix is too long if you use SSLv2\n"); - if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) - { - BIO_printf(bio_err,"error setting 'id_prefix'\n"); + "warning: id_prefix is too long if you use SSLv2\n"); + if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { + BIO_printf(bio_err, "error setting 'id_prefix'\n"); ERR_print_errors(bio_err); goto end; - } - BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx2,1); - if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); - if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); - SSL_CTX_set_options(ctx2,off); - /* DTLS: partial reads end up discarding unread UDP bytes :-( + BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); + } + SSL_CTX_set_quiet_shutdown(ctx2, 1); + if (bugs) + SSL_CTX_set_options(ctx2, SSL_OP_ALL); + if (hack) + SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); + SSL_CTX_set_options(ctx2, off); + /* + * DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ - if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); + if (socket_type == SOCK_DGRAM) + SSL_CTX_set_read_ahead(ctx2, 1); - if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); + if (state) + SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); if (no_cache) - SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); + SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); else - SSL_CTX_sess_set_cache_size(ctx2,128); + SSL_CTX_sess_set_cache_size(ctx2, 128); - if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx2))) - { + if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx2))) { ERR_print_errors(bio_err); - } + } if (vpm) SSL_CTX_set1_param(ctx2, vpm); - } - -# ifndef OPENSSL_NO_NEXTPROTONEG + } +#ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); -# endif -#endif +#endif +#endif #ifndef OPENSSL_NO_DH - if (!no_dhe) - { - DH *dh=NULL; + if (!no_dhe) { + DH *dh = NULL; if (dhfile) dh = load_dh_param(dhfile); else if (s_cert_file) dh = load_dh_param(s_cert_file); - if (dh != NULL) - { - BIO_printf(bio_s_out,"Setting temp DH parameters\n"); - } - else - { - BIO_printf(bio_s_out,"Using default temp DH parameters\n"); - dh=get_dh512(); - } - (void)BIO_flush(bio_s_out); + if (dh != NULL) { + BIO_printf(bio_s_out, "Setting temp DH parameters\n"); + } else { + BIO_printf(bio_s_out, "Using default temp DH parameters\n"); + dh = get_dh512(); + } + (void) BIO_flush(bio_s_out); - SSL_CTX_set_tmp_dh(ctx,dh); + SSL_CTX_set_tmp_dh(ctx, dh); #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - { - if (!dhfile) - { - DH *dh2=load_dh_param(s_cert_file2); - if (dh2 != NULL) - { - BIO_printf(bio_s_out,"Setting temp DH parameters\n"); - (void)BIO_flush(bio_s_out); + if (ctx2) { + if (!dhfile) { + DH *dh2 = load_dh_param(s_cert_file2); + if (dh2 != NULL) { + BIO_printf(bio_s_out, "Setting temp DH parameters\n"); + (void) BIO_flush(bio_s_out); DH_free(dh); dh = dh2; - } } - SSL_CTX_set_tmp_dh(ctx2,dh); } + SSL_CTX_set_tmp_dh(ctx2, dh); + } #endif DH_free(dh); - } + } #endif #ifndef OPENSSL_NO_ECDH - if (!no_ecdhe) - { - EC_KEY *ecdh=NULL; + if (!no_ecdhe) { + EC_KEY *ecdh = NULL; - if (named_curve) - { + if (named_curve) { int nid = OBJ_sn2nid(named_curve); - if (nid == 0) - { - BIO_printf(bio_err, "unknown curve name (%s)\n", - named_curve); + if (nid == 0) { + BIO_printf(bio_err, "unknown curve name (%s)\n", + named_curve); goto end; - } + } ecdh = EC_KEY_new_by_curve_name(nid); - if (ecdh == NULL) - { - BIO_printf(bio_err, "unable to create curve (%s)\n", - named_curve); + if (ecdh == NULL) { + BIO_printf(bio_err, "unable to create curve (%s)\n", + named_curve); goto end; - } } - - if (ecdh != NULL) - { - BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); - } - else - { - BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); + } + if (ecdh != NULL) { + BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); + } else { + BIO_printf(bio_s_out, "Using default temp ECDH parameters\n"); ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (ecdh == NULL) - { + if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (nistp256)\n"); goto end; - } } - (void)BIO_flush(bio_s_out); + } + (void) BIO_flush(bio_s_out); - SSL_CTX_set_tmp_ecdh(ctx,ecdh); + SSL_CTX_set_tmp_ecdh(ctx, ecdh); #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - SSL_CTX_set_tmp_ecdh(ctx2,ecdh); + if (ctx2) + SSL_CTX_set_tmp_ecdh(ctx2, ecdh); #endif EC_KEY_free(ecdh); - } + } #endif - + if (!set_cert_key_stuff(ctx, s_cert, s_key)) goto end; #ifndef OPENSSL_NO_TLSEXT - if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) - goto end; + if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2)) + goto end; #endif - if (s_dcert != NULL) - { + if (s_dcert != NULL) { if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) goto end; - } - + } #ifndef OPENSSL_NO_RSA #if 1 - if (!no_tmp_rsa) - { - SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); + if (!no_tmp_rsa) { + SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); -#endif - } + if (ctx2) + SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); +#endif + } #else - if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) - { + if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) { RSA *rsa; - BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); + BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key..."); BIO_flush(bio_s_out); - rsa=RSA_generate_key(512,RSA_F4,NULL); + rsa = RSA_generate_key(512, RSA_F4, NULL); - if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) - { + if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { ERR_print_errors(bio_err); goto end; - } + } #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - { - if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) - { - ERR_print_errors(bio_err); - goto end; - } - } + if (ctx2) { + if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) { + ERR_print_errors(bio_err); + goto end; + } + } #endif RSA_free(rsa); - BIO_printf(bio_s_out,"\n"); - } + BIO_printf(bio_s_out, "\n"); + } #endif #endif @@ -1614,98 +1512,88 @@ bad: #else if (psk_key != NULL || jpake_secret) #endif - { + { if (s_debug) BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); - } - - if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) - { - BIO_printf(bio_err,"error setting PSK identity hint to context\n"); + } + if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { + BIO_printf(bio_err, "error setting PSK identity hint to context\n"); ERR_print_errors(bio_err); goto end; - } + } #endif - if (cipher != NULL) - { - if(!SSL_CTX_set_cipher_list(ctx,cipher)) - { - BIO_printf(bio_err,"error setting cipher list\n"); + if (cipher != NULL) { + if (!SSL_CTX_set_cipher_list(ctx, cipher)) { + BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; - } + } #ifndef OPENSSL_NO_TLSEXT - if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) - { - BIO_printf(bio_err,"error setting cipher list\n"); + if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) { + BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; - } -#endif } - SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); - SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, - sizeof s_server_session_id_context); +#endif + } + SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); + SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, + sizeof s_server_session_id_context); /* Set DTLS cookie generation and verification callbacks */ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - { - SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); - SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, - sizeof s_server_session_id_context); + if (ctx2) { + SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); + SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, + sizeof s_server_session_id_context); tlsextcbp.biodebug = bio_s_out; SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); - } + } #endif #ifndef OPENSSL_NO_SRP - if (srp_verifier_file != NULL) - { + if (srp_verifier_file != NULL) { srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); srp_callback_parm.user = NULL; srp_callback_parm.login = NULL; - if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) - { + if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) { BIO_printf(bio_err, - "Cannot initialize SRP verifier file \"%s\":ret=%d\n", - srp_verifier_file, ret); - goto end; - } - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback); - SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); - SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); + "Cannot initialize SRP verifier file \"%s\":ret=%d\n", + srp_verifier_file, ret); + goto end; } - else + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback); + SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); + SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); + } else #endif - if (CAfile != NULL) - { - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + if (CAfile != NULL) { + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); #ifndef OPENSSL_NO_TLSEXT - if (ctx2) - SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); + if (ctx2) + SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); #endif - } - - BIO_printf(bio_s_out,"ACCEPT\n"); - (void)BIO_flush(bio_s_out); + } + BIO_printf(bio_s_out, "ACCEPT\n"); + (void) BIO_flush(bio_s_out); if (www) - do_server(port,socket_type,&accept_socket,www_body, context); + do_server(port, socket_type, &accept_socket, www_body, context); else - do_server(port,socket_type,&accept_socket,sv_body, context); - print_stats(bio_s_out,ctx); - ret=0; + do_server(port, socket_type, &accept_socket, sv_body, context); + print_stats(bio_s_out, ctx); + ret = 0; end: - if (ctx != NULL) SSL_CTX_free(ctx); + if (ctx != NULL) + SSL_CTX_free(ctx); if (s_cert) X509_free(s_cert); if (s_dcert) @@ -1727,54 +1615,56 @@ end: free(tlscstatp.port); if (tlscstatp.path) free(tlscstatp.path); - if (ctx2 != NULL) SSL_CTX_free(ctx2); + if (ctx2 != NULL) + SSL_CTX_free(ctx2); if (s_cert2) X509_free(s_cert2); if (s_key2) EVP_PKEY_free(s_key2); #endif - if (bio_s_out != NULL) - { - BIO_free(bio_s_out); - bio_s_out=NULL; - } - apps_shutdown(); - return(ret); + if (bio_s_out != NULL) { + BIO_free(bio_s_out); + bio_s_out = NULL; } + apps_shutdown(); + return (ret); +} -static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) - { - BIO_printf(bio,"%4ld items in the session cache\n", - SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio,"%4ld client connects (SSL_connect())\n", - SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", - SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4ld client connects that finished\n", - SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", - SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", - SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4ld server accepts that finished\n", - SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", - SSL_CTX_sess_cache_full(ssl_ctx), - SSL_CTX_sess_get_cache_size(ssl_ctx)); - } - -static int sv_body(char *hostname, int s, unsigned char *context) - { - char *buf=NULL; +static void +print_stats(BIO * bio, SSL_CTX * ssl_ctx) +{ + BIO_printf(bio, "%4ld items in the session cache\n", + SSL_CTX_sess_number(ssl_ctx)); + BIO_printf(bio, "%4ld client connects (SSL_connect())\n", + SSL_CTX_sess_connect(ssl_ctx)); + BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n", + SSL_CTX_sess_connect_renegotiate(ssl_ctx)); + BIO_printf(bio, "%4ld client connects that finished\n", + SSL_CTX_sess_connect_good(ssl_ctx)); + BIO_printf(bio, "%4ld server accepts (SSL_accept())\n", + SSL_CTX_sess_accept(ssl_ctx)); + BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n", + SSL_CTX_sess_accept_renegotiate(ssl_ctx)); + BIO_printf(bio, "%4ld server accepts that finished\n", + SSL_CTX_sess_accept_good(ssl_ctx)); + BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", + SSL_CTX_sess_cache_full(ssl_ctx), + SSL_CTX_sess_get_cache_size(ssl_ctx)); +} + +static int +sv_body(char *hostname, int s, unsigned char *context) +{ + char *buf = NULL; fd_set readfds; - int ret=1,width; - int k,i; + int ret = 1, width; + int k, i; unsigned long l; - SSL *con=NULL; + SSL *con = NULL; BIO *sbio; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; @@ -1782,49 +1672,44 @@ static int sv_body(char *hostname, int s, unsigned char *context) struct timeval timeout; struct timeval *timeoutp; - if ((buf=malloc(bufsize)) == NULL) - { - BIO_printf(bio_err,"out of memory\n"); + if ((buf = malloc(bufsize)) == NULL) { + BIO_printf(bio_err, "out of memory\n"); goto err; - } -#ifdef FIONBIO - if (s_nbio) - { - unsigned long sl=1; + } +#ifdef FIONBIO + if (s_nbio) { + unsigned long sl = 1; if (!s_quiet) - BIO_printf(bio_err,"turning on non blocking io\n"); - if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) + BIO_printf(bio_err, "turning on non blocking io\n"); + if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0) ERR_print_errors(bio_err); - } + } #endif if (con == NULL) { - con=SSL_new(ctx); + con = SSL_new(ctx); #ifndef OPENSSL_NO_TLSEXT - if (s_tlsextdebug) - { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); + if (s_tlsextdebug) { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (s_tlsextstatus) - { - SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); - tlscstatp.err = bio_err; - SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); + if (s_tlsextstatus) { + SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); + tlscstatp.err = bio_err; + SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); } #endif #ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) - { + if ((kctx = kssl_ctx_new()) != NULL) { SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ - if(context) - SSL_set_session_id_context(con, context, - strlen((char *)context)); + kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ + if (context) + SSL_set_session_id_context(con, context, + strlen((char *) context)); } SSL_clear(con); #if 0 @@ -1833,329 +1718,309 @@ static int sv_body(char *hostname, int s, unsigned char *context) #endif #endif - if (SSL_version(con) == DTLS1_VERSION) - { + if (SSL_version(con) == DTLS1_VERSION) { - sbio=BIO_new_dgram(s,BIO_NOCLOSE); + sbio = BIO_new_dgram(s, BIO_NOCLOSE); - if (enable_timeouts) - { + if (enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); - + timeout.tv_sec = 0; timeout.tv_usec = DGRAM_SND_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); - } - - if (socket_mtu > 28) - { + } + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); SSL_set_mtu(con, socket_mtu - 28); - } - else + } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); - /* turn on cookie exchange */ - SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); - } - else - sbio=BIO_new_socket(s,BIO_NOCLOSE); + /* turn on cookie exchange */ + SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); + } else + sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (s_nbio_test) - { + if (s_nbio_test) { BIO *test; - test=BIO_new(BIO_f_nbio_test()); - sbio=BIO_push(test,sbio); - } + test = BIO_new(BIO_f_nbio_test()); + sbio = BIO_push(test, sbio); + } #ifndef OPENSSL_NO_JPAKE - if(jpake_secret) + if (jpake_secret) jpake_server_auth(bio_s_out, sbio, jpake_secret); #endif - SSL_set_bio(con,sbio,sbio); + SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); /* SSL_set_fd(con,s); */ - if (s_debug) - { + if (s_debug) { SSL_set_debug(con, 1); - BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); - BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); - } - if (s_msg) - { + BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); + BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); + } + if (s_msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_s_out); - } + } #ifndef OPENSSL_NO_TLSEXT - if (s_tlsextdebug) - { + if (s_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); - } + } #endif - width=s+1; - for (;;) - { + width = s + 1; + for (;;) { int read_from_terminal; int read_from_sslcon; read_from_terminal = 0; read_from_sslcon = SSL_pending(con); - if (!read_from_sslcon) - { + if (!read_from_sslcon) { FD_ZERO(&readfds); - openssl_fdset(fileno(stdin),&readfds); - openssl_fdset(s,&readfds); - /* Note: under VMS with SOCKETSHR the second parameter is - * currently of type (int *) whereas under other systems - * it is (void *) if you don't have a cast it will choke - * the compiler: if you do have a cast then you can either - * go for (int *) or (void *). + openssl_fdset(fileno(stdin), &readfds); + openssl_fdset(s, &readfds); + /* + * Note: under VMS with SOCKETSHR the second + * parameter is currently of type (int *) whereas + * under other systems it is (void *) if you don't + * have a cast it will choke the compiler: if you do + * have a cast then you can either go for (int *) or + * (void *). */ if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; - i=select(width,(void *)&readfds,NULL,NULL,timeoutp); - - if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) - { - BIO_printf(bio_err,"TIMEOUT occured\n"); - } + i = select(width, (void *) &readfds, NULL, NULL, timeoutp); - if (i <= 0) continue; - if (FD_ISSET(fileno(stdin),&readfds)) + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { + BIO_printf(bio_err, "TIMEOUT occured\n"); + } + if (i <= 0) + continue; + if (FD_ISSET(fileno(stdin), &readfds)) read_from_terminal = 1; - if (FD_ISSET(s,&readfds)) + if (FD_ISSET(s, &readfds)) read_from_sslcon = 1; - } - if (read_from_terminal) - { - if (s_crlf) - { + } + if (read_from_terminal) { + if (s_crlf) { int j, lf_num; - i=raw_read_stdin(buf, bufsize/2); + i = raw_read_stdin(buf, bufsize / 2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) if (buf[j] == '\n') lf_num++; - for (j = i-1; j >= 0; j--) - { - buf[j+lf_num] = buf[j]; - if (buf[j] == '\n') - { + for (j = i - 1; j >= 0; j--) { + buf[j + lf_num] = buf[j]; + if (buf[j] == '\n') { lf_num--; i++; - buf[j+lf_num] = '\r'; - } + buf[j + lf_num] = '\r'; } - assert(lf_num == 0); } - else - i=raw_read_stdin(buf,bufsize); - if (!s_quiet) - { - if ((i <= 0) || (buf[0] == 'Q')) - { - BIO_printf(bio_s_out,"DONE\n"); + assert(lf_num == 0); + } else + i = raw_read_stdin(buf, bufsize); + if (!s_quiet) { + if ((i <= 0) || (buf[0] == 'Q')) { + BIO_printf(bio_s_out, "DONE\n"); shutdown(s, SHUT_RD); close(s); close_accept_socket(); - ret= -11; + ret = -11; goto err; - } - if ((i <= 0) || (buf[0] == 'q')) - { - BIO_printf(bio_s_out,"DONE\n"); + } + if ((i <= 0) || (buf[0] == 'q')) { + BIO_printf(bio_s_out, "DONE\n"); if (SSL_version(con) != DTLS1_VERSION) { - shutdown(s, SHUT_RD); + shutdown(s, SHUT_RD); close(s); } - /* close_accept_socket(); - ret= -11;*/ + /* + * close_accept_socket(); ret= -11; + */ goto err; - } - if ((buf[0] == 'r') && - ((buf[1] == '\n') || (buf[1] == '\r'))) - { + } + if ((buf[0] == 'r') && + ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_renegotiate(con); - i=SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n",i); - i=0; /*13; */ + i = SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n", i); + i = 0; /* 13; */ continue; - /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ - } + /* + * strcpy(buf,"server side + * RE-NEGOTIATE\n"); + */ + } if ((buf[0] == 'R') && - ((buf[1] == '\n') || (buf[1] == '\r'))) - { + ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, - SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); + SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL); SSL_renegotiate(con); - i=SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n",i); - i=0; /* 13; */ + i = SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n", i); + i = 0; /* 13; */ continue; - /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ - } - if (buf[0] == 'P') - { - static const char *str="Lets print some clear text\n"; - BIO_write(SSL_get_wbio(con),str,strlen(str)); - } - if (buf[0] == 'S') - { - print_stats(bio_s_out,SSL_get_SSL_CTX(con)); - } + /* + * strcpy(buf,"server side + * RE-NEGOTIATE asking for client + * cert\n"); + */ } - l=k=0; - for (;;) - { + if (buf[0] == 'P') { + static const char *str = "Lets print some clear text\n"; + BIO_write(SSL_get_wbio(con), str, strlen(str)); + } + if (buf[0] == 'S') { + print_stats(bio_s_out, SSL_get_SSL_CTX(con)); + } + } + l = k = 0; + for (;;) { /* should do a select for the write */ #ifdef RENEG -{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } + { + static count = 0; + if (++count == 100) { + count = 0; + SSL_renegotiate(con); + } + } #endif - k=SSL_write(con,&(buf[l]),(unsigned int)i); + k = SSL_write(con, &(buf[l]), (unsigned int) i); #ifndef OPENSSL_NO_SRP - while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP) - { - BIO_printf(bio_s_out,"LOOKUP renego during write\n"); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); - if (srp_callback_parm.user) - BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); - else - BIO_printf(bio_s_out,"LOOKUP not successful\n"); - k=SSL_write(con,&(buf[l]),(unsigned int)i); - } + while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during write\n"); + srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + k = SSL_write(con, &(buf[l]), (unsigned int) i); + } #endif - switch (SSL_get_error(con,k)) - { + switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_s_out,"Write BLOCK\n"); + BIO_printf(bio_s_out, "Write BLOCK\n"); break; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: - BIO_printf(bio_s_out,"ERROR\n"); + BIO_printf(bio_s_out, "ERROR\n"); ERR_print_errors(bio_err); - ret=1; + ret = 1; goto err; /* break; */ case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_s_out,"DONE\n"); - ret=1; + BIO_printf(bio_s_out, "DONE\n"); + ret = 1; goto err; - } - l+=k; - i-=k; - if (i <= 0) break; } + l += k; + i -= k; + if (i <= 0) + break; } - if (read_from_sslcon) - { - if (!SSL_is_init_finished(con)) - { - i=init_ssl_connection(con); - - if (i < 0) - { - ret=0; + } + if (read_from_sslcon) { + if (!SSL_is_init_finished(con)) { + i = init_ssl_connection(con); + + if (i < 0) { + ret = 0; goto err; - } - else if (i == 0) - { - ret=1; + } else if (i == 0) { + ret = 1; goto err; - } } - else - { -again: - i=SSL_read(con,(char *)buf,bufsize); + } else { + again: + i = SSL_read(con, (char *) buf, bufsize); #ifndef OPENSSL_NO_SRP - while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) - { - BIO_printf(bio_s_out,"LOOKUP renego during read\n"); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); - if (srp_callback_parm.user) - BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); - else - BIO_printf(bio_s_out,"LOOKUP not successful\n"); - i=SSL_read(con,(char *)buf,bufsize); - } + while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + i = SSL_read(con, (char *) buf, bufsize); + } #endif - switch (SSL_get_error(con,i)) - { + switch (SSL_get_error(con, i)) { case SSL_ERROR_NONE: raw_write_stdout(buf, - (unsigned int)i); - if (SSL_pending(con)) goto again; + (unsigned int) i); + if (SSL_pending(con)) + goto again; break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: - BIO_printf(bio_s_out,"Read BLOCK\n"); + BIO_printf(bio_s_out, "Read BLOCK\n"); break; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: - BIO_printf(bio_s_out,"ERROR\n"); + BIO_printf(bio_s_out, "ERROR\n"); ERR_print_errors(bio_err); - ret=1; + ret = 1; goto err; case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_s_out,"DONE\n"); - ret=1; + BIO_printf(bio_s_out, "DONE\n"); + ret = 1; goto err; - } } } } + } err: - if (con != NULL) - { - BIO_printf(bio_s_out,"shutting down SSL\n"); + if (con != NULL) { + BIO_printf(bio_s_out, "shutting down SSL\n"); #if 1 - SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); #else SSL_shutdown(con); #endif SSL_free(con); - } - BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); - if (buf != NULL) - { - OPENSSL_cleanse(buf,bufsize); + } + BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); + if (buf != NULL) { + OPENSSL_cleanse(buf, bufsize); free(buf); - } - if (ret >= 0) - BIO_printf(bio_s_out,"ACCEPT\n"); - return(ret); } + if (ret >= 0) + BIO_printf(bio_s_out, "ACCEPT\n"); + return (ret); +} -static void close_accept_socket(void) - { - BIO_printf(bio_err,"shutdown accept socket\n"); - if (accept_socket >= 0) - { +static void +close_accept_socket(void) +{ + BIO_printf(bio_err, "shutdown accept socket\n"); + if (accept_socket >= 0) { shutdown(accept_socket, SHUT_RDWR); close(accept_socket); - } } +} -static int init_ssl_connection(SSL *con) - { +static int +init_ssl_connection(SSL * con) +{ int i; const char *str; X509 *peer; @@ -2171,260 +2036,242 @@ static int init_ssl_connection(SSL *con) unsigned char *exportedkeymat; - i=SSL_accept(con); + i = SSL_accept(con); #ifndef OPENSSL_NO_SRP - while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) - { - BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); - if (srp_callback_parm.user) - BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); - else - BIO_printf(bio_s_out,"LOOKUP not successful\n"); - i=SSL_accept(con); - } -#endif - if (i <= 0) - { - if (BIO_sock_should_retry(i)) - { - BIO_printf(bio_s_out,"DELAY\n"); - return(1); - } - - BIO_printf(bio_err,"ERROR\n"); - verify_error=SSL_get_verify_result(con); - if (verify_error != X509_V_OK) - { - BIO_printf(bio_err,"verify error:%s\n", - X509_verify_cert_error_string(verify_error)); - } + while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + i = SSL_accept(con); + } +#endif + if (i <= 0) { + if (BIO_sock_should_retry(i)) { + BIO_printf(bio_s_out, "DELAY\n"); + return (1); + } + BIO_printf(bio_err, "ERROR\n"); + verify_error = SSL_get_verify_result(con); + if (verify_error != X509_V_OK) { + BIO_printf(bio_err, "verify error:%s\n", + X509_verify_cert_error_string(verify_error)); + } else ERR_print_errors(bio_err); - return(0); - } - - PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); - - peer=SSL_get_peer_certificate(con); - if (peer != NULL) - { - BIO_printf(bio_s_out,"Client certificate\n"); - PEM_write_bio_X509(bio_s_out,peer); - X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); - BIO_printf(bio_s_out,"subject=%s\n",buf); - X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); - BIO_printf(bio_s_out,"issuer=%s\n",buf); + return (0); + } + PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); + + peer = SSL_get_peer_certificate(con); + if (peer != NULL) { + BIO_printf(bio_s_out, "Client certificate\n"); + PEM_write_bio_X509(bio_s_out, peer); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + BIO_printf(bio_s_out, "subject=%s\n", buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + BIO_printf(bio_s_out, "issuer=%s\n", buf); X509_free(peer); - } - - if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) - BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); - str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); - BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + } + if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) + BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); + str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); + BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); - if (next_proto_neg) - { - BIO_printf(bio_s_out,"NEXTPROTO is "); + if (next_proto_neg) { + BIO_printf(bio_s_out, "NEXTPROTO is "); BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); BIO_printf(bio_s_out, "\n"); - } + } #endif #ifndef OPENSSL_NO_SRTP { - SRTP_PROTECTION_PROFILE *srtp_profile - = SSL_get_selected_srtp_profile(con); + SRTP_PROTECTION_PROFILE *srtp_profile + = SSL_get_selected_srtp_profile(con); - if(srtp_profile) - BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); + if (srtp_profile) + BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", + srtp_profile->name); } #endif - if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); - if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & - TLS1_FLAGS_TLS_PADDING_BUG) + if (SSL_cache_hit(con)) + BIO_printf(bio_s_out, "Reused session-id\n"); + if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out, - "Peer has incorrect TLSv1 block padding\n"); + "Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); - if (client_princ != NULL) - { - BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", - client_princ); - } -#endif /* OPENSSL_NO_KRB5 */ + if (client_princ != NULL) { + BIO_printf(bio_s_out, "Kerberos peer principal is %s\n", + client_princ); + } +#endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); - if (keymatexportlabel != NULL) - { + SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + if (keymatexportlabel != NULL) { BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio_s_out, " Length: %i bytes\n", - keymatexportlen); + keymatexportlen); exportedkeymat = malloc(keymatexportlen); - if (exportedkeymat != NULL) - { + if (exportedkeymat != NULL) { if (!SSL_export_keying_material(con, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0)) - { + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0)) { BIO_printf(bio_s_out, " Error\n"); - } - else - { + } else { BIO_printf(bio_s_out, " Keying material: "); - for (i=0; iinfo); - else - BIO_printf(bio_s_out,"LOOKUP not successful\n"); - i=SSL_accept(con); - } + while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + i = SSL_accept(con); + } #endif - switch (SSL_get_error(con,i)) - { + switch (SSL_get_error(con, i)) { case SSL_ERROR_NONE: break; case SSL_ERROR_WANT_WRITE: @@ -2434,142 +2281,122 @@ static int www_body(char *hostname, int s, unsigned char *context) case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: case SSL_ERROR_ZERO_RETURN: - ret=1; + ret = 1; goto err; /* break; */ - } - - SSL_renegotiate(con); - SSL_write(con,NULL,0); } - i=BIO_gets(io,buf,bufsize-1); - if (i < 0) /* error */ - { - if (!BIO_should_retry(io)) - { + SSL_renegotiate(con); + SSL_write(con, NULL, 0); + } + i = BIO_gets(io, buf, bufsize - 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io)) { if (!s_quiet) ERR_print_errors(bio_err); goto err; - } - else - { - BIO_printf(bio_s_out,"read R BLOCK\n"); + } else { + BIO_printf(bio_s_out, "read R BLOCK\n"); sleep(1); continue; - } } - else if (i == 0) /* end of input */ - { - ret=1; + } else if (i == 0) { /* end of input */ + ret = 1; goto end; - } - + } /* else we have data */ - if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || - ((www == 2) && (strncmp("GET /stats ",buf,11) == 0))) - { + if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || + ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; - STACK_OF(SSL_CIPHER) *sk; - static const char *space=" "; + STACK_OF(SSL_CIPHER) * sk; + static const char *space = " "; - BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); - BIO_puts(io,"\n"); - BIO_puts(io,"
\n");
+			BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+			BIO_puts(io, "\n");
+			BIO_puts(io, "
\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
-			BIO_puts(io,"\n");
-			for (i=0; i\r\n\r\n");
+				BIO_puts(io, "\n");
+			}
+			BIO_printf(io, (SSL_cache_hit(con)
+				? "---\nReused, "
+				: "---\nNew, "));
+			c = SSL_get_current_cipher(con);
+			BIO_printf(io, "%s, Cipher is %s\n",
+			    SSL_CIPHER_get_version(c),
+			    SSL_CIPHER_get_name(c));
+			SSL_SESSION_print(io, SSL_get_session(con));
+			BIO_printf(io, "---\n");
+			print_stats(io, SSL_get_SSL_CTX(con));
+			BIO_printf(io, "---\n");
+			peer = SSL_get_peer_certificate(con);
+			if (peer != NULL) {
+				BIO_printf(io, "Client certificate\n");
+				X509_print(io, peer);
+				PEM_write_bio_X509(io, peer);
+			} else
+				BIO_puts(io, "no client certificate available\n");
+			BIO_puts(io, "\r\n\r\n");
 			break;
-			}
-		else if ((www == 2 || www == 3)
-                         && (strncmp("GET /",buf,5) == 0))
-			{
+		} else if ((www == 2 || www == 3)
+		    && (strncmp("GET /", buf, 5) == 0)) {
 			BIO *file;
-			char *p,*e;
-			static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+			char *p, *e;
+			static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
 
 			/* skip the '/' */
-			p= &(buf[5]);
+			p = &(buf[5]);
 
 			dot = 1;
-			for (e=p; *e != '\0'; e++)
-				{
+			for (e = p; *e != '\0'; e++) {
 				if (e[0] == ' ')
 					break;
 
-				switch (dot)
-					{
+				switch (dot) {
 				case 1:
 					dot = (e[0] == '.') ? 2 : 0;
 					break;
@@ -2579,132 +2406,119 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				case 3:
 					dot = (e[0] == '/') ? -1 : 0;
 					break;
-					}
+				}
 				if (dot == 0)
 					dot = (e[0] == '/') ? 1 : 0;
-				}
-			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
+			}
+			dot = (dot == 3) || (dot == -1);	/* filename contains
+								 * ".." component */
 
-			if (*e == '\0')
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+			if (*e == '\0') {
+				BIO_puts(io, text);
+				BIO_printf(io, "'%s' is an invalid file name\r\n", p);
 				break;
-				}
-			*e='\0';
+			}
+			*e = '\0';
 
-			if (dot)
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+			if (dot) {
+				BIO_puts(io, text);
+				BIO_printf(io, "'%s' contains '..' reference\r\n", p);
 				break;
-				}
-
-			if (*p == '/')
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is an invalid path\r\n",p);
+			}
+			if (*p == '/') {
+				BIO_puts(io, text);
+				BIO_printf(io, "'%s' is an invalid path\r\n", p);
 				break;
-				}
-
+			}
 #if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
-				strcat(p,"index.html");
+				strcat(p, "index.html");
 #endif
 
 			/* if a directory, do the index thang */
-			if (app_isdir(p)>0)
-				{
-#if 0 /* must check buffer size */
-				strcat(p,"/index.html");
+			if (app_isdir(p) > 0) {
+#if 0				/* must check buffer size */
+				strcat(p, "/index.html");
 #else
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is a directory\r\n",p);
+				BIO_puts(io, text);
+				BIO_printf(io, "'%s' is a directory\r\n", p);
 				break;
 #endif
-				}
-
-			if ((file=BIO_new_file(p,"r")) == NULL)
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"Error opening '%s'\r\n",p);
+			}
+			if ((file = BIO_new_file(p, "r")) == NULL) {
+				BIO_puts(io, text);
+				BIO_printf(io, "Error opening '%s'\r\n", p);
 				ERR_print_errors(io);
 				break;
-				}
-
+			}
 			if (!s_quiet)
-				BIO_printf(bio_err,"FILE:%s\n",p);
-
-                        if (www == 2)
-                                {
-                                i=strlen(p);
-                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
-                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
-                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-                                else
-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
-                                }
+				BIO_printf(bio_err, "FILE:%s\n", p);
+
+			if (www == 2) {
+				i = strlen(p);
+				if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+				    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+				    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+				else
+					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+			}
 			/* send the file */
-			for (;;)
-				{
-				i=BIO_read(file,buf,bufsize);
-				if (i <= 0) break;
+			for (;;) {
+				i = BIO_read(file, buf, bufsize);
+				if (i <= 0)
+					break;
 
