# TODO(openssl-team): fix problems and investigate if (at least) the
# following warnings can also be enabled:
# -Wswitch-enum
-# -Wunused-macros
# -Wcast-align
# -Wunreachable-code
-# -Wlanguage-extension-token
-# -Wextended-offsetof
+# -Wlanguage-extension-token -- no, we use asm()
+# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
+# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Qunused-arguments"
. " -Wextra"
return rv;
}
-X509 *load_cert(const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
+X509 *load_cert(const char *file, int format, const char *cert_descrip)
{
X509 *x = NULL;
BIO *cert;
}
static int load_certs_crls(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc,
+ const char *pass, const char *desc,
STACK_OF(X509) **pcerts,
STACK_OF(X509_CRL) **pcrls)
{
* Initialize or extend, if *certs != NULL, a certificate stack.
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, const char *desc)
{
- return load_certs_crls(file, format, pass, e, desc, certs, NULL);
+ return load_certs_crls(file, format, pass, desc, certs, NULL);
}
/*
* Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, const char *desc)
{
- return load_certs_crls(file, format, pass, e, desc, NULL, crls);
+ return load_certs_crls(file, format, pass, desc, NULL, crls);
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(const char *engine, int debug)
+static ENGINE *try_load_engine(const char *engine)
{
ENGINE *e = ENGINE_by_id("dynamic");
if (e) {
return NULL;
}
if ((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(engine, debug)) == NULL) {
+ && (e = try_load_engine(engine)) == NULL) {
BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
ERR_print_errors(bio_err);
return NULL;
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
-X509 *load_cert(const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+X509 *load_cert(const char *file, int format, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
+ unsigned long nameopt, int default_op, int ext_copy);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
lookup_fail(section, ENV_CERTIFICATE);
goto end;
}
- x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate");
+ x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
if (x509 == NULL)
goto end;
db, serial, subj, chtype, multirdn, email_dn,
startdate, enddate, days, batch, extensions,
conf, verbose, certopt, nameopt, default_op,
- ext_copy, e);
+ ext_copy);
if (j < 0)
goto end;
if (j > 0) {
goto end;
} else {
X509 *revcert;
- revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile);
+ revcert = load_cert(infile, FORMAT_PEM, infile);
if (revcert == NULL)
goto end;
if (dorevoke == 2)
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e)
+ unsigned long nameopt, int default_op, int ext_copy)
{
X509 *req = NULL;
X509_REQ *rreq = NULL;
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
- cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e,
+ cert = load_cert(opt_arg(), FORMAT_PEM,
"recipient certificate file");
if (cert == NULL)
goto end;
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e,
+ if ((cert = load_cert(*argv, FORMAT_PEM,
"recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
}
if (certfile) {
- if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e,
+ if ((recip = load_cert(recipfile, FORMAT_PEM,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e,
+ if ((signer = load_cert(signerfile, FORMAT_PEM,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd);
+ const char *file);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, NULL, NULL, "stdin", bmd);
+ siglen, NULL, NULL, "stdin");
} else {
const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) {
continue;
} else
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, sig_name, md_name, argv[i], bmd);
+ siglen, sig_name, md_name, argv[i]);
if (r)
ret = r;
(void)BIO_reset(bmd);
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd)
+ const char *file)
{
size_t len;
int i;
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(const char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path,
path = opt_arg();
break;
case OPT_ISSUER:
- issuer = load_cert(opt_arg(), FORMAT_PEM,
- NULL, NULL, "issuer certificate");
+ issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
break;
case OPT_CERT:
X509_free(cert);
- cert = load_cert(opt_arg(), FORMAT_PEM,
- NULL, NULL, "certificate");
+ cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
if (rsignfile) {
if (!rkeyfile)
rkeyfile = rsignfile;
- rsigner = load_cert(rsignfile, FORMAT_PEM,
