summaryrefslogtreecommitdiff
path: root/apps
diff options
context:
space:
mode:
Diffstat (limited to 'apps')
-rw-r--r--apps/asn1parse.c72
-rw-r--r--apps/ca.c734
-rw-r--r--apps/ciphers.c55
-rw-r--r--apps/cmp.c1138
-rw-r--r--apps/cms.c486
-rw-r--r--apps/crl.c124
-rw-r--r--apps/crl2pkcs7.c36
-rw-r--r--apps/dgst.c141
-rw-r--r--apps/dhparam.c152
-rw-r--r--apps/dsa.c78
-rw-r--r--apps/dsaparam.c64
-rw-r--r--apps/ec.c78
-rw-r--r--apps/ecparam.c117
-rw-r--r--apps/enc.c174
-rw-r--r--apps/engine.c112
-rw-r--r--apps/errstr.c17
-rw-r--r--apps/fipsinstall.c192
-rw-r--r--apps/gendsa.c39
-rw-r--r--apps/genpkey.c67
-rw-r--r--apps/genrsa.c57
-rw-r--r--apps/include/app_libctx.h4
-rw-r--r--apps/include/app_params.h1
-rw-r--r--apps/include/apps.h249
-rw-r--r--apps/include/apps_ui.h5
-rw-r--r--apps/include/cmp_mock_srv.h18
-rw-r--r--apps/include/engine_loader.h8
-rw-r--r--apps/include/fmt.h32
-rw-r--r--apps/include/function.h17
-rw-r--r--apps/include/http_server.h86
-rw-r--r--apps/include/names.h2
-rw-r--r--apps/include/opt.h532
-rw-r--r--apps/include/platform.h12
-rw-r--r--apps/include/s_apps.h56
-rw-r--r--apps/include/vms_term_sock.h12
-rw-r--r--apps/info.c36
-rw-r--r--apps/kdf.c45
-rw-r--r--apps/lib/app_libctx.c3
-rw-r--r--apps/lib/app_params.c7
-rw-r--r--apps/lib/app_provider.c2
-rw-r--r--apps/lib/app_rand.c7
-rw-r--r--apps/lib/app_x509.c50
-rw-r--r--apps/lib/apps.c761
-rw-r--r--apps/lib/apps_ui.c37
-rw-r--r--apps/lib/cmp_mock_srv.c121
-rw-r--r--apps/lib/columns.c1
-rw-r--r--apps/lib/engine.c15
-rw-r--r--apps/lib/engine_loader.c38
-rw-r--r--apps/lib/http_server.c122
-rw-r--r--apps/lib/names.c2
-rw-r--r--apps/lib/opt.c271
-rw-r--r--apps/lib/s_cb.c617
-rw-r--r--apps/lib/s_socket.c119
-rw-r--r--apps/lib/tlssrp_depr.c47
-rw-r--r--apps/lib/vms_decc_argv.c2
-rw-r--r--apps/lib/vms_term_sock.c501
-rw-r--r--apps/lib/win32_init.c28
-rw-r--r--apps/list.c484
-rw-r--r--apps/mac.c42
-rw-r--r--apps/nseq.c22
-rw-r--r--apps/ocsp.c462
-rw-r--r--apps/openssl.c58
-rw-r--r--apps/passwd.c253
-rw-r--r--apps/pkcs12.c342
-rw-r--r--apps/pkcs7.c39
-rw-r--r--apps/pkcs8.c88
-rw-r--r--apps/pkey.c100
-rw-r--r--apps/pkeyparam.c32
-rw-r--r--apps/pkeyutl.c241
-rw-r--r--apps/prime.c39
-rw-r--r--apps/progs.pl11
-rw-r--r--apps/rand.c28
-rw-r--r--apps/rehash.c169
-rw-r--r--apps/req.c450
-rw-r--r--apps/rsa.c103
-rw-r--r--apps/rsautl.c91
-rw-r--r--apps/s_client.c1725
-rw-r--r--apps/s_server.c929
-rw-r--r--apps/s_time.c158
-rw-r--r--apps/sess_id.c42
-rw-r--r--apps/smime.c208
-rw-r--r--apps/speed.c1256
-rw-r--r--apps/spkac.c56
-rw-r--r--apps/srp.c192
-rw-r--r--apps/storeutl.c159
-rw-r--r--apps/testdsa.h1490
-rw-r--r--apps/testrsa.h4912
-rw-r--r--apps/timeouts.h8
-rw-r--r--apps/ts.c265
-rw-r--r--apps/verify.c137
-rw-r--r--apps/version.c53
-rw-r--r--apps/vms_decc_init.c73
-rw-r--r--apps/x509.c387
92 files changed, 14552 insertions, 8351 deletions
diff --git a/apps/asn1parse.c b/apps/asn1parse.c
index 04263eeb034d..8e1526f6219c 100644
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -20,40 +20,51 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
- OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
- OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
+ OPT_INFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_INDENT,
+ OPT_NOOUT,
+ OPT_OID,
+ OPT_OFFSET,
+ OPT_LENGTH,
+ OPT_DUMP,
+ OPT_DLIMIT,
+ OPT_STRPARSE,
+ OPT_GENSTR,
+ OPT_GENCONF,
+ OPT_STRICTPEM,
OPT_ITEM
} OPTION_CHOICE;
const OPTIONS asn1parse_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"oid", OPT_OID, '<', "file of extra oid definitions"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "oid", OPT_OID, '<', "file of extra oid definitions" },
OPT_SECTION("I/O"),
- {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
- {"in", OPT_IN, '<', "input file"},
- {"out", OPT_OUT, '>', "output file (output format is always DER)"},
- {"noout", OPT_NOOUT, 0, "do not produce any output"},
- {"offset", OPT_OFFSET, 'p', "offset into file"},
- {"length", OPT_LENGTH, 'p', "length of section in file"},
- {"strparse", OPT_STRPARSE, 'p',
- "offset; a series of these can be used to 'dig'"},
- {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
- {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
- {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
- {"strictpem", OPT_STRICTPEM, 0,
- "do not attempt base64 decode outside PEM markers"},
- {"item", OPT_ITEM, 's', "item to parse and print"},
- {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
+ { "inform", OPT_INFORM, 'F', "input format - one of DER PEM" },
+ { "in", OPT_IN, '<', "input file" },
+ { "out", OPT_OUT, '>', "output file (output format is always DER)" },
+ { "noout", OPT_NOOUT, 0, "do not produce any output" },
+ { "offset", OPT_OFFSET, 'p', "offset into file" },
+ { "length", OPT_LENGTH, 'p', "length of section in file" },
+ { "strparse", OPT_STRPARSE, 'p',
+ "offset; a series of these can be used to 'dig'" },
+ { OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings" },
+ { "genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from" },
+ { "genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from" },
+ { "strictpem", OPT_STRICTPEM, 0,
+ "do not attempt base64 decode outside PEM markers" },
+ { "item", OPT_ITEM, 's', "item to parse and print" },
+ { OPT_MORE_STR, 0, 0, "(-inform will be ignored)" },
OPT_SECTION("Formatting"),
- {"i", OPT_INDENT, 0, "indents the output"},
- {"dump", OPT_DUMP, 0, "unknown data in hex form"},
- {"dlimit", OPT_DLIMIT, 'p',
- "dump the first arg bytes of unknown data in hex form"},
- {NULL}
+ { "i", OPT_INDENT, 0, "indents the output" },
+ { "dump", OPT_DUMP, 0, "unknown data in hex form" },
+ { "dlimit", OPT_DLIMIT, 'p',
+ "dump the first arg bytes of unknown data in hex form" },
+ { NULL }
};
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
@@ -88,7 +99,7 @@ int asn1parse_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -190,7 +201,7 @@ int asn1parse_main(int argc, char **argv)
buf->length = buf->max = num;
} else {
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
- goto end; /* Pre-allocate :-) */
+ goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(genstr, genconf, buf);
@@ -222,7 +233,6 @@ int asn1parse_main(int argc, char **argv)
}
}
str = (unsigned char *)buf->data;
-
}
/* If any structs to parse go through in sequence */
@@ -236,7 +246,7 @@ int asn1parse_main(int argc, char **argv)
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
- sk_OPENSSL_STRING_value(osk, i));
+ sk_OPENSSL_STRING_value(osk, i));
continue;
}
tmpbuf += j;
@@ -302,7 +312,7 @@ int asn1parse_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
BIO_free(derout);
BIO_free(in);
BIO_free(b64);
@@ -356,7 +366,7 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
ASN1_TYPE_free(atyp);
return len;
- err:
+err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
diff --git a/apps/ca.c b/apps/ca.c
index a7a5ab1ecefb..1e9ec63c0158 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -24,115 +24,115 @@
#include <openssl/pem.h>
#ifndef W_OK
-# ifdef OPENSSL_SYS_VMS
-# include <unistd.h>
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_TANDEM)
-# include <sys/file.h>
-# endif
+#ifdef OPENSSL_SYS_VMS
+#include <unistd.h>
+#elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_TANDEM)
+#include <sys/file.h>
+#endif
#endif
#include "apps.h"
#include "progs.h"
#ifndef W_OK
-# define F_OK 0
-# define W_OK 2
-# define R_OK 4
+#define F_OK 0
+#define W_OK 2
+#define R_OK 4
#endif
#ifndef PATH_MAX
-# define PATH_MAX 4096
+#define PATH_MAX 4096
#endif
-#define BASE_SECTION "ca"
+#define BASE_SECTION "ca"
-#define ENV_DEFAULT_CA "default_ca"
+#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
-#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
-#define ENV_SERIAL "serial"
-#define ENV_RAND_SERIAL "rand_serial"
-#define ENV_CRLNUMBER "crlnumber"
-#define ENV_PRIVATE_KEY "private_key"
-#define ENV_DEFAULT_DAYS "default_days"
-#define ENV_DEFAULT_STARTDATE "default_startdate"
-#define ENV_DEFAULT_ENDDATE "default_enddate"
-#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
-#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
-#define ENV_DEFAULT_MD "default_md"
-#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
-#define ENV_PRESERVE "preserve"
-#define ENV_POLICY "policy"
-#define ENV_EXTENSIONS "x509_extensions"
-#define ENV_CRLEXT "crl_extensions"
-#define ENV_MSIE_HACK "msie_hack"
-#define ENV_NAMEOPT "name_opt"
-#define ENV_CERTOPT "cert_opt"
-#define ENV_EXTCOPY "copy_extensions"
-#define ENV_UNIQUE_SUBJECT "unique_subject"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_RAND_SERIAL "rand_serial"
+#define ENV_CRLNUMBER "crlnumber"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_STARTDATE "default_startdate"
+#define ENV_DEFAULT_ENDDATE "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_CRLEXT "crl_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+#define ENV_NAMEOPT "name_opt"
+#define ENV_CERTOPT "cert_opt"
+#define ENV_EXTCOPY "copy_extensions"
+#define ENV_UNIQUE_SUBJECT "unique_subject"
-#define ENV_DATABASE "database"
+#define ENV_DATABASE "database"
/* Additional revocation information types */
typedef enum {
- REV_VALID = -1, /* Valid (not-revoked) status */
- REV_NONE = 0, /* No additional information */
- REV_CRL_REASON = 1, /* Value is CRL reason code */
- REV_HOLD = 2, /* Value is hold instruction */
- REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */
- REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */
+ REV_VALID = -1, /* Valid (not-revoked) status */
+ REV_NONE = 0, /* No additional information */
+ REV_CRL_REASON = 1, /* Value is CRL reason code */
+ REV_HOLD = 2, /* Value is hold instruction */
+ REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */
+ REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */
} REVINFO_TYPE;
static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
static int certify(X509 **xret, const char *infile, int informat,
- EVP_PKEY *pkey, X509 *x509,
- const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(OPENSSL_STRING) *vfyopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate,
- long days, int batch, const char *ext_sect, CONF *conf,
- int verbose, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign, unsigned long dateopt);
+ EVP_PKEY *pkey, X509 *x509,
+ const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(OPENSSL_STRING) *vfyopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign, unsigned long dateopt);
static int certify_cert(X509 **xret, const char *infile, int certformat,
- const char *passin, EVP_PKEY *pkey, X509 *x509,
- const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(OPENSSL_STRING) *vfyopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate, long days, int batch, const char *ext_sect,
- CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt);
+ const char *passin, EVP_PKEY *pkey, X509 *x509,
+ const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(OPENSSL_STRING) *vfyopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
+ CONF *conf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt);
static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
- X509 *x509, const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate, long days, const char *ext_sect, CONF *conf,
- int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt);
+ X509 *x509, const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
- const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- const char *subj, unsigned long chtype, int multirdn,
- int email_dn, const char *startdate, const char *enddate, long days,
- int batch, int verbose, X509_REQ *req, const char *ext_sect,
- CONF *conf, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign, unsigned long dateopt);
+ const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
+ CONF *conf, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign, unsigned long dateopt);
static int get_certificate_status(const char *ser_status, CA_DB *db);
static int do_updatedb(CA_DB *db);
static int check_time_format(const char *str);
static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
- const char *extval);
+ const char *extval);
static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg);
static int make_revoked(X509_REVOKED *rev, const char *str);
static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str);
@@ -144,117 +144,159 @@ static int msie_hack = 0;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
- OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
- OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
- OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN,
- OPT_IN, OPT_INFORM, OPT_OUT, OPT_DATEOPT, OPT_OUTDIR, OPT_VFYOPT,
- OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
- OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE,
- OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
- OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
- OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+ OPT_ENGINE,
+ OPT_VERBOSE,
+ OPT_CONFIG,
+ OPT_NAME,
+ OPT_SUBJ,
+ OPT_UTF8,
+ OPT_CREATE_SERIAL,
+ OPT_MULTIVALUE_RDN,
+ OPT_STARTDATE,
+ OPT_ENDDATE,
+ OPT_DAYS,
+ OPT_MD,
+ OPT_POLICY,
+ OPT_KEYFILE,
+ OPT_KEYFORM,
+ OPT_PASSIN,
+ OPT_KEY,
+ OPT_CERT,
+ OPT_CERTFORM,
+ OPT_SELFSIGN,
+ OPT_IN,
+ OPT_INFORM,
+ OPT_OUT,
+ OPT_DATEOPT,
+ OPT_OUTDIR,
+ OPT_VFYOPT,
+ OPT_SIGOPT,
+ OPT_NOTEXT,
+ OPT_BATCH,
+ OPT_PRESERVEDN,
+ OPT_NOEMAILDN,
+ OPT_GENCRL,
+ OPT_MSIE_HACK,
+ OPT_CRL_LASTUPDATE,
+ OPT_CRL_NEXTUPDATE,
+ OPT_CRLDAYS,
+ OPT_CRLHOURS,
+ OPT_CRLSEC,
+ OPT_INFILES,
+ OPT_SS_CERT,
+ OPT_SPKAC,
+ OPT_REVOKE,
+ OPT_VALID,
+ OPT_EXTENSIONS,
+ OPT_EXTFILE,
+ OPT_STATUS,
+ OPT_UPDATEDB,
+ OPT_CRLEXTS,
OPT_RAND_SERIAL,
- OPT_R_ENUM, OPT_PROV_ENUM,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
/* Do not change the order here; see related case statements below */
- OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
+ OPT_CRL_REASON,
+ OPT_CRL_HOLD,
+ OPT_CRL_COMPROMISE,
+ OPT_CRL_CA_COMPROMISE
} OPTION_CHOICE;
const OPTIONS ca_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
- {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
- {"in", OPT_IN, '<', "The input cert request(s)"},
- {"inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM"},
- {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
- {"out", OPT_OUT, '>', "Where to put the output file(s)"},
- {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."},
- {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
- {"batch", OPT_BATCH, '-', "Don't ask questions"},
- {"msie_hack", OPT_MSIE_HACK, '-',
- "msie modifications to handle all Universal Strings"},
- {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
- {"spkac", OPT_SPKAC, '<',
- "File contains DN and signed public key and challenge"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose output during processing" },
+ { "outdir", OPT_OUTDIR, '/', "Where to put output cert" },
+ { "in", OPT_IN, '<', "The input cert request(s)" },
+ { "inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM" },
+ { "infiles", OPT_INFILES, '-', "The last argument, requests to process" },
+ { "out", OPT_OUT, '>', "Where to put the output file(s)" },
+ { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." },
+ { "notext", OPT_NOTEXT, '-', "Do not print the generated certificate" },
+ { "batch", OPT_BATCH, '-', "Don't ask questions" },
+ { "msie_hack", OPT_MSIE_HACK, '-',
+ "msie modifications to handle all Universal Strings" },
+ { "ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign" },
+ { "spkac", OPT_SPKAC, '<',
+ "File contains DN and signed public key and challenge" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Configuration"),
- {"config", OPT_CONFIG, 's', "A config file"},
- {"name", OPT_NAME, 's', "The particular CA definition to use"},
- {"section", OPT_NAME, 's', "An alias for -name"},
- {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+ { "config", OPT_CONFIG, 's', "A config file" },
+ { "name", OPT_NAME, 's', "The particular CA definition to use" },
+ { "section", OPT_NAME, 's', "An alias for -name" },
+ { "policy", OPT_POLICY, 's', "The CA 'policy' to support" },
OPT_SECTION("Certificate"),
- {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
- {"utf8", OPT_UTF8, '-', "Input characters are UTF8; default ASCII"},
- {"create_serial", OPT_CREATE_SERIAL, '-',
- "If reading serial fails, create a new random serial"},
- {"rand_serial", OPT_RAND_SERIAL, '-',
- "Always create a random serial; do not store it"},
- {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
- "Deprecated; multi-valued RDNs support is always on."},
- {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
- {"enddate", OPT_ENDDATE, 's',
- "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
- {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
- {"extensions", OPT_EXTENSIONS, 's',
- "Extension section (override value in config file)"},
- {"extfile", OPT_EXTFILE, '<',
- "Configuration file with X509v3 extensions to add"},
- {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
- {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+ { "subj", OPT_SUBJ, 's', "Use arg instead of request's subject" },
+ { "utf8", OPT_UTF8, '-', "Input characters are UTF8; default ASCII" },
+ { "create_serial", OPT_CREATE_SERIAL, '-',
+ "If reading serial fails, create a new random serial" },
+ { "rand_serial", OPT_RAND_SERIAL, '-',
+ "Always create a random serial; do not store it" },
+ { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+ "Deprecated; multi-valued RDNs support is always on." },
+ { "startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ" },
+ { "enddate", OPT_ENDDATE, 's',
+ "YYMMDDHHMMSSZ cert notAfter (overrides -days)" },
+ { "days", OPT_DAYS, 'p', "Number of days to certify the cert for" },
+ { "extensions", OPT_EXTENSIONS, 's',
+ "Extension section (override value in config file)" },
+ { "extfile", OPT_EXTFILE, '<',
+ "Configuration file with X509v3 extensions to add" },
+ { "preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN" },
+ { "noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN" },
OPT_SECTION("Signing"),
- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
- {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
- {"keyform", OPT_KEYFORM, 'f',
- "Private key file format (ENGINE, other values ignored)"},
- {"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"},
- {"key", OPT_KEY, 's',
- "Key to decrypt the private key or cert files if encrypted. Better use -passin"},
- {"cert", OPT_CERT, '<', "The CA cert"},
- {"certform", OPT_CERTFORM, 'F',
- "Certificate input format (DER/PEM/P12); has no effect"},
- {"selfsign", OPT_SELFSIGN, '-',
- "Sign a cert with the key associated with it"},
- {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
- {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"},
+ { "md", OPT_MD, 's', "Digest to use, such as sha256" },
+ { "keyfile", OPT_KEYFILE, 's', "The CA private key" },
+ { "keyform", OPT_KEYFORM, 'f',
+ "Private key file format (ENGINE, other values ignored)" },
+ { "passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source" },
+ { "key", OPT_KEY, 's',
+ "Key to decrypt the private key or cert files if encrypted. Better use -passin" },
+ { "cert", OPT_CERT, '<', "The CA cert" },
+ { "certform", OPT_CERTFORM, 'F',
+ "Certificate input format (DER/PEM/P12); has no effect" },
+ { "selfsign", OPT_SELFSIGN, '-',
+ "Sign a cert with the key associated with it" },
+ { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" },
+ { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" },
OPT_SECTION("Revocation"),
- {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
- {"valid", OPT_VALID, 's',
- "Add a Valid(not-revoked) DB entry about a cert (given in file)"},
- {"status", OPT_STATUS, 's', "Shows cert status given the serial number"},
- {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
- {"crlexts", OPT_CRLEXTS, 's',
- "CRL extension section (override value in config file)"},
- {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"},
- {"crl_hold", OPT_CRL_HOLD, 's',
- "the hold instruction, an OID. Sets revocation reason to certificateHold"},
- {"crl_compromise", OPT_CRL_COMPROMISE, 's',
- "sets compromise time to val and the revocation reason to keyCompromise"},
- {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
- "sets compromise time to val and the revocation reason to CACompromise"},
- {"crl_lastupdate", OPT_CRL_LASTUPDATE, 's',
- "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"},
- {"crl_nextupdate", OPT_CRL_NEXTUPDATE, 's',
- "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"},
- {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
- {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
- {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
- {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
+ { "gencrl", OPT_GENCRL, '-', "Generate a new CRL" },
+ { "valid", OPT_VALID, 's',
+ "Add a Valid(not-revoked) DB entry about a cert (given in file)" },
+ { "status", OPT_STATUS, 's', "Shows cert status given the serial number" },
+ { "updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert" },
+ { "crlexts", OPT_CRLEXTS, 's',
+ "CRL extension section (override value in config file)" },
+ { "crl_reason", OPT_CRL_REASON, 's', "revocation reason" },
+ { "crl_hold", OPT_CRL_HOLD, 's',
+ "the hold instruction, an OID. Sets revocation reason to certificateHold" },
+ { "crl_compromise", OPT_CRL_COMPROMISE, 's',
+ "sets compromise time to val and the revocation reason to keyCompromise" },
+ { "crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
+ "sets compromise time to val and the revocation reason to CACompromise" },
+ { "crl_lastupdate", OPT_CRL_LASTUPDATE, 's',
+ "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)" },
+ { "crl_nextupdate", OPT_CRL_NEXTUPDATE, 's',
+ "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)" },
+ { "crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due" },
+ { "crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due" },
+ { "crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due" },
+ { "revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"certreq", 0, 0, "Certificate requests to be signed (optional)"},
- {NULL}
+ { "certreq", 0, 0, "Certificate requests to be signed (optional)" },
+ { NULL }
};
int ca_main(int argc, char **argv)
@@ -307,7 +349,7 @@ int ca_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -482,7 +524,7 @@ opthelp:
case OPT_CRLEXTS:
crl_ext = opt_arg();
break;
- case OPT_CRL_REASON: /* := REV_CRL_REASON */
+ case OPT_CRL_REASON: /* := REV_CRL_REASON */
case OPT_CRL_HOLD:
case OPT_CRL_COMPROMISE:
case OPT_CRL_CA_COMPROMISE:
@@ -608,7 +650,7 @@ end_of_options:
if (!X509_check_private_key(x509, pkey)) {
BIO_printf(bio_err,
- "CA certificate and CA private key do not match\n");
+ "CA certificate and CA private key do not match\n");
goto end;
}
}
@@ -668,7 +710,7 @@ end_of_options:
outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
if (outdir == NULL) {
BIO_printf(bio_err,
- "there needs to be defined a directory for new certificate to be placed in\n");
+ "there needs to be defined a directory for new certificate to be placed in\n");
goto end;
}
#ifndef OPENSSL_SYS_VMS
@@ -704,12 +746,11 @@ end_of_options:
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
BIO_printf(bio_err,
- "entry %d: not revoked yet, but has a revocation date\n",
- i + 1);
+ "entry %d: not revoked yet, but has a revocation date\n",
+ i + 1);
goto end;
}
- if ((pp[DB_type][0] == DB_TYPE_REV) &&
- !make_revoked(NULL, pp[DB_rev_date])) {
+ if ((pp[DB_type][0] == DB_TYPE_REV) && !make_revoked(NULL, pp[DB_rev_date])) {
BIO_printf(bio_err, " in entry %d\n", i + 1);
goto end;
}
@@ -725,14 +766,14 @@ end_of_options:
}
if ((j & 1) || (j < 2)) {
BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
- i + 1, j);
+ i + 1, j);
goto end;
}
- for ( ; *p; p++) {
+ for (; *p; p++) {
if (!isxdigit(_UC(*p))) {
BIO_printf(bio_err,
- "entry %d: bad char 0%o '%c' in serial number\n",
- i + 1, *p, *p);
+ "entry %d: bad char 0%o '%c' in serial number\n",
+ i + 1, *p, *p);
goto end;
}
}
@@ -740,7 +781,7 @@ end_of_options:
if (verbose) {
TXT_DB_write(bio_out, db->db);
BIO_printf(bio_err, "%d entries loaded from the database\n",
- sk_OPENSSL_PSTRING_num(db->db->data));
+ sk_OPENSSL_PSTRING_num(db->db->data));
BIO_printf(bio_err, "generating index\n");
}
@@ -782,7 +823,7 @@ end_of_options:
if (verbose)
BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
- extfile);
+ extfile);
/* We can have sections in the ext file */
if (extensions == NULL) {
@@ -815,8 +856,8 @@ end_of_options:
if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) {
dgst = NULL;
} else if (dgst == NULL
- && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL
- && strcmp(def_dgst, "UNDEF") != 0) {
+ && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL
+ && strcmp(def_dgst, "UNDEF") != 0) {
goto end;
} else {
if (strcmp(dgst, "default") == 0 || strcmp(def_dgst, "UNDEF") == 0) {
@@ -864,8 +905,8 @@ end_of_options:
X509V3_set_nconf(&ctx, extfile_conf);
if (!X509V3_EXT_add_nconf(extfile_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
- "Error checking certificate extensions from extfile section %s\n",
- extensions);
+ "Error checking certificate extensions from extfile section %s\n",
+ extensions);
ret = 1;
goto end;
}
@@ -887,8 +928,8 @@ end_of_options:
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
- "Error checking certificate extension config section %s\n",
- extensions);
+ "Error checking certificate extension config section %s\n",
+ extensions);
ret = 1;
goto end;
}
@@ -902,7 +943,7 @@ end_of_options:
}
if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) {
BIO_printf(bio_err,
- "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+ "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
goto end;
}
if (startdate == NULL)
@@ -915,7 +956,7 @@ end_of_options:
}
if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) {
BIO_printf(bio_err,
- "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+ "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
goto end;
}
@@ -965,10 +1006,10 @@ end_of_options:
if (spkac_file != NULL) {
total++;
j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
- attribs, db, serial, subj, chtype, multirdn,
- email_dn, startdate, enddate, days, extensions,
- conf, verbose, certopt, get_nameopt(), default_op,
- ext_copy, dateopt);
+ attribs, db, serial, subj, chtype, multirdn,
+ email_dn, startdate, enddate, days, extensions,
+ conf, verbose, certopt, get_nameopt(), default_op,
+ ext_copy, dateopt);
if (j < 0)
goto end;
if (j > 0) {
@@ -985,11 +1026,11 @@ end_of_options:
if (ss_cert_file != NULL) {
total++;
j = certify_cert(&x, ss_cert_file, certformat, passin, pkey,
- x509, dgst, sigopts, vfyopts, attribs,
- db, serial, subj, chtype, multirdn, email_dn,
- startdate, enddate, days, batch, extensions,
- conf, verbose, certopt, get_nameopt(), default_op,
- ext_copy, dateopt);
+ x509, dgst, sigopts, vfyopts, attribs,
+ db, serial, subj, chtype, multirdn, email_dn,
+ startdate, enddate, days, batch, extensions,
+ conf, verbose, certopt, get_nameopt(), default_op,
+ ext_copy, dateopt);
if (j < 0)
goto end;
if (j > 0) {
@@ -1006,10 +1047,10 @@ end_of_options:
if (infile != NULL) {
total++;
j = certify(&x, infile, informat, pkey, x509p, dgst,
- sigopts, vfyopts, attribs, db,
- serial, subj, chtype, multirdn, email_dn, startdate,
- enddate, days, batch, extensions, conf, verbose,
- certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt);
+ sigopts, vfyopts, attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt);
if (j < 0)
goto end;
if (j > 0) {
@@ -1026,11 +1067,11 @@ end_of_options:
for (i = 0; i < argc; i++) {
total++;
j = certify(&x, argv[i], informat, pkey, x509p, dgst,
- sigopts, vfyopts,
- attribs, db,
- serial, subj, chtype, multirdn, email_dn, startdate,
- enddate, days, batch, extensions, conf, verbose,
- certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt);
+ sigopts, vfyopts,
+ attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt);
if (j < 0)
goto end;
if (j > 0) {
@@ -1055,8 +1096,8 @@ end_of_options:
if (sk_X509_num(cert_sk) > 0) {
if (!batch) {
BIO_printf(bio_err,
- "\n%d out of %d certificate requests certified, commit? [y/n]",
- total_done, total);
+ "\n%d out of %d certificate requests certified, commit? [y/n]",
+ total_done, total);
(void)BIO_flush(bio_err);
tmp[0] = '\0';
if (fgets(tmp, sizeof(tmp), stdin) == NULL) {
@@ -1072,10 +1113,10 @@ end_of_options:
}
BIO_printf(bio_err, "Write out database with %d new entries\n",
- sk_X509_num(cert_sk));
+ sk_X509_num(cert_sk));
if (serialfile != NULL
- && !save_serial(serialfile, "new", serial, NULL))
+ && !save_serial(serialfile, "new", serial, NULL))
goto end;
if (!save_index(dbfile, "new", db))
@@ -1119,12 +1160,12 @@ end_of_options:
*(n++) = 'p';
*(n++) = 'e';
*(n++) = 'm';
- *n = '\0'; /* closing new_cert */
+ *n = '\0'; /* closing new_cert */
if (verbose)
BIO_printf(bio_err, "writing %s\n", new_cert);
Sout = bio_open_default(outfile, 'w',
- output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+ output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
@@ -1143,7 +1184,7 @@ end_of_options:
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
if (serialfile != NULL
- && !rotate_serial(serialfile, "new", "old"))
+ && !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
@@ -1169,7 +1210,7 @@ end_of_options:
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
BIO_printf(bio_err,
- "Error checking CRL extension section %s\n", crl_ext);
+ "Error checking CRL extension section %s\n", crl_ext);
ret = 1;
goto end;
}
@@ -1188,20 +1229,19 @@ end_of_options:
if (!crldays && !crlhours && !crlsec) {
if (!NCONF_get_number(conf, section,
- ENV_DEFAULT_CRL_DAYS, &crldays)) {
+ ENV_DEFAULT_CRL_DAYS, &crldays)) {
ERR_clear_error();
crldays = 0;
}
if (!NCONF_get_number(conf, section,
- ENV_DEFAULT_CRL_HOURS, &crlhours)) {
+ ENV_DEFAULT_CRL_HOURS, &crlhours)) {
ERR_clear_error();
crlhours = 0;
}
}
- if ((crl_nextupdate == NULL) &&
- (crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
+ if ((crl_nextupdate == NULL) && (crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
BIO_printf(bio_err,
- "cannot lookup how long until the next CRL is issued\n");
+ "cannot lookup how long until the next CRL is issued\n");
goto end;
}
@@ -1219,7 +1259,7 @@ end_of_options:
}
if (!set_crl_nextupdate(crl, crl_nextupdate,
- crldays, crlhours, crlsec)) {
+ crldays, crlhours, crlsec)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
ret = 1;
goto end;
@@ -1268,7 +1308,7 @@ end_of_options:
if (crl_ext != NULL)
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) {
BIO_printf(bio_err,
- "Error adding CRL extensions from section %s\n", crl_ext);
+ "Error adding CRL extensions from section %s\n", crl_ext);
goto end;
}
if (crlnumberfile != NULL) {
@@ -1289,7 +1329,7 @@ end_of_options:
/* we have a CRL number that need updating */
if (crlnumberfile != NULL
- && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))
goto end;
BN_free(crlnumber);
@@ -1299,7 +1339,7 @@ end_of_options:
goto end;
Sout = bio_open_default(outfile, 'w',
- output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+ output_der ? FORMAT_ASN1 : FORMAT_TEXT);
if (Sout == NULL)
goto end;
@@ -1307,9 +1347,8 @@ end_of_options:
/* Rename the crlnumber file */
if (crlnumberfile != NULL
- && !rotate_serial(crlnumberfile, "new", "old"))
+ && !rotate_serial(crlnumberfile, "new", "old"))
goto end;
-
}
/*****************************************************************/
if (dorevoke) {
@@ -1320,7 +1359,7 @@ end_of_options:
X509 *revcert;
revcert = load_cert_pass(infile, informat, 1, passin,
- "certificate to be revoked");
+ "certificate to be revoked");
if (revcert == NULL)
goto end;
if (dorevoke == 2)
@@ -1341,7 +1380,7 @@ end_of_options:
}
ret = 0;
- end:
+end:
if (ret)
ERR_print_errors(bio_err);
BIO_free_all(Sout);
@@ -1375,17 +1414,17 @@ static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
}
static int certify(X509 **xret, const char *infile, int informat,
- EVP_PKEY *pkey, X509 *x509,
- const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(OPENSSL_STRING) *vfyopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate,
- long days, int batch, const char *ext_sect, CONF *lconf,
- int verbose, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign, unsigned long dateopt)
+ EVP_PKEY *pkey, X509 *x509,
+ const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(OPENSSL_STRING) *vfyopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *lconf,
+ int verbose, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign, unsigned long dateopt)
{
X509_REQ *req = NULL;
EVP_PKEY *pktmp = NULL;
@@ -1406,7 +1445,7 @@ static int certify(X509 **xret, const char *infile, int informat,
if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
BIO_printf(bio_err,
- "Certificate request and CA private key do not match\n");
+ "Certificate request and CA private key do not match\n");
goto end;
}
i = do_X509_REQ_verify(req, pktmp, vfyopts);
@@ -1416,33 +1455,33 @@ static int certify(X509 **xret, const char *infile, int informat,
}
if (i == 0) {
BIO_printf(bio_err,
- "Signature did not match the certificate request\n");
+ "Signature did not match the certificate request\n");
goto end;
}
BIO_printf(bio_err, "Signature ok\n");
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
- chtype, multirdn, email_dn, startdate, enddate, days, batch,
- verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
- ext_copy, selfsign, dateopt);
+ chtype, multirdn, email_dn, startdate, enddate, days, batch,
+ verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, selfsign, dateopt);
- end:
+end:
ERR_print_errors(bio_err);
X509_REQ_free(req);
return ok;
}
static int certify_cert(X509 **xret, const char *infile, int certformat,
- const char *passin, EVP_PKEY *pkey, X509 *x509,
- const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(OPENSSL_STRING) *vfyopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate, long days, int batch, const char *ext_sect,
- CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt)
+ const char *passin, EVP_PKEY *pkey, X509 *x509,
+ const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(OPENSSL_STRING) *vfyopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
+ CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt)
{
X509 *template_cert = NULL;
X509_REQ *rreq = NULL;
@@ -1450,7 +1489,8 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
int ok = -1, i;
if ((template_cert = load_cert_pass(infile, certformat, 1, passin,
- "template certificate")) == NULL)
+ "template certificate"))
+ == NULL)
goto end;
if (verbose)
X509_print(bio_err, template_cert);
@@ -1479,24 +1519,24 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
goto end;
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
- chtype, multirdn, email_dn, startdate, enddate, days, batch,
- verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
- ext_copy, 0, dateopt);
+ chtype, multirdn, email_dn, startdate, enddate, days, batch,
+ verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, 0, dateopt);
- end:
+end:
X509_REQ_free(rreq);
X509_free(template_cert);
return ok;
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
- const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- const char *subj, unsigned long chtype, int multirdn,
- int email_dn, const char *startdate, const char *enddate, long days,
- int batch, int verbose, X509_REQ *req, const char *ext_sect,
- CONF *lconf, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign, unsigned long dateopt)
+ const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
+ CONF *lconf, unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign, unsigned long dateopt)
{
const X509_NAME *name = NULL;
X509_NAME *CAname = NULL, *subject = NULL;
@@ -1558,16 +1598,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* check some things */
if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) {
BIO_printf(bio_err,
- "\nemailAddress type needs to be of type IA5STRING\n");
+ "\nemailAddress type needs to be of type IA5STRING\n");
goto end;
}
if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) {
j = ASN1_PRINTABLE_type(str->data, str->length);
- if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) ||
- (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING))
- {
+ if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) {
BIO_printf(bio_err,
- "\nThe string contains characters that are illegal for the ASN.1 type\n");
+ "\nThe string contains characters that are illegal for the ASN.1 type\n");
goto end;
}
}
@@ -1595,8 +1633,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
BIO_printf(bio_err,
- "%s:unknown object type in 'policy' configuration\n",
- cv->name);
+ "%s:unknown object type in 'policy' configuration\n",
+ cv->name);
goto end;
}
obj = OBJ_nid2obj(j);
@@ -1623,8 +1661,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
} else if (strcmp(cv->value, "supplied") == 0) {
if (tne == NULL) {
BIO_printf(bio_err,
- "The %s field needed to be supplied and was missing\n",
- cv->name);
+ "The %s field needed to be supplied and was missing\n",
+ cv->name);
goto end;
} else {
push = tne;
@@ -1634,19 +1672,20 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (tne == NULL) {
BIO_printf(bio_err,
- "The mandatory %s field was missing\n",
- cv->name);
+ "The mandatory %s field was missing\n",
+ cv->name);
goto end;
}
last2 = -1;
- again2:
+ again2:
j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
if ((j < 0) && (last2 == -1)) {
BIO_printf(bio_err,
- "The %s field does not exist in the CA certificate,\n"
- "the 'policy' is misconfigured\n", cv->name);
+ "The %s field does not exist in the CA certificate,\n"
+ "the 'policy' is misconfigured\n",
+ cv->name);
goto end;
}
if (j >= 0) {
@@ -1659,17 +1698,17 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
if (j < 0) {
BIO_printf(bio_err,
- "The %s field is different between\n"
- "CA certificate (%s) and the request (%s)\n",
- cv->name,
- ((str2 == NULL) ? "NULL" : (char *)str2->data),
- ((str == NULL) ? "NULL" : (char *)str->data));
+ "The %s field is different between\n"
+ "CA certificate (%s) and the request (%s)\n",
+ cv->name,
+ ((str2 == NULL) ? "NULL" : (char *)str2->data),
+ ((str == NULL) ? "NULL" : (char *)str->data));
goto end;
}
} else {
BIO_printf(bio_err,
- "%s:invalid type in 'policy' configuration\n",
- cv->value);
+ "%s:invalid type in 'policy' configuration\n",
+ cv->value);
goto end;
}
@@ -1695,7 +1734,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
- "Everything appears to be ok, creating and signing the certificate\n");
+ "Everything appears to be ok, creating and signing the certificate\n");
if ((ret = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
@@ -1731,7 +1770,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Initialize the context structure */
X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509,
- ret, req, NULL, X509V3_CTX_REPLACE);
+ ret, req, NULL, X509V3_CTX_REPLACE);
/* Lets add the extensions, if there are any */
if (ext_sect) {
@@ -1745,27 +1784,27 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Adds exts contained in the configuration file */
if (!X509V3_EXT_add_nconf(extfile_conf, &ext_ctx, ext_sect, ret)) {
BIO_printf(bio_err,
- "Error adding certificate extensions from extfile section %s\n",
- ext_sect);
+ "Error adding certificate extensions from extfile section %s\n",
+ ext_sect);
goto end;
}
if (verbose)
BIO_printf(bio_err,
- "Successfully added extensions from file.\n");
+ "Successfully added extensions from file.\n");
} else if (ext_sect) {
/* We found extensions to be set from config file */
X509V3_set_nconf(&ext_ctx, lconf);
if (!X509V3_EXT_add_nconf(lconf, &ext_ctx, ext_sect, ret)) {
BIO_printf(bio_err,
- "Error adding certificate extensions from config section %s\n",
- ext_sect);
+ "Error adding certificate extensions from config section %s\n",
+ ext_sect);
goto end;
}
if (verbose)
BIO_printf(bio_err,
- "Successfully added extensions from config\n");
+ "Successfully added extensions from config\n");
}
}
@@ -1778,7 +1817,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (verbose)
BIO_printf(bio_err,
- "The subject name appears to be ok, checking database for clashes\n");
+ "The subject name appears to be ok, checking database for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject. */
if (!email_dn) {
@@ -1795,8 +1834,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
i = -1;
while ((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress,
- i)) >= 0) {
+ NID_pkcs9_emailAddress,
+ i))
+ >= 0) {
tmpne = X509_NAME_delete_entry(dn_subject, i--);
X509_NAME_ENTRY_free(tmpne);
}
@@ -1843,18 +1883,18 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
- "ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
+ "ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
BIO_printf(bio_err,
- " check the database/serial_file for corruption\n");
+ " check the database/serial_file for corruption\n");
}
}
@@ -1868,7 +1908,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
p = "Valid";
else
p = "\ninvalid type, Database error\n";
- BIO_printf(bio_err, "Type :%s\n", p);;
+ BIO_printf(bio_err, "Type :%s\n", p);
+ ;
if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];
if (p == NULL)
@@ -1891,7 +1932,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
- ok = -1; /* This is now a 'bad' error. */
+ ok = -1; /* This is now a 'bad' error. */
goto end;
}
@@ -1917,7 +1958,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
buf[0] = '\0';
if (fgets(buf, sizeof(buf), stdin) == NULL) {
BIO_printf(bio_err,
- "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+ "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
ok = 0;
goto end;
}
@@ -1929,8 +1970,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
pktmp = X509_get0_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
+ if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp, pkey);
if (!do_X509_sign(ret, pkey, dgst, sigopts, &ext_ctx))
@@ -1962,7 +2002,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
irow = NULL;
ok = 1;
- end:
+end:
if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
@@ -1991,14 +2031,14 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
}
static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
- X509 *x509, const char *dgst,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, const char *subj, unsigned long chtype,
- int multirdn, int email_dn, const char *startdate,
- const char *enddate, long days, const char *ext_sect,
- CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt)
+ X509 *x509, const char *dgst,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect,
+ CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt)
{
STACK_OF(CONF_VALUE) *sk = NULL;
LHASH_OF(CONF_VALUE) *parms = NULL;
@@ -2069,7 +2109,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
if (spki == NULL) {
BIO_printf(bio_err,
- "unable to load Netscape SPKAC structure\n");
+ "unable to load Netscape SPKAC structure\n");
goto end;
}
}
@@ -2077,12 +2117,12 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
- (unsigned char *)buf, -1, -1, 0))
+ (unsigned char *)buf, -1, -1, 0))
goto end;
}
if (spki == NULL) {
BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
- infile);
+ infile);
goto end;
}
@@ -2101,7 +2141,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
if (j <= 0) {
EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
- "signature verification failed on SPKAC public key\n");
+ "signature verification failed on SPKAC public key\n");
goto end;
}
BIO_printf(bio_err, "Signature ok\n");
@@ -2109,10 +2149,10 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509_REQ_set_pubkey(req, pktmp);
EVP_PKEY_free(pktmp);
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
- chtype, multirdn, email_dn, startdate, enddate, days, 1,
- verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
- ext_copy, 0, dateopt);
- end:
+ chtype, multirdn, email_dn, startdate, enddate, days, 1,
+ verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, 0, dateopt);
+end:
X509_REQ_free(req);
CONF_free(parms);
NETSCAPE_SPKI_free(spki);
@@ -2127,7 +2167,7 @@ static int check_time_format(const char *str)
}
static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
- const char *value)
+ const char *value)
{
const ASN1_TIME *tm = NULL;
char *row[DB_NUMBER], **rrow, **irow;
@@ -2162,8 +2202,8 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow == NULL) {
BIO_printf(bio_err,
- "Adding Entry with serial number %s to DB for %s\n",
- row[DB_serial], row[DB_name]);
+ "Adding Entry with serial number %s to DB for %s\n",
+ row[DB_serial], row[DB_name]);
/* We now just add it to the database as DB_TYPE_REV('V') */
row[DB_type] = OPENSSL_strdup("V");
@@ -2208,11 +2248,11 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
goto end;
} else if (rev_type == REV_VALID) {
BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
- row[DB_serial]);
+ row[DB_serial]);
goto end;
} else if (rrow[DB_type][0] == DB_TYPE_REV) {
BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
- row[DB_serial]);
+ row[DB_serial]);
goto end;
} else {
BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
@@ -2226,7 +2266,7 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
rrow[DB_rev_date] = rev_str;
}
ok = 1;
- end:
+end:
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
return ok;
@@ -2273,26 +2313,26 @@ static int get_certificate_status(const char *serial, CA_DB *db)
goto end;
} else if (rrow[DB_type][0] == DB_TYPE_VAL) {
BIO_printf(bio_err, "%s=Valid (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
+ row[DB_serial], rrow[DB_type][0]);
goto end;
} else if (rrow[DB_type][0] == DB_TYPE_REV) {
BIO_printf(bio_err, "%s=Revoked (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
+ row[DB_serial], rrow[DB_type][0]);
goto end;
} else if (rrow[DB_type][0] == DB_TYPE_EXP) {
BIO_printf(bio_err, "%s=Expired (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
+ row[DB_serial], rrow[DB_type][0]);
goto end;
} else if (rrow[DB_type][0] == DB_TYPE_SUSP) {
BIO_printf(bio_err, "%s=Suspended (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
+ row[DB_serial], rrow[DB_type][0]);
goto end;
} else {
BIO_printf(bio_err, "%s=Unknown (%c).\n",
- row[DB_serial], rrow[DB_type][0]);
+ row[DB_serial], rrow[DB_type][0]);
ok = -1;
}
- end:
+end:
for (i = 0; i < DB_NUMBER; i++) {
OPENSSL_free(row[i]);
}
@@ -2419,8 +2459,8 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
/* Argument is the key compromise time */