 #ifdef RENEG
-				total_bytes+=i;
-				fprintf(stderr,"%d\n",i);
-				if (total_bytes > 3*1024)
-					{
-					total_bytes=0;
-					fprintf(stderr,"RENEGOTIATE\n");
+				total_bytes += i;
+				fprintf(stderr, "%d\n", i);
+				if (total_bytes > 3 * 1024) {
+					total_bytes = 0;
+					fprintf(stderr, "RENEGOTIATE\n");
 					SSL_renegotiate(con);
-					}
+				}
 #endif
 
-				for (j=0; j= 0)
-		BIO_printf(bio_s_out,"ACCEPT\n");
+		BIO_printf(bio_s_out, "ACCEPT\n");
 
-	if (buf != NULL) free(buf);
-	if (io != NULL) BIO_free_all(io);
+	if (buf != NULL)
+		free(buf);
+	if (io != NULL)
+		BIO_free_all(io);
 /*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
-	return(ret);
-	}
+	return (ret);
+}
 
 #ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-	{
+static RSA *
+tmp_rsa_cb(SSL * s, int is_export, int keylength)
+{
 	BIGNUM *bn = NULL;
-	static RSA *rsa_tmp=NULL;
+	static RSA *rsa_tmp = NULL;
 
 	if (!rsa_tmp && ((bn = BN_new()) == NULL))
-		BIO_printf(bio_err,"Allocation error in generating RSA key\n");
-	if (!rsa_tmp && bn)
-		{
-		if (!s_quiet)
-			{
-			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
-			(void)BIO_flush(bio_err);
-			}
-		if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
-				!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
-			{
-			if(rsa_tmp) RSA_free(rsa_tmp);
+		BIO_printf(bio_err, "Allocation error in generating RSA key\n");
+	if (!rsa_tmp && bn) {
+		if (!s_quiet) {
+			BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
+			(void) BIO_flush(bio_err);
+		}
+		if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+		    !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
+			if (rsa_tmp)
+				RSA_free(rsa_tmp);
 			rsa_tmp = NULL;
-			}
-		if (!s_quiet)
-			{
-			BIO_printf(bio_err,"\n");
-			(void)BIO_flush(bio_err);
-			}
-		BN_free(bn);
 		}
-	return(rsa_tmp);
+		if (!s_quiet) {
+			BIO_printf(bio_err, "\n");
+			(void) BIO_flush(bio_err);
+		}
+		BN_free(bn);
 	}
+	return (rsa_tmp);
+}
 #endif
 
 #define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len)
-	{
+static int 
+generate_session_id(const SSL * ssl, unsigned char *id,
+    unsigned int *id_len)
+{
 	unsigned int count = 0;
-	do	{
+	do {
 		RAND_pseudo_bytes(id, *id_len);
-		/* Prefix the session_id with the required prefix. NB: If our
-		 * prefix is too long, clip it - but there will be worse effects
-		 * anyway, eg. the server could only possibly create 1 session
-		 * ID (ie. the prefix!) so all future session negotiations will
-		 * fail due to conflicts. */
+		/*
+		 * Prefix the session_id with the required prefix. NB: If our
+		 * prefix is too long, clip it - but there will be worse
+		 * effects anyway, eg. the server could only possibly create
+		 * 1 session ID (ie. the prefix!) so all future session
+		 * negotiations will fail due to conflicts.
+		 */
 		memcpy(id, session_id_prefix,
-			(strlen(session_id_prefix) < *id_len) ?
-			strlen(session_id_prefix) : *id_len);
-		}
-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-		(++count < MAX_SESSION_ID_ATTEMPTS));
-	if(count >= MAX_SESSION_ID_ATTEMPTS)
+		    (strlen(session_id_prefix) < *id_len) ?
+		    strlen(session_id_prefix) : *id_len);
+	}
+	while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+	    (++count < MAX_SESSION_ID_ATTEMPTS));
+	if (count >= MAX_SESSION_ID_ATTEMPTS)
 		return 0;
 	return 1;
-	}
+}
diff --git a/lib/libssl/src/apps/s_socket.c b/lib/libssl/src/apps/s_socket.c
index 6e7d31554a5..f3c66f623a2 100644
--- a/lib/libssl/src/apps/s_socket.c
+++ b/lib/libssl/src/apps/s_socket.c
@@ -126,7 +126,6 @@ init_client(int *sock, char *host, char *port, int type, int af)
 		}
 		return (0);
 	}
-
 	for (ai = ai_top; ai != NULL; ai = ai->ai_next) {
 		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
 		if (s == -1) {
@@ -135,7 +134,7 @@ init_client(int *sock, char *host, char *port, int type, int af)
 		if (type == SOCK_STREAM) {
 			i = 0;
 			i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
-			    (char *)&i, sizeof(i));
+			    (char *) &i, sizeof(i));
 			if (i < 0) {
 				perror("keepalive");
 				return (0);
@@ -146,7 +145,6 @@ init_client(int *sock, char *host, char *port, int type, int af)
 			freeaddrinfo(ai_top);
 			return (1);
 		}
-
 		close(s);
 	}
 
@@ -158,7 +156,7 @@ init_client(int *sock, char *host, char *port, int type, int af)
 
 int
 do_server(int port, int type, int *ret,
-    int (*cb)(char *hostname, int s, unsigned char *context),
+    int (*cb) (char *hostname, int s, unsigned char *context),
     unsigned char *context)
 {
 	int sock;
@@ -171,7 +169,7 @@ do_server(int port, int type, int *ret,
 
 	if (ret != NULL) {
 		*ret = accept_socket;
-		/* return(1);*/
+		/* return(1); */
 	}
 	for (;;) {
 		if (type == SOCK_STREAM) {
@@ -182,7 +180,7 @@ do_server(int port, int type, int *ret,
 			}
 		} else
 			sock = accept_socket;
-		i = (*cb)(name, sock, context);
+		i = (*cb) (name, sock, context);
 		if (name != NULL)
 			free(name);
 		if (type == SOCK_STREAM) {
@@ -207,22 +205,22 @@ init_server_long(int *sock, int port, char *ip, int type)
 	if (!ssl_sock_init())
 		return (0);
 
-	memset((char *)&server, 0,sizeof(server));
+	memset((char *) &server, 0, sizeof(server));
 	server.sin_family = AF_INET;
-	server.sin_port = htons((unsigned short)port);
+	server.sin_port = htons((unsigned short) port);
 	if (ip == NULL)
 		server.sin_addr.s_addr = INADDR_ANY;
 	else
 /* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
 #ifndef BIT_FIELD_LIMITS
-	memcpy(&server.sin_addr.s_addr, ip, 4);
+		memcpy(&server.sin_addr.s_addr, ip, 4);
 #else
-	memcpy(&server.sin_addr, ip, 4);
+		memcpy(&server.sin_addr, ip, 4);
 #endif
 
 	if (type == SOCK_STREAM)
 		s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-	else /* type == SOCK_DGRAM */
+	else			/* type == SOCK_DGRAM */
 		s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 
 	if (s == -1)
@@ -234,7 +232,7 @@ init_server_long(int *sock, int port, char *ip, int type)
 		    (void *) &j, sizeof j);
 	}
 #endif
-	if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+	if (bind(s, (struct sockaddr *) & server, sizeof(server)) == -1) {
 		perror("bind");
 		goto err;
 	}
@@ -271,24 +269,24 @@ do_accept(int acc_sock, int *sock, char **host)
 
 redoit:
 
-	memset((char *)&from, 0, sizeof(from));
+	memset((char *) &from, 0, sizeof(from));
 	len = sizeof(from);
-	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
-	 * of type (int *) whereas under other systems it is (void *) if
-	 * you don't have a cast it will choke the compiler: if you do
-	 * have a cast then you can either go for (int *) or (void *).
+	/*
+	 * Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if you
+	 * don't have a cast it will choke the compiler: if you do have a
+	 * cast then you can either go for (int *) or (void *).
 	 */
-	ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+	ret = accept(acc_sock, (struct sockaddr *) & from, (void *) &len);
 	if (ret == -1) {
 		if (errno == EINTR) {
-			/*check_timeout(); */
+			/* check_timeout(); */
 			goto redoit;
 		}
-		fprintf(stderr,"errno=%d ",errno);
+		fprintf(stderr, "errno=%d ", errno);
 		perror("accept");
 		return (0);
 	}
-
 /*
 	ling.l_onoff=1;
 	ling.l_linger=0;
@@ -303,10 +301,10 @@ redoit:
 		goto end;
 #ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
-	h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+	h1 = gethostbyaddr((char *) &from.sin_addr.s_addr,
 	    sizeof(from.sin_addr.s_addr), AF_INET);
 #else
-	h1 = gethostbyaddr((char *)&from.sin_addr,
+	h1 = gethostbyaddr((char *) &from.sin_addr,
 	    sizeof(struct in_addr), AF_INET);
 #endif
 	if (h1 == NULL) {
@@ -314,7 +312,7 @@ redoit:
 		*host = NULL;
 		/* return(0); */
 	} else {
-		if ((*host = (char *)malloc(strlen(h1->h_name) + 1)) == NULL) {
+		if ((*host = (char *) malloc(strlen(h1->h_name) + 1)) == NULL) {
 			perror("malloc");
 			return (0);
 		}
@@ -343,7 +341,7 @@ extract_host_port(char *str, char **host_ptr, unsigned char *ip,
 	char *h, *p;
 
 	h = str;
-	p = strrchr(str, '/'); /* IPv6 host/port */
+	p = strrchr(str, '/');	/* IPv6 host/port */
 	if (p == NULL) {
 		p = strrchr(str, ':');
 	}
@@ -370,14 +368,14 @@ extract_port(char *str, short *port_ptr)
 
 	i = atoi(str);
 	if (i != 0)
-		*port_ptr = (unsigned short)i;
+		*port_ptr = (unsigned short) i;
 	else {
 		s = getservbyname(str, "tcp");
 		if (s == NULL) {
 			BIO_printf(bio_err, "getservbyname failure for %s\n", str);
 			return (0);
 		}
-		*port_ptr = ntohs((unsigned short)s->s_port);
+		*port_ptr = ntohs((unsigned short) s->s_port);
 	}
 	return (1);
 }
@@ -393,10 +391,11 @@ static unsigned long ghbn_hits = 0L;
 static unsigned long ghbn_miss = 0L;
 
 static struct hostent *
-GetHostByName(char *name) {
+GetHostByName(char *name)
+{
 	struct hostent *ret;
 	int i, lowi = 0;
-	unsigned long low = (unsigned long) - 1;
+	unsigned long low = (unsigned long) -1;
 
 	for (i = 0; i < GHBN_NUM; i++) {
 		if (low > ghbn_cache[i].order) {
@@ -408,8 +407,7 @@ GetHostByName(char *name) {
 				break;
 		}
 	}
-	if (i == GHBN_NUM) /* no hit*/
-	{
+	if (i == GHBN_NUM) {	/* no hit */
 		ghbn_miss++;
 		ret = gethostbyname(name);
 		if (ret == NULL)
@@ -417,7 +415,7 @@ GetHostByName(char *name) {
 		/* else add to cache */
 		if (strlen(name) < sizeof ghbn_cache[0].name) {
 			strlcpy(ghbn_cache[lowi].name, name, sizeof(ghbn_cache[0].name));
-			memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent));
+			memcpy((char *) &(ghbn_cache[lowi].ent), ret, sizeof(struct hostent));
 			ghbn_cache[lowi].order = ghbn_miss + ghbn_hits;
 		}
 		return (ret);
diff --git a/lib/libssl/src/apps/s_time.c b/lib/libssl/src/apps/s_time.c
index ee5f7c633ef..bb680c6c9a2 100644
--- a/lib/libssl/src/apps/s_time.c
+++ b/lib/libssl/src/apps/s_time.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -88,7 +88,7 @@
 
 #define SSL_CONNECT_NAME	"localhost:4433"
 
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
+ /*#define TEST_CERT "client.pem" *//* no default cert. */
 
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
@@ -106,8 +106,8 @@ extern int verify_depth;
 extern int verify_error;
 
 static void s_time_usage(void);
-static int parseArgs( int argc, char **argv );
-static SSL *doConnection( SSL *scon );
+static int parseArgs(int argc, char **argv);
+static SSL *doConnection(SSL * scon);
 static void s_time_init(void);
 
 /***********************************************************************
@@ -115,50 +115,52 @@ static void s_time_init(void);
  */
 
 /* static char *port=PORT_STR;*/
-static char *host=SSL_CONNECT_NAME;
-static char *t_cert_file=NULL;
-static char *t_key_file=NULL;
-static char *CApath=NULL;
-static char *CAfile=NULL;
-static char *tm_cipher=NULL;
+static char *host = SSL_CONNECT_NAME;
+static char *t_cert_file = NULL;
+static char *t_key_file = NULL;
+static char *CApath = NULL;
+static char *CAfile = NULL;
+static char *tm_cipher = NULL;
 static int tm_verify = SSL_VERIFY_NONE;
 static int maxTime = SECONDS;
-static SSL_CTX *tm_ctx=NULL;
-static const SSL_METHOD *s_time_meth=NULL;
-static char *s_www_path=NULL;
-static long bytes_read=0; 
-static int st_bugs=0;
-static int perform=0;
+static SSL_CTX *tm_ctx = NULL;
+static const SSL_METHOD *s_time_meth = NULL;
+static char *s_www_path = NULL;
+static long bytes_read = 0;
+static int st_bugs = 0;
+static int perform = 0;
 #ifdef FIONBIO
-static int t_nbio=0;
+static int t_nbio = 0;
 #endif
 
-static void s_time_init(void)
-	{
-	host=SSL_CONNECT_NAME;
-	t_cert_file=NULL;
-	t_key_file=NULL;
-	CApath=NULL;
-	CAfile=NULL;
-	tm_cipher=NULL;
+static void 
+s_time_init(void)
+{
+	host = SSL_CONNECT_NAME;
+	t_cert_file = NULL;
+	t_key_file = NULL;
+	CApath = NULL;
+	CAfile = NULL;
+	tm_cipher = NULL;
 	tm_verify = SSL_VERIFY_NONE;
 	maxTime = SECONDS;
-	tm_ctx=NULL;
-	s_time_meth=NULL;
-	s_www_path=NULL;
-	bytes_read=0; 
-	st_bugs=0;
-	perform=0;
+	tm_ctx = NULL;
+	s_time_meth = NULL;
+	s_www_path = NULL;
+	bytes_read = 0;
+	st_bugs = 0;
+	perform = 0;
 
 #ifdef FIONBIO
-	t_nbio=0;
+	t_nbio = 0;
 #endif
-	}
+}
 
 /***********************************************************************
  * usage - display usage message
  */
-static void s_time_usage(void)
+static void 
+s_time_usage(void)
 {
 	static const char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
@@ -170,9 +172,9 @@ static void s_time_usage(void)
 -CAfile arg   - PEM format file of CA's\n\
 -cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
 
-	printf( "usage: s_time \n\n" );
+	printf("usage: s_time \n\n");
 
-	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+	printf("-connect host:port - host:port to connect to (default is %s)\n", SSL_CONNECT_NAME);
 #ifdef FIONBIO
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
@@ -182,7 +184,7 @@ static void s_time_usage(void)
 	printf("-reuse        - Just time connection reuse\n");
 	printf("-www page     - Retrieve 'page' from the site\n");
 #endif
-	printf( umsg,SECONDS );
+	printf(umsg, SECONDS);
 }
 
 /***********************************************************************
@@ -190,113 +192,117 @@ static void s_time_usage(void)
  *
  * Returns 0 if ok, -1 on bad args
  */
-static int parseArgs(int argc, char **argv)
+static int 
+parseArgs(int argc, char **argv)
 {
-    int badop = 0;
+	int badop = 0;
 
-    verify_depth=0;
-    verify_error=X509_V_OK;
+	verify_depth = 0;
+	verify_error = X509_V_OK;
 
-    argc--;
-    argv++;
+	argc--;
+	argv++;
 
-    while (argc >= 1) {
-	if (strcmp(*argv,"-connect") == 0)
-		{
-		if (--argc < 1) goto bad;
-		host= *(++argv);
+	while (argc >= 1) {
+		if (strcmp(*argv, "-connect") == 0) {
+			if (--argc < 1)
+				goto bad;
+			host = *(++argv);
 		}
 #if 0
-	else if( strcmp(*argv,"-host") == 0)
-		{
-		if (--argc < 1) goto bad;
-		host= *(++argv);
-		}
-	else if( strcmp(*argv,"-port") == 0)
-		{
-		if (--argc < 1) goto bad;
-		port= *(++argv);
+		else if (strcmp(*argv, "-host") == 0) {
+			if (--argc < 1)
+				goto bad;
+			host = *(++argv);
+		} else if (strcmp(*argv, "-port") == 0) {
+			if (--argc < 1)
+				goto bad;
+			port = *(++argv);
 		}
 #endif
-	else if (strcmp(*argv,"-reuse") == 0)
-		perform=2;
-	else if (strcmp(*argv,"-new") == 0)
-		perform=1;
-	else if( strcmp(*argv,"-verify") == 0) {
+		else if (strcmp(*argv, "-reuse") == 0)
+			perform = 2;
+		else if (strcmp(*argv, "-new") == 0)
+			perform = 1;
+		else if (strcmp(*argv, "-verify") == 0) {
 
-	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-	    if (--argc < 1) goto bad;
-	    verify_depth=atoi(*(++argv));
-	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+			tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+			if (--argc < 1)
+				goto bad;
+			verify_depth = atoi(*(++argv));
+			BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
 
-	} else if( strcmp(*argv,"-cert") == 0) {
+		} else if (strcmp(*argv, "-cert") == 0) {
 
-	    if (--argc < 1) goto bad;
-	    t_cert_file= *(++argv);
+			if (--argc < 1)
+				goto bad;
+			t_cert_file = *(++argv);
 
-	} else if( strcmp(*argv,"-key") == 0) {
+		} else if (strcmp(*argv, "-key") == 0) {
 
-	    if (--argc < 1) goto bad;
-	    t_key_file= *(++argv);
+			if (--argc < 1)
+				goto bad;
+			t_key_file = *(++argv);
 
-	} else if( strcmp(*argv,"-CApath") == 0) {
+		} else if (strcmp(*argv, "-CApath") == 0) {
 
-	    if (--argc < 1) goto bad;
-	    CApath= *(++argv);
+			if (--argc < 1)
+				goto bad;
+			CApath = *(++argv);
 
-	} else if( strcmp(*argv,"-CAfile") == 0) {
+		} else if (strcmp(*argv, "-CAfile") == 0) {
 
-	    if (--argc < 1) goto bad;
-	    CAfile= *(++argv);
+			if (--argc < 1)
+				goto bad;
+			CAfile = *(++argv);
 
-	} else if( strcmp(*argv,"-cipher") == 0) {
+		} else if (strcmp(*argv, "-cipher") == 0) {
 
-	    if (--argc < 1) goto bad;
-	    tm_cipher= *(++argv);
-	}
+			if (--argc < 1)
+				goto bad;
+			tm_cipher = *(++argv);
+		}
 #ifdef FIONBIO
-	else if(strcmp(*argv,"-nbio") == 0) {
-	    t_nbio=1;
-	}
+		else if (strcmp(*argv, "-nbio") == 0) {
+			t_nbio = 1;
+		}
 #endif
-	else if(strcmp(*argv,"-www") == 0)
-		{
-		if (--argc < 1) goto bad;
-		s_www_path= *(++argv);
-		if(strlen(s_www_path) > MYBUFSIZ-100)
-			{
-			BIO_printf(bio_err,"-www option too long\n");
-			badop=1;
+		else if (strcmp(*argv, "-www") == 0) {
+			if (--argc < 1)
+				goto bad;
+			s_www_path = *(++argv);
+			if (strlen(s_www_path) > MYBUFSIZ - 100) {
+				BIO_printf(bio_err, "-www option too long\n");
+				badop = 1;
 			}
+		} else if (strcmp(*argv, "-bugs") == 0)
+			st_bugs = 1;
+		else if (strcmp(*argv, "-ssl3") == 0)
+			s_time_meth = SSLv3_client_method();
+		else if (strcmp(*argv, "-time") == 0) {
+
+			if (--argc < 1)
+				goto bad;
+			maxTime = atoi(*(++argv));
+		} else {
+			BIO_printf(bio_err, "unknown option %s\n", *argv);
+			badop = 1;
+			break;
 		}
-	else if(strcmp(*argv,"-bugs") == 0)
-	    st_bugs=1;
-	else if(strcmp(*argv,"-ssl3") == 0)
-	    s_time_meth=SSLv3_client_method();
-	else if( strcmp(*argv,"-time") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    maxTime= atoi(*(++argv));
-	}
-	else {
-	    BIO_printf(bio_err,"unknown option %s\n",*argv);
-	    badop=1;
-	    break;
-	}
 
-	argc--;
-	argv++;
-    }
+		argc--;
+		argv++;
+	}
 
-    if (perform == 0) perform=3;
+	if (perform == 0)
+		perform = 3;
 
-    if(badop) {
+	if (badop) {
 bad:
 		s_time_usage();
 		return -1;
-    }
-
-	return 0;			/* Valid args */
+	}
+	return 0;		/* Valid args */
 }
 
 /***********************************************************************
@@ -305,10 +311,11 @@ bad:
 #define START	0
 #define STOP	1
 
-static double tm_Time_F(int s)
-	{
-	return app_tminterval(s,1);
-	}
+static double 
+tm_Time_F(int s)
+{
+	return app_tminterval(s, 1);
+}
 
 /***********************************************************************
  * MAIN - main processing area for client
@@ -316,88 +323,90 @@ static double tm_Time_F(int s)
  */
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
+int 
+MAIN(int argc, char **argv)
+{
 	double totalTime = 0.0;
 	int nConn = 0;
-	SSL *scon=NULL;
-	long finishtime=0;
-	int ret=1,i;
-	char buf[1024*8];
+	SSL *scon = NULL;
+	long finishtime = 0;
+	int ret = 1, i;
+	char buf[1024 * 8];
 	int ver;
 
 	apps_startup();
 	s_time_init();
 
 	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+		bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
-	s_time_meth=SSLv23_client_method();
+	s_time_meth = SSLv23_client_method();
 
 	/* parse the command line arguments */
-	if( parseArgs( argc, argv ) < 0 )
+	if (parseArgs(argc, argv) < 0)
 		goto end;
 
 	OpenSSL_add_ssl_algorithms();
-	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+	if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
+		return (1);
 
-	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
+	SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
 
-	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
-	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
-	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
+	if (st_bugs)
+		SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
+	SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+	if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
 		goto end;
 
 	SSL_load_error_strings();
 
-	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
-		{
-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
+	if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+	    (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+		/*
+		 * BIO_printf(bio_err,"error setting default verify
+		 * locations\n");
+		 */
 		ERR_print_errors(bio_err);
 		/* goto end; */
-		}
-
+	}
 	if (tm_cipher == NULL)
 		tm_cipher = getenv("SSL_CIPHER");
 
-	if (tm_cipher == NULL ) {
-		fprintf( stderr, "No CIPHER specified\n" );
+	if (tm_cipher == NULL) {
+		fprintf(stderr, "No CIPHER specified\n");
 	}
-
-	if (!(perform & 1)) goto next;
-	printf( "Collecting connection statistics for %d seconds\n", maxTime );
+	if (!(perform & 1))
+		goto next;
+	printf("Collecting connection statistics for %d seconds\n", maxTime);
 
 	/* Loop and time how long it takes to make connections */
 
-	bytes_read=0;
-	finishtime=(long)time(NULL)+maxTime;
+	bytes_read = 0;
+	finishtime = (long) time(NULL) + maxTime;
 	tm_Time_F(START);
-	for (;;)
-		{
-		if (finishtime < (long)time(NULL)) break;
+	for (;;) {
+		if (finishtime < (long) time(NULL))
+			break;
 #ifdef WIN32_STUFF
 
-		if( flushWinMsgs(0) == -1 )
+		if (flushWinMsgs(0) == -1)
 			goto end;
 
-		if( waitingToDie || exitNow )		/* we're dead */
+		if (waitingToDie || exitNow)	/* we're dead */
 			goto end;
 #endif
 
-		if( (scon = doConnection( NULL )) == NULL )
+		if ((scon = doConnection(NULL)) == NULL)
 			goto end;
 
-		if (s_www_path != NULL)
-			{
-			(void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-			SSL_write(scon,buf,strlen(buf));
-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
-				bytes_read+=i;
-			}
-
+		if (s_www_path != NULL) {
+			(void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+			SSL_write(scon, buf, strlen(buf));
+			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+				bytes_read += i;
+		}
 #ifdef NO_SHUTDOWN
-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+		SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
 #else
 		SSL_shutdown(scon);
 #endif
@@ -406,53 +415,52 @@ int MAIN(int argc, char **argv)
 
 		nConn += 1;
 		if (SSL_session_reused(scon))
-			ver='r';
-		else
-			{
-			ver=SSL_version(scon);
+			ver = 'r';
+		else {
+			ver = SSL_version(scon);
 			if (ver == TLS1_VERSION)
-				ver='t';
+				ver = 't';
 			else if (ver == SSL3_VERSION)
-				ver='3';
+				ver = '3';
 			else if (ver == SSL2_VERSION)
-				ver='2';
+				ver = '2';
 			else
-				ver='*';
-			}
-		fputc(ver,stdout);
+				ver = '*';
+		}
+		fputc(ver, stdout);
 		fflush(stdout);
 
-		SSL_free( scon );
-		scon=NULL;
-		}
-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+		SSL_free(scon);
+		scon = NULL;
+	}
+	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */
 
-	i=(int)((long)time(NULL)-finishtime+maxTime);
-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	i = (int) ((long) time(NULL) - finishtime + maxTime);
+	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
+	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
 
-	/* Now loop and time connections using the same session id over and over */
+	/*
+	 * Now loop and time connections using the same session id over and
+	 * over
+	 */
 
 next:
-	if (!(perform & 2)) goto end;
-	printf( "\n\nNow timing with session id reuse.\n" );
+	if (!(perform & 2))
+		goto end;
+	printf("\n\nNow timing with session id reuse.\n");
 
 	/* Get an SSL object so we can reuse the session id */
-	if( (scon = doConnection( NULL )) == NULL )
-		{
-		fprintf( stderr, "Unable to get connection\n" );
+	if ((scon = doConnection(NULL)) == NULL) {
+		fprintf(stderr, "Unable to get connection\n");
 		goto end;
-		}
-
-	if (s_www_path != NULL)
-		{
-		(void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-		SSL_write(scon,buf,strlen(buf));
-		while (SSL_read(scon,buf,sizeof(buf)) > 0)
-			;
-		}
+	}
+	if (s_www_path != NULL) {
+		(void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+		SSL_write(scon, buf, strlen(buf));
+		while (SSL_read(scon, buf, sizeof(buf)) > 0);
+	}
 #ifdef NO_SHUTDOWN
-	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+	SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
 #else
 	SSL_shutdown(scon);
 #endif
@@ -462,79 +470,76 @@ next:
 	nConn = 0;
 	totalTime = 0.0;
 
-	finishtime=(long)time(NULL)+maxTime;
+	finishtime = (long) time(NULL) + maxTime;
 
-	printf( "starting\n" );
-	bytes_read=0;
+	printf("starting\n");
+	bytes_read = 0;
 	tm_Time_F(START);
-		
-	for (;;)
-		{
-		if (finishtime < (long)time(NULL)) break;
+
+	for (;;) {
+		if (finishtime < (long) time(NULL))
+			break;
 
 #ifdef WIN32_STUFF
-		if( flushWinMsgs(0) == -1 )
+		if (flushWinMsgs(0) == -1)
 			goto end;
 
-		if( waitingToDie || exitNow )	/* we're dead */
+		if (waitingToDie || exitNow)	/* we're dead */
 			goto end;
 #endif
 
-	 	if( (doConnection( scon )) == NULL )
+		if ((doConnection(scon)) == NULL)
 			goto end;
 
-		if (s_www_path)
-			{
-			(void) snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-			SSL_write(scon,buf,strlen(buf));
-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
-				bytes_read+=i;
-			}
-
+		if (s_www_path) {
+			(void) snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+			SSL_write(scon, buf, strlen(buf));
+			while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+				bytes_read += i;
+		}
 #ifdef NO_SHUTDOWN
-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+		SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
 #else
 		SSL_shutdown(scon);
 #endif
 		shutdown(SSL_get_fd(scon), SHUT_RDWR);
 		close(SSL_get_fd(scon));
-	
+
 		nConn += 1;
 		if (SSL_session_reused(scon))
-			ver='r';
-		else
-			{
-			ver=SSL_version(scon);
+			ver = 'r';
+		else {
+			ver = SSL_version(scon);
 			if (ver == TLS1_VERSION)
-				ver='t';
+				ver = 't';
 			else if (ver == SSL3_VERSION)
-				ver='3';
+				ver = '3';
 			else if (ver == SSL2_VERSION)
-				ver='2';
+				ver = '2';
 			else
-				ver='*';
-			}
-		fputc(ver,stdout);
-		fflush(stdout);
+				ver = '*';
 		}
-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+		fputc(ver, stdout);
+		fflush(stdout);
+	}
+	totalTime += tm_Time_F(STOP);	/* Add the time for this iteration */
 
 
-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read);
+	printf("%d connections in %ld real seconds, %ld bytes read per connection\n", nConn, (long) time(NULL) - finishtime + maxTime, bytes_read / nConn);
 
-	ret=0;
+	ret = 0;
 end:
-	if (scon != NULL) SSL_free(scon);
+	if (scon != NULL)
+		SSL_free(scon);
 
-	if (tm_ctx != NULL)
-		{
+	if (tm_ctx != NULL) {
 		SSL_CTX_free(tm_ctx);
-		tm_ctx=NULL;
-		}
-	apps_shutdown();
-	return(ret);
+		tm_ctx = NULL;
 	}
+	apps_shutdown();
+	return (ret);
+}
 
 /***********************************************************************
  * doConnection - make a connection
@@ -543,70 +548,66 @@ end:
  * Returns:
  *		SSL *	= the connection pointer.
  */
-static SSL *doConnection(SSL *scon)
-	{
+static SSL *
+doConnection(SSL * scon)
+{
 	BIO *conn;
 	SSL *serverCon;
 	int width, i;
 	fd_set readfds;
 
-	if ((conn=BIO_new(BIO_s_connect())) == NULL)
-		return(NULL);
+	if ((conn = BIO_new(BIO_s_connect())) == NULL)
+		return (NULL);
 
 /*	BIO_set_conn_port(conn,port);*/
-	BIO_set_conn_hostname(conn,host);
+	BIO_set_conn_hostname(conn, host);
 
 	if (scon == NULL)
-		serverCon=SSL_new(tm_ctx);
-	else
-		{
-		serverCon=scon;
+		serverCon = SSL_new(tm_ctx);
+	else {
+		serverCon = scon;
 		SSL_set_connect_state(serverCon);
-		}
+	}
 
-	SSL_set_bio(serverCon,conn,conn);
+	SSL_set_bio(serverCon, conn, conn);
 
 #if 0
-	if( scon != NULL )
-		SSL_set_session(serverCon,SSL_get_session(scon));
+	if (scon != NULL)
+		SSL_set_session(serverCon, SSL_get_session(scon));
 #endif
 
 	/* ok, lets connect */
-	for(;;) {
-		i=SSL_connect(serverCon);
-		if (BIO_sock_should_retry(i))
-			{
-			BIO_printf(bio_err,"DELAY\n");
-
-			i=SSL_get_fd(serverCon);
-			width=i+1;
+	for (;;) {
+		i = SSL_connect(serverCon);
+		if (BIO_sock_should_retry(i)) {
+			BIO_printf(bio_err, "DELAY\n");
+
+			i = SSL_get_fd(serverCon);
+			width = i + 1;
 			FD_ZERO(&readfds);
-			openssl_fdset(i,&readfds);
-			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			openssl_fdset(i, &readfds);
+			/*
+			 * Note: under VMS with SOCKETSHR the 2nd parameter
 			 * is currently of type (int *) whereas under other
 			 * systems it is (void *) if you don't have a cast it
-			 * will choke the compiler: if you do have a cast then
-			 * you can either go for (int *) or (void *).
+			 * will choke the compiler: if you do have a cast
+			 * then you can either go for (int *) or (void *).
 			 */
-			select(width,(void *)&readfds,NULL,NULL,NULL);
+			select(width, (void *) &readfds, NULL, NULL, NULL);
 			continue;
-			}
-		break;
 		}
-	if(i <= 0)
-		{
-		BIO_printf(bio_err,"ERROR\n");
+		break;
+	}
+	if (i <= 0) {
+		BIO_printf(bio_err, "ERROR\n");
 		if (verify_error != X509_V_OK)
-			BIO_printf(bio_err,"verify error:%s\n",
-				X509_verify_cert_error_string(verify_error));
+			BIO_printf(bio_err, "verify error:%s\n",
+			    X509_verify_cert_error_string(verify_error));
 		else
 			ERR_print_errors(bio_err);
 		if (scon == NULL)
 			SSL_free(serverCon);
 		return NULL;
-		}
-
-	return serverCon;
 	}
-
-
+	return serverCon;
+}
diff --git a/lib/libssl/src/apps/sess_id.c b/lib/libssl/src/apps/sess_id.c
index 5ad1bddedb4..b9750ab3561 100644
--- a/lib/libssl/src/apps/sess_id.c
+++ b/lib/libssl/src/apps/sess_id.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,248 +69,222 @@
 #undef PROG
 #define PROG	sess_id_main
 