- NULL, NULL, "responder certificate");
+ rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
if (!rsigner) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
}
- rca_cert = load_cert(rca_filename, FORMAT_PEM,
- NULL, NULL, "CA certificate");
+ rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate");
if (rcertfile) {
- if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
"responder other certificates"))
goto end;
}
redo_accept:
if (acbio) {
- if (!do_responder(&req, &cbio, acbio, port))
+ if (!do_responder(&req, &cbio, acbio))
goto end;
if (!req) {
resp =
if (signfile) {
if (!keyfile)
keyfile = signfile;
- signer = load_cert(signfile, FORMAT_PEM,
- NULL, NULL, "signer certificate");
+ signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
if (!signer) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
}
if (sign_certfile) {
- if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
"signer certificates"))
goto end;
}
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile) {
- if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
"validator certificate"))
goto end;
}
return (int)(out - save);
}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
{
int len;
OCSP_REQUEST *req = NULL;
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
- if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+ if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
"certificates"))
goto export_end;
/* Add any more certificates asked for */
if (certfile) {
- if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
"certificates from certfile"))
goto export_end;
}
break;
case KEY_CERT:
- x = load_cert(keyfile, keyform, NULL, e, "Certificate");
+ x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
break;
case KEY_CERT:
- x = load_cert(keyfile, keyformat, NULL, e, "Certificate");
+ x = load_cert(keyfile, keyformat, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
#define PORT "4433"
#define PROTOCOL "tcp"
+typedef int (*do_server_cb)(int s, int stype, unsigned char *context);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type,
- int (*cb) (const char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
+ do_server_cb cb,
+ unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
return 0;
}
exc->cert = load_cert(exc->certfile, exc->certform,
- NULL, NULL, "Server Certificate");
+ "Server Certificate");
if (!exc->cert)
return 0;
if (exc->keyfile) {
return 0;
if (exc->chainfile) {
if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
- NULL, "Server Chain"))
+ "Server Chain"))
return 0;
}
}
}
if (cert_file) {
- cert = load_cert(cert_file, cert_format,
- NULL, e, "client certificate file");
+ cert = load_cert(cert_file, cert_format, "client certificate file");
if (cert == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (chain_file) {
- if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+ if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
"client certificate chain"))
goto end;
}
#endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
-static int sv_body(const char *hostname, int s, int stype,
- unsigned char *context);
-static int www_body(const char *hostname, int s, int stype,
- unsigned char *context);
-static int rev_body(const char *hostname, int s, int stype,
- unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx);
#ifdef AF_UNIX
int unlink_unix_path = 0;
#endif
- int (*server_cb) (const char *hostname, int s, int stype,
- unsigned char *context);
+ do_server_cb server_cb;
int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
#ifndef OPENSSL_NO_DH
int no_dhe = 0;
}
s_cert = load_cert(s_cert_file, s_cert_format,
- NULL, e, "server certificate file");
+ "server certificate file");
if (!s_cert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_chain_file) {
- if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
"server certificate chain"))
goto end;
}
}
s_cert2 = load_cert(s_cert_file2, s_cert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_cert2) {
ERR_print_errors(bio_err);
}
s_dcert = load_cert(s_dcert_file, s_dcert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_dcert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_dchain_file) {
- if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
"second server certificate chain"))
goto end;
}
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
}
#endif
-static int www_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
return (ret);
}
-static int rev_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;
* 0 on failure, something other on success.