if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
BIO_printf(bio_err,
- "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
- rev_arg);
+ "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
+ rev_arg);
return NULL;
}
other = rev_arg;
@@ -2494,13 +2534,11 @@ static int make_revoked(X509_REVOKED *rev, const char *str)
}
if (rev && comp_time) {
- if (X509_REVOKED_add1_ext_i2d
- (rev, NID_invalidity_date, comp_time, 0, 0) <= 0)
+ if (X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0) <= 0)
goto end;
}
if (rev && hold) {
- if (X509_REVOKED_add1_ext_i2d
- (rev, NID_hold_instruction_code, hold, 0, 0) <= 0)
+ if (X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0) <= 0)
goto end;
}
@@ -2509,7 +2547,7 @@ static int make_revoked(X509_REVOKED *rev, const char *str)
else
ret = 1;
- end:
+end:
OPENSSL_free(tmp);
ASN1_OBJECT_free(hold);
@@ -2562,7 +2600,7 @@ static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
}
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str)
{
char *tmp;
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
@@ -2664,7 +2702,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ret = 1;
- end:
+end:
OPENSSL_free(tmp);
ASN1_GENERALIZEDTIME_free(comp_time);
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 42a0bb79f651..271a016985cc 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -28,58 +28,61 @@ typedef enum OPTION_choice {
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
- OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM
+ OPT_V,
+ OPT_UPPER_V,
+ OPT_S,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Output"),
- {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
- {"V", OPT_UPPER_V, '-', "Even more verbose"},
- {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
- {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
+ { "v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers" },
+ { "V", OPT_UPPER_V, '-', "Even more verbose" },
+ { "stdname", OPT_STDNAME, '-', "Show standard cipher names" },
+ { "convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name" },
OPT_SECTION("Cipher specification"),
- {"s", OPT_S, '-', "Only supported ciphers"},
+ { "s", OPT_S, '-', "Only supported ciphers" },
#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"},
+ { "ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3" },
#endif
#ifndef OPENSSL_NO_TLS1
- {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"},
+ { "tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1" },
#endif
#ifndef OPENSSL_NO_TLS1_1
- {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"},
+ { "tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1" },
#endif
#ifndef OPENSSL_NO_TLS1_2
- {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"},
+ { "tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2" },
#endif
#ifndef OPENSSL_NO_TLS1_3
- {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"},
+ { "tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3" },
#endif
#ifndef OPENSSL_NO_PSK
- {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"},
+ { "psk", OPT_PSK, '-', "Include ciphersuites requiring PSK" },
#endif
#ifndef OPENSSL_NO_SRP
- {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"},
+ { "srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP" },
#endif
- {"ciphersuites", OPT_CIPHERSUITES, 's',
- "Configure the TLSv1.3 ciphersuites to use"},
+ { "ciphersuites", OPT_CIPHERSUITES, 's',
+ "Configure the TLSv1.3 ciphersuites to use" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"cipher", 0, 0, "Cipher string to decode (optional)"},
- {NULL}
+ { "cipher", 0, 0, "Cipher string to decode (optional)" },
+ { NULL }
};
#ifndef OPENSSL_NO_PSK
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
- unsigned int max_identity_len,
- unsigned char *psk,
- unsigned int max_psk_len)
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len)
{
return 0;
}
@@ -110,7 +113,7 @@ int ciphers_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -182,7 +185,7 @@ int ciphers_main(int argc, char **argv)
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
- OPENSSL_cipher_name(convert));
+ OPENSSL_cipher_name(convert));
ret = 0;
goto end;
}
@@ -274,9 +277,9 @@ int ciphers_main(int argc, char **argv)
ret = 0;
goto end;
- err:
+err:
ERR_print_errors(bio_err);
- end:
+end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
diff --git a/apps/cmp.c b/apps/cmp.c
index cb65277e6ad9..3e4d4a044877 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -23,10 +23,10 @@
/* tweaks needed due to missing unistd.h on Windows */
#if defined(_WIN32) && !defined(__BORLANDC__)
-# define access _access
+#define access _access
#endif
#ifndef F_OK
-# define F_OK 0
+#define F_OK 0
#endif
#include <openssl/ui.h>
@@ -197,36 +197,69 @@ static X509_VERIFY_PARAM *vpm = NULL;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY,
+ OPT_CONFIG,
+ OPT_SECTION,
+ OPT_VERBOSITY,
- OPT_CMD, OPT_INFOTYPE, OPT_GENINFO,
+ OPT_CMD,
+ OPT_INFOTYPE,
+ OPT_GENINFO,
- OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT, OPT_ISSUER,
- OPT_DAYS, OPT_REQEXTS,
- OPT_SANS, OPT_SAN_NODEFAULT,
- OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL,
- OPT_POPO, OPT_CSR,
- OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM,
- OPT_CERTOUT, OPT_CHAINOUT,
+ OPT_NEWKEY,
+ OPT_NEWKEYPASS,
+ OPT_SUBJECT,
+ OPT_ISSUER,
+ OPT_DAYS,
+ OPT_REQEXTS,
+ OPT_SANS,
+ OPT_SAN_NODEFAULT,
+ OPT_POLICIES,
+ OPT_POLICY_OIDS,
+ OPT_POLICY_OIDS_CRITICAL,
+ OPT_POPO,
+ OPT_CSR,
+ OPT_OUT_TRUSTED,
+ OPT_IMPLICIT_CONFIRM,
+ OPT_DISABLE_CONFIRM,
+ OPT_CERTOUT,
+ OPT_CHAINOUT,
- OPT_OLDCERT, OPT_REVREASON,
+ OPT_OLDCERT,
+ OPT_REVREASON,
#ifndef OPENSSL_NO_SOCK
- OPT_SERVER, OPT_PROXY, OPT_NO_PROXY,
+ OPT_SERVER,
+ OPT_PROXY,
+ OPT_NO_PROXY,
#endif
- OPT_RECIPIENT, OPT_PATH,
- OPT_KEEP_ALIVE, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT,
+ OPT_RECIPIENT,
+ OPT_PATH,
+ OPT_KEEP_ALIVE,
+ OPT_MSG_TIMEOUT,
+ OPT_TOTAL_TIMEOUT,
- OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT,
+ OPT_TRUSTED,
+ OPT_UNTRUSTED,
+ OPT_SRVCERT,
OPT_EXPECT_SENDER,
- OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS,
- OPT_EXTRACERTSOUT, OPT_CACERTSOUT,
+ OPT_IGNORE_KEYUSAGE,
+ OPT_UNPROTECTED_ERRORS,
+ OPT_EXTRACERTSOUT,
+ OPT_CACERTSOUT,
- OPT_REF, OPT_SECRET, OPT_CERT, OPT_OWN_TRUSTED, OPT_KEY, OPT_KEYPASS,
- OPT_DIGEST, OPT_MAC, OPT_EXTRACERTS,
+ OPT_REF,
+ OPT_SECRET,
+ OPT_CERT,
+ OPT_OWN_TRUSTED,
+ OPT_KEY,
+ OPT_KEYPASS,
+ OPT_DIGEST,
+ OPT_MAC,
+ OPT_EXTRACERTS,
OPT_UNPROTECTED_REQUESTS,
- OPT_CERTFORM, OPT_KEYFORM,
+ OPT_CERTFORM,
+ OPT_KEYFORM,
OPT_OTHERPASS,
#ifndef OPENSSL_NO_ENGINE
OPT_ENGINE,
@@ -235,313 +268,335 @@ typedef enum OPTION_choice {
OPT_R_ENUM,
#ifndef OPENSSL_NO_SOCK
- OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY,
+ OPT_TLS_USED,
+ OPT_TLS_CERT,
+ OPT_TLS_KEY,
OPT_TLS_KEYPASS,
- OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST,
+ OPT_TLS_EXTRA,
+ OPT_TLS_TRUSTED,
+ OPT_TLS_HOST,
#endif
- OPT_BATCH, OPT_REPEAT,
- OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT,
+ OPT_BATCH,
+ OPT_REPEAT,
+ OPT_REQIN,
+ OPT_REQIN_NEW_TID,
+ OPT_REQOUT,
+ OPT_RSPIN,
+ OPT_RSPOUT,
OPT_USE_MOCK_SRV,
#ifndef OPENSSL_NO_SOCK
- OPT_PORT, OPT_MAX_MSGS,
+ OPT_PORT,
+ OPT_MAX_MSGS,
#endif
- OPT_SRV_REF, OPT_SRV_SECRET,
- OPT_SRV_CERT, OPT_SRV_KEY, OPT_SRV_KEYPASS,
- OPT_SRV_TRUSTED, OPT_SRV_UNTRUSTED,
- OPT_RSP_CERT, OPT_RSP_EXTRACERTS, OPT_RSP_CAPUBS,
- OPT_POLL_COUNT, OPT_CHECK_AFTER,
+ OPT_SRV_REF,
+ OPT_SRV_SECRET,
+ OPT_SRV_CERT,
+ OPT_SRV_KEY,
+ OPT_SRV_KEYPASS,
+ OPT_SRV_TRUSTED,
+ OPT_SRV_UNTRUSTED,
+ OPT_RSP_CERT,
+ OPT_RSP_EXTRACERTS,
+ OPT_RSP_CAPUBS,
+ OPT_POLL_COUNT,
+ OPT_CHECK_AFTER,
OPT_GRANT_IMPLICITCONF,
- OPT_PKISTATUS, OPT_FAILURE,
- OPT_FAILUREBITS, OPT_STATUSSTRING,
- OPT_SEND_ERROR, OPT_SEND_UNPROTECTED,
- OPT_SEND_UNPROT_ERR, OPT_ACCEPT_UNPROTECTED,
- OPT_ACCEPT_UNPROT_ERR, OPT_ACCEPT_RAVERIFIED,
+ OPT_PKISTATUS,
+ OPT_FAILURE,
+ OPT_FAILUREBITS,
+ OPT_STATUSSTRING,
+ OPT_SEND_ERROR,
+ OPT_SEND_UNPROTECTED,
+ OPT_SEND_UNPROT_ERR,
+ OPT_ACCEPT_UNPROTECTED,
+ OPT_ACCEPT_UNPROT_ERR,
+ OPT_ACCEPT_RAVERIFIED,
OPT_V_ENUM
} OPTION_CHOICE;
const OPTIONS cmp_options[] = {
/* entries must be in the same order as enumerated above!! */
- {"help", OPT_HELP, '-', "Display this summary"},
- {"config", OPT_CONFIG, 's',
- "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF"},
- {"section", OPT_SECTION, 's',
- "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'"},
- {"verbosity", OPT_VERBOSITY, 'N',
- "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "config", OPT_CONFIG, 's',
+ "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF" },
+ { "section", OPT_SECTION, 's',
+ "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'" },
+ { "verbosity", OPT_VERBOSITY, 'N',
+ "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO" },
OPT_SECTION("Generic message"),
- {"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"},
- {"infotype", OPT_INFOTYPE, 's',
- "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'"},
- {"geninfo", OPT_GENINFO, 's',
- "generalInfo integer values to place in request PKIHeader with given OID"},
- {OPT_MORE_STR, 0, 0,
- "specified in the form <OID>:int:<n>, e.g. \"1.2.3.4:int:56789\""},
+ { "cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm" },
+ { "infotype", OPT_INFOTYPE, 's',
+ "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'" },
+ { "geninfo", OPT_GENINFO, 's',
+ "generalInfo integer values to place in request PKIHeader with given OID" },
+ { OPT_MORE_STR, 0, 0,
+ "specified in the form <OID>:int:<n>, e.g. \"1.2.3.4:int:56789\"" },
OPT_SECTION("Certificate enrollment"),
- {"newkey", OPT_NEWKEY, 's',
- "Private or public key for the requested cert. Default: CSR key or client key"},
- {"newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source"},
- {"subject", OPT_SUBJECT, 's',
- "Distinguished Name (DN) of subject to use in the requested cert template"},
- {OPT_MORE_STR, 0, 0,
- "For kur, default is subject of -csr arg or reference cert (see -oldcert)"},
- {OPT_MORE_STR, 0, 0,
- "this default is used for ir and cr only if no Subject Alt Names are set"},
- {"issuer", OPT_ISSUER, 's',
- "DN of the issuer to place in the requested certificate template"},
- {OPT_MORE_STR, 0, 0,
- "also used as recipient if neither -recipient nor -srvcert are given"},
- {"days", OPT_DAYS, 'N',
- "Requested validity time of the new certificate in number of days"},
- {"reqexts", OPT_REQEXTS, 's',
- "Name of config file section defining certificate request extensions."},
- {OPT_MORE_STR, 0, 0,
- "Augments or replaces any extensions contained CSR given with -csr"},
- {"sans", OPT_SANS, 's',
- "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension"},
- {"san_nodefault", OPT_SAN_NODEFAULT, '-',
- "Do not take default SANs from reference certificate (see -oldcert)"},
- {"policies", OPT_POLICIES, 's',
- "Name of config file section defining policies certificate request extension"},
- {"policy_oids", OPT_POLICY_OIDS, 's',
- "Policy OID(s) to add as policies certificate request extension"},
- {"policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-',
- "Flag the policy OID(s) given with -policy_oids as critical"},
- {"popo", OPT_POPO, 'n',
- "Proof-of-Possession (POPO) method to use for ir/cr/kur where"},
- {OPT_MORE_STR, 0, 0,
- "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"},
- {"csr", OPT_CSR, 's',
- "PKCS#10 CSR file in PEM or DER format to convert or to use in p10cr"},
- {"out_trusted", OPT_OUT_TRUSTED, 's',
- "Certificates to trust when verifying newly enrolled certificates"},
- {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-',
- "Request implicit confirmation of newly enrolled certificates"},
- {"disable_confirm", OPT_DISABLE_CONFIRM, '-',
- "Do not confirm newly enrolled certificate w/o requesting implicit"},
- {OPT_MORE_STR, 0, 0,
- "confirmation. WARNING: This leads to behavior violating RFC 4210"},
- {"certout", OPT_CERTOUT, 's',
- "File to save newly enrolled certificate"},
- {"chainout", OPT_CHAINOUT, 's',
- "File to save the chain of newly enrolled certificate"},
+ { "newkey", OPT_NEWKEY, 's',
+ "Private or public key for the requested cert. Default: CSR key or client key" },
+ { "newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source" },
+ { "subject", OPT_SUBJECT, 's',
+ "Distinguished Name (DN) of subject to use in the requested cert template" },
+ { OPT_MORE_STR, 0, 0,
+ "For kur, default is subject of -csr arg or reference cert (see -oldcert)" },
+ { OPT_MORE_STR, 0, 0,
+ "this default is used for ir and cr only if no Subject Alt Names are set" },
+ { "issuer", OPT_ISSUER, 's',
+ "DN of the issuer to place in the requested certificate template" },
+ { OPT_MORE_STR, 0, 0,
+ "also used as recipient if neither -recipient nor -srvcert are given" },
+ { "days", OPT_DAYS, 'N',
+ "Requested validity time of the new certificate in number of days" },
+ { "reqexts", OPT_REQEXTS, 's',
+ "Name of config file section defining certificate request extensions." },
+ { OPT_MORE_STR, 0, 0,
+ "Augments or replaces any extensions contained CSR given with -csr" },
+ { "sans", OPT_SANS, 's',
+ "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension" },
+ { "san_nodefault", OPT_SAN_NODEFAULT, '-',
+ "Do not take default SANs from reference certificate (see -oldcert)" },
+ { "policies", OPT_POLICIES, 's',
+ "Name of config file section defining policies certificate request extension" },
+ { "policy_oids", OPT_POLICY_OIDS, 's',
+ "Policy OID(s) to add as policies certificate request extension" },
+ { "policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-',
+ "Flag the policy OID(s) given with -policy_oids as critical" },
+ { "popo", OPT_POPO, 'n',
+ "Proof-of-Possession (POPO) method to use for ir/cr/kur where" },
+ { OPT_MORE_STR, 0, 0,
+ "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC" },
+ { "csr", OPT_CSR, 's',
+ "PKCS#10 CSR file in PEM or DER format to convert or to use in p10cr" },
+ { "out_trusted", OPT_OUT_TRUSTED, 's',
+ "Certificates to trust when verifying newly enrolled certificates" },
+ { "implicit_confirm", OPT_IMPLICIT_CONFIRM, '-',
+ "Request implicit confirmation of newly enrolled certificates" },
+ { "disable_confirm", OPT_DISABLE_CONFIRM, '-',
+ "Do not confirm newly enrolled certificate w/o requesting implicit" },
+ { OPT_MORE_STR, 0, 0,
+ "confirmation. WARNING: This leads to behavior violating RFC 4210" },
+ { "certout", OPT_CERTOUT, 's',
+ "File to save newly enrolled certificate" },
+ { "chainout", OPT_CHAINOUT, 's',
+ "File to save the chain of newly enrolled certificate" },
OPT_SECTION("Certificate enrollment and revocation"),
- {"oldcert", OPT_OLDCERT, 's',
- "Certificate to be updated (defaulting to -cert) or to be revoked in rr;"},
- {OPT_MORE_STR, 0, 0,
- "also used as reference (defaulting to -cert) for subject DN and SANs."},
- {OPT_MORE_STR, 0, 0,
- "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given"},
- {"revreason", OPT_REVREASON, 'n',
- "Reason code to include in revocation request (rr); possible values:"},
- {OPT_MORE_STR, 0, 0,
- "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"},
+ { "oldcert", OPT_OLDCERT, 's',
+ "Certificate to be updated (defaulting to -cert) or to be revoked in rr;" },
+ { OPT_MORE_STR, 0, 0,
+ "also used as reference (defaulting to -cert) for subject DN and SANs." },
+ { OPT_MORE_STR, 0, 0,
+ "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given" },
+ { "revreason", OPT_REVREASON, 'n',
+ "Reason code to include in revocation request (rr); possible values:" },
+ { OPT_MORE_STR, 0, 0,
+ "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included" },
OPT_SECTION("Message transfer"),
#ifdef OPENSSL_NO_SOCK
- {OPT_MORE_STR, 0, 0,
- "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"},
+ { OPT_MORE_STR, 0, 0,
+ "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build" },
#else
- {"server", OPT_SERVER, 's',
- "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."},
- {OPT_MORE_STR, 0, 0,
- "address may be a DNS name or an IP address; path can be overridden by -path"},
- {"proxy", OPT_PROXY, 's',
- "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored"},
- {"no_proxy", OPT_NO_PROXY, 's',
- "List of addresses of servers not to use HTTP(S) proxy for"},
- {OPT_MORE_STR, 0, 0,
- "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
+ { "server", OPT_SERVER, 's',
+ "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443." },
+ { OPT_MORE_STR, 0, 0,
+ "address may be a DNS name or an IP address; path can be overridden by -path" },
+ { "proxy", OPT_PROXY, 's',
+ "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored" },
+ { "no_proxy", OPT_NO_PROXY, 's',
+ "List of addresses of servers not to use HTTP(S) proxy for" },
+ { OPT_MORE_STR, 0, 0,
+ "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" },
#endif
- {"recipient", OPT_RECIPIENT, 's',
- "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
- {"path", OPT_PATH, 's',
- "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\""},
- {"keep_alive", OPT_KEEP_ALIVE, 'N',
- "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require"},
- {"msg_timeout", OPT_MSG_TIMEOUT, 'N',
- "Number of seconds allowed per CMP message round trip, or 0 for infinite"},
- {"total_timeout", OPT_TOTAL_TIMEOUT, 'N',
- "Overall time an enrollment incl. polling may take. Default 0 = infinite"},
+ { "recipient", OPT_RECIPIENT, 's',
+ "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert" },
+ { "path", OPT_PATH, 's',
+ "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\"" },
+ { "keep_alive", OPT_KEEP_ALIVE, 'N',
+ "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require" },
+ { "msg_timeout", OPT_MSG_TIMEOUT, 'N',
+ "Number of seconds allowed per CMP message round trip, or 0 for infinite" },
+ { "total_timeout", OPT_TOTAL_TIMEOUT, 'N',
+ "Overall time an enrollment incl. polling may take. Default 0 = infinite" },
OPT_SECTION("Server authentication"),
- {"trusted", OPT_TRUSTED, 's',
- "Certificates to use as trust anchors when verifying signed CMP responses"},
- {OPT_MORE_STR, 0, 0, "unless -srvcert is given"},
- {"untrusted", OPT_UNTRUSTED, 's',
- "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"},
- {"srvcert", OPT_SRVCERT, 's',
- "Server cert to pin and trust directly when verifying signed CMP responses"},
- {"expect_sender", OPT_EXPECT_SENDER, 's',
- "DN of expected sender of responses. Defaults to subject of -srvcert, if any"},
- {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-',
- "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"},
- {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-',
- "Accept missing or invalid protection of regular error messages and negative"},
- {OPT_MORE_STR, 0, 0,
- "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf"},
- {OPT_MORE_STR, 0, 0,
- "WARNING: This setting leads to behavior allowing violation of RFC 4210"},
- {"extracertsout", OPT_EXTRACERTSOUT, 's',
- "File to save extra certificates received in the extraCerts field"},
- {"cacertsout", OPT_CACERTSOUT, 's',
- "File to save CA certificates received in the caPubs field of 'ip' messages"},
+ { "trusted", OPT_TRUSTED, 's',
+ "Certificates to use as trust anchors when verifying signed CMP responses" },
+ { OPT_MORE_STR, 0, 0, "unless -srvcert is given" },
+ { "untrusted", OPT_UNTRUSTED, 's',
+ "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs" },
+ { "srvcert", OPT_SRVCERT, 's',
+ "Server cert to pin and trust directly when verifying signed CMP responses" },
+ { "expect_sender", OPT_EXPECT_SENDER, 's',
+ "DN of expected sender of responses. Defaults to subject of -srvcert, if any" },
+ { "ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-',
+ "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed" },
+ { "unprotected_errors", OPT_UNPROTECTED_ERRORS, '-',
+ "Accept missing or invalid protection of regular error messages and negative" },
+ { OPT_MORE_STR, 0, 0,
+ "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf" },
+ { OPT_MORE_STR, 0, 0,
+ "WARNING: This setting leads to behavior allowing violation of RFC 4210" },
+ { "extracertsout", OPT_EXTRACERTSOUT, 's',
+ "File to save extra certificates received in the extraCerts field" },
+ { "cacertsout", OPT_CACERTSOUT, 's',
+ "File to save CA certificates received in the caPubs field of 'ip' messages" },
OPT_SECTION("Client authentication"),
- {"ref", OPT_REF, 's',
- "Reference value to use as senderKID in case no -cert is given"},
- {"secret", OPT_SECRET, 's',
- "Prefer PBM (over signatures) for protecting msgs with given password source"},
- {"cert", OPT_CERT, 's',
- "Client's CMP signer certificate; its public key must match the -key argument"},
- {OPT_MORE_STR, 0, 0,
- "This also used as default reference for subject DN and SANs."},
- {OPT_MORE_STR, 0, 0,
- "Any further certs included are appended to the untrusted certs"},
- {"own_trusted", OPT_OWN_TRUSTED, 's',
- "Optional certs to verify chain building for own CMP signer cert"},
- {"key", OPT_KEY, 's', "CMP signer private key, not used when -secret given"},
- {"keypass", OPT_KEYPASS, 's',
- "Client private key (and cert and old cert) pass phrase source"},
- {"digest", OPT_DIGEST, 's',
- "Digest to use in message protection and POPO signatures. Default \"sha256\""},
- {"mac", OPT_MAC, 's',
- "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""},
- {"extracerts", OPT_EXTRACERTS, 's',
- "Certificates to append in extraCerts field of outgoing messages."},
- {OPT_MORE_STR, 0, 0,
- "This can be used as the default CMP signer cert chain to include"},
- {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
- "Send request messages without CMP-level protection"},
+ { "ref", OPT_REF, 's',
+ "Reference value to use as senderKID in case no -cert is given" },
+ { "secret", OPT_SECRET, 's',
+ "Prefer PBM (over signatures) for protecting msgs with given password source" },
+ { "cert", OPT_CERT, 's',
+ "Client's CMP signer certificate; its public key must match the -key argument" },
+ { OPT_MORE_STR, 0, 0,
+ "This also used as default reference for subject DN and SANs." },
+ { OPT_MORE_STR, 0, 0,
+ "Any further certs included are appended to the untrusted certs" },
+ { "own_trusted", OPT_OWN_TRUSTED, 's',
+ "Optional certs to verify chain building for own CMP signer cert" },
+ { "key", OPT_KEY, 's', "CMP signer private key, not used when -secret given" },
+ { "keypass", OPT_KEYPASS, 's',
+ "Client private key (and cert and old cert) pass phrase source" },
+ { "digest", OPT_DIGEST, 's',
+ "Digest to use in message protection and POPO signatures. Default \"sha256\"" },
+ { "mac", OPT_MAC, 's',
+ "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\"" },
+ { "extracerts", OPT_EXTRACERTS, 's',
+ "Certificates to append in extraCerts field of outgoing messages." },
+ { OPT_MORE_STR, 0, 0,
+ "This can be used as the default CMP signer cert chain to include" },
+ { "unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
+ "Send request messages without CMP-level protection" },
OPT_SECTION("Credentials format"),
- {"certform", OPT_CERTFORM, 's',
- "Format (PEM or DER) to use when saving a certificate to a file. Default PEM"},
- {"keyform", OPT_KEYFORM, 's',
- "Format of the key input (ENGINE, other values ignored)"},
- {"otherpass", OPT_OTHERPASS, 's',
- "Pass phrase source potentially needed for loading certificates of others"},
+ { "certform", OPT_CERTFORM, 's',
+ "Format (PEM or DER) to use when saving a certificate to a file. Default PEM" },
+ { "keyform", OPT_KEYFORM, 's',
+ "Format of the key input (ENGINE, other values ignored)" },
+ { "otherpass", OPT_OTHERPASS, 's',
+ "Pass phrase source potentially needed for loading certificates of others" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's',
- "Use crypto engine with given identifier, possibly a hardware device."},
- {OPT_MORE_STR, 0, 0,
- "Engines may also be defined in OpenSSL config file engine section."},
+ { "engine", OPT_ENGINE, 's',
+ "Use crypto engine with given identifier, possibly a hardware device." },
+ { OPT_MORE_STR, 0, 0,
+ "Engines may also be defined in OpenSSL config file engine section." },
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
OPT_SECTION("TLS connection"),
#ifdef OPENSSL_NO_SOCK
- {OPT_MORE_STR, 0, 0,
- "NOTE: -tls_used and all other TLS options not supported due to no-sock build"},
+ { OPT_MORE_STR, 0, 0,
+ "NOTE: -tls_used and all other TLS options not supported due to no-sock build" },
#else
- {"tls_used", OPT_TLS_USED, '-',
- "Enable using TLS (also when other TLS options are not set)"},
- {"tls_cert", OPT_TLS_CERT, 's',
- "Client's TLS certificate. May include chain to be provided to TLS server"},
- {"tls_key", OPT_TLS_KEY, 's',
- "Private key for the client's TLS certificate"},
- {"tls_keypass", OPT_TLS_KEYPASS, 's',
- "Pass phrase source for the client's private TLS key (and TLS cert)"},
- {"tls_extra", OPT_TLS_EXTRA, 's',
- "Extra certificates to provide to TLS server during TLS handshake"},
- {"tls_trusted", OPT_TLS_TRUSTED, 's',
- "Trusted certificates to use for verifying the TLS server certificate;"},
- {OPT_MORE_STR, 0, 0, "this implies host name validation"},
- {"tls_host", OPT_TLS_HOST, 's',
- "Address to be checked (rather than -server) during TLS host name validation"},
+ { "tls_used", OPT_TLS_USED, '-',
+ "Enable using TLS (also when other TLS options are not set)" },
+ { "tls_cert", OPT_TLS_CERT, 's',
+ "Client's TLS certificate. May include chain to be provided to TLS server" },
+ { "tls_key", OPT_TLS_KEY, 's',
+ "Private key for the client's TLS certificate" },
+ { "tls_keypass", OPT_TLS_KEYPASS, 's',
+ "Pass phrase source for the client's private TLS key (and TLS cert)" },
+ { "tls_extra", OPT_TLS_EXTRA, 's',
+ "Extra certificates to provide to TLS server during TLS handshake" },
+ { "tls_trusted", OPT_TLS_TRUSTED, 's',
+ "Trusted certificates to use for verifying the TLS server certificate;" },
+ { OPT_MORE_STR, 0, 0, "this implies host name validation" },
+ { "tls_host", OPT_TLS_HOST, 's',
+ "Address to be checked (rather than -server) during TLS host name validation" },
#endif
OPT_SECTION("Client-side debugging"),
- {"batch", OPT_BATCH, '-',
- "Do not interactively prompt for input when a password is required etc."},
- {"repeat", OPT_REPEAT, 'p',
- "Invoke the transaction the given positive number of times. Default 1"},
- {"reqin", OPT_REQIN, 's',
- "Take sequence of CMP requests to send to server from file(s)"},
- {"reqin_new_tid", OPT_REQIN_NEW_TID, '-',
- "Use fresh transactionID for CMP requests read from -reqin"},
- {"reqout", OPT_REQOUT, 's',
- "Save sequence of CMP requests created by the client to file(s)"},
- {"rspin", OPT_RSPIN, 's',
- "Process sequence of CMP responses provided in file(s), skipping server"},
- {"rspout", OPT_RSPOUT, 's',
- "Save sequence of actually used CMP responses to file(s)"},
+ { "batch", OPT_BATCH, '-',
+ "Do not interactively prompt for input when a password is required etc." },
+ { "repeat", OPT_REPEAT, 'p',
+ "Invoke the transaction the given positive number of times. Default 1" },
+ { "reqin", OPT_REQIN, 's',
+ "Take sequence of CMP requests to send to server from file(s)" },
+ { "reqin_new_tid", OPT_REQIN_NEW_TID, '-',
+ "Use fresh transactionID for CMP requests read from -reqin" },
+ { "reqout", OPT_REQOUT, 's',
+ "Save sequence of CMP requests created by the client to file(s)" },
+ { "rspin", OPT_RSPIN, 's',
+ "Process sequence of CMP responses provided in file(s), skipping server" },
+ { "rspout", OPT_RSPOUT, 's',
+ "Save sequence of actually used CMP responses to file(s)" },
- {"use_mock_srv", OPT_USE_MOCK_SRV, '-',
- "Use internal mock server at API level, bypassing socket-based HTTP"},
+ { "use_mock_srv", OPT_USE_MOCK_SRV, '-',
+ "Use internal mock server at API level, bypassing socket-based HTTP" },
OPT_SECTION("Mock server"),
#ifdef OPENSSL_NO_SOCK
- {OPT_MORE_STR, 0, 0,
- "NOTE: -port and -max_msgs not supported due to no-sock build"},
+ { OPT_MORE_STR, 0, 0,
+ "NOTE: -port and -max_msgs not supported due to no-sock build" },
#else
- {"port", OPT_PORT, 's',
- "Act as HTTP-based mock server listening on given port"},
- {"max_msgs", OPT_MAX_MSGS, 'N',
- "max number of messages handled by HTTP mock server. Default: 0 = unlimited"},
+ { "port", OPT_PORT, 's',
+ "Act as HTTP-based mock server listening on given port" },
+ { "max_msgs", OPT_MAX_MSGS, 'N',
+ "max number of messages handled by HTTP mock server. Default: 0 = unlimited" },
#endif
- {"srv_ref", OPT_SRV_REF, 's',
- "Reference value to use as senderKID of server in case no -srv_cert is given"},
- {"srv_secret", OPT_SRV_SECRET, 's',
- "Password source for server authentication with a pre-shared key (secret)"},
- {"srv_cert", OPT_SRV_CERT, 's', "Certificate of the server"},
- {"srv_key", OPT_SRV_KEY, 's',
- "Private key used by the server for signing messages"},
- {"srv_keypass", OPT_SRV_KEYPASS, 's',
- "Server private key (and cert) pass phrase source"},
+ { "srv_ref", OPT_SRV_REF, 's',
+ "Reference value to use as senderKID of server in case no -srv_cert is given" },
+ { "srv_secret", OPT_SRV_SECRET, 's',
+ "Password source for server authentication with a pre-shared key (secret)" },
+ { "srv_cert", OPT_SRV_CERT, 's', "Certificate of the server" },
+ { "srv_key", OPT_SRV_KEY, 's',
+ "Private key used by the server for signing messages" },
+ { "srv_keypass", OPT_SRV_KEYPASS, 's',
+ "Server private key (and cert) pass phrase source" },
- {"srv_trusted", OPT_SRV_TRUSTED, 's',
- "Trusted certificates for client authentication"},
- {"srv_untrusted", OPT_SRV_UNTRUSTED, 's',
- "Intermediate certs that may be useful for verifying CMP protection"},
- {"rsp_cert", OPT_RSP_CERT, 's',
- "Certificate to be returned as mock enrollment result"},
- {"rsp_extracerts", OPT_RSP_EXTRACERTS, 's',
- "Extra certificates to be included in mock certification responses"},
- {"rsp_capubs", OPT_RSP_CAPUBS, 's',
- "CA certificates to be included in mock ip response"},
- {"poll_count", OPT_POLL_COUNT, 'N',
- "Number of times the client must poll before receiving a certificate"},
- {"check_after", OPT_CHECK_AFTER, 'N',
- "The check_after value (time to wait) to include in poll response"},
- {"grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-',
- "Grant implicit confirmation of newly enrolled certificate"},
+ { "srv_trusted", OPT_SRV_TRUSTED, 's',
+ "Trusted certificates for client authentication" },
+ { "srv_untrusted", OPT_SRV_UNTRUSTED, 's',
+ "Intermediate certs that may be useful for verifying CMP protection" },
+ { "rsp_cert", OPT_RSP_CERT, 's',
+ "Certificate to be returned as mock enrollment result" },
+ { "rsp_extracerts", OPT_RSP_EXTRACERTS, 's',
+ "Extra certificates to be included in mock certification responses" },
+ { "rsp_capubs", OPT_RSP_CAPUBS, 's',
+ "CA certificates to be included in mock ip response" },
+ { "poll_count", OPT_POLL_COUNT, 'N',
+ "Number of times the client must poll before receiving a certificate" },
+ { "check_after", OPT_CHECK_AFTER, 'N',
+ "The check_after value (time to wait) to include in poll response" },
+ { "grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-',
+ "Grant implicit confirmation of newly enrolled certificate" },
- {"pkistatus", OPT_PKISTATUS, 'N',
- "PKIStatus to be included in server response. Possible values: 0..6"},
- {"failure", OPT_FAILURE, 'N',
- "A single failure info bit number to include in server response, 0..26"},
- {"failurebits", OPT_FAILUREBITS, 'N',
- "Number representing failure bits to include in server response, 0..2^27 - 1"},
- {"statusstring", OPT_STATUSSTRING, 's',
- "Status string to be included in server response"},
- {"send_error", OPT_SEND_ERROR, '-',
- "Force server to reply with error message"},
- {"send_unprotected", OPT_SEND_UNPROTECTED, '-',
- "Send response messages without CMP-level protection"},
- {"send_unprot_err", OPT_SEND_UNPROT_ERR, '-',
- "In case of negative responses, server shall send unprotected error messages,"},
- {OPT_MORE_STR, 0, 0,
- "certificate responses (ip/cp/kup), and revocation responses (rp)."},
- {OPT_MORE_STR, 0, 0,
- "WARNING: This setting leads to behavior violating RFC 4210"},
- {"accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-',
- "Accept missing or invalid protection of requests"},
- {"accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-',
- "Accept unprotected error messages from client"},
- {"accept_raverified", OPT_ACCEPT_RAVERIFIED, '-',
- "Accept RAVERIFIED as proof-of-possession (POPO)"},
+ { "pkistatus", OPT_PKISTATUS, 'N',
+ "PKIStatus to be included in server response. Possible values: 0..6" },
+ { "failure", OPT_FAILURE, 'N',
+ "A single failure info bit number to include in server response, 0..26" },
+ { "failurebits", OPT_FAILUREBITS, 'N',
+ "Number representing failure bits to include in server response, 0..2^27 - 1" },
+ { "statusstring", OPT_STATUSSTRING, 's',
+ "Status string to be included in server response" },
+ { "send_error", OPT_SEND_ERROR, '-',
+ "Force server to reply with error message" },
+ { "send_unprotected", OPT_SEND_UNPROTECTED, '-',
+ "Send response messages without CMP-level protection" },
+ { "send_unprot_err", OPT_SEND_UNPROT_ERR, '-',
+ "In case of negative responses, server shall send unprotected error messages," },
+ { OPT_MORE_STR, 0, 0,
+ "certificate responses (ip/cp/kup), and revocation responses (rp)." },
+ { OPT_MORE_STR, 0, 0,
+ "WARNING: This setting leads to behavior violating RFC 4210" },
+ { "accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-',
+ "Accept missing or invalid protection of requests" },
+ { "accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-',
+ "Accept unprotected error messages from client" },
+ { "accept_raverified", OPT_ACCEPT_RAVERIFIED, '-',
+ "Accept RAVERIFIED as proof-of-possession (POPO)" },
OPT_V_OPTIONS,
- {NULL}
+ { NULL }
};
typedef union {
@@ -550,111 +605,110 @@ typedef union {
long *num_long;
} varref;
static varref cmp_vars[] = { /* must be in same order as enumerated above! */
- {&opt_config}, {&opt_section}, {(char **)&opt_verbosity},
+ { &opt_config }, { &opt_section }, { (char **)&opt_verbosity },
- {&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo},
+ { &opt_cmd_s }, { &opt_infotype_s }, { &opt_geninfo },
- {&opt_newkey}, {&opt_newkeypass}, {&opt_subject}, {&opt_issuer},
- {(char **)&opt_days}, {&opt_reqexts},
- {&opt_sans}, {(char **)&opt_san_nodefault},
- {&opt_policies}, {&opt_policy_oids}, {(char **)&opt_policy_oids_critical},
- {(char **)&opt_popo}, {&opt_csr},
- {&opt_out_trusted},
- {(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm},
- {&opt_certout}, {&opt_chainout},
+ { &opt_newkey }, { &opt_newkeypass }, { &opt_subject }, { &opt_issuer },
+ { (char **)&opt_days }, { &opt_reqexts },
+ { &opt_sans }, { (char **)&opt_san_nodefault },
+ { &opt_policies }, { &opt_policy_oids }, { (char **)&opt_policy_oids_critical },
+ { (char **)&opt_popo }, { &opt_csr },
+ { &opt_out_trusted },
+ { (char **)&opt_implicit_confirm }, { (char **)&opt_disable_confirm },
+ { &opt_certout }, { &opt_chainout },
- {&opt_oldcert}, {(char **)&opt_revreason},
+ { &opt_oldcert }, { (char **)&opt_revreason },
#ifndef OPENSSL_NO_SOCK
- {&opt_server}, {&opt_proxy}, {&opt_no_proxy},
+ { &opt_server }, { &opt_proxy }, { &opt_no_proxy },
#endif
- {&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive},
- {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout},
+ { &opt_recipient }, { &opt_path }, { (char **)&opt_keep_alive },
+ { (char **)&opt_msg_timeout }, { (char **)&opt_total_timeout },
- {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert},
- {&opt_expect_sender},
- {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors},
- {&opt_extracertsout}, {&opt_cacertsout},
+ { &opt_trusted }, { &opt_untrusted }, { &opt_srvcert },
+ { &opt_expect_sender },
+ { (char **)&opt_ignore_keyusage }, { (char **)&opt_unprotected_errors },
+ { &opt_extracertsout }, { &opt_cacertsout },
- {&opt_ref}, {&opt_secret},
- {&opt_cert}, {&opt_own_trusted}, {&opt_key}, {&opt_keypass},
- {&opt_digest}, {&opt_mac}, {&opt_extracerts},
- {(char **)&opt_unprotected_requests},
+ { &opt_ref }, { &opt_secret },
+ { &opt_cert }, { &opt_own_trusted }, { &opt_key }, { &opt_keypass },
+ { &opt_digest }, { &opt_mac }, { &opt_extracerts },
+ { (char **)&opt_unprotected_requests },
- {&opt_certform_s}, {&opt_keyform_s},
- {&opt_otherpass},
+ { &opt_certform_s }, { &opt_keyform_s },
+ { &opt_otherpass },
#ifndef OPENSSL_NO_ENGINE
- {&opt_engine},
+ { &opt_engine },
#endif
#ifndef OPENSSL_NO_SOCK
- {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key},
- {&opt_tls_keypass},
- {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host},
+ { (char **)&opt_tls_used }, { &opt_tls_cert }, { &opt_tls_key },
+ { &opt_tls_keypass },
+ { &opt_tls_extra }, { &opt_tls_trusted }, { &opt_tls_host },
#endif
- {(char **)&opt_batch}, {(char **)&opt_repeat},
- {&opt_reqin}, {(char **)&opt_reqin_new_tid},
- {&opt_reqout}, {&opt_rspin}, {&opt_rspout},
+ { (char **)&opt_batch }, { (char **)&opt_repeat },
+ { &opt_reqin }, { (char **)&opt_reqin_new_tid },
+ { &opt_reqout }, { &opt_rspin }, { &opt_rspout },
- {(char **)&opt_use_mock_srv},
+ { (char **)&opt_use_mock_srv },
#ifndef OPENSSL_NO_SOCK
- {&opt_port}, {(char **)&opt_max_msgs},
+ { &opt_port }, { (char **)&opt_max_msgs },
#endif
- {&opt_srv_ref}, {&opt_srv_secret},
- {&opt_srv_cert}, {&opt_srv_key}, {&opt_srv_keypass},
- {&opt_srv_trusted}, {&opt_srv_untrusted},
- {&opt_rsp_cert}, {&opt_rsp_extracerts}, {&opt_rsp_capubs},
- {(char **)&opt_poll_count}, {(char **)&opt_check_after},
- {(char **)&opt_grant_implicitconf},
- {(char **)&opt_pkistatus}, {(char **)&opt_failure},
- {(char **)&opt_failurebits}, {&opt_statusstring},
- {(char **)&opt_send_error}, {(char **)&opt_send_unprotected},
- {(char **)&opt_send_unprot_err}, {(char **)&opt_accept_unprotected},
- {(char **)&opt_accept_unprot_err}, {(char **)&opt_accept_raverified},
+ { &opt_srv_ref }, { &opt_srv_secret },
+ { &opt_srv_cert }, { &opt_srv_key }, { &opt_srv_keypass },
+ { &opt_srv_trusted }, { &opt_srv_untrusted },
+ { &opt_rsp_cert }, { &opt_rsp_extracerts }, { &opt_rsp_capubs },
+ { (char **)&opt_poll_count }, { (char **)&opt_check_after },
+ { (char **)&opt_grant_implicitconf },
+ { (char **)&opt_pkistatus }, { (char **)&opt_failure },
+ { (char **)&opt_failurebits }, { &opt_statusstring },
+ { (char **)&opt_send_error }, { (char **)&opt_send_unprotected },
+ { (char **)&opt_send_unprot_err }, { (char **)&opt_accept_unprotected },
+ { (char **)&opt_accept_unprot_err }, { (char **)&opt_accept_raverified },
- {NULL}
+ { NULL }
};
-#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \
- ? "CMP" : OPENSSL_FUNC)
+#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \
+ ? "CMP" \
+ : OPENSSL_FUNC)
#define CMP_print(bio, level, prefix, msg, a1, a2, a3) \
- ((void)(level > opt_verbosity ? 0 : \
- (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", \
- FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3))))
+ ((void)(level > opt_verbosity ? 0 : (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3))))
#define CMP_DEBUG(m, a1, a2, a3) \
CMP_print(bio_out, OSSL_CMP_LOG_DEBUG, "debug", m, a1, a2, a3)
-#define CMP_debug(msg) CMP_DEBUG(msg"%s%s%s", "", "", "")
-#define CMP_debug1(msg, a1) CMP_DEBUG(msg"%s%s", a1, "", "")
-#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg"%s", a1, a2, "")
-#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3)
+#define CMP_debug(msg) CMP_DEBUG(msg "%s%s%s", "", "", "")
+#define CMP_debug1(msg, a1) CMP_DEBUG(msg "%s%s", a1, "", "")
+#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg "%s", a1, a2, "")
+#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3)
#define CMP_INFO(msg, a1, a2, a3) \
CMP_print(bio_out, OSSL_CMP_LOG_INFO, "info", msg, a1, a2, a3)
-#define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "")
-#define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "")
-#define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "")
-#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3)
+#define CMP_info(msg) CMP_INFO(msg "%s%s%s", "", "", "")
+#define CMP_info1(msg, a1) CMP_INFO(msg "%s%s", a1, "", "")
+#define CMP_info2(msg, a1, a2) CMP_INFO(msg "%s", a1, a2, "")
+#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3)
#define CMP_WARN(m, a1, a2, a3) \
CMP_print(bio_out, OSSL_CMP_LOG_WARNING, "warning", m, a1, a2, a3)
-#define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "")
-#define CMP_warn1(msg, a1) CMP_WARN(msg"%s%s", a1, "", "")
-#define CMP_warn2(msg, a1, a2) CMP_WARN(msg"%s", a1, a2, "")
-#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3)
+#define CMP_warn(msg) CMP_WARN(msg "%s%s%s", "", "", "")
+#define CMP_warn1(msg, a1) CMP_WARN(msg "%s%s", a1, "", "")
+#define CMP_warn2(msg, a1, a2) CMP_WARN(msg "%s", a1, a2, "")
+#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3)
#define CMP_ERR(msg, a1, a2, a3) \
CMP_print(bio_err, OSSL_CMP_LOG_ERR, "error", msg, a1, a2, a3)
-#define CMP_err(msg) CMP_ERR(msg"%s%s%s", "", "", "")
-#define CMP_err1(msg, a1) CMP_ERR(msg"%s%s", a1, "", "")
-#define CMP_err2(msg, a1, a2) CMP_ERR(msg"%s", a1, a2, "")
-#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3)
+#define CMP_err(msg) CMP_ERR(msg "%s%s%s", "", "", "")
+#define CMP_err1(msg, a1) CMP_ERR(msg "%s%s", a1, "", "")
+#define CMP_err2(msg, a1, a2) CMP_ERR(msg "%s", a1, a2, "")
+#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3)
static int print_to_bio_out(const char *func, const char *file, int line,
- OSSL_CMP_severity level, const char *msg)
+ OSSL_CMP_severity level, const char *msg)
{
return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg);
}
static int print_to_bio_err(const char *func, const char *file, int line,
- OSSL_CMP_severity level, const char *msg)
+ OSSL_CMP_severity level, const char *msg)
{
return OSSL_CMP_print_to_bio(bio_err, func, file, line, level, msg);
}
@@ -670,7 +724,7 @@ static int set_verbosity(int level)
}
static EVP_PKEY *load_key_pwd(const char *uri, int format,
- const char *pass, ENGINE *eng, const char *desc)
+ const char *pass, ENGINE *eng, const char *desc)
{
char *pass_string = get_passwd(pass, desc);
EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, eng, desc);
@@ -704,7 +758,7 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc)
if (csr == NULL) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc,
- infile);
+ infile);
} else {
EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr);
int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */);
@@ -724,12 +778,11 @@ static int truststore_set_host_etc(X509_STORE *ts, const char *host)
/* first clear any host names, IP, and email addresses */
if (!X509_VERIFY_PARAM_set1_host(ts_vpm, NULL, 0)
- || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0)
- || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0))
+ || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0)
+ || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0))
return 0;
X509_VERIFY_PARAM_set_hostflags(ts_vpm,
- X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
- X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
return (host != NULL && X509_VERIFY_PARAM_set1_ip_asc(ts_vpm, host))
|| X509_VERIFY_PARAM_set1_host(ts_vpm, host, 0);
}
@@ -790,7 +843,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames)
* to take the sequence of requests and responses from files.
*/
static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
- const OSSL_CMP_MSG *req)
+ const OSSL_CMP_MSG *req)
{
OSSL_CMP_MSG *req_new = NULL;
OSSL_CMP_MSG *res = NULL;
@@ -798,7 +851,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
const char *prev_opt_rspin = opt_rspin;
if (req != NULL && opt_reqout != NULL
- && !write_PKIMESSAGE(req, &opt_reqout))
+ && !write_PKIMESSAGE(req, &opt_reqout))
goto err;
if (opt_reqin != NULL && opt_rspin == NULL) {
if ((req_new = read_PKIMESSAGE("actually sending", &opt_reqin)) == NULL)
@@ -809,7 +862,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
* The following workaround unfortunately requires re-protection.
*/
if (opt_reqin_new_tid
- && !OSSL_CMP_MSG_update_transactionID(ctx, req_new))
+ && !OSSL_CMP_MSG_update_transactionID(ctx, req_new))
goto err;
/*
@@ -856,7 +909,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
nonce = OSSL_CMP_HDR_get0_recipNonce(hdr);
tid = OSSL_CMP_HDR_get0_transactionID(hdr);
if (!OSSL_CMP_CTX_set1_senderNonce(ctx, nonce)
- || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) {
+ || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) {
OSSL_CMP_MSG_free(res);
res = NULL;
goto err;
@@ -868,21 +921,21 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
res = NULL;
}
- err:
+err:
OSSL_CMP_MSG_free(req_new);
return res;
}
static int set_name(const char *str,
- int (*set_fn) (OSSL_CMP_CTX *ctx, const X509_NAME *name),
- OSSL_CMP_CTX *ctx, const char *desc)
+ int (*set_fn)(OSSL_CMP_CTX *ctx, const X509_NAME *name),
+ OSSL_CMP_CTX *ctx, const char *desc)
{
if (str != NULL) {
X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
if (n == NULL)
return 0;
- if (!(*set_fn) (ctx, n)) {
+ if (!(*set_fn)(ctx, n)) {
X509_NAME_free(n);
CMP_err("out of memory");
return 0;
@@ -902,8 +955,8 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc)
next = next_item(names);
if (strcmp(names, "critical") == 0) {
(void)OSSL_CMP_CTX_set_option(ctx,
- OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL,
- 1);
+ OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL,
+ 1);
continue;
}
@@ -912,8 +965,8 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc)
n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0);
if (n == NULL)
n = a2i_GENERAL_NAME(NULL, NULL, NULL,
- strchr(names, ':') != NULL ? GEN_URI : GEN_DNS,
- names, 0);
+ strchr(names, ':') != NULL ? GEN_URI : GEN_DNS,
+ names, 0);
(void)ERR_pop_to_mark();
if (n == NULL) {
@@ -940,7 +993,7 @@ static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc)
/* copy vpm to store */
if (X509_STORE_set1_param(ts, vpm /* may be NULL */)
- && (for_new_cert || truststore_set_host_etc(ts, NULL)))
+ && (for_new_cert || truststore_set_host_etc(ts, NULL)))
return ts;
BIO_printf(bio_err, "error setting verification parameters for %s\n", desc);
OSSL_CMP_CTX_print_errors(cmp_ctx);
@@ -951,7 +1004,7 @@ static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc)
typedef int (*add_X509_stack_fn_t)(void *ctx, const STACK_OF(X509) *certs);
static int setup_certs(char *files, const char *desc, void *ctx,
- add_X509_stack_fn_t set1_fn)
+ add_X509_stack_fn_t set1_fn)
{
STACK_OF(X509) *certs;
int ok;
@@ -965,7 +1018,6 @@ static int setup_certs(char *files, const char *desc, void *ctx,
return ok;
}
-
/*
* parse and transform some options, checking their syntax.