-static const char *sess_id_usage[]={
-"usage: sess_id args\n",
-"\n",
-" -inform arg     - input format - default PEM (DER or PEM)\n",
-" -outform arg    - output format - default PEM\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -text           - print ssl session id details\n",
-" -cert           - output certificate \n",
-" -noout          - no CRL output\n",
-" -context arg    - set the session ID context\n",
-NULL
+static const char *sess_id_usage[] = {
+	"usage: sess_id args\n",
+	"\n",
+	" -inform arg     - input format - default PEM (DER or PEM)\n",
+	" -outform arg    - output format - default PEM\n",
+	" -in arg         - input file - default stdin\n",
+	" -out arg        - output file - default stdout\n",
+	" -text           - print ssl session id details\n",
+	" -cert           - output certificate \n",
+	" -noout          - no CRL output\n",
+	" -context arg    - set the session ID context\n",
+	NULL
 };
 
 static SSL_SESSION *load_sess_id(char *file, int format);
 
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
-	SSL_SESSION *x=NULL;
+int 
+MAIN(int argc, char **argv)
+{
+	SSL_SESSION *x = NULL;
 	X509 *peer = NULL;
-	int ret=1,i,num,badops=0;
-	BIO *out=NULL;
-	int informat,outformat;
-	char *infile=NULL,*outfile=NULL,*context=NULL;
-	int cert=0,noout=0,text=0;
+	int ret = 1, i, num, badops = 0;
+	BIO *out = NULL;
+	int informat, outformat;
+	char *infile = NULL, *outfile = NULL, *context = NULL;
+	int cert = 0, noout = 0, text = 0;
 	const char **pp;
 
 	apps_startup();
 
 	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
+	informat = FORMAT_PEM;
+	outformat = FORMAT_PEM;
 
 	argc--;
 	argv++;
-	num=0;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-text") == 0)
-			text= ++num;
-		else if (strcmp(*argv,"-cert") == 0)
-			cert= ++num;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout= ++num;
-		else if (strcmp(*argv,"-context") == 0)
-		    {
-		    if(--argc < 1) goto bad;
-		    context=*++argv;
-		    }
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
+	num = 0;
+	while (argc >= 1) {
+		if (strcmp(*argv, "-inform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			informat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-outform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			outformat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-in") == 0) {
+			if (--argc < 1)
+				goto bad;
+			infile = *(++argv);
+		} else if (strcmp(*argv, "-out") == 0) {
+			if (--argc < 1)
+				goto bad;
+			outfile = *(++argv);
+		} else if (strcmp(*argv, "-text") == 0)
+			text = ++num;
+		else if (strcmp(*argv, "-cert") == 0)
+			cert = ++num;
+		else if (strcmp(*argv, "-noout") == 0)
+			noout = ++num;
+		else if (strcmp(*argv, "-context") == 0) {
+			if (--argc < 1)
+				goto bad;
+			context = *++argv;
+		} else {
+			BIO_printf(bio_err, "unknown option %s\n", *argv);
+			badops = 1;
 			break;
-			}
+		}
 		argc--;
 		argv++;
-		}
+	}
 
-	if (badops)
-		{
+	if (badops) {
 bad:
-		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+		for (pp = sess_id_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err, "%s", *pp);
 		goto end;
-		}
-
+	}
 	ERR_load_crypto_strings();
-	x=load_sess_id(infile,informat);
-	if (x == NULL) { goto end; }
+	x = load_sess_id(infile, informat);
+	if (x == NULL) {
+		goto end;
+	}
 	peer = SSL_SESSION_get0_peer(x);
 
-	if(context)
-	    {
-	    size_t ctx_len = strlen(context);
-	    if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
-		{
-		BIO_printf(bio_err,"Context too long\n");
-		goto end;
+	if (context) {
+		size_t ctx_len = strlen(context);
+		if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+			BIO_printf(bio_err, "Context too long\n");
+			goto end;
 		}
-	    SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
-	    }
-
+		SSL_SESSION_set1_id_context(x, (unsigned char *) context, ctx_len);
+	}
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
-	SSL_SESSION *s;
-	char buf[1024*10],*p;
-	int i;
+		SSL_SESSION *s;
+		char buf[1024 * 10], *p;
+		int i;
 
-	s=SSL_SESSION_new();
+		s = SSL_SESSION_new();
 
-	p= &buf;
-	i=i2d_SSL_SESSION(x,&p);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	SSL_SESSION_free(s);
+		p = &buf;
+		i = i2d_SSL_SESSION(x, &p);
+		p = &buf;
+		d2i_SSL_SESSION(&s, &p, (long) i);
+		p = &buf;
+		d2i_SSL_SESSION(&s, &p, (long) i);
+		p = &buf;
+		d2i_SSL_SESSION(&s, &p, (long) i);
+		SSL_SESSION_free(s);
 	}
 #endif
 
-	if (!noout || text)
-		{
-		out=BIO_new(BIO_s_file());
-		if (out == NULL)
-			{
+	if (!noout || text) {
+		out = BIO_new(BIO_s_file());
+		if (out == NULL) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-
-		if (outfile == NULL)
-			{
-			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-			}
-		else
-			{
-			if (BIO_write_filename(out,outfile) <= 0)
-				{
+		}
+		if (outfile == NULL) {
+			BIO_set_fp(out, stdout, BIO_NOCLOSE);
+		} else {
+			if (BIO_write_filename(out, outfile) <= 0) {
 				perror(outfile);
 				goto end;
-				}
 			}
 		}
+	}
+	if (text) {
+		SSL_SESSION_print(out, x);
 
-	if (text)
-		{
-		SSL_SESSION_print(out,x);
-
-		if (cert)
-			{
+		if (cert) {
 			if (peer == NULL)
-				BIO_puts(out,"No certificate present\n");
+				BIO_puts(out, "No certificate present\n");
 			else
-				X509_print(out,peer);
-			}
+				X509_print(out, peer);
 		}
-
-	if (!noout && !cert)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_SSL_SESSION_bio(out,x);
+	}
+	if (!noout && !cert) {
+		if (outformat == FORMAT_ASN1)
+			i = i2d_SSL_SESSION_bio(out, x);
 		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_SSL_SESSION(out,x);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			i = PEM_write_bio_SSL_SESSION(out, x);
+		else {
+			BIO_printf(bio_err, "bad output format specified for outfile\n");
 			goto end;
-			}
+		}
 		if (!i) {
-			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+			BIO_printf(bio_err, "unable to write SSL_SESSION\n");
 			goto end;
-			}
 		}
-	else if (!noout && (peer != NULL)) /* just print the certificate */
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=(int)i2d_X509_bio(out,peer);
+	} else if (!noout && (peer != NULL)) {	/* just print the certificate */
+		if (outformat == FORMAT_ASN1)
+			i = (int) i2d_X509_bio(out, peer);
 		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_X509(out,peer);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			i = PEM_write_bio_X509(out, peer);
+		else {
+			BIO_printf(bio_err, "bad output format specified for outfile\n");
 			goto end;
-			}
+		}
 		if (!i) {
-			BIO_printf(bio_err,"unable to write X509\n");
+			BIO_printf(bio_err, "unable to write X509\n");
 			goto end;
-			}
 		}
-	ret=0;
+	}
+	ret = 0;
 end:
-	if (out != NULL) BIO_free_all(out);
-	if (x != NULL) SSL_SESSION_free(x);
+	if (out != NULL)
+		BIO_free_all(out);
+	if (x != NULL)
+		SSL_SESSION_free(x);
 	apps_shutdown();
-	return(ret);
-	}
+	return (ret);
+}
 
-static SSL_SESSION *load_sess_id(char *infile, int format)
-	{
-	SSL_SESSION *x=NULL;
-	BIO *in=NULL;
+static SSL_SESSION *
+load_sess_id(char *infile, int format)
+{
+	SSL_SESSION *x = NULL;
+	BIO *in = NULL;
 
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
+	in = BIO_new(BIO_s_file());
+	if (in == NULL) {
 		ERR_print_errors(bio_err);
 		goto end;
-		}
-
+	}
 	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
+		BIO_set_fp(in, stdin, BIO_NOCLOSE);
+	else {
+		if (BIO_read_filename(in, infile) <= 0) {
 			perror(infile);
 			goto end;
-			}
 		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_SSL_SESSION_bio(in,NULL);
+	}
+	if (format == FORMAT_ASN1)
+		x = d2i_SSL_SESSION_bio(in, NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input crl\n");
+		x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+	else {
+		BIO_printf(bio_err, "bad input format specified for input crl\n");
 		goto end;
-		}
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+	}
+	if (x == NULL) {
+		BIO_printf(bio_err, "unable to load SSL_SESSION\n");
 		ERR_print_errors(bio_err);
 		goto end;
-		}
-	
-end:
-	if (in != NULL) BIO_free(in);
-	return(x);
 	}
-
+end:
+	if (in != NULL)
+		BIO_free(in);
+	return (x);
+}
diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c
index c4b976fa00f..9332ae90951 100644
--- a/lib/libssl/src/apps/smime.c
+++ b/lib/libssl/src/apps/smime.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,8 +69,8 @@
 
 #undef PROG
 #define PROG smime_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
+static int save_certs(char *signerfile, STACK_OF(X509) * signers);
+static int smime_cb(int ok, X509_STORE_CTX * ctx);
 
 #define SMIME_OP	0x10
 #define SMIME_IP	0x20
@@ -84,8 +84,9 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
+int 
+MAIN(int argc, char **argv)
+{
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
@@ -93,14 +94,14 @@ int MAIN(int argc, char **argv)
 	const char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
-	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+	STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
+	char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
 	const EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
 	X509 *cert = NULL, *recip = NULL, *signer = NULL;
 	EVP_PKEY *key = NULL;
-	STACK_OF(X509) *encerts = NULL, *other = NULL;
+	STACK_OF(X509) * encerts = NULL, *other = NULL;
 	BIO *in = NULL, *out = NULL, *indata = NULL;
 	int badarg = 0;
 	int flags = PKCS7_DETACHED;
@@ -112,9 +113,9 @@ int MAIN(int argc, char **argv)
 	int indef = 0;
 	const EVP_MD *sign_md = NULL;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-        int keyform = FORMAT_PEM;
+	int keyform = FORMAT_PEM;
 #ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
+	char *engine = NULL;
 #endif
 
 	X509_VERIFY_PARAM *vpm = NULL;
@@ -124,141 +125,126 @@ int MAIN(int argc, char **argv)
 
 	apps_startup();
 
-	if (bio_err == NULL)
-		{
+	if (bio_err == NULL) {
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-		}
-
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+	}
 	if (!load_config(bio_err, NULL))
 		goto end;
 
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp (*args, "-encrypt"))
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args, "-encrypt"))
 			operation = SMIME_ENCRYPT;
-		else if (!strcmp (*args, "-decrypt"))
+		else if (!strcmp(*args, "-decrypt"))
 			operation = SMIME_DECRYPT;
-		else if (!strcmp (*args, "-sign"))
+		else if (!strcmp(*args, "-sign"))
 			operation = SMIME_SIGN;
-		else if (!strcmp (*args, "-resign"))
+		else if (!strcmp(*args, "-resign"))
 			operation = SMIME_RESIGN;
-		else if (!strcmp (*args, "-verify"))
+		else if (!strcmp(*args, "-verify"))
 			operation = SMIME_VERIFY;
-		else if (!strcmp (*args, "-pk7out"))
+		else if (!strcmp(*args, "-pk7out"))
 			operation = SMIME_PK7OUT;
 #ifndef OPENSSL_NO_DES
-		else if (!strcmp (*args, "-des3")) 
-				cipher = EVP_des_ede3_cbc();
-		else if (!strcmp (*args, "-des")) 
-				cipher = EVP_des_cbc();
+		else if (!strcmp(*args, "-des3"))
+			cipher = EVP_des_ede3_cbc();
+		else if (!strcmp(*args, "-des"))
+			cipher = EVP_des_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
-		else if (!strcmp (*args, "-seed")) 
-				cipher = EVP_seed_cbc();
+		else if (!strcmp(*args, "-seed"))
+			cipher = EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_RC2
-		else if (!strcmp (*args, "-rc2-40")) 
-				cipher = EVP_rc2_40_cbc();
-		else if (!strcmp (*args, "-rc2-128")) 
-				cipher = EVP_rc2_cbc();
-		else if (!strcmp (*args, "-rc2-64")) 
-				cipher = EVP_rc2_64_cbc();
+		else if (!strcmp(*args, "-rc2-40"))
+			cipher = EVP_rc2_40_cbc();
+		else if (!strcmp(*args, "-rc2-128"))
+			cipher = EVP_rc2_cbc();
+		else if (!strcmp(*args, "-rc2-64"))
+			cipher = EVP_rc2_64_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
-		else if (!strcmp(*args,"-aes128"))
-				cipher = EVP_aes_128_cbc();
-		else if (!strcmp(*args,"-aes192"))
-				cipher = EVP_aes_192_cbc();
-		else if (!strcmp(*args,"-aes256"))
-				cipher = EVP_aes_256_cbc();
+		else if (!strcmp(*args, "-aes128"))
+			cipher = EVP_aes_128_cbc();
+		else if (!strcmp(*args, "-aes192"))
+			cipher = EVP_aes_192_cbc();
+		else if (!strcmp(*args, "-aes256"))
+			cipher = EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-		else if (!strcmp(*args,"-camellia128"))
-				cipher = EVP_camellia_128_cbc();
-		else if (!strcmp(*args,"-camellia192"))
-				cipher = EVP_camellia_192_cbc();
-		else if (!strcmp(*args,"-camellia256"))
-				cipher = EVP_camellia_256_cbc();
+		else if (!strcmp(*args, "-camellia128"))
+			cipher = EVP_camellia_128_cbc();
+		else if (!strcmp(*args, "-camellia192"))
+			cipher = EVP_camellia_192_cbc();
+		else if (!strcmp(*args, "-camellia256"))
+			cipher = EVP_camellia_256_cbc();
 #endif
-		else if (!strcmp (*args, "-text")) 
-				flags |= PKCS7_TEXT;
-		else if (!strcmp (*args, "-nointern")) 
-				flags |= PKCS7_NOINTERN;
-		else if (!strcmp (*args, "-noverify")) 
-				flags |= PKCS7_NOVERIFY;
-		else if (!strcmp (*args, "-nochain")) 
-				flags |= PKCS7_NOCHAIN;
-		else if (!strcmp (*args, "-nocerts")) 
-				flags |= PKCS7_NOCERTS;
-		else if (!strcmp (*args, "-noattr")) 
-				flags |= PKCS7_NOATTR;
-		else if (!strcmp (*args, "-nodetach")) 
-				flags &= ~PKCS7_DETACHED;
-		else if (!strcmp (*args, "-nosmimecap"))
-				flags |= PKCS7_NOSMIMECAP;
-		else if (!strcmp (*args, "-binary"))
-				flags |= PKCS7_BINARY;
-		else if (!strcmp (*args, "-nosigs"))
-				flags |= PKCS7_NOSIGS;
-		else if (!strcmp (*args, "-stream"))
-				indef = 1;
-		else if (!strcmp (*args, "-indef"))
-				indef = 1;
-		else if (!strcmp (*args, "-noindef"))
-				indef = 0;
-		else if (!strcmp (*args, "-nooldmime"))
-				flags |= PKCS7_NOOLDMIMETYPE;
-		else if (!strcmp (*args, "-crlfeol"))
-				flags |= PKCS7_CRLFEOL;
-		else if (!strcmp(*args,"-rand"))
-			{
+		else if (!strcmp(*args, "-text"))
+			flags |= PKCS7_TEXT;
+		else if (!strcmp(*args, "-nointern"))
+			flags |= PKCS7_NOINTERN;
+		else if (!strcmp(*args, "-noverify"))
+			flags |= PKCS7_NOVERIFY;
+		else if (!strcmp(*args, "-nochain"))
+			flags |= PKCS7_NOCHAIN;
+		else if (!strcmp(*args, "-nocerts"))
+			flags |= PKCS7_NOCERTS;
+		else if (!strcmp(*args, "-noattr"))
+			flags |= PKCS7_NOATTR;
+		else if (!strcmp(*args, "-nodetach"))
+			flags &= ~PKCS7_DETACHED;
+		else if (!strcmp(*args, "-nosmimecap"))
+			flags |= PKCS7_NOSMIMECAP;
+		else if (!strcmp(*args, "-binary"))
+			flags |= PKCS7_BINARY;
+		else if (!strcmp(*args, "-nosigs"))
+			flags |= PKCS7_NOSIGS;
+		else if (!strcmp(*args, "-stream"))
+			indef = 1;
+		else if (!strcmp(*args, "-indef"))
+			indef = 1;
+		else if (!strcmp(*args, "-noindef"))
+			indef = 0;
+		else if (!strcmp(*args, "-nooldmime"))
+			flags |= PKCS7_NOOLDMIMETYPE;
+		else if (!strcmp(*args, "-crlfeol"))
+			flags |= PKCS7_CRLFEOL;
+		else if (!strcmp(*args, "-rand")) {
 			if (!args[1])
 				goto argerr;
 			args++;
 			inrand = *args;
 			need_rand = 1;
-			}
+		}
 #ifndef OPENSSL_NO_ENGINE
-		else if (!strcmp(*args,"-engine"))
-			{
+		else if (!strcmp(*args, "-engine")) {
 			if (!args[1])
 				goto argerr;
 			engine = *++args;
-			}
+		}
 #endif
-		else if (!strcmp(*args,"-passin"))
-			{
+		else if (!strcmp(*args, "-passin")) {
 			if (!args[1])
 				goto argerr;
 			passargin = *++args;
-			}
-		else if (!strcmp (*args, "-to"))
-			{
+		} else if (!strcmp(*args, "-to")) {
 			if (!args[1])
 				goto argerr;
 			to = *++args;
-			}
-		else if (!strcmp (*args, "-from"))
-			{
+		} else if (!strcmp(*args, "-from")) {
 			if (!args[1])
 				goto argerr;
 			from = *++args;
-			}
-		else if (!strcmp (*args, "-subject"))
-			{
+		} else if (!strcmp(*args, "-subject")) {
 			if (!args[1])
 				goto argerr;
 			subject = *++args;
-			}
-		else if (!strcmp (*args, "-signer"))
-			{
+		} else if (!strcmp(*args, "-signer")) {
 			if (!args[1])
 				goto argerr;
 			/* If previous -signer argument add signer to list */
 
-			if (signerfile)
-				{
+			if (signerfile) {
 				if (!sksigners)
 					sksigners = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -268,39 +254,30 @@ int MAIN(int argc, char **argv)
 					skkeys = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(skkeys, keyfile);
 				keyfile = NULL;
-				}
-			signerfile = *++args;
 			}
-		else if (!strcmp (*args, "-recip"))
-			{
+			signerfile = *++args;
+		} else if (!strcmp(*args, "-recip")) {
 			if (!args[1])
 				goto argerr;
 			recipfile = *++args;
-			}
-		else if (!strcmp (*args, "-md"))
-			{
+		} else if (!strcmp(*args, "-md")) {
 			if (!args[1])
 				goto argerr;
 			sign_md = EVP_get_digestbyname(*++args);
-			if (sign_md == NULL)
-				{
+			if (sign_md == NULL) {
 				BIO_printf(bio_err, "Unknown digest %s\n",
-							*args);
+				    *args);
 				goto argerr;
-				}
 			}
-		else if (!strcmp (*args, "-inkey"))
-			{
-			if (!args[1])	
+		} else if (!strcmp(*args, "-inkey")) {
+			if (!args[1])
 				goto argerr;
 			/* If previous -inkey arument add signer to list */
-			if (keyfile)
-				{
-				if (!signerfile)
-					{
+			if (keyfile) {
+				if (!signerfile) {
 					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 					goto argerr;
-					}
+				}
 				if (!sksigners)
 					sksigners = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -308,86 +285,62 @@ int MAIN(int argc, char **argv)
 				if (!skkeys)
 					skkeys = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(skkeys, keyfile);
-				}
-			keyfile = *++args;
 			}
-		else if (!strcmp (*args, "-keyform"))
-			{
+			keyfile = *++args;
+		} else if (!strcmp(*args, "-keyform")) {
 			if (!args[1])
 				goto argerr;
 			keyform = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-certfile"))
-			{
+		} else if (!strcmp(*args, "-certfile")) {
 			if (!args[1])
 				goto argerr;
 			certfile = *++args;
-			}
-		else if (!strcmp (*args, "-CAfile"))
-			{
+		} else if (!strcmp(*args, "-CAfile")) {
 			if (!args[1])
 				goto argerr;
 			CAfile = *++args;
-			}
-		else if (!strcmp (*args, "-CApath"))
-			{
+		} else if (!strcmp(*args, "-CApath")) {
 			if (!args[1])
 				goto argerr;
 			CApath = *++args;
-			}
-		else if (!strcmp (*args, "-in"))
-			{
+		} else if (!strcmp(*args, "-in")) {
 			if (!args[1])
 				goto argerr;
 			infile = *++args;
-			}
-		else if (!strcmp (*args, "-inform"))
-			{
+		} else if (!strcmp(*args, "-inform")) {
 			if (!args[1])
 				goto argerr;
 			informat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-outform"))
-			{
+		} else if (!strcmp(*args, "-outform")) {
 			if (!args[1])
 				goto argerr;
 			outformat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-out"))
-			{
+		} else if (!strcmp(*args, "-out")) {
 			if (!args[1])
 				goto argerr;
 			outfile = *++args;
-			}
-		else if (!strcmp (*args, "-content"))
-			{
+		} else if (!strcmp(*args, "-content")) {
 			if (!args[1])
 				goto argerr;
 			contfile = *++args;
-			}
-		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+		} else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
 			continue;
 		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
 			badarg = 1;
 		args++;
-		}
+	}
 
-	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
-		{
+	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
 		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
 		goto argerr;
-		}
-
-	if (operation & SMIME_SIGNERS)
-		{
+	}
+	if (operation & SMIME_SIGNERS) {
 		/* Check to see if any final signer needs to be appended */
-		if (keyfile && !signerfile)
-			{
+		if (keyfile && !signerfile) {
 			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 			goto argerr;
-			}
-		if (signerfile)
-			{
+		}
+		if (signerfile) {
 			if (!sksigners)
 				sksigners = sk_OPENSSL_STRING_new_null();
 			sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -396,406 +349,333 @@ int MAIN(int argc, char **argv)
 			if (!keyfile)
 				keyfile = signerfile;
 			sk_OPENSSL_STRING_push(skkeys, keyfile);
-			}
-		if (!sksigners)
-			{
+		}
+		if (!sksigners) {
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
-			}
+		}
 		signerfile = NULL;
 		keyfile = NULL;
 		need_rand = 1;
-		}
-	else if (operation == SMIME_DECRYPT)
-		{
-		if (!recipfile && !keyfile)
-			{
+	} else if (operation == SMIME_DECRYPT) {
+		if (!recipfile && !keyfile) {
 			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
-			}
 		}
-	else if (operation == SMIME_ENCRYPT)
-		{
-		if (!*args)
-			{
+	} else if (operation == SMIME_ENCRYPT) {
+		if (!*args) {
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
-			}
-		need_rand = 1;
 		}
-	else if (!operation)
+		need_rand = 1;
+	} else if (!operation)
 		badarg = 1;
 
-	if (badarg)
-		{
-		argerr:
-		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-encrypt       encrypt message\n");
-		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
-		BIO_printf (bio_err, "-sign          sign message\n");
-		BIO_printf (bio_err, "-verify        verify signed message\n");
-		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
+	if (badarg) {
+argerr:
+		BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, "-encrypt       encrypt message\n");
+		BIO_printf(bio_err, "-decrypt       decrypt encrypted message\n");
+		BIO_printf(bio_err, "-sign          sign message\n");
+		BIO_printf(bio_err, "-verify        verify signed message\n");
+		BIO_printf(bio_err, "-pk7out        output PKCS#7 structure\n");
 #ifndef OPENSSL_NO_DES
-		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
-		BIO_printf (bio_err, "-des           encrypt with DES\n");
+		BIO_printf(bio_err, "-des3          encrypt with triple DES\n");
+		BIO_printf(bio_err, "-des           encrypt with DES\n");
 #endif
 #ifndef OPENSSL_NO_SEED
-		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
+		BIO_printf(bio_err, "-seed          encrypt with SEED\n");
 #endif
 #ifndef OPENSSL_NO_RC2
-		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
-		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
-		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+		BIO_printf(bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
+		BIO_printf(bio_err, "-rc2-64        encrypt with RC2-64\n");
+		BIO_printf(bio_err, "-rc2-128       encrypt with RC2-128\n");
 #endif
 #ifndef OPENSSL_NO_AES
-		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err, "               encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+		BIO_printf(bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
-		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
-		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
-		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
-		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
-		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
-		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
-		BIO_printf (bio_err, "-binary        don't translate message to text\n");
-		BIO_printf (bio_err, "-certfile file other certificates file\n");
-		BIO_printf (bio_err, "-signer file   signer certificate file\n");
-		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
-		BIO_printf (bio_err, "-in file       input file\n");
-		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
-		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
-		BIO_printf (bio_err, "-out file      output file\n");
-		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
-		BIO_printf (bio_err, "-to addr       to address\n");
-		BIO_printf (bio_err, "-from ad       from address\n");
-		BIO_printf (bio_err, "-subject s     subject\n");
-		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
-		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
-		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+		BIO_printf(bio_err, "-nointern      don't search certificates in message for signer\n");
+		BIO_printf(bio_err, "-nosigs        don't verify message signature\n");
+		BIO_printf(bio_err, "-noverify      don't verify signers certificate\n");
+		BIO_printf(bio_err, "-nocerts       don't include signers certificate when signing\n");
+		BIO_printf(bio_err, "-nodetach      use opaque signing\n");
+		BIO_printf(bio_err, "-noattr        don't include any signed attributes\n");
+		BIO_printf(bio_err, "-binary        don't translate message to text\n");
+		BIO_printf(bio_err, "-certfile file other certificates file\n");
+		BIO_printf(bio_err, "-signer file   signer certificate file\n");
+		BIO_printf(bio_err, "-recip  file   recipient certificate file for decryption\n");
+		BIO_printf(bio_err, "-in file       input file\n");
+		BIO_printf(bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+		BIO_printf(bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+		BIO_printf(bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
+		BIO_printf(bio_err, "-out file      output file\n");
+		BIO_printf(bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+		BIO_printf(bio_err, "-content file  supply or override content for detached signature\n");
+		BIO_printf(bio_err, "-to addr       to address\n");
+		BIO_printf(bio_err, "-from ad       from address\n");
+		BIO_printf(bio_err, "-subject s     subject\n");
+		BIO_printf(bio_err, "-text          include or delete text MIME headers\n");
+		BIO_printf(bio_err, "-CApath dir    trusted certificates directory\n");
+		BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf(bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+		BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
 #ifndef OPENSSL_NO_ENGINE
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 #endif
-		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", ':', ':');
-		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,  "               the random number generator\n");
-		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
+		BIO_printf(bio_err, "-passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err, "-rand file%cfile%c...\n", ':', ':');
+		BIO_printf(bio_err, "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err, "               the random number generator\n");
+		BIO_printf(bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
-		}
-
+	}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+	e = setup_engine(bio_err, engine, 0);
 #endif
 
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
-		}
-
-	if (need_rand)
-		{
+	}
+	if (need_rand) {
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
+			BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+			    app_RAND_load_files(inrand));
+	}
 	ret = 2;
 
 	if (!(operation & SMIME_SIGNERS))
 		flags &= ~PKCS7_DETACHED;
 
-	if (operation & SMIME_OP)
-		{
+	if (operation & SMIME_OP) {
 		if (outformat == FORMAT_ASN1)
 			outmode = "wb";
-		}
-	else
-		{
+	} else {
 		if (flags & PKCS7_BINARY)
 			outmode = "wb";
-		}
+	}
 
-	if (operation & SMIME_IP)
-		{
+	if (operation & SMIME_IP) {
 		if (informat == FORMAT_ASN1)
 			inmode = "rb";
-		}
-	else
-		{
+	} else {
 		if (flags & PKCS7_BINARY)
 			inmode = "rb";
-		}
+	}
 
-	if (operation == SMIME_ENCRYPT)
-		{
-		if (!cipher)
-			{
-#ifndef OPENSSL_NO_RC2			
+	if (operation == SMIME_ENCRYPT) {
+		if (!cipher) {
+#ifndef OPENSSL_NO_RC2
 			cipher = EVP_rc2_40_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
 			goto end;
 #endif
-			}
+		}
 		encerts = sk_X509_new_null();
-		while (*args)
-			{
-			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-				NULL, e, "recipient certificate file")))
-				{
+		while (*args) {
+			if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
+				    NULL, e, "recipient certificate file"))) {
 #if 0				/* An appropriate message is already printed */
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 #endif
 				goto end;
-				}
+			}
 			sk_X509_push(encerts, cert);
 			cert = NULL;
 			args++;
-			}
 		}
-
-	if (certfile)
-		{
-		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-			e, "certificate file")))
-			{
+	}
+	if (certfile) {
+		if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
+			    e, "certificate file"))) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
 		}
-
-	if (recipfile && (operation == SMIME_DECRYPT))
-		{
-		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-			e, "recipient certificate file")))
-			{
+	}
+	if (recipfile && (operation == SMIME_DECRYPT)) {
+		if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
+			    e, "recipient certificate file"))) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
 		}
-
-	if (operation == SMIME_DECRYPT)
-		{
+	}
+	if (operation == SMIME_DECRYPT) {
 		if (!keyfile)
 			keyfile = recipfile;
-		}
-	else if (operation == SMIME_SIGN)
-		{
+	} else if (operation == SMIME_SIGN) {
 		if (!keyfile)
 			keyfile = signerfile;
-		}
-	else keyfile = NULL;
+	} else
+		keyfile = NULL;
 
-	if (keyfile)
-		{
+	if (keyfile) {
 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
+		    "signing key file");
 		if (!key)
 			goto end;
-		}
-
-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, inmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open input file %s\n", infile);
+	}
+	if (infile) {
+		if (!(in = BIO_new_file(infile, inmode))) {
+			BIO_printf(bio_err,
+			    "Can't open input file %s\n", infile);
 			goto end;
-			}
 		}
-	else
+	} else
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 
-	if (operation & SMIME_IP)
-		{
-		if (informat == FORMAT_SMIME) 
+	if (operation & SMIME_IP) {
+		if (informat == FORMAT_SMIME)
 			p7 = SMIME_read_PKCS7(in, &indata);
-		else if (informat == FORMAT_PEM) 
+		else if (informat == FORMAT_PEM)
 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1) 
+		else if (informat == FORMAT_ASN1)
 			p7 = d2i_PKCS7_bio(in, NULL);
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
 			goto end;
-			}
+		}
 
-		if (!p7)
-			{
+		if (!p7) {
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
-			}
-		if (contfile)
-			{
+		}
+		if (contfile) {
 			BIO_free(indata);
-			if (!(indata = BIO_new_file(contfile, "rb")))
-				{
+			if (!(indata = BIO_new_file(contfile, "rb"))) {
 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
 				goto end;
-				}
 			}
 		}
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file(outfile, outmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open output file %s\n", outfile);
+	}
+	if (outfile) {
+		if (!(out = BIO_new_file(outfile, outmode))) {
+			BIO_printf(bio_err,
+			    "Can't open output file %s\n", outfile);
 			goto end;
-			}
 		}
-	else
-		{
+	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-		}
+	}
 
-	if (operation == SMIME_VERIFY)
-		{
+	if (operation == SMIME_VERIFY) {
 		if (!(store = setup_verify(bio_err, CAfile, CApath)))
 			goto end;
 		X509_STORE_set_verify_cb(store, smime_cb);
 		if (vpm)
 			X509_STORE_set1_param(store, vpm);
-		}
-
-
+	}
 	ret = 3;
 