*/
int do_server(int *accept_sock, const char *host, const char *port,
- int family, int type,
- int (*cb) (const char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
+ int family, int type, do_server_cb cb,
+ unsigned char *context, int naccept)
{
int asock = 0;
int sock;
}
BIO_ADDRINFO_free(res);
+ res = NULL;
- if (accept_sock != NULL) {
+ if (accept_sock != NULL)
*accept_sock = asock;
- }
for (;;) {
- BIO_ADDR *accepted_addr = NULL;
- char *name = NULL;
if (type == SOCK_STREAM) {
- if ((accepted_addr = BIO_ADDR_new()) == NULL) {
- BIO_closesocket(asock);
- return 0;
- }
- redoit:
- sock = BIO_accept_ex(asock, accepted_addr, 0);
+ do {
+ sock = BIO_accept_ex(asock, NULL, 0);
+ } while (sock < 0 && BIO_sock_should_retry(ret));
if (sock < 0) {
- if (BIO_sock_should_retry(ret)) {
- goto redoit;
- } else {
- ERR_print_errors(bio_err);
- BIO_ADDR_free(accepted_addr);
- SHUTDOWN(asock);
- break;
- }
+ ERR_print_errors(bio_err);
+ SHUTDOWN(asock);
+ break;
}
+ i = (*cb)(sock, type, context);
+ SHUTDOWN2(sock);
} else {
- sock = asock;
+ i = (*cb)(asock, type, context);
}
- /* accepted_addr is NULL if we're dealing with SOCK_DGRAM
- * this means that for SOCK_DGRAM, name will be NULL
- */
- if (accepted_addr != NULL) {
-#ifdef AF_UNIX
- if (family == AF_UNIX)
- name = BIO_ADDR_path_string(accepted_addr);
- else
-#endif
- name = BIO_ADDR_hostname_string(accepted_addr, 0);
- }
- i = (*cb) (name, sock, type, context);
- OPENSSL_free(name);
- BIO_ADDR_free(accepted_addr);
- if (type == SOCK_STREAM)
- SHUTDOWN2(sock);
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
goto end;
while (*argv) {
cert = load_cert(*argv, FORMAT_PEM,
- NULL, e, "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
}
if (certfile) {
- if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file")) == NULL) {
+ if ((recip = load_cert(recipfile, FORMAT_PEM,
+ "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_PEM,
+ "signer certificate");
if (!signer)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
/* DSA_generate_key(dsa_key[j]); */
/* DSA_sign_setup(dsa_key[j],NULL); */
- st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) {
BIO_printf(bio_err,
"DSA sign failure. No DSA sign will be done.\n");
dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
- st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) {
BIO_printf(bio_err, "DSA sign failure\n");
ERR_print_errors(bio_err);
rsa_count = count;
}
- st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) {
BIO_printf(bio_err,
"DSA verify failure. No DSA verify will be done.\n");
dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
- st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) {
BIO_printf(bio_err, "DSA verify failure\n");
ERR_print_errors(bio_err);
static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
+ STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice {
int verify_main(int argc, char **argv)
{
- ENGINE *e = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL;
break;
case OPT_UNTRUSTED:
/* Zero or more times */
- if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, e,
+ if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
"untrusted certificates"))
goto end;
break;
/* Zero or more times */
noCAfile = 1;
noCApath = 1;
- if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, e,
+ if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
"trusted certificates"))
goto end;
break;
case OPT_CRLFILE:
/* Zero or more times */
- if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, e,
+ if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
"other CRLs"))
goto end;
break;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
+ case OPT_ENGINE:
+ if (setup_engine(opt_arg(), 0) == NULL) {
+ /* Failure message already displayed */
+ goto end;
+ }
+ break;
case OPT_SHOW_CHAIN:
show_chain = 1;
break;
- case OPT_ENGINE:
- /* Specify *before* -trusted/-untrusted/-CRLfile */
- e = setup_engine(opt_arg(), 0);
- break;
case OPT_VERBOSE:
v_verbose = 1;
break;
ret = 0;
if (argc < 1) {
- if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1)
+ if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
ret = -1;
} else {
for (i = 0; i < argc; i++)
- if (check(store, argv[i], untrusted, trusted, crls, e,
+ if (check(store, argv[i], untrusted, trusted, crls,
show_chain) != 1)
ret = -1;
}
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
+ STACK_OF(X509_CRL) *crls, int show_chain)
{
X509 *x = NULL;
int i = 0, ret = 0;
STACK_OF(X509) *chain = NULL;
int num_untrusted;
- x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
+ x = load_cert(file, FORMAT_PEM, "certificate file");
if (x == NULL)
goto end;
EVP_PKEY_free(pkey);
}
} else
- x = load_cert(infile, informat, NULL, e, "Certificate");
+ x = load_cert(infile, informat, "Certificate");
if (x == NULL)
goto end;
if (CA_flag) {
- xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate");
+ xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL)
goto end;
}
return 1;
}
-static int asn1_print_boolean_ctx(BIO *out, int boolval,
- const ASN1_PCTX *pctx)
+static int asn1_print_boolean(BIO *out, int boolval)
{
const char *str;
switch (boolval) {
}
-static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
- const ASN1_PCTX *pctx)
+static int asn1_print_integer(BIO *out, ASN1_INTEGER *str)
{
char *s;
int ret = 1;
return ret;
}
