From d5b2c965637b862beecab683a8a5741bc99b8734 Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 16 Apr 2014 16:55:21 +0000 Subject: [PATCH] Initial KNF. --- lib/libssl/src/apps/ciphers.c | 175 ++++--- lib/libssl/src/apps/cms.c | 896 ++++++++++++++-------------------- lib/libssl/src/apps/crl.c | 464 +++++++++--------- lib/libssl/src/apps/crl2p7.c | 325 ++++++------ 4 files changed, 825 insertions(+), 1035 deletions(-) diff --git a/lib/libssl/src/apps/ciphers.c b/lib/libssl/src/apps/ciphers.c index b5ab166bc5c..fb798a440c2 100644 --- a/lib/libssl/src/apps/ciphers.c +++ b/lib/libssl/src/apps/ciphers.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -69,143 +69,140 @@ #undef PROG #define PROG ciphers_main -static const char *ciphers_usage[]={ -"usage: ciphers args\n", -" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", -" -V - even more verbose\n", -" -ssl2 - SSL2 mode\n", -" -ssl3 - SSL3 mode\n", -" -tls1 - TLS1 mode\n", -NULL +static const char *ciphers_usage[] = { + "usage: ciphers args\n", + " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", + " -V - even more verbose\n", + " -ssl2 - SSL2 mode\n", + " -ssl3 - SSL3 mode\n", + " -tls1 - TLS1 mode\n", + NULL }; int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - int ret=1,i; - int verbose=0,Verbose=0; +int +MAIN(int argc, char **argv) +{ + int ret = 1, i; + int verbose = 0, Verbose = 0; const char **pp; const char *p; - int badops=0; - SSL_CTX *ctx=NULL; - SSL *ssl=NULL; - char *ciphers=NULL; - const SSL_METHOD *meth=NULL; + int badops = 0; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + char *ciphers = NULL; + const SSL_METHOD *meth = NULL; STACK_OF(SSL_CIPHER) *sk; char buf[512]; - BIO *STDout=NULL; + BIO *STDout = NULL; - meth=SSLv3_server_method(); + meth = SSLv3_server_method(); apps_startup(); if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - STDout=BIO_new_fp(stdout,BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + STDout = BIO_new_fp(stdout, BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-v") == 0) - verbose=1; - else if (strcmp(*argv,"-V") == 0) - verbose=Verbose=1; - else if (strcmp(*argv,"-ssl3") == 0) - meth=SSLv3_client_method(); - else if (strcmp(*argv,"-tls1") == 0) - meth=TLSv1_client_method(); - else if ((strncmp(*argv,"-h",2) == 0) || - (strcmp(*argv,"-?") == 0)) - { - badops=1; + while (argc >= 1) { + if (strcmp(*argv, "-v") == 0) + verbose = 1; + else if (strcmp(*argv, "-V") == 0) + verbose = Verbose = 1; + else if (strcmp(*argv, "-ssl3") == 0) + meth = SSLv3_client_method(); + else if (strcmp(*argv, "-tls1") == 0) + meth = TLSv1_client_method(); + else if ((strncmp(*argv, "-h", 2) == 0) || + (strcmp(*argv, "-?") == 0)) { + badops = 1; break; - } - else - { + } else { ciphers= *argv; - } + } argc--; argv++; - } + } - if (badops) - { - for (pp=ciphers_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,"%s",*pp); + if (badops) { + for (pp = ciphers_usage; (*pp != NULL); pp++) + BIO_printf(bio_err, "%s", *pp); goto end; - } + } OpenSSL_add_ssl_algorithms(); - ctx=SSL_CTX_new(meth); - if (ctx == NULL) goto err; + ctx = SSL_CTX_new(meth); + if (ctx == NULL) + goto err; if (ciphers != NULL) { - if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { + if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { BIO_printf(bio_err, "Error in cipher list\n"); goto err; } } - ssl=SSL_new(ctx); - if (ssl == NULL) goto err; - - - if (!verbose) - { - for (i=0; ; i++) - { - p=SSL_get_cipher_list(ssl,i); - if (p == NULL) break; - if (i != 0) BIO_printf(STDout,":"); - BIO_printf(STDout,"%s",p); - } - BIO_printf(STDout,"\n"); + ssl = SSL_new(ctx); + if (ssl == NULL) + goto err; + + + if (!verbose) { + for (i = 0; ; i++) { + p = SSL_get_cipher_list(ssl, i); + if (p == NULL) + break; + if (i != 0) + BIO_printf(STDout, ":"); + BIO_printf(STDout, "%s", p); } + BIO_printf(STDout, "\n"); + } else /* verbose */ - { - sk=SSL_get_ciphers(ssl); + { + sk = SSL_get_ciphers(ssl); - for (i=0; i> 24); int id1 = (int)((id >> 16) & 0xffL); int id2 = (int)((id >> 8) & 0xffL); int id3 = (int)(id & 0xffL); - + if ((id & 0xff000000L) == 0x02000000L) BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ else if ((id & 0xff000000L) == 0x03000000L) BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ else BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ - } - - BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); } + + BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); } + } - ret=0; - if (0) - { + ret = 0; + if (0) { err: SSL_load_error_strings(); ERR_print_errors(bio_err); - } + } end: - if (ctx != NULL) SSL_CTX_free(ctx); - if (ssl != NULL) SSL_free(ssl); - if (STDout != NULL) BIO_free_all(STDout); + if (ctx != NULL) + SSL_CTX_free(ctx); + if (ssl != NULL) + SSL_free(ssl); + if (STDout != NULL) + BIO_free_all(STDout); apps_shutdown(); OPENSSL_EXIT(ret); - } - +} diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index 801d523caf3..553b6de76e5 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -71,9 +71,10 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); -static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from); +static CMS_ReceiptRequest * +make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, + int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from); #define SMIME_OP 0x10 #define SMIME_IP 0x20 @@ -99,8 +100,9 @@ int verify_err = 0; int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ ENGINE *e = NULL; int operation = 0; int ret = 0; @@ -109,7 +111,7 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *rctfile = NULL; char *signerfile = NULL, *recipfile = NULL; STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL; @@ -131,9 +133,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; + int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif unsigned char *secret_key = NULL, *secret_keyid = NULL; unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; @@ -148,17 +150,15 @@ int MAIN(int argc, char **argv) apps_startup(); - if (bio_err == NULL) - { + if (bio_err == NULL) { if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); - } + } if (!load_config(bio_err, NULL)) goto end; - while (!badarg && *args && *args[0] == '-') - { + while (!badarg && *args && *args[0] == '-') { if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; else if (!strcmp (*args, "-decrypt")) @@ -173,15 +173,13 @@ int MAIN(int argc, char **argv) operation = SMIME_VERIFY; else if (!strcmp (*args, "-verify_retcode")) verify_retcode = 1; - else if (!strcmp(*args,"-verify_receipt")) - { + else if (!strcmp(*args, "-verify_receipt")) { operation = SMIME_VERIFY_RECEIPT; if (!args[1]) goto argerr; args++; rctfile = *args; - } - else if (!strcmp (*args, "-cmsout")) + } else if (!strcmp (*args, "-cmsout")) operation = SMIME_CMSOUT; else if (!strcmp (*args, "-data_out")) operation = SMIME_DATAOUT; @@ -200,202 +198,182 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-EncryptedData_encrypt")) operation = SMIME_ENCRYPTED_ENCRYPT; #ifndef OPENSSL_NO_DES - else if (!strcmp (*args, "-des3")) - cipher = EVP_des_ede3_cbc(); - else if (!strcmp (*args, "-des")) - cipher = EVP_des_cbc(); + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); #endif #ifndef OPENSSL_NO_SEED - else if (!strcmp (*args, "-seed")) - cipher = EVP_seed_cbc(); + else if (!strcmp (*args, "-seed")) + cipher = EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_RC2 - else if (!strcmp (*args, "-rc2-40")) - cipher = EVP_rc2_40_cbc(); - else if (!strcmp (*args, "-rc2-128")) - cipher = EVP_rc2_cbc(); - else if (!strcmp (*args, "-rc2-64")) - cipher = EVP_rc2_64_cbc(); + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); #endif #ifndef OPENSSL_NO_AES - else if (!strcmp(*args,"-aes128")) - cipher = EVP_aes_128_cbc(); - else if (!strcmp(*args,"-aes192")) - cipher = EVP_aes_192_cbc(); - else if (!strcmp(*args,"-aes256")) - cipher = EVP_aes_256_cbc(); + else if (!strcmp(*args, "-aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*args, "-aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*args, "-aes256")) + cipher = EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args,"-camellia128")) - cipher = EVP_camellia_128_cbc(); - else if (!strcmp(*args,"-camellia192")) - cipher = EVP_camellia_192_cbc(); - else if (!strcmp(*args,"-camellia256")) - cipher = EVP_camellia_256_cbc(); + else if (!strcmp(*args, "-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args, "-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args, "-camellia256")) + cipher = EVP_camellia_256_cbc(); #endif - else if (!strcmp (*args, "-debug_decrypt")) - flags |= CMS_DEBUG_DECRYPT; - else if (!strcmp (*args, "-text")) - flags |= CMS_TEXT; - else if (!strcmp (*args, "-nointern")) - flags |= CMS_NOINTERN; - else if (!strcmp (*args, "-noverify") - || !strcmp (*args, "-no_signer_cert_verify")) - flags |= CMS_NO_SIGNER_CERT_VERIFY; - else if (!strcmp (*args, "-nocerts")) - flags |= CMS_NOCERTS; - else if (!strcmp (*args, "-noattr")) - flags |= CMS_NOATTR; - else if (!strcmp (*args, "-nodetach")) - flags &= ~CMS_DETACHED; + else if (!strcmp (*args, "-debug_decrypt")) + flags |= CMS_DEBUG_DECRYPT; + else if (!strcmp (*args, "-text")) + flags |= CMS_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= CMS_NOINTERN; + else if (!strcmp (*args, "-noverify") || + !strcmp (*args, "-no_signer_cert_verify")) + flags |= CMS_NO_SIGNER_CERT_VERIFY; + else if (!strcmp (*args, "-nocerts")) + flags |= CMS_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= CMS_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~CMS_DETACHED; else if (!strcmp (*args, "-nosmimecap")) - flags |= CMS_NOSMIMECAP; + flags |= CMS_NOSMIMECAP; else if (!strcmp (*args, "-binary")) - flags |= CMS_BINARY; + flags |= CMS_BINARY; else if (!strcmp (*args, "-keyid")) - flags |= CMS_USE_KEYID; + flags |= CMS_USE_KEYID; else if (!strcmp (*args, "-nosigs")) - flags |= CMS_NOSIGS; + flags |= CMS_NOSIGS; else if (!strcmp (*args, "-no_content_verify")) - flags |= CMS_NO_CONTENT_VERIFY; + flags |= CMS_NO_CONTENT_VERIFY; else if (!strcmp (*args, "-no_attr_verify")) - flags |= CMS_NO_ATTR_VERIFY; + flags |= CMS_NO_ATTR_VERIFY; else if (!strcmp (*args, "-stream")) - flags |= CMS_STREAM; + flags |= CMS_STREAM; else if (!strcmp (*args, "-indef")) - flags |= CMS_STREAM; + flags |= CMS_STREAM; else if (!strcmp (*args, "-noindef")) - flags &= ~CMS_STREAM; + flags &= ~CMS_STREAM; else if (!strcmp (*args, "-nooldmime")) - flags |= CMS_NOOLDMIMETYPE; + flags |= CMS_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) - flags |= CMS_CRLFEOL; + flags |= CMS_CRLFEOL; else if (!strcmp (*args, "-noout")) - noout = 1; + noout = 1; else if (!strcmp (*args, "-receipt_request_print")) - rr_print = 1; + rr_print = 1; else if (!strcmp (*args, "-receipt_request_all")) - rr_allorfirst = 0; + rr_allorfirst = 0; else if (!strcmp (*args, "-receipt_request_first")) - rr_allorfirst = 1; - else if (!strcmp(*args,"-receipt_request_from")) - { + rr_allorfirst = 1; + else if (!strcmp(*args, "-receipt_request_from")) { if (!args[1]) goto argerr; args++; if (!rr_from) rr_from = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_from, *args); - } - else if (!strcmp(*args,"-receipt_request_to")) - { + } + else if (!strcmp(*args, "-receipt_request_to")) { if (!args[1]) goto argerr; args++; if (!rr_to) rr_to = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_to, *args); - } - else if (!strcmp (*args, "-print")) - { - noout = 1; - print = 1; - } - else if (!strcmp(*args,"-secretkey")) - { + } + else if (!strcmp (*args, "-print")) { + noout = 1; + print = 1; + } + else if (!strcmp(*args, "-secretkey")) { long ltmp; if (!args[1]) goto argerr; args++; secret_key = string_to_hex(*args, <mp); - if (!secret_key) - { + if (!secret_key) { BIO_printf(bio_err, "Invalid key %s\n", *args); goto argerr; - } - secret_keylen = (size_t)ltmp; } - else if (!strcmp(*args,"-secretkeyid")) - { + secret_keylen = (size_t)ltmp; + } + else if (!strcmp(*args, "-secretkeyid")) { long ltmp; if (!args[1]) goto argerr; args++; secret_keyid = string_to_hex(*args, <mp); - if (!secret_keyid) - { + if (!secret_keyid) { BIO_printf(bio_err, "Invalid id %s\n", *args); goto argerr; - } - secret_keyidlen = (size_t)ltmp; } - else if (!strcmp(*args,"-pwri_password")) - { + secret_keyidlen = (size_t)ltmp; + } + else if (!strcmp(*args, "-pwri_password")) { if (!args[1]) goto argerr; args++; pwri_pass = (unsigned char *)*args; - } - else if (!strcmp(*args,"-econtent_type")) - { + } else if (!strcmp(*args, "-econtent_type")) { if (!args[1]) goto argerr; args++; econtent_type = OBJ_txt2obj(*args, 0); - if (!econtent_type) - { + if (!econtent_type) { BIO_printf(bio_err, "Invalid OID %s\n", *args); goto argerr; - } } - else if (!strcmp(*args,"-rand")) - { + } else if (!strcmp(*args, "-rand")) { if (!args[1]) goto argerr; args++; inrand = *args; need_rand = 1; - } + } #ifndef OPENSSL_NO_ENGINE - else if (!strcmp(*args,"-engine")) - { + else if (!strcmp(*args, "-engine")) { if (!args[1]) goto argerr; engine = *++args; - } + } #endif - else if (!strcmp(*args,"-passin")) - { + else if (!strcmp(*args, "-passin")) { if (!args[1]) goto argerr; passargin = *++args; - } - else if (!strcmp (*args, "-to")) - { + } + else if (!strcmp (*args, "-to")) { if (!args[1]) goto argerr; to = *++args; - } - else if (!strcmp (*args, "-from")) - { + } + else if (!strcmp (*args, "-from")) { if (!args[1]) goto argerr; from = *++args; - } - else if (!strcmp (*args, "-subject")) - { + } + else if (!strcmp (*args, "-subject")) { if (!args[1]) goto argerr; subject = *++args; - } - else if (!strcmp (*args, "-signer")) - { + } + else if (!strcmp (*args, "-signer")) { if (!args[1]) goto argerr; /* If previous -signer argument add signer to list */ - if (signerfile) - { + if (signerfile) { if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -405,45 +383,34 @@ int MAIN(int argc, char **argv) skkeys = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(skkeys, keyfile); keyfile = NULL; - } - signerfile = *++args; } - else if (!strcmp (*args, "-recip")) - { + signerfile = *++args; + } else if (!strcmp (*args, "-recip")) { if (!args[1]) goto argerr; recipfile = *++args; - } - else if (!strcmp (*args, "-certsout")) - { + } else