X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fapps.c;h=80e777774fe677759ded90fabc2208ac0765248a;hp=5eadc72cfdc2640a88b0d583a4068956654aedb8;hb=e46bcca25e85a361d3ce8431ec5ccc2382ee5569;hpb=2ace745022f5af0709297e96eb0b0829c87c4291 diff --git a/apps/apps.c b/apps/apps.c index 5eadc72cfd..80e777774f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -124,7 +124,6 @@ #include #include #include -#include #include #include #include @@ -164,23 +163,17 @@ static int set_table_opts(unsigned long *flags, const char *arg, static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -/* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format); -#endif - int app_init(long mesgwin); int chopup_args(ARGS *arg, char *buf) { int quoted; - char c, *p; + char c = '\0', *p = NULL; arg->argc = 0; if (arg->size == 0) { arg->size = 20; - arg->argv = OPENSSL_malloc(sizeof(char *) * arg->size); + arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); if (arg->argv == NULL) return 0; } @@ -195,7 +188,8 @@ int chopup_args(ARGS *arg, char *buf) /* The start of something good :-) */ if (arg->argc >= arg->size) { arg->size += 20; - arg->argv = OPENSSL_realloc(arg->argv, sizeof(char *) * arg->size); + arg->argv = OPENSSL_realloc(arg->argv, + sizeof(*arg->argv) * arg->size); if (arg->argv == NULL) return 0; } @@ -367,13 +361,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) ok = UI_add_input_string(ui, prompt, ui_flags, buf, PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { - buff = OPENSSL_malloc(bufsiz); - if (!buff) { - BIO_printf(bio_err, "Out of memory\n"); - UI_free(ui); - OPENSSL_free(prompt); - return 0; - } + buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } @@ -383,10 +371,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - if (buff) { - OPENSSL_cleanse(buff, (unsigned int)bufsiz); - OPENSSL_free(buff); - } + OPENSSL_clear_free(buff, (unsigned int)bufsiz); if (ok >= 0) res = strlen(buf); @@ -436,9 +421,10 @@ static char *app_get_pass(char *arg, int keepbio) char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; int i; - if (!strncmp(arg, "pass:", 5)) + + if (strncmp(arg, "pass:", 5) == 0) return BUF_strdup(arg + 5); - if (!strncmp(arg, "env:", 4)) { + if (strncmp(arg, "env:", 4) == 0) { tmp = getenv(arg + 4); if (!tmp) { BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4); @@ -447,7 +433,7 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tmp); } if (!keepbio || !pwdbio) { - if (!strncmp(arg, "file:", 5)) { + if (strncmp(arg, "file:", 5) == 0) { pwdbio = BIO_new_file(arg + 5, "r"); if (!pwdbio) { BIO_printf(bio_err, "Can't open file %s\n", arg + 5); @@ -462,7 +448,7 @@ static char *app_get_pass(char *arg, int keepbio) * on real Windows descriptors, such as those obtained * with CreateFile. */ - } else if (!strncmp(arg, "fd:", 3)) { + } else if (strncmp(arg, "fd:", 3) == 0) { BIO *btmp; i = atoi(arg + 3); if (i >= 0) @@ -477,7 +463,7 @@ static char *app_get_pass(char *arg, int keepbio) btmp = BIO_new(BIO_f_buffer()); pwdbio = BIO_push(btmp, pwdbio); #endif - } else if (!strcmp(arg, "stdin")) { + } else if (strcmp(arg, "stdin") == 0) { pwdbio = dup_bio_in(); if (!pwdbio) { BIO_printf(bio_err, "Can't open BIO for stdin\n"); @@ -503,17 +489,84 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tpass); } +static CONF *app_load_config_(BIO *in, const char *filename) +{ + long errorline = -1; + CONF *conf; + int i; + + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, &errorline); + if (i > 0) + return conf; + + if (errorline <= 0) + BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n", + opt_getprog(), filename); + else + BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n", + opt_getprog(), errorline, filename); + NCONF_free(conf); + return NULL; +} +CONF *app_load_config(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} +CONF *app_load_config_quiet(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default_quiet(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} + +int app_load_modules(const CONF *config) +{ + CONF *to_free = NULL; + + if (config == NULL) + config = to_free = app_load_config_quiet(default_config_file); + if (config == NULL) + return 1; + + if (CONF_modules_load(config, NULL, 0) <= 0) { + BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); + ERR_print_errors(bio_err); + NCONF_free(to_free); + return 0; + } + NCONF_free(to_free); + return 1; +} + int add_oid_section(CONF *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) { + + if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) { ERR_clear_error(); return 1; } - if (!