-	if (operation == SMIME_ENCRYPT)
-		{
+	if (operation == SMIME_ENCRYPT) {
 		if (indef)
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-		}
-	else if (operation & SMIME_SIGNERS)
-		{
+	} else if (operation & SMIME_SIGNERS) {
 		int i;
-		/* If detached data content we only enable streaming if
+		/*
+		 * If detached data content we only enable streaming if
 		 * S/MIME output format.
 		 */
-		if (operation == SMIME_SIGN)
-			{
-			if (flags & PKCS7_DETACHED)
-				{
+		if (operation == SMIME_SIGN) {
+			if (flags & PKCS7_DETACHED) {
 				if (outformat == FORMAT_SMIME)
 					flags |= PKCS7_STREAM;
-				}
-			else if (indef)
+			} else if (indef)
 				flags |= PKCS7_STREAM;
 			flags |= PKCS7_PARTIAL;
 			p7 = PKCS7_sign(NULL, NULL, other, in, flags);
 			if (!p7)
 				goto end;
-			}
-		else
+		} else
 			flags |= PKCS7_REUSE_DIGEST;
-		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
-			{
+		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
 			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
 			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
-			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
-					e, "signer certificate");
+			signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+			    e, "signer certificate");
 			if (!signer)
 				goto end;
 			key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
+			    "signing key file");
 			if (!key)
 				goto end;
 			if (!PKCS7_sign_add_signer(p7, signer, key,
-						sign_md, flags))
+				sign_md, flags))
 				goto end;
 			X509_free(signer);
 			signer = NULL;
 			EVP_PKEY_free(key);
 			key = NULL;
-			}
+		}
 		/* If not streaming or resigning finalize structure */
-		if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
-			{
+		if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
 			if (!PKCS7_final(p7, in, flags))
 				goto end;
-			}
 		}
-
-	if (!p7)
-		{
+	}
+	if (!p7) {
 		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
 		goto end;
-		}
-
+	}
 	ret = 4;
-	if (operation == SMIME_DECRYPT)
-		{
-		if (!PKCS7_decrypt(p7, key, recip, out, flags))
-			{
+	if (operation == SMIME_DECRYPT) {
+		if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
-			}
 		}
-	else if (operation == SMIME_VERIFY)
-		{
-		STACK_OF(X509) *signers;
+	} else if (operation == SMIME_VERIFY) {
+		STACK_OF(X509) * signers;
 		if (PKCS7_verify(p7, other, store, indata, out, flags))
 			BIO_printf(bio_err, "Verification successful\n");
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
-			}
+		}
 		signers = PKCS7_get0_signers(p7, other, flags);
-		if (!save_certs(signerfile, signers))
-			{
+		if (!save_certs(signerfile, signers)) {
 			BIO_printf(bio_err, "Error writing signers to %s\n",
-								signerfile);
+			    signerfile);
 			ret = 5;
 			goto end;
-			}
-		sk_X509_free(signers);
 		}
-	else if (operation == SMIME_PK7OUT)
+		sk_X509_free(signers);
+	} else if (operation == SMIME_PK7OUT)
 		PEM_write_bio_PKCS7(out, p7);
-	else
-		{
+	else {
 		if (to)
 			BIO_printf(out, "To: %s\n", to);
 		if (from)
 			BIO_printf(out, "From: %s\n", from);
 		if (subject)
 			BIO_printf(out, "Subject: %s\n", subject);
-		if (outformat == FORMAT_SMIME) 
-			{
+		if (outformat == FORMAT_SMIME) {
 			if (operation == SMIME_RESIGN)
 				SMIME_write_PKCS7(out, p7, indata, flags);
 			else
 				SMIME_write_PKCS7(out, p7, in, flags);
-			}
-		else if (outformat == FORMAT_PEM) 
+		} else if (outformat == FORMAT_PEM)
 			PEM_write_bio_PKCS7_stream(out, p7, in, flags);
-		else if (outformat == FORMAT_ASN1) 
-			i2d_PKCS7_bio_stream(out,p7, in, flags);
-		else
-			{
+		else if (outformat == FORMAT_ASN1)
+			i2d_PKCS7_bio_stream(out, p7, in, flags);
+		else {
 			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
 			goto end;
-			}
 		}
+	}
 	ret = 0;
 end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
-	if (ret) ERR_print_errors(bio_err);
+	if (ret)
+		ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
 	if (vpm)
@@ -813,39 +693,43 @@ end:
 	BIO_free(in);
 	BIO_free(indata);
 	BIO_free_all(out);
-	if (passin) free(passin);
+	if (passin)
+		free(passin);
 	return (ret);
 }
 
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
-	{
+static int 
+save_certs(char *signerfile, STACK_OF(X509) * signers)
+{
 	int i;
 	BIO *tmp;
 	if (!signerfile)
 		return 1;
 	tmp = BIO_new_file(signerfile, "w");
-	if (!tmp) return 0;
-	for(i = 0; i < sk_X509_num(signers); i++)
+	if (!tmp)
+		return 0;
+	for (i = 0; i < sk_X509_num(signers); i++)
 		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
 	BIO_free(tmp);
 	return 1;
-	}
-	
+}
+
 
 /* Minimal callback just to output policy info (if any) */
 
-static int smime_cb(int ok, X509_STORE_CTX *ctx)
-	{
+static int 
+smime_cb(int ok, X509_STORE_CTX * ctx)
+{
 	int error;
 
 	error = X509_STORE_CTX_get_error(ctx);
 
 	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
-		&& ((error != X509_V_OK) || (ok != 2)))
+	    && ((error != X509_V_OK) || (ok != 2)))
 		return ok;
 
 	policies_print(NULL, ctx);
 
 	return ok;
 
-	}
+}
diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c
index 0806327c389..6b8610aa702 100644
--- a/lib/libssl/src/apps/speed.c
+++ b/lib/libssl/src/apps/speed.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,13 +58,13 @@
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
- * Portions of the attached software ("Contribution") are developed by 
+ * Portions of the attached software ("Contribution") are developed by
  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  *
  * The Contribution is licensed pursuant to the OpenSSL open source
  * license provided above.
  *
- * The ECDH and ECDSA speed test software is originally written by 
+ * The ECDH and ECDSA speed test software is originally written by
  * Sumit Gupta of Sun Microsystems Laboratories.
  *
  */
@@ -74,7 +74,7 @@
 #ifndef OPENSSL_NO_SPEED
 
 #undef SECONDS
-#define SECONDS		3	
+#define SECONDS		3
 #define RSA_SECONDS	10
 #define DSA_SECONDS	10
 #define ECDSA_SECONDS   10
@@ -106,12 +106,14 @@
 
 #if defined(_WIN32) || defined(__CYGWIN__)
 #include 
-# if defined(__CYGWIN__) && !defined(_WIN32)
-  /*  should define _WIN32, which normally is mutually
-   * exclusive with __CYGWIN__, but if it didn't... */
-#  define _WIN32
-  /* this is done because Cygwin alarm() fails sometimes. */
-# endif
+#if defined(__CYGWIN__) && !defined(_WIN32)
+ /*
+  *  should define _WIN32, which normally is mutually exclusive
+  * with __CYGWIN__, but if it didn't...
+  */
+#define _WIN32
+ /* this is done because Cygwin alarm() fails sometimes. */
+#endif
 #endif
 
 #include 
@@ -189,7 +191,7 @@
 
 
 #ifndef HAVE_FORK
-#  define HAVE_FORK 1
+#define HAVE_FORK 1
 #endif
 
 #if HAVE_FORK
@@ -200,16 +202,17 @@
 
 #undef BUFSIZE
 #define BUFSIZE	((long)1024*8+1)
-int run=0;
+int run = 0;
 
-static int mr=0;
-static int usertime=1;
+static int mr = 0;
+static int usertime = 1;
 
 static double Time_F(int s);
-static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
-	long num, int bits, int sec);
-static void print_result(int alg,int run_no,int count,double time_used);
+static void print_message(const char *s, long num, int length);
+static void 
+pkey_print_message(const char *str, const char *str2,
+    long num, int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
 #ifndef NO_FORK
 static int do_multi(int multi);
 #endif
@@ -222,16 +225,16 @@ static int do_multi(int multi);
 #define EC_NUM       16
 #define MAX_ECDH_SIZE 256
 
-static const char *names[ALGOR_NUM]={
-  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
-  "des cbc","des ede3","idea cbc","seed cbc",
-  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
-  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
-  "evp","sha256","sha512","whirlpool",
-  "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
+static const char *names[ALGOR_NUM] = {
+	"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+	"des cbc", "des ede3", "idea cbc", "seed cbc",
+	"rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+	"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+	"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+	"evp", "sha256", "sha512", "whirlpool",
+"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"};
 static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static int lengths[SIZE_NUM] = {16, 64, 256, 1024, 8 * 1024};
 #ifndef OPENSSL_NO_RSA
 static double rsa_results[RSA_NUM][2];
 #endif
@@ -255,33 +258,36 @@ static int rnd_fake = 0;
 #define SIGRETTYPE void
 #else
 #define SIGRETTYPE int
-#endif 
+#endif
 
 static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
+static SIGRETTYPE 
+sig_done(int sig)
+{
+	signal(SIGALRM, sig_done);
+	run = 0;
 #ifdef LINT
-	sig=sig;
+	sig = sig;
 #endif
-	}
+}
 #endif
 
 #define START	0
 #define STOP	1
 
 
-static double Time_F(int s)
-	{
-	return app_tminterval(s,usertime);
-	}
+static double 
+Time_F(int s)
+{
+	return app_tminterval(s, usertime);
+}
 
 
 #ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
-	{
+static void *
+KDF1_SHA1(const void *in, size_t inlen, void *out, size_t * outlen)
+{
 #ifndef OPENSSL_NO_SHA
 	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
@@ -290,19 +296,20 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	return SHA1(in, inlen, out);
 #else
 	return NULL;
-#endif	/* OPENSSL_NO_SHA */
-	}
-#endif	/* OPENSSL_NO_ECDH */
+#endif				/* OPENSSL_NO_SHA */
+}
+#endif				/* OPENSSL_NO_ECDH */
 
 
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
-	unsigned char *buf=NULL,*buf2=NULL;
-	int mret=1;
-	long count=0,save_count=0;
-	int i,j,k;
+int 
+MAIN(int argc, char **argv)
+{
+	unsigned char *buf = NULL, *buf2 = NULL;
+	int mret = 1;
+	long count = 0, save_count = 0;
+	int i, j, k;
 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
 	long rsa_count;
 #endif
@@ -359,30 +366,30 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_CAST
 	CAST_KEY cast_ks;
 #endif
-	static const unsigned char key16[16]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static const unsigned char key16[16] =
+	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+	0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
 #ifndef OPENSSL_NO_AES
-	static const unsigned char key24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char key32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+	static const unsigned char key24[24] =
+	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+		0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+	0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
+	static const unsigned char key32[32] =
+	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+		0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+		0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+	0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-	static const unsigned char ckey24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char ckey32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+	static const unsigned char ckey24[24] =
+	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+		0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+	0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
+	static const unsigned char ckey32[32] =
+	{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+		0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+		0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+	0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
 #endif
 #ifndef OPENSSL_NO_AES
 #define MAX_BLOCK_SIZE 128
@@ -390,11 +397,11 @@ int MAIN(int argc, char **argv)
 #define MAX_BLOCK_SIZE 64
 #endif
 	unsigned char DES_iv[8];
-	unsigned char iv[2*MAX_BLOCK_SIZE/8];
+	unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
 #ifndef OPENSSL_NO_DES
-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	static DES_cblock key = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
+	static DES_cblock key2 = {0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
+	static DES_cblock key3 = {0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
 	DES_key_schedule sch;
 	DES_key_schedule sch2;
 	DES_key_schedule sch3;
@@ -424,18 +431,18 @@ int MAIN(int argc, char **argv)
 #define D_CBC_128_AES	16
 #define D_CBC_192_AES	17
 #define D_CBC_256_AES	18
-#define D_CBC_128_CML   19 
+#define D_CBC_128_CML   19
 #define D_CBC_192_CML   20
-#define D_CBC_256_CML   21 
+#define D_CBC_256_CML   21
 #define D_EVP		22
-#define D_SHA256	23	
+#define D_SHA256	23
 #define D_SHA512	24
 #define D_WHIRLPOOL	25
 #define D_IGE_128_AES   26
 #define D_IGE_192_AES   27
 #define D_IGE_256_AES   28
 #define D_GHASH		29
-	double d=0.0;
+	double d = 0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
@@ -446,7 +453,7 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_4096	3
 
 #define R_EC_P160    0
-#define R_EC_P192    1	
+#define R_EC_P192    1
 #define R_EC_P224    2
 #define R_EC_P256    3
 #define R_EC_P384    4
@@ -465,72 +472,73 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned char *rsa_data[RSA_NUM]=
-		{test512,test1024,test2048,test4096};
-	static int rsa_data_length[RSA_NUM]={
-		sizeof(test512),sizeof(test1024),
-		sizeof(test2048),sizeof(test4096)};
+	static unsigned int rsa_bits[RSA_NUM] = {512, 1024, 2048, 4096};
+	static unsigned char *rsa_data[RSA_NUM] =
+	{test512, test1024, test2048, test4096};
+	static int rsa_data_length[RSA_NUM] = {
+		sizeof(test512), sizeof(test1024),
+	sizeof(test2048), sizeof(test4096)};
 #endif
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_key[DSA_NUM];
 	long dsa_c[DSA_NUM][2];
-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+	static unsigned int dsa_bits[DSA_NUM] = {512, 1024, 2048};
 #endif
 #ifndef OPENSSL_NO_EC
-	/* We only test over the following curves as they are representative, 
-	 * To add tests over more curves, simply add the curve NID
-	 * and curve name to the following arrays and increase the 
-	 * EC_NUM value accordingly. 
+	/*
+	 * We only test over the following curves as they are representative,
+	 * To add tests over more curves, simply add the curve NID and curve
+	 * name to the following arrays and increase the EC_NUM value
+	 * accordingly.
 	 */
-	static unsigned int test_curves[EC_NUM] = 
-	{	
-	/* Prime Curves */
-	NID_secp160r1,
-	NID_X9_62_prime192v1,
-	NID_secp224r1,
-	NID_X9_62_prime256v1,
-	NID_secp384r1,
-	NID_secp521r1,
-	/* Binary Curves */
-	NID_sect163k1,
-	NID_sect233k1,
-	NID_sect283k1,
-	NID_sect409k1,
-	NID_sect571k1,
-	NID_sect163r2,
-	NID_sect233r1,
-	NID_sect283r1,
-	NID_sect409r1,
-	NID_sect571r1
-	}; 
-	static const char * test_curves_names[EC_NUM] = 
+	static unsigned int test_curves[EC_NUM] =
+	{
+		/* Prime Curves */
+		NID_secp160r1,
+		NID_X9_62_prime192v1,
+		NID_secp224r1,
+		NID_X9_62_prime256v1,
+		NID_secp384r1,
+		NID_secp521r1,
+		/* Binary Curves */
+		NID_sect163k1,
+		NID_sect233k1,
+		NID_sect283k1,
+		NID_sect409k1,
+		NID_sect571k1,
+		NID_sect163r2,
+		NID_sect233r1,
+		NID_sect283r1,
+		NID_sect409r1,
+		NID_sect571r1
+	};
+	static const char *test_curves_names[EC_NUM] =
 	{
-	/* Prime Curves */
-	"secp160r1",
-	"nistp192",
-	"nistp224",
-	"nistp256",
-	"nistp384",
-	"nistp521",
-	/* Binary Curves */
-	"nistk163",
-	"nistk233",
-	"nistk283",
-	"nistk409",
-	"nistk571",
-	"nistb163",
-	"nistb233",
-	"nistb283",
-	"nistb409",
-	"nistb571"
+		/* Prime Curves */
+		"secp160r1",
+		"nistp192",
+		"nistp224",
+		"nistp256",
+		"nistp384",
+		"nistp521",
+		/* Binary Curves */
+		"nistk163",
+		"nistk233",
+		"nistk283",
+		"nistk409",
+		"nistk571",
+		"nistb163",
+		"nistb233",
+		"nistb283",
+		"nistb409",
+		"nistb571"
 	};
 	static int test_curves_bits[EC_NUM] =
-        {
-        160, 192, 224, 256, 384, 521,
-        163, 233, 283, 409, 571,
-        163, 233, 283, 409, 571
-        };
+	{
+		160, 192, 224, 256, 384, 521,
+		163, 233, 283, 409, 571,
+		163, 233, 283, 409, 571
+	};
 
 #endif
 
@@ -556,1947 +564,1831 @@ int MAIN(int argc, char **argv)
 	int ecdsa_doit[EC_NUM];
 #endif
 #ifndef OPENSSL_NO_ECDH
-        int ecdh_doit[EC_NUM];
+	int ecdh_doit[EC_NUM];
 #endif
 	int doit[ALGOR_NUM];
-	int pr_header=0;
-	const EVP_CIPHER *evp_cipher=NULL;
-	const EVP_MD *evp_md=NULL;
-	int decrypt=0;
+	int pr_header = 0;
+	const EVP_CIPHER *evp_cipher = NULL;
+	const EVP_MD *evp_md = NULL;
+	int decrypt = 0;
 #ifndef NO_FORK
-	int multi=0;
+	int multi = 0;
 #endif
 
 #ifndef TIMES
-	usertime=-1;
+	usertime = -1;
 #endif
 
 	apps_startup();
 	memset(results, 0, sizeof(results));
 #ifndef OPENSSL_NO_DSA
-	memset(dsa_key,0,sizeof(dsa_key));
+	memset(dsa_key, 0, sizeof(dsa_key));
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	for (i=0; i 0) && (strcmp(*argv,"-elapsed") == 0))
-			{
+	while (argc) {
+		if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
 			usertime = 0;
-			j--;	/* Otherwise, -elapsed gets confused with
-				   an algorithm. */
-			}
-		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
-			{
+			j--;	/* Otherwise, -elapsed gets confused with an
+				 * algorithm. */
+		} else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
 			argc--;
 			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no EVP given\n");
-				goto end;
-				}
-			evp_cipher=EVP_get_cipherbyname(*argv);
-			if(!evp_cipher)
-				{
-				evp_md=EVP_get_digestbyname(*argv);
-				}
-			if(!evp_cipher && !evp_md)
-				{
-				BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+			if (argc == 0) {
+				BIO_printf(bio_err, "no EVP given\n");
 				goto end;
-				}
-			doit[D_EVP]=1;
 			}
-		else if (argc > 0 && !strcmp(*argv,"-decrypt"))
-			{
-			decrypt=1;
-			j--;	/* Otherwise, -elapsed gets confused with
-				   an algorithm. */
+			evp_cipher = EVP_get_cipherbyname(*argv);
+			if (!evp_cipher) {
+				evp_md = EVP_get_digestbyname(*argv);
+			}
+			if (!evp_cipher && !evp_md) {
+				BIO_printf(bio_err, "%s is an unknown cipher or digest\n", *argv);
+				goto end;
 			}
+			doit[D_EVP] = 1;
+		} else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
+			decrypt = 1;
+			j--;	/* Otherwise, -elapsed gets confused with an
+				 * algorithm. */
+		}
 #ifndef OPENSSL_NO_ENGINE
-		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
-			{
+		else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
 			argc--;
 			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no engine given\n");
+			if (argc == 0) {
+				BIO_printf(bio_err, "no engine given\n");
 				goto end;
-				}
-                        setup_engine(bio_err, *argv, 0);
-			/* j will be increased again further down.  We just
-			   don't want speed to confuse an engine with an
-			   algorithm, especially when none is given (which
-			   means all of them should be run) */
-			j--;
 			}
+			setup_engine(bio_err, *argv, 0);
+			/*
+			 * j will be increased again further down.  We just
+			 * don't want speed to confuse an engine with an
+			 * algorithm, especially when none is given (which
+			 * means all of them should be run)
+			 */
+			j--;
+		}
 #endif
 #ifndef NO_FORK
-		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
-			{
+		else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
 			argc--;
 			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no multi count given\n");
+			if (argc == 0) {
+				BIO_printf(bio_err, "no multi count given\n");
 				goto end;
-				}
-			multi=atoi(argv[0]);
-			if(multi <= 0)
-			    {
-				BIO_printf(bio_err,"bad multi count\n");
+			}
+			multi = atoi(argv[0]);
+			if (multi <= 0) {
+				BIO_printf(bio_err, "bad multi count\n");
 				goto end;
-				}				
-			j--;	/* Otherwise, -mr gets confused with
-				   an algorithm. */
 			}
+			j--;	/* Otherwise, -mr gets confused with an
+				 * algorithm. */
+		}
 #endif
-		else if (argc > 0 && !strcmp(*argv,"-mr"))
-			{
-			mr=1;
-			j--;	/* Otherwise, -mr gets confused with
-				   an algorithm. */
-			}
-		else
+		else if (argc > 0 && !strcmp(*argv, "-mr")) {
+			mr = 1;
+			j--;	/* Otherwise, -mr gets confused with an
+				 * algorithm. */
+		} else
 #ifndef OPENSSL_NO_MD2
-		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
+		if (strcmp(*argv, "md2") == 0)
+			doit[D_MD2] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_MDC2
-			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
+		if (strcmp(*argv, "mdc2") == 0)
+			doit[D_MDC2] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_MD4
-			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
+		if (strcmp(*argv, "md4") == 0)
+			doit[D_MD4] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_MD5
-			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
+		if (strcmp(*argv, "md5") == 0)
+			doit[D_MD5] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_MD5
-			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
+		if (strcmp(*argv, "hmac") == 0)
+			doit[D_HMAC] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_SHA
-			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
-		else
-			if (strcmp(*argv,"sha") == 0)	doit[D_SHA1]=1,
-							doit[D_SHA256]=1,
-							doit[D_SHA512]=1;
+		if (strcmp(*argv, "sha1") == 0)
+			doit[D_SHA1] = 1;
+		else if (strcmp(*argv, "sha") == 0)
+			doit[D_SHA1] = 1,
+			    doit[D_SHA256] = 1,
+			    doit[D_SHA512] = 1;
 		else
 #ifndef OPENSSL_NO_SHA256
-			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+		if (strcmp(*argv, "sha256") == 0)
+			doit[D_SHA256] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_SHA512
-			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
+		if (strcmp(*argv, "sha512") == 0)
+			doit[D_SHA512] = 1;
 		else
 #endif
 #endif
 #ifndef OPENSSL_NO_WHIRLPOOL
-			if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1;
+		if (strcmp(*argv, "whirlpool") == 0)
+			doit[D_WHIRLPOOL] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_RIPEMD
-			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
-		else
-			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
-		else
-			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
+		if (strcmp(*argv, "ripemd") == 0)
+			doit[D_RMD160] = 1;
+		else if (strcmp(*argv, "rmd160") == 0)
+			doit[D_RMD160] = 1;
+		else if (strcmp(*argv, "ripemd160") == 0)
+			doit[D_RMD160] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_RC4
-			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
-		else 
+		if (strcmp(*argv, "rc4") == 0)
+			doit[D_RC4] = 1;
+		else
 #endif
 #ifndef OPENSSL_NO_DES
-			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
-		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
+		if (strcmp(*argv, "des-cbc") == 0)
+			doit[D_CBC_DES] = 1;
+		else if (strcmp(*argv, "des-ede3") == 0)
+			doit[D_EDE3_DES] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_AES
-			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
-		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
-		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
-		else    if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
-		else	if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
-		else	if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
-                else
+		if (strcmp(*argv, "aes-128-cbc") == 0)
+			doit[D_CBC_128_AES] = 1;
+		else if (strcmp(*argv, "aes-192-cbc") == 0)
+			doit[D_CBC_192_AES] = 1;
+		else if (strcmp(*argv, "aes-256-cbc") == 0)
+			doit[D_CBC_256_AES] = 1;
+		else if (strcmp(*argv, "aes-128-ige") == 0)
+			doit[D_IGE_128_AES] = 1;
+		else if (strcmp(*argv, "aes-192-ige") == 0)
+			doit[D_IGE_192_AES] = 1;
+		else if (strcmp(*argv, "aes-256-ige") == 0)
+			doit[D_IGE_256_AES] = 1;
+		else
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-			if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
-		else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
-		else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
+		if (strcmp(*argv, "camellia-128-cbc") == 0)
+			doit[D_CBC_128_CML] = 1;
+		else if (strcmp(*argv, "camellia-192-cbc") == 0)
+			doit[D_CBC_192_CML] = 1;
+		else if (strcmp(*argv, "camellia-256-cbc") == 0)
+			doit[D_CBC_256_CML] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
-			if (strcmp(*argv,"rsaref") == 0) 
-			{
+#if 0				/* was: #ifdef RSAref */
+		if (strcmp(*argv, "rsaref") == 0) {
 			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
-			}
-		else
+		} else
 #endif
 #ifndef RSA_NULL
-			if (strcmp(*argv,"openssl") == 0) 
-			{
+		if (strcmp(*argv, "openssl") == 0) {
 			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
-			}
-		else
-#endif
-#endif /* !OPENSSL_NO_RSA */
-		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
-		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
-		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
-		else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
-		else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
-		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
-		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
+		} else
+#endif
+#endif				/* !OPENSSL_NO_RSA */
+		if (strcmp(*argv, "dsa512") == 0)
+			dsa_doit[R_DSA_512] = 2;
+		else if (strcmp(*argv, "dsa1024") == 0)
+			dsa_doit[R_DSA_1024] = 2;
+		else if (strcmp(*argv, "dsa2048") == 0)
+			dsa_doit[R_DSA_2048] = 2;
+		else if (strcmp(*argv, "rsa512") == 0)
+			rsa_doit[R_RSA_512] = 2;
+		else if (strcmp(*argv, "rsa1024") == 0)
+			rsa_doit[R_RSA_1024] = 2;
+		else if (strcmp(*argv, "rsa2048") == 0)
+			rsa_doit[R_RSA_2048] = 2;
+		else if (strcmp(*argv, "rsa4096") == 0)
+			rsa_doit[R_RSA_4096] = 2;
 		else
 #ifndef OPENSSL_NO_RC2
-		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
-		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
+		if (strcmp(*argv, "rc2-cbc") == 0)
+			doit[D_CBC_RC2] = 1;
+		else if (strcmp(*argv, "rc2") == 0)
+			doit[D_CBC_RC2] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_RC5
-		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
-		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
+		if (strcmp(*argv, "rc5-cbc") == 0)
+			doit[D_CBC_RC5] = 1;
+		else if (strcmp(*argv, "rc5") == 0)
+			doit[D_CBC_RC5] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_IDEA
-		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
-		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
+		if (strcmp(*argv, "idea-cbc") == 0)
+			doit[D_CBC_IDEA] = 1;
+		else if (strcmp(*argv, "idea") == 0)
+			doit[D_CBC_IDEA] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_SEED
-		     if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
-		else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
+		if (strcmp(*argv, "seed-cbc") == 0)
+			doit[D_CBC_SEED] = 1;
+		else if (strcmp(*argv, "seed") == 0)
+			doit[D_CBC_SEED] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_BF
-		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
-		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
-		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
+		if (strcmp(*argv, "bf-cbc") == 0)
+			doit[D_CBC_BF] = 1;
+		else if (strcmp(*argv, "blowfish") == 0)
+			doit[D_CBC_BF] = 1;
+		else if (strcmp(*argv, "bf") == 0)
+			doit[D_CBC_BF] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_CAST
-		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
-		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
-		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
+		if (strcmp(*argv, "cast-cbc") == 0)
+			doit[D_CBC_CAST] = 1;
+		else if (strcmp(*argv, "cast") == 0)
+			doit[D_CBC_CAST] = 1;
+		else if (strcmp(*argv, "cast5") == 0)
+			doit[D_CBC_CAST] = 1;
 		else
 #endif
 #ifndef OPENSSL_NO_DES
-			if (strcmp(*argv,"des") == 0)
-			{
-			doit[D_CBC_DES]=1;
-			doit[D_EDE3_DES]=1;
-			}
-		else
+		if (strcmp(*argv, "des") == 0) {
+			doit[D_CBC_DES] = 1;
+			doit[D_EDE3_DES] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_AES
-			if (strcmp(*argv,"aes") == 0)
-			{
-			doit[D_CBC_128_AES]=1;
-			doit[D_CBC_192_AES]=1;
-			doit[D_CBC_256_AES]=1;
-			}
-		else if (strcmp(*argv,"ghash") == 0)
-			{
-			doit[D_GHASH]=1;
-			}
-		else
+		if (strcmp(*argv, "aes") == 0) {
+			doit[D_CBC_128_AES] = 1;
+			doit[D_CBC_192_AES] = 1;
+			doit[D_CBC_256_AES] = 1;
+		} else if (strcmp(*argv, "ghash") == 0) {
+			doit[D_GHASH] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-			if (strcmp(*argv,"camellia") == 0)
-			{
-			doit[D_CBC_128_CML]=1;
-			doit[D_CBC_192_CML]=1;
-			doit[D_CBC_256_CML]=1;
-			}
-		else
+		if (strcmp(*argv, "camellia") == 0) {
+			doit[D_CBC_128_CML] = 1;
+			doit[D_CBC_192_CML] = 1;
+			doit[D_CBC_256_CML] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_RSA
-			if (strcmp(*argv,"rsa") == 0)
-			{
-			rsa_doit[R_RSA_512]=1;
-			rsa_doit[R_RSA_1024]=1;
-			rsa_doit[R_RSA_2048]=1;
-			rsa_doit[R_RSA_4096]=1;
-			}
-		else
+		if (strcmp(*argv, "rsa") == 0) {
+			rsa_doit[R_RSA_512] = 1;
+			rsa_doit[R_RSA_1024] = 1;
+			rsa_doit[R_RSA_2048] = 1;
+			rsa_doit[R_RSA_4096] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_DSA
-			if (strcmp(*argv,"dsa") == 0)
-			{
-			dsa_doit[R_DSA_512]=1;
-			dsa_doit[R_DSA_1024]=1;
-			dsa_doit[R_DSA_2048]=1;
-			}
-		else
+		if (strcmp(*argv, "dsa") == 0) {
+			dsa_doit[R_DSA_512] = 1;
+			dsa_doit[R_DSA_1024] = 1;
+			dsa_doit[R_DSA_2048] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdsa") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdsa_doit[i]=1;
-			}
-		else
+		if (strcmp(*argv, "ecdsap160") == 0)
+			ecdsa_doit[R_EC_P160] = 2;
+		else if (strcmp(*argv, "ecdsap192") == 0)
+			ecdsa_doit[R_EC_P192] = 2;
+		else if (strcmp(*argv, "ecdsap224") == 0)
+			ecdsa_doit[R_EC_P224] = 2;
+		else if (strcmp(*argv, "ecdsap256") == 0)
+			ecdsa_doit[R_EC_P256] = 2;
+		else if (strcmp(*argv, "ecdsap384") == 0)
+			ecdsa_doit[R_EC_P384] = 2;
+		else if (strcmp(*argv, "ecdsap521") == 0)
+			ecdsa_doit[R_EC_P521] = 2;
+		else if (strcmp(*argv, "ecdsak163") == 0)
+			ecdsa_doit[R_EC_K163] = 2;
+		else if (strcmp(*argv, "ecdsak233") == 0)
+			ecdsa_doit[R_EC_K233] = 2;
+		else if (strcmp(*argv, "ecdsak283") == 0)
+			ecdsa_doit[R_EC_K283] = 2;
+		else if (strcmp(*argv, "ecdsak409") == 0)
+			ecdsa_doit[R_EC_K409] = 2;
+		else if (strcmp(*argv, "ecdsak571") == 0)
+			ecdsa_doit[R_EC_K571] = 2;
+		else if (strcmp(*argv, "ecdsab163") == 0)
+			ecdsa_doit[R_EC_B163] = 2;
+		else if (strcmp(*argv, "ecdsab233") == 0)
+			ecdsa_doit[R_EC_B233] = 2;
+		else if (strcmp(*argv, "ecdsab283") == 0)
+			ecdsa_doit[R_EC_B283] = 2;
+		else if (strcmp(*argv, "ecdsab409") == 0)
+			ecdsa_doit[R_EC_B409] = 2;
+		else if (strcmp(*argv, "ecdsab571") == 0)
+			ecdsa_doit[R_EC_B571] = 2;
+		else if (strcmp(*argv, "ecdsa") == 0) {
+			for (i = 0; i < EC_NUM; i++)
+				ecdsa_doit[i] = 1;
+		} else
 #endif
 #ifndef OPENSSL_NO_ECDH
-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdh") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdh_doit[i]=1;
-			}
-		else
+		if (strcmp(*argv, "ecdhp160") == 0)
+			ecdh_doit[R_EC_P160] = 2;
+		else if (strcmp(*argv, "ecdhp192") == 0)
+			ecdh_doit[R_EC_P192] = 2;
+		else if (strcmp(*argv, "ecdhp224") == 0)
+			ecdh_doit[R_EC_P224] = 2;
+		else if (strcmp(*argv, "ecdhp256") == 0)
+			ecdh_doit[R_EC_P256] = 2;
+		else if (strcmp(*argv, "ecdhp384") == 0)
+			ecdh_doit[R_EC_P384] = 2;
+		else if (strcmp(*argv, "ecdhp521") == 0)
+			ecdh_doit[R_EC_P521] = 2;
+		else if (strcmp(*argv, "ecdhk163") == 0)
+			ecdh_doit[R_EC_K163] = 2;
+		else if (strcmp(*argv, "ecdhk233") == 0)
+			ecdh_doit[R_EC_K233] = 2;
+		else if (strcmp(*argv, "ecdhk283") == 0)
+			ecdh_doit[R_EC_K283] = 2;
+		else if (strcmp(*argv, "ecdhk409") == 0)
+			ecdh_doit[R_EC_K409] = 2;
+		else if (strcmp(*argv, "ecdhk571") == 0)
+			ecdh_doit[R_EC_K571] = 2;
+		else if (strcmp(*argv, "ecdhb163") == 0)
+			ecdh_doit[R_EC_B163] = 2;
+		else if (strcmp(*argv, "ecdhb233") == 0)
+			ecdh_doit[R_EC_B233] = 2;
+		else if (strcmp(*argv, "ecdhb283") == 0)
+			ecdh_doit[R_EC_B283] = 2;
+		else if (strcmp(*argv, "ecdhb409") == 0)
+			ecdh_doit[R_EC_B409] = 2;
+		else if (strcmp(*argv, "ecdhb571") == 0)
+			ecdh_doit[R_EC_B571] = 2;
+		else if (strcmp(*argv, "ecdh") == 0) {
+			for (i = 0; i < EC_NUM; i++)
+				ecdh_doit[i] = 1;
+		} else
 #endif
-			{
-			BIO_printf(bio_err,"Error: bad option or value\n");
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available values:\n");
+		{
+			BIO_printf(bio_err, "Error: bad option or value\n");
+			BIO_printf(bio_err, "\n");
+			BIO_printf(bio_err, "Available values:\n");
 #ifndef OPENSSL_NO_MD2
-			BIO_printf(bio_err,"md2      ");
+			BIO_printf(bio_err, "md2      ");
 #endif
 #ifndef OPENSSL_NO_MDC2
-			BIO_printf(bio_err,"mdc2     ");
+			BIO_printf(bio_err, "mdc2     ");
 #endif
 #ifndef OPENSSL_NO_MD4
-			BIO_printf(bio_err,"md4      ");
+			BIO_printf(bio_err, "md4      ");
 #endif
 #ifndef OPENSSL_NO_MD5
-			BIO_printf(bio_err,"md5      ");
+			BIO_printf(bio_err, "md5      ");
 #ifndef OPENSSL_NO_HMAC
-			BIO_printf(bio_err,"hmac     ");
+			BIO_printf(bio_err, "hmac     ");
 #endif
 #endif
 #ifndef OPENSSL_NO_SHA1
-			BIO_printf(bio_err,"sha1     ");
+			BIO_printf(bio_err, "sha1     ");
 #endif
 #ifndef OPENSSL_NO_SHA256
-			BIO_printf(bio_err,"sha256   ");
+			BIO_printf(bio_err, "sha256   ");
 #endif
 #ifndef OPENSSL_NO_SHA512
-			BIO_printf(bio_err,"sha512   ");
+			BIO_printf(bio_err, "sha512   ");
 #endif
 #ifndef OPENSSL_NO_WHIRLPOOL
-			BIO_printf(bio_err,"whirlpool");
+			BIO_printf(bio_err, "whirlpool");
 #endif
 #ifndef OPENSSL_NO_RIPEMD160
-			BIO_printf(bio_err,"rmd160");
+			BIO_printf(bio_err, "rmd160");
 #endif
 #if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
     !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
     !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
     !defined(OPENSSL_NO_WHIRLPOOL)
-			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err, "\n");
 #endif
 