if (!strcmp (*args, "-certsout")) { if (!args[1]) goto argerr; certsoutfile = *++args; - } - else if (!strcmp (*args, "-md")) - { + } else if (!strcmp (*args, "-md")) { if (!args[1]) goto argerr; sign_md = EVP_get_digestbyname(*++args); - if (sign_md == NULL) - { + if (sign_md == NULL) { BIO_printf(bio_err, "Unknown digest %s\n", - *args); + *args); goto argerr; - } } - else if (!strcmp (*args, "-inkey")) - { - if (!args[1]) + } else if (!strcmp (*args, "-inkey")) { + if (!args[1]) goto argerr; /* If previous -inkey arument add signer to list */ - if (keyfile) - { - if (!signerfile) - { + if (keyfile) { + if (!signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; - } + } if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -451,103 +418,76 @@ int MAIN(int argc, char **argv) if (!skkeys) skkeys = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = *++args; } - else if (!strcmp (*args, "-keyform")) - { + keyfile = *++args; + } else if (!strcmp (*args, "-keyform")) { if (!args[1]) goto argerr; keyform = str2fmt(*++args); - } - else if (!strcmp (*args, "-rctform")) - { + } else if (!strcmp (*args, "-rctform")) { if (!args[1]) goto argerr; rctformat = str2fmt(*++args); - } - else if (!strcmp (*args, "-certfile")) - { + } else if (!strcmp (*args, "-certfile")) { if (!args[1]) goto argerr; certfile = *++args; - } - else if (!strcmp (*args, "-CAfile")) - { + } else if (!strcmp (*args, "-CAfile")) { if (!args[1]) goto argerr; CAfile = *++args; - } - else if (!strcmp (*args, "-CApath")) - { + } else if (!strcmp (*args, "-CApath")) { if (!args[1]) goto argerr; CApath = *++args; - } - else if (!strcmp (*args, "-in")) - { + } else if (!strcmp (*args, "-in")) { if (!args[1]) goto argerr; infile = *++args; - } - else if (!strcmp (*args, "-inform")) - { + } else if (!strcmp (*args, "-inform")) { if (!args[1]) goto argerr; informat = str2fmt(*++args); - } - else if (!strcmp (*args, "-outform")) - { + } else if (!strcmp (*args, "-outform")) { if (!args[1]) goto argerr; outformat = str2fmt(*++args); - } - else if (!strcmp (*args, "-out")) - { + } else if (!strcmp (*args, "-out")) { if (!args[1]) goto argerr; outfile = *++args; - } - else if (!strcmp (*args, "-content")) - { + } else if (!strcmp (*args, "-content")) { if (!args[1]) goto argerr; contfile = *++args; - } - else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) continue; else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) badarg = 1; args++; - } + } - if (((rr_allorfirst != -1) || rr_from) && !rr_to) - { + if (((rr_allorfirst != -1) || rr_from) && !rr_to) { BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto argerr; - } + } - if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) - { + if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto argerr; - } - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) - { + } + if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; - } + } - if (operation & SMIME_SIGNERS) - { - if (keyfile && !signerfile) - { + if (operation & SMIME_SIGNERS) { + if (keyfile && !signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; - } + } /* Check to see if any final signer needs to be appended */ - if (signerfile) - { + if (signerfile) { if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -556,39 +496,29 @@ int MAIN(int argc, char **argv) if (!keyfile) keyfile = signerfile; sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (!sksigners) - { + } + if (!sksigners) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; - } + } signerfile = NULL; keyfile = NULL; need_rand = 1; - } - - else if (operation == SMIME_DECRYPT) - { - if (!recipfile && !keyfile && !secret_key && !pwri_pass) - { + } else if (operation == SMIME_DECRYPT) { + if (!recipfile && !keyfile && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; - } } - else if (operation == SMIME_ENCRYPT) - { - if (!*args && !secret_key && !pwri_pass) - { + } else if (operation == SMIME_ENCRYPT) { + if (!*args && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; - } - need_rand = 1; } - else if (!operation) + need_rand = 1; + } else if (!operation) badarg = 1; - if (badarg) - { + if (badarg) { argerr: BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); BIO_printf (bio_err, "where options are\n"); @@ -653,300 +583,245 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " the random number generator\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; - } + } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) - { + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; - } + } - if (need_rand) - { + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } ret = 2; if (!(operation & SMIME_SIGNERS)) flags &= ~CMS_DETACHED; - if (operation & SMIME_OP) - { + if (operation & SMIME_OP) { if (outformat == FORMAT_ASN1) outmode = "wb"; - } - else - { + } else { if (flags & CMS_BINARY) outmode = "wb"; - } + } - if (operation & SMIME_IP) - { + if (operation & SMIME_IP) { if (informat == FORMAT_ASN1) inmode = "rb"; - } - else - { + } else { if (flags & CMS_BINARY) inmode = "rb"; - } + } - if (operation == SMIME_ENCRYPT) - { - if (!cipher) - { -#ifndef OPENSSL_NO_DES + if (operation == SMIME_ENCRYPT) { + if (!cipher) { +#ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif - } + } - if (secret_key && !secret_keyid) - { + if (secret_key && !secret_keyid) { BIO_printf(bio_err, "No secret key id\n"); goto end; - } + } if (*args) encerts = sk_X509_new_null(); - while (*args) - { - if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, - NULL, e, "recipient certificate file"))) + while (*args) { + if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "recipient certificate file"))) goto end; sk_X509_push(encerts, cert); cert = NULL; args++; - } } + } - if (certfile) - { - if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, - e, "certificate file"))) - { + if (certfile) { + if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, + e, "certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (recipfile && (operation == SMIME_DECRYPT)) - { - if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, - e, "recipient certificate file"))) - { + if (recipfile && (operation == SMIME_DECRYPT)) { + if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, + e, "recipient certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (operation == SMIME_SIGN_RECEIPT) - { - if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, - e, "receipt signer certificate file"))) - { + if (operation == SMIME_SIGN_RECEIPT) { + if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, + e, "receipt signer certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (operation == SMIME_DECRYPT) - { + if (operation == SMIME_DECRYPT) { if (!keyfile) keyfile = recipfile; - } - else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) - { + } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) { if (!keyfile) keyfile = signerfile; - } - else keyfile = NULL; + } else + keyfile = NULL; - if (keyfile) - { + if (keyfile) { key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + "signing key file"); if (!key) goto end; - } + } - if (infile) - { - if (!