* Returns 1 on success, 0 on error
@@ -995,13 +1047,13 @@ static int transform_opts(void)
}
#ifndef OPENSSL_NO_ENGINE
-# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE)
+#define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE)
#else
-# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12)
+#define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12)
#endif
if (opt_keyform_s != NULL
- && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) {
+ && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) {
CMP_err("unknown option given for key loading format");
return 0;
}
@@ -1009,7 +1061,7 @@ static int transform_opts(void)
#undef FORMAT_OPTIONS
if (opt_certform_s != NULL
- && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) {
+ && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) {
CMP_err("unknown option given for certificate storing format");
return 0;
}
@@ -1021,7 +1073,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
{
OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */
OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(app_get0_libctx(),
- app_get0_propq());
+ app_get0_propq());
if (srv_ctx == NULL)
return NULL;
@@ -1035,7 +1087,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
}
} else {
if (!OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_srv_ref,
- strlen(opt_srv_ref)))
+ strlen(opt_srv_ref)))
goto err;
}
@@ -1046,7 +1098,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
if (pass_str != NULL) {
cleanse(opt_srv_secret);
res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str,
- strlen(pass_str));
+ strlen(pass_str));
clear_free(pass_str);
if (res == 0)
goto err;
@@ -1059,13 +1111,13 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
}
if (opt_srv_secret == NULL
- && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) {
+ && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) {
CMP_err("must give both -srv_cert and -srv_key options or neither");
goto err;
}
if (opt_srv_cert != NULL) {
X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass,
- "certificate of the mock server");
+ "certificate of the mock server");
if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) {
X509_free(srv_cert);
@@ -1075,8 +1127,8 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
}
if (opt_srv_key != NULL) {
EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform,
- opt_srv_keypass,
- engine, "private key for mock server cert");
+ opt_srv_keypass,
+ engine, "private key for mock server cert");
if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) {
EVP_PKEY_free(pkey);
@@ -1087,8 +1139,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
cleanse(opt_srv_keypass);
if (opt_srv_trusted != NULL) {
- X509_STORE *ts =
- load_trusted(opt_srv_trusted, 0, "certs trusted by mock server");
+ X509_STORE *ts = load_trusted(opt_srv_trusted, 0, "certs trusted by mock server");
if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) {
X509_STORE_free(ts);
@@ -1098,15 +1149,15 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
CMP_warn("mock server will not be able to handle signature-protected requests since -srv_trusted is not given");
}
if (!setup_certs(opt_srv_untrusted,
- "untrusted certificates for mock server", ctx,
- (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted))
+ "untrusted certificates for mock server", ctx,
+ (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted))
goto err;
if (opt_rsp_cert == NULL) {
CMP_warn("no -rsp_cert given for mock server");
} else {
X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass,
- "cert to be returned by the mock server");
+ "cert to be returned by the mock server");
if (cert == NULL)
goto err;
@@ -1118,21 +1169,21 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
X509_free(cert);
}
if (!setup_certs(opt_rsp_extracerts,
- "CMP extra certificates for mock server", srv_ctx,
- (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut))
+ "CMP extra certificates for mock server", srv_ctx,
+ (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut))
goto err;
if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx,
- (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut))
+ (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut))
goto err;
(void)ossl_cmp_mock_srv_set_pollCount(srv_ctx, opt_poll_count);
(void)ossl_cmp_mock_srv_set_checkAfterTime(srv_ctx, opt_check_after);
if (opt_grant_implicitconf)
(void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1);
- if (opt_failure != INT_MIN) { /* option has been set explicity */
+ if (opt_failure != INT_MIN) { /* option has been set explicitly */
if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) {
CMP_err1("-failure out of range, should be >= 0 and <= %d",
- OSSL_CMP_PKIFAILUREINFO_MAX);
+ OSSL_CMP_PKIFAILUREINFO_MAX);
goto err;
}
if (opt_failurebits != 0)
@@ -1145,7 +1196,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
goto err;
}
if (!ossl_cmp_mock_srv_set_statusInfo(srv_ctx, opt_pkistatus,
- opt_failurebits, opt_statusstring))
+ opt_failurebits, opt_statusstring))
goto err;
if (opt_send_error)
@@ -1164,7 +1215,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
return srv_ctx;
- err:
+err:
ossl_cmp_mock_srv_free(srv_ctx);
return NULL;
}
@@ -1176,7 +1227,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
{
if (!setup_certs(opt_untrusted, "untrusted certificates", ctx,
- (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted))
+ (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted))
return 0;
if (opt_srvcert != NULL || opt_trusted != NULL) {
@@ -1194,7 +1245,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
opt_recipient = NULL;
}
srvcert = load_cert_pwd(opt_srvcert, opt_otherpass,
- "directly trusted CMP server certificate");
+ "directly trusted CMP server certificate");
ok = srvcert != NULL && OSSL_CMP_CTX_set1_srvCert(ctx, srvcert);
X509_free(srvcert);
if (!ok)
@@ -1222,9 +1273,8 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */
X509_VERIFY_PARAM *out_vpm = NULL;
- X509_STORE *out_trusted =
- load_trusted(opt_out_trusted, 1,
- "trusted certs for verifying newly enrolled cert");
+ X509_STORE *out_trusted = load_trusted(opt_out_trusted, 1,
+ "trusted certs for verifying newly enrolled cert");
if (out_trusted == NULL)
return 0;
@@ -1250,7 +1300,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
* Returns pointer on success, NULL on error
*/
static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
- ENGINE *engine)
+ ENGINE *engine)
{
STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted(ctx);
EVP_PKEY *pkey = NULL;
@@ -1275,8 +1325,8 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
int ok;
if (!load_cert_certs(opt_tls_cert, &cert, &certs, 0, opt_tls_keypass,
- "TLS client certificate (optionally with chain)",
- vpm))
+ "TLS client certificate (optionally with chain)",
+ vpm))
/* need opt_tls_keypass if opt_tls_cert is encrypted PKCS#12 file */
goto err;
@@ -1289,7 +1339,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
*/
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
CMP_err1("unable to use client TLS certificate file '%s'",
- opt_tls_cert);
+ opt_tls_cert);
sk_X509_pop_free(certs, X509_free);
goto err;
}
@@ -1310,15 +1360,14 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
bak_flags = X509_VERIFY_PARAM_get_flags(tls_vpm);
/* disable any cert status/revocation checking etc. */
X509_VERIFY_PARAM_clear_flags(tls_vpm,
- ~(X509_V_FLAG_USE_CHECK_TIME
- | X509_V_FLAG_NO_CHECK_TIME
- | X509_V_FLAG_PARTIAL_CHAIN
- | X509_V_FLAG_POLICY_CHECK));
+ ~(X509_V_FLAG_USE_CHECK_TIME
+ | X509_V_FLAG_NO_CHECK_TIME
+ | X509_V_FLAG_PARTIAL_CHAIN
+ | X509_V_FLAG_POLICY_CHECK));
}
CMP_debug("trying to build cert chain for own TLS cert");
if (SSL_CTX_build_cert_chain(ssl_ctx,
- SSL_BUILD_CHAIN_FLAG_UNTRUSTED |
- SSL_BUILD_CHAIN_FLAG_NO_ROOT)) {
+ SSL_BUILD_CHAIN_FLAG_UNTRUSTED | SSL_BUILD_CHAIN_FLAG_NO_ROOT)) {
CMP_debug("success building cert chain for own TLS cert");
} else {
OSSL_CMP_CTX_print_errors(ctx);
@@ -1331,9 +1380,9 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
/* If present we append to the list also the certs from opt_tls_extra */
if (opt_tls_extra != NULL) {
STACK_OF(X509) *tls_extra = load_certs_multifile(opt_tls_extra,
- opt_otherpass,
- "extra certificates for TLS",
- vpm);
+ opt_otherpass,
+ "extra certificates for TLS",
+ vpm);
int res = 1;
if (tls_extra == NULL)
@@ -1353,7 +1402,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
}
pkey = load_key_pwd(opt_tls_key, opt_keyform, opt_tls_keypass,
- engine, "TLS client private key");
+ engine, "TLS client private key");
cleanse(opt_tls_keypass);
if (pkey == NULL)
goto err;
@@ -1363,9 +1412,9 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
* because it gives poor and sometimes misleading diagnostics
*/
if (!X509_check_private_key(SSL_CTX_get0_certificate(ssl_ctx),
- pkey)) {
+ pkey)) {
CMP_err2("TLS private key '%s' does not match the TLS certificate '%s'\n",
- opt_tls_key, opt_tls_cert);
+ opt_tls_key, opt_tls_cert);
EVP_PKEY_free(pkey);
pkey = NULL; /* otherwise, for some reason double free! */
goto err;
@@ -1381,12 +1430,12 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
if (opt_tls_trusted != NULL) {
/* enable and parameterize server hostname/IP address check */
if (!truststore_set_host_etc(trust_store,
- opt_tls_host != NULL ? opt_tls_host : host))
+ opt_tls_host != NULL ? opt_tls_host : host))
goto err;
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
}
return ssl_ctx;
- err:
+err:
SSL_CTX_free(ssl_ctx);
return NULL;
}
@@ -1420,8 +1469,8 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (pass_string != NULL) {
cleanse(opt_secret);
res = OSSL_CMP_CTX_set1_secretValue(ctx,
- (unsigned char *)pass_string,
- strlen(pass_string));
+ (unsigned char *)pass_string,
+ strlen(pass_string));
clear_free(pass_string);
if (res == 0)
return 0;
@@ -1430,13 +1479,13 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
CMP_warn("-cert and -key not used for protection since -secret is given");
}
if (opt_ref != NULL
- && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref,
- strlen(opt_ref)))
+ && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref,
+ strlen(opt_ref)))
return 0;
if (opt_key != NULL) {
EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, engine,
- "private key for CMP client certificate");
+ "private key for CMP client certificate");
if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) {
EVP_PKEY_free(pkey);
@@ -1454,8 +1503,8 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
int ok;
if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass,
- "CMP client certificate (optionally with chain)",
- vpm))
+ "CMP client certificate (optionally with chain)",
+ vpm))
/* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */
return 0;
ok = OSSL_CMP_CTX_set1_cert(ctx, cert);
@@ -1465,7 +1514,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
} else {
if (opt_own_trusted != NULL) {
own_trusted = load_trusted(opt_own_trusted, 0,
- "trusted certs for verifying own CMP signer cert");
+ "trusted certs for verifying own CMP signer cert");
ok = own_trusted != NULL;
}
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
@@ -1479,7 +1528,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
}
if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx,
- (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut))
+ (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut))
return 0;
cleanse(opt_otherpass);
@@ -1523,8 +1572,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
X509V3_CTX ext_ctx;
if (opt_subject == NULL
- && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL
- && opt_cmd != CMP_RR && opt_cmd != CMP_GENM)
+ && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL
+ && opt_cmd != CMP_RR && opt_cmd != CMP_GENM)
CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) {
@@ -1538,8 +1587,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
&& opt_popo != OSSL_CRMF_POPO_RAVERIFIED) {
if (opt_csr != NULL) {
CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s",
- opt_key == NULL ? "" :
- ", and -key option superseded by by -csr");
+ opt_key == NULL ? "" : ", and -key option superseded by by -csr");
return 0;
}
if (opt_key == NULL) {
@@ -1552,7 +1600,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
return 0;
}
if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject")
- || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer"))
+ || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer"))
return 0;
} else {
const char *msg = "option is ignored for commands other than 'ir', 'cr', and 'kur'";
@@ -1588,7 +1636,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
}
if (opt_subject != NULL)
CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR",
- opt_subject, ref_cert != NULL ? ref_cert : opt_csr);
+ opt_subject, ref_cert != NULL ? ref_cert : opt_csr);
}
if (opt_cmd == CMP_RR) {
if (opt_oldcert == NULL && opt_csr == NULL) {
@@ -1604,7 +1652,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
}
if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL
- && opt_oldcert == NULL && opt_cert == NULL)
+ && opt_oldcert == NULL && opt_cert == NULL)
CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\"");
if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR) {
@@ -1633,8 +1681,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (pkey == NULL) {
ERR_clear_error();
desc = opt_csr == NULL
- ? "fallback public key for cert to be enrolled"
- : "public key for checking cert resulting from p10cr";
+ ? "fallback public key for cert to be enrolled"
+ : "public key for checking cert resulting from p10cr";
pkey = load_pubkey(file, format, 0, pass, engine, desc);
priv = 0;
}
@@ -1646,8 +1694,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
}
if (opt_days > 0
- && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS,
- opt_days)) {
+ && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS,
+ opt_days)) {
CMP_err("could not set requested cert validity period");
return 0;
}
@@ -1675,13 +1723,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_reqexts != NULL
&& !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) {
CMP_err1("cannot load certificate request extension section '%s'",
- opt_reqexts);
+ opt_reqexts);
goto exts_err;
}
if (opt_policies != NULL
&& !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) {
CMP_err1("cannot load policy cert request extension section '%s'",
- opt_policies);
+ opt_policies);
goto exts_err;
}
OSSL_CMP_CTX_set0_reqExtensions(ctx, exts);
@@ -1700,7 +1748,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_sans != NULL)
CMP_warn("-opt_san_nodefault has no effect when -sans is used");
(void)OSSL_CMP_CTX_set_option(ctx,
- OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1);
+ OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1);
}
if (opt_policy_oids_critical) {
@@ -1741,11 +1789,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
CMP_warn("-oldcert option is ignored for command 'genm'");
} else {
X509 *oldcert = load_cert_pwd(opt_oldcert, opt_keypass,
- opt_cmd == CMP_KUR ?
- "certificate to be updated" :
- opt_cmd == CMP_RR ?
- "certificate to be revoked" :
- "reference certificate (oldcert)");
+ opt_cmd == CMP_KUR ? "certificate to be updated" : opt_cmd == CMP_RR ? "certificate to be revoked"
+ : "reference certificate (oldcert)");
/* opt_keypass needed if opt_oldcert is an encrypted PKCS#12 file */
if (oldcert == NULL)
@@ -1761,13 +1806,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
cleanse(opt_keypass);
if (opt_revreason > CRL_REASON_NONE)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON,
- opt_revreason);
+ opt_revreason);
return 1;
- oom:
+oom:
CMP_err("out of memory");
- exts_err:
+exts_err:
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
X509_REQ_free(csr);
return 0;
@@ -1829,13 +1874,12 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
}
return 1;
- oom:
+oom:
ASN1_OBJECT_free(type);
CMP_err("out of memory");
return 0;
}
-
/*
* set up the client-side OSSL_CMP_CTX based on options from config file/CLI
* while parsing options and checking their consistency.
@@ -1878,7 +1922,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
goto set_path;
}
if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &host, &port,
- &portnum, &path, NULL /* q */, NULL /* frag */)) {
+ &portnum, &path, NULL /* q */, NULL /* frag */)) {
CMP_err1("cannot parse -server URL: %s", opt_server);
goto err;
}
@@ -1891,21 +1935,21 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_path == NULL)
used_path = path;
if (!OSSL_CMP_CTX_set1_server(ctx, host)
- || !OSSL_CMP_CTX_set_serverPort(ctx, portnum))
+ || !OSSL_CMP_CTX_set_serverPort(ctx, portnum))
goto oom;
if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy))
goto oom;
if (opt_no_proxy != NULL && !OSSL_CMP_CTX_set1_no_proxy(ctx, opt_no_proxy))
goto oom;
(void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s:%s/%s",
- opt_tls_used ? "s" : "", host, port,
- *used_path == '/' ? used_path + 1 : used_path);
+ opt_tls_used ? "s" : "", host, port,
+ *used_path == '/' ? used_path + 1 : used_path);
proxy_host = OSSL_HTTP_adapt_proxy(opt_proxy, opt_no_proxy, host, ssl);
if (proxy_host != NULL)
(void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", proxy_host);
- set_path:
+set_path:
#endif
if (!OSSL_CMP_CTX_set1_serverPath(ctx, used_path))
@@ -1928,19 +1972,19 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_keep_alive != 1)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_KEEP_ALIVE,
- opt_keep_alive);
+ opt_keep_alive);
if (opt_total_timeout > 0 && opt_msg_timeout > 0
- && opt_total_timeout < opt_msg_timeout) {
+ && opt_total_timeout < opt_msg_timeout) {
CMP_err2("-total_timeout argument = %d must not be < %d (-msg_timeout)",
- opt_total_timeout, opt_msg_timeout);
+ opt_total_timeout, opt_msg_timeout);
goto err;
}
if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT,
- opt_msg_timeout);
+ opt_msg_timeout);
if (opt_total_timeout >= 0)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT,
- opt_total_timeout);
+ opt_total_timeout);
if (opt_rspin != NULL) {
rspin_in_use = 1;
@@ -1950,7 +1994,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_reqin_new_tid && opt_reqin == NULL)
CMP_warn("-reqin_new_tid is ignored since -reqin is not present");
if (opt_reqin != NULL || opt_reqout != NULL
- || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv)
+ || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv)
(void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp);
#ifndef OPENSSL_NO_SOCK
@@ -1993,8 +2037,8 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
goto err;
if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient")
- || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender,
- ctx, "expected sender"))
+ || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender,
+ ctx, "expected sender"))
goto err;
if (opt_geninfo != NULL && !handle_opt_geninfo(ctx))
@@ -2004,18 +2048,18 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if (opt_rspin != NULL)
CMP_info2("will contact %s%s "
"only if -rspin argument gives too few filenames",
- server_buf, proxy_buf);
+ server_buf, proxy_buf);
else
CMP_info2("will contact %s%s", server_buf, proxy_buf);
ret = 1;
- err:
+err:
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_free(path);
return ret;
- oom:
+oom:
CMP_err("out of memory");
goto err;
}
@@ -2028,12 +2072,12 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
static int write_cert(BIO *bio, X509 *cert)
{
if ((opt_certform == FORMAT_PEM && PEM_write_bio_X509(bio, cert))
- || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert)))
+ || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert)))
return 1;
if (opt_certform != FORMAT_PEM && opt_certform != FORMAT_ASN1)
BIO_printf(bio_err,
- "error: unsupported type '%s' for writing certificates\n",
- opt_certform_s);
+ "error: unsupported type '%s' for writing certificates\n",
+ opt_certform_s);
return 0;
}
@@ -2045,7 +2089,7 @@ static int write_cert(BIO *bio, X509 *cert)
* Returns number of written certificates on success, -1 on error.
*/
static int save_free_certs(OSSL_CMP_CTX *ctx,
- STACK_OF(X509) *certs, char *destFile, char *desc)
+ STACK_OF(X509) *certs, char *destFile, char *desc)
{
BIO *bio = NULL;
int i;
@@ -2054,12 +2098,12 @@ static int save_free_certs(OSSL_CMP_CTX *ctx,
if (destFile == NULL)
goto end;
CMP_info3("received %d %s certificate(s), saving to file '%s'",
- n, desc, destFile);
+ n, desc, destFile);
if (n > 1 && opt_certform != FORMAT_PEM)
CMP_warn("saving more than one certificate in non-PEM format");
if (destFile == NULL || (bio = BIO_new(BIO_s_file())) == NULL
- || !BIO_write_filename(bio, (char *)destFile)) {
+ || !BIO_write_filename(bio, (char *)destFile)) {
CMP_err1("could not open file '%s' for writing", destFile);
n = -1;
goto end;
@@ -2073,7 +2117,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx,
}
}
- end:
+end:
BIO_free(bio);
sk_X509_pop_free(certs, X509_free);
return n;
@@ -2123,7 +2167,7 @@ static const char *prev_item(const char *opt, const char *end)
len = end - beg;
if (len > SECTION_NAME_MAX) {
CMP_warn3("using only first %d characters of section name starting with \"%.*s\"",
- SECTION_NAME_MAX, SECTION_NAME_MAX, beg);
+ SECTION_NAME_MAX, SECTION_NAME_MAX, beg);
len = SECTION_NAME_MAX;
}
memcpy(opt_item, beg, len);
@@ -2140,7 +2184,7 @@ static const char *prev_item(const char *opt, const char *end)
/* get str value for name from a comma-separated hierarchy of config sections */
static char *conf_get_string(const CONF *src_conf, const char *groups,
- const char *name)
+ const char *name)
{
char *res = NULL;
const char *end = groups + strlen(groups);
@@ -2155,7 +2199,7 @@ static char *conf_get_string(const CONF *src_conf, const char *groups,
/* get long val for name from a comma-separated hierarchy of config sections */
static int conf_get_number_e(const CONF *conf_, const char *groups,
- const char *name, long *result)
+ const char *name, long *result)
{
char *str = conf_get_string(conf_, groups, name);
char *tailptr;
@@ -2192,25 +2236,22 @@ static int read_config(void)
int n_options = OSSL_NELEM(cmp_options) - 1;
for (opt = &cmp_options[start_opt], i = start_idx;
- opt->name != NULL; i++, opt++)
+ opt->name != NULL; i++, opt++)
if (!strcmp(opt->name, OPT_SECTION_STR)
- || !strcmp(opt->name, OPT_MORE_STR))
+ || !strcmp(opt->name, OPT_MORE_STR))
n_options--;
- OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options
- + OPT_PROV__FIRST + 1 - OPT_PROV__LAST
- + OPT_R__FIRST + 1 - OPT_R__LAST
- + OPT_V__FIRST + 1 - OPT_V__LAST);
+ OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options + OPT_PROV__FIRST + 1 - OPT_PROV__LAST + OPT_R__FIRST + 1 - OPT_R__LAST + OPT_V__FIRST + 1 - OPT_V__LAST);
for (opt = &cmp_options[start_opt], i = start_idx;
- opt->name != NULL; i++, opt++) {
+ opt->name != NULL; i++, opt++) {
int provider_option = (OPT_PROV__FIRST <= opt->retval
- && opt->retval < OPT_PROV__LAST);
+ && opt->retval < OPT_PROV__LAST);
int rand_state_option = (OPT_R__FIRST <= opt->retval
- && opt->retval < OPT_R__LAST);
+ && opt->retval < OPT_R__LAST);
int verification_option = (OPT_V__FIRST <= opt->retval
- && opt->retval < OPT_V__LAST);
+ && opt->retval < OPT_V__LAST);
if (strcmp(opt->name, OPT_SECTION_STR) == 0
- || strcmp(opt->name, OPT_MORE_STR) == 0) {
+ || strcmp(opt->name, OPT_MORE_STR) == 0) {
i--;
continue;
}
@@ -2228,12 +2269,12 @@ static int read_config(void)
}
if (opt->valtype == 'p' && num <= 0) {
opt_printf_stderr("Non-positive number \"%ld\" for config option -%s\n",
- num, opt->name);
+ num, opt->name);
return -1;
}
if (opt->valtype == 'N' && num < 0) {
opt_printf_stderr("Negative number \"%ld\" for config option -%s\n",
- num, opt->name);
+ num, opt->name);
return -1;
}
break;
@@ -2248,7 +2289,7 @@ static int read_config(void)
break;
default:
CMP_err2("internal: unsupported type '%c' for option '%s'",
- opt->valtype, opt->name);
+ opt->valtype, opt->name);
return 0;
break;
}
@@ -2272,10 +2313,10 @@ static int read_config(void)
(void)opt_init(conf_argc, conf_argv, cmp_options);
if (provider_option
- ? !opt_provider(opt_next())
- : !opt_verify(opt_next(), vpm)) {
+ ? !opt_provider(opt_next())
+ : !opt_verify(opt_next(), vpm)) {
CMP_err2("for option '%s' in config file section '%s'",
- opt->name, opt_section);
+ opt->name, opt_section);
return 0;
}
}
@@ -2287,8 +2328,8 @@ static int read_config(void)
case 'N':
if (num < INT_MIN || INT_MAX < num) {
BIO_printf(bio_err,
- "integer value out of range for option '%s'\n",
- opt->name);
+ "integer value out of range for option '%s'\n",
+ opt->name);
return 0;
}
*cmp_vars[i].num = (int)num;
@@ -2314,7 +2355,7 @@ static char *opt_str(void)
if (arg[0] == '\0') {
CMP_warn1("%s option argument is empty string, resetting option",
- opt_flag());
+ opt_flag());
arg = NULL;
} else if (arg[0] == '-') {
CMP_warn1("%s option argument starts with hyphen", opt_flag());
@@ -2333,7 +2374,7 @@ static int get_opts(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 0;
case OPT_HELP:
@@ -2506,7 +2547,7 @@ static int get_opts(int argc, char **argv)
case OPT_POPO:
opt_popo = opt_int_arg();
if (opt_popo < OSSL_CRMF_POPO_NONE
- || opt_popo > OSSL_CRMF_POPO_KEYENC) {
+ || opt_popo > OSSL_CRMF_POPO_KEYENC) {
CMP_err("invalid popo spec. Valid values are -1 .. 2");
goto opthelp;
}
@@ -2534,9 +2575,9 @@ static int get_opts(int argc, char **argv)
break;
case OPT_REVREASON:
opt_revreason = opt_int_arg();
- if (opt_revreason < CRL_REASON_NONE
- || opt_revreason > CRL_REASON_AA_COMPROMISE
- || opt_revreason == 7) {
+ if (opt_revreason < CRL_REASON_NONE
+ || opt_revreason > CRL_REASON_AA_COMPROMISE
+ || opt_revreason == 7) {
CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10");
goto opthelp;
}
@@ -2678,7 +2719,8 @@ static int get_opts(int argc, char **argv)
}
#ifndef OPENSSL_NO_SOCK
-static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
+static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx)
+{
BIO *acbio;
BIO *cbio = NULL;
int keep_alive = 0;
@@ -2694,9 +2736,9 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
OSSL_CMP_MSG *resp = NULL;
ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
- (ASN1_VALUE **)&req, &path,
- &cbio, acbio, &keep_alive,
- prog, opt_port, 0, 0);
+ (ASN1_VALUE **)&req, &path,
+ &cbio, acbio, &keep_alive,
+ prog, opt_port, 0, 0);
if (ret == 0) { /* no request yet */
if (retry) {
ossl_sleep(1000);
@@ -2715,7 +2757,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) {
(void)http_server_send_status(cbio, 404, "Not Found");
CMP_err1("expecting empty path or 'pkix/' but got '%s'",
- path);
+ path);
OPENSSL_free(path);
OSSL_CMP_MSG_free(req);
goto next;
@@ -2725,13 +2767,13 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
OSSL_CMP_MSG_free(req);
if (resp == NULL) {
(void)http_server_send_status(cbio,
- 500, "Internal Server Error");
+ 500, "Internal Server Error");
break; /* treated as fatal error */
}
ret = http_server_send_asn1_resp(cbio, keep_alive,
- "application/pkixcmp",
- ASN1_ITEM_rptr(OSSL_CMP_MSG),
- (const ASN1_VALUE *)resp);
+ "application/pkixcmp",
+ ASN1_ITEM_rptr(OSSL_CMP_MSG),
+ (const ASN1_VALUE *)resp);
OSSL_CMP_MSG_free(resp);
if (!ret)
break; /* treated as fatal error */
@@ -2760,8 +2802,7 @@ static void print_status(void)
/* print PKIStatusInfo */
int status = OSSL_CMP_CTX_get_status(cmp_ctx);
char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf");
- const char *string =
- OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
+ const char *string = OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
const char *from = "", *server = "";
#ifndef OPENSSL_NO_SOCK
@@ -2771,16 +2812,17 @@ static void print_status(void)
}
#endif
CMP_print(bio_err,
- status == OSSL_CMP_PKISTATUS_accepted
- ? OSSL_CMP_LOG_INFO :
- status == OSSL_CMP_PKISTATUS_rejection
- || status == OSSL_CMP_PKISTATUS_waiting
- ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING,
- status == OSSL_CMP_PKISTATUS_accepted ? "info" :
- status == OSSL_CMP_PKISTATUS_rejection ? "server error" :
- status == OSSL_CMP_PKISTATUS_waiting ? "internal error"
- : "warning", "received%s%s %s", from, server,
- string != NULL ? string : "<unknown PKIStatus>");
+ status == OSSL_CMP_PKISTATUS_accepted
+ ? OSSL_CMP_LOG_INFO
+ : status == OSSL_CMP_PKISTATUS_rejection
+ || status == OSSL_CMP_PKISTATUS_waiting
+ ? OSSL_CMP_LOG_ERR
+ : OSSL_CMP_LOG_WARNING,
+ status == OSSL_CMP_PKISTATUS_accepted ? "info" : status == OSSL_CMP_PKISTATUS_rejection ? "server error"
+ : status == OSSL_CMP_PKISTATUS_waiting ? "internal error"
+ : "warning",
+ "received%s%s %s", from, server,
+ string != NULL ? string : "<unknown PKIStatus>");
OPENSSL_free(buf);
}
@@ -2808,11 +2850,12 @@ int cmp_main(int argc, char **argv)
if (!strcmp(argv[i] + 1, cmp_options[OPT_CONFIG - OPT_HELP].name))
opt_config = argv[++i];
else if (!strcmp(argv[i] + 1,
- cmp_options[OPT_SECTION - OPT_HELP].name))
+ cmp_options[OPT_SECTION - OPT_HELP].name))
opt_section = argv[++i];
else if (strcmp(argv[i] + 1,
- cmp_options[OPT_VERBOSITY - OPT_HELP].name) == 0
- && !set_verbosity(atoi(argv[++i])))
+ cmp_options[OPT_VERBOSITY - OPT_HELP].name)
+ == 0
+ && !set_verbosity(atoi(argv[++i])))
goto err;
}
}
@@ -2828,9 +2871,9 @@ int cmp_main(int argc, char **argv)
/* read default values for options from config file */
configfile = opt_config != NULL ? opt_config : default_config_file;
if (configfile != NULL && configfile[0] != '\0' /* non-empty string */
- && (configfile != default_config_file || access(configfile, F_OK) != -1)) {
+ && (configfile != default_config_file || access(configfile, F_OK) != -1)) {
CMP_info2("using section(s) '%s' of OpenSSL configuration file '%s'",
- opt_section, configfile);
+ opt_section, configfile);
conf = app_load_config(configfile);
if (conf == NULL) {
goto err;
@@ -2839,13 +2882,13 @@ int cmp_main(int argc, char **argv)
if (!NCONF_get_section(conf, opt_section))
CMP_info2("no [%s] section found in config file '%s';"
" will thus use just [default] and unnamed section if present",
- opt_section, configfile);
+ opt_section, configfile);
} else {
const char *end = opt_section + strlen(opt_section);
while ((end = prev_item(opt_section, end)) != NULL) {
if (!NCONF_get_section(conf, opt_item)) {
CMP_err2("no [%s] section found in config file '%s'",
- opt_item, configfile);
+ opt_item, configfile);
goto err;
}
}
@@ -2891,10 +2934,10 @@ int cmp_main(int argc, char **argv)
#ifndef OPENSSL_NO_SOCK
if ((opt_tls_cert != NULL || opt_tls_key != NULL
- || opt_tls_keypass != NULL || opt_tls_extra != NULL
- || opt_tls_trusted != NULL || opt_tls_host != NULL)
- && !opt_tls_used)
- CMP_warn("Ingnoring TLS options(s) since -tls_used is not given");
+ || opt_tls_keypass != NULL || opt_tls_extra != NULL
+ || opt_tls_trusted != NULL || opt_tls_host != NULL)
+ && !opt_tls_used)
+ CMP_warn("Ignoring TLS options(s) since -tls_used is not given");
if (opt_port != NULL) {
if (opt_tls_used) {
CMP_err("-tls_used option not supported with -port option");
@@ -2923,7 +2966,7 @@ int cmp_main(int argc, char **argv)
#ifndef OPENSSL_NO_SOCK
|| opt_port != NULL
#endif
- ) {
+ ) {
OSSL_CMP_SRV_CTX *srv_ctx;
if ((srv_ctx = setup_srv_ctx(engine)) == NULL)
@@ -2988,25 +3031,23 @@ int cmp_main(int argc, char **argv)
case CMP_RR:
ret = OSSL_CMP_exec_RR_ses(cmp_ctx);
break;
- case CMP_GENM:
- {
- STACK_OF(OSSL_CMP_ITAV) *itavs;
+ case CMP_GENM: {
+ STACK_OF(OSSL_CMP_ITAV) *itavs;
- if (opt_infotype != NID_undef) {
- OSSL_CMP_ITAV *itav =
- OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL);
- if (itav == NULL)
- goto err;
- OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
- }
+ if (opt_infotype != NID_undef) {
+ OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL);
+ if (itav == NULL)
+ goto err;
+ OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
+ }
- if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) {
- print_itavs(itavs);
- sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
- ret = 1;
- }
- break;
+ if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) {
+ print_itavs(itavs);
+ sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
+ ret = 1;
}
+ break;
+ }
default:
break;
}
@@ -3015,13 +3056,15 @@ int cmp_main(int argc, char **argv)
print_status();
if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx),
- opt_extracertsout, "extra") < 0)
+ opt_extracertsout, "extra")
+ < 0)
ret = 0;
if (!ret)
goto err;
ret = 0;
if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx),
- opt_cacertsout, "CA") < 0)
+ opt_cacertsout, "CA")
+ < 0)
goto err;
if (newcert != NULL) {
STACK_OF(X509) *certs = sk_X509_new_null();
@@ -3034,7 +3077,8 @@ int cmp_main(int argc, char **argv)
goto err;
}
if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_newChain(cmp_ctx),
- opt_chainout, "chain") < 0)
+ opt_chainout, "chain")
+ < 0)
goto err;
if (!OSSL_CMP_CTX_reinit(cmp_ctx))
@@ -3042,7 +3086,7 @@ int cmp_main(int argc, char **argv)
}
ret = 1;
- err:
+err:
/* in case we ended up here on error without proper cleaning */
cleanse(opt_keypass);
cleanse(opt_newkeypass);
diff --git a/apps/cms.c b/apps/cms.c
index 6184f7143fef..cbb268d4eced 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -24,31 +24,30 @@
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(CMS_ContentInfo *cms);
-static CMS_ReceiptRequest
-*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
+ STACK_OF(OPENSSL_STRING) *rr_from);
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
- STACK_OF(OPENSSL_STRING) *param);
+ STACK_OF(OPENSSL_STRING) *param);
-#define SMIME_OP 0x100
-#define SMIME_IP 0x200
-#define SMIME_SIGNERS 0x400
-#define SMIME_ENCRYPT (1 | SMIME_OP)
-#define SMIME_DECRYPT (2 | SMIME_IP)
-#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY (4 | SMIME_IP)
-#define SMIME_RESIGN (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_SIGN_RECEIPT (6 | SMIME_IP | SMIME_OP)
-#define SMIME_VERIFY_RECEIPT (7 | SMIME_IP)
-#define SMIME_DIGEST_CREATE (8 | SMIME_OP)
-#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
-#define SMIME_COMPRESS (10 | SMIME_OP)
-#define SMIME_UNCOMPRESS (11 | SMIME_IP)
+#define SMIME_OP 0x100
+#define SMIME_IP 0x200
+#define SMIME_SIGNERS 0x400
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT (2 | SMIME_IP)
+#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY (4 | SMIME_IP)
+#define SMIME_RESIGN (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_SIGN_RECEIPT (6 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT (7 | SMIME_IP)
+#define SMIME_DIGEST_CREATE (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
+#define SMIME_COMPRESS (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS (11 | SMIME_IP)
#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP)
#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
-#define SMIME_DATA_CREATE (14 | SMIME_OP)
-#define SMIME_DATA_OUT (15 | SMIME_IP)
-#define SMIME_CMSOUT (16 | SMIME_IP | SMIME_OP)
+#define SMIME_DATA_CREATE (14 | SMIME_OP)
+#define SMIME_DATA_OUT (15 | SMIME_IP)
+#define SMIME_CMSOUT (16 | SMIME_IP | SMIME_OP)
static int verify_err = 0;
@@ -62,184 +61,244 @@ struct cms_key_param_st {
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
- OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN,
- OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
- OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
- OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
- OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
- OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
- OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
- OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
- OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
- OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
- OPT_CAPATH, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
- OPT_CONTENT, OPT_PRINT, OPT_NAMEOPT,
- OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
- OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
- OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
- OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
- OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_ENCRYPT,
+ OPT_DECRYPT,
+ OPT_SIGN,
+ OPT_CADES,
+ OPT_SIGN_RECEIPT,
+ OPT_RESIGN,
+ OPT_VERIFY,
+ OPT_VERIFY_RETCODE,
+ OPT_VERIFY_RECEIPT,
+ OPT_CMSOUT,
+ OPT_DATA_OUT,
+ OPT_DATA_CREATE,
+ OPT_DIGEST_VERIFY,
+ OPT_DIGEST_CREATE,
+ OPT_COMPRESS,
+ OPT_UNCOMPRESS,
+ OPT_ED_DECRYPT,
+ OPT_ED_ENCRYPT,
+ OPT_DEBUG_DECRYPT,
+ OPT_TEXT,
+ OPT_ASCIICRLF,
+ OPT_NOINTERN,
+ OPT_NOVERIFY,
+ OPT_NOCERTS,
+ OPT_NOATTR,
+ OPT_NODETACH,
+ OPT_NOSMIMECAP,
+ OPT_BINARY,
+ OPT_KEYID,
+ OPT_NOSIGS,
+ OPT_NO_CONTENT_VERIFY,
+ OPT_NO_ATTR_VERIFY,
+ OPT_INDEF,
+ OPT_NOINDEF,
+ OPT_CRLFEOL,
+ OPT_NOOUT,
+ OPT_RR_PRINT,
+ OPT_RR_ALL,
+ OPT_RR_FIRST,
+ OPT_RCTFORM,
+ OPT_CERTFILE,
+ OPT_CAFILE,
+ OPT_CAPATH,
+ OPT_CASTORE,
+ OPT_NOCAPATH,
+ OPT_NOCAFILE,
+ OPT_NOCASTORE,
+ OPT_CONTENT,
+ OPT_PRINT,
+ OPT_NAMEOPT,
+ OPT_SECRETKEY,
+ OPT_SECRETKEYID,
+ OPT_PWRI_PASSWORD,
+ OPT_ECONTENT_TYPE,
+ OPT_PASSIN,
+ OPT_TO,
+ OPT_FROM,
+ OPT_SUBJECT,
+ OPT_SIGNER,
+ OPT_RECIP,
+ OPT_CERTSOUT,
+ OPT_MD,
+ OPT_INKEY,
+ OPT_KEYFORM,
+ OPT_KEYOPT,
+ OPT_RR_FROM,
+ OPT_RR_TO,
+ OPT_AES128_WRAP,
+ OPT_AES192_WRAP,
+ OPT_AES256_WRAP,
+ OPT_3DES_WRAP,
+ OPT_WRAP,
+ OPT_ENGINE,
OPT_R_ENUM,
- OPT_PROV_ENUM, OPT_CONFIG,
+ OPT_PROV_ENUM,
+ OPT_CONFIG,
OPT_V_ENUM,
OPT_CIPHER,
OPT_ORIGINATOR
} OPTION_CHOICE;
const OPTIONS cms_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
- {"help", OPT_HELP, '-', "Display this summary"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" },
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("General"),
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "out", OPT_OUT, '>', "Output file" },
OPT_CONFIG_OPTION,
OPT_SECTION("Operation"),
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
- {"sign", OPT_SIGN, '-', "Sign message"},
- {"verify", OPT_VERIFY, '-', "Verify signed message"},
- {"resign", OPT_RESIGN, '-', "Resign a signed message"},
- {"sign_receipt", OPT_SIGN_RECEIPT, '-',
- "Generate a signed receipt for a message"},
- {"verify_receipt", OPT_VERIFY_RECEIPT, '<',
- "Verify receipts; exit if receipt signatures do not verify"},
- {"digest_create", OPT_DIGEST_CREATE, '-',
- "Create a CMS \"DigestedData\" object"},
- {"digest_verify", OPT_DIGEST_VERIFY, '-',
- "Verify a CMS \"DigestedData\" object and output it"},
- {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"},
- {"uncompress", OPT_UNCOMPRESS, '-',
- "Uncompress a CMS \"CompressedData\" object"},
- {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
- "Create CMS \"EncryptedData\" object using symmetric key"},
- {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
- "Decrypt CMS \"EncryptedData\" object using symmetric key"},
- {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"},
- {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
- {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
+ { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" },
+ { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" },
+ { "sign", OPT_SIGN, '-', "Sign message" },
+ { "verify", OPT_VERIFY, '-', "Verify signed message" },
+ { "resign", OPT_RESIGN, '-', "Resign a signed message" },
+ { "sign_receipt", OPT_SIGN_RECEIPT, '-',
+ "Generate a signed receipt for a message" },
+ { "verify_receipt", OPT_VERIFY_RECEIPT, '<',
+ "Verify receipts; exit if receipt signatures do not verify" },
+ { "digest_create", OPT_DIGEST_CREATE, '-',
+ "Create a CMS \"DigestedData\" object" },
+ { "digest_verify", OPT_DIGEST_VERIFY, '-',
+ "Verify a CMS \"DigestedData\" object and output it" },
+ { "compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object" },
+ { "uncompress", OPT_UNCOMPRESS, '-',
+ "Uncompress a CMS \"CompressedData\" object" },
+ { "EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
+ "Create CMS \"EncryptedData\" object using symmetric key" },
+ { "EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
+ "Decrypt CMS \"EncryptedData\" object using symmetric key" },
+ { "data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object" },
+ { "data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output" },
+ { "cmsout", OPT_CMSOUT, '-', "Output CMS structure" },
OPT_SECTION("File format"),
- {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
- {"outform", OPT_OUTFORM, 'c',
- "Output format SMIME (default), PEM or DER"},
- {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
- {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
- {"indef", OPT_INDEF, '-', "Same as -stream"},
- {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
- {"binary", OPT_BINARY, '-',
- "Treat input as binary: do not translate to canonical form"},
- {"crlfeol", OPT_CRLFEOL, '-',
- "Use CRLF as EOL termination instead of LF only" },
- {"asciicrlf", OPT_ASCIICRLF, '-',
- "Perform CRLF canonicalisation when signing"},
+ { "inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER" },
+ { "outform", OPT_OUTFORM, 'c',
+ "Output format SMIME (default), PEM or DER" },
+ { "rctform", OPT_RCTFORM, 'F', "Receipt file format" },
+ { "stream", OPT_INDEF, '-', "Enable CMS streaming" },
+ { "indef", OPT_INDEF, '-', "Same as -stream" },
+ { "noindef", OPT_NOINDEF, '-', "Disable CMS streaming" },
+ { "binary", OPT_BINARY, '-',
+ "Treat input as binary: do not translate to canonical form" },
+ { "crlfeol", OPT_CRLFEOL, '-',
+ "Use CRLF as EOL termination instead of LF only" },
+ { "asciicrlf", OPT_ASCIICRLF, '-',
+ "Perform CRLF canonicalisation when signing" },
OPT_SECTION("Keys and passwords"),
- {"pwri_password", OPT_PWRI_PASSWORD, 's',
- "Specific password for recipient"},
- {"secretkey", OPT_SECRETKEY, 's',
- "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
- {"secretkeyid", OPT_SECRETKEYID, 's',
- "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
- {"inkey", OPT_INKEY, 's',
- "Input private key (if not signer or recipient)"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
- {"keyform", OPT_KEYFORM, 'f',
- "Input private key format (ENGINE, other values ignored)"},
+ { "pwri_password", OPT_PWRI_PASSWORD, 's',
+ "Specific password for recipient" },
+ { "secretkey", OPT_SECRETKEY, 's',
+ "Use specified hex-encoded key to decrypt/encrypt recipients or content" },
+ { "secretkeyid", OPT_SECRETKEYID, 's',
+ "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object" },
+ { "inkey", OPT_INKEY, 's',
+ "Input private key (if not signer or recipient)" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs" },
+ { "keyform", OPT_KEYFORM, 'f',
+ "Input private key format (ENGINE, other values ignored)" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" },
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
OPT_SECTION("Encryption and decryption"),
- {"originator", OPT_ORIGINATOR, 's', "Originator certificate file"},
- {"recip", OPT_RECIP, '<', "Recipient cert file"},
- {"cert...", OPT_PARAM, '.',
- "Recipient certs (optional; used only when encrypting)"},
- {"", OPT_CIPHER, '-',
- "The encryption algorithm to use (any supported cipher)"},
- {"wrap", OPT_WRAP, 's',
- "Key wrap algorithm to use when encrypting with key agreement"},
- {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
- {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
- {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
- {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
- {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
- "Disable MMA protection, return error if no recipient found (see doc)"},
+ { "originator", OPT_ORIGINATOR, 's', "Originator certificate file" },
+ { "recip", OPT_RECIP, '<', "Recipient cert file" },
+ { "cert...", OPT_PARAM, '.',
+ "Recipient certs (optional; used only when encrypting)" },
+ { "", OPT_CIPHER, '-',
+ "The encryption algorithm to use (any supported cipher)" },
+ { "wrap", OPT_WRAP, 's',
+ "Key wrap algorithm to use when encrypting with key agreement" },
+ { "aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key" },
+ { "aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key" },
+ { "aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key" },
+ { "des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key" },
+ { "debug_decrypt", OPT_DEBUG_DECRYPT, '-',
+ "Disable MMA protection, return error if no recipient found (see doc)" },
OPT_SECTION("Signing"),
- {"md", OPT_MD, 's', "Digest algorithm to use"},
- {"signer", OPT_SIGNER, 's', "Signer certificate input file"},
- {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
- {"cades", OPT_CADES, '-',
- "Include signingCertificate attribute (CAdES-BES)"},
- {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
- {"nocerts", OPT_NOCERTS, '-',
- "Don't include signer's certificate when signing"},
- {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
- {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
- {"receipt_request_all", OPT_RR_ALL, '-',
- "When signing, create a receipt request for all recipients"},
- {"receipt_request_first", OPT_RR_FIRST, '-',
- "When signing, create a receipt request for first recipient"},
- {"receipt_request_from", OPT_RR_FROM, 's',
- "Create signed receipt request with specified email address"},
- {"receipt_request_to", OPT_RR_TO, 's',
- "Create signed receipt targeted to specified address"},
+ { "md", OPT_MD, 's', "Digest algorithm to use" },
+ { "signer", OPT_SIGNER, 's', "Signer certificate input file" },
+ { "certfile", OPT_CERTFILE, '<', "Other certificates file" },
+ { "cades", OPT_CADES, '-',
+ "Include signingCertificate attribute (CAdES-BES)" },
+ { "nodetach", OPT_NODETACH, '-', "Use opaque signing" },
+ { "nocerts", OPT_NOCERTS, '-',
+ "Don't include signer's certificate when signing" },
+ { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" },
+ { "nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute" },
+ { "receipt_request_all", OPT_RR_ALL, '-',
+ "When signing, create a receipt request for all recipients" },
+ { "receipt_request_first", OPT_RR_FIRST, '-',
+ "When signing, create a receipt request for first recipient" },
+ { "receipt_request_from", OPT_RR_FROM, 's',
+ "Create signed receipt request with specified email address" },
+ { "receipt_request_to", OPT_RR_TO, 's',
+ "Create signed receipt targeted to specified address" },
OPT_SECTION("Verification"),
- {"signer", OPT_DUP, 's', "Signer certificate(s) output file"},
- {"content", OPT_CONTENT, '<',
- "Supply or override content for detached signature"},
- {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
- "Do not verify signed content signatures"},
- {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
- "Do not verify signed attribute signatures"},
- {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
- {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
- {"nointern", OPT_NOINTERN, '-',
- "Don't search certificates in message for signer"},
- {"cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)"},
- {"verify_retcode", OPT_VERIFY_RETCODE, '-',
- "Exit non-zero on verification failure"},
- {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
- {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
- {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
+ { "signer", OPT_DUP, 's', "Signer certificate(s) output file" },
+ { "content", OPT_CONTENT, '<',
+ "Supply or override content for detached signature" },
+ { "no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
+ "Do not verify signed content signatures" },
+ { "no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
+ "Do not verify signed attribute signatures" },
+ { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" },
+ { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" },
+ { "nointern", OPT_NOINTERN, '-',
+ "Don't search certificates in message for signer" },
+ { "cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)" },
+ { "verify_retcode", OPT_VERIFY_RETCODE, '-',
+ "Exit non-zero on verification failure" },
+ { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" },
+ { "CApath", OPT_CAPATH, '/', "Trusted certificates directory" },
+ { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
OPT_SECTION("Output"),
- {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
- {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"},
- {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
- {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
- {"to", OPT_TO, 's', "To address"},
- {"from", OPT_FROM, 's', "From address"},
- {"subject", OPT_SUBJECT, 's', "Subject"},
+ { "keyid", OPT_KEYID, '-', "Use subject key identifier" },
+ { "econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content" },
+ { "text", OPT_TEXT, '-', "Include or delete text MIME headers" },
+ { "certsout", OPT_CERTSOUT, '>', "Certificate output file" },
+ { "to", OPT_TO, 's', "To address" },
+ { "from", OPT_FROM, 's', "From address" },
+ { "subject", OPT_SUBJECT, 's', "Subject" },
OPT_SECTION("Printing"),
- {"noout", OPT_NOOUT, '-',
- "For the -cmsout operation do not output the parsed CMS structure"},
- {"print", OPT_PRINT, '-',
- "For the -cmsout operation print out all fields of the CMS structure"},
- {"nameopt", OPT_NAMEOPT, 's',
- "For the -print option specifies various strings printing options"},
- {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
+ { "noout", OPT_NOOUT, '-',
+ "For the -cmsout operation do not output the parsed CMS structure" },
+ { "print", OPT_PRINT, '-',
+ "For the -cmsout operation print out all fields of the CMS structure" },
+ { "nameopt", OPT_NAMEOPT, 's',
+ "For the -print option specifies various strings printing options" },
+ { "receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
OPT_V_OPTIONS,
- {NULL}
+ { NULL }
};
static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags,
- BIO **indata, const char *name)
+ BIO **indata, const char *name)
{
CMS_ContentInfo *ret, *ci;
@@ -267,7 +326,7 @@ static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags,
goto err;
}
return ret;
- err:
+err:
CMS_ContentInfo_free(ret);
return NULL;
}
@@ -319,7 +378,7 @@ int cms_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -460,7 +519,7 @@ int cms_main(int argc, char **argv)
break;
case OPT_RCTFORM:
if (!opt_format(opt_arg(),
- OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
+ OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
goto opthelp;
break;
case OPT_CERTFILE:
@@ -514,7 +573,7 @@ int cms_main(int argc, char **argv)
case OPT_SECRETKEY:
if (secret_key != NULL) {
BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
- opt_arg());
+ opt_arg());
goto opthelp;
}
secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
@@ -527,7 +586,7 @@ int cms_main(int argc, char **argv)
case OPT_SECRETKEYID:
if (secret_keyid != NULL) {
BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
- opt_arg());
+ opt_arg());
goto opthelp;
}
secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
@@ -543,7 +602,7 @@ int cms_main(int argc, char **argv)
case OPT_ECONTENT_TYPE:
if (econtent_type != NULL) {
BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
- opt_arg());
+ opt_arg());
goto opthelp;
}
econtent_type = OBJ_txt2obj(opt_arg(), 0);
@@ -623,7 +682,7 @@ int cms_main(int argc, char **argv)
case OPT_RECIP:
if (operation == SMIME_ENCRYPT) {
cert = load_cert(opt_arg(), FORMAT_UNDEF,
- "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
if (!sk_X509_push(encerts, cert))
@@ -735,13 +794,13 @@ int cms_main(int argc, char **argv)
if ((flags & CMS_CADES) != 0) {
if ((flags & CMS_NOATTR) != 0) {
BIO_puts(bio_err, "Incompatible options: "
- "CAdES requires signed attributes\n");
+ "CAdES requires signed attributes\n");
goto opthelp;
}
if (operation == SMIME_VERIFY
- && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) {
+ && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) {
BIO_puts(bio_err, "Incompatible options: CAdES validation requires"
- " certs and signed attributes validations\n");
+ " certs and signed attributes validations\n");
goto opthelp;
}
}
@@ -775,7 +834,7 @@ int cms_main(int argc, char **argv)
if (recipfile == NULL && keyfile == NULL
&& secret_key == NULL && pwri_pass == NULL) {
BIO_printf(bio_err,
- "No recipient certificate or key specified\n");
+ "No recipient certificate or key specified\n");
goto opthelp;
}
} else if (operation == SMIME_ENCRYPT) {
@@ -799,16 +858,16 @@ int cms_main(int argc, char **argv)
if ((operation & SMIME_SIGNERS) == 0) {
if ((flags & CMS_DETACHED) == 0)