-static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
- const ASN1_PCTX *pctx)
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
{
char objbuf[80];
const char *ln;
return 1;
}
-static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
- const ASN1_PCTX *pctx)
+static int asn1_print_obstring(BIO *out, ASN1_STRING *str, int indent)
{
if (str->type == V_ASN1_BIT_STRING) {
if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
int boolval = *(int *)fld;
if (boolval == -1)
boolval = it->size;
- ret = asn1_print_boolean_ctx(out, boolval, pctx);
+ ret = asn1_print_boolean(out, boolval);
}
break;
case V_ASN1_INTEGER:
case V_ASN1_ENUMERATED:
- ret = asn1_print_integer_ctx(out, str, pctx);
+ ret = asn1_print_integer(out, str);
break;
case V_ASN1_UTCTIME:
break;
case V_ASN1_OBJECT:
- ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+ ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
break;
case V_ASN1_OCTET_STRING:
case V_ASN1_BIT_STRING:
- ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+ ret = asn1_print_obstring(out, str, indent);
needlf = 0;
break;
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
STACK_OF(X509) *certs,
- STACK_OF(X509_CRL) *crls,
- unsigned int flags)
+ STACK_OF(X509_CRL) *crls)
{
X509_STORE_CTX ctx;
X509 *signer;
crls = CMS_get1_crls(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_signerinfo_verify_cert(si, store,
- cms_certs, crls, flags))
+ if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
goto err;
}
}
static CONF_MODULE *module_find(char *name);
static int module_init(CONF_MODULE *pmod, char *name, char *value,
const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value);
/* Main function: load modules from a CONF structure */
/* Module not found: try to load DSO */
if (!md && !(flags & CONF_MFLAGS_NO_DSO))
- md = module_load_dso(cnf, name, value, flags);
+ md = module_load_dso(cnf, name, value);
if (!md) {
if (!(flags & CONF_MFLAGS_SILENT)) {
}
/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags)
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value)
{
DSO *dso = NULL;
conf_init_func *ifunc;
return 0;
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int dh_param_decode(EVP_PKEY *pkey,
const unsigned char **pder, int derlen)
{
return i2d_dhp(pkey, pkey->pkey.dh, pder);
}
-static int do_dh_print(BIO *bp, const DH *x, int indent,
- ASN1_PCTX *ctx, int ptype)
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
{
- unsigned char *m = NULL;
int reason = ERR_R_BUF_LIB;
- size_t buf_len = 0;
-
const char *ktype = NULL;
-
BIGNUM *priv_key, *pub_key;
if (ptype == 2)
else
pub_key = NULL;
- update_buflen(x->p, &buf_len);
-
- if (buf_len == 0) {
+ if (priv_key == NULL && pub_key == NULL) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
- update_buflen(x->g, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->j, &buf_len);
- update_buflen(x->counter, &buf_len);
- update_buflen(pub_key, &buf_len);
- update_buflen(priv_key, &buf_len);
-
if (ptype == 2)
ktype = "DH Private-Key";
else if (ptype == 1)
else
ktype = "DH Parameters";
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
BIO_indent(bp, indent, 128);
if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
goto err;
indent += 4;
- if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
+ if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
+ if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
+ if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
+ if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
goto err;
- if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent))
+ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
goto err;
- if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent))
+ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
goto err;
if (x->seed) {
int i;
if (BIO_write(bp, "\n", 1) <= 0)
return (0);
}
- if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent))
+ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
goto err;
if (x->length != 0) {
BIO_indent(bp, indent, 128);
goto err;
}
- OPENSSL_free(m);
return 1;
err:
DHerr(DH_F_DO_DH_PRINT, reason);
- OPENSSL_free(m);
return 0;
}
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 0);
}
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 1);
}
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 2);
}
int DHparams_print(BIO *bp, const DH *x)
{
- return do_dh_print(bp, x, 4, NULL, 0);
+ return do_dh_print(bp, x, 4, 0);
}
#ifndef OPENSSL_NO_CMS
DSA_free(pkey->pkey.dsa);
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
{
- unsigned char *m = NULL;
int ret = 0;
- size_t buf_len = 0;
const char *ktype = NULL;
-
const BIGNUM *priv_key, *pub_key;
if (ptype == 2)
else
ktype = "DSA-Parameters";
- update_buflen(x->p, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->g, &buf_len);
- update_buflen(priv_key, &buf_len);
- update_buflen(pub_key, &buf_len);
-
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
if (priv_key) {
if (!BIO_indent(bp, off, 128))
goto err;
goto err;
}
- if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
+ if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
+ if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "P: ", x->p, m, off))
+ if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "Q: ", x->q, m, off))
+ if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "G: ", x->g, m, off))