 #ifndef OPENSSL_NO_IDEA
-			BIO_printf(bio_err,"idea-cbc ");
+			BIO_printf(bio_err, "idea-cbc ");
 #endif
 #ifndef OPENSSL_NO_SEED
-			BIO_printf(bio_err,"seed-cbc ");
+			BIO_printf(bio_err, "seed-cbc ");
 #endif
 #ifndef OPENSSL_NO_RC2
-			BIO_printf(bio_err,"rc2-cbc  ");
+			BIO_printf(bio_err, "rc2-cbc  ");
 #endif
 #ifndef OPENSSL_NO_RC5
-			BIO_printf(bio_err,"rc5-cbc  ");
+			BIO_printf(bio_err, "rc5-cbc  ");
 #endif
 #ifndef OPENSSL_NO_BF
-			BIO_printf(bio_err,"bf-cbc");
+			BIO_printf(bio_err, "bf-cbc");
 #endif
 #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
     !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
-			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err, "\n");
 #endif
 #ifndef OPENSSL_NO_DES
-			BIO_printf(bio_err,"des-cbc  des-ede3 ");
+			BIO_printf(bio_err, "des-cbc  des-ede3 ");
 #endif
 #ifndef OPENSSL_NO_AES
-			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
-			BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
+			BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
+			BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+			BIO_printf(bio_err, "\n");
+			BIO_printf(bio_err, "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
 #endif
 #ifndef OPENSSL_NO_RC4
-			BIO_printf(bio_err,"rc4");
+			BIO_printf(bio_err, "rc4");
 #endif
-			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err, "\n");
 
 #ifndef OPENSSL_NO_RSA
-			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
+			BIO_printf(bio_err, "rsa512   rsa1024  rsa2048  rsa4096\n");
 #endif
 
 #ifndef OPENSSL_NO_DSA
-			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+			BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-			BIO_printf(bio_err,"ecdsa\n");
+			BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+			BIO_printf(bio_err, "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+			BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+			BIO_printf(bio_err, "ecdsa\n");
 #endif
 #ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-			BIO_printf(bio_err,"ecdh\n");
+			BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+			BIO_printf(bio_err, "ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+			BIO_printf(bio_err, "ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
+			BIO_printf(bio_err, "ecdh\n");
 #endif
 
 #ifndef OPENSSL_NO_IDEA
-			BIO_printf(bio_err,"idea     ");
+			BIO_printf(bio_err, "idea     ");
 #endif
 #ifndef OPENSSL_NO_SEED
-			BIO_printf(bio_err,"seed     ");
+			BIO_printf(bio_err, "seed     ");
 #endif
 #ifndef OPENSSL_NO_RC2
-			BIO_printf(bio_err,"rc2      ");
+			BIO_printf(bio_err, "rc2      ");
 #endif
 #ifndef OPENSSL_NO_DES
-			BIO_printf(bio_err,"des      ");
+			BIO_printf(bio_err, "des      ");
 #endif
 #ifndef OPENSSL_NO_AES
-			BIO_printf(bio_err,"aes      ");
+			BIO_printf(bio_err, "aes      ");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-			BIO_printf(bio_err,"camellia ");
+			BIO_printf(bio_err, "camellia ");
 #endif
 #ifndef OPENSSL_NO_RSA
-			BIO_printf(bio_err,"rsa      ");
+			BIO_printf(bio_err, "rsa      ");
 #endif
 #ifndef OPENSSL_NO_BF
-			BIO_printf(bio_err,"blowfish");
+			BIO_printf(bio_err, "blowfish");
 #endif
 #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
     !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
     !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
     !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
-			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err, "\n");
 #endif
 
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available options:\n");
+			BIO_printf(bio_err, "\n");
+			BIO_printf(bio_err, "Available options:\n");
 #if defined(TIMES) || defined(USE_TOD)
-			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+			BIO_printf(bio_err, "-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+			BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
-			BIO_printf(bio_err,"-evp e          use EVP e.\n");
-			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
-			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+			BIO_printf(bio_err, "-evp e          use EVP e.\n");
+			BIO_printf(bio_err, "-decrypt        time decryption instead of encryption (only EVP).\n");
+			BIO_printf(bio_err, "-mr             produce machine readable output.\n");
 #ifndef NO_FORK
-			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
+			BIO_printf(bio_err, "-multi n        run n benchmarks in parallel.\n");
 #endif
 			goto end;
-			}
+		}
 		argc--;
 		argv++;
 		j++;
-		}
+	}
 
 #ifndef NO_FORK
-	if(multi && do_multi(multi))
+	if (multi && do_multi(multi))
 		goto show_res;
 #endif
 
-	if (j == 0)
-		{
-		for (i=0; in));
-			BN_print(bio_err,rsa_key[i]->e);
-			BIO_printf(bio_err,"\n");
-			}
-#endif
+		else {
+			BIO_printf(bio_err, mr ? "+RK:%d:"
+			    : "Loaded RSA key, %d bit modulus and e= 0x",
+			    BN_num_bits(rsa_key[i]->n));
+			BN_print(bio_err, rsa_key[i]->e);
+			BIO_printf(bio_err, "\n");
 		}
 #endif
+	}
+#endif
 
 #ifndef OPENSSL_NO_DSA
-	dsa_key[0]=get_dsa512();
-	dsa_key[1]=get_dsa1024();
-	dsa_key[2]=get_dsa2048();
+	dsa_key[0] = get_dsa512();
+	dsa_key[1] = get_dsa1024();
+	dsa_key[2] = get_dsa2048();
 #endif
 
 #ifndef OPENSSL_NO_DES
-	DES_set_key_unchecked(&key,&sch);
-	DES_set_key_unchecked(&key2,&sch2);
-	DES_set_key_unchecked(&key3,&sch3);
+	DES_set_key_unchecked(&key, &sch);
+	DES_set_key_unchecked(&key2, &sch2);
+	DES_set_key_unchecked(&key3, &sch3);
 #endif
 #ifndef OPENSSL_NO_AES
-	AES_set_encrypt_key(key16,128,&aes_ks1);
-	AES_set_encrypt_key(key24,192,&aes_ks2);
-	AES_set_encrypt_key(key32,256,&aes_ks3);
+	AES_set_encrypt_key(key16, 128, &aes_ks1);
+	AES_set_encrypt_key(key24, 192, &aes_ks2);
+	AES_set_encrypt_key(key32, 256, &aes_ks3);
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-	Camellia_set_key(key16,128,&camellia_ks1);
-	Camellia_set_key(ckey24,192,&camellia_ks2);
-	Camellia_set_key(ckey32,256,&camellia_ks3);
+	Camellia_set_key(key16, 128, &camellia_ks1);
+	Camellia_set_key(ckey24, 192, &camellia_ks2);
+	Camellia_set_key(ckey32, 256, &camellia_ks3);
 #endif
 #ifndef OPENSSL_NO_IDEA
-	idea_set_encrypt_key(key16,&idea_ks);
+	idea_set_encrypt_key(key16, &idea_ks);
 #endif
 #ifndef OPENSSL_NO_SEED
-	SEED_set_key(key16,&seed_ks);
+	SEED_set_key(key16, &seed_ks);
 #endif
 #ifndef OPENSSL_NO_RC4
-	RC4_set_key(&rc4_ks,16,key16);
+	RC4_set_key(&rc4_ks, 16, key16);
 #endif
 #ifndef OPENSSL_NO_RC2
-	RC2_set_key(&rc2_ks,16,key16,128);
+	RC2_set_key(&rc2_ks, 16, key16, 128);
 #endif
 #ifndef OPENSSL_NO_RC5
-	RC5_32_set_key(&rc5_ks,16,key16,12);
+	RC5_32_set_key(&rc5_ks, 16, key16, 12);
 #endif
 #ifndef OPENSSL_NO_BF
-	BF_set_key(&bf_ks,16,key16);
+	BF_set_key(&bf_ks, 16, key16);
 #endif
 #ifndef OPENSSL_NO_CAST
-	CAST_set_key(&cast_ks,16,key16);
+	CAST_set_key(&cast_ks, 16, key16);
 #endif
 #ifndef OPENSSL_NO_RSA
-	memset(rsa_c,0,sizeof(rsa_c));
+	memset(rsa_c, 0, sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
 #ifndef OPENSSL_NO_DES
-	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
-	count=10;
-	do	{
+	BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+	count = 10;
+	do {
 		long it;
-		count*=2;
+		count *= 2;
 		Time_F(START);
-		for (it=count; it; it--)
-			DES_ecb_encrypt((DES_cblock *)buf,
-				(DES_cblock *)buf,
-				&sch,DES_ENCRYPT);
-		d=Time_F(STOP);
-		} while (d <3);
-	save_count=count;
-	c[D_MD2][0]=count/10;
-	c[D_MDC2][0]=count/10;
-	c[D_MD4][0]=count;
-	c[D_MD5][0]=count;
-	c[D_HMAC][0]=count;
-	c[D_SHA1][0]=count;
-	c[D_RMD160][0]=count;
-	c[D_RC4][0]=count*5;
-	c[D_CBC_DES][0]=count;
-	c[D_EDE3_DES][0]=count/3;
-	c[D_CBC_IDEA][0]=count;
-	c[D_CBC_SEED][0]=count;
-	c[D_CBC_RC2][0]=count;
-	c[D_CBC_RC5][0]=count;
-	c[D_CBC_BF][0]=count;
-	c[D_CBC_CAST][0]=count;
-	c[D_CBC_128_AES][0]=count;
-	c[D_CBC_192_AES][0]=count;
-	c[D_CBC_256_AES][0]=count;
-	c[D_CBC_128_CML][0]=count;
-	c[D_CBC_192_CML][0]=count;
-	c[D_CBC_256_CML][0]=count;
-	c[D_SHA256][0]=count;
-	c[D_SHA512][0]=count;
-	c[D_WHIRLPOOL][0]=count;
-	c[D_IGE_128_AES][0]=count;
-	c[D_IGE_192_AES][0]=count;
-	c[D_IGE_256_AES][0]=count;
-	c[D_GHASH][0]=count;
-
-	for (i=1; inid);
-				/* -O3 -fschedule-insns messes up an
-				 * optimization here!  names[D_EVP]
-				 * somehow becomes NULL */
-				print_message(names[D_EVP],save_count,
-					lengths[j]);
+				names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
+				/*
+				 * -O3 -fschedule-insns messes up an
+				 * optimization here!  names[D_EVP] somehow
+				 * becomes NULL
+				 */
+				print_message(names[D_EVP], save_count,
+				    lengths[j]);
 
 				EVP_CIPHER_CTX_init(&ctx);
-				if(decrypt)
-					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+				if (decrypt)
+					EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
 				else
-					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+					EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
 				EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 				Time_F(START);
-				if(decrypt)
-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-						EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+				if (decrypt)
+					for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+						EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
 				else
-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-						EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
-				if(decrypt)
-					EVP_DecryptFinal_ex(&ctx,buf,&outl);
+					for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+						EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+				if (decrypt)
+					EVP_DecryptFinal_ex(&ctx, buf, &outl);
 				else
-					EVP_EncryptFinal_ex(&ctx,buf,&outl);
-				d=Time_F(STOP);
+					EVP_EncryptFinal_ex(&ctx, buf, &outl);
+				d = Time_F(STOP);
 				EVP_CIPHER_CTX_cleanup(&ctx);
-				}
-			if (evp_md)
-				{
-				names[D_EVP]=OBJ_nid2ln(evp_md->type);
-				print_message(names[D_EVP],save_count,
-					lengths[j]);
+			}
+			if (evp_md) {
+				names[D_EVP] = OBJ_nid2ln(evp_md->type);
+				print_message(names[D_EVP], save_count,
+				    lengths[j]);
 
 				Time_F(START);
-				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-					EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+				for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+					EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
 
-				d=Time_F(STOP);
-				}
-			print_result(D_EVP,j,count,d);
+				d = Time_F(STOP);
 			}
+			print_result(D_EVP, j, count, d);
 		}
-
-	RAND_pseudo_bytes(buf,36);
+	}
+	RAND_pseudo_bytes(buf, 36);
 #ifndef OPENSSL_NO_RSA
-	for (j=0; j 10000 && !mr)
-				fprintf(stdout," %11.2fk",results[k][j]/1e3);
+				fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
 			else
-				fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
-			}
-		fprintf(stdout,"\n");
+				fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
 		}
+		fprintf(stdout, "\n");
+	}
 #ifndef OPENSSL_NO_RSA
-	j=1;
-	for (k=0; k= 1)
-		{
-		if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-challenge") == 0)
-			{
-			if (--argc < 1) goto bad;
-			challenge= *(++argv);
-			}
-		else if (strcmp(*argv,"-spkac") == 0)
-			{
-			if (--argc < 1) goto bad;
-			spkac= *(++argv);
-			}
-		else if (strcmp(*argv,"-spksect") == 0)
-			{
-			if (--argc < 1) goto bad;
-			spksect= *(++argv);
-			}
+	while (argc >= 1) {
+		if (strcmp(*argv, "-in") == 0) {
+			if (--argc < 1)
+				goto bad;
+			infile = *(++argv);
+		} else if (strcmp(*argv, "-out") == 0) {
+			if (--argc < 1)
+				goto bad;
+			outfile = *(++argv);
+		} else if (strcmp(*argv, "-passin") == 0) {
+			if (--argc < 1)
+				goto bad;
+			passargin = *(++argv);
+		} else if (strcmp(*argv, "-key") == 0) {
+			if (--argc < 1)
+				goto bad;
+			keyfile = *(++argv);
+		} else if (strcmp(*argv, "-challenge") == 0) {
+			if (--argc < 1)
+				goto bad;
+			challenge = *(++argv);
+		} else if (strcmp(*argv, "-spkac") == 0) {
+			if (--argc < 1)
+				goto bad;
+			spkac = *(++argv);
+		} else if (strcmp(*argv, "-spksect") == 0) {
+			if (--argc < 1)
+				goto bad;
+			spksect = *(++argv);
+		}
 #ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
+		else if (strcmp(*argv, "-engine") == 0) {
+			if (--argc < 1)
+				goto bad;
+			engine = *(++argv);
+		}
 #endif
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-pubkey") == 0)
-			pubkey=1;
-		else if (strcmp(*argv,"-verify") == 0)
-			verify=1;
-		else badops = 1;
+		else if (strcmp(*argv, "-noout") == 0)
+			noout = 1;
+		else if (strcmp(*argv, "-pubkey") == 0)
+			pubkey = 1;
+		else if (strcmp(*argv, "-verify") == 0)
+			verify = 1;
+		else
+			badops = 1;
 		argc--;
 		argv++;
-		}
+	}
 
-	if (badops)
-		{
+	if (badops) {
 bad:
-		BIO_printf(bio_err,"%s [options]\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -in arg        input file\n");
-		BIO_printf(bio_err," -out arg       output file\n");
-		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
-		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err," -challenge arg challenge string\n");
-		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
-		BIO_printf(bio_err," -noout         don't print SPKAC\n");
-		BIO_printf(bio_err," -pubkey        output public key\n");
-		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+		BIO_printf(bio_err, "%s [options]\n", prog);
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, " -in arg        input file\n");
+		BIO_printf(bio_err, " -out arg       output file\n");
+		BIO_printf(bio_err, " -key arg       create SPKAC using private key\n");
+		BIO_printf(bio_err, " -passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err, " -challenge arg challenge string\n");
+		BIO_printf(bio_err, " -spkac arg     alternative SPKAC name\n");
+		BIO_printf(bio_err, " -noout         don't print SPKAC\n");
+		BIO_printf(bio_err, " -pubkey        output public key\n");
+		BIO_printf(bio_err, " -verify        verify SPKAC signature\n");
 #ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, " -engine e      use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
-		}
-
+	}
 	ERR_load_crypto_strings();
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 	}
-
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+	e = setup_engine(bio_err, engine, 0);
 #endif
 
-	if(keyfile) {
+	if (keyfile) {
 		pkey = load_key(bio_err,
-				strcmp(keyfile, "-") ? keyfile : NULL,
-				FORMAT_PEM, 1, passin, e, "private key");
-		if(!pkey) {
+		    strcmp(keyfile, "-") ? keyfile : NULL,
+		    FORMAT_PEM, 1, passin, e, "private key");
+		if (!pkey) {
 			goto end;
 		}
 		spki = NETSCAPE_SPKI_new();
-		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
-						 challenge, (int)strlen(challenge));
+		if (challenge)
+			ASN1_STRING_set(spki->spkac->challenge,
+			    challenge, (int) strlen(challenge));
 		NETSCAPE_SPKI_set_pubkey(spki, pkey);
 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);
 
-		if (outfile) out = BIO_new_file(outfile, "w");
+		if (outfile)
+			out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
 		}
 
-		if(!out) {
+		if (!out) {
 			BIO_printf(bio_err, "Error opening output file\n");
 			ERR_print_errors(bio_err);
 			goto end;
@@ -221,66 +216,64 @@ bad:
 		ret = 0;
 		goto end;
 	}
+	if (infile)
+		in = BIO_new_file(infile, "r");
+	else
+		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 
-	
-
-	if (infile) in = BIO_new_file(infile, "r");
-	else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if(!in) {
+	if (!in) {
 		BIO_printf(bio_err, "Error opening input file\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-
 	conf = NCONF_new(NULL);
 	i = NCONF_load_bio(conf, in, NULL);
 
-	if(!i) {
+	if (!i) {
 		BIO_printf(bio_err, "Error parsing config file\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-
 	spkstr = NCONF_get_string(conf, spksect, spkac);
-		
-	if(!spkstr) {
+
+	if (!spkstr) {
 		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-
 	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
-	
-	if(!spki) {
+
+	if (!spki) {
 		BIO_printf(bio_err, "Error loading SPKAC\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-
-	if (outfile) out = BIO_new_file(outfile, "w");
+	if (outfile)
+		out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 	}
 
-	if(!out) {
+	if (!out) {
 		BIO_printf(bio_err, "Error opening output file\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-
-	if(!noout) NETSCAPE_SPKI_print(out, spki);
+	if (!noout)
+		NETSCAPE_SPKI_print(out, spki);
 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
-	if(verify) {
+	if (verify) {
 		i = NETSCAPE_SPKI_verify(spki, pkey);
-		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+		if (i > 0)
+			BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
-	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
+	if (pubkey)
+		PEM_write_bio_PUBKEY(out, pkey);
 
 	ret = 0;
 
@@ -290,7 +283,8 @@ end:
 	BIO_free(in);
 	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
-	if(passin) free(passin);
+	if (passin)
+		free(passin);
 	apps_shutdown();
-	return(ret);
-	}
+	return (ret);
+}
diff --git a/lib/libssl/src/apps/srp.c b/lib/libssl/src/apps/srp.c
index 2ce1d408317..1a874fbd6c1 100644
--- a/lib/libssl/src/apps/srp.c
+++ b/lib/libssl/src/apps/srp.c
@@ -1,5 +1,5 @@
 /* apps/srp.c */
-/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
+/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
  * for the EdelKey project and contributed to the OpenSSL project 2004.
  */
 /* ====================================================================
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -81,25 +81,25 @@
 #define ENV_DATABASE		"srpvfile"
 #define ENV_DEFAULT_SRP		"default_srp"
 
-static char *srp_usage[]={
-"usage: srp [args] [user] \n",
-"\n",
-" -verbose        Talk alot while doing things\n",
-" -config file    A config file\n",
-" -name arg       The particular srp definition to use\n",
-" -srpvfile arg   The srp verifier file name\n",
-" -add            add an user and srp verifier\n",
-" -modify         modify the srp verifier of an existing user\n",
-" -delete         delete user from verifier file\n",
-" -list           list user\n",
-" -gn arg         g and N values to be used for new verifier\n",
-" -userinfo arg   additional info to be set for user\n",
-" -passin arg     input file pass phrase source\n",
-" -passout arg    output file pass phrase source\n",
+static char *srp_usage[] = {
+	"usage: srp [args] [user] \n",
+	"\n",
+	" -verbose        Talk alot while doing things\n",
+	" -config file    A config file\n",
+	" -name arg       The particular srp definition to use\n",
+	" -srpvfile arg   The srp verifier file name\n",
+	" -add            add an user and srp verifier\n",
+	" -modify         modify the srp verifier of an existing user\n",
+	" -delete         delete user from verifier file\n",
+	" -list           list user\n",
+	" -gn arg         g and N values to be used for new verifier\n",
+	" -userinfo arg   additional info to be set for user\n",
+	" -passin arg     input file pass phrase source\n",
+	" -passout arg    output file pass phrase source\n",
 #ifndef OPENSSL_NO_ENGINE
-" -engine e         - use engine e, possibly a hardware device.\n",
+	" -engine e         - use engine e, possibly a hardware device.\n",
 #endif
-NULL
+	NULL
 };
 
 #ifdef EFENCE
@@ -108,110 +108,108 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-static CONF *conf=NULL;
-static char *section=NULL;
+static CONF *conf = NULL;
+static char *section = NULL;
 
-#define VERBOSE if (verbose) 
-#define VVERBOSE if (verbose>1) 
+#define VERBOSE if (verbose)
+#define VVERBOSE if (verbose>1)
 
 
 int MAIN(int, char **);
 
-static int get_index(CA_DB *db, char* id, char type)
-	{
-	char ** pp;
+static int 
+get_index(CA_DB * db, char *id, char type)
+{
+	char **pp;
 	int i;
-	if (id == NULL) return -1;
-	if (type == DB_SRP_INDEX) 
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-		if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
-			return i;
+	if (id == NULL)
+		return -1;
+	if (type == DB_SRP_INDEX)
+		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+			pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+			if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+				return i;
 		}
-	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+	else
+		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+			pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
 
-		if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
-			return i;
+			if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+				return i;
 		}
 
-	return -1 ; 
-	}
+	return -1;
+}
 
-static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
-	{
-	if (indx >= 0 && verbose)
-		{
+static void 
+print_entry(CA_DB * db, BIO * bio, int indx, int verbose, char *s)
+{
+	if (indx >= 0 && verbose) {
 		int j;
 		char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
 		BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
-		for (j = 0; j < DB_NUMBER; j++)
-			{
-			BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
-			}
+		for (j = 0; j < DB_NUMBER; j++) {
+			BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
 		}
 	}
+}
 
-static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
-	{
-	print_entry(db, bio, indexindex, verbose, "g N entry") ;
-	}
+static void 
+print_index(CA_DB * db, BIO * bio, int indexindex, int verbose)
+{
+	print_entry(db, bio, indexindex, verbose, "g N entry");
+}
 
-static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
-	{
-	if (verbose > 0)
-		{
-		char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
+static void 
+print_user(CA_DB * db, BIO * bio, int userindex, int verbose)
+{
+	if (verbose > 0) {
+		char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 
-		if (pp[DB_srptype][0] != 'I')
-			{
+		if (pp[DB_srptype][0] != 'I') {
 			print_entry(db, bio, userindex, verbose, "User entry");
 			print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
-			}
-
 		}
 	}
+}
 
-static int update_index(CA_DB *db, BIO *bio, char **row)
-	{
-	char ** irow;
+static int 
+update_index(CA_DB * db, BIO * bio, char **row)
+{
+	char **irow;
 	int i;
 
-	if ((irow=(char **)malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+	if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+		BIO_printf(bio_err, "Memory allocation failure\n");
 		return 0;
-		}
-
-	for (i=0; idb,irow))
-		{
-		BIO_printf(bio,"failed to update srpvfile\n");
-		BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
+	if (!TXT_DB_insert(db->db, irow)) {
+		BIO_printf(bio, "failed to update srpvfile\n");
+		BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
 		free(irow);
 		return 0;
-		}
-	return 1;
 	}
+	return 1;
+}
 
-static void lookup_fail(const char *name, char *tag)
-	{
-	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
-	}
+static void 
+lookup_fail(const char *name, char *tag)
+{
+	BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+}
 
 
-static char *srp_verify_user(const char *user, const char *srp_verifier,
-			     char *srp_usersalt, const char *g, const char *N,
-			     const char *passin, BIO *bio, int verbose)
-	{
+static char *
+srp_verify_user(const char *user, const char *srp_verifier,
+    char *srp_usersalt, const char *g, const char *N,
+    const char *passin, BIO * bio, int verbose)
+{
 	char password[1024];
 	PW_CB_DATA cb_tmp;
 	char *verifier = NULL;
@@ -220,90 +218,85 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 	cb_tmp.prompt_info = user;
 	cb_tmp.password = passin;
 
- 	if (password_callback(password, 1024, 0, &cb_tmp) >0)
-		{
-		VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
+	if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
+		VERBOSE BIO_printf(bio, "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N);
 		BIO_printf(bio, "Pass %s\n", password);
 
-		if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
-			{
+		if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) {
 			BIO_printf(bio, "Internal error validating SRP verifier\n");
-			}
-		else
-			{
+		} else {
 			if (strcmp(verifier, srp_verifier))
 				gNid = NULL;
 			free(verifier);
-			}
 		}
-	return gNid;
 	}
+	return gNid;
+}
 
-static char *srp_create_user(char *user, char **srp_verifier,
-			     char **srp_usersalt, char *g, char *N,
-			     char *passout, BIO *bio, int verbose)
-	{
- 	char password[1024];
-        PW_CB_DATA cb_tmp;
+static char *
+srp_create_user(char *user, char **srp_verifier,
+    char **srp_usersalt, char *g, char *N,
+    char *passout, BIO * bio, int verbose)
+{
+	char password[1024];
+	PW_CB_DATA cb_tmp;
 	char *gNid = NULL;
 	char *salt = NULL;
-        cb_tmp.prompt_info = user;
-        cb_tmp.password = passout;
-
-	if (password_callback(password,1024,1,&cb_tmp) >0)
-		{
-		VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
-		if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
-			{
-			BIO_printf(bio,"Internal error creating SRP verifier\n");
-			}
-		else 
+	cb_tmp.prompt_info = user;
+	cb_tmp.password = passout;
+
+	if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
+		VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N);
+		if (!(gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) {
+			BIO_printf(bio, "Internal error creating SRP verifier\n");
+		} else
 			*srp_usersalt = salt;
-		VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
+		VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier);
 
-		}
-	return gNid;
 	}
+	return gNid;
+}
 
-int MAIN(int argc, char **argv)
-	{
+int 
+MAIN(int argc, char **argv)
+{
 	int add_user = 0;
-	int list_user= 0;
-	int delete_user= 0;
-	int modify_user= 0;
-	char * user = NULL;
+	int list_user = 0;
+	int delete_user = 0;
+	int modify_user = 0;
+	char *user = NULL;
 
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
-        char * gN = NULL;
+	char *gN = NULL;
 	int gNindex = -1;
-	char ** gNrow = NULL;
+	char **gNrow = NULL;
 	int maxgN = -1;
 
-	char * userinfo = NULL;
-
-	int badops=0;
-	int ret=1;
-	int errors=0;
-	int verbose=0;
-	int doupdatedb=0;
-	char *configfile=NULL;
-	char *dbfile=NULL;
-	CA_DB *db=NULL;
-	char **pp ;
+	char *userinfo = NULL;
+
+	int badops = 0;
+	int ret = 1;
+	int errors = 0;
+	int verbose = 0;
+	int doupdatedb = 0;
+	char *configfile = NULL;
+	char *dbfile = NULL;
+	CA_DB *db = NULL;
+	char **pp;
 	int i;
 	long errorline = -1;
-	char *randfile=NULL;
+	char *randfile = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
 #endif
-	char *tofree=NULL;
+	char *tofree = NULL;
 	DB_ATTR db_attr;
 
 #ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
+	EF_PROTECT_FREE = 1;
+	EF_PROTECT_BELOW = 1;
+	EF_ALIGNMENT = 0;
 #endif
 
 	apps_startup();
@@ -312,439 +305,381 @@ EF_ALIGNMENT=0;
 	section = NULL;
 