BIO_printf(bio_err,
- "Warning: -nodetach option is ignored for non-signing operation\n");
+ "Warning: -nodetach option is ignored for non-signing operation\n");
flags &= ~CMS_DETACHED;
}
if ((operation & SMIME_IP) == 0 && contfile != NULL)
BIO_printf(bio_err,
- "Warning: -contfile option is ignored for the given operation\n");
+ "Warning: -contfile option is ignored for the given operation\n");
if (operation != SMIME_ENCRYPT && *argv != NULL)
BIO_printf(bio_err,
- "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
+ "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
if ((flags & CMS_BINARY) != 0) {
if (!(operation & SMIME_OP))
@@ -838,7 +897,7 @@ int cms_main(int argc, char **argv)
for (; *argv != NULL; argv++) {
cert = load_cert(*argv, FORMAT_UNDEF,
- "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
if (!sk_X509_push(encerts, cert))
@@ -856,7 +915,8 @@ int cms_main(int argc, char **argv)
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
- "recipient certificate file")) == NULL) {
+ "recipient certificate file"))
+ == NULL) {
ERR_print_errors(bio_err);
goto end;
}
@@ -864,7 +924,8 @@ int cms_main(int argc, char **argv)
if (originatorfile != NULL) {
if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
- "originator certificate file")) == NULL) {
+ "originator certificate file"))
+ == NULL) {
ERR_print_errors(bio_err);
goto end;
}
@@ -872,7 +933,8 @@ int cms_main(int argc, char **argv)
if (operation == SMIME_SIGN_RECEIPT) {
if ((signer = load_cert(signerfile, FORMAT_UNDEF,
- "receipt signer certificate file")) == NULL) {
+ "receipt signer certificate file"))
+ == NULL) {
ERR_print_errors(bio_err);
goto end;
}
@@ -895,7 +957,7 @@ int cms_main(int argc, char **argv)
}
in = bio_open_default(infile, 'r',
- binary_files ? FORMAT_BINARY : informat);
+ binary_files ? FORMAT_BINARY : informat);
if (in == NULL)
goto end;
@@ -915,7 +977,7 @@ int cms_main(int argc, char **argv)
allcerts = CMS_get1_certs(cms);
if (!save_certs(certsoutfile, allcerts)) {
BIO_printf(bio_err,
- "Error writing certs to %s\n", certsoutfile);
+ "Error writing certs to %s\n", certsoutfile);
ret = 5;
goto end;
}
@@ -937,13 +999,14 @@ int cms_main(int argc, char **argv)
}
out = bio_open_default(outfile, 'w',
- binary_files ? FORMAT_BINARY : outformat);
+ binary_files ? FORMAT_BINARY : outformat);
if (out == NULL)
goto end;
if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) == NULL)
+ CAstore, noCAstore))
+ == NULL)
goto end;
X509_STORE_set_verify_cb(store, cms_cb);
if (vpmtouched)
@@ -989,13 +1052,13 @@ int cms_main(int argc, char **argv)
}
res = EVP_PKEY_CTX_ctrl(pctx, -1, -1,
- EVP_PKEY_CTRL_CIPHER,
- EVP_CIPHER_get_nid(cipher), NULL);
+ EVP_PKEY_CTRL_CIPHER,
+ EVP_CIPHER_get_nid(cipher), NULL);
if (res <= 0 && res != -2)
goto end;
if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
- && wrap_cipher != NULL) {
+ && wrap_cipher != NULL) {
EVP_CIPHER_CTX *wctx;
wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
@@ -1004,9 +1067,9 @@ int cms_main(int argc, char **argv)
if (secret_key != NULL) {
if (!CMS_add0_recipient_key(cms, NID_undef,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen,
- NULL, NULL, NULL))
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
goto end;
/* NULL these because call absorbs them */
secret_key = NULL;
@@ -1017,8 +1080,9 @@ int cms_main(int argc, char **argv)
if (pwri_tmp == NULL)
goto end;
if (CMS_add0_recipient_password(cms,
- -1, NID_undef, NID_undef,
- pwri_tmp, -1, NULL) == NULL)
+ -1, NID_undef, NID_undef,
+ pwri_tmp, -1, NULL)
+ == NULL)
goto end;
pwri_tmp = NULL;
}
@@ -1026,7 +1090,7 @@ int cms_main(int argc, char **argv)
if (!CMS_final(cms, in, NULL, flags)) {
if (originator != NULL
&& ERR_GET_REASON(ERR_peek_error())
- == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
+ == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
BIO_printf(bio_err, "Cannot use originator for encryption\n");
goto end;
}
@@ -1035,7 +1099,7 @@ int cms_main(int argc, char **argv)
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
- secret_keylen, flags, libctx, app_get0_propq());
+ secret_keylen, flags, libctx, app_get0_propq());
} else if (operation == SMIME_SIGN_RECEIPT) {
CMS_ContentInfo *srcms = NULL;
@@ -1137,8 +1201,8 @@ int cms_main(int argc, char **argv)
if (secret_key != NULL) {
if (!CMS_decrypt_set1_key(cms,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen)) {
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen)) {
BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
goto end;
}
@@ -1177,15 +1241,15 @@ int cms_main(int argc, char **argv)
}
} else if (operation == SMIME_ENCRYPTED_DECRYPT) {
if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
- indata, out, flags))
+ indata, out, flags))
goto end;
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
BIO_printf(bio_err, "%s Verification successful\n",
- (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
+ (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
} else {
BIO_printf(bio_err, "%s Verification failure\n",
- (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
+ (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
if (verify_retcode)
ret = verify_err + 32;
goto end;
@@ -1195,7 +1259,7 @@ int cms_main(int argc, char **argv)
if (!save_certs(signerfile, signers)) {
BIO_printf(bio_err,
- "Error writing signers to %s\n", signerfile);
+ "Error writing signers to %s\n", signerfile);
ret = 5;
goto end;
}
@@ -1252,7 +1316,7 @@ int cms_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
@@ -1327,7 +1391,6 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx)
policies_print(ctx);
return ok;
-
}
static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
@@ -1371,7 +1434,7 @@ static void receipt_request_print(CMS_ContentInfo *cms)
const char *id;
int idlen;
CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
- &rlist, &rto);
+ &rlist, &rto);
BIO_puts(bio_err, " Signed Content ID:\n");
idlen = ASN1_STRING_length(scid);
id = (const char *)ASN1_STRING_get0_data(scid);
@@ -1421,16 +1484,15 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
return ret;
- err:
+err:
sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
GENERAL_NAMES_free(gens);
GENERAL_NAME_free(gen);
return NULL;
}
-static CMS_ReceiptRequest
-*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from)
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
+ STACK_OF(OPENSSL_STRING) *rr_from)
{
STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
@@ -1446,18 +1508,18 @@ static CMS_ReceiptRequest
rct_from = NULL;
}
rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
- rct_to, app_get0_libctx());
+ rct_to, app_get0_libctx());
if (rr == NULL)
goto err;
return rr;
- err:
+err:
sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free);
return NULL;
}
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
- STACK_OF(OPENSSL_STRING) *param)
+ STACK_OF(OPENSSL_STRING) *param)
{
char *keyopt;
int i;
diff --git a/apps/crl.c b/apps/crl.c
index 2158a107e551..002eff7be7c4 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -20,58 +20,81 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
- OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
- OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
- OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH,
- OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM
+ OPT_INFORM,
+ OPT_IN,
+ OPT_OUTFORM,
+ OPT_OUT,
+ OPT_KEYFORM,
+ OPT_KEY,
+ OPT_ISSUER,
+ OPT_LASTUPDATE,
+ OPT_NEXTUPDATE,
+ OPT_FINGERPRINT,
+ OPT_CRLNUMBER,
+ OPT_BADSIG,
+ OPT_GENDELTA,
+ OPT_CAPATH,
+ OPT_CAFILE,
+ OPT_CASTORE,
+ OPT_NOCAPATH,
+ OPT_NOCAFILE,
+ OPT_NOCASTORE,
+ OPT_VERIFY,
+ OPT_DATEOPT,
+ OPT_TEXT,
+ OPT_HASH,
+ OPT_HASH_OLD,
+ OPT_NOOUT,
+ OPT_NAMEOPT,
+ OPT_MD,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "verify", OPT_VERIFY, '-', "Verify CRL signature" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file - default stdin"},
- {"inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect"},
- {"key", OPT_KEY, '<', "CRL signing Private key to use"},
- {"keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect"},
+ { "in", OPT_IN, '<', "Input file - default stdin" },
+ { "inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect" },
+ { "key", OPT_KEY, '<', "CRL signing Private key to use" },
+ { "keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "output file - default stdout"},
- {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
- {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."},
- {"text", OPT_TEXT, '-', "Print out a text format version"},
- {"hash", OPT_HASH, '-', "Print hash value"},
+ { "out", OPT_OUT, '>', "output file - default stdout" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" },
+ { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." },
+ { "text", OPT_TEXT, '-', "Print out a text format version" },
+ { "hash", OPT_HASH, '-', "Print hash value" },
#ifndef OPENSSL_NO_MD5
- {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
+ { "hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value" },
#endif
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"", OPT_MD, '-', "Any supported digest"},
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
+ { "", OPT_MD, '-', "Any supported digest" },
OPT_SECTION("CRL"),
- {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
- {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
- {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
- {"noout", OPT_NOOUT, '-', "No CRL output"},
- {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
- {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
- {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
- {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
+ { "issuer", OPT_ISSUER, '-', "Print issuer DN" },
+ { "lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field" },
+ { "nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field" },
+ { "noout", OPT_NOOUT, '-', "No CRL output" },
+ { "fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint" },
+ { "crlnumber", OPT_CRLNUMBER, '-', "Print CRL number" },
+ { "badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
+ { "gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one" },
OPT_SECTION("Certificate"),
- {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
- {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
- {"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
+ { "CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir" },
+ { "CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name" },
+ { "CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int crl_main(int argc, char **argv)
@@ -103,7 +126,7 @@ int crl_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -147,13 +170,13 @@ int crl_main(int argc, char **argv)
do_ver = 1;
break;
case OPT_NOCAPATH:
- noCApath = 1;
+ noCApath = 1;
break;
case OPT_NOCAFILE:
- noCAfile = 1;
+ noCAfile = 1;
break;
case OPT_NOCASTORE:
- noCAstore = 1;
+ noCAstore = 1;
break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
@@ -223,7 +246,8 @@ int crl_main(int argc, char **argv)
if (do_ver) {
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) == NULL)
+ CAstore, noCAstore))
+ == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
@@ -235,7 +259,7 @@ int crl_main(int argc, char **argv)
}
xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
- X509_CRL_get_issuer(x));
+ X509_CRL_get_issuer(x));
if (xobj == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
@@ -310,9 +334,8 @@ int crl_main(int argc, char **argv)
}
if (hash == i) {
int ok;
- unsigned long hash_value =
- X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(),
- app_get0_propq(), &ok);
+ unsigned long hash_value = X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(),
+ app_get0_propq(), &ok);
if (num > 1)
BIO_printf(bio_out, "issuer name hash=");
@@ -328,7 +351,7 @@ int crl_main(int argc, char **argv)
if (num > 1)
BIO_printf(bio_out, "issuer name old hash=");
BIO_printf(bio_out, "%08lx\n",
- X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+ X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
@@ -354,10 +377,9 @@ int crl_main(int argc, char **argv)
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
- EVP_MD_get0_name(digest));
+ EVP_MD_get0_name(digest));
for (j = 0; j < (int)n; j++) {
- BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
- ? '\n' : ':');
+ BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':');
}
}
}
@@ -384,7 +406,7 @@ int crl_main(int argc, char **argv)
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
diff --git a/apps/crl2pkcs7.c b/apps/crl2pkcs7.c
index fe59e654270d..70f69ca2c215 100644
--- a/apps/crl2pkcs7.c
+++ b/apps/crl2pkcs7.c
@@ -23,27 +23,32 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_NOCRL,
+ OPT_CERTFILE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
- {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
- {"certfile", OPT_CERTFILE, '<',
- "File of chain of certs to a trusted CA; can be repeated"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" },
+ { "nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'" },
+ { "certfile", OPT_CERTFILE, '<',
+ "File of chain of certs to a trusted CA; can be repeated" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int crl2pkcs7_main(int argc, char **argv)
@@ -56,8 +61,7 @@ int crl2pkcs7_main(int argc, char **argv)
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
- int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
- 0;
+ int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl = 0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, crl2pkcs7_options);
@@ -65,7 +69,7 @@ int crl2pkcs7_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -140,7 +144,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
- crl = NULL; /* now part of p7 for OPENSSL_freeing */
+ crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if (certflst != NULL) {
@@ -172,7 +176,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
}
ret = 0;
- end:
+end:
sk_OPENSSL_STRING_free(certflst);
BIO_free(in);
BIO_free_all(out);
@@ -225,7 +229,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
}
ret = count;
- end:
+end:
/* never need to OPENSSL_free x */
BIO_free(in);
sk_X509_INFO_free(sk);
diff --git a/apps/dgst.c b/apps/dgst.c
index 51383bec26ca..c1164b7f7ac0 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -22,12 +22,12 @@
#include <ctype.h>
#undef BUFSIZE
-#define BUFSIZE 1024*8
+#define BUFSIZE 1024 * 8
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
- EVP_PKEY *key, unsigned char *sigin, int siglen,
- const char *sig_name, const char *md_name,
- const char *file);
+ EVP_PKEY *key, unsigned char *sigin, int siglen,
+ const char *sig_name, const char *md_name,
+ const char *file);
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
@@ -38,57 +38,74 @@ struct doall_dgst_digests {
typedef enum OPTION_choice {
OPT_COMMON,
OPT_LIST,
- OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
- OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
- OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
- OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
+ OPT_C,
+ OPT_R,
+ OPT_OUT,
+ OPT_SIGN,
+ OPT_PASSIN,
+ OPT_VERIFY,
+ OPT_PRVERIFY,
+ OPT_SIGNATURE,
+ OPT_KEYFORM,
+ OPT_ENGINE,
+ OPT_ENGINE_IMPL,
+ OPT_HEX,
+ OPT_BINARY,
+ OPT_DEBUG,
+ OPT_FIPS_FINGERPRINT,
+ OPT_HMAC,
+ OPT_MAC,
+ OPT_SIGOPT,
+ OPT_MACOPT,
+ OPT_XOFLEN,
OPT_DIGEST,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"list", OPT_LIST, '-', "List digests"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "list", OPT_LIST, '-', "List digests" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
- {"engine_impl", OPT_ENGINE_IMPL, '-',
- "Also use engine given by -engine for digest operations"},
+ { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" },
+ { "engine_impl", OPT_ENGINE_IMPL, '-',
+ "Also use engine given by -engine for digest operations" },
#endif
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
OPT_SECTION("Output"),
- {"c", OPT_C, '-', "Print the digest with separating colons"},
- {"r", OPT_R, '-', "Print the digest in coreutils format"},
- {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
- {"hex", OPT_HEX, '-', "Print as hex dump"},
- {"binary", OPT_BINARY, '-', "Print in binary form"},
- {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
- {"d", OPT_DEBUG, '-', "Print debug info"},
- {"debug", OPT_DEBUG, '-', "Print debug info"},
+ { "c", OPT_C, '-', "Print the digest with separating colons" },
+ { "r", OPT_R, '-', "Print the digest in coreutils format" },
+ { "out", OPT_OUT, '>', "Output to filename rather than stdout" },
+ { "keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)" },
+ { "hex", OPT_HEX, '-', "Print as hex dump" },
+ { "binary", OPT_BINARY, '-', "Print in binary form" },
+ { "xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256" },
+ { "d", OPT_DEBUG, '-', "Print debug info" },
+ { "debug", OPT_DEBUG, '-', "Print debug info" },
OPT_SECTION("Signing"),
- {"sign", OPT_SIGN, 's', "Sign digest using private key"},
- {"verify", OPT_VERIFY, 's', "Verify a signature using public key"},
- {"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"},
- {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
- {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
- {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
- {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
- {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
- {"", OPT_DIGEST, '-', "Any supported digest"},
- {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
- "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
+ { "sign", OPT_SIGN, 's', "Sign digest using private key" },
+ { "verify", OPT_VERIFY, 's', "Verify a signature using public key" },
+ { "prverify", OPT_PRVERIFY, 's', "Verify a signature using private key" },
+ { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" },
+ { "signature", OPT_SIGNATURE, '<', "File with signature to verify" },
+ { "hmac", OPT_HMAC, 's', "Create hashed MAC with key" },
+ { "mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)" },
+ { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key" },
+ { "", OPT_DIGEST, '-', "Any supported digest" },
+ { "fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
+ "Compute HMAC with the key used in OpenSSL-FIPS fingerprint" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"file", 0, 0, "Files to digest (optional; default is stdin)"},
- {NULL}
+ { "file", 0, 0, "Files to digest (optional; default is stdin)" },
+ { NULL }
};
int dgst_main(int argc, char **argv)
@@ -122,7 +139,7 @@ int dgst_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -134,7 +151,7 @@ int dgst_main(int argc, char **argv)
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
- show_digests, &dec);
+ show_digests, &dec);
BIO_printf(bio_out, "\n");
ret = EXIT_SUCCESS;
goto end;
@@ -238,7 +255,7 @@ int dgst_main(int argc, char **argv)
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
- "No signature to verify: use the -signature option\n");
+ "No signature to verify: use the -signature option\n");
goto end;
}
if (engine_impl)
@@ -330,8 +347,8 @@ int dgst_main(int argc, char **argv)
digestname = SN_sha256;
}
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
- (unsigned char *)hmac_key,
- strlen(hmac_key));
+ (unsigned char *)hmac_key,
+ strlen(hmac_key));
if (sigkey == NULL)
goto end;
}
@@ -348,17 +365,16 @@ int dgst_main(int argc, char **argv)
if (do_verify)
if (impl == NULL)
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
- app_get0_libctx(),
- app_get0_propq(), sigkey, NULL);
+ app_get0_libctx(),
+ app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+ else if (impl == NULL)
+ res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
+ app_get0_libctx(),
+ app_get0_propq(), sigkey, NULL);
else
- if (impl == NULL)
- res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
- app_get0_libctx(),
- app_get0_propq(), sigkey, NULL);
- else
- res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+ res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (res == 0) {
BIO_printf(bio_err, "Error setting context\n");
goto end;
@@ -369,7 +385,7 @@ int dgst_main(int argc, char **argv)
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
BIO_printf(bio_err, "Signature parameter error \"%s\"\n",
- sigopt);
+ sigopt);
goto end;
}
}
@@ -436,7 +452,7 @@ int dgst_main(int argc, char **argv)
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf,
- siglen, NULL, md_name, "stdin");
+ siglen, NULL, md_name, "stdin");
} else {
const char *sig_name = NULL;
@@ -452,13 +468,13 @@ int dgst_main(int argc, char **argv)
continue;
} else {
if (do_fp(out, buf, inp, separator, out_bin, xoflen,
- sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
+ sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
ret = EXIT_FAILURE;
}
(void)BIO_reset(bmd);
}
}
- end:
+end:
if (ret != EXIT_SUCCESS)
ERR_print_errors(bio_err);
OPENSSL_clear_free(buf, BUFSIZE);
@@ -515,7 +531,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
-static const char *newline_escape_filename(const char *file, int * backslash)
+static const char *newline_escape_filename(const char *file, int *backslash)
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
@@ -528,7 +544,7 @@ static const char *newline_escape_filename(const char *file, int * backslash)
file_cpy = app_malloc(mem_len, file);
i = 0;
- while(e < length) {
+ while (e < length) {
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
@@ -540,14 +556,13 @@ static const char *newline_escape_filename(const char *file, int * backslash)
e++;
}
file_cpy[i] = '\0';
- return (const char*)file_cpy;
+ return (const char *)file_cpy;
}
-
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
- EVP_PKEY *key, unsigned char *sigin, int siglen,
- const char *sig_name, const char *md_name,
- const char *file)
+ EVP_PKEY *key, unsigned char *sigin, int siglen,
+ const char *sig_name, const char *md_name,
+ const char *file)
{
size_t len = BUFSIZE;
int i, backslash = 0, ret = EXIT_FAILURE;
@@ -650,7 +665,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
}
ret = EXIT_SUCCESS;
- end:
+end:
if (allocated_buf != NULL)
OPENSSL_clear_free(allocated_buf, len);
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 2a54dca9d8b5..a5a3736c3a55 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -35,45 +35,55 @@ static int gendh_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
- OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
- OPT_DSAPARAM, OPT_2, OPT_3, OPT_5,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_ENGINE,
+ OPT_CHECK,
+ OPT_TEXT,
+ OPT_NOOUT,
+ OPT_DSAPARAM,
+ OPT_2,
+ OPT_3,
+ OPT_5,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"check", OPT_CHECK, '-', "Check the DH parameters"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "check", OPT_CHECK, '-', "Check the DH parameters" },
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
- {"dsaparam", OPT_DSAPARAM, '-',
- "Read or generate DSA parameters, convert to DH"},
+ { "dsaparam", OPT_DSAPARAM, '-',
+ "Read or generate DSA parameters, convert to DH" },
#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'F', "Input format, DER or PEM" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
- {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
- {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
- {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
- {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"},
- {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format, DER or PEM" },
+ { "text", OPT_TEXT, '-', "Print a text form of the DH parameters" },
+ { "noout", OPT_NOOUT, '-', "Don't output any DH parameters" },
+ { "2", OPT_2, '-', "Generate parameters using 2 as the generator value" },
+ { "3", OPT_3, '-', "Generate parameters using 3 as the generator value" },
+ { "5", OPT_5, '-', "Generate parameters using 5 as the generator value" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
- {NULL}
+ { "numbits", 0, 0, "Number of bits if generating parameters (optional)" },
+ { NULL }
};
int dhparam_main(int argc, char **argv)
@@ -93,7 +103,7 @@ int dhparam_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -166,7 +176,7 @@ int dhparam_main(int argc, char **argv)
if (dsaparam && g) {
BIO_printf(bio_err,
- "Error, generator may not be chosen for DSA parameters\n");
+ "Error, generator may not be chosen for DSA parameters\n");
goto end;
}
@@ -188,20 +198,20 @@ int dhparam_main(int argc, char **argv)
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
- "Error, %s param generation context allocation failed\n",
- alg);
+ "Error, %s param generation context allocation failed\n",
+ alg);
goto end;
}
EVP_PKEY_CTX_set_cb(ctx, gendh_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
BIO_printf(bio_err,
- "Generating %s parameters, %d bit long %sprime\n",
- alg, num, dsaparam ? "" : "safe ");
+ "Generating %s parameters, %d bit long %sprime\n",
+ alg, num, dsaparam ? "" : "safe ");
if (EVP_PKEY_paramgen_init(ctx) <= 0) {
BIO_printf(bio_err,
- "Error, unable to initialise %s parameters\n",
- alg);
+ "Error, unable to initialise %s parameters\n",
+ alg);
goto end;
}
@@ -251,32 +261,34 @@ int dhparam_main(int argc, char **argv)
*/
done = 1;
/*
- * We set NULL for the keytype to allow any key type. We don't know
- * if we're going to get DH or DHX (or DSA in the event of dsaparam).
- * We check that we got one of those key types afterwards.
- */
+ * We set NULL for the keytype to allow any key type. We don't know
+ * if we're going to get DH or DHX (or DSA in the event of dsaparam).
+ * We check that we got one of those key types afterwards.
+ */
decoderctx
= OSSL_DECODER_CTX_new_for_pkey(&tmppkey,
- (informat == FORMAT_ASN1)
- ? "DER" : "PEM",
- NULL,
- (informat == FORMAT_ASN1)
- ? keytype : NULL,
- OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
- NULL, NULL);
+ (informat == FORMAT_ASN1)
+ ? "DER"
+ : "PEM",
+ NULL,
+ (informat == FORMAT_ASN1)
+ ? keytype
+ : NULL,
+ OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+ NULL, NULL);
if (decoderctx != NULL
- && !OSSL_DECODER_from_bio(decoderctx, in)
- && informat == FORMAT_ASN1
- && strcmp(keytype, "DH") == 0) {
+ && !OSSL_DECODER_from_bio(decoderctx, in)
+ && informat == FORMAT_ASN1
+ && strcmp(keytype, "DH") == 0) {
/*
- * When reading DER we explicitly state the expected keytype
- * because, unlike PEM, there is no header to declare what
- * the contents of the DER file are. The decoders just try
- * and guess. Unfortunately with DHX key types they may guess
- * wrong and think we have a DSA keytype. Therefore we try
- * both DH and DHX sequentially.
- */
+ * When reading DER we explicitly state the expected keytype
+ * because, unlike PEM, there is no header to declare what
+ * the contents of the DER file are. The decoders just try
+ * and guess. Unfortunately with DHX key types they may guess
+ * wrong and think we have a DSA keytype. Therefore we try
+ * both DH and DHX sequentially.
+ */
keytype = "DHX";
/*
* BIO_reset() returns 0 for success for file BIOs only!!!
@@ -302,7 +314,7 @@ int dhparam_main(int argc, char **argv)
goto end;
} else {
if (!EVP_PKEY_is_a(tmppkey, "DH")
- && !EVP_PKEY_is_a(tmppkey, "DHX")) {
+ && !EVP_PKEY_is_a(tmppkey, "DHX")) {
BIO_printf(bio_err, "Error, unable to load DH parameters\n");
goto end;
}
@@ -328,12 +340,12 @@ int dhparam_main(int argc, char **argv)
}
if (!noout) {
- OSSL_ENCODER_CTX *ectx =
- OSSL_ENCODER_CTX_new_for_pkey(pkey,
- OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
- outformat == FORMAT_ASN1
- ? "DER" : "PEM",
- NULL, NULL);
+ OSSL_ENCODER_CTX *ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey,
+ OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+ outformat == FORMAT_ASN1
+ ? "DER"
+ : "PEM",
+ NULL, NULL);
if (ectx == NULL || !OSSL_ENCODER_to_bio(ectx, out)) {
OSSL_ENCODER_CTX_free(ectx);
@@ -343,7 +355,7 @@ int dhparam_main(int argc, char **argv)
OSSL_ENCODER_CTX_free(ectx);
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free(in);
@@ -369,33 +381,33 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)
EVP_PKEY *pkey = NULL;
if (!EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_P, &bn_p)
- || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q)
- || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) {
+ || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q)
+ || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) {
BIO_printf(bio_err, "Error, failed to set DH parameters\n");
goto err;
}
if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
- || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P,
- bn_p)
- || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q,
- bn_q)
- || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G,
- bn_g)
- || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P,
+ bn_p)
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q,
+ bn_q)
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G,
+ bn_g)
+ || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
BIO_printf(bio_err, "Error, failed to set DH parameters\n");
goto err;
}
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq());
if (ctx == NULL
- || EVP_PKEY_fromdata_init(ctx) <= 0
- || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) {
+ || EVP_PKEY_fromdata_init(ctx) <= 0
+ || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) {
BIO_printf(bio_err, "Error, failed to set DH parameters\n");
goto err;
}
- err:
+err:
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(tmpl);
diff --git a/apps/dsa.c b/apps/dsa.c
index 51c02843539f..d8bf5ee614c9 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -27,51 +27,63 @@
#include <openssl/core_dispatch.h>
#ifndef OPENSSL_NO_RC4
-# define DEFAULT_PVK_ENCR_STRENGTH 2
+#define DEFAULT_PVK_ENCR_STRENGTH 2
#else
-# define DEFAULT_PVK_ENCR_STRENGTH 0
+#define DEFAULT_PVK_ENCR_STRENGTH 0
#endif
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_ENGINE,
/* Do not change the order here; see case statements below */
- OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
- OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
- OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT,
+ OPT_PVK_NONE,
+ OPT_PVK_WEAK,
+ OPT_PVK_STRONG,
+ OPT_NOOUT,
+ OPT_TEXT,
+ OPT_MODULUS,
+ OPT_PUBIN,
+ OPT_PUBOUT,
+ OPT_CIPHER,
+ OPT_PASSIN,
+ OPT_PASSOUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsa_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "", OPT_CIPHER, '-', "Any supported cipher" },
#ifndef OPENSSL_NO_RC4
- {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
- {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
- {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+ { "pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)" },
+ { "pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level" },
+ { "pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding" },
#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, 's', "Input key"},
- {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect"},
- {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ { "in", OPT_IN, 's', "Input key" },
+ { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect" },
+ { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
- {"noout", OPT_NOOUT, '-', "Don't print key out"},
- {"text", OPT_TEXT, '-', "Print the key in text"},
- {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
- {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK" },
+ { "noout", OPT_NOOUT, '-', "Don't print key out" },
+ { "text", OPT_TEXT, '-', "Print the key in text" },
+ { "modulus", OPT_MODULUS, '-', "Print the DSA public value" },
+ { "pubout", OPT_PUBOUT, '-', "Output public key, not private" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int dsa_main(int argc, char **argv)
@@ -97,7 +109,7 @@ int dsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
@@ -128,9 +140,9 @@ int dsa_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
- case OPT_PVK_STRONG: /* pvk_encr:= 2 */
- case OPT_PVK_WEAK: /* pvk_encr:= 1 */
- case OPT_PVK_NONE: /* pvk_encr:= 0 */
+ case OPT_PVK_STRONG: /* pvk_encr:= 2 */
+ case OPT_PVK_WEAK: /* pvk_encr:= 1 */
+ case OPT_PVK_NONE: /* pvk_encr:= 0 */
#ifndef OPENSSL_NO_RC4
pvk_encr = (o - OPT_PVK_NONE);
#endif
@@ -256,12 +268,12 @@ int dsa_main(int argc, char **argv)
} else {
assert(private);
selection = (OSSL_KEYMGMT_SELECT_KEYPAIR
- | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+ | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
}
/* Perform the encoding */
ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, output_type,
- output_structure, NULL);
+ output_structure, NULL);
if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
BIO_printf(bio_err, "%s format not supported\n", output_type);
goto end;
@@ -277,8 +289,8 @@ int dsa_main(int argc, char **argv)
if (passout != NULL)
/* When passout given, override the passphrase prompter */
OSSL_ENCODER_CTX_set_passphrase(ectx,
- (const unsigned char *)passout,
- strlen(passout));
+ (const unsigned char *)passout,
+ strlen(passout));
}
/* PVK requires a bit more */
@@ -297,7 +309,7 @@ int dsa_main(int argc, char **argv)
goto end;
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
OSSL_ENCODER_CTX_free(ectx);
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index ca91beb5b893..88c0123ba921 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -29,38 +29,46 @@ static int gendsa_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
- OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_TEXT,
+ OPT_NOOUT,
+ OPT_GENKEY,
+ OPT_ENGINE,
+ OPT_VERBOSE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
- {"text", OPT_TEXT, '-', "Print as text"},
- {"noout", OPT_NOOUT, '-', "No output"},
- {"verbose", OPT_VERBOSE, '-', "Verbose output"},
- {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" },
+ { "text", OPT_TEXT, '-', "Print as text" },
+ { "noout", OPT_NOOUT, '-', "No output" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose output" },
+ { "genkey", OPT_GENKEY, '-', "Generate a DSA key" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
- {NULL}
+ { "numbits", 0, 0, "Number of bits if generating parameters (optional)" },
+ { NULL }
};
int dsaparam_main(int argc, char **argv)
@@ -80,7 +88,7 @@ int dsaparam_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -150,31 +158,31 @@ int dsaparam_main(int argc, char **argv)
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DSA", app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
- "Error, DSA parameter generation context allocation failed\n");
+ "Error, DSA parameter generation context allocation failed\n");
goto end;
}
if (numbits > 0) {
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
- "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
- " Your key size is %d! Larger key size may behave not as expected.\n",
- OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
+ "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+ " Your key size is %d! Larger key size may behave not as expected.\n",
+ OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
EVP_PKEY_CTX_set_cb(ctx, gendsa_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (verbose) {
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
- num);
+ num);
BIO_printf(bio_err, "This could take some time\n");
}
if (EVP_PKEY_paramgen_init(ctx) <= 0) {
BIO_printf(bio_err,
- "Error, DSA key generation paramgen init failed\n");
+ "Error, DSA key generation paramgen init failed\n");
goto end;
}
if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) {
BIO_printf(bio_err,
- "Error, DSA key generation setting bit length failed\n");
+ "Error, DSA key generation setting bit length failed\n");
goto end;
}
params = app_paramgen(ctx, "DSA");
@@ -206,15 +214,15 @@ int dsaparam_main(int argc, char **argv)
if (genkey) {
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params,
- app_get0_propq());
+ app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
- "Error, DSA key generation context allocation failed\n");
+ "Error, DSA key generation context allocation failed\n");
goto end;
}
if (EVP_PKEY_keygen_init(ctx) <= 0) {
BIO_printf(bio_err,
- "Error, unable to initialise for key generation\n");
+ "Error, unable to initialise for key generation\n");
goto end;
}
pkey = app_keygen(ctx, "DSA", numbits, verbose);
@@ -227,7 +235,7 @@ int dsaparam_main(int argc, char **argv)
i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
diff --git a/apps/ec.c b/apps/ec.c
index e2dd6f2b48f3..56b1dc875c56 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -23,42 +23,56 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
- OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
- OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
- OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_ENGINE,
+ OPT_IN,
+ OPT_OUT,
+ OPT_NOOUT,
+ OPT_TEXT,
+ OPT_PARAM_OUT,
+ OPT_PUBIN,
+ OPT_PUBOUT,
+ OPT_PASSIN,
+ OPT_PASSOUT,
+ OPT_PARAM_ENC,
+ OPT_CONV_FORM,
+ OPT_CIPHER,
+ OPT_NO_PUBLIC,
+ OPT_CHECK,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ec_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, 's', "Input file"},
- {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
- {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"check", OPT_CHECK, '-', "check key consistency"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- {"param_enc", OPT_PARAM_ENC, 's',
- "Specifies the way the ec parameters are encoded"},
- {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+ { "in", OPT_IN, 's', "Input file" },
+ { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)" },
+ { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "check", OPT_CHECK, '-', "check key consistency" },
+ { "", OPT_CIPHER, '-', "Any supported cipher" },
+ { "param_enc", OPT_PARAM_ENC, 's',
+ "Specifies the way the ec parameters are encoded" },
+ { "conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form " },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
- {"noout", OPT_NOOUT, '-', "Don't print key out"},
- {"text", OPT_TEXT, '-', "Print the key"},
- {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
- {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
- {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" },
+ { "noout", OPT_NOOUT, '-', "Don't print key out" },
+ { "text", OPT_TEXT, '-', "Print the key" },
+ { "param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters" },
+ { "pubout", OPT_PUBOUT, '-', "Output public key, not private" },
+ { "no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int ec_main(int argc, char **argv)
@@ -85,7 +99,7 @@ int ec_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -192,15 +206,15 @@ int ec_main(int argc, char **argv)
if (point_format
&& !EVP_PKEY_set_utf8_string_param(
- eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
- point_format)) {
+ eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format)) {
BIO_printf(bio_err, "unable to set point conversion format\n");
goto end;
}
if (asn1_encoding != NULL
&& !EVP_PKEY_set_utf8_string_param(
- eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+ eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
BIO_printf(bio_err, "unable to set asn1 encoding format\n");
goto end;
}
@@ -257,8 +271,8 @@ int ec_main(int argc, char **argv)
}
ectx = OSSL_ENCODER_CTX_new_for_pkey(eckey, selection,
- output_type, output_structure,
- NULL);
+ output_type, output_structure,
+ NULL);
if (enc != NULL) {
OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL);
/* Default passphrase prompter */
@@ -266,8 +280,8 @@ int ec_main(int argc, char **argv)
if (passout != NULL)
/* When passout given, override the passphrase prompter */
OSSL_ENCODER_CTX_set_passphrase(ectx,
- (const unsigned char *)passout,
- strlen(passout));
+ (const unsigned char *)passout,
+ strlen(passout));
}
if (!OSSL_ENCODER_to_bio(ectx, out)) {
BIO_printf(bio_err, "unable to write EC key\n");
diff --git a/apps/ecparam.c b/apps/ecparam.c
index e78eb234d6d8..147c944861dd 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -23,46 +23,59 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
- OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
- OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_TEXT,
+ OPT_CHECK,
+ OPT_LIST_CURVES,
+ OPT_NO_SEED,
+ OPT_NOOUT,
+ OPT_NAME,
+ OPT_CONV_FORM,
+ OPT_PARAM_ENC,
+ OPT_GENKEY,
+ OPT_ENGINE,
+ OPT_CHECK_NAMED,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"list_curves", OPT_LIST_CURVES, '-',
- "Prints a list of all curve 'short names'"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "list_curves", OPT_LIST_CURVES, '-',
+ "Prints a list of all curve 'short names'" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"genkey", OPT_GENKEY, '-', "Generate ec key"},
- {"in", OPT_IN, '<', "Input file - default stdin"},
- {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+ { "genkey", OPT_GENKEY, '-', "Generate ec key" },
+ { "in", OPT_IN, '<', "Input file - default stdin" },
+ { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" },
+ { "out", OPT_OUT, '>', "Output file - default stdout" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" },
OPT_SECTION("Output"),
- {"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
- {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
- {"param_enc", OPT_PARAM_ENC, 's',
- "Specifies the way the ec parameters are encoded"},
+ { "text", OPT_TEXT, '-', "Print the ec parameters in text form" },
+ { "noout", OPT_NOOUT, '-', "Do not print the ec parameter" },
+ { "param_enc", OPT_PARAM_ENC, 's',
+ "Specifies the way the ec parameters are encoded" },
OPT_SECTION("Parameter"),
- {"check", OPT_CHECK, '-', "Validate the ec parameters"},
- {"check_named", OPT_CHECK_NAMED, '-',
- "Check that named EC curve parameters have not been modified"},
- {"no_seed", OPT_NO_SEED, '-',
- "If 'explicit' parameters are chosen do not use the seed"},
- {"name", OPT_NAME, 's',
- "Use the ec parameters with specified 'short name'"},
- {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+ { "check", OPT_CHECK, '-', "Validate the ec parameters" },
+ { "check_named", OPT_CHECK_NAMED, '-',
+ "Check that named EC curve parameters have not been modified" },
+ { "no_seed", OPT_NO_SEED, '-',
+ "If 'explicit' parameters are chosen do not use the seed" },
+ { "name", OPT_NAME, 's',
+ "Use the ec parameters with specified 'short name'" },
+ { "conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form " },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
static int list_builtin_curves(BIO *out)
@@ -116,7 +129,7 @@ int ecparam_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -211,30 +224,30 @@ int ecparam_main(int argc, char **argv)
if (strcmp(curve_name, "secp192r1") == 0) {
BIO_printf(bio_err,
- "using curve name prime192v1 instead of secp192r1\n");
+ "using curve name prime192v1 instead of secp192r1\n");
curve_name = SN_X9_62_prime192v1;
} else if (strcmp(curve_name, "secp256r1") == 0) {
BIO_printf(bio_err,
- "using curve name prime256v1 instead of secp256r1\n");
+ "using curve name prime256v1 instead of secp256r1\n");
curve_name = SN_X9_62_prime256v1;
}
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
- curve_name, 0);
+ curve_name, 0);
if (asn1_encoding != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
- asn1_encoding, 0);
+ asn1_encoding, 0);
if (point_format != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(
- OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
- point_format, 0);
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format, 0);
*p = OSSL_PARAM_construct_end();
if (OPENSSL_strcasecmp(curve_name, "SM2") == 0)
gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2",
- app_get0_propq());
+ app_get0_propq());
else
gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec",
- app_get0_propq());
+ app_get0_propq());
if (gctx_params == NULL
|| EVP_PKEY_keygen_init(gctx_params) <= 0
|| EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
@@ -244,10 +257,10 @@ int ecparam_main(int argc, char **argv)
}
} else {
params_key = load_keyparams_suppress(infile, informat, 1, "EC",
- "EC parameters", 1);
+ "EC parameters", 1);
if (params_key == NULL)
params_key = load_keyparams_suppress(infile, informat, 1, "SM2",
- "SM2 parameters", 1);
+ "SM2 parameters", 1);
if (params_key == NULL) {
BIO_printf(bio_err, "Unable to load parameters from %s\n", infile);
@@ -256,15 +269,15 @@ int ecparam_main(int argc, char **argv)
if (point_format
&& !EVP_PKEY_set_utf8_string_param(
- params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
- point_format)) {
+ params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format)) {
BIO_printf(bio_err, "unable to set point conversion format\n");
goto end;
}
if (asn1_encoding != NULL
&& !EVP_PKEY_set_utf8_string_param(
- params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+ params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
BIO_printf(bio_err, "unable to set asn1 encoding format\n");
goto end;
}
@@ -272,7 +285,7 @@ int ecparam_main(int argc, char **argv)
if (no_seed
&& !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED,
- NULL, 0)) {
+ NULL, 0)) {
BIO_printf(bio_err, "unable to clear seed\n");
goto end;
}
@@ -288,13 +301,13 @@ int ecparam_main(int argc, char **argv)
if (check_named
&& !EVP_PKEY_set_utf8_string_param(params_key,
- OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
- OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
- BIO_printf(bio_err, "unable to set check_type\n");
- goto end;
+ OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+ OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
+ BIO_printf(bio_err, "unable to set check_type\n");
+ goto end;
}
pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
- app_get0_propq());
+ app_get0_propq());
if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) {
BIO_printf(bio_err, "failed\n");
goto end;
@@ -307,8 +320,8 @@ int ecparam_main(int argc, char **argv)
if (!noout) {
ectx_params = OSSL_ENCODER_CTX_new_for_pkey(
- params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
- outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+ params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+ outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
if (!OSSL_ENCODER_to_bio(ectx_params, out)) {
BIO_printf(bio_err, "unable to write elliptic curve parameters\n");
goto end;
@@ -325,7 +338,7 @@ int ecparam_main(int argc, char **argv)
* EVP_PKEY_keygen(gctx, &key) <= 0)
*/
gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
- app_get0_propq());
+ app_get0_propq());
if (EVP_PKEY_keygen_init(gctx_key) <= 0
|| EVP_PKEY_keygen(gctx_key, &key) <= 0) {
BIO_printf(bio_err, "unable to generate key\n");
@@ -333,11 +346,11 @@ int ecparam_main(int argc, char **argv)
}
assert(private);
ectx_key = OSSL_ENCODER_CTX_new_for_pkey(
- key, OSSL_KEYMGMT_SELECT_ALL,
- outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+ key, OSSL_KEYMGMT_SELECT_ALL,
+ outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
if (!OSSL_ENCODER_to_bio(ectx_key, out)) {
BIO_printf(bio_err, "unable to write elliptic "
- "curve parameters\n");
+ "curve parameters\n");
goto end;
}
}
diff --git a/apps/enc.c b/apps/enc.c
index 3846d4ad3e5e..a87c70b7f757 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -21,16 +21,16 @@
#include <openssl/rand.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
+#include <openssl/comp.h>
#endif
#include <ctype.h>
#undef SIZE
#undef BSIZE
-#define SIZE (512)
-#define BSIZE (8*1024)
+#define SIZE (512)
+#define BSIZE (8 * 1024)
-#define PBKDF2_ITER_DEFAULT 10000
+#define PBKDF2_ITER_DEFAULT 10000
#define STR(a) XSTR(a)
#define XSTR(a) #a
@@ -45,69 +45,93 @@ struct doall_enc_ciphers {
typedef enum OPTION_choice {
OPT_COMMON,
OPT_LIST,
- OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
- OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
- OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
- OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_E,
+ OPT_IN,
+ OPT_OUT,
+ OPT_PASS,
+ OPT_ENGINE,
+ OPT_D,
+ OPT_P,
+ OPT_V,
+ OPT_NOPAD,
+ OPT_SALT,
+ OPT_NOSALT,
+ OPT_DEBUG,
+ OPT_UPPER_P,
+ OPT_UPPER_A,
+ OPT_A,
+ OPT_Z,
+ OPT_BUFSIZE,
+ OPT_K,
+ OPT_KFILE,
+ OPT_UPPER_K,
+ OPT_NONE,
+ OPT_UPPER_S,
+ OPT_IV,
+ OPT_MD,
+ OPT_ITER,
+ OPT_PBKDF2,
+ OPT_CIPHER,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"list", OPT_LIST, '-', "List ciphers"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "list", OPT_LIST, '-', "List ciphers" },
#ifndef OPENSSL_NO_DEPRECATED_3_0
- {"ciphers", OPT_LIST, '-', "Alias for -list"},
+ { "ciphers", OPT_LIST, '-', "Alias for -list" },
#endif
- {"e", OPT_E, '-', "Encrypt"},
- {"d", OPT_D, '-', "Decrypt"},
- {"p", OPT_P, '-', "Print the iv/key"},
- {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
+ { "e", OPT_E, '-', "Encrypt" },
+ { "d", OPT_D, '-', "Decrypt" },
+ { "p", OPT_P, '-', "Print the iv/key" },
+ { "P", OPT_UPPER_P, '-', "Print the iv/key and exit" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"k", OPT_K, 's', "Passphrase"},
- {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "k", OPT_K, 's', "Passphrase" },
+ { "kfile", OPT_KFILE, '<', "Read passphrase from file" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"pass", OPT_PASS, 's', "Passphrase source"},
- {"v", OPT_V, '-', "Verbose output"},
- {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
- {"base64", OPT_A, '-', "Same as option -a"},
- {"A", OPT_UPPER_A, '-',
- "Used with -[base64|a] to specify base64 buffer as a single line"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "pass", OPT_PASS, 's', "Passphrase source" },
+ { "v", OPT_V, '-', "Verbose output" },
+ { "a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag" },
+ { "base64", OPT_A, '-', "Same as option -a" },
+ { "A", OPT_UPPER_A, '-',
+ "Used with -[base64|a] to specify base64 buffer as a single line" },
OPT_SECTION("Encryption"),
- {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
- {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
- {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
- {"debug", OPT_DEBUG, '-', "Print debug info"},
+ { "nopad", OPT_NOPAD, '-', "Disable standard block padding" },
+ { "salt", OPT_SALT, '-', "Use salt in the KDF (default)" },
+ { "nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF" },
+ { "debug", OPT_DEBUG, '-', "Print debug info" },
- {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
- {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
- {"S", OPT_UPPER_S, 's', "Salt, in hex"},
- {"iv", OPT_IV, 's', "IV in hex"},
- {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
- {"iter", OPT_ITER, 'p',
- "Specify the iteration count and force the use of PBKDF2"},
- {OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT)},
- {"pbkdf2", OPT_PBKDF2, '-',
- "Use password-based key derivation function 2 (PBKDF2)"},
- {OPT_MORE_STR, 0, 0,
- "Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)},
- {"none", OPT_NONE, '-', "Don't encrypt"},
+ { "bufsize", OPT_BUFSIZE, 's', "Buffer size" },
+ { "K", OPT_UPPER_K, 's', "Raw key, in hex" },
+ { "S", OPT_UPPER_S, 's', "Salt, in hex" },
+ { "iv", OPT_IV, 's', "IV in hex" },
+ { "md", OPT_MD, 's', "Use specified digest to create a key from the passphrase" },
+ { "iter", OPT_ITER, 'p',
+ "Specify the iteration count and force the use of PBKDF2" },
+ { OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT) },
+ { "pbkdf2", OPT_PBKDF2, '-',
+ "Use password-based key derivation function 2 (PBKDF2)" },
+ { OPT_MORE_STR, 0, 0,
+ "Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT) },
+ { "none", OPT_NONE, '-', "Don't encrypt" },
#ifdef ZLIB
- {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
+ { "z", OPT_Z, '-', "Compress or decompress encrypted data using zlib" },
#endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
+ { "", OPT_CIPHER, '-', "Any supported cipher" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int enc_main(int argc, char **argv)
@@ -115,8 +139,7 @@ int enc_main(int argc, char **argv)
static char buf[128];
static const char magic[] = "Salted__";
ENGINE *e = NULL;
- BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
- NULL, *wbio = NULL;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher = NULL;
EVP_MD *dgst = NULL;
@@ -157,7 +180,7 @@ int enc_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -169,7 +192,7 @@ int enc_main(int argc, char **argv)