+ if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
goto err;
ret = 1;
err:
- OPENSSL_free(m);
return (ret);
}
{
DSA_SIG *dsa_sig;
const unsigned char *p;
+
if (!sig) {
if (BIO_puts(bp, "\n") <= 0)
return 0;
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
- size_t buf_len = 0;
- unsigned char *m = NULL;
- update_buflen(dsa_sig->r, &buf_len);
- update_buflen(dsa_sig->s, &buf_len);
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
if (BIO_write(bp, "\n", 1) != 1)
goto err;
- if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent))
+ if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent))
+ if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, NULL, indent))
goto err;
rv = 1;
err:
- OPENSSL_free(m);
DSA_SIG_free(dsa_sig);
return rv;
}
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- int ret, type;
+ int ret;
unsigned int sltmp;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
- type = EVP_MD_type(dctx->md);
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
- type = NID_sha1;
}
- ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
+ ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
if (ret <= 0)
return ret;
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
- int ret, type;
+ int ret;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
- type = EVP_MD_type(dctx->md);
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
- type = NID_sha1;
}
- ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
+ ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
return ret;
}
group = EC_KEY_get0_group(ecdh);
if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
- if (!EC_GROUP_get_cofactor(group, x, ctx) ||
+ if (!EC_GROUP_get_cofactor(group, x, NULL) ||
!BN_mul(x, x, priv_key, ctx)) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
goto err;
int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
{
- unsigned char *buffer = NULL;
- size_t buf_len = 0, i;
int ret = 0, reason = ERR_R_BIO_LIB;
BN_CTX *ctx = NULL;
const EC_POINT *point = NULL;
goto err;
}
- buf_len = (size_t)BN_num_bytes(p);
- if (buf_len < (i = (size_t)BN_num_bytes(a)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(b)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(gen)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(order)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
- buf_len = i;
-
if ((seed = EC_GROUP_get0_seed(x)) != NULL)
seed_len = EC_GROUP_get_seed_len(x);
- buf_len += 10;
- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
if (!BIO_indent(bp, off, 128))
goto err;
goto err;
/* print the polynomial */
- if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
+ if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
off))
goto err;
} else {
- if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
+ if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
goto err;
}
- if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off))
+ if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, NULL, off))
goto err;
- if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off))
+ if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off))
goto err;
if (form == POINT_CONVERSION_COMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
- buffer, off))
+ NULL, off))
goto err;
} else if (form == POINT_CONVERSION_UNCOMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
- buffer, off))
+ NULL, off))
goto err;
} else { /* form == POINT_CONVERSION_HYBRID */
if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
- buffer, off))
+ NULL, off))
goto err;
}
if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
- buffer, off))
+ NULL, off))
goto err;
if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
- buffer, off))
+ NULL, off))
goto err;
if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
goto err;
BN_free(b);
BN_free(gen);
BN_CTX_free(ctx);
- OPENSSL_free(buffer);
return (ret);
}
ret = malloc(num);
}
#else
- (void)file;
- (void)line;
+ osslargused(file); osslargused(line);
ret = malloc(num);
#endif
return ret;
}
#else
- (void)file;
- (void)line;
+ osslargused(file); osslargused(line);
#endif
return realloc(str, num);
}
ret = CRYPTO_malloc(num, file, line);
-
if (ret)
memcpy(ret, str, old_len);
CRYPTO_clear_free(str, old_len, file, line);
*list = ptr;
}
-static void sh_remove_from_list(char *ptr, char *list)
+static void sh_remove_from_list(char *ptr)
{
SH_LIST *temp, *temp2;
/* remove from bigger list */
OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
sh_clearbit(temp, slist, sh.bittable);
- sh_remove_from_list(temp, sh.freelist[slist]);
+ sh_remove_from_list(temp);
OPENSSL_assert(temp != sh.freelist[slist]);
/* done with bigger list */
chunk = sh.freelist[list];
OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
sh_setbit(chunk, list, sh.bitmalloc);
- sh_remove_from_list(chunk, sh.freelist[list]);
+ sh_remove_from_list(chunk);
OPENSSL_assert(WITHIN_ARENA(chunk));
OPENSSL_assert(ptr != NULL);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(ptr, list, sh.bittable);
- sh_remove_from_list(ptr, sh.freelist[list]);
+ sh_remove_from_list(ptr);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(buddy, list, sh.bittable);
- sh_remove_from_list(buddy, sh.freelist[list]);
+ sh_remove_from_list(buddy);
list--;
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
- i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