(in = BIO_new_file(infile, inmode))) - { + if (infile) { + if (!(in = BIO_new_file(infile, inmode))) { BIO_printf (bio_err, - "Can't open input file %s\n", infile); + "Can't open input file %s\n", infile); goto end; - } } - else + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (operation & SMIME_IP) - { - if (informat == FORMAT_SMIME) + if (operation & SMIME_IP) { + if (informat == FORMAT_SMIME) cms = SMIME_read_CMS(in, &indata); - else if (informat == FORMAT_PEM) + else if (informat == FORMAT_PEM) cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) cms = d2i_CMS_bio(in, NULL); - else - { + else { BIO_printf(bio_err, "Bad input format for CMS file\n"); goto end; - } + } - if (!cms) - { + if (!cms) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; - } - if (contfile) - { + } + if (contfile) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) - { + if (!(indata = BIO_new_file(contfile, "rb"))) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; - } } - if (certsoutfile) - { + } + if (certsoutfile) { STACK_OF(X509) *allcerts; allcerts = CMS_get1_certs(cms); - if (!save_certs(certsoutfile, allcerts)) - { + if (!save_certs(certsoutfile, allcerts)) { BIO_printf(bio_err, - "Error writing certs to %s\n", - certsoutfile); + "Error writing certs to %s\n", + certsoutfile); ret = 5; goto end; - } - sk_X509_pop_free(allcerts, X509_free); } + sk_X509_pop_free(allcerts, X509_free); } + } - if (rctfile) - { + if (rctfile) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - if (!(rctin = BIO_new_file(rctfile, rctmode))) - { + if (!(rctin = BIO_new_file(rctfile, rctmode))) { BIO_printf (bio_err, - "Can't open receipt file %s\n", rctfile); + "Can't open receipt file %s\n", rctfile); goto end; - } - - if (rctformat == FORMAT_SMIME) + } + + if (rctformat == FORMAT_SMIME) rcms = SMIME_read_CMS(rctin, NULL); - else if (rctformat == FORMAT_PEM) + else if (rctformat == FORMAT_PEM) rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); - else if (rctformat == FORMAT_ASN1) + else if (rctformat == FORMAT_ASN1) rcms = d2i_CMS_bio(rctin, NULL); - else - { + else { BIO_printf(bio_err, "Bad input format for receipt\n"); goto end; - } + } - if (!rcms) - { + if (!rcms) { BIO_printf(bio_err, "Error reading receipt\n"); goto end; - } } + } - if (outfile) - { - if (!(out = BIO_new_file(outfile, outmode))) - { + if (outfile) { + if (!(out = BIO_new_file(outfile, outmode))) { BIO_printf (bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", outfile); goto end; - } } - else - { + } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); - } + } - if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) - { + if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { if (!(store = setup_verify(bio_err, CAfile, CApath))) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpm) X509_STORE_set1_param(store, vpm); - } + } ret = 3; - if (operation == SMIME_DATA_CREATE) - { + if (operation == SMIME_DATA_CREATE) { cms = CMS_data_create(in, flags); - } - else if (operation == SMIME_DIGEST_CREATE) - { + } else if (operation == SMIME_DIGEST_CREATE) { cms = CMS_digest_create(in, sign_md, flags); - } - else if (operation == SMIME_COMPRESS) - { + } else if (operation == SMIME_COMPRESS) { cms = CMS_compress(in, -1, flags); - } - else if (operation == SMIME_ENCRYPT) - { + } else if (operation == SMIME_ENCRYPT) { flags |= CMS_PARTIAL; cms = CMS_encrypt(encerts, in, cipher, flags); if (!cms) goto end; - if (secret_key) - { - if (!CMS_add0_recipient_key(cms, NID_undef, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) + if (secret_key) { + if (!CMS_add0_recipient_key(cms, NID_undef, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) goto end; /* NULL these because call absorbs them */ secret_key = NULL; secret_keyid = NULL; - } - if (pwri_pass) - { + } + if (pwri_pass) { pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); if (!pwri_tmp) goto end; if (!CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, - pwri_tmp, -1, NULL)) + -1, NID_undef, NID_undef, + pwri_tmp, -1, NULL)) goto end; pwri_tmp = NULL; - } - if (!(flags & CMS_STREAM)) - { + } + if (!(flags & CMS_STREAM)) { if (!CMS_final(cms, in, NULL, flags)) goto end; - } } - else if (operation == SMIME_ENCRYPTED_ENCRYPT) - { + } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt(in, cipher, - secret_key, secret_keylen, - flags); + secret_key, secret_keylen, + flags); - } - else if (operation == SMIME_SIGN_RECEIPT) - { + } else if (operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; @@ -959,21 +834,17 @@ int MAIN(int argc, char **argv) goto end; CMS_ContentInfo_free(cms); cms = srcms; - } - else if (operation & SMIME_SIGNERS) - { + } else if (operation & SMIME_SIGNERS) { int i; /* If detached data content we enable streaming if * S/MIME output format. */ - if (operation == SMIME_SIGN) - { - - if (flags & CMS_DETACHED) - { + if (operation == SMIME_SIGN) { + + if (flags & CMS_DETACHED) { if (outformat == FORMAT_SMIME) flags |= CMS_STREAM; - } + } flags |= CMS_PARTIAL; cms = CMS_sign(NULL, NULL, other, in, flags); if (!cms) @@ -981,31 +852,27 @@ int MAIN(int argc, char **argv) if (econtent_type) CMS_set1_eContentType(cms, econtent_type); - if (rr_to) - { + if (rr_to) { rr = make_receipt_request(rr_to, rr_allorfirst, - rr_from); - if (!rr) - { + rr_from); + if (!rr) { BIO_puts(bio_err, - "Signed Receipt Request Creation Error\n"); + "Signed Receipt Request Creation Error\n"); goto end; - } } } - else + } else flags |= CMS_REUSE_DIGEST; - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { CMS_SignerInfo *si; signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, - e, "signer certificate"); + signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, + e, "signer certificate"); if (!signer) goto end; key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + "signing key file"); if (!key) goto end; si = CMS_add1_signer(cms, signer, key, sign_md, flags); @@ -1017,139 +884,107 @@ int MAIN(int argc, char **argv) signer = NULL; EVP_PKEY_free(key); key = NULL; - } + } /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) - { + if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { if (!CMS_final(cms, in, NULL, flags)) goto end; - } } + } - if (!cms) - { + if (!cms) { BIO_printf(bio_err, "Error creating CMS structure\n"); goto end; - } + } ret = 4; - if (operation == SMIME_DECRYPT) - { + if (operation == SMIME_DECRYPT) { if (flags & CMS_DEBUG_DECRYPT) CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); - if (secret_key) - { + if (secret_key) { if (!CMS_decrypt_set1_key(cms, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen)) - { + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) { BIO_puts(bio_err, - "Error decrypting CMS using secret key\n"); + "Error decrypting CMS using secret key\n"); goto end; - } } + } - if (key) - { - if (!CMS_decrypt_set1_pkey(cms, key, recip)) - { + if (key) { + if (!CMS_decrypt_set1_pkey(cms, key, recip)) { BIO_puts(bio_err, - "Error decrypting CMS using private key\n"); + "Error decrypting CMS using private key\n"); goto end; - } } + } - if (pwri_pass) - { - if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) - { + if (pwri_pass) { + if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { BIO_puts(bio_err, - "Error decrypting CMS using password\n"); + "Error decrypting CMS using password\n"); goto end; - } } + } - if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) - { + if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { BIO_printf(bio_err, "Error decrypting CMS structure\n"); goto end; - } } - else if (operation == SMIME_DATAOUT) - { + } else if (operation == SMIME_DATAOUT) { if (!CMS_data(cms, out, flags)) goto end; - } - else if (operation == SMIME_UNCOMPRESS) - { + } else if (operation == SMIME_UNCOMPRESS) { if (!CMS_uncompress(cms, indata, out, flags)) goto end; - } - else if (operation == SMIME_DIGEST_VERIFY) - { + } else if (operation == SMIME_DIGEST_VERIFY) { if (CMS_digest_verify(cms, indata, out, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); goto end; - } } - else if (operation == SMIME_ENCRYPTED_DECRYPT) - { + } else if (operation == SMIME_ENCRYPTED_DECRYPT) { if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) + indata, out, flags)) goto end; - } - else if (operation == SMIME_VERIFY) - { + } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); if (verify_retcode) ret = verify_err + 32; goto end; - } - if (signerfile) - { + } + if (signerfile) { STACK_OF(X509) *signers; signers = CMS_get0_signers(cms); - if (!save_certs(signerfile, signers)) - { + if (!save_certs(signerfile, signers)) { BIO_printf(bio_err, - "Error writing signers to %s\n", - signerfile); + "Error writing signers to %s\n", + signerfile); ret = 5; goto end; - } - sk_X509_free(signers); } + sk_X509_free(signers); + } if (rr_print) receipt_request_print(bio_err, cms); - - } - else if (operation == SMIME_VERIFY_RECEIPT) - { + + } else if (operation == SMIME_VERIFY_RECEIPT) { if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); goto end; - } } - else - { - if (noout) - { + } else { + if (noout) { if (print) CMS_ContentInfo_print_ctx(out, cms, 0, NULL); - } - else if (outformat == FORMAT_SMIME) - { + } else if (outformat == FORMAT_SMIME) { if (to) BIO_printf(out, "To: %s\n", to); if (from) @@ -1160,22 +995,19 @@ int MAIN(int argc, char **argv) ret = SMIME_write_CMS(out, cms, indata, flags); else ret = SMIME_write_CMS(out, cms, in, flags); - } - else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) ret = PEM_write_bio_CMS_stream(out, cms, in, flags); - else if (outformat == FORMAT_ASN1) - ret = i2d_CMS_bio_stream(out,cms, in, flags); - else - { + else if (outformat == FORMAT_ASN1) + ret = i2d_CMS_bio_stream(out, cms, in, flags); + else { BIO_printf(bio_err, "Bad output format for CMS file\n"); goto end; - } - if (ret <= 0) - { + } + if (ret <= 0) { ret = 6; goto end; - } } + } ret = 0; end: if (ret) @@ -1215,66 +1047,69 @@ end: BIO_free(in); BIO_free(indata); BIO_free_all(out); - if (passin) OPENSSL_free(passin); + if (passin) + OPENSSL_free(passin); return (ret); } -static int save_certs(char *signerfile, STACK_OF(X509) *signers) - { +static int +save_certs(char *signerfile, STACK_OF(X509) *signers) +{ int i; BIO *tmp; if (!signerfile) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) return 0; - for(i = 0; i < sk_X509_num(signers); i++) + if (!tmp) + return 0; + for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); BIO_free(tmp); return 1; - } - +} + /* Minimal callback just to output policy info (if any) */ -static int cms_cb(int ok, X509_STORE_CTX *ctx) - { +static int +cms_cb(int ok, X509_STORE_CTX *ctx) +{ int error; error = X509_STORE_CTX_get_error(ctx); verify_err = error; - if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) - && ((error != X509_V_OK) || (ok != 2))) + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) && + ((error != X509_V_OK) || (ok != 2))) return ok; policies_print(NULL, ctx); return ok; +} - } - -static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) - { +static void +gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) +{ STACK_OF(GENERAL_NAME) *gens; GENERAL_NAME *gen; int i, j; - for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) - { + for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { gens = sk_GENERAL_NAMES_value(gns, i); - for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) - { + for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { gen = sk_GENERAL_NAME_value(gens, j); BIO_puts(out, " "); GENERAL_NAME_print(out, gen); BIO_puts(out, "\n"); - } } - return; } + return; +} -static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) - { +static void +receipt_request_print(BIO *out, CMS_ContentInfo *cms) +{ STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; CMS_ReceiptRequest *rr; @@ -1283,35 +1118,29 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) ASN1_STRING *scid; int i, rv; sis = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) { si = sk_CMS_SignerInfo_value(sis, i); rv = CMS_get1_ReceiptRequest(si, &rr); BIO_printf(bio_err, "Signer %d:\n", i + 1); if (rv == 0) BIO_puts(bio_err, " No Receipt Request\n"); - else if (rv < 0) - { + else if (rv < 0) { BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); - } - else - { + } else { char *id; int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, - &rlist, &rto); + &rlist, &rto); BIO_puts(out, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); id = (char *)ASN1_STRING_data(scid); BIO_dump_indent(out, id, idlen, 4); BIO_puts(out, " Receipts From"); - if (rlist) - { + if (rlist) { BIO_puts(out, " List:\n"); gnames_stack_print(out, rlist); - } - else if (allorfirst == 1) + } else if (allorfirst == 1) BIO_puts(out, ": First Tier\n"); else if (allorfirst == 0) BIO_puts(out, ": All\n"); @@ -1319,14 +1148,15 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) BIO_printf(out, " Unknown (%d)\n", allorfirst); BIO_puts(out, " Receipts To:\n"); gnames_stack_print(out, rto); - } + } if (rr) CMS_ReceiptRequest_free(rr); - } } +} -static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) - { +static +STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) +{ int i; STACK_OF(GENERAL_NAMES) *ret; GENERAL_NAMES *gens = NULL; @@ -1334,8 +1164,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) ret = sk_GENERAL_NAMES_new_null(); if (!ret) goto err; - for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { char *str = sk_OPENSSL_STRING_value(ns, i); gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); if (!gen) @@ -1349,11 +1178,11 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (!sk_GENERAL_NAMES_push(ret, gens)) goto err; gens = NULL; - } + } return ret; - err: +err: if (ret) sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); if (gens) @@ -1361,31 +1190,30 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (gen) GENERAL_NAME_free(gen); return NULL; - } +} -static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from) - { +static CMS_ReceiptRequest * +make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from) +{ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); if (!rct_to) goto err; - if (rr_from) - { + if (rr_from) { rct_from = make_names_stack(rr_from); if (!rct_from) goto err; - } - else + } else rct_from = NULL; rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, - rct_to); + rct_to); return rr; - err: + +err: return NULL; - } +} #endif diff --git a/lib/libssl/src/apps/crl.c b/lib/libssl/src/apps/crl.c index 88e606554ab..58c711813f7 100644 --- a/lib/libssl/src/apps/crl.c +++ b/lib/libssl/src/apps/crl.