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- show_ciphers, &dec);
+ show_ciphers, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
@@ -230,7 +253,7 @@ int enc_main(int argc, char **argv)
if (k)
p[i] = '\0';
if (!opt_long(opt_arg(), &n)
- || n < 0 || (k && n >= LONG_MAX / 1024))
+ || n < 0 || (k && n >= LONG_MAX / 1024))
goto opthelp;
if (k)
n *= 1024;
@@ -250,7 +273,7 @@ int enc_main(int argc, char **argv)
in = NULL;
if (i <= 0) {
BIO_printf(bio_err,
- "%s Can't read key from %s\n", prog, opt_arg());
+ "%s Can't read key from %s\n", prog, opt_arg());
goto opthelp;
}
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
@@ -282,7 +305,7 @@ int enc_main(int argc, char **argv)
break;
case OPT_PBKDF2:
pbkdf2 = 1;
- if (iter == 0) /* do not overwrite a chosen value */
+ if (iter == 0) /* do not overwrite a chosen value */
iter = PBKDF2_ITER_DEFAULT;
break;
case OPT_NONE:
@@ -363,8 +386,8 @@ int enc_main(int argc, char **argv)
char prompt[200];
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
- EVP_CIPHER_get0_name(cipher),
- (enc) ? "encryption" : "decryption");
+ EVP_CIPHER_get0_name(cipher),
+ (enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
@@ -448,7 +471,7 @@ int enc_main(int argc, char **argv)
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- if (enc) { /* encryption */
+ if (enc) { /* encryption */
if (hsalt == NULL) {
if (RAND_bytes(salt, sizeof(salt)) <= 0) {
BIO_printf(bio_err, "RAND_bytes failed\n");
@@ -460,15 +483,17 @@ int enc_main(int argc, char **argv)
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
- sizeof(magic) - 1) != sizeof(magic) - 1
+ sizeof(magic) - 1)
+ != sizeof(magic) - 1
|| BIO_write(wbio,
- (char *)salt,
- sizeof(salt)) != sizeof(salt))) {
+ (char *)salt,
+ sizeof(salt))
+ != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
- } else { /* decryption */
+ } else { /* decryption */
if (hsalt == NULL) {
if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) {
BIO_printf(bio_err, "error reading input file\n");
@@ -476,7 +501,8 @@ int enc_main(int argc, char **argv)
}
if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */
if (BIO_read(rbio, salt,
- sizeof(salt)) != sizeof(salt)) {
+ sizeof(salt))
+ != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
}
@@ -491,29 +517,29 @@ int enc_main(int argc, char **argv)
if (pbkdf2 == 1) {
/*
- * derive key and default iv
- * concatenated into a temporary buffer
- */
+ * derive key and default iv
+ * concatenated into a temporary buffer
+ */
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
int iklen = EVP_CIPHER_get_key_length(cipher);
int ivlen = EVP_CIPHER_get_iv_length(cipher);
/* not needed if HASH_UPDATE() is fixed : */
int islen = (sptr != NULL ? sizeof(salt) : 0);
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
- iter, dgst, iklen+ivlen, tmpkeyiv)) {
+ iter, dgst, iklen + ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
goto end;
}
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
- memcpy(iv, tmpkeyiv+iklen, ivlen);
+ memcpy(iv, tmpkeyiv + iklen, ivlen);
} else {
BIO_printf(bio_err, "*** WARNING : "
"deprecated key derivation used.\n"
"Using -iter or -pbkdf2 would be better.\n");
if (!EVP_BytesToKey(cipher, dgst, sptr,
- (unsigned char *)str, str_len,
- 1, key, iv)) {
+ (unsigned char *)str, str_len,
+ 1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
@@ -566,7 +592,7 @@ int enc_main(int argc, char **argv)
if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_get0_name(cipher));
+ EVP_CIPHER_get0_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
@@ -576,7 +602,7 @@ int enc_main(int argc, char **argv)
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_get0_name(cipher));
+ EVP_CIPHER_get0_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
@@ -638,7 +664,7 @@ int enc_main(int argc, char **argv)
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
}
- end:
+end:
ERR_print_errors(bio_err);
OPENSSL_free(strbuf);
OPENSSL_free(buff);
@@ -667,8 +693,8 @@ static void show_ciphers(const OBJ_NAME *name, void *arg)
/* Filter out ciphers that we cannot use */
cipher = EVP_get_cipherbyname(name->name);
if (cipher == NULL
- || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0
- || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)
+ || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0
+ || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
diff --git a/apps/engine.c b/apps/engine.c
index c83bdfc150c3..57879211908c 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -24,32 +24,39 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
- OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
+ OPT_C,
+ OPT_T,
+ OPT_TT,
+ OPT_PRE,
+ OPT_POST,
+ OPT_V = 100,
+ OPT_VV,
+ OPT_VVV,
+ OPT_VVVV
} OPTION_CHOICE;
const OPTIONS engine_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"t", OPT_T, '-', "Check that specified engine is available"},
- {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
- {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "t", OPT_T, '-', "Check that specified engine is available" },
+ { "pre", OPT_PRE, 's', "Run command against the ENGINE before loading it" },
+ { "post", OPT_POST, 's', "Run command against the ENGINE after loading it" },
OPT_SECTION("Output"),
- {"v", OPT_V, '-', "List 'control commands' For each specified engine"},
- {"vv", OPT_VV, '-', "Also display each command's description"},
- {"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
- {"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
- {"c", OPT_C, '-', "List the capabilities of specified engine"},
- {"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
- {OPT_MORE_STR, OPT_EOF, 1,
- "Commands are like \"SO_PATH:/lib/libdriver.so\""},
+ { "v", OPT_V, '-', "List 'control commands' For each specified engine" },
+ { "vv", OPT_VV, '-', "Also display each command's description" },
+ { "vvv", OPT_VVV, '-', "Also add the input flags for each command" },
+ { "vvvv", OPT_VVVV, '-', "Also show internal input flags" },
+ { "c", OPT_C, '-', "List the capabilities of specified engine" },
+ { "tt", OPT_TT, '-', "Display error trace for unavailable engines" },
+ { OPT_MORE_STR, OPT_EOF, 1,
+ "Commands are like \"SO_PATH:/lib/libdriver.so\"" },
OPT_PARAMETERS(),
- {"engine", 0, 0, "ID of engine(s) to load"},
- {NULL}
+ { "engine", 0, 0, "ID of engine(s) to load" },
+ { NULL }
};
static int append_buf(char **buf, int *size, const char *s)
@@ -133,9 +140,7 @@ static int util_flags(BIO *out, unsigned int flags, const char *indent)
started = 1;
}
/* Check for unknown flags */
- flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
- ~ENGINE_CMD_FLAG_STRING &
- ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+ flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & ~ENGINE_CMD_FLAG_STRING & ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
if (flags) {
if (started)
BIO_printf(out, "|");
@@ -157,9 +162,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
int flags;
int xpos = 0;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
- if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
- ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
- 0, NULL, NULL)) <= 0)) {
+ if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) {
return 1;
}
@@ -171,25 +174,30 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
int len;
/* Get the command input flags */
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
- NULL, NULL)) < 0)
+ NULL, NULL))
+ < 0)
goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
/* Get the command name */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
- NULL, NULL)) <= 0)
+ NULL, NULL))
+ <= 0)
goto err;
name = app_malloc(len + 1, "name buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
- NULL) <= 0)
+ NULL)
+ <= 0)
goto err;
/* Get the command description */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
- NULL, NULL)) < 0)
+ NULL, NULL))
+ < 0)
goto err;
if (len > 0) {
desc = app_malloc(len + 1, "description buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
- NULL) <= 0)
+ NULL)
+ <= 0)
goto err;
}
/* Now decide on the output */
@@ -203,8 +211,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
/*
* We're just listing names, comma-delimited
*/
- if ((xpos > (int)strlen(indent)) &&
- (xpos + (int)strlen(name) > line_wrap)) {
+ if ((xpos > (int)strlen(indent)) && (xpos + (int)strlen(name) > line_wrap)) {
BIO_printf(out, "\n");
xpos = BIO_puts(out, indent);
}
@@ -212,7 +219,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
} else {
/* We're listing names plus descriptions */
BIO_printf(out, "%s: %s\n", name,
- (desc == NULL) ? "<no description>" : desc);
+ (desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if ((verbose >= 3) && !util_flags(out, flags, indent))
goto err;
@@ -229,7 +236,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
if (xpos > 0)
BIO_printf(out, "\n");
ret = 1;
- err:
+err:
sk_OPENSSL_STRING_free(cmds);
OPENSSL_free(name);
OPENSSL_free(desc);
@@ -237,7 +244,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
- BIO *out, const char *indent)
+ BIO *out, const char *indent)
{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
@@ -249,7 +256,7 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
char buf[256];
const char *cmd, *arg;
cmd = sk_OPENSSL_STRING_value(cmds, loop);
- res = 1; /* assume success */
+ res = 1; /* assume success */
/* Check if this command has no ":arg" */
if ((arg = strstr(cmd, ":")) == NULL) {
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
@@ -261,7 +268,7 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
}
memcpy(buf, cmd, (int)(arg - cmd));
buf[arg - cmd] = '\0';
- arg++; /* Move past the ":" */
+ arg++; /* Move past the ":" */
/* Call the command with the argument */
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
@@ -288,7 +295,7 @@ static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
char buf[256];
BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
- OSSL_STORE_LOADER_get0_scheme(loader));
+ OSSL_STORE_LOADER_get0_scheme(loader));
if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
ctx->ok = 0;
}
@@ -365,10 +372,10 @@ int engine_main(int argc, char **argv)
/* Any remaining arguments are engine names. */
argc = opt_num_rest();
argv = opt_rest();
- for ( ; *argv; argv++) {
+ for (; *argv; argv++) {
if (**argv == '-') {
BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
- prog);
+ prog);
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
}
@@ -393,7 +400,7 @@ int engine_main(int argc, char **argv)
util_do_cmds(e, pre_cmds, out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) {
BIO_printf(out, "Loaded: (%s) %s\n",
- ENGINE_get_id(e), ENGINE_get_name(e));
+ ENGINE_get_id(e), ENGINE_get_name(e));
}
if (list_cap) {
int cap_size = 256;
@@ -425,7 +432,7 @@ int engine_main(int argc, char **argv)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
- skip_ciphers:
+ skip_ciphers:
fn_d = ENGINE_get_digests(e);
if (fn_d == NULL)
goto skip_digests;
@@ -434,7 +441,7 @@ int engine_main(int argc, char **argv)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
- skip_digests:
+ skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
if (fn_pk == NULL)
goto skip_pmeths;
@@ -442,19 +449,18 @@ int engine_main(int argc, char **argv)
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
- skip_pmeths:
- {
- struct util_store_cap_data store_ctx;
+ skip_pmeths: {
+ struct util_store_cap_data store_ctx;
- store_ctx.engine = e;
- store_ctx.cap_buf = &cap_buf;
- store_ctx.cap_size = &cap_size;
- store_ctx.ok = 1;
+ store_ctx.engine = e;
+ store_ctx.cap_buf = &cap_buf;
+ store_ctx.cap_size = &cap_size;
+ store_ctx.ok = 1;
- OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
- if (!store_ctx.ok)
- goto end;
- }
+ OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
+ if (!store_ctx.ok)
+ goto end;
+ }
if (cap_buf != NULL && (*cap_buf != '\0'))
BIO_printf(out, " [%s]\n", cap_buf);
@@ -484,7 +490,7 @@ int engine_main(int argc, char **argv)
}
}
- end:
+end:
ERR_print_errors(bio_err);
sk_OPENSSL_CSTRING_free(engines);
diff --git a/apps/errstr.c b/apps/errstr.c
index 21349d21cb42..d4146da49b9b 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -17,18 +17,20 @@
#include <openssl/ssl.h>
typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_HELP
} OPTION_CHOICE;
const OPTIONS errstr_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_PARAMETERS(),
- {"errnum", 0, 0, "Error number(s) to decode"},
- {NULL}
+ { "errnum", 0, 0, "Error number(s) to decode" },
+ { NULL }
};
int errstr_main(int argc, char **argv)
@@ -57,7 +59,8 @@ int errstr_main(int argc, char **argv)
* we're still interested in SSL error strings
*/
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
+ NULL);
/* All remaining arg are error code. */
ret = 0;
@@ -69,6 +72,6 @@ int errstr_main(int argc, char **argv)
BIO_printf(bio_out, "%s\n", buf);
}
}
- end:
+end:
return ret;
}
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index d0efdf7643bd..4de2a2da0706 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -22,8 +22,8 @@
#define BUFSIZE 4096
/* Configuration file values */
-#define VERSION_KEY "version"
-#define VERSION_VAL "1"
+#define VERSION_KEY "version"
+#define VERSION_VAL "1"
#define INSTALL_STATUS_VAL "INSTALL_SELF_TEST_KATS_RUN"
static OSSL_CALLBACK self_test_events;
@@ -34,9 +34,19 @@ static int quiet = 0;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_IN, OPT_OUT, OPT_MODULE,
- OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY,
- OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG,
+ OPT_IN,
+ OPT_OUT,
+ OPT_MODULE,
+ OPT_PROV_NAME,
+ OPT_SECTION_NAME,
+ OPT_MAC_NAME,
+ OPT_MACOPT,
+ OPT_VERIFY,
+ OPT_NO_LOG,
+ OPT_CORRUPT_DESC,
+ OPT_CORRUPT_TYPE,
+ OPT_QUIET,
+ OPT_CONFIG,
OPT_NO_CONDITIONAL_ERRORS,
OPT_NO_SECURITY_CHECKS,
OPT_SELF_TEST_ONLOAD
@@ -44,38 +54,38 @@ typedef enum OPTION_choice {
const OPTIONS fipsinstall_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"verify", OPT_VERIFY, '-',
- "Verify a config file instead of generating one"},
- {"module", OPT_MODULE, '<', "File name of the provider module"},
- {"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"},
- {"section_name", OPT_SECTION_NAME, 's',
- "FIPS Provider config section name (optional)"},
- {"no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-',
- "Disable the ability of the fips module to enter an error state if"
- " any conditional self tests fail"},
- {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-',
- "Disable the run-time FIPS security checks in the module"},
- {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-',
- "Forces self tests to always run on module load"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "verify", OPT_VERIFY, '-',
+ "Verify a config file instead of generating one" },
+ { "module", OPT_MODULE, '<', "File name of the provider module" },
+ { "provider_name", OPT_PROV_NAME, 's', "FIPS provider name" },
+ { "section_name", OPT_SECTION_NAME, 's',
+ "FIPS Provider config section name (optional)" },
+ { "no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-',
+ "Disable the ability of the fips module to enter an error state if"
+ " any conditional self tests fail" },
+ { "no_security_checks", OPT_NO_SECURITY_CHECKS, '-',
+ "Disable the run-time FIPS security checks in the module" },
+ { "self_test_onload", OPT_SELF_TEST_ONLOAD, '-',
+ "Forces self tests to always run on module load" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input config file, used when verifying"},
+ { "in", OPT_IN, '<', "Input config file, used when verifying" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output config file, used when generating"},
- {"mac_name", OPT_MAC_NAME, 's', "MAC name"},
- {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. "
- "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
- {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"},
- {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"},
- {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"},
- {"config", OPT_CONFIG, '<', "The parent config to verify"},
- {"quiet", OPT_QUIET, '-', "No messages, just exit status"},
- {NULL}
+ { "out", OPT_OUT, '>', "Output config file, used when generating" },
+ { "mac_name", OPT_MAC_NAME, 's', "MAC name" },
+ { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. "
+ "See 'PARAMETER NAMES' in the EVP_MAC_ docs" },
+ { "noout", OPT_NO_LOG, '-', "Disable logging of self test events" },
+ { "corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description" },
+ { "corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type" },
+ { "config", OPT_CONFIG, '<', "The parent config to verify" },
+ { "quiet", OPT_QUIET, '-', "No messages, just exit status" },
+ { NULL }
};
static int do_mac(EVP_MAC_CTX *ctx, unsigned char *tmp, BIO *in,
- unsigned char *out, size_t *out_len)
+ unsigned char *out, size_t *out_len)
{
int ret = 0;
int i;
@@ -114,7 +124,7 @@ end:
}
static int print_mac(BIO *bio, const char *label, const unsigned char *mac,
- size_t len)
+ size_t len)
{
int ret;
char *hexstr = NULL;
@@ -128,13 +138,13 @@ static int print_mac(BIO *bio, const char *label, const unsigned char *mac,
}
static int write_config_header(BIO *out, const char *prov_name,
- const char *section)
+ const char *section)
{
return BIO_printf(out, "openssl_conf = openssl_init\n\n")
- && BIO_printf(out, "[openssl_init]\n")
- && BIO_printf(out, "providers = provider_section\n\n")
- && BIO_printf(out, "[provider_section]\n")
- && BIO_printf(out, "%s = %s\n\n", prov_name, section);
+ && BIO_printf(out, "[openssl_init]\n")
+ && BIO_printf(out, "providers = provider_section\n\n")
+ && BIO_printf(out, "[provider_section]\n")
+ && BIO_printf(out, "%s = %s\n\n", prov_name, section);
}
/*
@@ -145,33 +155,37 @@ static int write_config_header(BIO *out, const char *prov_name,
* Returns 1 if the config file is written otherwise it returns 0 on error.
*/
static int write_config_fips_section(BIO *out, const char *section,
- unsigned char *module_mac,
- size_t module_mac_len,
- int conditional_errors,
- int security_checks,
- unsigned char *install_mac,
- size_t install_mac_len)
+ unsigned char *module_mac,
+ size_t module_mac_len,
+ int conditional_errors,
+ int security_checks,
+ unsigned char *install_mac,
+ size_t install_mac_len)
{
int ret = 0;
if (BIO_printf(out, "[%s]\n", section) <= 0
|| BIO_printf(out, "activate = 1\n") <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
- VERSION_VAL) <= 0
+ VERSION_VAL)
+ <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS,
- conditional_errors ? "1" : "0") <= 0
+ conditional_errors ? "1" : "0")
+ <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS,
- security_checks ? "1" : "0") <= 0
+ security_checks ? "1" : "0")
+ <= 0
|| !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
- module_mac_len))
+ module_mac_len))
goto end;
if (install_mac != NULL && install_mac_len > 0) {
if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac,
- install_mac_len)
+ install_mac_len)
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
- INSTALL_STATUS_VAL) <= 0)
- goto end;
+ INSTALL_STATUS_VAL)
+ <= 0)
+ goto end;
}
ret = 1;
end:
@@ -179,24 +193,24 @@ end:
}
static CONF *generate_config_and_load(const char *prov_name,
- const char *section,
- unsigned char *module_mac,
- size_t module_mac_len,
- int conditional_errors,
- int security_checks)
+ const char *section,
+ unsigned char *module_mac,
+ size_t module_mac_len,
+ int conditional_errors,
+ int security_checks)
{
BIO *mem_bio = NULL;
CONF *conf = NULL;
mem_bio = BIO_new(BIO_s_mem());
- if (mem_bio == NULL)
+ if (mem_bio == NULL)
return 0;
if (!write_config_header(mem_bio, prov_name, section)
- || !write_config_fips_section(mem_bio, section,
- module_mac, module_mac_len,
- conditional_errors,
- security_checks,
- NULL, 0))
+ || !write_config_fips_section(mem_bio, section,
+ module_mac, module_mac_len,
+ conditional_errors,
+ security_checks,
+ NULL, 0))
goto end;
conf = app_load_config_bio(mem_bio, NULL);
@@ -231,8 +245,8 @@ static int verify_module_load(const char *parent_config_file)
* install_mac values, otherwise it returns 0.
*/
static int verify_config(const char *infile, const char *section,
- unsigned char *module_mac, size_t module_mac_len,
- unsigned char *install_mac, size_t install_mac_len)
+ unsigned char *module_mac, size_t module_mac_len,
+ unsigned char *install_mac, size_t install_mac_len)
{
int ret = 0;
char *s = NULL;
@@ -257,8 +271,8 @@ static int verify_config(const char *infile, const char *section,
}
buf1 = OPENSSL_hexstr2buf(s, &len);
if (buf1 == NULL
- || (size_t)len != module_mac_len
- || memcmp(module_mac, buf1, module_mac_len) != 0) {
+ || (size_t)len != module_mac_len
+ || memcmp(module_mac, buf1, module_mac_len) != 0) {
BIO_printf(bio_err, "Module integrity mismatch\n");
goto end;
}
@@ -275,8 +289,8 @@ static int verify_config(const char *infile, const char *section,
}
buf2 = OPENSSL_hexstr2buf(s, &len);
if (buf2 == NULL
- || (size_t)len != install_mac_len
- || memcmp(install_mac, buf2, install_mac_len) != 0) {
+ || (size_t)len != install_mac_len
+ || memcmp(install_mac, buf2, install_mac_len) != 0) {
BIO_printf(bio_err, "Install indicator status mismatch\n");
goto end;
}
@@ -319,7 +333,7 @@ int fipsinstall_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto cleanup;
case OPT_HELP:
@@ -393,7 +407,7 @@ opthelp:
ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1;
if (!quiet)
BIO_printf(bio_err, "FIPS provider is %s\n",
- ret == 0 ? "available" : " not available");
+ ret == 0 ? "available" : " not available");
}
goto end;
}
@@ -411,8 +425,8 @@ opthelp:
}
if (self_test_log
- || self_test_corrupt_desc != NULL
- || self_test_corrupt_type != NULL)
+ || self_test_corrupt_desc != NULL
+ || self_test_corrupt_type != NULL)
OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL);
/* Use the default FIPS HMAC digest and key if not specified. */
@@ -445,8 +459,7 @@ opthelp:
if (opts != NULL) {
int ok = 1;
- OSSL_PARAM *params =
- app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac));
+ OSSL_PARAM *params = app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac));
if (params == NULL)
goto end;
@@ -472,7 +485,7 @@ opthelp:
if (self_test_onload == 0) {
mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL,
- strlen(INSTALL_STATUS_VAL));
+ strlen(INSTALL_STATUS_VAL));
if (mem_bio == NULL) {
BIO_printf(bio_err, "Unable to create memory BIO\n");
goto end;
@@ -485,33 +498,32 @@ opthelp:
if (verify) {
if (!verify_config(in_fname, section_name, module_mac, module_mac_len,
- install_mac, install_mac_len))
+ install_mac, install_mac_len))
goto end;
if (!quiet)
BIO_printf(bio_err, "VERIFY PASSED\n");
} else {
conf = generate_config_and_load(prov_name, section_name, module_mac,
- module_mac_len,
- enable_conditional_errors,
- enable_security_checks);
+ module_mac_len,
+ enable_conditional_errors,
+ enable_security_checks);
if (conf == NULL)
goto end;
if (!load_fips_prov_and_run_self_test(prov_name))
goto end;
- fout =
- out_fname == NULL ? dup_bio_out(FORMAT_TEXT)
- : bio_open_default(out_fname, 'w', FORMAT_TEXT);
+ fout = out_fname == NULL ? dup_bio_out(FORMAT_TEXT)
+ : bio_open_default(out_fname, 'w', FORMAT_TEXT);
if (fout == NULL) {
BIO_printf(bio_err, "Failed to open file\n");
goto end;
}
if (!write_config_fips_section(fout, section_name,
- module_mac, module_mac_len,
- enable_conditional_errors,
- enable_security_checks,
- install_mac, install_mac_len))
+ module_mac, module_mac_len,
+ enable_conditional_errors,
+ enable_security_checks,
+ install_mac, install_mac_len))
goto end;
if (!quiet)
BIO_printf(bio_err, "INSTALL PASSED\n");
@@ -564,7 +576,7 @@ static int self_test_events(const OSSL_PARAM params[], void *arg)
if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
BIO_printf(bio_err, "%s : (%s) : ", desc, type);
else if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
- || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
+ || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
BIO_printf(bio_err, "%s\n", phase);
}
/*
@@ -572,13 +584,13 @@ static int self_test_events(const OSSL_PARAM params[], void *arg)
* error is returned during the corrupt phase.
*/
if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
- && (self_test_corrupt_desc != NULL
- || self_test_corrupt_type != NULL)) {
+ && (self_test_corrupt_desc != NULL
+ || self_test_corrupt_type != NULL)) {
if (self_test_corrupt_desc != NULL
- && strcmp(self_test_corrupt_desc, desc) != 0)
+ && strcmp(self_test_corrupt_desc, desc) != 0)
goto end;
if (self_test_corrupt_type != NULL
- && strcmp(self_test_corrupt_type, type) != 0)
+ && strcmp(self_test_corrupt_type, type) != 0)
goto end;
BIO_printf(bio_err, "%s ", phase);
goto err;
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 8aefca65566c..3f8fec2acf61 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -24,30 +24,35 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_OUT,
+ OPT_PASSOUT,
+ OPT_ENGINE,
+ OPT_CIPHER,
+ OPT_VERBOSE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output the key to the specified file"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ { "out", OPT_OUT, '>', "Output the key to the specified file" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
- {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+ { "", OPT_CIPHER, '-', "Encrypt the output with any supported cipher" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose output" },
OPT_PARAMETERS(),
- {"dsaparam-file", 0, 0, "File containing DSA parameters"},
- {NULL}
+ { "dsaparam-file", 0, 0, "File containing DSA parameters" },
+ { NULL }
};
int gendsa_main(int argc, char **argv)
@@ -67,7 +72,7 @@ int gendsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -130,9 +135,9 @@ int gendsa_main(int argc, char **argv)
nbits = EVP_PKEY_get_bits(pkey);
if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
- "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
- " Your key size is %d! Larger key size may behave not as expected.\n",
- OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey));
+ "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+ " Your key size is %d! Larger key size may behave not as expected.\n",
+ OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey));
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq());
if (ctx == NULL) {
@@ -155,10 +160,10 @@ int gendsa_main(int argc, char **argv)
goto end;
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
- end2:
+end2:
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 705e5c76b47d..18933b10d5b8 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -18,44 +18,53 @@
static int quiet;
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
- OSSL_LIB_CTX *libctx, const char *propq);
+ OSSL_LIB_CTX *libctx, const char *propq);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
- OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
- OPT_QUIET, OPT_CONFIG,
+ OPT_ENGINE,
+ OPT_OUTFORM,
+ OPT_OUT,
+ OPT_PASS,
+ OPT_PARAMFILE,
+ OPT_ALGORITHM,
+ OPT_PKEYOPT,
+ OPT_GENPARAM,
+ OPT_TEXT,
+ OPT_CIPHER,
+ OPT_QUIET,
+ OPT_CONFIG,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS genpkey_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
- {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
- {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"},
- {"pkeyopt", OPT_PKEYOPT, 's',
- "Set the public key algorithm option as opt:value"},
- OPT_CONFIG_OPTION,
+ { "paramfile", OPT_PARAMFILE, '<', "Parameters file" },
+ { "algorithm", OPT_ALGORITHM, 's', "The public key algorithm" },
+ { "quiet", OPT_QUIET, '-', "Do not output status while generating keys" },
+ { "pkeyopt", OPT_PKEYOPT, 's',
+ "Set the public key algorithm option as opt:value" },
+ OPT_CONFIG_OPTION,
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
- {"pass", OPT_PASS, 's', "Output file pass phrase source"},
- {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
- {"text", OPT_TEXT, '-', "Print the in text"},
- {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "output format (DER or PEM)" },
+ { "pass", OPT_PASS, 's', "Output file pass phrase source" },
+ { "genparam", OPT_GENPARAM, '-', "Generate parameters, not key" },
+ { "text", OPT_TEXT, '-', "Print the in text" },
+ { "", OPT_CIPHER, '-', "Cipher to use to encrypt the key" },
OPT_PROV_OPTIONS,
/* This is deliberately last. */
- {OPT_HELP_STR, 1, 1,
- "Order of options may be important! See the documentation.\n"},
- {NULL}
+ { OPT_HELP_STR, 1, 1,
+ "Order of options may be important! See the documentation.\n" },
+ { NULL }
};
int genpkey_main(int argc, char **argv)
@@ -82,7 +91,7 @@ int genpkey_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -218,7 +227,7 @@ int genpkey_main(int argc, char **argv)
}
}
- end:
+end:
sk_OPENSSL_STRING_free(keyopt);
if (ret != 0)
ERR_print_errors(bio_err);
@@ -234,7 +243,7 @@ int genpkey_main(int argc, char **argv)
}
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
- OSSL_LIB_CTX *libctx, const char *propq)
+ OSSL_LIB_CTX *libctx, const char *propq)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
@@ -270,18 +279,17 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
*pctx = ctx;
return 1;
- err:
+err:
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return 0;
-
}
int init_gen_str(EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param,
- OSSL_LIB_CTX *libctx, const char *propq)
+ const char *algname, ENGINE *e, int do_param,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
int pkey_id;
@@ -310,12 +318,11 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
*pctx = ctx;
return 1;
- err:
+err:
BIO_printf(bio_err, "Error initializing %s context\n", algname);
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
return 0;
-
}
static int genpkey_cb(EVP_PKEY_CTX *ctx)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 6a683517a15f..b2cff4b4f81e 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -36,42 +36,49 @@ typedef enum OPTION_choice {
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_3,
#endif
- OPT_F4, OPT_ENGINE,
- OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
- OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
+ OPT_F4,
+ OPT_ENGINE,
+ OPT_OUT,
+ OPT_PASSOUT,
+ OPT_CIPHER,
+ OPT_PRIMES,
+ OPT_VERBOSE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
+ OPT_TRADITIONAL
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
#ifndef OPENSSL_NO_DEPRECATED_3_0
- {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"},
+ { "3", OPT_3, '-', "(deprecated) Use 3 for the E value" },
#endif
- {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"},
- {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"},
+ { "F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" },
+ { "f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output the key to specified file"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
- {"verbose", OPT_VERBOSE, '-', "Verbose output"},
- {"traditional", OPT_TRADITIONAL, '-',
- "Use traditional format for private keys"},
- {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+ { "out", OPT_OUT, '>', "Output the key to specified file" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
+ { "primes", OPT_PRIMES, 'p', "Specify number of primes" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose output" },
+ { "traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private keys" },
+ { "", OPT_CIPHER, '-', "Encrypt the output with any supported cipher" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"numbits", 0, 0, "Size of key in bits"},
- {NULL}
+ { "numbits", 0, 0, "Size of key in bits" },
+ { NULL }
};
int genrsa_main(int argc, char **argv)
@@ -98,7 +105,7 @@ int genrsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -154,9 +161,9 @@ opthelp:
goto end;
if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
- "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
- " Your key size is %d! Larger key size may behave not as expected.\n",
- OPENSSL_RSA_MAX_MODULUS_BITS, num);
+ "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+ " Your key size is %d! Larger key size may behave not as expected.\n",
+ OPENSSL_RSA_MAX_MODULUS_BITS, num);
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
@@ -180,7 +187,7 @@ opthelp:
goto end;
if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(),
- app_get0_propq()))
+ app_get0_propq()))
goto end;
EVP_PKEY_CTX_set_cb(ctx, genrsa_cb);
@@ -226,7 +233,7 @@ opthelp:
}
if (traditional) {
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
- NULL, passout))
+ NULL, passout))
goto end;
} else {
if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
@@ -234,7 +241,7 @@ opthelp:
}
ret = 0;
- end:
+end:
BN_free(bn);
BN_GENCB_free(cb);
EVP_PKEY_CTX_free(ctx);
diff --git a/apps/include/app_libctx.h b/apps/include/app_libctx.h
index 17c0afc713d2..b7157cec4058 100644
--- a/apps/include/app_libctx.h
+++ b/apps/include/app_libctx.h
@@ -8,9 +8,9 @@
*/
#ifndef OSSL_APPS_LIBCTX_H
-# define OSSL_APPS_LIBCTX_H
+#define OSSL_APPS_LIBCTX_H
-# include <openssl/types.h>
+#include <openssl/types.h>
OSSL_LIB_CTX *app_create_libctx(void);
OSSL_LIB_CTX *app_get0_libctx(void);
diff --git a/apps/include/app_params.h b/apps/include/app_params.h
index 79f8f58b3122..20caf737d4da 100644
--- a/apps/include/app_params.h
+++ b/apps/include/app_params.h
@@ -11,4 +11,3 @@
int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent);
void print_param_value(const OSSL_PARAM *p, int indent);
-
diff --git a/apps/include/apps.h b/apps/include/apps.h
index c7e3e0351cb2..f389968ccd78 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -8,44 +8,44 @@
*/
#ifndef OSSL_APPS_H
-# define OSSL_APPS_H
+#define OSSL_APPS_H
-# include "e_os.h" /* struct timeval for DTLS */
-# include "internal/nelem.h"
-# include "internal/sockets.h" /* for openssl_fdset() */
-# include "internal/cryptlib.h" /* ossl_assert() */
-# include <assert.h>
+#include "e_os.h" /* struct timeval for DTLS */
+#include "internal/nelem.h"
+#include "internal/sockets.h" /* for openssl_fdset() */
+#include "internal/cryptlib.h" /* ossl_assert() */
+#include <assert.h>
-# include <stdarg.h>
-# include <sys/types.h>
-# ifndef OPENSSL_NO_POSIX_IO
-# include <sys/stat.h>
-# include <fcntl.h>
-# endif
+#include <stdarg.h>
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+#include <sys/stat.h>
+#include <fcntl.h>
+#endif
-# include <openssl/e_os2.h>
-# include <openssl/types.h>
-# include <openssl/bio.h>
-# include <openssl/x509.h>
-# include <openssl/conf.h>
-# include <openssl/txt_db.h>
-# include <openssl/engine.h>
-# include <openssl/ocsp.h>
-# include <openssl/http.h>
-# include <signal.h>
-# include "apps_ui.h"
-# include "opt.h"
-# include "fmt.h"
-# include "platform.h"
-# include "engine_loader.h"
-# include "app_libctx.h"
+#include <openssl/e_os2.h>
+#include <openssl/types.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#include <openssl/engine.h>
+#include <openssl/ocsp.h>
+#include <openssl/http.h>
+#include <signal.h>
+#include "apps_ui.h"
+#include "opt.h"
+#include "fmt.h"
+#include "platform.h"
+#include "engine_loader.h"
+#include "app_libctx.h"
/*
* quick macro when you need to pass an unsigned char instead of a char.
* this is true for some implementations of the is*() functions, for
* example.
*/
-# define _UC(c) ((unsigned char)(c))
+#define _UC(c) ((unsigned char)(c))
void app_RAND_load_conf(CONF *c, const char *section);
int app_RAND_write(void);
@@ -74,16 +74,16 @@ int app_load_modules(const CONF *config);
CONF *app_load_config_modules(const char *configfile);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
-# if defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_MSDOS)
int has_stdin_waiting(void);
-# endif
+#endif
void corrupt_signature(const ASN1_STRING *signature);
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
- int days);
+ int days);
int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate);
int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate,
- long days, long hours, long secs);
+ long days, long hours, long secs);
typedef struct args_st {
int size;
@@ -96,8 +96,8 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
void dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, const X509_NAME *nm);
-void print_bignum_var(BIO *, const BIGNUM *, const char*,
- int, unsigned char *);
+void print_bignum_var(BIO *, const BIGNUM *, const char *,
+ int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
int set_nameopt(const char *arg);
unsigned long get_nameopt(void);
@@ -111,53 +111,53 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509_REQ *load_csr(const char *file, int format, const char *desc);
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc);
+ const char *pass, const char *desc);
#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
- const char *desc);
+ const char *desc);
void cleanse(char *str);
void clear_free(char *str);
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *desc);
+ const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *desc);
+ const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
- const char *keytype, const char *desc);
+ const char *keytype, const char *desc);
EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
- const char *keytype, const char *desc,
- int suppress_decode_errors);
+ const char *keytype, const char *desc,
+ int suppress_decode_errors);
char *next_item(char *opt); /* in list separated by comma and/or space */
int load_cert_certs(const char *uri,
- X509 **pcert, STACK_OF(X509) **pcerts,
- int exclude_http, const char *pass, const char *desc,
- X509_VERIFY_PARAM *vpm);
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ int exclude_http, const char *pass, const char *desc,
+ X509_VERIFY_PARAM *vpm);
STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
- const char *desc, X509_VERIFY_PARAM *vpm);
+ const char *desc, X509_VERIFY_PARAM *vpm);
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
- X509_VERIFY_PARAM *vpm);
+ X509_VERIFY_PARAM *vpm);
int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
- const char *pass, const char *desc);
+ const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
- const char *pass, const char *desc);
+ const char *pass, const char *desc);
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc,
- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
- EVP_PKEY **pparams,
- X509 **pcert, STACK_OF(X509) **pcerts,
- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
+ const char *pass, const char *desc,
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
int load_key_cert_crl(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc,
- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
- X509 **pcert, X509_CRL **pcrl);
+ const char *pass, const char *desc,
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ X509 **pcert, X509_CRL **pcrl);
X509_STORE *setup_verify(const char *CAfile, int noCAfile,
- const char *CApath, int noCApath,
- const char *CAstore, int noCAstore);
+ const char *CApath, int noCApath,
+ const char *CAstore, int noCAstore);
__owur int ctx_set_verify_locations(SSL_CTX *ctx,
- const char *CAfile, int noCAfile,
- const char *CApath, int noCApath,
- const char *CAstore, int noCAstore);
+ const char *CAfile, int noCAfile,
+ const char *CApath, int noCApath,
+ const char *CAstore, int noCAstore);
-# ifndef OPENSSL_NO_CT
+#ifndef OPENSSL_NO_CT
/*
* Sets the file to load the Certificate Transparency log list from.
@@ -166,10 +166,10 @@ __owur int ctx_set_verify_locations(SSL_CTX *ctx,
*/
__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
-# endif
+#endif
ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug);
-# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)
+#define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)
void release_engine(ENGINE *e);
int init_engine(ENGINE *e);
int finish_engine(ENGINE *e);
@@ -179,31 +179,31 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
const EVP_MD *get_digest_from_engine(const char *name);
const EVP_CIPHER *get_cipher_from_engine(const char *name);
-# ifndef OPENSSL_NO_OCSP
+#ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
- const char *port, const char *path,
- const char *proxy, const char *no_proxy,
- int use_ssl, STACK_OF(CONF_VALUE) *headers,
- int req_timeout);
-# endif
+ const char *port, const char *path,
+ const char *proxy, const char *no_proxy,
+ int use_ssl, STACK_OF(CONF_VALUE) *headers,
+ int req_timeout);
+#endif
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-# define DB_type 0
-# define DB_exp_date 1
-# define DB_rev_date 2
-# define DB_serial 3 /* index - unique */
-# define DB_file 4
-# define DB_name 5 /* index - unique when active and not
- * disabled */
-# define DB_NUMBER 6
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique when active and not \
+ * disabled */
+#define DB_NUMBER 6
-# define DB_TYPE_REV 'R' /* Revoked */
-# define DB_TYPE_EXP 'E' /* Expired */
-# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
-# define DB_TYPE_SUSP 'S' /* Suspended */
+#define DB_TYPE_REV 'R' /* Revoked */
+#define DB_TYPE_EXP 'E' /* Expired */
+#define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
+#define DB_TYPE_SUSP 'S' /* Suspended */
typedef struct db_attr_st {
int unique_subject;
@@ -212,9 +212,9 @@ typedef struct ca_db_st {
DB_ATTR attributes;
TXT_DB *db;
char *dbfname;
-# ifndef OPENSSL_NO_POSIX_IO
+#ifndef OPENSSL_NO_POSIX_IO
struct stat dbst;
-# endif
+#endif
} CA_DB;
void app_bail_out(char *fmt, ...);
@@ -222,53 +222,52 @@ void *app_malloc(size_t sz, const char *what);
/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
- ASN1_INTEGER **retai);
+ ASN1_INTEGER **retai);
int save_serial(const char *serialfile, const char *suffix,
- const BIGNUM *serial, ASN1_INTEGER **retai);
+ const BIGNUM *serial, ASN1_INTEGER **retai);
int rotate_serial(const char *serialfile, const char *new_suffix,
- const char *old_suffix);
+ const char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix,
- const char *old_suffix);
+ const char *old_suffix);
void free_index(CA_DB *db);
-# define index_name_cmp_noconst(a, b) \
- index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+#define index_name_cmp_noconst(a, b) \
+ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(const char *str, int chtype, int multirdn,
- const char *desc);
+ const char *desc);
void policies_print(X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int x509_ctrl_string(X509 *x, const char *value);
int x509_req_ctrl_string(X509_REQ *x, const char *value);
int init_gen_str(EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param,
- OSSL_LIB_CTX *libctx, const char *propq);
+ const char *algname, ENGINE *e, int do_param,
+ OSSL_LIB_CTX *libctx, const char *propq);
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx);
+ STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx);
int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts);
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts);
+ STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
- STACK_OF(OPENSSL_STRING) *vfyopts);
+ STACK_OF(OPENSSL_STRING) *vfyopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts);
+ STACK_OF(OPENSSL_STRING) *sigopts);
extern char *psk_key;
-
unsigned char *next_protos_parse(size_t *outlen, const char *in);
void print_cert_checks(BIO *bio, X509 *x,
- const char *checkhost,
- const char *checkemail, const char *checkip);
+ const char *checkhost,
+ const char *checkemail, const char *checkip);
void store_setup_crl_download(X509_STORE *st);
@@ -280,38 +279,38 @@ typedef struct app_http_tls_info_st {
SSL_CTX *ssl_ctx;
} APP_HTTP_TLS_INFO;
BIO *app_http_tls_cb(BIO *hbio, /* APP_HTTP_TLS_INFO */ void *arg,
- int connect, int detail);
+ int connect, int detail);
void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info);
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
- const char *no_proxy, SSL_CTX *ssl_ctx,
- const STACK_OF(CONF_VALUE) *headers,
- long timeout, const char *expected_content_type,
- const ASN1_ITEM *it);
+ const char *no_proxy, SSL_CTX *ssl_ctx,
+ const STACK_OF(CONF_VALUE) *headers,
+ long timeout, const char *expected_content_type,
+ const ASN1_ITEM *it);
ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
- const char *path, const char *proxy,
- const char *no_proxy, SSL_CTX *ctx,
- const STACK_OF(CONF_VALUE) *headers,
- const char *content_type,
- ASN1_VALUE *req, const ASN1_ITEM *req_it,
- const char *expected_content_type,
- long timeout, const ASN1_ITEM *rsp_it);
-# endif
+ const char *path, const char *proxy,
+ const char *no_proxy, SSL_CTX *ctx,
+ const STACK_OF(CONF_VALUE) *headers,
+ const char *content_type,
+ ASN1_VALUE *req, const ASN1_ITEM *req_it,
+ const char *expected_content_type,
+ long timeout, const ASN1_ITEM *rsp_it);
+#endif
-# define EXT_COPY_NONE 0
-# define EXT_COPY_ADD 1
-# define EXT_COPY_ALL 2
+#define EXT_COPY_NONE 0
+#define EXT_COPY_ADD 1
+#define EXT_COPY_ALL 2
-# define NETSCAPE_CERT_HDR "certificate"
+#define NETSCAPE_CERT_HDR "certificate"
-# define APP_PASS_LEN 1024
+#define APP_PASS_LEN 1024
/*
* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
* so that the first bit will never be one, so that the DER encoding
* rules won't force a leading octet.
*/
-# define SERIAL_RAND_BITS 159
+#define SERIAL_RAND_BITS 159
int app_isdir(const char *);
int app_access(const char *, int flag);
@@ -320,8 +319,8 @@ int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
-# define TM_START 0
-# define TM_STOP 1
+#define TM_START 0
+#define TM_STOP 1
double app_tminterval(int stop, int usertime);
void make_uppercase(char *string);
@@ -336,7 +335,7 @@ typedef struct verify_options_st {
extern VERIFY_CB_ARGS verify_args;
OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
- const OSSL_PARAM *paramdefs);
+ const OSSL_PARAM *paramdefs);
void app_params_free(OSSL_PARAM *params);
int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name);
void app_providers_cleanup(void);
diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h
index 6875b7c372d9..ea41c092f4da 100644
--- a/apps/include/apps_ui.h
+++ b/apps/include/apps_ui.h
@@ -8,10 +8,9 @@
*/
#ifndef OSSL_APPS_UI_H
-# define OSSL_APPS_UI_H
+#define OSSL_APPS_UI_H
-
-# define PW_MIN_LENGTH 4
+#define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
diff --git a/apps/include/cmp_mock_srv.h b/apps/include/cmp_mock_srv.h
index 18c141c563c4..e71f0aee86fe 100644
--- a/apps/include/cmp_mock_srv.h
+++ b/apps/include/cmp_mock_srv.h
@@ -9,27 +9,27 @@
*/
#ifndef OSSL_APPS_CMP_MOCK_SRV_H
-# define OSSL_APPS_CMP_MOCK_SRV_H
+#define OSSL_APPS_CMP_MOCK_SRV_H
-# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_CMP
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_CMP
-# include <openssl/cmp.h>
+#include <openssl/cmp.h>
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,
- const char *propq);
+ const char *propq);
void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *chain);
+ STACK_OF(X509) *chain);
int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *caPubs);
+ STACK_OF(X509) *caPubs);
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
- int fail_info, const char *text);
+ int fail_info, const char *text);
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
-# endif /* !defined(OPENSSL_NO_CMP) */
+#endif /* !defined(OPENSSL_NO_CMP) */
#endif /* !defined(OSSL_APPS_CMP_MOCK_SRV_H) */
diff --git a/apps/include/engine_loader.h b/apps/include/engine_loader.h
index fa80fc96567c..ddf19bc092d3 100644
--- a/apps/include/engine_loader.h
+++ b/apps/include/engine_loader.h
@@ -7,13 +7,13 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_ENGINE_LOADER_H
-# define HEADER_ENGINE_LOADER_H
+#define HEADER_ENGINE_LOADER_H
-# include <openssl/store.h>
+#include <openssl/store.h>
/* this is a private URI scheme */
-# define ENGINE_SCHEME "org.openssl.engine"
-# define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":")
+#define ENGINE_SCHEME "org.openssl.engine"
+#define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":")
int setup_engine_loader(void);
void destroy_engine_loader(void);
diff --git a/apps/include/fmt.h b/apps/include/fmt.h
index 98dfed7dc0a2..3cb2dc808237 100644
--- a/apps/include/fmt.h
+++ b/apps/include/fmt.h
@@ -23,22 +23,22 @@
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
*/
-# define B_FORMAT_TEXT 0x8000
-# define FORMAT_UNDEF 0
-# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
-# define FORMAT_BINARY 2 /* Generic binary */
-# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
-# define FORMAT_ASN1 4 /* ASN.1/DER */
-# define FORMAT_PEM (5 | B_FORMAT_TEXT)
-# define FORMAT_PKCS12 6
-# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
-# define FORMAT_ENGINE 8 /* Not really a file format */
-# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */
-# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
-# define FORMAT_MSBLOB 11 /* MS Key blob format */
-# define FORMAT_PVK 12 /* MS PVK file format */
-# define FORMAT_HTTP 13 /* Download using HTTP */
-# define FORMAT_NSS 14 /* NSS keylog format */
+#define B_FORMAT_TEXT 0x8000
+#define FORMAT_UNDEF 0
+#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
+#define FORMAT_BINARY 2 /* Generic binary */
+#define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
+#define FORMAT_ASN1 4 /* ASN.1/DER */
+#define FORMAT_PEM (5 | B_FORMAT_TEXT)
+#define FORMAT_PKCS12 6
+#define FORMAT_SMIME (7 | B_FORMAT_TEXT)
+#define FORMAT_ENGINE 8 /* Not really a file format */
+#define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */
+#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
+#define FORMAT_MSBLOB 11 /* MS Key blob format */
+#define FORMAT_PVK 12 /* MS PVK file format */
+#define FORMAT_HTTP 13 /* Download using HTTP */
+#define FORMAT_NSS 14 /* NSS keylog format */
int FMT_istext(int format);
diff --git a/apps/include/function.h b/apps/include/function.h
index 14e8dd388670..e47db320ffec 100644
--- a/apps/include/function.h
+++ b/apps/include/function.h
@@ -8,16 +8,21 @@
*/
#ifndef OSSL_APPS_FUNCTION_H
-# define OSSL_APPS_FUNCTION_H
+#define OSSL_APPS_FUNCTION_H
-# include <openssl/lhash.h>
-# include "opt.h"
+#include <openssl/lhash.h>
+#include "opt.h"
-#define DEPRECATED_NO_ALTERNATIVE "unknown"
+#define DEPRECATED_NO_ALTERNATIVE "unknown"
typedef enum FUNC_TYPE {
- FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
- FT_md_alg, FT_cipher_alg
+ FT_none,
+ FT_general,
+ FT_md,
+ FT_cipher,
+ FT_pkey,
+ FT_md_alg,
+ FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 8c339660a65e..d177cecad3b8 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,42 +8,42 @@
*/
#ifndef OSSL_HTTP_SERVER_H
-# define OSSL_HTTP_SERVER_H
+#define OSSL_HTTP_SERVER_H
-# include "apps.h"
+#include "apps.h"
-# ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
-# define HAVE_FORK 0
-# else
-# define HAVE_FORK 1
-# endif
-# endif
+#ifndef HAVE_FORK
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#define HAVE_FORK 0
+#else
+#define HAVE_FORK 1
+#endif
+#endif
-# if HAVE_FORK
-# undef NO_FORK
-# else
-# define NO_FORK
-# endif
+#if HAVE_FORK
+#undef NO_FORK
+#else
+#define NO_FORK
+#endif
-# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
+#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
&& !defined(OPENSSL_NO_POSIX_IO)
-# define HTTP_DAEMON
-# include <sys/types.h>
-# include <sys/wait.h>
-# include <syslog.h>
-# include <signal.h>
-# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
-# else
-# undef LOG_DEBUG
-# undef LOG_INFO
-# undef LOG_WARNING
-# undef LOG_ERR
-# define LOG_DEBUG 7
-# define LOG_INFO 6
-# define LOG_WARNING 4
-# define LOG_ERR 3
-# endif
+#define HTTP_DAEMON
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <syslog.h>
+#include <signal.h>
+#define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
+#else
+#undef LOG_DEBUG
+#undef LOG_INFO
+#undef LOG_WARNING
+#undef LOG_ERR
+#define LOG_DEBUG 7
+#define LOG_INFO 6
+#define LOG_WARNING 4
+#define LOG_ERR 3
+#endif
/*-
* Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err
@@ -54,7 +54,7 @@
*/
void log_message(const char *prog, int level, const char *fmt, ...);
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
/*-
* Initialize an HTTP server by setting up its listening BIO
* prog: the name of the current app
@@ -84,24 +84,24 @@ BIO *http_server_init_bio(const char *prog, const char *port);
* The caller must free any non-NULL *preq, *ppath, and *pcbio pointers.