 	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
 	argc--;
 	argv++;
-	while (argc >= 1 && badops == 0)
-		{
-		if	(strcmp(*argv,"-verbose") == 0)
+	while (argc >= 1 && badops == 0) {
+		if (strcmp(*argv, "-verbose") == 0)
 			verbose++;
-		else if	(strcmp(*argv,"-config") == 0)
-			{
-			if (--argc < 1) goto bad;
-			configfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-name") == 0)
-			{
-			if (--argc < 1) goto bad;
-			section= *(++argv);
-			}
-		else if	(strcmp(*argv,"-srpvfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dbfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-add") == 0)
-			add_user=1;
-		else if (strcmp(*argv,"-delete") == 0)
-			delete_user=1;
-		else if (strcmp(*argv,"-modify") == 0)
-			modify_user=1;
-		else if (strcmp(*argv,"-list") == 0)
-			list_user=1;
-		else if (strcmp(*argv,"-gn") == 0)
-			{
-			if (--argc < 1) goto bad;
-			gN= *(++argv);
-			}
-		else if (strcmp(*argv,"-userinfo") == 0)
-			{
-			if (--argc < 1) goto bad;
-			userinfo= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
+		else if (strcmp(*argv, "-config") == 0) {
+			if (--argc < 1)
+				goto bad;
+			configfile = *(++argv);
+		} else if (strcmp(*argv, "-name") == 0) {
+			if (--argc < 1)
+				goto bad;
+			section = *(++argv);
+		} else if (strcmp(*argv, "-srpvfile") == 0) {
+			if (--argc < 1)
+				goto bad;
+			dbfile = *(++argv);
+		} else if (strcmp(*argv, "-add") == 0)
+			add_user = 1;
+		else if (strcmp(*argv, "-delete") == 0)
+			delete_user = 1;
+		else if (strcmp(*argv, "-modify") == 0)
+			modify_user = 1;
+		else if (strcmp(*argv, "-list") == 0)
+			list_user = 1;
+		else if (strcmp(*argv, "-gn") == 0) {
+			if (--argc < 1)
+				goto bad;
+			gN = *(++argv);
+		} else if (strcmp(*argv, "-userinfo") == 0) {
+			if (--argc < 1)
+				goto bad;
+			userinfo = *(++argv);
+		} else if (strcmp(*argv, "-passin") == 0) {
+			if (--argc < 1)
+				goto bad;
+			passargin = *(++argv);
+		} else if (strcmp(*argv, "-passout") == 0) {
+			if (--argc < 1)
+				goto bad;
+			passargout = *(++argv);
+		}
 #ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
+		else if (strcmp(*argv, "-engine") == 0) {
+			if (--argc < 1)
+				goto bad;
+			engine = *(++argv);
+		}
 #endif
 
-		else if (**argv == '-')
-			{
-bad:
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
+		else if (**argv == '-') {
+	bad:
+			BIO_printf(bio_err, "unknown option %s\n", *argv);
+			badops = 1;
 			break;
-			}
-		else 
+		} else
 			break;
-	
+
 		argc--;
 		argv++;
-		}
+	}
 
-	if (dbfile && configfile)
-		{
-		BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
+	if (dbfile && configfile) {
+		BIO_printf(bio_err, "-dbfile and -configfile cannot be specified together.\n");
 		badops = 1;
-		}
-	if (add_user+delete_user+modify_user+list_user != 1)
-		{
-		BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+	}
+	if (add_user + delete_user + modify_user + list_user != 1) {
+		BIO_printf(bio_err, "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
 		badops = 1;
-		}
-	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
-		{
-		BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
+	}
+	if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
+		BIO_printf(bio_err, "Need at least one user for options -add, -delete, -modify. \n");
 		badops = 1;
-		}
-	if ((passin || passout) && argc != 1 )
-		{
-		BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
+	}
+	if ((passin || passout) && argc != 1) {
+		BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n");
 		badops = 1;
-		}
-
-	if (badops)
-		{
-		for (pp=srp_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+	}
+	if (badops) {
+		for (pp = srp_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err, "%s", *pp);
 
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                 the random number generator\n");
+		BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err, "                 the random number generator\n");
 		goto err;
-		}
-
+	}
 	ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
 	setup_engine(bio_err, engine, 0);
 #endif
 
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
+	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto err;
-		}
-
-        if (!dbfile)
-		{
+	}
+	if (!dbfile) {
 
 
-	/*****************************************************************/
-		tofree=NULL;
-		if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
-		if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
+		/*****************************************************************/
+		tofree = NULL;
+		if (configfile == NULL)
+			configfile = getenv("OPENSSL_CONF");
 		if (configfile == NULL)
-			{
-			const char *s=X509_get_default_cert_area();
+			configfile = getenv("SSLEAY_CONF");
+		if (configfile == NULL) {
+			const char *s = X509_get_default_cert_area();
 			size_t len;
 
-			len = strlen(s)+sizeof(CONFIG_FILE)+1;
-			tofree=malloc(len);
-			BUF_strlcpy(tofree,s,len);
-			BUF_strlcat(tofree,"/",len);
-			BUF_strlcat(tofree,CONFIG_FILE,len);
-			configfile=tofree;
-			}
-
-		VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+			len = strlen(s) + sizeof(CONFIG_FILE) + 1;
+			tofree = malloc(len);
+			BUF_strlcpy(tofree, s, len);
+			BUF_strlcat(tofree, "/", len);
+			BUF_strlcat(tofree, CONFIG_FILE, len);
+			configfile = tofree;
+		}
+		VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", configfile);
 		conf = NCONF_new(NULL);
-		if (NCONF_load(conf,configfile,&errorline) <= 0)
-			{
+		if (NCONF_load(conf, configfile, &errorline) <= 0) {
 			if (errorline <= 0)
-				BIO_printf(bio_err,"error loading the config file '%s'\n",
-					configfile);
+				BIO_printf(bio_err, "error loading the config file '%s'\n",
+				    configfile);
 			else
-				BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
-					,errorline,configfile);
+				BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
+				    ,errorline, configfile);
 			goto err;
-			}
-		if(tofree)
-			{
+		}
+		if (tofree) {
 			free(tofree);
 			tofree = NULL;
-			}
-
+		}
 		if (!load_config(bio_err, conf))
 			goto err;
 
-	/* Lets get the config section we are using */
-		if (section == NULL)
-			{
-			VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
+		/* Lets get the config section we are using */
+		if (section == NULL) {
+			VERBOSE BIO_printf(bio_err, "trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
 
-			section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
-			if (section == NULL)
-				{
-				lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
+			section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+			if (section == NULL) {
+				lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
 				goto err;
-				}
 			}
-         
+		}
 		if (randfile == NULL && conf)
-	        	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+			randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
 
-	
-		VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
 
-		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
-			{
-			lookup_fail(section,ENV_DATABASE);
-			goto err;
-			}
+		VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
 
-        	}
+		if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+			lookup_fail(section, ENV_DATABASE);
+			goto err;
+		}
+	}
 	if (randfile == NULL)
 		ERR_clear_error();
-       	else 
+	else
 		app_RAND_load_file(randfile, bio_err, 0);
 
-	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
+	VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
 
 	db = load_index(dbfile, &db_attr);
-	if (db == NULL) goto err;
+	if (db == NULL)
+		goto err;
 
 	/* Lets check some fields */
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
+	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
 		pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
-	
-		if (pp[DB_srptype][0] == DB_SRP_INDEX)
-			{
+
+		if (pp[DB_srptype][0] == DB_SRP_INDEX) {
 			maxgN = i;
 			if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
 				gNindex = i;
 
 			print_index(db, bio_err, i, verbose > 1);
-			}
 		}
-	
+	}
+
 	VERBOSE BIO_printf(bio_err, "Database initialised\n");
 
-	if (gNindex >= 0)
-		{
-		gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+	if (gNindex >= 0) {
+		gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
 		print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
-		}
-	else if (maxgN > 0 && !SRP_get_default_gN(gN))
-		{
+	} else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
 		BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
 		goto err;
-		}
-	else
-		{
+	} else {
 		VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
 		gNrow = NULL;
-		}
-	
+	}
+
 
-	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
+	VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
 
 	if (argc > 0)
-		user = *(argv++) ;
+		user = *(argv++);
 
-	while (list_user || user)
-		{
+	while (list_user || user) {
 		int userindex = -1;
-		if (user) 
+		if (user)
 			VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-		if ((userindex = get_index(db, user, 'U')) >= 0)
-			{
+		if ((userindex = get_index(db, user, 'U')) >= 0) {
 			print_user(db, bio_err, userindex, (verbose > 0) || list_user);
-			}
-		
-		if (list_user)
-			{
-			if (user == NULL)
-				{
-				BIO_printf(bio_err,"List all users\n");
-
-				for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-					{
-					print_user(db,bio_err, i, 1);
-					}
-				list_user = 0;
+		}
+		if (list_user) {
+			if (user == NULL) {
+				BIO_printf(bio_err, "List all users\n");
+
+				for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+					print_user(db, bio_err, i, 1);
 				}
-			else if (userindex < 0)
-				{
+				list_user = 0;
+			} else if (userindex < 0) {
 				BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
-					   user);
+				    user);
 				errors++;
-				}
 			}
-		else if (add_user)
-			{
-			if (userindex >= 0)
-				{
+		} else if (add_user) {
+			if (userindex >= 0) {
 				/* reactivation of a new user */
 				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
 				row[DB_srptype][0] = 'V';
 
 				doupdatedb = 1;
-				}
-			else
-				{
-				char *row[DB_NUMBER] ; char *gNid;
+			} else {
+				char *row[DB_NUMBER];
+				char *gNid;
 				row[DB_srpverifier] = NULL;
 				row[DB_srpsalt] = NULL;
 				row[DB_srpinfo] = NULL;
-				if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
-					{
-						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
-						errors++;
-						goto err;
-					}
+				if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
+					BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
+					errors++;
+					goto err;
+				}
 				row[DB_srpid] = BUF_strdup(user);
 				row[DB_srptype] = BUF_strdup("v");
 				row[DB_srpgN] = BUF_strdup(gNid);
 
 				if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
-					(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
-					!update_index(db, bio_err, row))
-					{
-					if (row[DB_srpid]) free(row[DB_srpid]);
-					if (row[DB_srpgN]) free(row[DB_srpgN]);
-					if (row[DB_srpinfo]) free(row[DB_srpinfo]);
-					if (row[DB_srptype]) free(row[DB_srptype]);
-					if (row[DB_srpverifier]) free(row[DB_srpverifier]);
-					if (row[DB_srpsalt]) free(row[DB_srpsalt]);
+				    (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) ||
+				    !update_index(db, bio_err, row)) {
+					if (row[DB_srpid])
+						free(row[DB_srpid]);
+					if (row[DB_srpgN])
+						free(row[DB_srpgN]);
+					if (row[DB_srpinfo])
+						free(row[DB_srpinfo]);
+					if (row[DB_srptype])
+						free(row[DB_srptype]);
+					if (row[DB_srpverifier])
+						free(row[DB_srpverifier]);
+					if (row[DB_srpsalt])
+						free(row[DB_srpsalt]);
 					goto err;
-					}
-				doupdatedb = 1;
 				}
+				doupdatedb = 1;
 			}
-		else if (modify_user)
-			{
-			if (userindex < 0)
-				{
-				BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
+		} else if (modify_user) {
+			if (userindex < 0) {
+				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored.\n", user);
 				errors++;
-				}
-			else
-				{
+			} else {
 
 				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				char type = row[DB_srptype][0];
-				if (type == 'v')
-					{
-					BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
+				if (type == 'v') {
+					BIO_printf(bio_err, "user \"%s\" already updated, operation ignored.\n", user);
 					errors++;
-					}
-				else
-					{
+				} else {
 					char *gNid;
 
-					if (row[DB_srptype][0] == 'V')
-						{
+					if (row[DB_srptype][0] == 'V') {
 						int user_gN;
 						char **irow = NULL;
-						VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
-						if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
-							irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+						VERBOSE BIO_printf(bio_err, "Verifying password for user \"%s\"\n", user);
+						if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+							irow = (char **) sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 
- 						if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
-							{
+						if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose)) {
 							BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
 							errors++;
 							goto err;
-							}
-						} 
-					VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
+						}
+					}
+					VERBOSE BIO_printf(bio_err, "Password for user \"%s\" ok.\n", user);
 
-					if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
-						{
+					if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, passout, bio_err, verbose))) {
 						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
 						errors++;
 						goto err;
-						}
-
+					}
 					row[DB_srptype][0] = 'v';
 					row[DB_srpgN] = BUF_strdup(gNid);
- 
+
 					if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
-						(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
+					    (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
 						goto err;
 
 					doupdatedb = 1;
-					}
 				}
 			}
-		else if (delete_user)
-			{
-			if (userindex < 0)
-				{
+		} else if (delete_user) {
+			if (userindex < 0) {
 				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
 				errors++;
-				}
-			else
-				{
-				char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
+			} else {
+				char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
 
 				xpp[DB_srptype][0] = 'R';
-				
+
 				doupdatedb = 1;
-				}
 			}
+		}
 		if (--argc > 0)
-			user = *(argv++) ;
-		else
-			{
+			user = *(argv++);
+		else {
 			user = NULL;
 			list_user = 0;
-			}
 		}
+	}
 
-	VERBOSE BIO_printf(bio_err,"User procession done.\n");
+	VERBOSE BIO_printf(bio_err, "User procession done.\n");
 
 
-	if (doupdatedb)
-		{
+	if (doupdatedb) {
 		/* Lets check some fields */
-		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-			{
-			pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-	
-			if (pp[DB_srptype][0] == 'v')
-				{
+		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+			pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+			if (pp[DB_srptype][0] == 'v') {
 				pp[DB_srptype][0] = 'V';
 				print_user(db, bio_err, i, verbose);
-				}
 			}
+		}
 
 		VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
-		if (!save_index(dbfile, "new", db)) goto err;
-				
+		if (!save_index(dbfile, "new", db))
+			goto err;
+
 		VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
-		if (!rotate_index(dbfile, "new", "old")) goto err;
+		if (!rotate_index(dbfile, "new", "old"))
+			goto err;
 
 		VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
-		}
-
+	}
 	ret = (errors != 0);
 err:
 	if (errors != 0)
-	VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
+		VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
 
-	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
-	if(tofree)
+	VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+	if (tofree)
 		free(tofree);
-	if (ret) ERR_print_errors(bio_err);
-	if (randfile) app_RAND_write_file(randfile, bio_err);
-	if (conf) NCONF_free(conf);
-	if (db) free_index(db);
+	if (ret)
+		ERR_print_errors(bio_err);
+	if (randfile)
+		app_RAND_write_file(randfile, bio_err);
+	if (conf)
+		NCONF_free(conf);
+	if (db)
+		free_index(db);
 
 	OBJ_cleanup();
 	apps_shutdown();
-	return(ret);
-	}
+	return (ret);
+}
 
 
 
 #endif
-
diff --git a/lib/libssl/src/apps/ts.c b/lib/libssl/src/apps/ts.c
index 799c5b35329..627e37549d5 100644
--- a/lib/libssl/src/apps/ts.c
+++ b/lib/libssl/src/apps/ts.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -82,53 +82,62 @@ static ASN1_OBJECT *txt2obj(const char *oid);
 static CONF *load_config_file(const char *configfile);
 
 /* Query related functions. */
-static int query_command(const char *data, char *digest,
-			 const EVP_MD *md, const char *policy, int no_nonce, 
-			 int cert, const char *in, const char *out, int text);
-static BIO *BIO_open_with_default(const char *file, const char *mode, 
-				  FILE *default_fp);
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
-			    const char *policy, int no_nonce, int cert);
-static int create_digest(BIO *input, char *digest,
-			 const EVP_MD *md, unsigned char **md_value);
+static int 
+query_command(const char *data, char *digest,
+    const EVP_MD * md, const char *policy, int no_nonce,
+    int cert, const char *in, const char *out, int text);
+static BIO *
+BIO_open_with_default(const char *file, const char *mode,
+    FILE * default_fp);
+static TS_REQ *
+create_query(BIO * data_bio, char *digest, const EVP_MD * md,
+    const char *policy, int no_nonce, int cert);
+static int 
+create_digest(BIO * input, char *digest,
+    const EVP_MD * md, unsigned char **md_value);
 static ASN1_INTEGER *create_nonce(int bits);
 
 /* Reply related functions. */
-static int reply_command(CONF *conf, char *section, char *engine, 
-			 char *queryfile, char *passin, char *inkey, 
-			 char *signer, char *chain, const char *policy, 
-			 char *in, int token_in, char *out, int token_out,
-			 int text);
-static TS_RESP *read_PKCS7(BIO *in_bio);
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
-				char *queryfile, char *passin, char *inkey,
-				char *signer, char *chain, const char *policy);
-static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data);
+static int 
+reply_command(CONF * conf, char *section, char *engine,
+    char *queryfile, char *passin, char *inkey,
+    char *signer, char *chain, const char *policy,
+    char *in, int token_in, char *out, int token_out,
+    int text);
+static TS_RESP *read_PKCS7(BIO * in_bio);
+static TS_RESP *
+create_response(CONF * conf, const char *section, char *engine,
+    char *queryfile, char *passin, char *inkey,
+    char *signer, char *chain, const char *policy);
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data);
 static ASN1_INTEGER *next_serial(const char *serialfile);
-static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER * serial);
 
 /* Verify related functions. */
-static int verify_command(char *data, char *digest, char *queryfile,
-			  char *in, int token_in,
-			  char *ca_path, char *ca_file, char *untrusted);
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, 
-					char *queryfile, 
-					char *ca_path, char *ca_file,
-					char *untrusted);
+static int 
+verify_command(char *data, char *digest, char *queryfile,
+    char *in, int token_in,
+    char *ca_path, char *ca_file, char *untrusted);
+static TS_VERIFY_CTX *
+create_verify_ctx(char *data, char *digest,
+    char *queryfile,
+    char *ca_path, char *ca_file,
+    char *untrusted);
 static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
-static int verify_cb(int ok, X509_STORE_CTX *ctx);
+static int verify_cb(int ok, X509_STORE_CTX * ctx);
 
 /* Main function definition. */
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
+int 
+MAIN(int argc, char **argv)
+{
 	int ret = 1;
 	char *configfile = NULL;
 	char *section = NULL;
 	CONF *conf = NULL;
 	enum mode {
-	CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY 
+		CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
 	} mode = CMD_NONE;
 	char *data = NULL;
 	char *digest = NULL;
@@ -142,7 +151,7 @@ int MAIN(int argc, char **argv)
 	int text = 0;
 	char *queryfile = NULL;
 	char *passin = NULL;	/* Password source. */
-	char *password =NULL;	/* Password itself. */
+	char *password = NULL;	/* Password itself. */
 	char *inkey = NULL;
 	char *signer = NULL;
 	char *chain = NULL;
@@ -151,7 +160,7 @@ int MAIN(int argc, char **argv)
 	char *untrusted = NULL;
 	char *engine = NULL;
 	/* Input is ContentInfo instead of TimeStampResp. */
-	int token_in = 0;	
+	int token_in = 0;
 	/* Output is ContentInfo instead of TimeStampResp. */
 	int token_out = 0;
 	int free_bio_err = 0;
@@ -159,314 +168,276 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	apps_startup();
 
-	if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL)
-		{
+	if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) {
 		free_bio_err = 1;
 		BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-		}
-
+	}
 	if (!load_config(bio_err, NULL))
 		goto cleanup;
 
-	for (argc--, argv++; argc > 0; argc--, argv++)
-		{
-		if (strcmp(*argv, "-config") == 0)
-			{
-			if (argc-- < 1) goto usage;
+	for (argc--, argv++; argc > 0; argc--, argv++) {
+		if (strcmp(*argv, "-config") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			configfile = *++argv;
-			}
-		else if (strcmp(*argv, "-section") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-section") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			section = *++argv;
-			}
-		else if (strcmp(*argv, "-query") == 0)
-			{
-			if (mode != CMD_NONE) goto usage;
+		} else if (strcmp(*argv, "-query") == 0) {
+			if (mode != CMD_NONE)
+				goto usage;
 			mode = CMD_QUERY;
-			}
-		else if (strcmp(*argv, "-data") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-data") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			data = *++argv;
-			}
-		else if (strcmp(*argv, "-digest") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-digest") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			digest = *++argv;
-			}
-		else if (strcmp(*argv, "-rand") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-rand") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			rnd = *++argv;
-			}
-		else if (strcmp(*argv, "-policy") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-policy") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			policy = *++argv;
-			}
-		else if (strcmp(*argv, "-no_nonce") == 0)
-			{
+		} else if (strcmp(*argv, "-no_nonce") == 0) {
 			no_nonce = 1;
-			}
-		else if (strcmp(*argv, "-cert") == 0)
-			{
+		} else if (strcmp(*argv, "-cert") == 0) {
 			cert = 1;
-			}
-		else if (strcmp(*argv, "-in") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-in") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			in = *++argv;
-			}
-		else if (strcmp(*argv, "-token_in") == 0)
-			{
+		} else if (strcmp(*argv, "-token_in") == 0) {
 			token_in = 1;
-			}
-		else if (strcmp(*argv, "-out") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-out") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			out = *++argv;
-			}
-		else if (strcmp(*argv, "-token_out") == 0)
-			{
+		} else if (strcmp(*argv, "-token_out") == 0) {
 			token_out = 1;
-			}
-		else if (strcmp(*argv, "-text") == 0)
-			{
+		} else if (strcmp(*argv, "-text") == 0) {
 			text = 1;
-			}
-		else if (strcmp(*argv, "-reply") == 0)
-			{
-			if (mode != CMD_NONE) goto usage;
+		} else if (strcmp(*argv, "-reply") == 0) {
+			if (mode != CMD_NONE)
+				goto usage;
 			mode = CMD_REPLY;
-			}
-		else if (strcmp(*argv, "-queryfile") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-queryfile") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			queryfile = *++argv;
-			}
-		else if (strcmp(*argv, "-passin") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-passin") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			passin = *++argv;
-			}
-		else if (strcmp(*argv, "-inkey") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-inkey") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			inkey = *++argv;
-			}
-		else if (strcmp(*argv, "-signer") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-signer") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			signer = *++argv;
-			}
-		else if (strcmp(*argv, "-chain") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-chain") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			chain = *++argv;
-			}
-		else if (strcmp(*argv, "-verify") == 0)
-			{
-			if (mode != CMD_NONE) goto usage;
+		} else if (strcmp(*argv, "-verify") == 0) {
+			if (mode != CMD_NONE)
+				goto usage;
 			mode = CMD_VERIFY;
-			}
-		else if (strcmp(*argv, "-CApath") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-CApath") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			ca_path = *++argv;
-			}
-		else if (strcmp(*argv, "-CAfile") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-CAfile") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			ca_file = *++argv;
-			}
-		else if (strcmp(*argv, "-untrusted") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-untrusted") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			untrusted = *++argv;
-			}
-		else if (strcmp(*argv, "-engine") == 0)
-			{
-			if (argc-- < 1) goto usage;
+		} else if (strcmp(*argv, "-engine") == 0) {
+			if (argc-- < 1)
+				goto usage;
 			engine = *++argv;
-			}
-		else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
-			{
+		} else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) {
 			/* empty. */
-			}
-		else
+		} else
 			goto usage;
-		}
-	
+	}
+
 	/* Seed the random number generator if it is going to be used. */
-	if (mode == CMD_QUERY && !no_nonce)
-		{
+	if (mode == CMD_QUERY && !no_nonce) {
 		if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
 			BIO_printf(bio_err, "warning, not much extra random "
-				   "data, consider using the -rand option\n");
+			    "data, consider using the -rand option\n");
 		if (rnd != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				   app_RAND_load_files(rnd));
-		}
-
+			BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+			    app_RAND_load_files(rnd));
+	}
 	/* Get the password if required. */
-	if(mode == CMD_REPLY && passin &&
-	   !app_passwd(bio_err, passin, NULL, &password, NULL))
-		{
-		BIO_printf(bio_err,"Error getting password.\n");
+	if (mode == CMD_REPLY && passin &&
+	    !app_passwd(bio_err, passin, NULL, &password, NULL)) {
+		BIO_printf(bio_err, "Error getting password.\n");
 		goto cleanup;
-		}
-
-	/* Check consistency of parameters and execute 
-	   the appropriate function. */
-	switch (mode)
-		{
+	}
+	/*
+	 * Check consistency of parameters and execute the appropriate
+	 * function.
+	 */
+	switch (mode) {
 	case CMD_NONE:
 		goto usage;
 	case CMD_QUERY:
-		/* Data file and message imprint cannot be specified
-		   at the same time. */
+		/*
+		 * Data file and message imprint cannot be specified at the
+		 * same time.
+		 */
 		ret = data != NULL && digest != NULL;
-		if (ret) goto usage;
+		if (ret)
+			goto usage;
 		/* Load the config file for possible policy OIDs. */
 		conf = load_config_file(configfile);
 		ret = !query_command(data, digest, md, policy, no_nonce, cert,
-				     in, out, text);
+		    in, out, text);
 		break;
 	case CMD_REPLY:
 		conf = load_config_file(configfile);
-		if (in == NULL)
-			{
+		if (in == NULL) {
 			ret = !(queryfile != NULL && conf != NULL && !token_in);
-			if (ret) goto usage;
-			}
-		else
-			{
+			if (ret)
+				goto usage;
+		} else {
 			/* 'in' and 'queryfile' are exclusive. */
 			ret = !(queryfile == NULL);
-			if (ret) goto usage;
-			}
+			if (ret)
+				goto usage;
+		}
 
-		ret = !reply_command(conf, section, engine, queryfile, 
-				     password, inkey, signer, chain, policy, 
-				     in, token_in, out, token_out, text);
+		ret = !reply_command(conf, section, engine, queryfile,
+		    password, inkey, signer, chain, policy,
+		    in, token_in, out, token_out, text);
 		break;
 	case CMD_VERIFY:
 		ret = !(((queryfile && !data && !digest)
-			 || (!queryfile && data && !digest)
-			 || (!queryfile && !data && digest))
-			&& in != NULL);
-		if (ret) goto usage;
+			|| (!queryfile && data && !digest)
+			|| (!queryfile && !data && digest))
+		    && in != NULL);
+		if (ret)
+			goto usage;
 
 		ret = !verify_command(data, digest, queryfile, in, token_in,
-				      ca_path, ca_file, untrusted);
-		}
+		    ca_path, ca_file, untrusted);
+	}
 
 	goto cleanup;
 
- usage:
+usage:
 	BIO_printf(bio_err, "usage:\n"
-		   "ts -query [-rand file%cfile%c...] [-config configfile] "
-		   "[-data file_to_hash] [-digest digest_bytes]"
-		   "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
-		   "[-policy object_id] [-no_nonce] [-cert] "
-		   "[-in request.tsq] [-out request.tsq] [-text]\n",
-		   ':', ':');
+	    "ts -query [-rand file%cfile%c...] [-config configfile] "
+	    "[-data file_to_hash] [-digest digest_bytes]"
+	    "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
+	    "[-policy object_id] [-no_nonce] [-cert] "
+	    "[-in request.tsq] [-out request.tsq] [-text]\n",
+	    ':', ':');
 	BIO_printf(bio_err, "or\n"
-		   "ts -reply [-config configfile] [-section tsa_section] "
-		   "[-queryfile request.tsq] [-passin password] "
-		   "[-signer tsa_cert.pem] [-inkey private_key.pem] "
-		   "[-chain certs_file.pem] [-policy object_id] "
-		   "[-in response.tsr] [-token_in] "
-		   "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
+	    "ts -reply [-config configfile] [-section tsa_section] "
+	    "[-queryfile request.tsq] [-passin password] "
+	    "[-signer tsa_cert.pem] [-inkey private_key.pem] "
+	    "[-chain certs_file.pem] [-policy object_id] "
+	    "[-in response.tsr] [-token_in] "
+	    "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
 	BIO_printf(bio_err, "or\n"
-		   "ts -verify [-data file_to_hash] [-digest digest_bytes] "
-		   "[-queryfile request.tsq] "
-		   "-in response.tsr [-token_in] "
-		   "-CApath ca_path -CAfile ca_file.pem "
-		   "-untrusted cert_file.pem\n");
- cleanup:
+	    "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+	    "[-queryfile request.tsq] "
+	    "-in response.tsr [-token_in] "
+	    "-CApath ca_path -CAfile ca_file.pem "
+	    "-untrusted cert_file.pem\n");
+cleanup:
 	/* Clean up. */
 	app_RAND_write_file(NULL, bio_err);
 	NCONF_free(conf);
 	free(password);
 	OBJ_cleanup();
-	if (free_bio_err)
-		{
+	if (free_bio_err) {
 		BIO_free_all(bio_err);
 		bio_err = NULL;
-		}
-
-	return(ret);
 	}
+	return (ret);
+}
 
 /*
  * Configuration file-related function definitions.
  */
 
-static ASN1_OBJECT *txt2obj(const char *oid)
-	{
+static ASN1_OBJECT *
+txt2obj(const char *oid)
+{
 	ASN1_OBJECT *oid_obj = NULL;
 
 	if (!(oid_obj = OBJ_txt2obj(oid, 0)))
 		BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
 
 	return oid_obj;
-	}
+}
 
-static CONF *load_config_file(const char *configfile)
-	{
+static CONF *
+load_config_file(const char *configfile)
+{
 	CONF *conf = NULL;
 	long errorline = -1;
 
-	if (!configfile) configfile = getenv("OPENSSL_CONF");
-	if (!configfile) configfile = getenv("SSLEAY_CONF");
+	if (!configfile)
+		configfile = getenv("OPENSSL_CONF");
+	if (!configfile)
+		configfile = getenv("SSLEAY_CONF");
 
 	if (configfile &&
 	    (!(conf = NCONF_new(NULL)) ||
-	     NCONF_load(conf, configfile, &errorline) <= 0))
-		{
+		NCONF_load(conf, configfile, &errorline) <= 0)) {
 		if (errorline <= 0)
 			BIO_printf(bio_err, "error loading the config file "
-				   "'%s'\n", configfile);
+			    "'%s'\n", configfile);
 		else
 			BIO_printf(bio_err, "error on line %ld of config file "
-				   "'%s'\n", errorline, configfile);
-		}
-
-	if (conf != NULL)
-		{
+			    "'%s'\n", errorline, configfile);
+	}
+	if (conf != NULL) {
 		const char *p;
 
-		BIO_printf(bio_err,"Using configuration from %s\n", configfile);
+		BIO_printf(bio_err, "Using configuration from %s\n", configfile);
 		p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
-		if (p != NULL)
-			{
+		if (p != NULL) {
 			BIO *oid_bio = BIO_new_file(p, "r");
-			if (!oid_bio) 
+			if (!oid_bio)
 				ERR_print_errors(bio_err);
-			else
-				{
+			else {
 				OBJ_create_objects(oid_bio);
 				BIO_free_all(oid_bio);
-				}
 			}
-		else
+		} else
 			ERR_clear_error();
-		if(!add_oid_section(bio_err, conf)) 
+		if (!add_oid_section(bio_err, conf))
 			ERR_print_errors(bio_err);
-		}
-	return conf;
 	}
+	return conf;
+}
 
 /*
  * Query-related method definitions.
  */
 
-static int query_command(const char *data, char *digest, const EVP_MD *md,
-			 const char *policy, int no_nonce, 
-			 int cert, const char *in, const char *out, int text)
-	{
+static int 
+query_command(const char *data, char *digest, const EVP_MD * md,
+    const char *policy, int no_nonce,
+    int cert, const char *in, const char *out, int text)
+{
 	int ret = 0;
 	TS_REQ *query = NULL;
 	BIO *in_bio = NULL;
@@ -474,43 +445,39 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
 	BIO *out_bio = NULL;
 
 	/* Build query object either from file or from scratch. */
-	if (in != NULL)
-		{
-		if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
+	if (in != NULL) {
+		if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+			goto end;
 		query = d2i_TS_REQ_bio(in_bio, NULL);
-		}
-	else
-		{
+	} else {
 		/* Open the file if no explicit digest bytes were specified. */
-		if (!digest 
+		if (!digest
 		    && !(data_bio = BIO_open_with_default(data, "rb", stdin)))
 			goto end;
 		/* Creating the query object. */
 		query = create_query(data_bio, digest, md,
-				     policy, no_nonce, cert);
+		    policy, no_nonce, cert);
 		/* Saving the random number generator state. */
-		}
-	if (query == NULL) goto end;
+	}
+	if (query == NULL)
+		goto end;
 
 	/* Write query either in ASN.1 or in text format. */
 	if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
 		goto end;
-	if (text)
-		{
+	if (text) {
 		/* Text output. */
 		if (!TS_REQ_print_bio(out_bio, query))
 			goto end;
-		}
-	else
-		{
+	} else {
 		/* ASN.1 output. */
 		if (!i2d_TS_REQ_bio(out_bio, query))
 			goto end;
-		}
+	}
 
 	ret = 1;
 
- end:
+end:
 	ERR_print_errors(bio_err);
 
 	/* Clean up. */
@@ -520,19 +487,21 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
 	TS_REQ_free(query);
 
 	return ret;
-	}
-
-static BIO *BIO_open_with_default(const char *file, const char *mode, 
-				  FILE *default_fp)
-	{
-	return file == NULL ? 
-		BIO_new_fp(default_fp, BIO_NOCLOSE) 
-		: BIO_new_file(file, mode);
-	}
-
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
-			    const char *policy, int no_nonce, int cert)
-	{
+}
+
+static BIO *
+BIO_open_with_default(const char *file, const char *mode,
+    FILE * default_fp)
+{
+	return file == NULL ?
+	BIO_new_fp(default_fp, BIO_NOCLOSE)
+	: BIO_new_file(file, mode);
+}
+
+static TS_REQ *
+create_query(BIO * data_bio, char *digest, const EVP_MD * md,
+    const char *policy, int no_nonce, int cert)
+{
 	int ret = 0;
 	TS_REQ *ts_req = NULL;
 	int len;
@@ -543,139 +512,156 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
 	ASN1_INTEGER *nonce_asn1 = NULL;
 