(sktmp = NCONF_get_section(conf, p))) { + if ((sktmp = NCONF_get_section(conf, p)) == NULL) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } @@ -601,16 +654,12 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) } err: - if (host) - OPENSSL_free(host); - if (path) - OPENSSL_free(path); - if (port) - OPENSSL_free(port); + OPENSSL_free(host); + OPENSSL_free(path); + OPENSSL_free(port); if (bio) BIO_free_all(bio); - if (rctx) - OCSP_REQ_CTX_free(rctx); + OCSP_REQ_CTX_free(rctx); if (rv != 1) { BIO_printf(bio_err, "Error loading %s from %s\n", pcert ? "certificate" : "CRL", url); @@ -640,22 +689,7 @@ X509 *load_cert(const char *file, int format, if (format == FORMAT_ASN1) x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_NETSCAPE) { - NETSCAPE_X509 *nx; - nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL); - if (nx == NULL) - goto end; - - if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, - nx->header->length) != 0)) { - NETSCAPE_X509_free(nx); - BIO_printf(bio_err, "Error reading header on certificate\n"); - goto end; - } - x = nx->cert; - nx->cert = NULL; - NETSCAPE_X509_free(nx); - } else if (format == FORMAT_PEM) + else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { @@ -670,8 +704,7 @@ X509 *load_cert(const char *file, int format, BIO_printf(bio_err, "unable to load certificate\n"); ERR_print_errors(bio_err); } - if (cert != NULL) - BIO_free(cert); + BIO_free(cert); return (x); } @@ -749,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(key, key_descrip, (pem_password_cb *)password_callback, &cb_data, @@ -771,8 +800,7 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, goto end; } end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) { BIO_printf(bio_err, "unable to load %s\n", key_descrip); ERR_print_errors(bio_err); @@ -850,63 +878,17 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) else if (format == FORMAT_MSBLOB) pkey = b2i_PublicKey_bio(key); #endif end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) BIO_printf(bio_err, "unable to load %s\n", key_descrip); return (pkey); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format) -{ - EVP_PKEY *pkey; - BUF_MEM *buf; - RSA *rsa; - const unsigned char *p; - int size, i; - - buf = BUF_MEM_new(); - pkey = EVP_PKEY_new(); - size = 0; - if (buf == NULL || pkey == NULL) - goto error; - for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) - goto error; - i = BIO_read(key, &(buf->data[size]), 1024 * 10); - size += i; - if (i == 0) - break; - if (i < 0) { - BIO_printf(bio_err, "Error reading %s %s", key_descrip, file); - goto error; - } - } - p = (unsigned char *)buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0); - if (rsa == NULL) - goto error; - BUF_MEM_free(buf); - EVP_PKEY_set1_RSA(pkey, rsa); - return pkey; - error: - BUF_MEM_free(buf); - EVP_PKEY_free(pkey); - return NULL; -} -#endif /* ndef OPENSSL_NO_RC4 */ - static int load_certs_crls(const char *file, int format, const char *pass, ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, @@ -971,8 +953,7 @@ static int load_certs_crls(const char *file, int format, end: - if (xis) - sk_X509_INFO_pop_free(xis, X509_INFO_free); + sk_X509_INFO_pop_free(xis, X509_INFO_free); if (rv == 0) { if (pcerts) { @@ -990,6 +971,21 @@ static int load_certs_crls(const char *file, int format, return rv; } +void* app_malloc(int sz, const char *what) +{ + void *vp = OPENSSL_malloc(sz); + + if (vp == NULL) { + BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n", + opt_getprog(), sz, what); + ERR_print_errors(bio_err); + exit(1); + } + return vp; +} + + + STACK_OF(X509) *load_certs(const char *file, int format, const char *pass, ENGINE *e, const char *desc) { @@ -1084,11 +1080,11 @@ int set_name_ex(unsigned long *flags, const char *arg) int set_ext_copy(int *copy_type, const char *arg) { - if (!strcasecmp(arg, "none")) + if (strcasecmp(arg, "none") == 0) *copy_type = EXT_COPY_NONE; - else if (!strcasecmp(arg, "copy")) + else if (strcasecmp(arg, "copy") == 0) *copy_type = EXT_COPY_ADD; - else if (!strcasecmp(arg, "copyall")) + else if (strcasecmp(arg, "copyall") == 0) *copy_type = EXT_COPY_ALL; else return 0; @@ -1170,7 +1166,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, c = 1; for (ptbl = in_tbl; ptbl->name; ptbl++) { - if (!strcasecmp(arg, ptbl->name)) { + if (strcasecmp(arg, ptbl->name) == 0) { *flags &= ~ptbl->mask; if (c) *flags |= ptbl->flag; @@ -1528,6 +1524,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) { BIGNUM *btmp; int ret = 0; + if (b) btmp = b; else @@ -1545,7 +1542,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) error: - if (!b) + if (btmp != b) BN_free(btmp); return ret; @@ -1557,8 +1554,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) TXT_DB *tmpdb = NULL; BIO *in; CONF *dbattr_conf = NULL; - char buf[1][BSIZE]; - long errorline = -1; + char buf[BSIZE]; in = BIO_new_file(dbfile, "r"); if (in == NULL) { @@ -1569,28 +1565,13 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile); #endif - dbattr_conf = NCONF_new(NULL); - if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { - if (errorline > 0) { - BIO_printf(bio_err, - "error on line %ld of db attribute file '%s'\n", - errorline, buf[0]); - goto err; - } else { - NCONF_free(dbattr_conf); - dbattr_conf = NULL; - } - } - - if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) { - fprintf(stderr, "Out of memory\n"); - goto err; - } + dbattr_conf = app_load_config(buf); + retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; tmpdb = NULL; if (db_attr) @@ -1611,10 +1592,8 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) } err: - if (dbattr_conf) - NCONF_free(dbattr_conf); - if (tmpdb) - TXT_DB_free(tmpdb); + NCONF_free(dbattr_conf); + TXT_DB_free(tmpdb); BIO_free_all(in); return retdb; } @@ -1792,8 +1771,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, void free_index(CA_DB *db) { if (db) { - if (db->db) - TXT_DB_free(db->db); + TXT_DB_free(db->db); OPENSSL_free(db); } } @@ -2166,9 +2144,7 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); @@ -2198,9 +2174,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); @@ -2211,7 +2185,6 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif -#ifndef OPENSSL_NO_TLSEXT /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. @@ -2231,10 +2204,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) if (len >= 65535) return NULL; - out = OPENSSL_malloc(strlen(in) + 1); - if (!out) - return NULL; - + out = app_malloc(strlen(in) + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { if (i - start > 255) { @@ -2250,7 +2220,6 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, @@ -2293,7 +2262,7 @@ static const char *get_dp_url(DIST_POINT *dp) uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { char *uptr = (char *)ASN1_STRING_data(uri); - if (!strncmp(uptr, "http://", 7)) + if (strncmp(uptr, "http://", 7) == 0) return uptr; } } @@ -2379,7 +2348,7 @@ static int WIN32_rename(const char *from, const char *to) } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; - tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen)); + tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; @@ -2669,7 +2638,7 @@ int app_isdir(const char *name) # if defined(UNICODE) || defined(_UNICODE) size_t i, len_0 = strlen(name) + 1; - if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0])) + if (len_0 > OSSL_NELEM(FileData.cFileName)) return -1; # if !defined(_WIN32_WCE) || _WIN32_WCE>=101