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,47 +72,48 @@ #undef POSTFIX #define POSTFIX ".rvk" -static const char *crl_usage[]={ -"usage: crl args\n", -"\n", -" -inform arg - input format - default PEM (DER or PEM)\n", -" -outform arg - output format - default PEM\n", -" -text - print out a text format version\n", -" -in arg - input file - default stdin\n", -" -out arg - output file - default stdout\n", -" -hash - print hash value\n", +static const char *crl_usage[] = { + "usage: crl args\n", + "\n", + " -inform arg - input format - default PEM (DER or PEM)\n", + " -outform arg - output format - default PEM\n", + " -text - print out a text format version\n", + " -in arg - input file - default stdin\n", + " -out arg - output file - default stdout\n", + " -hash - print hash value\n", #ifndef OPENSSL_NO_MD5 -" -hash_old - print old-style (MD5) hash value\n", + " -hash_old - print old-style (MD5) hash value\n", #endif -" -fingerprint - print the crl fingerprint\n", -" -issuer - print issuer DN\n", -" -lastupdate - lastUpdate field\n", -" -nextupdate - nextUpdate field\n", -" -crlnumber - print CRL number\n", -" -noout - no CRL output\n", -" -CAfile name - verify CRL using certificates in file \"name\"\n", -" -CApath dir - verify CRL using certificates in \"dir\"\n", -" -nameopt arg - various certificate name options\n", -NULL + " -fingerprint - print the crl fingerprint\n", + " -issuer - print issuer DN\n", + " -lastupdate - lastUpdate field\n", + " -nextupdate - nextUpdate field\n", + " -crlnumber - print CRL number\n", + " -noout - no CRL output\n", + " -CAfile name - verify CRL using certificates in file \"name\"\n", + " -CApath dir - verify CRL using certificates in \"dir\"\n", + " -nameopt arg - various certificate name options\n", + NULL }; static X509_CRL *load_crl(char *file, int format); -static BIO *bio_out=NULL; +static BIO *bio_out = NULL; int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ unsigned long nmflag = 0; - X509_CRL *x=NULL; + X509_CRL *x = NULL; char *CAfile = NULL, *CApath = NULL; - int ret=1,i,num,badops=0; - BIO *out=NULL; - int informat,outformat; - char *infile=NULL,*outfile=NULL; - int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; + int ret = 1, i, num, badops = 0; + BIO *out = NULL; + int informat, outformat; + char *infile = NULL, *outfile = NULL; + int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0; #ifndef OPENSSL_NO_MD5 - int hash_old=0; + int hash_old = 0; #endif int fingerprint = 0, crlnumber = 0; const char **pp; @@ -122,331 +123,306 @@ int MAIN(int argc, char **argv) X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_sha1(); + const EVP_MD *md_alg, *digest = EVP_sha1(); apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; if (bio_out == NULL) - if ((bio_out=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); - } + if ((bio_out = BIO_new(BIO_s_file())) != NULL) { + BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); + } - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; argc--; argv++; - num=0; - while (argc >= 1) - { + num = 0; + while (argc >= 1) { #ifdef undef - if (strcmp(*argv,"-p") == 0) - { - if (--argc < 1) goto bad; + if (strcmp(*argv, "-p") == 0) { + if (--argc < 1) + goto bad; if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ - } + } #endif - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; outfile= *(++argv); - } - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; CApath = *(++argv); do_ver = 1; - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; CAfile = *(++argv); do_ver = 1; - } - else if (strcmp(*argv,"-verify") == 0) + } else if (strcmp(*argv, "-verify") == 0) do_ver = 1; - else if (strcmp(*argv,"-text") == 0) + else if (strcmp(*argv, "-text") == 0) text = 1; - else if (strcmp(*argv,"-hash") == 0) + else if (strcmp(*argv, "-hash") == 0) hash= ++num; #ifndef OPENSSL_NO_MD5 - else if (strcmp(*argv,"-hash_old") == 0) + else if (strcmp(*argv, "-hash_old") == 0) hash_old= ++num; #endif - else if (strcmp(*argv,"-nameopt") == 0) - { - if (--argc < 1) goto bad; - if (!set_name_ex(&nmflag, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-issuer") == 0) + else if (strcmp(*argv, "-nameopt") == 0) { + if (--argc < 1) + goto bad; + if (!set_name_ex(&nmflag, *(++argv))) + goto bad; + } else if (strcmp(*argv, "-issuer") == 0) issuer= ++num; - else if (strcmp(*argv,"-lastupdate") == 0) + else if (strcmp(*argv, "-lastupdate") == 0) lastupdate= ++num; - else if (strcmp(*argv,"-nextupdate") == 0) + else if (strcmp(*argv, "-nextupdate") == 0) nextupdate= ++num; - else if (strcmp(*argv,"-noout") == 0) + else if (strcmp(*argv, "-noout") == 0) noout= ++num; - else if (strcmp(*argv,"-fingerprint") == 0) + else if (strcmp(*argv, "-fingerprint") == 0) fingerprint= ++num; - else if (strcmp(*argv,"-crlnumber") == 0) + else if (strcmp(*argv, "-crlnumber") == 0) crlnumber= ++num; - else if ((md_alg=EVP_get_digestbyname(*argv + 1))) - { + else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { /* ok */ - digest=md_alg; - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + digest = md_alg; + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - for (pp=crl_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,"%s",*pp); + for (pp = crl_usage; (*pp != NULL); pp++) + BIO_printf(bio_err, "%s", *pp); goto end; - } + } ERR_load_crypto_strings(); - x=load_crl(infile,informat); - if (x == NULL) { goto end; } + x = load_crl(infile, informat); + if (x == NULL) { + goto end; + } - if(do_ver) { + if (do_ver) { store = X509_STORE_new(); - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); - if (lookup == NULL) goto end; - if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) - X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); - - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); - if (lookup == NULL) goto end; - if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) - X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto end; + if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) + X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + goto end; + if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) + X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); ERR_clear_error(); - if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { + if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { BIO_printf(bio_err, - "Error initialising X509 store\n"); + "Error initialising X509 store\n"); goto end; } - i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, - X509_CRL_get_issuer(x), &xobj); - if(i <= 0) { + i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, + X509_CRL_get_issuer(x), &xobj); + if (i <= 0) { BIO_printf(bio_err, - "Error getting CRL issuer