*/
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
- char **ppath, BIO **pcbio, BIO *acbio,
- int *found_keep_alive,
- const char *prog, const char *port,
- int accept_get, int timeout);
+ char **ppath, BIO **pcbio, BIO *acbio,
+ int *found_keep_alive,
+ const char *prog, const char *port,
+ int accept_get, int timeout);
/*-
* Send an ASN.1-formatted HTTP response
* cbio: destination BIO (typically as returned by http_server_get_asn1_req())
* note: cbio should not do an encoding that changes the output length
- * keep_alive: grant persistent connnection
+ * keep_alive: grant persistent connection
* content_type: string identifying the type of the response
* it: the response ASN.1 type
* resp: the response to send
* returns 1 on success, 0 on failure
*/
int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
- const char *content_type,
- const ASN1_ITEM *it, const ASN1_VALUE *resp);
+ const char *content_type,
+ const ASN1_ITEM *it, const ASN1_VALUE *resp);
/*-
* Send a trivial HTTP response, typically to report an error or OK
@@ -112,14 +112,14 @@ int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
*/
int http_server_send_status(BIO *cbio, int status, const char *reason);
-# endif
+#endif
-# ifdef HTTP_DAEMON
+#ifdef HTTP_DAEMON
extern int multi;
extern int acfd;
void socket_timeout(int signum);
void spawn_loop(const char *prog);
-# endif
+#endif
#endif
diff --git a/apps/include/names.h b/apps/include/names.h
index f4d6f6a9a333..bf47459ade52 100644
--- a/apps/include/names.h
+++ b/apps/include/names.h
@@ -10,7 +10,7 @@
#include <openssl/safestack.h>
/* Standard comparing function for names */
-int name_cmp(const char * const *a, const char * const *b);
+int name_cmp(const char *const *a, const char *const *b);
/* collect_names is meant to be used with EVP_{type}_doall_names */
void collect_names(const char *name, void *vdata);
/* Sorts and prints a stack of names to |out| */
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 4f83a0ed53c9..4021fea9826c 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -19,283 +19,294 @@
/*
* Common verification options.
*/
-# define OPT_V_ENUM \
- OPT_V__FIRST=2000, \
- OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
- OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
- OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
- OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
- OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
- OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
- OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
- OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
- OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
- OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
- OPT_V__LAST
+#define OPT_V_ENUM \
+ OPT_V__FIRST = 2000, \
+ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+ OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+ OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+ OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+ OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+ OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+ OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+ OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
+ OPT_V__LAST
-# define OPT_V_OPTIONS \
- OPT_SECTION("Validation"), \
- { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
- { "purpose", OPT_V_PURPOSE, 's', \
- "certificate chain purpose"}, \
- { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
- { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
- "chain depth limit" }, \
- { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
- "chain authentication security level" }, \
- { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
- { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
- "expected peer hostname" }, \
- { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
- "expected peer email" }, \
- { "verify_ip", OPT_V_VERIFY_IP, 's', \
- "expected peer IP address" }, \
- { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
- "permit unhandled critical extensions"}, \
- { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
- { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
- { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
- { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
- { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
- "set policy variable require-explicit-policy"}, \
- { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
- "set policy variable inhibit-any-policy"}, \
- { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
- "set policy variable inhibit-policy-mapping"}, \
- { "x509_strict", OPT_V_X509_STRICT, '-', \
- "disable certificate compatibility work-arounds"}, \
- { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
- "enable extended CRL features"}, \
- { "use_deltas", OPT_V_USE_DELTAS, '-', \
- "use delta CRLs"}, \
- { "policy_print", OPT_V_POLICY_PRINT, '-', \
- "print policy processing diagnostics"}, \
- { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
- "check root CA self-signatures"}, \
- { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
- "search trust store first (default)" }, \
- { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
- { "suiteB_128", OPT_V_SUITEB_128, '-', \
- "Suite B 128-bit mode allowing 192-bit algorithms"}, \
- { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
- { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
- "accept chains anchored by intermediate trust-store CAs"}, \
- { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
+#define OPT_V_OPTIONS \
+ OPT_SECTION("Validation"), \
+ { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set" }, \
+ { "purpose", OPT_V_PURPOSE, 's', \
+ "certificate chain purpose" }, \
+ { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name" }, \
+ { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
+ "chain depth limit" }, \
+ { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
+ "chain authentication security level" }, \
+ { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
+ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
+ "expected peer hostname" }, \
+ { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
+ "expected peer email" }, \
+ { "verify_ip", OPT_V_VERIFY_IP, 's', \
+ "expected peer IP address" }, \
+ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
+ "permit unhandled critical extensions" }, \
+ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)" }, \
+ { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
+ { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
+ { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks" }, \
+ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
+ "set policy variable require-explicit-policy" }, \
+ { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
+ "set policy variable inhibit-any-policy" }, \
+ { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
+ "set policy variable inhibit-policy-mapping" }, \
+ { "x509_strict", OPT_V_X509_STRICT, '-', \
+ "disable certificate compatibility work-arounds" }, \
+ { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
+ "enable extended CRL features" }, \
+ { "use_deltas", OPT_V_USE_DELTAS, '-', \
+ "use delta CRLs" }, \
+ { "policy_print", OPT_V_POLICY_PRINT, '-', \
+ "print policy processing diagnostics" }, \
+ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
+ "check root CA self-signatures" }, \
+ { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
+ "search trust store first (default)" }, \
+ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode" }, \
+ { "suiteB_128", OPT_V_SUITEB_128, '-', \
+ "Suite B 128-bit mode allowing 192-bit algorithms" }, \
+ { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
+ { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
+ "accept chains anchored by intermediate trust-store CAs" }, \
+ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
-# define OPT_V_CASES \
- OPT_V__FIRST: case OPT_V__LAST: break; \
- case OPT_V_POLICY: \
- case OPT_V_PURPOSE: \
- case OPT_V_VERIFY_NAME: \
- case OPT_V_VERIFY_DEPTH: \
- case OPT_V_VERIFY_AUTH_LEVEL: \
- case OPT_V_ATTIME: \
- case OPT_V_VERIFY_HOSTNAME: \
- case OPT_V_VERIFY_EMAIL: \
- case OPT_V_VERIFY_IP: \
- case OPT_V_IGNORE_CRITICAL: \
- case OPT_V_ISSUER_CHECKS: \
- case OPT_V_CRL_CHECK: \
- case OPT_V_CRL_CHECK_ALL: \
- case OPT_V_POLICY_CHECK: \
- case OPT_V_EXPLICIT_POLICY: \
- case OPT_V_INHIBIT_ANY: \
- case OPT_V_INHIBIT_MAP: \
- case OPT_V_X509_STRICT: \
- case OPT_V_EXTENDED_CRL: \
- case OPT_V_USE_DELTAS: \
- case OPT_V_POLICY_PRINT: \
- case OPT_V_CHECK_SS_SIG: \
- case OPT_V_TRUSTED_FIRST: \
- case OPT_V_SUITEB_128_ONLY: \
- case OPT_V_SUITEB_128: \
- case OPT_V_SUITEB_192: \
- case OPT_V_PARTIAL_CHAIN: \
- case OPT_V_NO_ALT_CHAINS: \
- case OPT_V_NO_CHECK_TIME: \
- case OPT_V_ALLOW_PROXY_CERTS
+#define OPT_V_CASES \
+ OPT_V__FIRST: \
+ case OPT_V__LAST: \
+ break; \
+ case OPT_V_POLICY: \
+ case OPT_V_PURPOSE: \
+ case OPT_V_VERIFY_NAME: \
+ case OPT_V_VERIFY_DEPTH: \
+ case OPT_V_VERIFY_AUTH_LEVEL: \
+ case OPT_V_ATTIME: \
+ case OPT_V_VERIFY_HOSTNAME: \
+ case OPT_V_VERIFY_EMAIL: \
+ case OPT_V_VERIFY_IP: \
+ case OPT_V_IGNORE_CRITICAL: \
+ case OPT_V_ISSUER_CHECKS: \
+ case OPT_V_CRL_CHECK: \
+ case OPT_V_CRL_CHECK_ALL: \
+ case OPT_V_POLICY_CHECK: \
+ case OPT_V_EXPLICIT_POLICY: \
+ case OPT_V_INHIBIT_ANY: \
+ case OPT_V_INHIBIT_MAP: \
+ case OPT_V_X509_STRICT: \
+ case OPT_V_EXTENDED_CRL: \
+ case OPT_V_USE_DELTAS: \
+ case OPT_V_POLICY_PRINT: \
+ case OPT_V_CHECK_SS_SIG: \
+ case OPT_V_TRUSTED_FIRST: \
+ case OPT_V_SUITEB_128_ONLY: \
+ case OPT_V_SUITEB_128: \
+ case OPT_V_SUITEB_192: \
+ case OPT_V_PARTIAL_CHAIN: \
+ case OPT_V_NO_ALT_CHAINS: \
+ case OPT_V_NO_CHECK_TIME: \
+ case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended validation" options.
*/
-# define OPT_X_ENUM \
- OPT_X__FIRST=1000, \
- OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
- OPT_X_CERTFORM, OPT_X_KEYFORM, \
- OPT_X__LAST
+#define OPT_X_ENUM \
+ OPT_X__FIRST = 1000, \
+ OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+ OPT_X_CERTFORM, OPT_X_KEYFORM, \
+ OPT_X__LAST
-# define OPT_X_OPTIONS \
- OPT_SECTION("Extended certificate"), \
- { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
- { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
- { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
- { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
- "build certificate chain for the extended certificates"}, \
- { "xcertform", OPT_X_CERTFORM, 'F', \
+#define OPT_X_OPTIONS \
+ OPT_SECTION("Extended certificate"), \
+ { "xkey", OPT_X_KEY, '<', "key for Extended certificates" }, \
+ { "xcert", OPT_X_CERT, '<', "cert for Extended certificates" }, \
+ { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates" }, \
+ { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
+ "build certificate chain for the extended certificates" }, \
+ { "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM/DER/P12); has no effect" }, \
- { "xkeyform", OPT_X_KEYFORM, 'F', \
- "format of Extended certificate's key (DER/PEM/P12); has no effect"}
+ { "xkeyform", OPT_X_KEYFORM, 'F', \
+ "format of Extended certificate's key (DER/PEM/P12); has no effect" }
-# define OPT_X_CASES \
- OPT_X__FIRST: case OPT_X__LAST: break; \
- case OPT_X_KEY: \
- case OPT_X_CERT: \
- case OPT_X_CHAIN: \
- case OPT_X_CHAIN_BUILD: \
- case OPT_X_CERTFORM: \
- case OPT_X_KEYFORM
+#define OPT_X_CASES \
+ OPT_X__FIRST: \
+ case OPT_X__LAST: \
+ break; \
+ case OPT_X_KEY: \
+ case OPT_X_CERT: \
+ case OPT_X_CHAIN: \
+ case OPT_X_CHAIN_BUILD: \
+ case OPT_X_CERTFORM: \
+ case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
-# define OPT_S_ENUM \
- OPT_S__FIRST=3000, \
- OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
- OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
- OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
- OPT_S_LEGACYCONN, \
- OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
- OPT_S_PRIORITIZE_CHACHA, \
- OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
- OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
- OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
- OPT_S_MINPROTO, OPT_S_MAXPROTO, \
- OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST
+#define OPT_S_ENUM \
+ OPT_S__FIRST = 3000, \
+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
+ OPT_S_LEGACYCONN, \
+ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
+ OPT_S_PRIORITIZE_CHACHA, \
+ OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
+ OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
+ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
+ OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+ OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST
-# define OPT_S_OPTIONS \
- OPT_SECTION("TLS/SSL"), \
- {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
- {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
- {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
- {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
- {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
- {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
- {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
- {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
- {"no_ticket", OPT_S_NOTICKET, '-', \
- "Disable use of TLS session tickets"}, \
- {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
- {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
- "Enable use of legacy renegotiation (dangerous)"}, \
- {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \
- "Allow client-initiated renegotiation" }, \
- {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
- "Disable all renegotiation."}, \
- {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
- "Allow initial connection to servers that don't support RI"}, \
- {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
- "Disallow session resumption on renegotiation"}, \
- {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
- "Disallow initial connection to servers that don't support RI"}, \
- {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
- "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
- {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
- "Prioritize ChaCha ciphers when preferred by clients"}, \
- {"strict", OPT_S_STRICT, '-', \
- "Enforce strict certificate checks as per TLS standard"}, \
- {"sigalgs", OPT_S_SIGALGS, 's', \
- "Signature algorithms to support (colon-separated list)" }, \
- {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
- "Signature algorithms to support for client certificate" \
- " authentication (colon-separated list)" }, \
- {"groups", OPT_S_GROUPS, 's', \
- "Groups to advertise (colon-separated list)" }, \
- {"curves", OPT_S_CURVES, 's', \
- "Groups to advertise (colon-separated list)" }, \
- {"named_curve", OPT_S_NAMEDCURVE, 's', \
- "Elliptic curve used for ECDHE (server-side only)" }, \
- {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
- {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
- {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
- {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
- {"record_padding", OPT_S_RECORD_PADDING, 's', \
- "Block size to pad TLS 1.3 records to."}, \
- {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
- "Perform all sorts of protocol violations for testing purposes"}, \
- {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
- "Disable TLSv1.3 middlebox compat mode" }, \
- {"no_etm", OPT_S_NO_ETM, '-', \
- "Disable Encrypt-then-Mac extension"}
+#define OPT_S_OPTIONS \
+ OPT_SECTION("TLS/SSL"), \
+ { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \
+ { "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \
+ { "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
+ { "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \
+ { "no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3" }, \
+ { "bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility" }, \
+ { "no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
+ { "comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
+ { "no_ticket", OPT_S_NOTICKET, '-', \
+ "Disable use of TLS session tickets" }, \
+ { "serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences" }, \
+ { "legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
+ "Enable use of legacy renegotiation (dangerous)" }, \
+ { "client_renegotiation", OPT_S_CLIENTRENEG, '-', \
+ "Allow client-initiated renegotiation" }, \
+ { "no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
+ "Disable all renegotiation." }, \
+ { "legacy_server_connect", OPT_S_LEGACYCONN, '-', \
+ "Allow initial connection to servers that don't support RI" }, \
+ { "no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
+ "Disallow session resumption on renegotiation" }, \
+ { "no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
+ "Disallow initial connection to servers that don't support RI" }, \
+ { "allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
+ "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption" }, \
+ { "prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
+ "Prioritize ChaCha ciphers when preferred by clients" }, \
+ { "strict", OPT_S_STRICT, '-', \
+ "Enforce strict certificate checks as per TLS standard" }, \
+ { "sigalgs", OPT_S_SIGALGS, 's', \
+ "Signature algorithms to support (colon-separated list)" }, \
+ { "client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
+ "Signature algorithms to support for client certificate" \
+ " authentication (colon-separated list)" }, \
+ { "groups", OPT_S_GROUPS, 's', \
+ "Groups to advertise (colon-separated list)" }, \
+ { "curves", OPT_S_CURVES, 's', \
+ "Groups to advertise (colon-separated list)" }, \
+ { "named_curve", OPT_S_NAMEDCURVE, 's', \
+ "Elliptic curve used for ECDHE (server-side only)" }, \
+ { "cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used" }, \
+ { "ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used" }, \
+ { "min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used" }, \
+ { "max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used" }, \
+ { "record_padding", OPT_S_RECORD_PADDING, 's', \
+ "Block size to pad TLS 1.3 records to." }, \
+ { "debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
+ "Perform all sorts of protocol violations for testing purposes" }, \
+ { "no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
+ "Disable TLSv1.3 middlebox compat mode" }, \
+ { "no_etm", OPT_S_NO_ETM, '-', \
+ "Disable Encrypt-then-Mac extension" }
-# define OPT_S_CASES \
- OPT_S__FIRST: case OPT_S__LAST: break; \
- case OPT_S_NOSSL3: \
- case OPT_S_NOTLS1: \
- case OPT_S_NOTLS1_1: \
- case OPT_S_NOTLS1_2: \
- case OPT_S_NOTLS1_3: \
- case OPT_S_BUGS: \
- case OPT_S_NO_COMP: \
- case OPT_S_COMP: \
- case OPT_S_NOTICKET: \
- case OPT_S_SERVERPREF: \
- case OPT_S_LEGACYRENEG: \
- case OPT_S_CLIENTRENEG: \
- case OPT_S_LEGACYCONN: \
- case OPT_S_ONRESUMP: \
- case OPT_S_NOLEGACYCONN: \
- case OPT_S_ALLOW_NO_DHE_KEX: \
- case OPT_S_PRIORITIZE_CHACHA: \
- case OPT_S_STRICT: \
- case OPT_S_SIGALGS: \
- case OPT_S_CLIENTSIGALGS: \
- case OPT_S_GROUPS: \
- case OPT_S_CURVES: \
- case OPT_S_NAMEDCURVE: \
- case OPT_S_CIPHER: \
- case OPT_S_CIPHERSUITES: \
- case OPT_S_RECORD_PADDING: \
- case OPT_S_NO_RENEGOTIATION: \
- case OPT_S_MINPROTO: \
- case OPT_S_MAXPROTO: \
- case OPT_S_DEBUGBROKE: \
- case OPT_S_NO_MIDDLEBOX: \
- case OPT_S_NO_ETM
+#define OPT_S_CASES \
+ OPT_S__FIRST: \
+ case OPT_S__LAST: \
+ break; \
+ case OPT_S_NOSSL3: \
+ case OPT_S_NOTLS1: \
+ case OPT_S_NOTLS1_1: \
+ case OPT_S_NOTLS1_2: \
+ case OPT_S_NOTLS1_3: \
+ case OPT_S_BUGS: \
+ case OPT_S_NO_COMP: \
+ case OPT_S_COMP: \
+ case OPT_S_NOTICKET: \
+ case OPT_S_SERVERPREF: \
+ case OPT_S_LEGACYRENEG: \
+ case OPT_S_CLIENTRENEG: \
+ case OPT_S_LEGACYCONN: \
+ case OPT_S_ONRESUMP: \
+ case OPT_S_NOLEGACYCONN: \
+ case OPT_S_ALLOW_NO_DHE_KEX: \
+ case OPT_S_PRIORITIZE_CHACHA: \
+ case OPT_S_STRICT: \
+ case OPT_S_SIGALGS: \
+ case OPT_S_CLIENTSIGALGS: \
+ case OPT_S_GROUPS: \
+ case OPT_S_CURVES: \
+ case OPT_S_NAMEDCURVE: \
+ case OPT_S_CIPHER: \
+ case OPT_S_CIPHERSUITES: \
+ case OPT_S_RECORD_PADDING: \
+ case OPT_S_NO_RENEGOTIATION: \
+ case OPT_S_MINPROTO: \
+ case OPT_S_MAXPROTO: \
+ case OPT_S_DEBUGBROKE: \
+ case OPT_S_NO_MIDDLEBOX: \
+ case OPT_S_NO_ETM
-#define IS_NO_PROT_FLAG(o) \
- (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
- || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+ || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
-# define OPT_R_ENUM \
- OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
+#define OPT_R_ENUM \
+ OPT_R__FIRST = 1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
-# define OPT_R_OPTIONS \
- OPT_SECTION("Random state"), \
- {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \
- {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
+#define OPT_R_OPTIONS \
+ OPT_SECTION("Random state"), \
+ { "rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator" }, \
+ { "writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file" }
-# define OPT_R_CASES \
- OPT_R__FIRST: case OPT_R__LAST: break; \
- case OPT_R_RAND: case OPT_R_WRITERAND
+#define OPT_R_CASES \
+ OPT_R__FIRST: \
+ case OPT_R__LAST: \
+ break; \
+ case OPT_R_RAND: \
+ case OPT_R_WRITERAND
/*
* Provider options.
*/
-# define OPT_PROV_ENUM \
- OPT_PROV__FIRST=1600, \
- OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \
- OPT_PROV__LAST
+#define OPT_PROV_ENUM \
+ OPT_PROV__FIRST = 1600, \
+ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \
+ OPT_PROV__LAST
-# define OPT_CONFIG_OPTION \
- { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }
+#define OPT_CONFIG_OPTION \
+ { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }
-# define OPT_PROV_OPTIONS \
- OPT_SECTION("Provider"), \
+#define OPT_PROV_OPTIONS \
+ OPT_SECTION("Provider"), \
{ "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
- { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \
+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \
{ "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" }
-# define OPT_PROV_CASES \
- OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
- case OPT_PROV_PROVIDER: \
- case OPT_PROV_PROVIDER_PATH: \
- case OPT_PROV_PROPQUERY
+#define OPT_PROV_CASES \
+ OPT_PROV__FIRST: \
+ case OPT_PROV__LAST: \
+ break; \
+ case OPT_PROV_PROVIDER: \
+ case OPT_PROV_PROVIDER_PATH: \
+ case OPT_PROV_PROPQUERY
/*
* Option parsing.
@@ -332,33 +343,31 @@ typedef struct string_int_pair_st {
} OPT_PAIR, STRINT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
-# define OPT_FMT_PEMDER (1L << 1)
-# define OPT_FMT_PKCS12 (1L << 2)
-# define OPT_FMT_SMIME (1L << 3)
-# define OPT_FMT_ENGINE (1L << 4)
-# define OPT_FMT_MSBLOB (1L << 5)
+#define OPT_FMT_PEMDER (1L << 1)
+#define OPT_FMT_PKCS12 (1L << 2)
+#define OPT_FMT_SMIME (1L << 3)
+#define OPT_FMT_ENGINE (1L << 4)
+#define OPT_FMT_MSBLOB (1L << 5)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
-# define OPT_FMT_NSS (1L << 7)
-# define OPT_FMT_TEXT (1L << 8)
-# define OPT_FMT_HTTP (1L << 9)
-# define OPT_FMT_PVK (1L << 10)
-# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
-# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
-# define OPT_FMT_ANY ( \
- OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
- OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+#define OPT_FMT_NSS (1L << 7)
+#define OPT_FMT_TEXT (1L << 8)
+#define OPT_FMT_HTTP (1L << 9)
+#define OPT_FMT_PVK (1L << 10)
+#define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
+#define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
+#define OPT_FMT_ANY ( \
+ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
/* Divide options into sections when displaying usage */
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
const char *opt_path_end(const char *filename);
-char *opt_init(int ac, char **av, const OPTIONS * o);
+char *opt_init(int ac, char **av, const OPTIONS *o);
char *opt_progname(const char *argv0);
char *opt_appname(const char *argv0);
char *opt_getprog(void);
-void opt_help(const OPTIONS * list);
+void opt_help(const OPTIONS *list);
void opt_begin(void);
int opt_next(void);
@@ -383,7 +392,7 @@ int opt_format(const char *s, unsigned long flags, int *result);
void print_format_error(int format, unsigned long flags);
int opt_printf_stderr(const char *fmt, ...);
int opt_string(const char *name, const char **options);
-int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_pair(const char *arg, const OPT_PAIR *pairs, int *result);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
@@ -396,5 +405,4 @@ int opt_num_rest(void);
/* Returns non-zero if legacy paths are still available */
int opt_legacy_okay(void);
-
#endif /* OSSL_APPS_OPT_H */
diff --git a/apps/include/platform.h b/apps/include/platform.h
index 491559df3152..807431936e21 100644
--- a/apps/include/platform.h
+++ b/apps/include/platform.h
@@ -8,25 +8,25 @@
*/
#ifndef OSSL_APPS_PLATFORM_H
-# define OSSL_APPS_PLATFORM_H
+#define OSSL_APPS_PLATFORM_H
-# include <openssl/e_os2.h>
+#include <openssl/e_os2.h>
-# if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
/*
* VMS C only for now, implemented in vms_decc_init.c
* If other C compilers forget to terminate argv with NULL, this function
* can be re-used.
*/
char **copy_argv(int *argc, char *argv[]);
-# endif
+#endif
-# ifdef _WIN32
+#ifdef _WIN32
/*
* Win32-specific argv initialization that splits OS-supplied UNICODE
* command line string to array of UTF8-encoded strings.
*/
void win32_utf8argv(int *argc, char **argv[]);
-# endif
+#endif
#endif
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index d610df40be3f..b69a07fe7112 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -12,53 +12,53 @@
#include <openssl/ssl.h>
#include <openssl/srp.h>
-#define PORT "4433"
-#define PROTOCOL "tcp"
+#define PORT "4433"
+#define PROTOCOL "tcp"
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
int report_server_accept(BIO *out, int asock, int with_address, int with_pid);
int do_server(int *accept_sock, const char *host, const char *port,
- int family, int type, int protocol, do_server_cb cb,
- unsigned char *context, int naccept, BIO *bio_s_out);
+ int family, int type, int protocol, do_server_cb cb,
+ unsigned char *context, int naccept, BIO *bio_s_out);
int verify_callback(int ok, X509_STORE_CTX *ctx);
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
- STACK_OF(X509) *chain, int build_chain);
+ STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_groups(BIO *out, SSL *s, int noshared);
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, const char *host, const char *port,
- const char *bindhost, const char *bindport,
- int family, int type, int protocol);
+ const char *bindhost, const char *bindport,
+ int family, int type, int protocol);
int should_retry(int i);
void do_ssl_shutdown(SSL *ssl);
long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
- int argi, long argl, int ret, size_t *processed);
+ int argi, long argl, int ret, size_t *processed);
void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf,
- size_t len, SSL *ssl, void *arg);
+ size_t len, SSL *ssl, void *arg);
void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
- int len, void *arg);
+ int len, void *arg);
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len);
+ unsigned int *cookie_len);
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
- unsigned int cookie_len);
+ unsigned int cookie_len);
-#ifdef __VMS /* 31 char symbol name limit */
-# define generate_stateless_cookie_callback generate_stateless_cookie_cb
-# define verify_stateless_cookie_callback verify_stateless_cookie_cb
+#ifdef __VMS /* 31 char symbol name limit */
+#define generate_stateless_cookie_callback generate_stateless_cookie_cb
+#define verify_stateless_cookie_callback verify_stateless_cookie_cb
#endif
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
- size_t *cookie_len);
+ size_t *cookie_len);
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
- size_t cookie_len);
+ size_t cookie_len);
typedef struct ssl_excert_st SSL_EXCERT;
@@ -70,12 +70,12 @@ void print_verify_detail(SSL *s, BIO *bio);
void print_ssl_summary(SSL *s);
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
- int crl_download);
+ int crl_download);
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
- const char *vfyCAfile, const char *vfyCAstore,
- const char *chCApath, const char *chCAfile,
- const char *chCAstore, STACK_OF(X509_CRL) *crls,
- int crl_download);
+ const char *vfyCAfile, const char *vfyCAstore,
+ const char *chCApath, const char *chCAfile,
+ const char *chCAstore, STACK_OF(X509_CRL) *crls,
+ int crl_download);
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
void print_ca_names(BIO *bio, SSL *s);
@@ -85,14 +85,14 @@ void print_ca_names(BIO *bio, SSL *s);
typedef struct srp_arg_st {
char *srppassin;
char *srplogin;
- int msg; /* copy from c_msg */
- int debug; /* copy from c_debug */
- int amp; /* allow more groups */
- int strength; /* minimal size for N */
+ int msg; /* copy from c_msg */
+ int debug; /* copy from c_debug */
+ int amp; /* allow more groups */
+ int strength; /* minimal size for N */
} SRP_ARG;
int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
- int c_debug);
+ int c_debug);
void set_up_dummy_srp(SSL_CTX *ctx);
/* The server side SRP context that we pass to all SRP related callbacks */
@@ -103,6 +103,6 @@ typedef struct srpsrvparm_st {
} srpsrvparm;
int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
- char *srpuserseed, char *srp_verifier_file);
+ char *srpuserseed, char *srp_verifier_file);
void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out);
#endif /* OPENSSL_NO_SRP */
diff --git a/apps/include/vms_term_sock.h b/apps/include/vms_term_sock.h
index eae37b1af931..6e0cda9a3001 100644
--- a/apps/include/vms_term_sock.h
+++ b/apps/include/vms_term_sock.h
@@ -9,23 +9,23 @@
*/
#ifndef OSSL_APPS_VMS_TERM_SOCK_H
-# define OSSL_APPS_VMS_TERM_SOCK_H
+#define OSSL_APPS_VMS_TERM_SOCK_H
/*
** Terminal Socket Function Codes
*/
-# define TERM_SOCK_CREATE 1
-# define TERM_SOCK_DELETE 2
+#define TERM_SOCK_CREATE 1
+#define TERM_SOCK_DELETE 2
/*
** Terminal Socket Status Codes
*/
-# define TERM_SOCK_FAILURE 0
-# define TERM_SOCK_SUCCESS 1
+#define TERM_SOCK_FAILURE 0
+#define TERM_SOCK_SUCCESS 1
/*
** Terminal Socket Prototype
*/
-int TerminalSocket (int FunctionCode, int *ReturnSocket);
+int TerminalSocket(int FunctionCode, int *ReturnSocket);
#endif
diff --git a/apps/info.c b/apps/info.c
index c68603652f21..11de9cea7031 100644
--- a/apps/info.c
+++ b/apps/info.c
@@ -13,26 +13,32 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
- OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS
+ OPT_CONFIGDIR,
+ OPT_ENGINESDIR,
+ OPT_MODULESDIR,
+ OPT_DSOEXT,
+ OPT_DIRNAMESEP,
+ OPT_LISTSEP,
+ OPT_SEEDS,
+ OPT_CPUSETTINGS
} OPTION_CHOICE;
const OPTIONS info_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Output"),
- {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"},
- {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"},
- {"modulesdir", OPT_MODULESDIR, '-',
- "Default module directory (other than engine modules)"},
- {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"},
- {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"},
- {"listsep", OPT_LISTSEP, '-', "List separator character"},
- {"seeds", OPT_SEEDS, '-', "Seed sources"},
- {"cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info"},
- {NULL}
+ { "configdir", OPT_CONFIGDIR, '-', "Default configuration file directory" },
+ { "enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory" },
+ { "modulesdir", OPT_MODULESDIR, '-',
+ "Default module directory (other than engine modules)" },
+ { "dsoext", OPT_DSOEXT, '-', "Configured extension for modules" },
+ { "dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator" },
+ { "listsep", OPT_LISTSEP, '-', "List separator character" },
+ { "seeds", OPT_SEEDS, '-', "Seed sources" },
+ { "cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info" },
+ { NULL }
};
int info_main(int argc, char **argv)
@@ -45,7 +51,7 @@ int info_main(int argc, char **argv)
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
default:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -99,6 +105,6 @@ opthelp:
BIO_printf(bio_out, "%s\n", OPENSSL_info(type));
ret = 0;
- end:
+end:
return ret;
}
diff --git a/apps/kdf.c b/apps/kdf.c
index 89ee1f69c766..222979f7a97f 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -19,37 +19,42 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
- OPT_CIPHER, OPT_DIGEST, OPT_MAC,
+ OPT_KDFOPT,
+ OPT_BIN,
+ OPT_KEYLEN,
+ OPT_OUT,
+ OPT_CIPHER,
+ OPT_DIGEST,
+ OPT_MAC,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS kdf_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"},
- {"cipher", OPT_CIPHER, 's', "Cipher"},
- {"digest", OPT_DIGEST, 's', "Digest"},
- {"mac", OPT_MAC, 's', "MAC"},
- {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"},
- {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form" },
+ { "cipher", OPT_CIPHER, 's', "Cipher" },
+ { "digest", OPT_DIGEST, 's', "Digest" },
+ { "mac", OPT_MAC, 's', "MAC" },
+ { OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n" },
+ { "keylen", OPT_KEYLEN, 's', "The size of the output derived key" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"binary", OPT_BIN, '-',
- "Output in binary format (default is hexadecimal)"},
+ { "out", OPT_OUT, '>', "Output to filename rather than stdout" },
+ { "binary", OPT_BIN, '-',
+ "Output in binary format (default is hexadecimal)" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"kdf_name", 0, 0, "Name of the KDF algorithm"},
- {NULL}
+ { "kdf_name", 0, 0, "Name of the KDF algorithm" },
+ { NULL }
};
static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
- const char *name, const char *arg)
+ const char *name, const char *arg)
{
size_t len = strlen(name) + strlen(arg) + 2;
char *res;
@@ -85,7 +90,7 @@ int kdf_main(int argc, char **argv)
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
default:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto err;
case OPT_HELP:
@@ -139,7 +144,8 @@ opthelp:
goto opthelp;
if ((kdf = EVP_KDF_fetch(app_get0_libctx(), argv[0],
- app_get0_propq())) == NULL) {
+ app_get0_propq()))
+ == NULL) {
BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]);
goto opthelp;
}
@@ -150,8 +156,7 @@ opthelp:
if (opts != NULL) {
int ok = 1;
- OSSL_PARAM *params =
- app_params_new_from_opts(opts, EVP_KDF_settable_ctx_params(kdf));
+ OSSL_PARAM *params = app_params_new_from_opts(opts, EVP_KDF_settable_ctx_params(kdf));
if (params == NULL)
goto err;
diff --git a/apps/lib/app_libctx.c b/apps/lib/app_libctx.c
index 4b9ec40e8527..fb26e8e4874e 100644
--- a/apps/lib/app_libctx.c
+++ b/apps/lib/app_libctx.c
@@ -36,7 +36,7 @@ OSSL_LIB_CTX *app_create_libctx(void)
*/
if (app_libctx == NULL) {
if (!app_provider_load(NULL, "null")) {
- opt_printf_stderr( "Failed to create null provider\n");
+ opt_printf_stderr("Failed to create null provider\n");
return NULL;
}
app_libctx = OSSL_LIB_CTX_new();
@@ -45,4 +45,3 @@ OSSL_LIB_CTX *app_create_libctx(void)
opt_printf_stderr("Failed to create library context\n");
return app_libctx;
}
-
diff --git a/apps/lib/app_params.c b/apps/lib/app_params.c
index 95e1298ee926..a428afe8f38f 100644
--- a/apps/lib/app_params.c
+++ b/apps/lib/app_params.c
@@ -63,7 +63,7 @@ static int describe_param_type(char *buf, size_t bufsz, const OSSL_PARAM *param)
printed_len = BIO_snprintf(buf, bufsz, " (arbitrary size)");
else
printed_len = BIO_snprintf(buf, bufsz, " (max %zu bytes large)",
- param->data_size);
+ param->data_size);
if (printed_len > 0) {
buf += printed_len;
bufsz -= printed_len;
@@ -85,7 +85,7 @@ int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent)
} else {
BIO_printf(bio_out, "%*s%s:\n", indent, "", thing);
for (; pdefs->key != NULL; pdefs++) {
- char buf[200]; /* This should be ample space */
+ char buf[200]; /* This should be ample space */
describe_param_type(buf, sizeof(buf), pdefs);
BIO_printf(bio_out, "%*s %s\n", indent, "", buf);
@@ -125,8 +125,7 @@ void print_param_value(const OSSL_PARAM *p, int indent)
break;
default:
BIO_printf(bio_out, "unknown type (%u) of %zu bytes\n",
- p->data_type, p->data_size);
+ p->data_type, p->data_size);
break;
}
}
-
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index 63f78ae07d80..4d99b947f94a 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -38,7 +38,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name)
if (prov == NULL) {
opt_printf_stderr("%s: unable to load provider %s\n"
"Hint: use -provider-path option or OPENSSL_MODULES environment variable.\n",
- opt_getprog(), provider_name);
+ opt_getprog(), provider_name);
ERR_print_errors(bio_err);
return 0;
}
diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c
index 713792ead40a..b9dc97ccc7c4 100644
--- a/apps/lib/app_rand.c
+++ b/apps/lib/app_rand.c
@@ -43,7 +43,7 @@ static int loadfiles(char *name)
char *p;
int last, ret = 1;
- for ( ; ; ) {
+ for (;;) {
last = 0;
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
@@ -90,11 +90,10 @@ int app_RAND_write(void)
ret = 0;
}
OPENSSL_free(save_rand_file);
- save_rand_file = NULL;
+ save_rand_file = NULL;
return ret;
}
-
/*
* See comments in opt_verify for explanation of this.
*/
@@ -108,7 +107,7 @@ int opt_rand(int opt)
break;
case OPT_R_RAND:
if (randfiles == NULL
- && (randfiles = sk_OPENSSL_STRING_new_null()) == NULL)
+ && (randfiles = sk_OPENSSL_STRING_new_null()) == NULL)
return 0;
if (!sk_OPENSSL_STRING_push(randfiles, opt_arg()))
return 0;
diff --git a/apps/lib/app_x509.c b/apps/lib/app_x509.c
index f2c22948f201..11cb3fa342dc 100644
--- a/apps/lib/app_x509.c
+++ b/apps/lib/app_x509.c
@@ -38,53 +38,51 @@ static int x509_ctrl(void *object, int cmd, void *value, size_t value_n)
{
switch (cmd) {
#ifdef EVP_PKEY_CTRL_SET1_ID
- case EVP_PKEY_CTRL_SET1_ID:
- {
- ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
+ case EVP_PKEY_CTRL_SET1_ID: {
+ ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
- if (v == NULL) {
- BIO_printf(bio_err,
- "error: setting distinguishing ID in certificate failed\n");
- return 0;
- }
-
- X509_set0_distinguishing_id(object, v);
- return 1;
+ if (v == NULL) {
+ BIO_printf(bio_err,
+ "error: setting distinguishing ID in certificate failed\n");
+ return 0;
}
+
+ X509_set0_distinguishing_id(object, v);
+ return 1;
+ }
#endif
default:
break;
}
- return -2; /* typical EVP_PKEY return for "unsupported" */
+ return -2; /* typical EVP_PKEY return for "unsupported" */
}
static int x509_req_ctrl(void *object, int cmd, void *value, size_t value_n)
{
switch (cmd) {
#ifdef EVP_PKEY_CTRL_SET1_ID
- case EVP_PKEY_CTRL_SET1_ID:
- {
- ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
+ case EVP_PKEY_CTRL_SET1_ID: {
+ ASN1_OCTET_STRING *v = mk_octet_string(value, value_n);
- if (v == NULL) {
- BIO_printf(bio_err,
- "error: setting distinguishing ID in certificate signing request failed\n");
- return 0;
- }
-
- X509_REQ_set0_distinguishing_id(object, v);
- return 1;
+ if (v == NULL) {
+ BIO_printf(bio_err,
+ "error: setting distinguishing ID in certificate signing request failed\n");
+ return 0;
}
+
+ X509_REQ_set0_distinguishing_id(object, v);
+ return 1;
+ }
#endif
default:
break;
}
- return -2; /* typical EVP_PKEY return for "unsupported" */
+ return -2; /* typical EVP_PKEY return for "unsupported" */
}
static int do_x509_ctrl_string(int (*ctrl)(void *object, int cmd,
- void *value, size_t value_n),
- void *object, const char *value)
+ void *value, size_t value_n),
+ void *object, const char *value)
{
int rv = 0;
char *stmp, *vtmp = NULL;
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index ea827464dda1..36a8149e76f1 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -12,13 +12,13 @@
* On VMS, you need to define this to get the declaration of fileno(). The
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
*/
-# define _POSIX_C_SOURCE 2
+#define _POSIX_C_SOURCE 2
#endif
#ifndef OPENSSL_NO_ENGINE
/* We need to use some deprecated APIs */
-# define OPENSSL_SUPPRESS_DEPRECATED
-# include <openssl/engine.h>
+#define OPENSSL_SUPPRESS_DEPRECATED
+#include <openssl/engine.h>
#endif
#include <stdio.h>
@@ -26,8 +26,8 @@
#include <string.h>
#include <sys/types.h>
#ifndef OPENSSL_NO_POSIX_IO
-# include <sys/stat.h>
-# include <fcntl.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#endif
#include <ctype.h>
#include <errno.h>
@@ -51,19 +51,19 @@
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
-# define rename(from,to) WIN32_rename((from),(to))
+#define rename(from, to) WIN32_rename((from), (to))
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-# include <conio.h>
+#include <conio.h>
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__)
-# define _kbhit kbhit
+#define _kbhit kbhit
#endif
static BIO *bio_open_default_(const char *filename, char mode, int format,
- int quiet);
+ int quiet);
#define PASS_SOURCE_SIZE_MAX 4
@@ -76,17 +76,16 @@ typedef struct {
} NAME_EX_TBL;
static int set_table_opts(unsigned long *flags, const char *arg,
- const NAME_EX_TBL * in_tbl);
+ const NAME_EX_TBL *in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg,
- const NAME_EX_TBL * in_tbl);
-static
-int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc,
- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
- EVP_PKEY **pparams,
- X509 **pcert, STACK_OF(X509) **pcerts,
- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
- int suppress_decode_errors);
+ const NAME_EX_TBL *in_tbl);
+static int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
+ const char *pass, const char *desc,
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
+ int suppress_decode_errors);
int app_init(long mesgwin);
@@ -98,9 +97,9 @@ int app_init(long mesgwin)
#endif
int ctx_set_verify_locations(SSL_CTX *ctx,
- const char *CAfile, int noCAfile,
- const char *CApath, int noCApath,
- const char *CAstore, int noCAstore)
+ const char *CAfile, int noCAfile,
+ const char *CApath, int noCApath,
+ const char *CAstore, int noCAstore)
{
if (CAfile == NULL && CApath == NULL && CAstore == NULL) {
if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
@@ -163,7 +162,6 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
}
-
static char *app_get_pass(const char *arg, int keepbio);
char *get_passwd(const char *pass, const char *desc)
@@ -176,7 +174,7 @@ char *get_passwd(const char *pass, const char *desc)
BIO_printf(bio_err, "Error getting password for %s\n", desc);
if (pass != NULL && result == NULL) {
BIO_printf(bio_err,
- "Trying plain input string (better precede with 'pass:')\n");
+ "Trying plain input string (better precede with 'pass:')\n");
result = OPENSSL_strdup(pass);
if (result == NULL)
BIO_printf(bio_err, "Out of memory getting password for %s\n", desc);
@@ -271,12 +269,12 @@ static char *app_get_pass(const char *arg, int keepbio)
tmp = strchr(arg, ':');
if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
BIO_printf(bio_err,
- "Invalid password argument, missing ':' within the first %d chars\n",
- PASS_SOURCE_SIZE_MAX + 1);
+ "Invalid password argument, missing ':' within the first %d chars\n",
+ PASS_SOURCE_SIZE_MAX + 1);
else
BIO_printf(bio_err,
- "Invalid password argument, starting with \"%.*s\"\n",
- (int)(tmp - arg + 1), arg);
+ "Invalid password argument, starting with \"%.*s\"\n",
+ (int)(tmp - arg + 1), arg);
return NULL;
}
}
@@ -310,7 +308,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
} else {
BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
- errorline);
+ errorline);
}
if (filename != NULL)
BIO_printf(bio_err, "config file \"%s\"\n", filename);
@@ -387,7 +385,7 @@ int add_oid_section(CONF *conf)
cnf = sk_CONF_VALUE_value(sktmp, i);
if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
BIO_printf(bio_err, "problem creating object %s=%s\n",
- cnf->name, cnf->value);
+ cnf->name, cnf->value);
return 0;
}
}
@@ -410,12 +408,12 @@ CONF *app_load_config_modules(const char *configfile)
}
#define IS_HTTP(uri) ((uri) != NULL \
- && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0)
+ && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0)
#define IS_HTTPS(uri) ((uri) != NULL \
- && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
+ && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc)
+ const char *pass, const char *desc)
{
X509 *cert = NULL;
@@ -427,7 +425,7 @@ X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */);
else
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
- NULL, NULL, NULL, &cert, NULL, NULL, NULL);
+ NULL, NULL, NULL, &cert, NULL, NULL, NULL);
if (cert == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
@@ -436,7 +434,7 @@ X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
}
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
- const char *desc)
+ const char *desc)
{
X509_CRL *crl = NULL;
@@ -448,7 +446,7 @@ X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
else
(void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
- NULL, NULL, NULL, NULL, NULL, &crl, NULL);
+ NULL, NULL, NULL, NULL, NULL, &crl, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
@@ -476,7 +474,7 @@ X509_REQ *load_csr(const char *file, int format, const char *desc)
else
print_format_error(format, OPT_FMT_PEMDER);
- end:
+end:
if (req == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
@@ -498,7 +496,7 @@ void clear_free(char *str)
}
EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, ENGINE *e, const char *desc)
{
EVP_PKEY *pkey = NULL;
char *allocated_uri = NULL;
@@ -510,14 +508,14 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
(void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
- &pkey, NULL, NULL, NULL, NULL, NULL, NULL);
+ &pkey, NULL, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, ENGINE *e, const char *desc)
{
EVP_PKEY *pkey = NULL;
char *allocated_uri = NULL;
@@ -529,15 +527,15 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
- NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
+ NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}
EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
- const char *keytype, const char *desc,
- int suppress_decode_errors)
+ const char *keytype, const char *desc,
+ int suppress_decode_errors)
{
EVP_PKEY *params = NULL;
@@ -545,13 +543,13 @@ EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
desc = "key parameters";
(void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL, desc,
- NULL, NULL, &params, NULL, NULL, NULL,
- NULL, suppress_decode_errors);
+ NULL, NULL, &params, NULL, NULL, NULL,
+ NULL, suppress_decode_errors);
if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
if (!suppress_decode_errors) {
BIO_printf(bio_err,
- "Unable to load %s from %s (unexpected parameters type)\n",
- desc, uri);
+ "Unable to load %s from %s (unexpected parameters type)\n",
+ desc, uri);
ERR_print_errors(bio_err);
}
EVP_PKEY_free(params);
@@ -561,7 +559,7 @@ EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
}
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
- const char *keytype, const char *desc)
+ const char *keytype, const char *desc)
{
return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0);
}
@@ -583,7 +581,7 @@ void *app_malloc(size_t sz, const char *what)
if (vp == NULL)
app_bail_out("%s: Could not allocate %zu bytes for %s\n",
- opt_getprog(), sz, what);
+ opt_getprog(), sz, what);
return vp;
}
@@ -607,16 +605,16 @@ static void warn_cert_msg(const char *uri, X509 *cert, const char *msg)
char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n",
- uri, subj, msg);
+ uri, subj, msg);
OPENSSL_free(subj);
}
static void warn_cert(const char *uri, X509 *cert, int warn_EE,
- X509_VERIFY_PARAM *vpm)
+ X509_VERIFY_PARAM *vpm)
{
uint32_t ex_flags = X509_get_extension_flags(cert);
int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert),
- X509_get0_notAfter(cert));
+ X509_get0_notAfter(cert));
if (res != 0)
warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid");
@@ -625,7 +623,7 @@ static void warn_cert(const char *uri, X509 *cert, int warn_EE,
}
static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE,
- X509_VERIFY_PARAM *vpm)
+ X509_VERIFY_PARAM *vpm)
{
int i;
@@ -634,22 +632,21 @@ static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE,
}
int load_cert_certs(const char *uri,
- X509 **pcert, STACK_OF(X509) **pcerts,
- int exclude_http, const char *pass, const char *desc,
- X509_VERIFY_PARAM *vpm)
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ int exclude_http, const char *pass, const char *desc,
+ X509_VERIFY_PARAM *vpm)
{
int ret = 0;
char *pass_string;
- if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0
- || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
+ if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc);
return ret;
}
pass_string = get_passwd(pass, desc);
ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc,
- NULL, NULL, NULL,
- pcert, pcerts, NULL, NULL);
+ NULL, NULL, NULL,
+ pcert, pcerts, NULL, NULL);
clear_free(pass_string);
if (ret) {
@@ -667,7 +664,7 @@ int load_cert_certs(const char *uri,
}
STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
- const char *desc, X509_VERIFY_PARAM *vpm)
+ const char *desc, X509_VERIFY_PARAM *vpm)
{
STACK_OF(X509) *certs = NULL;
STACK_OF(X509) *result = sk_X509_new_null();
@@ -683,7 +680,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
if (!load_cert_certs(files, NULL, &certs, 0, pass, desc, vpm))
goto err;
if (!X509_add_certs(result, certs,
- X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto oom;
sk_X509_pop_free(certs, X509_free);
certs = NULL;
@@ -691,16 +688,16 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
}
return result;
- oom:
+oom:
BIO_printf(bio_err, "out of memory\n");
- err:
+err:
sk_X509_pop_free(certs, X509_free);
sk_X509_pop_free(result, X509_free);
return NULL;
}
static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */,
- const STACK_OF(X509) *certs /* may NULL */)
+ const STACK_OF(X509) *certs /* may NULL */)
{
int i;
@@ -722,7 +719,7 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */,
* Returns pointer to created X509_STORE on success, NULL on error.