- i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
i2a_ASN1_INTEGER(bp, &a->serialNumber);
BIO_printf(bp, "\n");
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
case V_OCSP_RESPID_KEY:
- i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, rid->value.byKey, 0);
break;
}
#include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags);
+ STACK_OF(X509) *certs, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_check_delegated(X509 *x);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags);
+ unsigned long flags);
/* Verify a basic response message */
STACK_OF(X509) *chain = NULL;
STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
- int i, ret = 0;
- ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+ int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
if (!ret) {
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
* At this point we have a valid certificate chain need to verify it
* against the OCSP issuer criteria.
*/
- ret = ocsp_check_issuer(bs, chain, flags);
+ ret = ocsp_check_issuer(bs, chain);
/* If fatal error or valid match then finish */
if (ret != 0)
}
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags)
+ STACK_OF(X509) *certs, unsigned long flags)
{
X509 *signer;
OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
return NULL;
}
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags)
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
{
STACK_OF(OCSP_SINGLERESP) *sresp;
X509 *signer, *sca;
return i;
if (i) {
/* We have a match, if extensions OK then success */
- if (ocsp_check_delegated(signer, flags))
+ if (ocsp_check_delegated(signer))
return 1;
return 0;
}
}
-static int ocsp_check_delegated(X509 *x, int flags)
+static int ocsp_check_delegated(X509 *x)
{
if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
return 0;
}
nm = gen->d.directoryName;
- ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+ ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
if (ret <= 0) {
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags)
+ unsigned long flags)
{
X509 *signer;
if (!(flags & OCSP_NOINTERN)) {
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub);
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub);
static int do_blob_header(const unsigned char **in, unsigned int length,
return NULL;
}
if (isdss)
- return b2i_dss(&p, length, bitlen, ispub);
+ return b2i_dss(&p, bitlen, ispub);
else
- return b2i_rsa(&p, length, bitlen, ispub);
+ return b2i_rsa(&p, bitlen, ispub);
}
static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
}
if (isdss)
- ret = b2i_dss(&p, length, bitlen, ispub);
+ ret = b2i_dss(&p, bitlen, ispub);
else
- ret = b2i_rsa(&p, length, bitlen, ispub);
+ ret = b2i_rsa(&p, bitlen, ispub);
err:
OPENSSL_free(buf);
return ret;
}
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
return NULL;
}
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
RSA_free(pkey->pkey.rsa);
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
{
char *str;
const char *s;
- unsigned char *m = NULL;
int ret = 0, mod_len = 0;
- size_t buf_len = 0;
-
- update_buflen(x->n, &buf_len);
- update_buflen(x->e, &buf_len);
-
- if (priv) {
- update_buflen(x->d, &buf_len);
- update_buflen(x->p, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->dmp1, &buf_len);
- update_buflen(x->dmq1, &buf_len);
- update_buflen(x->iqmp, &buf_len);
- }
-
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
if (x->n != NULL)
mod_len = BN_num_bits(x->n);
goto err;
if (priv && x->d) {
- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
- <= 0)
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "modulus:";
s = "publicExponent:";
} else {
- if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
- <= 0)
+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "Modulus:";
s = "Exponent:";
}
- if (!ASN1_bn_print(bp, str, x->n, m, off))
+ if (!ASN1_bn_print(bp, str, x->n, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, s, x->e, m, off))
+ if (!ASN1_bn_print(bp, s, x->e, NULL, off))
goto err;
if (priv) {
- if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
+ if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
+ if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
+ if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
+ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
+ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
+ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
goto err;
}
ret = 1;
err:
- OPENSSL_free(m);
return (ret);
}
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
- ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+ ret = RSA_sign_ASN1_OCTET_STRING(0,
tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
/* Skip pattern prefix to match "wildcard" subject */
static void skip_prefix(const unsigned char **p, size_t *plen,
- const unsigned char *subject, size_t subject_len,
+ size_t subject_len,
unsigned int flags)
{
const unsigned char *pattern = *p;
const unsigned char *subject, size_t subject_len,
unsigned int flags)
{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len)
return 0;
while (pattern_len) {
const unsigned char *subject, size_t subject_len,
unsigned int flags)
{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len)
return 0;
return !memcmp(pattern, subject, pattern_len);
The B<file> should contain one or more CRLs in PEM format.