certificate\n"); + "Error getting CRL issuer certificate\n"); goto end; } pkey = X509_get_pubkey(xobj.data.x509); X509_OBJECT_free_contents(&xobj); - if(!pkey) { + if (!pkey) { BIO_printf(bio_err, - "Error getting CRL issuer public key\n"); + "Error getting CRL issuer public key\n"); goto end; } i = X509_CRL_verify(x, pkey); EVP_PKEY_free(pkey); - if(i < 0) goto end; - if(i == 0) BIO_printf(bio_err, "verify failure\n"); - else BIO_printf(bio_err, "verify OK\n"); + if (i < 0) + goto end; + if (i == 0) + BIO_printf(bio_err, "verify failure\n"); + else + BIO_printf(bio_err, "verify OK\n"); } - if (num) - { - for (i=1; i<=num; i++) - { - if (issuer == i) - { + if (num) { + for (i = 1; i <= num; i++) { + if (issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); - } - if (crlnumber == i) - { + } + if (crlnumber == i) { ASN1_INTEGER *crlnum; crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, - NULL, NULL); - BIO_printf(bio_out,"crlNumber="); - if (crlnum) - { + NULL, NULL); + BIO_printf(bio_out, "crlNumber="); + if (crlnum) { i2a_ASN1_INTEGER(bio_out, crlnum); ASN1_INTEGER_free(crlnum); - } - else + } else BIO_puts(bio_out, ""); - BIO_printf(bio_out,"\n"); - } - if (hash == i) - { - BIO_printf(bio_out,"%08lx\n", - X509_NAME_hash(X509_CRL_get_issuer(x))); - } + BIO_printf(bio_out, "\n"); + } + if (hash == i) { + BIO_printf(bio_out, "%08lx\n", + X509_NAME_hash(X509_CRL_get_issuer(x))); + } #ifndef OPENSSL_NO_MD5 - if (hash_old == i) - { - BIO_printf(bio_out,"%08lx\n", - X509_NAME_hash_old( - X509_CRL_get_issuer(x))); - } + if (hash_old == i) { + BIO_printf(bio_out, "%08lx\n", + X509_NAME_hash_old( + X509_CRL_get_issuer(x))); + } #endif - if (lastupdate == i) - { - BIO_printf(bio_out,"lastUpdate="); + if (lastupdate == i) { + BIO_printf(bio_out, "lastUpdate="); ASN1_TIME_print(bio_out, - X509_CRL_get_lastUpdate(x)); - BIO_printf(bio_out,"\n"); - } - if (nextupdate == i) - { - BIO_printf(bio_out,"nextUpdate="); - if (X509_CRL_get_nextUpdate(x)) + X509_CRL_get_lastUpdate(x)); + BIO_printf(bio_out, "\n"); + } + if (nextupdate == i) { + BIO_printf(bio_out, "nextUpdate="); + if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, - X509_CRL_get_nextUpdate(x)); + X509_CRL_get_nextUpdate(x)); else - BIO_printf(bio_out,"NONE"); - BIO_printf(bio_out,"\n"); - } - if (fingerprint == i) - { + BIO_printf(bio_out, "NONE"); + BIO_printf(bio_out, "\n"); + } + if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; - if (!X509_CRL_digest(x,digest,md,&n)) - { - BIO_printf(bio_err,"out of memory\n"); + if (!X509_CRL_digest(x, digest, md, &n)) { + BIO_printf(bio_err, "out of memory\n"); goto end; - } - BIO_printf(bio_out,"%s Fingerprint=", - OBJ_nid2sn(EVP_MD_type(digest))); - for (j=0; j<(int)n; j++) - { - BIO_printf(bio_out,"%02X%c",md[j], - (j+1 == (int)n) - ?'\n':':'); - } + } + BIO_printf(bio_out, "%s Fingerprint=", + OBJ_nid2sn(EVP_MD_type(digest))); + for (j = 0; j < (int)n; j++) { + BIO_printf(bio_out, "%02X%c", md[j], + (j + 1 == (int)n) ? '\n' : ':'); } } } + } - out=BIO_new(BIO_s_file()); - if (out == NULL) - { + out = BIO_new(BIO_s_file()); + if (out == NULL) { ERR_print_errors(bio_err); goto end; - } + } - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (BIO_write_filename(out,outfile) <= 0) - { + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; - } } + } - if (text) X509_CRL_print(out, x); + if (text) + X509_CRL_print(out, x); - if (noout) - { + if (noout) { ret = 0; goto end; - } + } - if (outformat == FORMAT_ASN1) - i=(int)i2d_X509_CRL_bio(out,x); + if (outformat == FORMAT_ASN1) + i = (int)i2d_X509_CRL_bio(out, x); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_X509_CRL(out,x); - else - { - BIO_printf(bio_err,"bad output format specified for outfile\n"); + i = PEM_write_bio_X509_CRL(out, x); + else { + BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; - } - if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } - ret=0; + } + if (!i) { + BIO_printf(bio_err, "unable to write CRL\n"); + goto end; + } + ret = 0; + end: BIO_free_all(out); BIO_free_all(bio_out); - bio_out=NULL; + bio_out = NULL; X509_CRL_free(x); - if(store) { + if (store) { X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } apps_shutdown(); OPENSSL_EXIT(ret); - } +} -static X509_CRL *load_crl(char *infile, int format) - { - X509_CRL *x=NULL; - BIO *in=NULL; +static X509_CRL * +load_crl(char *infile, int format) +{ + X509_CRL *x = NULL; + BIO *in = NULL; - in=BIO_new(BIO_s_file()); - if (in == NULL) - { + in = BIO_new(BIO_s_file()); + if (in == NULL) { ERR_print_errors(bio_err); goto end; - } + } if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else { + if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; - } } - if (format == FORMAT_ASN1) - x=d2i_X509_CRL_bio(in,NULL); + } + if (format == FORMAT_ASN1) + x = d2i_X509_CRL_bio(in, NULL); else if (format == FORMAT_PEM) - x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); - else { - BIO_printf(bio_err,"bad input format specified for input crl\n"); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + else { + BIO_printf(bio_err, "bad input format specified for input crl\n"); goto end; - } - if (x == NULL) - { - BIO_printf(bio_err,"unable to load CRL\n"); + } + if (x == NULL) { + BIO_printf(bio_err, "unable to load CRL\n"); ERR_print_errors(bio_err); goto end; - } - -end: - BIO_free(in); - return(x); } +end: + BIO_free(in); + return (x); +} diff --git a/lib/libssl/src/apps/crl2p7.c b/lib/libssl/src/apps/crl2p7.c index 20207091a9b..b85ef51cfb7 100644 --- a/lib/libssl/src/apps/crl2p7.c +++ b/lib/libssl/src/apps/crl2p7.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -83,198 +83,187 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); int MAIN(int, char **); -int MAIN(int argc, char **argv) - { - int i,badops=0; - BIO *in=NULL,*out=NULL; - int informat,outformat; - char *infile,*outfile,*prog,*certfile; +int +MAIN(int argc, char **argv) +{ + int i, badops = 0; + BIO *in = NULL, *out = NULL; + int informat, outformat; + char *infile, *outfile, *prog, *certfile; PKCS7 *p7 = NULL; PKCS7_SIGNED *p7s = NULL; - X509_CRL *crl=NULL; - STACK_OF(OPENSSL_STRING) *certflst=NULL; - STACK_OF(X509_CRL) *crl_stack=NULL; - STACK_OF(X509) *cert_stack=NULL; - int ret=1,nocrl=0; + X509_CRL *crl = NULL; + STACK_OF(OPENSSL_STRING) *certflst = NULL; + STACK_OF(X509_CRL) *crl_stack = NULL; + STACK_OF(X509) *cert_stack = NULL; + int ret = 1, nocrl = 0; apps_startup(); if (bio_err == NULL) - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + if ((bio_err = BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); - infile=NULL; - outfile=NULL; - informat=FORMAT_PEM; - outformat=FORMAT_PEM; + infile = NULL; + outfile = NULL; + informat = FORMAT_PEM; + outformat = FORMAT_PEM; - prog=argv[0]; + prog = argv[0]; argc--; argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; + while (argc >= 1) { + if (strcmp(*argv, "-inform") == 0) { + if (--argc < 1) + goto bad; + informat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-outform") == 0) { + if (--argc < 1) + goto bad; + outformat = str2fmt(*(++argv)); + } else if (strcmp(*argv, "-in") == 