*/
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
- X509_VERIFY_PARAM *vpm)
+ X509_VERIFY_PARAM *vpm)
{
X509_STORE *store = NULL;
STACK_OF(X509) *certs = NULL;
@@ -750,12 +747,12 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
* The caller is responsible for freeing *certs if its value is left not NULL.
*/
int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
- const char *pass, const char *desc)
+ const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin,
- pass, desc, NULL, NULL,
- NULL, NULL, certs, NULL, NULL);
+ pass, desc, NULL, NULL,
+ NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
sk_X509_pop_free(*certs, X509_free);
@@ -769,12 +766,12 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
* The caller is responsible for freeing *crls if its value is left not NULL.
*/
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
- const char *pass, const char *desc)
+ const char *pass, const char *desc)
{
int was_NULL = *crls == NULL;
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc,
- NULL, NULL, NULL,
- NULL, NULL, NULL, crls);
+ NULL, NULL, NULL,
+ NULL, NULL, NULL, crls);
if (!ret && was_NULL) {
sk_X509_CRL_pop_free(*crls, X509_CRL_free);
@@ -785,7 +782,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
static const char *format2string(int format)
{
- switch(format) {
+ switch (format) {
case FORMAT_PEM:
return "PEM";
case FORMAT_ASN1:
@@ -809,14 +806,13 @@ static const char *format2string(int format)
* In any case (also on error) the caller is responsible for freeing all members
* of *pcerts and *pcrls (as far as they are not NULL).
*/
-static
-int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc,
- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
- EVP_PKEY **pparams,
- X509 **pcert, STACK_OF(X509) **pcerts,
- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
- int suppress_decode_errors)
+static int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
+ const char *pass, const char *desc,
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
+ int suppress_decode_errors)
{
PW_CB_DATA uidata;
OSSL_STORE_CTX *ctx = NULL;
@@ -824,11 +820,13 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
const char *propq = app_get0_propq();
int ncerts = 0;
int ncrls = 0;
- const char *failed =
- ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
- pparams != NULL ? "params" : pcert != NULL ? "cert" :
- pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
- pcrls != NULL ? "CRLs" : NULL;
+ const char *failed = ppkey != NULL ? "key" : ppubkey != NULL ? "public key"
+ : pparams != NULL ? "params"
+ : pcert != NULL ? "cert"
+ : pcrl != NULL ? "CRL"
+ : pcerts != NULL ? "certs"
+ : pcrls != NULL ? "CRLs"
+ : NULL;
int cnt_expectations = 0;
int expect = -1;
const char *input_type;
@@ -878,7 +876,7 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
}
if (cnt_expectations == 0) {
BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
- uri != NULL ? uri : "<stdin>");
+ uri != NULL ? uri : "<stdin>");
return 0;
}
@@ -886,10 +884,10 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
uidata.prompt_info = uri;
if ((input_type = format2string(format)) != NULL) {
- itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
- (char *)input_type, 0);
- itp[1] = OSSL_PARAM_construct_end();
- params = itp;
+ itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
+ (char *)input_type, 0);
+ itp[1] = OSSL_PARAM_construct_end();
+ params = itp;
}
if (uri == NULL) {
@@ -904,13 +902,13 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
bio = BIO_new_fp(stdin, 0);
if (bio != NULL) {
ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
- get_ui_method(), &uidata, params,
- NULL, NULL);
+ get_ui_method(), &uidata, params,
+ NULL, NULL);
BIO_free(bio);
}
} else {
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
- params, NULL, NULL);
+ params, NULL, NULL);
}
if (ctx == NULL) {
BIO_printf(bio_err, "Could not open file or uri for loading");
@@ -970,19 +968,17 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
if (pcert != NULL && *pcert == NULL) {
ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL;
cnt_expectations -= ok;
- }
- else if (pcerts != NULL)
+ } else if (pcerts != NULL)
ok = X509_add_cert(*pcerts,
- OSSL_STORE_INFO_get1_CERT(info),
- X509_ADD_FLAG_DEFAULT);
+ OSSL_STORE_INFO_get1_CERT(info),
+ X509_ADD_FLAG_DEFAULT);
ncerts += ok;
break;
case OSSL_STORE_INFO_CRL:
if (pcrl != NULL && *pcrl == NULL) {
ok = (*pcrl = OSSL_STORE_INFO_get1_CRL(info)) != NULL;
cnt_expectations -= ok;
- }
- else if (pcrls != NULL)
+ } else if (pcrls != NULL)
ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info));
ncrls += ok;
break;
@@ -998,7 +994,7 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
}
}
- end:
+end:
OSSL_STORE_close(ctx);
if (failed == NULL) {
int any = 0;
@@ -1044,52 +1040,51 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
}
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
- const char *pass, const char *desc,
- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
- EVP_PKEY **pparams,
- X509 **pcert, STACK_OF(X509) **pcerts,
- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls)
+ const char *pass, const char *desc,
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
+ X509 **pcert, STACK_OF(X509) **pcerts,
+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls)
{
return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc,
- ppkey, ppubkey, pparams, pcert, pcerts,
- pcrl, pcrls, 0);
+ ppkey, ppubkey, pparams, pcert, pcerts,
+ pcrl, pcrls, 0);
}
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
+#define X509V3_EXT_DEFAULT 0
/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
- X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
int set_cert_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL cert_tbl[] = {
- {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
- {"ca_default", X509_FLAG_CA, 0xffffffffl},
- {"no_header", X509_FLAG_NO_HEADER, 0},
- {"no_version", X509_FLAG_NO_VERSION, 0},
- {"no_serial", X509_FLAG_NO_SERIAL, 0},
- {"no_signame", X509_FLAG_NO_SIGNAME, 0},
- {"no_validity", X509_FLAG_NO_VALIDITY, 0},
- {"no_subject", X509_FLAG_NO_SUBJECT, 0},
- {"no_issuer", X509_FLAG_NO_ISSUER, 0},
- {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
- {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
- {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
- {"no_aux", X509_FLAG_NO_AUX, 0},
- {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
- {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
- {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- {NULL, 0, 0}
+ { "compatible", X509_FLAG_COMPAT, 0xffffffffl },
+ { "ca_default", X509_FLAG_CA, 0xffffffffl },
+ { "no_header", X509_FLAG_NO_HEADER, 0 },
+ { "no_version", X509_FLAG_NO_VERSION, 0 },
+ { "no_serial", X509_FLAG_NO_SERIAL, 0 },
+ { "no_signame", X509_FLAG_NO_SIGNAME, 0 },
+ { "no_validity", X509_FLAG_NO_VALIDITY, 0 },
+ { "no_subject", X509_FLAG_NO_SUBJECT, 0 },
+ { "no_issuer", X509_FLAG_NO_ISSUER, 0 },
+ { "no_pubkey", X509_FLAG_NO_PUBKEY, 0 },
+ { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0 },
+ { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0 },
+ { "no_aux", X509_FLAG_NO_AUX, 0 },
+ { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0 },
+ { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK },
+ { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK },
+ { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK },
+ { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK },
+ { NULL, 0, 0 }
};
return set_multi_opts(flags, arg, cert_tbl);
}
@@ -1097,35 +1092,35 @@ int set_cert_ex(unsigned long *flags, const char *arg)
int set_name_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL ex_tbl[] = {
- {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
- {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
- {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
- {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
- {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
- {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
- {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
- {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
- {"compat", XN_FLAG_COMPAT, 0xffffffffL},
- {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
- {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
- {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
- {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
- {"dn_rev", XN_FLAG_DN_REV, 0},
- {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
- {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
- {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
- {"align", XN_FLAG_FN_ALIGN, 0},
- {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
- {"space_eq", XN_FLAG_SPC_EQ, 0},
- {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
- {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
- {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
- {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
- {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
- {NULL, 0, 0}
+ { "esc_2253", ASN1_STRFLGS_ESC_2253, 0 },
+ { "esc_2254", ASN1_STRFLGS_ESC_2254, 0 },
+ { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0 },
+ { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0 },
+ { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0 },
+ { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0 },
+ { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0 },
+ { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0 },
+ { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0 },
+ { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0 },
+ { "dump_der", ASN1_STRFLGS_DUMP_DER, 0 },
+ { "compat", XN_FLAG_COMPAT, 0xffffffffL },
+ { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK },
+ { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK },
+ { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK },
+ { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK },
+ { "dn_rev", XN_FLAG_DN_REV, 0 },
+ { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK },
+ { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK },
+ { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK },
+ { "align", XN_FLAG_FN_ALIGN, 0 },
+ { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK },
+ { "space_eq", XN_FLAG_SPC_EQ, 0 },
+ { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0 },
+ { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL },
+ { "oneline", XN_FLAG_ONELINE, 0xffffffffL },
+ { "multiline", XN_FLAG_MULTILINE, 0xffffffffL },
+ { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL },
+ { NULL, 0, 0 }
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
@@ -1191,13 +1186,13 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
}
ret = 1;
- end:
+end:
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
return ret;
}
static int set_multi_opts(unsigned long *flags, const char *arg,
- const NAME_EX_TBL * in_tbl)
+ const NAME_EX_TBL *in_tbl)
{
STACK_OF(CONF_VALUE) *vals;
CONF_VALUE *val;
@@ -1215,7 +1210,7 @@ static int set_multi_opts(unsigned long *flags, const char *arg,
}
static int set_table_opts(unsigned long *flags, const char *arg,
- const NAME_EX_TBL * in_tbl)
+ const NAME_EX_TBL *in_tbl)
{
char c;
const NAME_EX_TBL *ptbl;
@@ -1273,7 +1268,7 @@ void print_name(BIO *out, const char *title, const X509_NAME *nm)
}
void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
- int len, unsigned char *buffer)
+ int len, unsigned char *buffer)
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in)) {
@@ -1293,7 +1288,7 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
BIO_printf(out, "\n };\n");
}
-void print_array(BIO *out, const char* title, int len, const unsigned char* d)
+void print_array(BIO *out, const char *title, int len, const unsigned char *d)
{
int i;
@@ -1310,8 +1305,8 @@ void print_array(BIO *out, const char* title, int len, const unsigned char* d)
}
X509_STORE *setup_verify(const char *CAfile, int noCAfile,
- const char *CApath, int noCApath,
- const char *CAstore, int noCAstore)
+ const char *CApath, int noCApath,
+ const char *CAstore, int noCAstore)
{
X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
@@ -1327,13 +1322,14 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
goto end;
if (CAfile != NULL) {
if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,
- libctx, propq) <= 0) {
+ libctx, propq)
+ <= 0) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end;
}
} else {
X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT,
- libctx, propq);
+ libctx, propq);
}
}
@@ -1364,7 +1360,7 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
ERR_clear_error();
return store;
- end:
+end:
ERR_print_errors(bio_err);
X509_STORE_free(store);
return NULL;
@@ -1381,12 +1377,14 @@ static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
}
static int index_serial_cmp(const OPENSSL_CSTRING *a,
- const OPENSSL_CSTRING *b)
+ const OPENSSL_CSTRING *b)
{
const char *aa, *bb;
- for (aa = a[DB_serial]; *aa == '0'; aa++) ;
- for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+ for (aa = a[DB_serial]; *aa == '0'; aa++)
+ ;
+ for (bb = b[DB_serial]; *bb == '0'; bb++)
+ ;
return strcmp(aa, bb);
}
@@ -1412,7 +1410,7 @@ static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
- ASN1_INTEGER **retai)
+ ASN1_INTEGER **retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
@@ -1437,14 +1435,14 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create,
BIO_printf(bio_err, "Out of memory\n");
} else if (!rand_serial(ret, ai)) {
BIO_printf(bio_err, "Error creating random number to store in %s\n",
- serialfile);
+ serialfile);
BN_free(ret);
ret = NULL;
}
} else {
if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
BIO_printf(bio_err, "Unable to load number from %s\n",
- serialfile);
+ serialfile);
goto err;
}
ret = ASN1_INTEGER_to_BN(ai, NULL);
@@ -1458,7 +1456,7 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create,
*retai = ai;
ai = NULL;
}
- err:
+err:
if (ret == NULL)
ERR_print_errors(bio_err);
BIO_free(in);
@@ -1467,7 +1465,7 @@ BIGNUM *load_serial(const char *serialfile, int *exists, int create,
}
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
- ASN1_INTEGER **retai)
+ ASN1_INTEGER **retai)
{
char buf[1][BSIZE];
BIO *out = NULL;
@@ -1509,7 +1507,7 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
*retai = ai;
ai = NULL;
}
- err:
+err:
if (!ret)
ERR_print_errors(bio_err);
BIO_free_all(out);
@@ -1518,7 +1516,7 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
}
int rotate_serial(const char *serialfile, const char *new_suffix,
- const char *old_suffix)
+ const char *old_suffix)
{
char buf[2][BSIZE];
int i, j;
@@ -1542,21 +1540,21 @@ int rotate_serial(const char *serialfile, const char *new_suffix,
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err,
- "Unable to rename %s to %s\n", serialfile, buf[1]);
+ "Unable to rename %s to %s\n", serialfile, buf[1]);
perror("reason");
goto err;
}
if (rename(buf[0], serialfile) < 0) {
BIO_printf(bio_err,
- "Unable to rename %s to %s\n", buf[0], serialfile);
+ "Unable to rename %s to %s\n", buf[0], serialfile);
perror("reason");
rename(buf[1], serialfile);
goto err;
}
return 1;
- err:
+err:
ERR_print_errors(bio_err);
return 0;
}
@@ -1577,7 +1575,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
ret = 1;
- error:
+error:
if (btmp != b)
BN_free(btmp);
@@ -1605,7 +1603,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
BIO_get_fp(in, &dbfp);
if (fstat(fileno(dbfp), &dbst) == -1) {
ERR_raise_data(ERR_LIB_SYS, errno,
- "calling fstat(%s)", dbfile);
+ "calling fstat(%s)", dbfile);
goto err;
}
#endif
@@ -1636,7 +1634,6 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
} else {
ERR_clear_error();
}
-
}
retdb->dbfname = OPENSSL_strdup(dbfile);
@@ -1647,7 +1644,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
retdb->dbst = dbst;
#endif
- err:
+err:
ERR_print_errors(bio_err);
NCONF_free(dbattr_conf);
TXT_DB_free(tmpdb);
@@ -1661,24 +1658,24 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
int index_index(CA_DB *db)
{
if (!TXT_DB_create_index(db->db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial),
- LHASH_COMP_FN(index_serial))) {
+ LHASH_HASH_FN(index_serial),
+ LHASH_COMP_FN(index_serial))) {
BIO_printf(bio_err,
- "Error creating serial number index:(%ld,%ld,%ld)\n",
- db->db->error, db->db->arg1, db->db->arg2);
+ "Error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error, db->db->arg1, db->db->arg2);
goto err;
}
if (db->attributes.unique_subject
&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name),
- LHASH_COMP_FN(index_name))) {
+ LHASH_HASH_FN(index_name),
+ LHASH_COMP_FN(index_name))) {
BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n",
- db->db->error, db->db->arg1, db->db->arg2);
+ db->db->error, db->db->arg1, db->db->arg2);
goto err;
}
return 1;
- err:
+err:
ERR_print_errors(bio_err);
return 0;
}
@@ -1721,17 +1718,17 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
}
BIO_printf(out, "unique_subject = %s\n",
- db->attributes.unique_subject ? "yes" : "no");
+ db->attributes.unique_subject ? "yes" : "no");
BIO_free(out);
return 1;
- err:
+err:
ERR_print_errors(bio_err);
return 0;
}
int rotate_index(const char *dbfile, const char *new_suffix,
- const char *old_suffix)
+ const char *old_suffix)
{
char buf[5][BSIZE];
int i, j;
@@ -1761,7 +1758,7 @@ int rotate_index(const char *dbfile, const char *new_suffix,
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]);
perror("reason");
goto err;
@@ -1776,7 +1773,7 @@ int rotate_index(const char *dbfile, const char *new_suffix,
#ifdef ENOTDIR
&& errno != ENOTDIR
#endif
- ) {
+ ) {
BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]);
perror("reason");
rename(dbfile, buf[0]);
@@ -1792,7 +1789,7 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err;
}
return 1;
- err:
+err:
ERR_print_errors(bio_err);
return 0;
}
@@ -1810,17 +1807,17 @@ int parse_yesno(const char *str, int def)
{
if (str) {
switch (*str) {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- case '0': /* 0 */
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ case '0': /* 0 */
return 0;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- case '1': /* 1 */
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ case '1': /* 1 */
return 1;
}
}
@@ -1833,7 +1830,7 @@ int parse_yesno(const char *str, int def)
* and characters may be escaped by \
*/
X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
- const char *desc)
+ const char *desc)
{
int nextismulti = 0;
char *work;
@@ -1841,10 +1838,10 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
if (*cp++ != '/') {
BIO_printf(bio_err,
- "%s: %s name is expected to be in the format "
- "/type0=value0/type1=value1/type2=... where characters may "
- "be escaped by \\. This name is not in that format: '%s'\n",
- opt_getprog(), desc, --cp);
+ "%s: %s name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ opt_getprog(), desc, --cp);
return NULL;
}
@@ -1856,7 +1853,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
work = OPENSSL_strdup(cp);
if (work == NULL) {
BIO_printf(bio_err, "%s: Error copying %s name input\n",
- opt_getprog(), desc);
+ opt_getprog(), desc);
goto err;
}
@@ -1874,8 +1871,8 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
*bp++ = '\0';
if (*cp == '\0') {
BIO_printf(bio_err,
- "%s: Missing '=' after RDN type string '%s' in %s name string\n",
- opt_getprog(), typestr, desc);
+ "%s: Missing '=' after RDN type string '%s' in %s name string\n",
+ opt_getprog(), typestr, desc);
goto err;
}
++cp;
@@ -1890,8 +1887,8 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
}
if (*cp == '\\' && *++cp == '\0') {
BIO_printf(bio_err,
- "%s: Escape character at end of %s name string\n",
- opt_getprog(), desc);
+ "%s: Escape character at end of %s name string\n",
+ opt_getprog(), desc);
goto err;
}
}
@@ -1905,27 +1902,27 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
nid = OBJ_txt2nid(typestr);
if (nid == NID_undef) {
BIO_printf(bio_err,
- "%s warning: Skipping unknown %s name attribute \"%s\"\n",
- opt_getprog(), desc, typestr);
+ "%s warning: Skipping unknown %s name attribute \"%s\"\n",
+ opt_getprog(), desc, typestr);
if (ismulti)
BIO_printf(bio_err,
- "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n",
- opt_getprog());
+ "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n",
+ opt_getprog());
continue;
}
if (*valstr == '\0') {
BIO_printf(bio_err,
- "%s warning: No value provided for %s name attribute \"%s\", skipped\n",
- opt_getprog(), desc, typestr);
+ "%s warning: No value provided for %s name attribute \"%s\", skipped\n",
+ opt_getprog(), desc, typestr);
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
- valstr, strlen((char *)valstr),
- -1, ismulti ? -1 : 0)) {
+ valstr, strlen((char *)valstr),
+ -1, ismulti ? -1 : 0)) {
ERR_print_errors(bio_err);
BIO_printf(bio_err,
- "%s: Error adding %s name attribute \"/%s=%s\"\n",
- opt_getprog(), desc, typestr ,valstr);
+ "%s: Error adding %s name attribute \"/%s=%s\"\n",
+ opt_getprog(), desc, typestr, valstr);
goto err;
}
}
@@ -1933,7 +1930,7 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
OPENSSL_free(work);
return n;
- err:
+err:
X509_NAME_free(n);
OPENSSL_free(work);
return NULL;
@@ -1997,7 +1994,7 @@ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
vtmp++;
rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
- err:
+err:
OPENSSL_free(stmp);
return rv;
}
@@ -2027,7 +2024,7 @@ void policies_print(X509_STORE_CTX *ctx)
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
BIO_printf(bio_err, "Require explicit Policy: %s\n",
- explicit_policy ? "True" : "False");
+ explicit_policy ? "True" : "False");
nodes_print("Authority", X509_policy_tree_get0_policies(tree));
nodes_print("User", X509_policy_tree_get0_user_policies(tree));
@@ -2074,7 +2071,7 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
OPENSSL_free(out);
return NULL;
}
- out[start-skipped] = (unsigned char)(i - start);
+ out[start - skipped] = (unsigned char)(i - start);
start = i + 1;
} else {
out[i + 1 - skipped] = in[i];
@@ -2091,27 +2088,27 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
}
void print_cert_checks(BIO *bio, X509 *x,
- const char *checkhost,
- const char *checkemail, const char *checkip)
+ const char *checkhost,
+ const char *checkemail, const char *checkip)
{
if (x == NULL)
return;
if (checkhost) {
BIO_printf(bio, "Hostname %s does%s match certificate\n",
- checkhost,
- X509_check_host(x, checkhost, 0, 0, NULL) == 1
- ? "" : " NOT");
+ checkhost,
+ X509_check_host(x, checkhost, 0, 0, NULL) == 1
+ ? ""
+ : " NOT");
}
if (checkemail) {
BIO_printf(bio, "Email %s does%s match certificate\n",
- checkemail, X509_check_email(x, checkemail, 0, 0)
- ? "" : " NOT");
+ checkemail, X509_check_email(x, checkemail, 0, 0) ? "" : " NOT");
}
if (checkip) {
BIO_printf(bio, "IP %s does%s match certificate\n",
- checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
+ checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
}
}
@@ -2173,7 +2170,7 @@ static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING) *opts)
}
static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
- const char *md, STACK_OF(OPENSSL_STRING) *sigopts)
+ const char *md, STACK_OF(OPENSSL_STRING) *sigopts)
{
EVP_PKEY_CTX *pkctx = NULL;
char def_md[80];
@@ -2185,18 +2182,18 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
* for this algorithm.
*/
if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2
- && strcmp(def_md, "UNDEF") == 0) {
+ && strcmp(def_md, "UNDEF") == 0) {
/* The signing algorithm requires there to be no digest */
md = NULL;
}
return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(),
- app_get0_propq(), pkey, NULL)
+ app_get0_propq(), pkey, NULL)
&& do_pkey_ctx_init(pkctx, sigopts);
}
static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx,
- const char *name, const char *value, int add_default)
+ const char *name, const char *value, int add_default)
{
const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert);
X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL, ext_ctx, name, value);
@@ -2216,7 +2213,7 @@ static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx,
X509_EXTENSION_free(found_ext);
} /* else keep existing key identifier, which might be outdated */
rv = 1;
- } else {
+ } else {
rv = !add_default || X509_add_ext(cert, new_ext, -1);
}
X509_EXTENSION_free(new_ext);
@@ -2225,7 +2222,7 @@ static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx,
/* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */
int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx)
+ STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx)
{
const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert);
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
@@ -2249,20 +2246,20 @@ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md,
self_sign = X509_check_private_key(cert, pkey);
ERR_pop_to_mark();
if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier",
- "keyid, issuer", !self_sign))
+ "keyid, issuer", !self_sign))
goto end;
}
if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0)
rv = (X509_sign_ctx(cert, mctx) > 0);
- end:
+end:
EVP_MD_CTX_free(mctx);
return rv;
}
/* Sign the certificate request info */
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts)
+ STACK_OF(OPENSSL_STRING) *sigopts)
{
int rv = 0;
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
@@ -2275,7 +2272,7 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
/* Sign the CRL info */
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
- STACK_OF(OPENSSL_STRING) *sigopts)
+ STACK_OF(OPENSSL_STRING) *sigopts)
{
int rv = 0;
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
@@ -2306,13 +2303,13 @@ int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts)
* 0 if the signature check fails, or -1 if error occurs.
*/
int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
- STACK_OF(OPENSSL_STRING) *vfyopts)
+ STACK_OF(OPENSSL_STRING) *vfyopts)
{
int rv = 0;
if (do_x509_req_init(x, vfyopts) > 0)
rv = X509_REQ_verify_ex(x, pkey,
- app_get0_libctx(), app_get0_propq());
+ app_get0_libctx(), app_get0_propq());
else
rv = -1;
return rv;
@@ -2366,7 +2363,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
*/
static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
- const X509_NAME *nm)
+ const X509_NAME *nm)
{
X509 *x;
STACK_OF(X509_CRL) *crls = NULL;
@@ -2438,15 +2435,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
BIO *sbio = NULL;
X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx);
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
- const char *host = vpm == NULL ? NULL :
- X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */);
+ const char *host = vpm == NULL ? NULL : X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */);
/* adapt after fixing callback design flaw, see #17088 */
if ((info->use_proxy
- && !OSSL_HTTP_proxy_connect(bio, info->server, info->port,
- NULL, NULL, /* no proxy credentials */
- info->timeout, bio_err, opt_getprog()))
- || (sbio = BIO_new(BIO_f_ssl())) == NULL) {
+ && !OSSL_HTTP_proxy_connect(bio, info->server, info->port,
+ NULL, NULL, /* no proxy credentials */
+ info->timeout, bio_err, opt_getprog()))
+ || (sbio = BIO_new(BIO_f_ssl())) == NULL) {
return NULL;
}
if (ssl_ctx == NULL || (ssl = SSL_new(ssl_ctx)) == NULL) {
@@ -2492,10 +2488,10 @@ void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info)
}
ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
- const char *no_proxy, SSL_CTX *ssl_ctx,
- const STACK_OF(CONF_VALUE) *headers,
- long timeout, const char *expected_content_type,
- const ASN1_ITEM *it)
+ const char *no_proxy, SSL_CTX *ssl_ctx,
+ const STACK_OF(CONF_VALUE) *headers,
+ long timeout, const char *expected_content_type,
+ const ASN1_ITEM *it)
{
APP_HTTP_TLS_INFO info;
char *server;
@@ -2510,16 +2506,16 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
}
if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port,
- NULL /* port_num, */, NULL, NULL, NULL))
+ NULL /* port_num, */, NULL, NULL, NULL))
return NULL;
if (use_ssl && ssl_ctx == NULL) {
ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER,
- "missing SSL_CTX");
+ "missing SSL_CTX");
goto end;
}
if (!use_ssl && ssl_ctx != NULL) {
ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT,
- "SSL_CTX given but use_ssl == 0");
+ "SSL_CTX given but use_ssl == 0");
goto end;
}
@@ -2530,27 +2526,26 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
info.timeout = timeout;
info.ssl_ctx = ssl_ctx;
mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
- app_http_tls_cb, &info, 0 /* buf_size */, headers,
- expected_content_type, 1 /* expect_asn1 */,
- OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+ app_http_tls_cb, &info, 0 /* buf_size */, headers,
+ expected_content_type, 1 /* expect_asn1 */,
+ OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
resp = ASN1_item_d2i_bio(it, mem, NULL);
BIO_free(mem);
- end:
+end:
OPENSSL_free(server);
OPENSSL_free(port);
return resp;
-
}
ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
- const char *path, const char *proxy,
- const char *no_proxy, SSL_CTX *ssl_ctx,
- const STACK_OF(CONF_VALUE) *headers,
- const char *content_type,
- ASN1_VALUE *req, const ASN1_ITEM *req_it,
- const char *expected_content_type,
- long timeout, const ASN1_ITEM *rsp_it)
+ const char *path, const char *proxy,
+ const char *no_proxy, SSL_CTX *ssl_ctx,
+ const STACK_OF(CONF_VALUE) *headers,
+ const char *content_type,
+ ASN1_VALUE *req, const ASN1_ITEM *req_it,
+ const char *expected_content_type,
+ long timeout, const ASN1_ITEM *rsp_it)
{
int use_ssl = ssl_ctx != NULL;
APP_HTTP_TLS_INFO info;
@@ -2567,12 +2562,12 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
info.timeout = timeout;
info.ssl_ctx = ssl_ctx;
rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl,
- proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
- app_http_tls_cb, &info,
- 0 /* buf_size */, headers, content_type, req_mem,
- expected_content_type, 1 /* expect_asn1 */,
- OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout,
- 0 /* keep_alive */);
+ proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
+ app_http_tls_cb, &info,
+ 0 /* buf_size */, headers, content_type, req_mem,
+ expected_content_type, 1 /* expect_asn1 */,
+ OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout,
+ 0 /* keep_alive */);
BIO_free(req_mem);
res = ASN1_item_d2i_bio(rsp_it, rsp, NULL);
BIO_free(rsp);
@@ -2585,13 +2580,13 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
* Platform-specific sections
*/
#if defined(_WIN32)
-# ifdef fileno
-# undef fileno
-# define fileno(a) (int)_fileno(a)
-# endif
+#ifdef fileno
+#undef fileno
+#define fileno(a) (int)_fileno(a)
+#endif
-# include <windows.h>
-# include <tchar.h>
+#include <windows.h>
+#include <tchar.h>
static int WIN32_rename(const char *from, const char *to)
{
@@ -2602,21 +2597,21 @@ static int WIN32_rename(const char *from, const char *to)
if (sizeof(TCHAR) == 1) {
tfrom = (TCHAR *)from;
tto = (TCHAR *)to;
- } else { /* UNICODE path */
+ } else { /* UNICODE path */
size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
if (tfrom == NULL)
goto err;
tto = tfrom + flen;
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101
if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
-# endif
+#endif
for (i = 0; i < flen; i++)
tfrom[i] = (TCHAR)from[i];
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101
if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
-# endif
+#endif
for (i = 0; i < tlen; i++)
tto[i] = (TCHAR)to[i];
}
@@ -2634,10 +2629,10 @@ static int WIN32_rename(const char *from, const char *to)
else if (err == ERROR_ACCESS_DENIED)
errno = EACCES;
else
- errno = EINVAL; /* we could map more codes... */
- err:
+ errno = EINVAL; /* we could map more codes... */
+err:
ret = -1;
- ok:
+ok:
if (tfrom != NULL && tfrom != (TCHAR *)from)
free(tfrom);
return ret;
@@ -2652,28 +2647,28 @@ double app_tminterval(int stop, int usertime)
double ret = 0;
static ULARGE_INTEGER tmstart;
static int warning = 1;
-# ifdef _WIN32_WINNT
+#ifdef _WIN32_WINNT
static HANDLE proc = NULL;
if (proc == NULL) {
if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
- GetCurrentProcessId());
+ GetCurrentProcessId());
if (proc == NULL)
- proc = (HANDLE) - 1;
+ proc = (HANDLE)-1;
}
- if (usertime && proc != (HANDLE) - 1) {
+ if (usertime && proc != (HANDLE)-1) {
FILETIME junk;
GetProcessTimes(proc, &junk, &junk, &junk, &now);
} else
-# endif
+#endif
{
SYSTEMTIME systime;
if (usertime && warning) {
BIO_printf(bio_err, "To get meaningful results, run "
- "this program on idle system.\n");
+ "this program on idle system.\n");
warning = 0;
}
GetSystemTime(&systime);
@@ -2695,44 +2690,44 @@ double app_tminterval(int stop, int usertime)
return ret;
}
#elif defined(OPENSSL_SYS_VXWORKS)
-# include <time.h>
+#include <time.h>
double app_tminterval(int stop, int usertime)
{
double ret = 0;
-# ifdef CLOCK_REALTIME
+#ifdef CLOCK_REALTIME
static struct timespec tmstart;
struct timespec now;
-# else
+#else
static unsigned long tmstart;
unsigned long now;
-# endif
+#endif
static int warning = 1;
if (usertime && warning) {
BIO_printf(bio_err, "To get meaningful results, run "
- "this program on idle system.\n");
+ "this program on idle system.\n");
warning = 0;
}
-# ifdef CLOCK_REALTIME
+#ifdef CLOCK_REALTIME
clock_gettime(CLOCK_REALTIME, &now);
if (stop == TM_START)
tmstart = now;
else
ret = ((now.tv_sec + now.tv_nsec * 1e-9)
- - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
-# else
+ - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+#else
now = tickGet();
if (stop == TM_START)
tmstart = now;
else
ret = (now - tmstart) / (double)sysClkRateGet();
-# endif
+#endif
return ret;
}
-#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
-# include <sys/times.h>
+#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
+#include <sys/times.h>
double app_tminterval(int stop, int usertime)
{
@@ -2755,8 +2750,8 @@ double app_tminterval(int stop, int usertime)
}
#else
-# include <sys/time.h>
-# include <sys/resource.h>
+#include <sys/time.h>
+#include <sys/resource.h>
double app_tminterval(int stop, int usertime)
{
@@ -2774,13 +2769,13 @@ double app_tminterval(int stop, int usertime)
tmstart = now;
else
ret = ((now.tv_sec + now.tv_usec * 1e-6)
- - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+ - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
return ret;
}
#endif
-int app_access(const char* name, int flag)
+int app_access(const char *name, int flag)
{
#ifdef _WIN32
return _access(name, flag);
@@ -2796,12 +2791,12 @@ int app_isdir(const char *name)
/* raw_read|write section */
#if defined(__VMS)
-# include "vms_term_sock.h"
+#include "vms_term_sock.h"
static int stdin_sock = -1;
static void close_stdin_sock(void)
{
- TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+ TerminalSocket(TERM_SOCK_DELETE, &stdin_sock);
}
int fileno_stdin(void)
@@ -2835,18 +2830,18 @@ int raw_read_stdin(void *buf, int siz)
return -1;
}
#elif defined(__VMS)
-# include <sys/socket.h>
+#include <sys/socket.h>
int raw_read_stdin(void *buf, int siz)
{
return recv(fileno_stdin(), buf, siz, 0);
}
#else
-# if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_read)>
-# endif
-# endif
+#if defined(__TANDEM)
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_read)>
+#endif
+#endif
int raw_read_stdin(void *buf, int siz)
{
return read(fileno_stdin(), buf, siz);
@@ -2863,21 +2858,21 @@ int raw_write_stdout(const void *buf, int siz)
return -1;
}
#elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS) && defined(_SPT_MODEL_)
-# if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_write)>
-# endif
-# endif
-int raw_write_stdout(const void *buf,int siz)
+#if defined(__TANDEM)
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_write)>
+#endif
+#endif
+int raw_write_stdout(const void *buf, int siz)
{
- return write(fileno(stdout),(void*)buf,siz);
+ return write(fileno(stdout), (void *)buf, siz);
}
#else
-# if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_write)>
-# endif
-# endif
+#if defined(__TANDEM)
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_write)>
+#endif
+#endif
int raw_write_stdout(const void *buf, int siz)
{
return write(fileno_stdout(), buf, siz);
@@ -2894,13 +2889,13 @@ int raw_write_stdout(const void *buf, int siz)
BIO *dup_bio_in(int format)
{
return BIO_new_fp(stdin,
- BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
}
BIO *dup_bio_out(int format)
{
BIO *b = BIO_new_fp(stdout,
- BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
if (b == NULL)
@@ -2923,7 +2918,7 @@ BIO *dup_bio_out(int format)
BIO *dup_bio_err(int format)
{
BIO *b = BIO_new_fp(stderr,
- BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
if (b != NULL && FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
@@ -2941,12 +2936,12 @@ void unbuffer(FILE *fp)
* temporarily.
*/
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
-# pragma environment save
-# pragma message disable maylosedata2
+#pragma environment save
+#pragma message disable maylosedata2
#endif
setbuf(fp, NULL);
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
-# pragma environment restore
+#pragma environment restore
#endif
}
@@ -2997,21 +2992,21 @@ BIO *bio_open_owner(const char *filename, int format, int private)
textmode = FMT_istext(format);
#ifndef OPENSSL_NO_POSIX_IO
mode = O_WRONLY;
-# ifdef O_CREAT
+#ifdef O_CREAT
mode |= O_CREAT;
-# endif
-# ifdef O_TRUNC
+#endif
+#ifdef O_TRUNC
mode |= O_TRUNC;
-# endif
+#endif
if (!textmode) {
-# ifdef O_BINARY
+#ifdef O_BINARY
mode |= O_BINARY;
-# elif defined(_O_BINARY)
+#elif defined(_O_BINARY)
mode |= _O_BINARY;
-# endif
+#endif
}
-# ifdef OPENSSL_SYS_VMS
+#ifdef OPENSSL_SYS_VMS
/* VMS doesn't have O_BINARY, it just doesn't make sense. But,
* it still needs to know that we're going binary, or fdopen()
* will fail with "invalid argument"... so we tell VMS what the
@@ -3020,15 +3015,15 @@ BIO *bio_open_owner(const char *filename, int format, int private)
if (!textmode)
fd = open(filename, mode, 0600, "ctx=bin");
else
-# endif
+#endif
fd = open(filename, mode, 0600);
if (fd < 0)
goto err;
fp = fdopen(fd, modestr('w', format));
-#else /* OPENSSL_NO_POSIX_IO */
+#else /* OPENSSL_NO_POSIX_IO */
/* Have stdio but not Posix IO, do the best we can */
fp = fopen(filename, modestr('w', format));
-#endif /* OPENSSL_NO_POSIX_IO */
+#endif /* OPENSSL_NO_POSIX_IO */
if (fp == NULL)
goto err;
bflags = BIO_CLOSE;
@@ -3038,9 +3033,9 @@ BIO *bio_open_owner(const char *filename, int format, int private)
if (b != NULL)
return b;
- err:
+err:
BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
- opt_getprog(), filename, strerror(errno));
+ opt_getprog(), filename, strerror(errno));
ERR_print_errors(bio_err);
/* If we have fp, then fdopen took over fd, so don't close both. */
if (fp != NULL)
@@ -3053,7 +3048,7 @@ BIO *bio_open_owner(const char *filename, int format, int private)
}
static BIO *bio_open_default_(const char *filename, char mode, int format,
- int quiet)
+ int quiet)
{
BIO *ret;
@@ -3066,8 +3061,8 @@ static BIO *bio_open_default_(const char *filename, char mode, int format,
if (ret != NULL)
return ret;
BIO_printf(bio_err,
- "Can't open %s, %s\n",
- mode == 'r' ? "stdin" : "stdout", strerror(errno));
+ "Can't open %s, %s\n",
+ mode == 'r' ? "stdin" : "stdout", strerror(errno));
} else {
ret = BIO_new_file(filename, modestr(mode, format));
if (quiet) {
@@ -3077,8 +3072,8 @@ static BIO *bio_open_default_(const char *filename, char mode, int format,
if (ret != NULL)
return ret;
BIO_printf(bio_err,
- "Can't open \"%s\" for %s, %s\n",
- filename, modeverb(mode), strerror(errno));
+ "Can't open \"%s\" for %s, %s\n",
+ filename, modeverb(mode), strerror(errno));
}
ERR_print_errors(bio_err);
return NULL;
@@ -3129,7 +3124,7 @@ void wait_for_async(SSL *s)
#if defined(OPENSSL_SYS_MSDOS)
int has_stdin_waiting(void)
{
-# if defined(OPENSSL_SYS_WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS)
HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
DWORD events = 0;
INPUT_RECORD inputrec;
@@ -3148,7 +3143,7 @@ int has_stdin_waiting(void)
}
return 0;
}
-# endif
+#endif
return _kbhit();
}
#endif
@@ -3156,12 +3151,12 @@ int has_stdin_waiting(void)
/* Corrupt a signature by modifying final byte */
void corrupt_signature(const ASN1_STRING *signature)
{
- unsigned char *s = signature->data;
- s[signature->length - 1] ^= 0x1;
+ unsigned char *s = signature->data;
+ s[signature->length - 1] ^= 0x1;
}
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
- int days)
+ int days)
{
if (startdate == NULL || strcmp(startdate, "today") == 0) {
if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
@@ -3206,7 +3201,7 @@ end:
}
int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate,
- long days, long hours, long secs)
+ long days, long hours, long secs)
{
int ret = 0;
ASN1_TIME *tm = ASN1_TIME_new();
@@ -3252,7 +3247,7 @@ int opt_printf_stderr(const char *fmt, ...)