 	/* Setting default message digest. */
-	if (!md && !(md = EVP_get_digestbyname("sha1"))) goto err;
+	if (!md && !(md = EVP_get_digestbyname("sha1")))
+		goto err;
 
 	/* Creating request object. */
-	if (!(ts_req = TS_REQ_new())) goto err;
+	if (!(ts_req = TS_REQ_new()))
+		goto err;
 
 	/* Setting version. */
-	if (!TS_REQ_set_version(ts_req, 1)) goto err;
+	if (!TS_REQ_set_version(ts_req, 1))
+		goto err;
 
 	/* Creating and adding MSG_IMPRINT object. */
-	if (!(msg_imprint = TS_MSG_IMPRINT_new())) goto err;
+	if (!(msg_imprint = TS_MSG_IMPRINT_new()))
+		goto err;
 
 	/* Adding algorithm. */
-	if (!(algo = X509_ALGOR_new())) goto err;
-	if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) goto err;
-	if (!(algo->parameter = ASN1_TYPE_new())) goto err;
+	if (!(algo = X509_ALGOR_new()))
+		goto err;
+	if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))))
+		goto err;
+	if (!(algo->parameter = ASN1_TYPE_new()))
+		goto err;
 	algo->parameter->type = V_ASN1_NULL;
-	if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err;
+	if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
+		goto err;
 
 	/* Adding message digest. */
 	if ((len = create_digest(data_bio, digest, md, &data)) == 0)
 		goto err;
-	if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) goto err;
+	if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
+		goto err;
+
+	if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
+		goto err;
 
-	if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err;
-	
 	/* Setting policy if requested. */
-	if (policy && !(policy_obj = txt2obj(policy))) goto err;
-	if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err;
+	if (policy && !(policy_obj = txt2obj(policy)))
+		goto err;
+	if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
+		goto err;
 
 	/* Setting nonce if requested. */
-	if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) goto err;
-	if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err;
+	if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH)))
+		goto err;
+	if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
+		goto err;
 
 	/* Setting certificate request flag if requested. */
-	if (!TS_REQ_set_cert_req(ts_req, cert)) goto err;
+	if (!TS_REQ_set_cert_req(ts_req, cert))
+		goto err;
 
 	ret = 1;
- err:
-	if (!ret)
-		{
+err:
+	if (!ret) {
 		TS_REQ_free(ts_req);
 		ts_req = NULL;
 		BIO_printf(bio_err, "could not create query\n");
-		}
+	}
 	TS_MSG_IMPRINT_free(msg_imprint);
 	X509_ALGOR_free(algo);
 	free(data);
 	ASN1_OBJECT_free(policy_obj);
 	ASN1_INTEGER_free(nonce_asn1);
 	return ts_req;
-	}
+}
 
-static int create_digest(BIO *input, char *digest, const EVP_MD *md,
-			 unsigned char **md_value)
-	{
+static int 
+create_digest(BIO * input, char *digest, const EVP_MD * md,
+    unsigned char **md_value)
+{
 	int md_value_len;
 
 	md_value_len = EVP_MD_size(md);
 	if (md_value_len < 0)
-	    goto err;
-	if (input)
-		{
+		goto err;
+	if (input) {
 		/* Digest must be computed from an input file. */
 		EVP_MD_CTX md_ctx;
 		unsigned char buffer[4096];
 		int length;
 
 		*md_value = malloc(md_value_len);
-		if (*md_value == 0) goto err;
+		if (*md_value == 0)
+			goto err;
 
 		EVP_DigestInit(&md_ctx, md);
-		while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0)
-			{
+		while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
 			EVP_DigestUpdate(&md_ctx, buffer, length);
-			}
-		EVP_DigestFinal(&md_ctx, *md_value, NULL);
 		}
-	else
-		{
+		EVP_DigestFinal(&md_ctx, *md_value, NULL);
+	} else {
 		/* Digest bytes are specified with digest. */
 		long digest_len;
 		*md_value = string_to_hex(digest, &digest_len);
-		if (!*md_value || md_value_len != digest_len)
-			{
+		if (!*md_value || md_value_len != digest_len) {
 			free(*md_value);
 			*md_value = NULL;
 			BIO_printf(bio_err, "bad digest, %d bytes "
-				   "must be specified\n", md_value_len);
+			    "must be specified\n", md_value_len);
 			goto err;
-			}
 		}
+	}
 
 	return md_value_len;
- err:
+err:
 	return 0;
-	}
+}
 
-static ASN1_INTEGER *create_nonce(int bits)
-	{
+static ASN1_INTEGER *
+create_nonce(int bits)
+{
 	unsigned char buf[20];
 	ASN1_INTEGER *nonce = NULL;
 	int len = (bits - 1) / 8 + 1;
 	int i;
 
 	/* Generating random byte sequence. */
-	if (len > (int)sizeof(buf)) goto err;
-	if (RAND_bytes(buf, len) <= 0) goto err;
+	if (len > (int) sizeof(buf))
+		goto err;
+	if (RAND_bytes(buf, len) <= 0)
+		goto err;
 
 	/* Find the first non-zero byte and creating ASN1_INTEGER object. */
 	for (i = 0; i < len && !buf[i]; ++i);
-	if (!(nonce = ASN1_INTEGER_new())) goto err;
+	if (!(nonce = ASN1_INTEGER_new()))
+		goto err;
 	free(nonce->data);
 	/* Allocate at least one byte. */
 	nonce->length = len - i;
-	if (!(nonce->data = malloc(nonce->length + 1))) goto err;
+	if (!(nonce->data = malloc(nonce->length + 1)))
+		goto err;
 	memcpy(nonce->data, buf + i, nonce->length);
 
 	return nonce;
- err:
+err:
 	BIO_printf(bio_err, "could not create nonce\n");
 	ASN1_INTEGER_free(nonce);
 	return NULL;
-	}
+}
 /*
  * Reply-related method definitions.
  */
 
-static int reply_command(CONF *conf, char *section, char *engine, 
-			 char *queryfile, char *passin, char *inkey,
-			 char *signer, char *chain, const char *policy, 
-			 char *in, int token_in,
-			 char *out, int token_out, int text)
-	{
+static int 
+reply_command(CONF * conf, char *section, char *engine,
+    char *queryfile, char *passin, char *inkey,
+    char *signer, char *chain, const char *policy,
+    char *in, int token_in,
+    char *out, int token_out, int text)
+{
 	int ret = 0;
 	TS_RESP *response = NULL;
 	BIO *in_bio = NULL;
@@ -685,66 +671,59 @@ static int reply_command(CONF *conf, char *section, char *engine,
 	BIO *out_bio = NULL;
 
 	/* Build response object either from response or query. */
-	if (in != NULL)
-		{
-		if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
-		if (token_in)
-			{
-			/* We have a ContentInfo (PKCS7) object, add
-			   'granted' status info around it. */
+	if (in != NULL) {
+		if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+			goto end;
+		if (token_in) {
+			/*
+			 * We have a ContentInfo (PKCS7) object, add
+			 * 'granted' status info around it.
+			 */
 			response = read_PKCS7(in_bio);
-			}
-		else
-			{
+		} else {
 			/* We have a ready-made TS_RESP object. */
 			response = d2i_TS_RESP_bio(in_bio, NULL);
-			}
 		}
-	else
-		{
+	} else {
 		response = create_response(conf, section, engine, queryfile,
-					   passin, inkey, signer, chain,
-					   policy);
+		    passin, inkey, signer, chain,
+		    policy);
 		if (response)
 			BIO_printf(bio_err, "Response has been generated.\n");
 		else
 			BIO_printf(bio_err, "Response is not generated.\n");
-		}
-	if (response == NULL) goto end;
+	}
+	if (response == NULL)
+		goto end;
 
 	/* Write response either in ASN.1 or text format. */
 	if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
 		goto end;
-	if (text)
-		{
+	if (text) {
 		/* Text output. */
-		if (token_out)
-			{
+		if (token_out) {
 			TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
-			if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end;
-			}
-		else
-			{
-			if (!TS_RESP_print_bio(out_bio, response)) goto end;
-			}
+			if (!TS_TST_INFO_print_bio(out_bio, tst_info))
+				goto end;
+		} else {
+			if (!TS_RESP_print_bio(out_bio, response))
+				goto end;
 		}
-	else
-		{
+	} else {
 		/* ASN.1 DER output. */
-		if (token_out)
-			{
+		if (token_out) {
 			PKCS7 *token = TS_RESP_get_token(response);
-			if (!i2d_PKCS7_bio(out_bio, token)) goto end;
-			}
-		else
-			{
-			if (!i2d_TS_RESP_bio(out_bio, response)) goto end;
-			}
+			if (!i2d_PKCS7_bio(out_bio, token))
+				goto end;
+		} else {
+			if (!i2d_TS_RESP_bio(out_bio, response))
+				goto end;
 		}
+	}
 
 	ret = 1;
 
- end:
+end:
 	ERR_print_errors(bio_err);
 
 	/* Clean up. */
@@ -756,11 +735,12 @@ static int reply_command(CONF *conf, char *section, char *engine,
 	TS_RESP_free(response);
 
 	return ret;
-	}
+}
 
 /* Reads a PKCS7 token and adds default 'granted' status info to it. */
-static TS_RESP *read_PKCS7(BIO *in_bio)
-	{
+static TS_RESP *
+read_PKCS7(BIO * in_bio)
+{
 	int ret = 0;
 	PKCS7 *token = NULL;
 	TS_TST_INFO *tst_info = NULL;
@@ -768,16 +748,22 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
 	TS_STATUS_INFO *si = NULL;
 
 	/* Read PKCS7 object and extract the signed time stamp info. */
-	if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
-	if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) goto end;
+	if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
+		goto end;
+	if (!(tst_info = PKCS7_to_TS_TST_INFO(token)))
+		goto end;
 
 	/* Creating response object. */
-	if (!(resp = TS_RESP_new())) goto end;
+	if (!(resp = TS_RESP_new()))
+		goto end;
 
 	/* Create granted status info. */
-	if (!(si = TS_STATUS_INFO_new())) goto end;
-	if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) goto end;
-	if (!TS_RESP_set_status_info(resp, si)) goto end;
+	if (!(si = TS_STATUS_INFO_new()))
+		goto end;
+	if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED)))
+		goto end;
+	if (!TS_RESP_set_status_info(resp, si))
+		goto end;
 
 	/* Setting encapsulated token. */
 	TS_RESP_set_tst_info(resp, token, tst_info);
@@ -785,22 +771,22 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
 	tst_info = NULL;	/* Ownership is lost. */
 
 	ret = 1;
- end:
+end:
 	PKCS7_free(token);
 	TS_TST_INFO_free(tst_info);
-	if (!ret)
-		{
+	if (!ret) {
 		TS_RESP_free(resp);
 		resp = NULL;
-		}
+	}
 	TS_STATUS_INFO_free(si);
 	return resp;
-	}
+}
 
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine, 
-				char *queryfile, char *passin, char *inkey,
-				char *signer, char *chain, const char *policy)
-	{
+static TS_RESP *
+create_response(CONF * conf, const char *section, char *engine,
+    char *queryfile, char *passin, char *inkey,
+    char *signer, char *chain, const char *policy)
+{
 	int ret = 0;
 	TS_RESP *response = NULL;
 	BIO *query_bio = NULL;
@@ -814,154 +800,170 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
 		goto end;
 
 	/* Setting up response generation context. */
-	if (!(resp_ctx = TS_RESP_CTX_new())) goto end;
+	if (!(resp_ctx = TS_RESP_CTX_new()))
+		goto end;
 
 	/* Setting serial number provider callback. */
-	if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end;
+	if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
+		goto end;
 #ifndef OPENSSL_NO_ENGINE
 	/* Setting default OpenSSL engine. */
-	if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end;
+	if (!TS_CONF_set_crypto_device(conf, section, engine))
+		goto end;
 #endif
 
 	/* Setting TSA signer certificate. */
-	if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end;
+	if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
+		goto end;
 
 	/* Setting TSA signer certificate chain. */
-	if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) goto end;
+	if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
+		goto end;
 
 	/* Setting TSA signer private key. */
 	if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
 		goto end;
 
 	/* Setting default policy OID. */
-	if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end;
+	if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
+		goto end;
 
 	/* Setting acceptable policy OIDs. */
-	if (!TS_CONF_set_policies(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_policies(conf, section, resp_ctx))
+		goto end;
 
 	/* Setting the acceptable one-way hash algorithms. */
-	if (!TS_CONF_set_digests(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_digests(conf, section, resp_ctx))
+		goto end;
 
 	/* Setting guaranteed time stamp accuracy. */
-	if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
+		goto end;
 
 	/* Setting the precision of the time. */
 	if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
 		goto end;
 
 	/* Setting the ordering flaf if requested. */
-	if (!TS_CONF_set_ordering(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_ordering(conf, section, resp_ctx))
+		goto end;
 
 	/* Setting the TSA name required flag if requested. */
-	if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
+		goto end;
 
 	/* Setting the ESS cert id chain flag if requested. */
-	if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) goto end;
+	if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
+		goto end;
 
 	/* Creating the response. */
 	if (!(response = TS_RESP_create_response(resp_ctx, query_bio)))
 		goto end;
 
 	ret = 1;
- end:
-	if (!ret) 
-		{
+end:
+	if (!ret) {
 		TS_RESP_free(response);
 		response = NULL;
-		}
+	}
 	TS_RESP_CTX_free(resp_ctx);
 	BIO_free_all(query_bio);
 
 	return response;
-	}
+}
 
-static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data)
-	{
+static ASN1_INTEGER *
+serial_cb(TS_RESP_CTX * ctx, void *data)
+{
 	const char *serial_file = (const char *) data;
 	ASN1_INTEGER *serial = next_serial(serial_file);
 
-	if (!serial)
-		{
+	if (!serial) {
 		TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
-					    "Error during serial number "
-					    "generation.");
+		    "Error during serial number "
+		    "generation.");
 		TS_RESP_CTX_add_failure_info(ctx,
-					     TS_INFO_ADD_INFO_NOT_AVAILABLE);
-		}
-	else
+		    TS_INFO_ADD_INFO_NOT_AVAILABLE);
+	} else
 		save_ts_serial(serial_file, serial);
 
 	return serial;
-	}
+}
 
-static ASN1_INTEGER *next_serial(const char *serialfile)
-	{
+static ASN1_INTEGER *
+next_serial(const char *serialfile)
+{
 	int ret = 0;
 	BIO *in = NULL;
 	ASN1_INTEGER *serial = NULL;
 	BIGNUM *bn = NULL;
 
-	if (!(serial = ASN1_INTEGER_new())) goto err;
+	if (!(serial = ASN1_INTEGER_new()))
+		goto err;
 
-	if (!(in = BIO_new_file(serialfile, "r"))) 
-		{
+	if (!(in = BIO_new_file(serialfile, "r"))) {
 		ERR_clear_error();
 		BIO_printf(bio_err, "Warning: could not open file %s for "
-			   "reading, using serial number: 1\n", serialfile);
-		if (!ASN1_INTEGER_set(serial, 1)) goto err;
-		}
-	else
-		{
+		    "reading, using serial number: 1\n", serialfile);
+		if (!ASN1_INTEGER_set(serial, 1))
+			goto err;
+	} else {
 		char buf[1024];
-		if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf)))
-			{
+		if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
 			BIO_printf(bio_err, "unable to load number from %s\n",
-				   serialfile);
+			    serialfile);
+			goto err;
+		}
+		if (!(bn = ASN1_INTEGER_to_BN(serial, NULL)))
 			goto err;
-			}
-		if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) goto err;
 		ASN1_INTEGER_free(serial);
 		serial = NULL;
-		if (!BN_add_word(bn, 1)) goto err;
-		if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) goto err;
-		}
+		if (!BN_add_word(bn, 1))
+			goto err;
+		if (!(serial = BN_to_ASN1_INTEGER(bn, NULL)))
+			goto err;
+	}
 	ret = 1;
- err:
-	if (!ret)
-		{
+err:
+	if (!ret) {
 		ASN1_INTEGER_free(serial);
 		serial = NULL;
-		}
+	}
 	BIO_free_all(in);
 	BN_free(bn);
 	return serial;
-	}
+}
 
-static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
-	{
+static int 
+save_ts_serial(const char *serialfile, ASN1_INTEGER * serial)
+{
 	int ret = 0;
 	BIO *out = NULL;
 
-	if (!(out = BIO_new_file(serialfile, "w"))) goto err;
-	if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err;
-	if (BIO_puts(out, "\n") <= 0) goto err;
+	if (!(out = BIO_new_file(serialfile, "w")))
+		goto err;
+	if (i2a_ASN1_INTEGER(out, serial) <= 0)
+		goto err;
+	if (BIO_puts(out, "\n") <= 0)
+		goto err;
 	ret = 1;
- err:
+err:
 	if (!ret)
 		BIO_printf(bio_err, "could not save serial number to %s\n",
-			   serialfile);
+		    serialfile);
 	BIO_free_all(out);
 	return ret;
-	}
+}
 
 /*
  * Verify-related method definitions.
  */
 
-static int verify_command(char *data, char *digest, char *queryfile,
-			  char *in, int token_in,
-			  char *ca_path, char *ca_file, char *untrusted)
-	{
+static int 
+verify_command(char *data, char *digest, char *queryfile,
+    char *in, int token_in,
+    char *ca_path, char *ca_file, char *untrusted)
+{
 	BIO *in_bio = NULL;
 	PKCS7 *token = NULL;
 	TS_RESP *response = NULL;
@@ -969,112 +971,111 @@ static int verify_command(char *data, char *digest, char *queryfile,
 	int ret = 0;
 
 	/* Decode the token (PKCS7) or response (TS_RESP) files. */
-	if (!(in_bio = BIO_new_file(in, "rb"))) goto end;
-	if (token_in)
-		{
-		if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
-		}
-	else
-		{
-		if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end;
-		}
+	if (!(in_bio = BIO_new_file(in, "rb")))
+		goto end;
+	if (token_in) {
+		if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
+			goto end;
+	} else {
+		if (!(response = d2i_TS_RESP_bio(in_bio, NULL)))
+			goto end;
+	}
 
-	if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, 
-					     ca_path, ca_file, untrusted)))
+	if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
+		    ca_path, ca_file, untrusted)))
 		goto end;
 
 	/* Checking the token or response against the request. */
 	ret = token_in ?
-		TS_RESP_verify_token(verify_ctx, token) :
-		TS_RESP_verify_response(verify_ctx, response);
+	    TS_RESP_verify_token(verify_ctx, token) :
+	    TS_RESP_verify_response(verify_ctx, response);
 
- end:
+end:
 	printf("Verification: ");
 	if (ret)
 		printf("OK\n");
-	else
-		{
+	else {
 		printf("FAILED\n");
 		/* Print errors, if there are any. */
 		ERR_print_errors(bio_err);
-		}
-	
+	}
+
 	/* Clean up. */
 	BIO_free_all(in_bio);
 	PKCS7_free(token);
 	TS_RESP_free(response);
 	TS_VERIFY_CTX_free(verify_ctx);
 	return ret;
-	}
-
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, 
-					char *queryfile, 
-					char *ca_path, char *ca_file,
-					char *untrusted)
-	{
+}
+
+static TS_VERIFY_CTX *
+create_verify_ctx(char *data, char *digest,
+    char *queryfile,
+    char *ca_path, char *ca_file,
+    char *untrusted)
+{
 	TS_VERIFY_CTX *ctx = NULL;
 	BIO *input = NULL;
 	TS_REQ *request = NULL;
 	int ret = 0;
 
-	if (data != NULL || digest != NULL)
-		{
-		if (!(ctx = TS_VERIFY_CTX_new())) goto err;
+	if (data != NULL || digest != NULL) {
+		if (!(ctx = TS_VERIFY_CTX_new()))
+			goto err;
 		ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
-		if (data != NULL)
-			{
+		if (data != NULL) {
 			ctx->flags |= TS_VFY_DATA;
-			if (!(ctx->data = BIO_new_file(data, "rb"))) goto err;
-			}
-		else if (digest != NULL)
-			{
+			if (!(ctx->data = BIO_new_file(data, "rb")))
+				goto err;
+		} else if (digest != NULL) {
 			long imprint_len;
 			ctx->flags |= TS_VFY_IMPRINT;
 			if (!(ctx->imprint = string_to_hex(digest,
-							   &imprint_len)))
-				{
+				    &imprint_len))) {
 				BIO_printf(bio_err, "invalid digest string\n");
 				goto err;
-				}
-			ctx->imprint_len = imprint_len;
 			}
-		
-		}
-	else if (queryfile != NULL)
-		{
-		/* The request has just to be read, decoded and converted to
-		   a verify context object. */
-		if (!(input = BIO_new_file(queryfile, "rb"))) goto err;
-		if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
-		if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
+			ctx->imprint_len = imprint_len;
 		}
-	else
+	} else if (queryfile != NULL) {
+		/*
+		 * The request has just to be read, decoded and converted to
+		 * a verify context object.
+		 */
+		if (!(input = BIO_new_file(queryfile, "rb")))
+			goto err;
+		if (!(request = d2i_TS_REQ_bio(input, NULL)))
+			goto err;
+		if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)))
+			goto err;
+	} else
 		return NULL;
 
 	/* Add the signature verification flag and arguments. */
 	ctx->flags |= TS_VFY_SIGNATURE;
 
 	/* Initialising the X509_STORE object. */
-	if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err;
+	if (!(ctx->store = create_cert_store(ca_path, ca_file)))
+		goto err;
 
 	/* Loading untrusted certificates. */
-	if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) 
+	if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
 		goto err;
 
 	ret = 1;
- err:
-	if (!ret)
-		{
+err:
+	if (!ret) {
 		TS_VERIFY_CTX_free(ctx);
 		ctx = NULL;
-		}
+	}
 	BIO_free_all(input);
 	TS_REQ_free(request);
 	return ctx;
-	}
+}
 
-static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
-	{
+static X509_STORE *
+create_cert_store(char *ca_path, char *ca_file)
+{
 	X509_STORE *cert_ctx = NULL;
 	X509_LOOKUP *lookup = NULL;
 	int i;
@@ -1086,49 +1087,42 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
 	X509_STORE_set_verify_cb(cert_ctx, verify_cb);
 
 	/* Adding a trusted certificate directory source. */
-	if (ca_path)
-		{
+	if (ca_path) {
 		lookup = X509_STORE_add_lookup(cert_ctx,
-					       X509_LOOKUP_hash_dir());
-		if (lookup == NULL)
-			{
+		    X509_LOOKUP_hash_dir());
+		if (lookup == NULL) {
 			BIO_printf(bio_err, "memory allocation failure\n");
 			goto err;
-			}
+		}
 		i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM);
-		if (!i)
-			{
+		if (!i) {
 			BIO_printf(bio_err, "Error loading directory %s\n",
-				   ca_path);
+			    ca_path);
 			goto err;
-			}
 		}
-
+	}
 	/* Adding a trusted certificate file source. */
-	if (ca_file)
-		{
+	if (ca_file) {
 		lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
-		if (lookup == NULL)
-			{
+		if (lookup == NULL) {
 			BIO_printf(bio_err, "memory allocation failure\n");
 			goto err;
-			}
+		}
 		i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM);
-		if (!i)
-			{
+		if (!i) {
 			BIO_printf(bio_err, "Error loading file %s\n", ca_file);
 			goto err;
-			}
 		}
-
+	}
 	return cert_ctx;
- err:
+err:
 	X509_STORE_free(cert_ctx);
 	return NULL;
-	}
+}
 
-static int verify_cb(int ok, X509_STORE_CTX *ctx)
-	{
+static int 
+verify_cb(int ok, X509_STORE_CTX * ctx)
+{
 	/*
 	char buf[256];
 
@@ -1144,4 +1138,4 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
 	*/
 
 	return ok;
-	}
+}
diff --git a/lib/libssl/src/apps/verify.c b/lib/libssl/src/apps/verify.c
index ebd314d7cca..3bb746a25e9 100644
--- a/lib/libssl/src/apps/verify.c
+++ b/lib/libssl/src/apps/verify.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,294 +69,281 @@
 #undef PROG
 #define PROG	verify_main
 
-static int cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file,
-		STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
-		STACK_OF(X509_CRL) *crls, ENGINE *e);
-static int v_verbose=0, vflags = 0;
+static int cb(int ok, X509_STORE_CTX * ctx);
+static int 
+check(X509_STORE * ctx, char *file,
+    STACK_OF(X509) * uchain, STACK_OF(X509) * tchain,
+    STACK_OF(X509_CRL) * crls, ENGINE * e);
+	static int v_verbose = 0, vflags = 0;
 
-int MAIN(int, char **);
+	int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
+	int MAIN(int argc, char **argv)
+{
 	ENGINE *e = NULL;
-	int i,ret=1, badarg = 0;
-	char *CApath=NULL,*CAfile=NULL;
+	int i, ret = 1, badarg = 0;
+	char *CApath = NULL, *CAfile = NULL;
 	char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
-	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
-	STACK_OF(X509_CRL) *crls = NULL;
-	X509_STORE *cert_ctx=NULL;
-	X509_LOOKUP *lookup=NULL;
+	STACK_OF(X509) * untrusted = NULL, *trusted = NULL;
+	STACK_OF(X509_CRL) * crls = NULL;
+	X509_STORE *cert_ctx = NULL;
+	X509_LOOKUP *lookup = NULL;
 	X509_VERIFY_PARAM *vpm = NULL;
 #ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
+	char *engine = NULL;
 #endif
 
-	cert_ctx=X509_STORE_new();
-	if (cert_ctx == NULL) goto end;
-	X509_STORE_set_verify_cb(cert_ctx,cb);
+	cert_ctx = X509_STORE_new();
+	if (cert_ctx == NULL)
+		goto end;
+	X509_STORE_set_verify_cb(cert_ctx, cb);
 
 	ERR_load_crypto_strings();
 
 	apps_startup();
 
 	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
 	if (!load_config(bio_err, NULL))
 		goto end;
 
 	argc--;
 	argv++;
-	for (;;)
-		{
-		if (argc >= 1)
-			{
-			if (strcmp(*argv,"-CApath") == 0)
-				{
-				if (argc-- < 1) goto end;
-				CApath= *(++argv);
-				}
-			else if (strcmp(*argv,"-CAfile") == 0)
-				{
-				if (argc-- < 1) goto end;
-				CAfile= *(++argv);
-				}
-			else if (args_verify(&argv, &argc, &badarg, bio_err,
-									&vpm))
-				{
+	for (;;) {
+		if (argc >= 1) {
+			if (strcmp(*argv, "-CApath") == 0) {
+				if (argc-- < 1)
+					goto end;
+				CApath = *(++argv);
+			} else if (strcmp(*argv, "-CAfile") == 0) {
+				if (argc-- < 1)
+					goto end;
+				CAfile = *(++argv);
+			} else if (args_verify(&argv, &argc, &badarg, bio_err,
+				&vpm)) {
 				if (badarg)
 					goto end;
 				continue;
-				}
-			else if (strcmp(*argv,"-untrusted") == 0)
-				{
-				if (argc-- < 1) goto end;
-				untfile= *(++argv);
-				}
-			else if (strcmp(*argv,"-trusted") == 0)
-				{
-				if (argc-- < 1) goto end;
-				trustfile= *(++argv);
-				}
-			else if (strcmp(*argv,"-CRLfile") == 0)
-				{
-				if (argc-- < 1) goto end;
-				crlfile= *(++argv);
-				}
+			} else if (strcmp(*argv, "-untrusted") == 0) {
+				if (argc-- < 1)
+					goto end;
+				untfile = *(++argv);
+			} else if (strcmp(*argv, "-trusted") == 0) {
+				if (argc-- < 1)
+					goto end;
+				trustfile = *(++argv);
+			} else if (strcmp(*argv, "-CRLfile") == 0) {
+				if (argc-- < 1)
+					goto end;
+				crlfile = *(++argv);
+			}
 #ifndef OPENSSL_NO_ENGINE
-			else if (strcmp(*argv,"-engine") == 0)
-				{
-				if (--argc < 1) goto end;
-				engine= *(++argv);
-				}
+			else if (strcmp(*argv, "-engine") == 0) {
+				if (--argc < 1)
+					goto end;
+				engine = *(++argv);
+			}
 #endif
-			else if (strcmp(*argv,"-help") == 0)
+			else if (strcmp(*argv, "-help") == 0)
 				goto end;
-			else if (strcmp(*argv,"-verbose") == 0)
-				v_verbose=1;
+			else if (strcmp(*argv, "-verbose") == 0)
+				v_verbose = 1;
 			else if (argv[0][0] == '-')
 				goto end;
 			else
 				break;
 			argc--;
 			argv++;
-			}
-		else
+		} else
 			break;
-		}
+	}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+	e = setup_engine(bio_err, engine, 0);
 #endif
 
 	if (vpm)
 		X509_STORE_set1_param(cert_ctx, vpm);
 
-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
-	if (lookup == NULL) abort();
+	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+	if (lookup == NULL)
+		abort();
 	if (CAfile) {
-		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
-		if(!i) {
+		i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+		if (!i) {
 			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-		
-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) abort();
+	} else
+		X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+	if (lookup == NULL)
+		abort();
 	if (CApath) {
-		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
-		if(!i) {
+		i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+		if (!i) {
 			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+	} else
+		X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
 
 	ERR_clear_error();
 
-	if(untfile)
-		{
+	if (untfile) {
 		untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
-					NULL, e, "untrusted certificates");
-		if(!untrusted)
+		    NULL, e, "untrusted certificates");
+		if (!untrusted)
 			goto end;
-		}
-
-	if(trustfile)
-		{
+	}
+	if (trustfile) {
 		trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
-					NULL, e, "trusted certificates");
-		if(!trusted)
+		    NULL, e, "trusted certificates");
+		if (!trusted)
 			goto end;
-		}
-
-	if(crlfile)
-		{
+	}
+	if (crlfile) {
 		crls = load_crls(bio_err, crlfile, FORMAT_PEM,
-					NULL, e, "other CRLs");
-		if(!crls)
+		    NULL, e, "other CRLs");
+		if (!crls)
 			goto end;
-		}
-
+	}
 	ret = 0;
-	if (argc < 1)
-		{ 
+	if (argc < 1) {
 		if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
 			ret = -1;
-		}
-	else
-		{
-		for (i=0; i 0)
-		{
-		fprintf(stdout,"OK\n");
-		ret=1;
-		}
-	else
+	if (i > 0) {
+		fprintf(stdout, "OK\n");
+		ret = 1;
+	} else
 		ERR_print_errors(bio_err);
-	if (x != NULL) X509_free(x);
+	if (x != NULL)
+		X509_free(x);
 
-	return(ret);
-	}
+	return (ret);
+}
 
-static int cb(int ok, X509_STORE_CTX *ctx)
-	{
+static int 
+cb(int ok, X509_STORE_CTX * ctx)
+{
 	int cert_error = X509_STORE_CTX_get_error(ctx);
 	X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
 
-	if (!ok)
-		{
-		if (current_cert)
-			{
+	if (!ok) {
+		if (current_cert) {
 			X509_NAME_print_ex_fp(stdout,
-				X509_get_subject_name(current_cert),
-				0, XN_FLAG_ONELINE);
+			    X509_get_subject_name(current_cert),
+			    0, XN_FLAG_ONELINE);
 			printf("\n");
-			}
+		}
 		printf("%serror %d at %d depth lookup:%s\n",
-			X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
-			cert_error,
-			X509_STORE_CTX_get_error_depth(ctx),
-			X509_verify_cert_error_string(cert_error));
-		switch(cert_error)
-			{
-			case X509_V_ERR_NO_EXPLICIT_POLICY:
-				policies_print(NULL, ctx);
-			case X509_V_ERR_CERT_HAS_EXPIRED:
-
-			/* since we are just checking the certificates, it is
-			 * ok if they are self signed. But we should still warn
-			 * the user.
+		    X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
+		    cert_error,
+		    X509_STORE_CTX_get_error_depth(ctx),
+		    X509_verify_cert_error_string(cert_error));
+		switch (cert_error) {
+		case X509_V_ERR_NO_EXPLICIT_POLICY:
+			policies_print(NULL, ctx);
+		case X509_V_ERR_CERT_HAS_EXPIRED:
+
+			/*
+			 * since we are just checking the certificates, it is
+			 * ok if they are self signed. But we should still
+			 * warn the user.
 			 */
 