This option can be specified more than once to include CRLs from multiple
B<files>.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-crl_download>
The B<file> should contain one or more certificates in PEM format.
This option can be specified more than once to include untrusted certiificates
from multiple B<files>.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-trusted file>
This option implies the B<-no-CAfile> and B<-no-CApath> options.
This option cannot be used in combination with either of the B<-CAfile> or
B<-CApath> options.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-use_deltas>
# define REF_PRINT_COUNT(a, b)
# endif
+# define osslargused(x) (void)x
+
# ifndef DEVRANDOM
/*
* set this to a comma-separated list of 'random' device files to try out. My
/** Gets the order of a EC_GROUP
* \param group EC_GROUP object
* \param order BIGNUM to which the order is copied
- * \param ctx BN_CTX object (optional)
+ * \param ctx unused
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
/** Gets the cofactor of a EC_GROUP
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
- * \param ctx BN_CTX object (optional)
+ * \param ctx unused
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
{
- unsigned char *p = (unsigned char *)s->init_buf->data;
- dtls1_set_message_header(s, p, htype, len, 0, len);
+ dtls1_set_message_header(s, htype, len, 0, len);
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
s->init_off = 0;
/* Buffer the message to handle re-xmits */
}
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek);
+ int len);
/* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item)
/*
* check whether there's a handshake message (client hello?) waiting
*/
- if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
+ if ((ret = have_handshake_fragment(s, type, buf, len)))
return ret;
/*
* is started.
*/
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek)
+ int len)
{
if ((type == SSL3_RT_HANDSHAKE)
__owur int ssl3_do_uncompress(SSL *ssl);
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size);
-__owur int ssl3_cbc_remove_padding(const SSL *s,
- SSL3_RECORD *rec,
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
if ((bs != 1) && !send)
- return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ return ssl3_cbc_remove_padding(rec, bs, mac_size);
}
return (1);
}
* 1: if the padding was valid
* -1: otherwise.
*/
-int ssl3_cbc_remove_padding(const SSL *s,
- SSL3_RECORD *rec,
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
{
unsigned padding_length, good;
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s,
- unsigned char *p, unsigned char mt,
+ unsigned char mt,
unsigned long len,
unsigned long frag_off,
unsigned long frag_len);
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
-__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
- unsigned long frag_off, int *found);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
if (dtls1_retransmit_message(s, (unsigned short)
dtls1_get_queue_priority
(frag->msg_header.seq,
- frag->msg_header.is_ccs), 0,
+ frag->msg_header.is_ccs),
&found) <= 0 && found) {
fprintf(stderr, "dtls1_retransmit_message() failed\n");
return -1;
}
int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
- int *found)
+dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
{
int ret;
/* XDTLS: for now assuming that read/writes are blocking */
}
}
-void dtls1_set_message_header(SSL *s, unsigned char *p,
- unsigned char mt, unsigned long len,
- unsigned long frag_off,
- unsigned long frag_len)
+void dtls1_set_message_header(SSL *s,
+ unsigned char mt, unsigned long len,
+ unsigned long frag_off,
+ unsigned long frag_len)
{
if (frag_off == 0) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
s->d1->cookie, s->d1->cookie_len);
- dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
+ dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
len);
len += DTLS1_HM_HEADER_LENGTH;