0) { + if (--argc < 1) + goto bad; infile= *(++argv); - } - else if (strcmp(*argv,"-nocrl") == 0) - { - nocrl=1; - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; + } else if (strcmp(*argv, "-nocrl") == 0) { + nocrl = 1; + } else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + goto bad; outfile= *(++argv); - } - else if (strcmp(*argv,"-certfile") == 0) - { - if (--argc < 1) goto bad; - if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst,*(++argv)); - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; + } else if (strcmp(*argv, "-certfile") == 0) { + if (--argc < 1) + goto bad; + if (!certflst) certflst = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(certflst, *(++argv)); + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badops = 1; break; - } + } argc--; argv++; - } + } - if (badops) - { + if (badops) { bad: - BIO_printf(bio_err,"%s [options] outfile\n",prog); - BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); - BIO_printf(bio_err," (can be used more than once)\n"); - BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); + BIO_printf(bio_err, "%s [options] outfile\n", prog); + BIO_printf(bio_err, "where options are\n"); + BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); + BIO_printf(bio_err, " -in arg input file\n"); + BIO_printf(bio_err, " -out arg output file\n"); + BIO_printf(bio_err, " -certfile arg certificates file of chain to a trusted CA\n"); + BIO_printf(bio_err, " (can be used more than once)\n"); + BIO_printf(bio_err, " -nocrl no crl to load, just certs from '-certfile'\n"); ret = 1; goto end; - } + } ERR_load_crypto_strings(); - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { + in = BIO_new(BIO_s_file()); + out = BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; - } + } - if (!nocrl) - { + if (!nocrl) { if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { + BIO_set_fp(in, stdin, BIO_NOCLOSE); + else { + if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; - } } + } - if (informat == FORMAT_ASN1) - crl=d2i_X509_CRL_bio(in,NULL); + if (informat == FORMAT_ASN1) + crl = d2i_X509_CRL_bio(in, NULL); else if (informat == FORMAT_PEM) - crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); - else { - BIO_printf(bio_err,"bad input format specified for input crl\n"); + crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + else { + BIO_printf(bio_err, "bad input format specified for input crl\n"); goto end; - } - if (crl == NULL) - { - BIO_printf(bio_err,"unable to load CRL\n"); + } + if (crl == NULL) { + BIO_printf(bio_err, "unable to load CRL\n"); ERR_print_errors(bio_err); goto end; - } } - - if ((p7=PKCS7_new()) == NULL) goto end; - if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; - p7->type=OBJ_nid2obj(NID_pkcs7_signed); - p7->d.sign=p7s; - p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); + } - if (!ASN1_INTEGER_set(p7s->version,1)) goto end; - if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; - p7s->crl=crl_stack; - if (crl != NULL) - { - sk_X509_CRL_push(crl_stack,crl); + if ((p7 = PKCS7_new()) == NULL) + goto end; + if ((p7s = PKCS7_SIGNED_new()) == NULL) + goto end; + p7->type = OBJ_nid2obj(NID_pkcs7_signed); + p7->d.sign = p7s; + p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data); + + if (!ASN1_INTEGER_set(p7s->version, 1)) + goto end; + if ((crl_stack = sk_X509_CRL_new_null()) == NULL) + goto end; + p7s->crl = crl_stack; + if (crl != NULL) { + sk_X509_CRL_push(crl_stack, crl); crl=NULL; /* now part of p7 for OPENSSL_freeing */ - } + } - if ((cert_stack=sk_X509_new_null()) == NULL) goto end; - p7s->cert=cert_stack; + if ((cert_stack = sk_X509_new_null()) == NULL) + goto end; + p7s->cert = cert_stack; - if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { + if (certflst) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { certfile = sk_OPENSSL_STRING_value(certflst, i); - if (add_certs_from_file(cert_stack,certfile) < 0) - { + if (add_certs_from_file(cert_stack, certfile) < 0) { BIO_printf(bio_err, "error loading certificates\n"); ERR_print_errors(bio_err); goto end; - } + } } sk_OPENSSL_STRING_free(certflst); - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (BIO_write_filename(out,outfile) <= 0) - { + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; - } } + } - if (outformat == FORMAT_ASN1) - i=i2d_PKCS7_bio(out,p7); + if (outformat == FORMAT_ASN1) + i = i2d_PKCS7_bio(out, p7); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_PKCS7(out,p7); - else { - BIO_printf(bio_err,"bad output format specified for outfile\n"); + i = PEM_write_bio_PKCS7(out, p7); + else { + BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; - } - if (!i) - { - BIO_printf(bio_err,"unable to write pkcs7 object\n"); + } + if (!i) { + BIO_printf(bio_err, "unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; - } - ret=0; + } + ret = 0; + end: - if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free_all(out); - if (p7 != NULL) PKCS7_free(p7); - if (crl != NULL) X509_CRL_free(crl); + if (in != NULL) + BIO_free(in); + if (out != NULL) + BIO_free_all(out); + if (p7 != NULL) + PKCS7_free(p7); + if (crl != NULL) + X509_CRL_free(crl); apps_shutdown(); OPENSSL_EXIT(ret); - } +} /* *---------------------------------------------------------------------- @@ -286,46 +275,46 @@ end: * number of certs added if successful, -1 if not. *---------------------------------------------------------------------- */ -static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) - { - BIO *in=NULL; - int count=0; - int ret= -1; - STACK_OF(X509_INFO) *sk=NULL; +static int +add_certs_from_file(STACK_OF(X509) *stack, char *certfile) +{ + BIO *in = NULL; + int count = 0; + int ret = -1; + STACK_OF(X509_INFO) *sk = NULL; X509_INFO *xi; - in=BIO_new(BIO_s_file()); - if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) - { - BIO_printf(bio_err,"error opening the file, %s\n",certfile); + in = BIO_new(BIO_s_file()); + if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) { + BIO_printf(bio_err, "error opening the file, %s\n", certfile); goto end; - } + } /* This loads from a file, a stack of x509/crl/pkey sets */ - sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); + sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); if (sk == NULL) { - BIO_printf(bio_err,"error reading the file, %s\n",certfile); + BIO_printf(bio_err, "error reading the file, %s\n", certfile); goto end; } /* scan over it and pull out the CRL's */ - while (sk_X509_INFO_num(sk)) - { - xi=sk_X509_INFO_shift(sk); - if (xi->x509 != NULL) - { - sk_X509_push(stack,xi->x509); - xi->x509=NULL; + while (sk_X509_INFO_num(sk)) { + xi = sk_X509_INFO_shift(sk); + if (xi->x509 != NULL) { + sk_X509_push(stack, xi->x509); + xi->x509 = NULL; count++; - } - X509_INFO_free(xi); } - - ret=count; -end: - /* never need to OPENSSL_free x */ - if (in != NULL) BIO_free(in); - if (sk != NULL) sk_X509_INFO_free(sk); - return(ret); + X509_INFO_free(xi); } + ret = count; + +end: + /* never need to OPENSSL_free x */ + if (in != NULL) + BIO_free(in); + if (sk != NULL) + sk_X509_INFO_free(sk); + return (ret); +} -- 2.20.1