-			case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
 			/* Continue after extension errors too */
-			case X509_V_ERR_INVALID_CA:
-			case X509_V_ERR_INVALID_NON_CA:
-			case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-			case X509_V_ERR_INVALID_PURPOSE:
-			case X509_V_ERR_CRL_HAS_EXPIRED:
-			case X509_V_ERR_CRL_NOT_YET_VALID:
-			case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+		case X509_V_ERR_INVALID_CA:
+		case X509_V_ERR_INVALID_NON_CA:
+		case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+		case X509_V_ERR_INVALID_PURPOSE:
+		case X509_V_ERR_CRL_HAS_EXPIRED:
+		case X509_V_ERR_CRL_NOT_YET_VALID:
+		case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
 			ok = 1;
 
-			}
+		}
 
 		return ok;
 
-		}
+	}
 	if (cert_error == X509_V_OK && ok == 2)
 		policies_print(NULL, ctx);
 	if (!v_verbose)
 		ERR_clear_error();
-	return(ok);
-	}
+	return (ok);
+}
diff --git a/lib/libssl/src/apps/version.c b/lib/libssl/src/apps/version.c
index 811ac26fc1a..42920fc9f1c 100644
--- a/lib/libssl/src/apps/version.c
+++ b/lib/libssl/src/apps/version.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -117,19 +117,19 @@
 #include 
 #include 
 #ifndef OPENSSL_NO_MD2
-# include 
+#include 
 #endif
 #ifndef OPENSSL_NO_RC4
-# include 
+#include 
 #endif
 #ifndef OPENSSL_NO_DES
-# include 
+#include 
 #endif
 #ifndef OPENSSL_NO_IDEA
-# include 
+#include 
 #endif
 #ifndef OPENSSL_NO_BF
-# include 
+#include 
 #endif
 
 #undef PROG
@@ -137,81 +137,81 @@
 
 int MAIN(int, char **);
 
-int MAIN(int argc, char **argv)
-	{
-	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+int 
+MAIN(int argc, char **argv)
+{
+	int i, ret = 0;
+	int cflags = 0, version = 0, date = 0, options = 0, platform = 0,
+	 dir = 0;
 
 	apps_startup();
 
 	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
-	if (argc == 1) version=1;
-	for (i=1; i= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-req") == 0)
-			{
-			reqfile=1;
+	num = 0;
+	while (argc >= 1) {
+		if (strcmp(*argv, "-inform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			informat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-outform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			outformat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-keyform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			keyformat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-req") == 0) {
+			reqfile = 1;
 			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CAform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-CAkeyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAkeyformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-sigopt") == 0)
-			{
+		} else if (strcmp(*argv, "-CAform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			CAformat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-CAkeyform") == 0) {
+			if (--argc < 1)
+				goto bad;
+			CAkeyformat = str2fmt(*(++argv));
+		} else if (strcmp(*argv, "-sigopt") == 0) {
 			if (--argc < 1)
 				goto bad;
 			if (!sigopts)
 				sigopts = sk_OPENSSL_STRING_new_null();
 			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
 				goto bad;
-			}
-		else if (strcmp(*argv,"-days") == 0)
-			{
-			if (--argc < 1) goto bad;
-			days=atoi(*(++argv));
-			if (days == 0)
-				{
-				BIO_printf(bio_err,"bad number of days\n");
+		} else if (strcmp(*argv, "-days") == 0) {
+			if (--argc < 1)
+				goto bad;
+			days = atoi(*(++argv));
+			if (days == 0) {
+				BIO_printf(bio_err, "bad number of days\n");
 				goto bad;
-				}
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-extfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-extensions") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extsect= *(++argv);
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-signkey") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			sign_flag= ++num;
+		} else if (strcmp(*argv, "-passin") == 0) {
+			if (--argc < 1)
+				goto bad;
+			passargin = *(++argv);
+		} else if (strcmp(*argv, "-extfile") == 0) {
+			if (--argc < 1)
+				goto bad;
+			extfile = *(++argv);
+		} else if (strcmp(*argv, "-extensions") == 0) {
+			if (--argc < 1)
+				goto bad;
+			extsect = *(++argv);
+		} else if (strcmp(*argv, "-in") == 0) {
+			if (--argc < 1)
+				goto bad;
+			infile = *(++argv);
+		} else if (strcmp(*argv, "-out") == 0) {
+			if (--argc < 1)
+				goto bad;
+			outfile = *(++argv);
+		} else if (strcmp(*argv, "-signkey") == 0) {
+			if (--argc < 1)
+				goto bad;
+			keyfile = *(++argv);
+			sign_flag = ++num;
 			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CA") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			CA_flag= ++num;
+		} else if (strcmp(*argv, "-CA") == 0) {
+			if (--argc < 1)
+				goto bad;
+			CAfile = *(++argv);
+			CA_flag = ++num;
 			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CAkey") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAkeyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-CAserial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAserial= *(++argv);
-			}
-		else if (strcmp(*argv,"-set_serial") == 0)
-			{
-			if (--argc < 1) goto bad;
+		} else if (strcmp(*argv, "-CAkey") == 0) {
+			if (--argc < 1)
+				goto bad;
+			CAkeyfile = *(++argv);
+		} else if (strcmp(*argv, "-CAserial") == 0) {
+			if (--argc < 1)
+				goto bad;
+			CAserial = *(++argv);
+		} else if (strcmp(*argv, "-set_serial") == 0) {
+			if (--argc < 1)
+				goto bad;
 			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
 				goto bad;
-			}
-		else if (strcmp(*argv,"-addtrust") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
+		} else if (strcmp(*argv, "-addtrust") == 0) {
+			if (--argc < 1)
+				goto bad;
+			if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
 				BIO_printf(bio_err,
-					"Invalid trust object value %s\n", *argv);
+				    "Invalid trust object value %s\n", *argv);
 				goto bad;
-				}
-			if (!trust) trust = sk_ASN1_OBJECT_new_null();
+			}
+			if (!trust)
+				trust = sk_ASN1_OBJECT_new_null();
 			sk_ASN1_OBJECT_push(trust, objtmp);
 			trustout = 1;
-			}
-		else if (strcmp(*argv,"-addreject") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
+		} else if (strcmp(*argv, "-addreject") == 0) {
+			if (--argc < 1)
+				goto bad;
+			if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
 				BIO_printf(bio_err,
-					"Invalid reject object value %s\n", *argv);
+				    "Invalid reject object value %s\n", *argv);
 				goto bad;
-				}
-			if (!reject) reject = sk_ASN1_OBJECT_new_null();
+			}
+			if (!reject)
+				reject = sk_ASN1_OBJECT_new_null();
 			sk_ASN1_OBJECT_push(reject, objtmp);
 			trustout = 1;
-			}
-		else if (strcmp(*argv,"-setalias") == 0)
-			{
-			if (--argc < 1) goto bad;
-			alias= *(++argv);
+		} else if (strcmp(*argv, "-setalias") == 0) {
+			if (--argc < 1)
+				goto bad;
+			alias = *(++argv);
 			trustout = 1;
-			}
-		else if (strcmp(*argv,"-certopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
+		} else if (strcmp(*argv, "-certopt") == 0) {
+			if (--argc < 1)
+				goto bad;
+			if (!set_cert_ex(&certflag, *(++argv)))
+				goto bad;
+		} else if (strcmp(*argv, "-nameopt") == 0) {
+			if (--argc < 1)
+				goto bad;
+			if (!set_name_ex(&nmflag, *(++argv)))
+				goto bad;
+		}
 #ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
+		else if (strcmp(*argv, "-engine") == 0) {
+			if (--argc < 1)
+				goto bad;
+			engine = *(++argv);
+		}
 #endif
-		else if (strcmp(*argv,"-C") == 0)
-			C= ++num;
-		else if (strcmp(*argv,"-email") == 0)
-			email= ++num;
-		else if (strcmp(*argv,"-ocsp_uri") == 0)
-			ocsp_uri= ++num;
-		else if (strcmp(*argv,"-serial") == 0)
-			serial= ++num;
-		else if (strcmp(*argv,"-next_serial") == 0)
-			next_serial= ++num;
-		else if (strcmp(*argv,"-modulus") == 0)
-			modulus= ++num;
-		else if (strcmp(*argv,"-pubkey") == 0)
-			pubkey= ++num;
-		else if (strcmp(*argv,"-x509toreq") == 0)
-			x509req= ++num;
-		else if (strcmp(*argv,"-text") == 0)
-			text= ++num;
-		else if (strcmp(*argv,"-hash") == 0
-			|| strcmp(*argv,"-subject_hash") == 0)
-			subject_hash= ++num;
+		else if (strcmp(*argv, "-C") == 0)
+			C = ++num;
+		else if (strcmp(*argv, "-email") == 0)
+			email = ++num;
+		else if (strcmp(*argv, "-ocsp_uri") == 0)
+			ocsp_uri = ++num;
+		else if (strcmp(*argv, "-serial") == 0)
+			serial = ++num;
+		else if (strcmp(*argv, "-next_serial") == 0)
+			next_serial = ++num;
+		else if (strcmp(*argv, "-modulus") == 0)
+			modulus = ++num;
+		else if (strcmp(*argv, "-pubkey") == 0)
+			pubkey = ++num;
+		else if (strcmp(*argv, "-x509toreq") == 0)
+			x509req = ++num;
+		else if (strcmp(*argv, "-text") == 0)
+			text = ++num;
+		else if (strcmp(*argv, "-hash") == 0
+		    || strcmp(*argv, "-subject_hash") == 0)
+			subject_hash = ++num;
 #ifndef OPENSSL_NO_MD5
-		else if (strcmp(*argv,"-subject_hash_old") == 0)
-			subject_hash_old= ++num;
+		else if (strcmp(*argv, "-subject_hash_old") == 0)
+			subject_hash_old = ++num;
 #endif
-		else if (strcmp(*argv,"-issuer_hash") == 0)
-			issuer_hash= ++num;
+		else if (strcmp(*argv, "-issuer_hash") == 0)
+			issuer_hash = ++num;
 #ifndef OPENSSL_NO_MD5
-		else if (strcmp(*argv,"-issuer_hash_old") == 0)
-			issuer_hash_old= ++num;
+		else if (strcmp(*argv, "-issuer_hash_old") == 0)
+			issuer_hash_old = ++num;
 #endif
-		else if (strcmp(*argv,"-subject") == 0)
-			subject= ++num;
-		else if (strcmp(*argv,"-issuer") == 0)
-			issuer= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if (strcmp(*argv,"-dates") == 0)
-			{
-			startdate= ++num;
-			enddate= ++num;
-			}
-		else if (strcmp(*argv,"-purpose") == 0)
-			pprint= ++num;
-		else if (strcmp(*argv,"-startdate") == 0)
-			startdate= ++num;
-		else if (strcmp(*argv,"-enddate") == 0)
-			enddate= ++num;
-		else if (strcmp(*argv,"-checkend") == 0)
-			{
-			if (--argc < 1) goto bad;
-			checkoffset=atoi(*(++argv));
-			checkend=1;
-			}
-		else if (strcmp(*argv,"-noout") == 0)
-			noout= ++num;
-		else if (strcmp(*argv,"-trustout") == 0)
-			trustout= 1;
-		else if (strcmp(*argv,"-clrtrust") == 0)
-			clrtrust= ++num;
-		else if (strcmp(*argv,"-clrreject") == 0)
-			clrreject= ++num;
-		else if (strcmp(*argv,"-alias") == 0)
-			aliasout= ++num;
-		else if (strcmp(*argv,"-CAcreateserial") == 0)
-			CA_createserial= ++num;
-		else if (strcmp(*argv,"-clrext") == 0)
+		else if (strcmp(*argv, "-subject") == 0)
+			subject = ++num;
+		else if (strcmp(*argv, "-issuer") == 0)
+			issuer = ++num;
+		else if (strcmp(*argv, "-fingerprint") == 0)
+			fingerprint = ++num;
+		else if (strcmp(*argv, "-dates") == 0) {
+			startdate = ++num;
+			enddate = ++num;
+		} else if (strcmp(*argv, "-purpose") == 0)
+			pprint = ++num;
+		else if (strcmp(*argv, "-startdate") == 0)
+			startdate = ++num;
+		else if (strcmp(*argv, "-enddate") == 0)
+			enddate = ++num;
+		else if (strcmp(*argv, "-checkend") == 0) {
+			if (--argc < 1)
+				goto bad;
+			checkoffset = atoi(*(++argv));
+			checkend = 1;
+		} else if (strcmp(*argv, "-noout") == 0)
+			noout = ++num;
+		else if (strcmp(*argv, "-trustout") == 0)
+			trustout = 1;
+		else if (strcmp(*argv, "-clrtrust") == 0)
+			clrtrust = ++num;
+		else if (strcmp(*argv, "-clrreject") == 0)
+			clrreject = ++num;
+		else if (strcmp(*argv, "-alias") == 0)
+			aliasout = ++num;
+		else if (strcmp(*argv, "-CAcreateserial") == 0)
+			CA_createserial = ++num;
+		else if (strcmp(*argv, "-clrext") == 0)
 			clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
-		else if (strcmp(*argv,"-crlext") == 0)
-			{
-			BIO_printf(bio_err,"use -clrext instead of -crlext\n");
+#if 1				/* stay backwards-compatible with 0.9.5; this
+				 * should go away soon */
+		else if (strcmp(*argv, "-crlext") == 0) {
+			BIO_printf(bio_err, "use -clrext instead of -crlext\n");
 			clrext = 1;
-			}
+		}
 #endif
-		else if (strcmp(*argv,"-ocspid") == 0)
-			ocspid= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
+		else if (strcmp(*argv, "-ocspid") == 0)
+			ocspid = ++num;
+		else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
 			/* ok */
-			digest=md_alg;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
+			digest = md_alg;
+		} else {
+			BIO_printf(bio_err, "unknown option %s\n", *argv);
+			badops = 1;
 			break;
-			}
+		}
 		argc--;
 		argv++;
-		}
+	}
 
-	if (badops)
-		{
+	if (badops) {
 bad:
-		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+		for (pp = x509_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err, "%s", *pp);
 		goto end;
-		}
-
+	}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+	e = setup_engine(bio_err, engine, 0);
 #endif
 
 	if (need_rand)
@@ -499,240 +472,195 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
-		}
-
-	if (!X509_STORE_set_default_paths(ctx))
-		{
+	}
+	if (!X509_STORE_set_default_paths(ctx)) {
 		ERR_print_errors(bio_err);
 		goto end;
-		}
-
-	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
-		{ CAkeyfile=CAfile; }
-	else if ((CA_flag) && (CAkeyfile == NULL))
-		{
-		BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+	}
+	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+		CAkeyfile = CAfile;
+	} else if ((CA_flag) && (CAkeyfile == NULL)) {
+		BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n");
 		goto end;
-		}
-
-	if (extfile)
-		{
+	}
+	if (extfile) {
 		long errorline = -1;
 		X509V3_CTX ctx2;
 		extconf = NCONF_new(NULL);
-		if (!NCONF_load(extconf, extfile,&errorline))
-			{
+		if (!NCONF_load(extconf, extfile, &errorline)) {
 			if (errorline <= 0)
 				BIO_printf(bio_err,
-					"error loading the config file '%s'\n",
-								extfile);
-                	else
-                        	BIO_printf(bio_err,
-				       "error on line %ld of config file '%s'\n"
-							,errorline,extfile);
+				    "error loading the config file '%s'\n",
+				    extfile);
+			else
+				BIO_printf(bio_err,
+				    "error on line %ld of config file '%s'\n"
+				    ,errorline, extfile);
 			goto end;
-			}
-		if (!extsect)
-			{
+		}
+		if (!extsect) {
 			extsect = NCONF_get_string(extconf, "default", "extensions");
-			if (!extsect)
-				{
+			if (!extsect) {
 				ERR_clear_error();
 				extsect = "default";
-				}
 			}
+		}
 		X509V3_set_ctx_test(&ctx2);
 		X509V3_set_nconf(&ctx2, extconf);
-		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
-			{
+		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
 			BIO_printf(bio_err,
-				"Error Loading extension section %s\n",
-								 extsect);
+			    "Error Loading extension section %s\n",
+			    extsect);
 			ERR_print_errors(bio_err);
 			goto end;
-			}
 		}
-
-
-	if (reqfile)
-		{
+	}
+	if (reqfile) {
 		EVP_PKEY *pkey;
 		BIO *in;
 
-		if (!sign_flag && !CA_flag)
-			{
-			BIO_printf(bio_err,"We need a private key to sign with\n");
+		if (!sign_flag && !CA_flag) {
+			BIO_printf(bio_err, "We need a private key to sign with\n");
 			goto end;
-			}
-		in=BIO_new(BIO_s_file());
-		if (in == NULL)
-			{
+		}
+		in = BIO_new(BIO_s_file());
+		if (in == NULL) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-
+		}
 		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
+			BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+		else {
+			if (BIO_read_filename(in, infile) <= 0) {
 				perror(infile);
 				BIO_free(in);
 				goto end;
-				}
 			}
-		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
+		}
+		req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
 		BIO_free(in);
 
-		if (req == NULL)
-			{
+		if (req == NULL) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-
-		if (	(req->req_info == NULL) ||
-			(req->req_info->pubkey == NULL) ||
-			(req->req_info->pubkey->public_key == NULL) ||
-			(req->req_info->pubkey->public_key->data == NULL))
-			{
-			BIO_printf(bio_err,"The certificate request appears to corrupted\n");
-			BIO_printf(bio_err,"It does not contain a public key\n");
+		}
+		if ((req->req_info == NULL) ||
+		    (req->req_info->pubkey == NULL) ||
+		    (req->req_info->pubkey->public_key == NULL) ||
+		    (req->req_info->pubkey->public_key->data == NULL)) {
+			BIO_printf(bio_err, "The certificate request appears to corrupted\n");
+			BIO_printf(bio_err, "It does not contain a public key\n");
 			goto end;
-			}
-		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
-	                {
-	                BIO_printf(bio_err,"error unpacking public key\n");
-	                goto end;
-	                }
-		i=X509_REQ_verify(req,pkey);
+		}
+		if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+			BIO_printf(bio_err, "error unpacking public key\n");
+			goto end;
+		}
+		i = X509_REQ_verify(req, pkey);
 		EVP_PKEY_free(pkey);
-		if (i < 0)
-			{
-			BIO_printf(bio_err,"Signature verification error\n");
+		if (i < 0) {
+			BIO_printf(bio_err, "Signature verification error\n");
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-	        if (i == 0)
-			{
-			BIO_printf(bio_err,"Signature did not match the certificate request\n");
+		}
+		if (i == 0) {
+			BIO_printf(bio_err, "Signature did not match the certificate request\n");
 			goto end;
-			}
-		else
-			BIO_printf(bio_err,"Signature ok\n");
+		} else
+			BIO_printf(bio_err, "Signature ok\n");
 
 		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 
-		if ((x=X509_new()) == NULL) goto end;
+		if ((x = X509_new()) == NULL)
+			goto end;
 
-		if (sno == NULL)
-			{
+		if (sno == NULL) {
 			sno = ASN1_INTEGER_new();
 			if (!sno || !rand_serial(NULL, sno))
 				goto end;
-			if (!X509_set_serialNumber(x, sno)) 
+			if (!X509_set_serialNumber(x, sno))
 				goto end;
 			ASN1_INTEGER_free(sno);
 			sno = NULL;
-			}
-		else if (!X509_set_serialNumber(x, sno)) 
+		} else if (!X509_set_serialNumber(x, sno))
 			goto end;
 
-		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
-		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+		if (!X509_set_issuer_name(x, req->req_info->subject))
+			goto end;
+		if (!X509_set_subject_name(x, req->req_info->subject))
+			goto end;
 
-		X509_gmtime_adj(X509_get_notBefore(x),0);
-	        X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
+		X509_gmtime_adj(X509_get_notBefore(x), 0);
+		X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
 
 		pkey = X509_REQ_get_pubkey(req);
-		X509_set_pubkey(x,pkey);
+		X509_set_pubkey(x, pkey);
 		EVP_PKEY_free(pkey);
-		}
-	else
-		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
-
-	if (x == NULL) goto end;
-	if (CA_flag)
-		{
-		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
-		if (xca == NULL) goto end;
-		}
+	} else
+		x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
 
-	if (!noout || text || next_serial)
-		{
+	if (x == NULL)
+		goto end;
+	if (CA_flag) {
+		xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
+		if (xca == NULL)
+			goto end;
+	}
+	if (!noout || text || next_serial) {
 		OBJ_create("2.99999.3",
-			"SET.ex3","SET x509v3 extension 3");
+		    "SET.ex3", "SET x509v3 extension 3");
 
-		out=BIO_new(BIO_s_file());
-		if (out == NULL)
-			{
+		out = BIO_new(BIO_s_file());
+		if (out == NULL) {
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-		if (outfile == NULL)
-			{
-			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-			}
-		else
-			{
-			if (BIO_write_filename(out,outfile) <= 0)
-				{
+		}
+		if (outfile == NULL) {
+			BIO_set_fp(out, stdout, BIO_NOCLOSE);
+		} else {
+			if (BIO_write_filename(out, outfile) <= 0) {
 				perror(outfile);
 				goto end;
-				}
 			}
 		}
+	}
+	if (alias)
+		X509_alias_set1(x, (unsigned char *) alias, -1);
 
-	if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
-
-	if (clrtrust) X509_trust_clear(x);
-	if (clrreject) X509_reject_clear(x);
+	if (clrtrust)
+		X509_trust_clear(x);
+	if (clrreject)
+		X509_reject_clear(x);
 
-	if (trust)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
-			{
+	if (trust) {
+		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
 			objtmp = sk_ASN1_OBJECT_value(trust, i);
 			X509_add1_trust_object(x, objtmp);
-			}
 		}
-
-	if (reject)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
-			{
+	}
+	if (reject) {
+		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
 			objtmp = sk_ASN1_OBJECT_value(reject, i);
 			X509_add1_reject_object(x, objtmp);
-			}
 		}
-
-	if (num)
-		{
-		for (i=1; i<=num; i++)
-			{
-			if (issuer == i)
-				{
+	}
+	if (num) {
+		for (i = 1; i <= num; i++) {
+			if (issuer == i) {
 				print_name(STDout, "issuer= ",
-					X509_get_issuer_name(x), nmflag);
-				}
-			else if (subject == i) 
-				{
+				    X509_get_issuer_name(x), nmflag);
+			} else if (subject == i) {
 				print_name(STDout, "subject= ",
-					X509_get_subject_name(x), nmflag);
-				}
-			else if (serial == i)
-				{
-				BIO_printf(STDout,"serial=");
+				    X509_get_subject_name(x), nmflag);
+			} else if (serial == i) {
+				BIO_printf(STDout, "serial=");
 				i2a_ASN1_INTEGER(STDout,
-					X509_get_serialNumber(x));
-				BIO_printf(STDout,"\n");
-				}
-			else if (next_serial == i)
-				{
+				    X509_get_serialNumber(x));
+				BIO_printf(STDout, "\n");
+			} else if (next_serial == i) {
 				BIGNUM *bnser;
 				ASN1_INTEGER *ser;
 				ser = X509_get_serialNumber(x);
@@ -748,174 +676,147 @@ bad:
 				i2a_ASN1_INTEGER(out, ser);
 				ASN1_INTEGER_free(ser);
 				BIO_puts(out, "\n");
-				}
-			else if ((email == i) || (ocsp_uri == i))
-				{
+			} else if ((email == i) || (ocsp_uri == i)) {
 				int j;
-				STACK_OF(OPENSSL_STRING) *emlst;
+				STACK_OF(OPENSSL_STRING) * emlst;
 				if (email == i)
 					emlst = X509_get1_email(x);
 				else
 					emlst = X509_get1_ocsp(x);
 				for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
 					BIO_printf(STDout, "%s\n",
-						   sk_OPENSSL_STRING_value(emlst, j));
+					    sk_OPENSSL_STRING_value(emlst, j));
 				X509_email_free(emlst);
-				}
-			else if (aliasout == i)
-				{
+			} else if (aliasout == i) {
 				unsigned char *alstr;
 				alstr = X509_alias_get0(x, NULL);
-				if (alstr) BIO_printf(STDout,"%s\n", alstr);
-				else BIO_puts(STDout,"\n");
-				}
-			else if (subject_hash == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
-				}
+				if (alstr)
+					BIO_printf(STDout, "%s\n", alstr);
+				else
+					BIO_puts(STDout, "\n");
+			} else if (subject_hash == i) {
+				BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
+			}
 #ifndef OPENSSL_NO_MD5
-			else if (subject_hash_old == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
-				}
+			else if (subject_hash_old == i) {
+				BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
+			}
 #endif
-			else if (issuer_hash == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
-				}
+			else if (issuer_hash == i) {
+				BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
+			}
 #ifndef OPENSSL_NO_MD5
-			else if (issuer_hash_old == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
-				}
+			else if (issuer_hash_old == i) {
+				BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x));
+			}
 #endif
-			else if (pprint == i)
-				{
+			else if (pprint == i) {
 				X509_PURPOSE *ptmp;
 				int j;
 				BIO_printf(STDout, "Certificate purposes:\n");
-				for (j = 0; j < X509_PURPOSE_get_count(); j++)
-					{
+				for (j = 0; j < X509_PURPOSE_get_count(); j++) {
 					ptmp = X509_PURPOSE_get0(j);
 					purpose_print(STDout, x, ptmp);
-					}
 				}
-			else
-				if (modulus == i)
-				{
+			} else if (modulus == i) {
 				EVP_PKEY *pkey;
 
-				pkey=X509_get_pubkey(x);
-				if (pkey == NULL)
-					{
-					BIO_printf(bio_err,"Modulus=unavailable\n");
+				pkey = X509_get_pubkey(x);
+				if (pkey == NULL) {
+					BIO_printf(bio_err, "Modulus=unavailable\n");
 					ERR_print_errors(bio_err);
 					goto end;
-					}
-				BIO_printf(STDout,"Modulus=");
+				}
+				BIO_printf(STDout, "Modulus=");
 #ifndef OPENSSL_NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
-					BN_print(STDout,pkey->pkey.rsa->n);
+					BN_print(STDout, pkey->pkey.rsa->n);
 				else
 #endif
 #ifndef OPENSSL_NO_DSA
 				if (pkey->type == EVP_PKEY_DSA)
-					BN_print(STDout,pkey->pkey.dsa->pub_key);
+					BN_print(STDout, pkey->pkey.dsa->pub_key);
 				else
 #endif
-					BIO_printf(STDout,"Wrong Algorithm type");
-				BIO_printf(STDout,"\n");
+					BIO_printf(STDout, "Wrong Algorithm type");
+				BIO_printf(STDout, "\n");
 				EVP_PKEY_free(pkey);
-				}
-			else
-				if (pubkey == i)
-				{
+			} else if (pubkey == i) {
 				EVP_PKEY *pkey;
 
-				pkey=X509_get_pubkey(x);
-				if (pkey == NULL)
-					{
-					BIO_printf(bio_err,"Error getting public key\n");
+				pkey = X509_get_pubkey(x);
+				if (pkey == NULL) {
+					BIO_printf(bio_err, "Error getting public key\n");
 					ERR_print_errors(bio_err);
 					goto end;
-					}
+				}
 				PEM_write_bio_PUBKEY(STDout, pkey);
 				EVP_PKEY_free(pkey);
-				}
-			else
-				if (C == i)
-				{
+			} else if (C == i) {
 				unsigned char *d;
 				char *m;
-				int y,z;
+				int y, z;
 
 				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,sizeof buf);
-				BIO_printf(STDout,"/* subject:%s */\n",buf);
-				m=X509_NAME_oneline(
-					X509_get_issuer_name(x),buf,
-					sizeof buf);
-				BIO_printf(STDout,"/* issuer :%s */\n",buf);
-
-				z=i2d_X509(x,NULL);
-				m=malloc(z);
-
-				d=(unsigned char *)m;
-				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
-				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
-				d=(unsigned char *)m;
-				for (y=0; y 0) X509_delete_ext(x, 0);
-		}
-
-	if (conf)
-		{
+	if (clrext) {
+		while (X509_get_ext_count(x) > 0)
+			X509_delete_ext(x, 0);
+	}
+	if (conf) {
 		X509V3_CTX ctx2;
-		X509_set_version(x,2); /* version 3 certificate */
-                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-                X509V3_set_nconf(&ctx2, conf);
-                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
-		}
-
+		X509_set_version(x, 2);	/* version 3 certificate */
+		X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+		X509V3_set_nconf(&ctx2, conf);
+		if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+			goto end;
+	}
 	if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
 		goto end;
-	ret=1;
+	ret = 1;
 end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (!sno) ASN1_INTEGER_free(bs);
+	if (!sno)
+		ASN1_INTEGER_free(bs);
 	return ret;
-	}
+}
 
-static int callb(int ok, X509_STORE_CTX *ctx)
-	{
+static int 
+callb(int ok, X509_STORE_CTX * ctx)
+{
 	int err;
 	X509 *err_cert;
 
-	/* it is ok to use a self signed certificate
-	 * This case will catch both the initial ok == 0 and the
-	 * final ok == 1 calls to this function */
-	err=X509_STORE_CTX_get_error(ctx);
+	/*
+	 * it is ok to use a self signed certificate This case will catch
+	 * both the initial ok == 0 and the final ok == 1 calls to this
+	 * function
+	 */
+	err = X509_STORE_CTX_get_error(ctx);
 	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
 		return 1;
 
-	/* BAD we should have gotten an error.  Normally if everything
-	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
-	 * DEPTH_ZERO_SELF_.... */
-	if (ok)
-		{
-		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
+	/*
+	 * BAD we should have gotten an error.  Normally if everything worked
+	 * X509_STORE_CTX_get_error(ctx) will still be set to
+	 * DEPTH_ZERO_SELF_....
+	 */
+	if (ok) {
+		BIO_printf(bio_err, "error with certificate to be certified - should be self signed\n");
 		return 0;
-		}
-	else
-		{
-		err_cert=X509_STORE_CTX_get_current_cert(ctx);
-		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
-		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
-			err,X509_STORE_CTX_get_error_depth(ctx),
-			X509_verify_cert_error_string(err));
+	} else {
+		err_cert = X509_STORE_CTX_get_current_cert(ctx);
+		print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+		BIO_printf(bio_err, "error with certificate - error %d at depth %d\n%s\n",
+		    err, X509_STORE_CTX_get_error_depth(ctx),
+		    X509_verify_cert_error_string(err));
 		return 1;
-		}
 	}
+}
 
 /* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
-						CONF *conf, char *section)
-	{
+static int 
+sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
+    CONF * conf, char *section)
+{
 
 	EVP_PKEY *pktmp;
 
 	pktmp = X509_get_pubkey(x);
-	EVP_PKEY_copy_parameters(pktmp,pkey);
-	EVP_PKEY_save_parameters(pktmp,1);
+	EVP_PKEY_copy_parameters(pktmp, pkey);
+	EVP_PKEY_save_parameters(pktmp, 1);
 	EVP_PKEY_free(pktmp);
 
-	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
-	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+	if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+		goto err;
+	if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+		goto err;
 
 	/* Lets just make it 12:00am GMT, Jan 1 1970 */
 	/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
 	/* 28 days to be certified */
 
-	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+	if (X509_gmtime_adj(X509_get_notAfter(x), (long) 60 * 60 * 24 * days) == NULL)
 		goto err;
 
-	if (!X509_set_pubkey(x,pkey)) goto err;
-	if (clrext)
-		{
-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-		}
-	if (conf)
-		{
+	if (!X509_set_pubkey(x, pkey))
+		goto err;
+	if (clrext) {
+		while (X509_get_ext_count(x) > 0)
+			X509_delete_ext(x, 0);
+	}
+	if (conf) {
 		X509V3_CTX ctx;
-		X509_set_version(x,2); /* version 3 certificate */
-                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-                X509V3_set_nconf(&ctx, conf);
-                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
-		}
-	if (!X509_sign(x,pkey,digest)) goto err;
+		X509_set_version(x, 2);	/* version 3 certificate */
+		X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+		X509V3_set_nconf(&ctx, conf);
+		if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+			goto err;
+	}
+	if (!X509_sign(x, pkey, digest))
+		goto err;
 	return 1;
 err:
 	ERR_print_errors(bio_err);
 	return 0;
-	}
+}
 
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+static int 
+purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt)
 {
 	int id, i, idret;
 	char *pname;
 	id = X509_PURPOSE_get_id(pt);
 	pname = X509_PURPOSE_get0_name(pt);
-	for (i = 0; i < 2; i++)
-		{
+	for (i = 0; i < 2; i++) {
 		idret = X509_check_purpose(cert, id, i);
-		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
-		if (idret == 1) BIO_printf(bio, "Yes\n");
-		else if (idret == 0) BIO_printf(bio, "No\n");
-		else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-		}
+		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+		if (idret == 1)
+			BIO_printf(bio, "Yes\n");
+		else if (idret == 0)
+			BIO_printf(bio, "No\n");
+		else
+			BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+	}
 	return 1;
 }
-- 
2.20.1