}
OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
- const OSSL_PARAM *paramdefs)
+ const OSSL_PARAM *paramdefs)
{
OSSL_PARAM *params = NULL;
size_t sz = (size_t)sk_OPENSSL_STRING_num(opts);
@@ -3277,7 +3272,7 @@ OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
/* Skip over the separator so that vmtp points to the value */
vtmp++;
if (!OSSL_PARAM_allocate_from_text(&params[params_n], paramdefs,
- stmp, vtmp, strlen(vtmp), &found))
+ stmp, vtmp, strlen(vtmp), &found))
goto err;
OPENSSL_free(stmp);
}
@@ -3286,7 +3281,7 @@ OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
err:
OPENSSL_free(stmp);
BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown",
- opt);
+ opt);
ERR_print_errors(bio_err);
app_params_free(params);
return NULL;
@@ -3316,10 +3311,10 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
}
if (!RAND_status())
BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
- "if the system has a poor entropy source\n");
+ "if the system has a poor entropy source\n");
if (EVP_PKEY_keygen(ctx, &res) <= 0)
BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(),
- alg != NULL ? alg : "asymmetric");
+ alg != NULL ? alg : "asymmetric");
return res;
}
@@ -3329,10 +3324,10 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
if (!RAND_status())
BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
- "if the system has a poor entropy source\n");
+ "if the system has a poor entropy source\n");
if (EVP_PKEY_paramgen(ctx, &res) <= 0)
BIO_printf(bio_err, "%s: Generating %s key parameters failed\n",
- opt_getprog(), alg != NULL ? alg : "asymmetric");
+ opt_getprog(), alg != NULL ? alg : "asymmetric");
return res;
}
diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c
index 00e0ba5d9996..aa2230381f3a 100644
--- a/apps/lib/apps_ui.c
+++ b/apps/lib/apps_ui.c
@@ -32,17 +32,14 @@ static int ui_read(UI *ui, UI_STRING *uis)
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ case UIT_VERIFY: {
+ const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password != NULL) {
- UI_set_result(ui, uis, password);
- return 1;
- }
+ if (password != NULL) {
+ UI_set_result(ui, uis, password);
+ return 1;
}
- break;
+ } break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
@@ -67,15 +64,12 @@ static int ui_write(UI *ui, UI_STRING *uis)
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ case UIT_VERIFY: {
+ const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password != NULL)
- return 1;
- }
- break;
+ if (password != NULL)
+ return 1;
+ } break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
@@ -101,7 +95,7 @@ static int ui_close(UI *ui)
/* object_name defaults to prompt_info from ui user data if present */
static char *ui_prompt_construct(UI *ui, const char *phrase_desc,
- const char *object_name)
+ const char *object_name)
{
PW_CB_DATA *cb_data = (PW_CB_DATA *)UI_get0_user_data(ui);
@@ -132,8 +126,7 @@ int setup_ui_method(void)
&& 0 == UI_method_set_reader(ui_method, ui_read)
&& 0 == UI_method_set_writer(ui_method, ui_write)
&& 0 == UI_method_set_closer(ui_method, ui_close)
- && 0 == UI_method_set_prompt_constructor(ui_method,
- ui_prompt_construct);
+ && 0 == UI_method_set_prompt_constructor(ui_method, ui_prompt_construct);
}
void destroy_ui_method(void)
@@ -190,12 +183,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
(void)UI_add_user_data(ui, cb_data);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = ui_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
- PW_MIN_LENGTH, bufsiz - 1, buf);
+ PW_MIN_LENGTH, bufsiz - 1, buf);
}
if (ok >= 0)
do {
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 637bd1d0b7a4..e20c7e5184c6 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -18,18 +18,17 @@
/* the context for the CMP mock server */
typedef struct
{
- X509 *certOut; /* certificate to be returned in cp/ip/kup msg */
- STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
+ X509 *certOut; /* certificate to be returned in cp/ip/kup msg */
+ STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
- int sendError; /* send error response on given request type */
- OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
- int pollCount; /* number of polls before actual cert response */
- int curr_pollCount; /* number of polls so far for current request */
- int checkAfterTime; /* time the client should wait between polling */
+ int sendError; /* send error response on given request type */
+ OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
+ int pollCount; /* number of polls before actual cert response */
+ int curr_pollCount; /* number of polls so far for current request */
+ int checkAfterTime; /* time the client should wait between polling */
} mock_srv_ctx;
-
static void mock_srv_ctx_free(mock_srv_ctx *ctx)
{
if (ctx == NULL)
@@ -57,7 +56,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
- err:
+err:
mock_srv_ctx_free(ctx);
return NULL;
}
@@ -79,7 +78,7 @@ int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert)
}
int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *chain)
+ STACK_OF(X509) *chain)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
STACK_OF(X509) *chain_copy = NULL;
@@ -96,7 +95,7 @@ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
- STACK_OF(X509) *caPubs)
+ STACK_OF(X509) *caPubs)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
STACK_OF(X509) *caPubs_copy = NULL;
@@ -113,7 +112,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
- int fail_info, const char *text)
+ int fail_info, const char *text)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
OSSL_CMP_PKISI *si;
@@ -171,24 +170,24 @@ int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec)
}
static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *cert_req,
- ossl_unused int certReqId,
- const OSSL_CRMF_MSG *crm,
- const X509_REQ *p10cr,
- X509 **certOut,
- STACK_OF(X509) **chainOut,
- STACK_OF(X509) **caPubs)
+ const OSSL_CMP_MSG *cert_req,
+ ossl_unused int certReqId,
+ const OSSL_CRMF_MSG *crm,
+ const X509_REQ *p10cr,
+ X509 **certOut,
+ STACK_OF(X509) **chainOut,
+ STACK_OF(X509) **caPubs)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
OSSL_CMP_PKISI *si = NULL;
if (ctx == NULL || cert_req == NULL
- || certOut == NULL || chainOut == NULL || caPubs == NULL) {
+ || certOut == NULL || chainOut == NULL || caPubs == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
@@ -213,7 +212,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
ctx->curr_pollCount = 0;
if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_KUR
- && crm != NULL && ctx->certOut != NULL) {
+ && crm != NULL && ctx->certOut != NULL) {
const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm);
const X509_NAME *issuer = X509_get_issuer_name(ctx->certOut);
const ASN1_INTEGER *serial = X509_get0_serialNumber(ctx->certOut);
@@ -229,27 +228,28 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
}
if (serial != NULL
&& ASN1_INTEGER_cmp(serial,
- OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) {
+ OSSL_CRMF_CERTID_get0_serialNumber(cid))
+ != 0) {
ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID);
return NULL;
}
}
if (ctx->certOut != NULL
- && (*certOut = X509_dup(ctx->certOut)) == NULL)
+ && (*certOut = X509_dup(ctx->certOut)) == NULL)
goto err;
if (ctx->chainOut != NULL
- && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
+ && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
goto err;
if (ctx->caPubsOut != NULL
- && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)
+ && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL)
goto err;
if (ctx->statusOut != NULL
- && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)
+ && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL)
goto err;
return si;
- err:
+err:
X509_free(*certOut);
*certOut = NULL;
sk_X509_pop_free(*chainOut, X509_free);
@@ -260,9 +260,9 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
}
static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *rr,
- const X509_NAME *issuer,
- const ASN1_INTEGER *serial)
+ const OSSL_CMP_MSG *rr,
+ const X509_NAME *issuer,
+ const ASN1_INTEGER *serial)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -271,7 +271,7 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
return NULL;
}
if (ctx->certOut == NULL || ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return NULL;
}
@@ -282,19 +282,20 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
/* accept revocation only for the certificate we sent in ir/cr/kur */
if (X509_NAME_cmp(issuer, X509_get_issuer_name(ctx->certOut)) != 0
- || ASN1_INTEGER_cmp(serial,
- X509_get0_serialNumber(ctx->certOut)) != 0) {
+ || ASN1_INTEGER_cmp(serial,
+ X509_get0_serialNumber(ctx->certOut))
+ != 0) {
ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,
- "wrong certificate to revoke");
+ "wrong certificate to revoke");
return NULL;
}
return OSSL_CMP_PKISI_dup(ctx->statusOut);
}
static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *genm,
- const STACK_OF(OSSL_CMP_ITAV) *in,
- STACK_OF(OSSL_CMP_ITAV) **out)
+ const OSSL_CMP_MSG *genm,
+ const STACK_OF(OSSL_CMP_ITAV) *in,
+ STACK_OF(OSSL_CMP_ITAV) **out)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -303,21 +304,21 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
- || sk_OSSL_CMP_ITAV_num(in) > 1) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
+ || sk_OSSL_CMP_ITAV_num(in) > 1) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
*out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup,
- OSSL_CMP_ITAV_free);
+ OSSL_CMP_ITAV_free);
return *out != NULL;
}
static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
- const OSSL_CMP_PKISI *statusInfo,
- const ASN1_INTEGER *errorCode,
- const OSSL_CMP_PKIFREETEXT *errorDetails)
+ const OSSL_CMP_PKISI *statusInfo,
+ const ASN1_INTEGER *errorCode,
+ const OSSL_CMP_PKIFREETEXT *errorDetails)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
char buf[OSSL_CMP_PKISI_BUFLEN];
@@ -336,7 +337,7 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
} else {
sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf));
BIO_printf(bio_err, "pkiStatusInfo: %s\n",
- sibuf != NULL ? sibuf: "<invalid>");
+ sibuf != NULL ? sibuf : "<invalid>");
}
if (errorCode == NULL)
@@ -353,7 +354,7 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
BIO_printf(bio_err, ", ");
BIO_printf(bio_err, "\"");
ASN1_STRING_print(bio_err,
- sk_ASN1_UTF8STRING_value(errorDetails, i));
+ sk_ASN1_UTF8STRING_value(errorDetails, i));
BIO_printf(bio_err, "\"");
}
BIO_printf(bio_err, "\n");
@@ -361,10 +362,10 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
}
static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *certConf,
- ossl_unused int certReqId,
- const ASN1_OCTET_STRING *certHash,
- const OSSL_CMP_PKISI *si)
+ const OSSL_CMP_MSG *certConf,
+ ossl_unused int certReqId,
+ const ASN1_OCTET_STRING *certHash,
+ const OSSL_CMP_PKISI *si)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
ASN1_OCTET_STRING *digest;
@@ -374,8 +375,8 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
- || ctx->certOut == NULL) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
+ || ctx->certOut == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}
@@ -392,19 +393,19 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
}
static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
- const OSSL_CMP_MSG *pollReq,
- ossl_unused int certReqId,
- OSSL_CMP_MSG **certReq, int64_t *check_after)
+ const OSSL_CMP_MSG *pollReq,
+ ossl_unused int certReqId,
+ OSSL_CMP_MSG **certReq, int64_t *check_after)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
if (ctx == NULL || pollReq == NULL
- || certReq == NULL || check_after == NULL) {
+ || certReq == NULL || check_after == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (ctx->sendError == 1
- || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
+ || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
*certReq = NULL;
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
@@ -434,9 +435,9 @@ OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
mock_srv_ctx *ctx = mock_srv_ctx_new();
if (srv_ctx != NULL && ctx != NULL
- && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,
- process_rr, process_genm, process_error,
- process_certConf, process_pollReq))
+ && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request,
+ process_rr, process_genm, process_error,
+ process_certConf, process_pollReq))
return srv_ctx;
mock_srv_ctx_free(ctx);
diff --git a/apps/lib/columns.c b/apps/lib/columns.c
index aa58fe1781f5..3dd86600e701 100644
--- a/apps/lib/columns.c
+++ b/apps/lib/columns.c
@@ -24,4 +24,3 @@ void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc)
dc->width = maxlen + 2;
dc->columns = (80 - 1) / dc->width;
}
-
diff --git a/apps/lib/engine.c b/apps/lib/engine.c
index 209c4b6b03c2..c486a10513e3 100644
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@@ -19,7 +19,7 @@
#include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+#include <openssl/engine.h>
#endif
#include "apps.h"
@@ -60,8 +60,8 @@ ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug)
if (debug)
(void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0,
- (void *)get_ui_method(), 0, 1)
- || !ENGINE_set_default(e, methods)) {
+ (void *)get_ui_method(), 0, 1)
+ || !ENGINE_set_default(e, methods)) {
BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e));
ERR_print_errors(bio_err);
ENGINE_free(e);
@@ -113,8 +113,7 @@ char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc)
BIO_printf(bio_err, "No engine key id specified for loading %s\n", desc);
} else {
const char *engineid = ENGINE_get_id(e);
- size_t uri_sz =
- sizeof(ENGINE_SCHEME_COLON) - 1
+ size_t uri_sz = sizeof(ENGINE_SCHEME_COLON) - 1
+ strlen(engineid)
+ 1 /* : */
+ strlen(key_id)
@@ -151,9 +150,9 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
else
#endif
- /* We're only interested if it comes from an ENGINE */
- if (tmpeng == NULL)
- ameth = NULL;
+ /* We're only interested if it comes from an ENGINE */
+ if (tmpeng == NULL)
+ ameth = NULL;
ERR_pop_to_mark();
if (ameth == NULL)
diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c
index 42775a89f361..bc7c9b1be951 100644
--- a/apps/lib/engine_loader.c
+++ b/apps/lib/engine_loader.c
@@ -18,10 +18,10 @@
#ifndef OPENSSL_NO_ENGINE
-# include <stdarg.h>
-# include <string.h>
-# include <openssl/engine.h>
-# include <openssl/store.h>
+#include <stdarg.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/store.h>
/*
* Support for legacy private engine keys via the 'org.openssl.engine:' scheme
@@ -35,10 +35,10 @@
/* Local definition of OSSL_STORE_LOADER_CTX */
struct ossl_store_loader_ctx_st {
- ENGINE *e; /* Structural reference */
+ ENGINE *e; /* Structural reference */
char *keyid;
int expected;
- int loaded; /* 0 = key not loaded yet, 1 = key loaded */
+ int loaded; /* 0 = key not loaded yet, 1 = key loaded */
};
static OSSL_STORE_LOADER_CTX *OSSL_STORE_LOADER_CTX_new(ENGINE *e, char *keyid)
@@ -62,9 +62,9 @@ static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
}
static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader,
- const char *uri,
- const UI_METHOD *ui_method,
- void *ui_data)
+ const char *uri,
+ const UI_METHOD *ui_method,
+ void *ui_data)
{
const char *p = uri, *q;
ENGINE *e = NULL;
@@ -78,9 +78,9 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader,
/* Look for engine ID */
q = strchr(p, ':');
- if (q != NULL /* There is both an engine ID and a key ID */
- && p[0] != ':' /* The engine ID is at least one character */
- && q[1] != '\0') { /* The key ID is at least one character */
+ if (q != NULL /* There is both an engine ID and a key ID */
+ && p[0] != ':' /* The engine ID is at least one character */
+ && q[1] != '\0') { /* The key ID is at least one character */
char engineid[256];
size_t engineid_l = q - p;
@@ -114,7 +114,7 @@ static int engine_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
}
static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx,
- const UI_METHOD *ui_method, void *ui_data)
+ const UI_METHOD *ui_method, void *ui_data)
{
EVP_PKEY *pkey = NULL, *pubkey = NULL;
OSSL_STORE_INFO *info = NULL;
@@ -123,14 +123,12 @@ static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx,
if (ENGINE_init(ctx->e)) {
if (ctx->expected == 0
|| ctx->expected == OSSL_STORE_INFO_PKEY)
- pkey =
- ENGINE_load_private_key(ctx->e, ctx->keyid,
- (UI_METHOD *)ui_method, ui_data);
+ pkey = ENGINE_load_private_key(ctx->e, ctx->keyid,
+ (UI_METHOD *)ui_method, ui_data);
if ((pkey == NULL && ctx->expected == 0)
|| ctx->expected == OSSL_STORE_INFO_PUBKEY)
- pubkey =
- ENGINE_load_public_key(ctx->e, ctx->keyid,
- (UI_METHOD *)ui_method, ui_data);
+ pubkey = ENGINE_load_public_key(ctx->e, ctx->keyid,
+ (UI_METHOD *)ui_method, ui_data);
ENGINE_finish(ctx->e);
}
}
@@ -189,7 +187,7 @@ void destroy_engine_loader(void)
OSSL_STORE_LOADER_free(loader);
}
-#else /* !OPENSSL_NO_ENGINE */
+#else /* !OPENSSL_NO_ENGINE */
int setup_engine_loader(void)
{
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index d2bfa432d966..ea69542bc5d8 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -14,7 +14,7 @@
* On VMS, you need to define this to get the declaration of fileno(). The
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
*/
-# define _POSIX_C_SOURCE 2
+#define _POSIX_C_SOURCE 2
#endif
#include <string.h>
@@ -26,22 +26,22 @@
#include "s_apps.h"
#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_fork)>
-# endif
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_fork)>
+#endif
#endif
static int verbosity = LOG_INFO;
#define HTTP_PREFIX "HTTP/"
#define HTTP_VERSION_PATT "1." /* allow 1.x */
-#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
-#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
+#define HTTP_PREFIX_VERSION HTTP_PREFIX "" HTTP_VERSION_PATT
+#define HTTP_1_0 HTTP_PREFIX_VERSION "0" /* "HTTP/1.0" */
#ifdef HTTP_DAEMON
int multi = 0; /* run multiple responder processes */
-int acfd = (int) INVALID_SOCKET;
+int acfd = (int)INVALID_SOCKET;
static int print_syslog(const char *str, size_t len, void *levPtr)
{
@@ -123,7 +123,7 @@ void spawn_loop(const char *prog)
if (setpgid(0, 0)) {
syslog(LOG_ERR, "fatal: error detaching from parent process group: %s",
- strerror(errno));
+ strerror(errno));
exit(1);
}
kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array");
@@ -151,21 +151,21 @@ void spawn_loop(const char *prog)
}
if (i >= multi) {
syslog(LOG_ERR, "fatal: internal error: "
- "no matching child slot for pid: %ld",
- (long) fpid);
+ "no matching child slot for pid: %ld",
+ (long)fpid);
killall(1, kidpids);
}
if (status != 0) {
if (WIFEXITED(status))
syslog(LOG_WARNING, "child process: %ld, exit status: %d",
- (long)fpid, WEXITSTATUS(status));
+ (long)fpid, WEXITSTATUS(status));
else if (WIFSIGNALED(status))
syslog(LOG_WARNING, "child process: %ld, term signal %d%s",
- (long)fpid, WTERMSIG(status),
-# ifdef WCOREDUMP
- WCOREDUMP(status) ? " (core dumped)" :
-# endif
- "");
+ (long)fpid, WTERMSIG(status),
+#ifdef WCOREDUMP
+ WCOREDUMP(status) ? " (core dumped)" :
+#endif
+ "");
ossl_sleep(1000);
}
break;
@@ -193,7 +193,7 @@ void spawn_loop(const char *prog)
_exit(1);
}
return;
- default: /* parent */
+ default: /* parent */
for (i = 0; i < multi; ++i) {
if (kidpids[i] == 0) {
kidpids[i] = fpid;
@@ -251,7 +251,7 @@ BIO *http_server_init_bio(const char *prog, const char *port)
return acbio;
- err:
+err:
BIO_free_all(acbio);
BIO_free(bufbio);
return NULL;
@@ -284,10 +284,10 @@ static int urldecode(char *p)
/* if *pcbio != NULL, continue given connected session, else accept new */
/* if found_keep_alive != NULL, return this way connection persistence state */
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
- char **ppath, BIO **pcbio, BIO *acbio,
- int *found_keep_alive,
- const char *prog, const char *port,
- int accept_get, int timeout)
+ char **ppath, BIO **pcbio, BIO *acbio,
+ int *found_keep_alive,
+ const char *prog, const char *port,
+ int accept_get, int timeout)
{
BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
int len;
@@ -302,7 +302,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
if (cbio == NULL) {
log_message(prog, LOG_DEBUG,
- "Awaiting new connection on port %s...", port);
+ "Awaiting new connection on port %s...", port);
if (BIO_do_accept(acbio) <= 0)
/* Connection loss before accept() is routine, ignore silently */
return ret;
@@ -317,12 +317,12 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
goto out;
}
-# ifdef HTTP_DAEMON
+#ifdef HTTP_DAEMON
if (timeout > 0) {
(void)BIO_get_fd(cbio, &acfd);
alarm(timeout);
}
-# endif
+#endif
/* Read the request line. */
len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
@@ -335,15 +335,15 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
goto out;
}
if ((end = strchr(reqbuf, '\r')) != NULL
- || (end = strchr(reqbuf, '\n')) != NULL)
+ || (end = strchr(reqbuf, '\n')) != NULL)
*end = '\0';
log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf);
meth = reqbuf;
url = meth + 3;
if ((accept_get && strncmp(meth, "GET ", 4) == 0)
- || (url++, strncmp(meth, "POST ", 5) == 0)) {
- static const char http_version_str[] = " "HTTP_PREFIX_VERSION;
+ || (url++, strncmp(meth, "POST ", 5) == 0)) {
+ static const char http_version_str[] = " " HTTP_PREFIX_VERSION;
static const size_t http_version_str_len = sizeof(http_version_str) - 1;
/* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
@@ -352,8 +352,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
url++;
if (*url != '/') {
log_message(prog, LOG_WARNING,
- "Invalid %s -- URL does not begin with '/': %s",
- meth, url);
+ "Invalid %s -- URL does not begin with '/': %s",
+ meth, url);
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -365,8 +365,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
break;
if (strncmp(end, http_version_str, http_version_str_len) != 0) {
log_message(prog, LOG_WARNING,
- "Invalid %s -- bad HTTP/version string: %s",
- meth, end + 1);
+ "Invalid %s -- bad HTTP/version string: %s",
+ meth, end + 1);
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -388,8 +388,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
len = urldecode(url);
if (len < 0) {
log_message(prog, LOG_WARNING,
- "Invalid %s request -- bad URL encoding: %s",
- meth, url);
+ "Invalid %s request -- bad URL encoding: %s",
+ meth, url);
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -397,8 +397,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
if ((getbio = BIO_new_mem_buf(url, len)) == NULL
|| (b64 = BIO_new(BIO_f_base64())) == NULL) {
log_message(prog, LOG_ERR,
- "Could not allocate base64 bio with size = %d",
- len);
+ "Could not allocate base64 bio with size = %d",
+ len);
goto fatal;
}
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
@@ -406,8 +406,8 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
}
} else {
log_message(prog, LOG_WARNING,
- "HTTP request does not begin with %sPOST: %s",
- accept_get ? "GET or " : "", reqbuf);
+ "HTTP request does not begin with %sPOST: %s",
+ accept_get ? "GET or " : "", reqbuf);
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -437,7 +437,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
value = strchr(key, ':');
if (value == NULL) {
log_message(prog, LOG_WARNING,
- "Error parsing HTTP header: missing ':'");
+ "Error parsing HTTP header: missing ':'");
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -449,7 +449,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
line_end = strchr(value, '\n');
if (line_end == NULL) {
log_message(prog, LOG_WARNING,
- "Error parsing HTTP header: missing end of line");
+ "Error parsing HTTP header: missing end of line");
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
@@ -465,37 +465,37 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
}
}
-# ifdef HTTP_DAEMON
+#ifdef HTTP_DAEMON
/* Clear alarm before we close the client socket */
alarm(0);
timeout = 0;
-# endif
+#endif
/* Try to read and parse request */
req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
if (req == NULL) {
log_message(prog, LOG_WARNING,
- "Error parsing DER-encoded request content");
+ "Error parsing DER-encoded request content");
(void)http_server_send_status(cbio, 400, "Bad Request");
} else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
log_message(prog, LOG_ERR,
- "Out of memory allocating %zu bytes", strlen(url) + 1);
+ "Out of memory allocating %zu bytes", strlen(url) + 1);
ASN1_item_free(req, it);
goto fatal;
}
*preq = req;
- out:
+out:
BIO_free_all(getbio);
-# ifdef HTTP_DAEMON
+#ifdef HTTP_DAEMON
if (timeout > 0)
alarm(0);
acfd = (int)INVALID_SOCKET;
-# endif
+#endif
return ret;
- fatal:
+fatal:
(void)http_server_send_status(cbio, 500, "Internal Server Error");
if (ppath != NULL) {
OPENSSL_free(*ppath);
@@ -509,16 +509,17 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
/* assumes that cbio does not do an encoding that changes the output length */
int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
- const char *content_type,
- const ASN1_ITEM *it, const ASN1_VALUE *resp)
+ const char *content_type,
+ const ASN1_ITEM *it, const ASN1_VALUE *resp)
{
- int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s"
- "Content-type: %s\r\n"
- "Content-Length: %d\r\n\r\n",
- keep_alive ? "Connection: keep-alive\r\n" : "",
- content_type,
- ASN1_item_i2d(resp, NULL, it)) > 0
- && ASN1_item_i2d_bio(it, cbio, resp) > 0;
+ int ret = BIO_printf(cbio, HTTP_1_0 " 200 OK\r\n%s"
+ "Content-type: %s\r\n"
+ "Content-Length: %d\r\n\r\n",
+ keep_alive ? "Connection: keep-alive\r\n" : "",
+ content_type,
+ ASN1_item_i2d(resp, NULL, it))
+ > 0
+ && ASN1_item_i2d_bio(it, cbio, resp) > 0;
(void)BIO_flush(cbio);
return ret;
@@ -526,9 +527,10 @@ int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
int http_server_send_status(BIO *cbio, int status, const char *reason)
{
- int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n",
- /* This implicitly cancels keep-alive */
- status, reason) > 0;
+ int ret = BIO_printf(cbio, HTTP_1_0 " %d %s\r\n\r\n",
+ /* This implicitly cancels keep-alive */
+ status, reason)
+ > 0;
(void)BIO_flush(cbio);
return ret;
diff --git a/apps/lib/names.c b/apps/lib/names.c
index 4788ae84b915..22571ff5436c 100644
--- a/apps/lib/names.c
+++ b/apps/lib/names.c
@@ -13,7 +13,7 @@
#include "names.h"
#include "openssl/crypto.h"
-int name_cmp(const char * const *a, const char * const *b)
+int name_cmp(const char *const *a, const char *const *b)
{
return OPENSSL_strcasecmp(*a, *b);
}
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 88db9ad6947b..3d1d02da06e2 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -17,7 +17,7 @@
#include "internal/numbers.h"
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
-# include <unistd.h>
+#include <unistd.h>
#endif
#include <stdlib.h>
@@ -55,7 +55,7 @@ const char *opt_path_end(const char *filename)
const char *p;
/* find the last '/', '\' or ':' */
- for (p = filename + strlen(filename); --p > filename; )
+ for (p = filename + strlen(filename); --p > filename;)
if (*p == '/' || *p == '\\' || *p == ':') {
p++;
break;
@@ -73,8 +73,7 @@ char *opt_progname(const char *argv0)
/* Strip off trailing nonsense. */
n = strlen(p);
- if (n > 4 &&
- (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
+ if (n > 4 && (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
n -= 4;
/* Copy over the name, in lowercase. */
@@ -178,8 +177,8 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
#endif
if (o->name == OPT_HELP_STR
- || o->name == OPT_MORE_STR
- || o->name == OPT_SECTION_STR)
+ || o->name == OPT_MORE_STR
+ || o->name == OPT_SECTION_STR)
continue;
#ifndef NDEBUG
i = o->valtype;
@@ -191,10 +190,25 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
else
OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
switch (i) {
- case 0: case '-': case '.':
- case '/': case '<': case '>': case 'E': case 'F':
- case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
- case 'u': case 'c': case ':': case 'N':
+ case 0:
+ case '-':
+ case '.':
+ case '/':
+ case '<':
+ case '>':
+ case 'E':
+ case 'F':
+ case 'M':
+ case 'U':
+ case 'f':
+ case 'l':
+ case 'n':
+ case 'p':
+ case 's':
+ case 'u':
+ case 'c':
+ case ':':
+ case 'N':
break;
default:
OPENSSL_assert(0);
@@ -209,7 +223,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
&& strcmp(o->name, next->name) == 0;
if (duplicated) {
opt_printf_stderr("%s: Internal error: duplicate option %s\n",
- prog, o->name);
+ prog, o->name);
OPENSSL_assert(!duplicated);
}
}
@@ -224,16 +238,16 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
}
static OPT_PAIR formats[] = {
- {"PEM/DER", OPT_FMT_PEMDER},
- {"pkcs12", OPT_FMT_PKCS12},
- {"smime", OPT_FMT_SMIME},
- {"engine", OPT_FMT_ENGINE},
- {"msblob", OPT_FMT_MSBLOB},
- {"nss", OPT_FMT_NSS},
- {"text", OPT_FMT_TEXT},
- {"http", OPT_FMT_HTTP},
- {"pvk", OPT_FMT_PVK},
- {NULL}
+ { "PEM/DER", OPT_FMT_PEMDER },
+ { "pkcs12", OPT_FMT_PKCS12 },
+ { "smime", OPT_FMT_SMIME },
+ { "engine", OPT_FMT_ENGINE },
+ { "msblob", OPT_FMT_MSBLOB },
+ { "nss", OPT_FMT_NSS },
+ { "text", OPT_FMT_TEXT },
+ { "http", OPT_FMT_HTTP },
+ { "pvk", OPT_FMT_PVK },
+ { NULL }
};
/* Print an error message about a failed format parse. */
@@ -243,10 +257,10 @@ static int opt_format_error(const char *s, unsigned long flags)
if (flags == OPT_FMT_PEMDER) {
opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
- prog, s);
+ prog, s);
} else {
opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
- prog, s);
+ prog, s);
for (ap = formats; ap->name; ap++)
if (flags & ap->retval)
opt_printf_stderr(" %s\n", ap->name);
@@ -321,7 +335,7 @@ int opt_format(const char *s, unsigned long flags, int *result)
return opt_format_error(s, flags);
*result = FORMAT_PVK;
} else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
- || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
+ || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
@@ -379,7 +393,8 @@ int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
ERR_set_mark();
if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
- app_get0_propq())) != NULL
+ app_get0_propq()))
+ != NULL
|| (opt_legacy_okay()
&& (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
ERR_pop_to_mark();
@@ -406,11 +421,11 @@ int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
int opt_cipher(const char *name, EVP_CIPHER **cipherp)
{
- int mode, ret = 0;
- unsigned long int flags;
- EVP_CIPHER *c = NULL;
+ int mode, ret = 0;
+ unsigned long int flags;
+ EVP_CIPHER *c = NULL;
- if (opt_cipher_any(name, &c)) {
+ if (opt_cipher_any(name, &c)) {
mode = EVP_CIPHER_get_mode(c);
flags = EVP_CIPHER_get_flags(c);
if (mode == EVP_CIPH_XTS_MODE) {
@@ -456,12 +471,12 @@ int opt_md(const char *name, EVP_MD **mdp)
if ((ret = opt_md_silent(name, mdp)) == 0)
opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog,
- name != NULL ? name : "\"\"");
+ name != NULL ? name : "\"\"");
return ret;
}
/* Look through a list of name/value pairs. */
-int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
+int opt_pair(const char *name, const OPT_PAIR *pairs, int *result)
{
const OPT_PAIR *pp;
@@ -500,7 +515,7 @@ int opt_int(const char *value, int *result)
*result = (int)l;
if (*result != l) {
opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
- prog, value);
+ prog, value);
return 0;
}
return 1;
@@ -522,15 +537,15 @@ static void opt_number_error(const char *v)
char *prefix;
char *name;
} b[] = {
- {"0x", "a hexadecimal"},
- {"0X", "a hexadecimal"},
- {"0", "an octal"}
+ { "0x", "a hexadecimal" },
+ { "0X", "a hexadecimal" },
+ { "0", "an octal" }
};
for (i = 0; i < OSSL_NELEM(b); i++) {
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
- prog, v, b[i].name);
+ prog, v, b[i].name);
return;
}
}
@@ -548,9 +563,9 @@ int opt_long(const char *value, long *result)
errno = 0;
l = strtol(value, &endp, 0);
if (*endp
- || endp == value
- || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
- || (l == 0 && errno != 0)) {
+ || endp == value
+ || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
+ || (l == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
@@ -560,9 +575,7 @@ int opt_long(const char *value, long *result)
return 1;
}
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
- defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
- !defined(OPENSSL_NO_INTTYPES_H)
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && defined(INTMAX_MAX) && defined(UINTMAX_MAX) && !defined(OPENSSL_NO_INTTYPES_H)
/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
int opt_intmax(const char *value, ossl_intmax_t *result)
@@ -574,10 +587,10 @@ int opt_intmax(const char *value, ossl_intmax_t *result)
errno = 0;
m = strtoimax(value, &endp, 0);
if (*endp
- || endp == value
- || ((m == INTMAX_MAX || m == INTMAX_MIN)
- && errno == ERANGE)
- || (m == 0 && errno != 0)) {
+ || endp == value
+ || ((m == INTMAX_MAX || m == INTMAX_MIN)
+ && errno == ERANGE)
+ || (m == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
@@ -603,9 +616,9 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
errno = 0;
m = strtoumax(value, &endp, 0);
if (*endp
- || endp == value
- || (m == UINTMAX_MAX && errno == ERANGE)
- || (m == 0 && errno != 0)) {
+ || endp == value
+ || (m == UINTMAX_MAX && errno == ERANGE)
+ || (m == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
@@ -655,9 +668,9 @@ int opt_ulong(const char *value, unsigned long *result)
errno = 0;
l = strtoul(value, &endptr, 0);
if (*endptr
- || endptr == value
- || ((l == ULONG_MAX) && errno == ERANGE)
- || (l == 0 && errno != 0)) {
+ || endptr == value
+ || ((l == ULONG_MAX) && errno == ERANGE)
+ || (l == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
@@ -699,7 +712,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
ASN1_OBJECT_free(otmp);
opt_printf_stderr("%s: Internal error adding Policy %s\n",
- prog, opt_arg());
+ prog, opt_arg());
return 0;
}
break;
@@ -719,7 +732,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
opt_printf_stderr("%s: Internal error setting purpose %s\n",
- prog, opt_arg());
+ prog, opt_arg());
return 0;
}
break;
@@ -727,7 +740,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
if (vtmp == NULL) {
opt_printf_stderr("%s: Invalid verify name %s\n",
- prog, opt_arg());
+ prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set1(vpm, vtmp);
@@ -747,7 +760,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
return 0;
if (t != (time_t)t) {
opt_printf_stderr("%s: epoch time out of range %s\n",
- prog, opt_arg());
+ prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
@@ -775,8 +788,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
break;
case OPT_V_CRL_CHECK_ALL:
X509_VERIFY_PARAM_set_flags(vpm,
- X509_V_FLAG_CRL_CHECK |
- X509_V_FLAG_CRL_CHECK_ALL);
+ X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
break;
case OPT_V_POLICY_CHECK:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
@@ -831,7 +843,6 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
break;
}
return 1;
-
}
void opt_begin(void)
@@ -881,14 +892,14 @@ int opt_next(void)
for (o = opts; o->name; ++o) {
/* If not this option, move on to the next one. */
if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
- && strcmp(p, o->name) != 0)
+ && strcmp(p, o->name) != 0)
continue;
/* If it doesn't take a value, make sure none was given. */
if (o->valtype == 0 || o->valtype == '-') {
if (arg) {
opt_printf_stderr("%s: Option -%s does not take a value\n",
- prog, p);
+ prog, p);
return -1;
}
return o->retval;
@@ -898,7 +909,7 @@ int opt_next(void)
if (arg == NULL) {
if (argv[opt_index] == NULL) {
opt_printf_stderr("%s: Option -%s needs a value\n",
- prog, o->name);
+ prog, o->name);
return -1;
}
arg = argv[opt_index++];
@@ -932,12 +943,12 @@ int opt_next(void)
return -1;
if (o->valtype == 'p' && ival <= 0) {
opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n",
- prog, arg, o->name);
+ prog, arg, o->name);
return -1;
}
if (o->valtype == 'N' && ival < 0) {
opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n",
- prog, arg, o->name);
+ prog, arg, o->name);
return -1;
}
break;
@@ -962,13 +973,13 @@ int opt_next(void)
case 'F':
case 'f':
if (opt_format(arg,
- o->valtype == 'c' ? OPT_FMT_PDS :
- o->valtype == 'E' ? OPT_FMT_PDE :
- o->valtype == 'F' ? OPT_FMT_PEMDER
- : OPT_FMT_ANY, &ival))
+ o->valtype == 'c' ? OPT_FMT_PDS : o->valtype == 'E' ? OPT_FMT_PDE
+ : o->valtype == 'F' ? OPT_FMT_PEMDER
+ : OPT_FMT_ANY,
+ &ival))
break;
opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n",
- prog, arg, o->name);
+ prog, arg, o->name);
return -1;
}
@@ -1061,57 +1072,57 @@ static const char *valtype2param(const OPTIONS *o)
static void opt_print(const OPTIONS *o, int doingparams, int width)
{
- const char* help;
+ const char *help;
char start[80 + 1];
char *p;
- help = o->helpstr ? o->helpstr : "(No additional info)";
- if (o->name == OPT_HELP_STR) {
- opt_printf_stderr(help, prog);
- return;
- }
- if (o->name == OPT_SECTION_STR) {
- opt_printf_stderr("\n");
- opt_printf_stderr(help, prog);
- return;
- }
- if (o->name == OPT_PARAM_STR) {
- opt_printf_stderr("\nParameters:\n");
- return;
- }
-
- /* Pad out prefix */
- memset(start, ' ', sizeof(start) - 1);
- start[sizeof(start) - 1] = '\0';
+ help = o->helpstr ? o->helpstr : "(No additional info)";
+ if (o->name == OPT_HELP_STR) {
+ opt_printf_stderr(help, prog);
+ return;
+ }
+ if (o->name == OPT_SECTION_STR) {
+ opt_printf_stderr("\n");
+ opt_printf_stderr(help, prog);
+ return;
+ }
+ if (o->name == OPT_PARAM_STR) {
+ opt_printf_stderr("\nParameters:\n");
+ return;
+ }
- if (o->name == OPT_MORE_STR) {
- /* Continuation of previous line; pad and print. */
- start[width] = '\0';
- opt_printf_stderr("%s %s\n", start, help);
- return;
- }
+ /* Pad out prefix */
+ memset(start, ' ', sizeof(start) - 1);
+ start[sizeof(start) - 1] = '\0';
- /* Build up the "-flag [param]" part. */
- p = start;
- *p++ = ' ';
- if (!doingparams)
- *p++ = '-';
- if (o->name[0])
- p += strlen(strcpy(p, o->name));
- else
- *p++ = '*';
- if (o->valtype != '-') {
- *p++ = ' ';
- p += strlen(strcpy(p, valtype2param(o)));
- }
- *p = ' ';
- if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
- *p = '\0';
- opt_printf_stderr("%s\n", start);
- memset(start, ' ', sizeof(start));
- }
+ if (o->name == OPT_MORE_STR) {
+ /* Continuation of previous line; pad and print. */
start[width] = '\0';
opt_printf_stderr("%s %s\n", start, help);
+ return;
+ }
+
+ /* Build up the "-flag [param]" part. */
+ p = start;
+ *p++ = ' ';
+ if (!doingparams)
+ *p++ = '-';
+ if (o->name[0])
+ p += strlen(strcpy(p, o->name));
+ else
+ *p++ = '*';
+ if (o->valtype != '-') {
+ *p++ = ' ';
+ p += strlen(strcpy(p, valtype2param(o)));
+ }
+ *p = ' ';
+ if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
+ *p = '\0';
+ opt_printf_stderr("%s\n", start);
+ memset(start, ' ', sizeof(start));
+ }
+ start[width] = '\0';
+ opt_printf_stderr("%s %s\n", start, help);
}
void opt_help(const OPTIONS *list)
@@ -1152,52 +1163,52 @@ void opt_help(const OPTIONS *list)
/* opt_isdir section */
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
int opt_isdir(const char *name)
{
DWORD attr;
-# if defined(UNICODE) || defined(_UNICODE)
+#if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > MAX_PATH)
return -1;
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101
if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
-# endif
+#endif
for (i = 0; i < len_0; i++)
tempname[i] = (WCHAR)name[i];
attr = GetFileAttributes(tempname);
-# else
+#else
attr = GetFileAttributes(name);
-# endif
+#endif
if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
#else
-# include <sys/stat.h>
-# ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
-# endif
+#include <sys/stat.h>
+#ifndef S_ISDIR
+#if defined(_S_IFMT) && defined(_S_IFDIR)
+#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+#else
+#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+#endif
int opt_isdir(const char *name)
{
-# if defined(S_ISDIR)
+#if defined(S_ISDIR)
struct stat st;
if (stat(name, &st) == 0)
return S_ISDIR(st.st_mode);
else
return -1;
-# else
+#else
return -1;
-# endif
+#endif
}
#endif
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 9f33c24c4e35..57ee613d6e26 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -20,11 +20,11 @@
#include <openssl/ssl.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
+#include <openssl/dh.h>
#endif
#include "s_apps.h"
-#define COOKIE_SECRET_LENGTH 16
+#define COOKIE_SECRET_LENGTH 16
VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
@@ -34,9 +34,9 @@ static int cookie_initialized = 0;
#endif
static BIO *bio_keylog = NULL;
-static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
+static const char *lookup(int val, const STRINT_PAIR *list, const char *def)
{
- for ( ; list->name; ++list)
+ for (; list->name; ++list)
if (list->retval == val)
return list->name;
return def;
@@ -55,8 +55,8 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err, "depth=%d ", depth);
if (err_cert != NULL) {
X509_NAME_print_ex(bio_err,
- X509_get_subject_name(err_cert),
- 0, get_nameopt());
+ X509_get_subject_name(err_cert),
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
} else {
BIO_puts(bio_err, "<no cert>\n");
@@ -64,7 +64,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
}
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
- X509_verify_cert_error_string(err));
+ X509_verify_cert_error_string(err));
if (verify_args.depth < 0 || verify_args.depth >= depth) {
if (!verify_args.return_error)
ok = 1;
@@ -79,7 +79,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (err_cert != NULL) {
BIO_puts(bio_err, "issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
- 0, get_nameopt());
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
}
break;
@@ -115,9 +115,10 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
if (SSL_CTX_use_certificate_file(ctx, cert_file,
- SSL_FILETYPE_PEM) <= 0) {
+ SSL_FILETYPE_PEM)
+ <= 0) {
BIO_printf(bio_err, "unable to get certificate from '%s'\n",
- cert_file);
+ cert_file);
ERR_print_errors(bio_err);
return 0;
}
@@ -125,7 +126,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
key_file = cert_file;
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err, "unable to get private key from '%s'\n",
- key_file);
+ key_file);
ERR_print_errors(bio_err);
return 0;
}
@@ -141,7 +142,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
*/
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
- "Private key does not match the certificate public key\n");
+ "Private key does not match the certificate public key\n");
return 0;
}
}
@@ -149,7 +150,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
}
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
- STACK_OF(X509) *chain, int build_chain)
+ STACK_OF(X509) *chain, int build_chain)
{
int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
@@ -172,7 +173,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
*/
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
- "Private key does not match the certificate public key\n");
+ "Private key does not match the certificate public key\n");
return 0;
}
if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
@@ -189,16 +190,16 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
}
static STRINT_PAIR cert_type_list[] = {
- {"RSA sign", TLS_CT_RSA_SIGN},
- {"DSA sign", TLS_CT_DSS_SIGN},
- {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
- {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
- {"ECDSA sign", TLS_CT_ECDSA_SIGN},
- {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
- {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
- {"GOST01 Sign", TLS_CT_GOST01_SIGN},
- {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN},
- {NULL}
+ { "RSA sign", TLS_CT_RSA_SIGN },
+ { "DSA sign", TLS_CT_DSS_SIGN },
+ { "RSA fixed DH", TLS_CT_RSA_FIXED_DH },
+ { "DSS fixed DH", TLS_CT_DSS_FIXED_DH },
+ { "ECDSA sign", TLS_CT_ECDSA_SIGN },
+ { "RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH },
+ { "ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH },
+ { "GOST01 Sign", TLS_CT_GOST01_SIGN },
+ { "GOST12 Sign", TLS_CT_GOST12_IANA_SIGN },
+ { NULL }
};
static void ssl_print_client_cert_types(BIO *bio, SSL *s)
@@ -283,7 +284,7 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
const char *sstr = NULL;
if (shared)
SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
- &rsign, &rhash);
+ &rsign, &rhash);
else
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i)
@@ -366,7 +367,6 @@ int ssl_print_point_formats(BIO *out, SSL *s)
default:
BIO_printf(out, "unknown(%d)", (int)*pformats);
break;
-
}
}
BIO_puts(out, "\n");
@@ -426,28 +426,26 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key));
break;
#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- {
- char name[80];
- size_t name_len;
+ case EVP_PKEY_EC: {
+ char name[80];
+ size_t name_len;
- if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
- name, sizeof(name), &name_len))
- strcpy(name, "?");
- BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key));
- }
- break;
+ if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
+ name, sizeof(name), &name_len))
+ strcpy(name, "?");
+ BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key));
+ } break;
#endif
default:
BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)),
- EVP_PKEY_get_bits(key));
+ EVP_PKEY_get_bits(key));
}
EVP_PKEY_free(key);
return 1;
}
long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
- int argi, long argl, int ret, size_t *processed)
+ int argi, long argl, int ret, size_t *processed)
{
BIO *out;
@@ -458,20 +456,20 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
if (ret > 0 && processed != NULL) {
BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n",
- (void *)bio, (void *)argp, len, *processed, *processed);
+ (void *)bio, (void *)argp, len, *processed, *processed);
BIO_dump(out, argp, (int)*processed);
} else {
BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n",
- (void *)bio, (void *)argp, len, ret);
+ (void *)bio, (void *)argp, len, ret);
}
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
if (ret > 0 && processed != NULL) {
BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n",
- (void *)bio, (void *)argp, len, *processed, *processed);
+ (void *)bio, (void *)argp, len, *processed, *processed);
BIO_dump(out, argp, (int)*processed);
} else {
BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n",
- (void *)bio, (void *)argp, len, ret);
+ (void *)bio, (void *)argp, len, ret);
}
}
return ret;
@@ -496,108 +494,103 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret)
} else if (where & SSL_CB_ALERT) {
str = (where & SSL_CB_READ) ? "read" : "write";
BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
- str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
} else if (where & SSL_CB_EXIT) {
if (ret == 0)
BIO_printf(bio_err, "%s:failed in %s\n",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long(s));
else if (ret < 0)
BIO_printf(bio_err, "%s:error in %s\n",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long(s));
}
}
static STRINT_PAIR ssl_versions[] = {
- {"SSL 3.0", SSL3_VERSION},
- {"TLS 1.0", TLS1_VERSION},
- {"TLS 1.1", TLS1_1_VERSION},
- {"TLS 1.2", TLS1_2_VERSION},
- {"TLS 1.3", TLS1_3_VERSION},
- {"DTLS 1.0", DTLS1_VERSION},
- {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
- {NULL}
+ { "SSL 3.0", SSL3_VERSION },
+ { "TLS 1.0", TLS1_VERSION },
+ { "TLS 1.1", TLS1_1_VERSION },
+ { "TLS 1.2", TLS1_2_VERSION },
+ { "TLS 1.3", TLS1_3_VERSION },
+ { "DTLS 1.0", DTLS1_VERSION },
+ { "DTLS 1.0 (bad)", DTLS1_BAD_VER },
+ { NULL }
};
static STRINT_PAIR alert_types[] = {
- {" close_notify", 0},
- {" end_of_early_data", 1},
- {" unexpected_message", 10},
- {" bad_record_mac", 20},
- {" decryption_failed", 21},
- {" record_overflow", 22},
- {" decompression_failure", 30},
- {" handshake_failure", 40},
- {" bad_certificate", 42},
- {" unsupported_certificate", 43},
- {" certificate_revoked", 44},
- {" certificate_expired", 45},
- {" certificate_unknown", 46},
- {" illegal_parameter", 47},
- {" unknown_ca", 48},
- {" access_denied", 49},
- {" decode_error", 50},
- {" decrypt_error", 51},
- {" export_restriction", 60},
- {" protocol_version", 70},
- {" insufficient_security", 71},
- {" internal_error", 80},
- {" inappropriate_fallback", 86},
- {" user_canceled", 90},
- {" no_renegotiation", 100},
- {" missing_extension", 109},
- {" unsupported_extension", 110},
- {" certificate_unobtainable", 111},
- {" unrecognized_name", 112},
- {" bad_certificate_status_response", 113},
- {" bad_certificate_hash_value", 114},
- {" unknown_psk_identity", 115},
- {" certificate_required", 116},
- {NULL}
+ { " close_notify", 0 },
+ { " end_of_early_data", 1 },
+ { " unexpected_message", 10 },
+ { " bad_record_mac", 20 },
+ { " decryption_failed", 21 },
+ { " record_overflow", 22 },
+ { " decompression_failure", 30 },
+ { " handshake_failure", 40 },
+ { " bad_certificate", 42 },
+ { " unsupported_certificate", 43 },
+ { " certificate_revoked", 44 },
+ { " certificate_expired", 45 },
+ { " certificate_unknown", 46 },
+ { " illegal_parameter", 47 },
+ { " unknown_ca", 48 },
+ { " access_denied", 49 },
+ { " decode_error", 50 },
+ { " decrypt_error", 51 },
+ { " export_restriction", 60 },
+ { " protocol_version", 70 },
+ { " insufficient_security", 71 },
+ { " internal_error", 80 },
+ { " inappropriate_fallback", 86 },
+ { " user_canceled", 90 },
+ { " no_renegotiation", 100 },
+ { " missing_extension", 109 },
+ { " unsupported_extension", 110 },
+ { " certificate_unobtainable", 111 },
+ { " unrecognized_name", 112 },
+ { " bad_certificate_status_response", 113 },
+ { " bad_certificate_hash_value", 114 },
+ { " unknown_psk_identity", 115 },
+ { " certificate_required", 116 },
+ { NULL }
};
static STRINT_PAIR handshakes[] = {
- {", HelloRequest", SSL3_MT_HELLO_REQUEST},
- {", ClientHello", SSL3_MT_CLIENT_HELLO},
- {", ServerHello", SSL3_MT_SERVER_HELLO},
- {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
- {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
- {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
- {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
- {", Certificate", SSL3_MT_CERTIFICATE},
- {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
- {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
- {", ServerHelloDone", SSL3_MT_SERVER_DONE},
- {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
- {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
- {", Finished", SSL3_MT_FINISHED},
- {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
- {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
- {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
- {", KeyUpdate", SSL3_MT_KEY_UPDATE},
+ { ", HelloRequest", SSL3_MT_HELLO_REQUEST },
+ { ", ClientHello", SSL3_MT_CLIENT_HELLO },
+ { ", ServerHello", SSL3_MT_SERVER_HELLO },
+ { ", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST },
+ { ", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET },
+ { ", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA },
+ { ", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS },
+ { ", Certificate", SSL3_MT_CERTIFICATE },
+ { ", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE },
+ { ", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST },
+ { ", ServerHelloDone", SSL3_MT_SERVER_DONE },
+ { ", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY },
+ { ", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE },
+ { ", Finished", SSL3_MT_FINISHED },
+ { ", CertificateUrl", SSL3_MT_CERTIFICATE_URL },
+ { ", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS },
+ { ", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA },
+ { ", KeyUpdate", SSL3_MT_KEY_UPDATE },
#ifndef OPENSSL_NO_NEXTPROTONEG
- {", NextProto", SSL3_MT_NEXT_PROTO},
+ { ", NextProto", SSL3_MT_NEXT_PROTO },
#endif
- {", MessageHash", SSL3_MT_MESSAGE_HASH},
- {NULL}
+ { ", MessageHash", SSL3_MT_MESSAGE_HASH },
+ { NULL }
};
void msg_cb(int write_p, int version, int content_type, const void *buf,
- size_t len, SSL *ssl, void *arg)
+ size_t len, SSL *ssl, void *arg)
{
BIO *bio = arg;
const char *str_write_p = write_p ? ">>>" : "<<<";
char tmpbuf[128];
const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = "";
- const unsigned char* bp = buf;
+ const unsigned char *bp = buf;
- if (version == SSL3_VERSION ||
- version == TLS1_VERSION ||
- version == TLS1_1_VERSION ||
- version == TLS1_2_VERSION ||
- version == TLS1_3_VERSION ||
- version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+ if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
str_version = lookup(version, ssl_versions, "???");
switch (content_type) {
case SSL3_RT_CHANGE_CIPHER_SPEC:
@@ -640,17 +633,17 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
str_content_type = ", InnerContent";
break;
default:
- BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, ", Unknown (content_type=%d)", content_type);
+ BIO_snprintf(tmpbuf, sizeof(tmpbuf) - 1, ", Unknown (content_type=%d)", content_type);
str_content_type = tmpbuf;
}
} else {
- BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type);
+ BIO_snprintf(tmpbuf, sizeof(tmpbuf) - 1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type);
str_version = tmpbuf;
}
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
- str_content_type, (unsigned long)len, str_details1,
- str_details2);
+ str_content_type, (unsigned long)len, str_details1,
+ str_details2);
if (len > 0) {
size_t num, i;
@@ -670,110 +663,110 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
}
static const STRINT_PAIR tlsext_types[] = {
- {"server name", TLSEXT_TYPE_server_name},
- {"max fragment length", TLSEXT_TYPE_max_fragment_length},
- {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
- {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
- {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
- {"status request", TLSEXT_TYPE_status_request},
- {"user mapping", TLSEXT_TYPE_user_mapping},
- {"client authz", TLSEXT_TYPE_client_authz},
- {"server authz", TLSEXT_TYPE_server_authz},
- {"cert type", TLSEXT_TYPE_cert_type},
- {"supported_groups", TLSEXT_TYPE_supported_groups},
- {"EC point formats", TLSEXT_TYPE_ec_point_formats},
- {"SRP", TLSEXT_TYPE_srp},
- {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
- {"use SRTP", TLSEXT_TYPE_use_srtp},
- {"session ticket", TLSEXT_TYPE_session_ticket},
- {"renegotiation info", TLSEXT_TYPE_renegotiate},
- {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
- {"TLS padding", TLSEXT_TYPE_padding},
+ { "server name", TLSEXT_TYPE_server_name },
+ { "max fragment length", TLSEXT_TYPE_max_fragment_length },
+ { "client certificate URL", TLSEXT_TYPE_client_certificate_url },
+ { "trusted CA keys", TLSEXT_TYPE_trusted_ca_keys },
+ { "truncated HMAC", TLSEXT_TYPE_truncated_hmac },
+ { "status request", TLSEXT_TYPE_status_request },
+ { "user mapping", TLSEXT_TYPE_user_mapping },
+ { "client authz", TLSEXT_TYPE_client_authz },
+ { "server authz", TLSEXT_TYPE_server_authz },
+ { "cert type", TLSEXT_TYPE_cert_type },
+ { "supported_groups", TLSEXT_TYPE_supported_groups },
+ { "EC point formats", TLSEXT_TYPE_ec_point_formats },
+ { "SRP", TLSEXT_TYPE_srp },
+ { "signature algorithms", TLSEXT_TYPE_signature_algorithms },
+ { "use SRTP", TLSEXT_TYPE_use_srtp },
+ { "session ticket", TLSEXT_TYPE_session_ticket },
+ { "renegotiation info", TLSEXT_TYPE_renegotiate },
+ { "signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp },
+ { "TLS padding", TLSEXT_TYPE_padding },
#ifdef TLSEXT_TYPE_next_proto_neg
- {"next protocol", TLSEXT_TYPE_next_proto_neg},
+ { "next protocol", TLSEXT_TYPE_next_proto_neg },
#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac
- {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
+ { "encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac },
#endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
- {"application layer protocol negotiation",
- TLSEXT_TYPE_application_layer_protocol_negotiation},
+ { "application layer protocol negotiation",
+ TLSEXT_TYPE_application_layer_protocol_negotiation },
#endif
#ifdef TLSEXT_TYPE_extended_master_secret
- {"extended master secret", TLSEXT_TYPE_extended_master_secret},
+ { "extended master secret", TLSEXT_TYPE_extended_master_secret },
#endif
- {"key share", TLSEXT_TYPE_key_share},
- {"supported versions", TLSEXT_TYPE_supported_versions},
- {"psk", TLSEXT_TYPE_psk},
- {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
- {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
- {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
- {"early_data", TLSEXT_TYPE_early_data},
- {NULL}
+ { "key share", TLSEXT_TYPE_key_share },
+ { "supported versions", TLSEXT_TYPE_supported_versions },
+ { "psk", TLSEXT_TYPE_psk },
+ { "psk kex modes", TLSEXT_TYPE_psk_kex_modes },
+ { "certificate authorities", TLSEXT_TYPE_certificate_authorities },
+ { "post handshake auth", TLSEXT_TYPE_post_handshake_auth },
+ { "early_data", TLSEXT_TYPE_early_data },
+ { NULL }
};
/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
static STRINT_PAIR signature_tls13_scheme_list[] = {
- {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
- {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
-/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
-/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
- {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
- {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
- {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
- {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
- {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
- {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
- {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
- {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
- {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
- {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */},
- {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */},
- {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
- {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
- {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
- {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
- {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
- {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
- {NULL}
+ { "rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */ },
+ { "ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */ },
+ /* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
+ /* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
+ { "rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */ },
+ { "ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */ },
+ { "rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */ },
+ { "ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */ },
+ { "rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */ },
+ { "ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */ },
+ { "rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */ },
+ { "rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */ },
+ { "rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */ },
+ { "ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */ },
+ { "ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */ },
+ { "rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */ },
+ { "rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */ },
+ { "rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */ },
+ { "gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */ },
+ { "gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */ },
+ { "gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */ },
+ { NULL }
};
/* from rfc5246 7.4.1.4.1. */
static STRINT_PAIR signature_tls12_alg_list[] = {
- {"anonymous", TLSEXT_signature_anonymous /* 0 */},
- {"RSA", TLSEXT_signature_rsa /* 1 */},
- {"DSA", TLSEXT_signature_dsa /* 2 */},
- {"ECDSA", TLSEXT_signature_ecdsa /* 3 */},
- {NULL}
+ { "anonymous", TLSEXT_signature_anonymous /* 0 */ },
+ { "RSA", TLSEXT_signature_rsa /* 1 */ },
+ { "DSA", TLSEXT_signature_dsa /* 2 */ },
+ { "ECDSA", TLSEXT_signature_ecdsa /* 3 */ },
+ { NULL }
};
/* from rfc5246 7.4.1.4.1. */
static STRINT_PAIR signature_tls12_hash_list[] = {
- {"none", TLSEXT_hash_none /* 0 */},
- {"MD5", TLSEXT_hash_md5 /* 1 */},
- {"SHA1", TLSEXT_hash_sha1 /* 2 */},
- {"SHA224", TLSEXT_hash_sha224 /* 3 */},
- {"SHA256", TLSEXT_hash_sha256 /* 4 */},
- {"SHA384", TLSEXT_hash_sha384 /* 5 */},
- {"SHA512", TLSEXT_hash_sha512 /* 6 */},
- {NULL}
+ { "none", TLSEXT_hash_none /* 0 */ },
+ { "MD5", TLSEXT_hash_md5 /* 1 */ },
+ { "SHA1", TLSEXT_hash_sha1 /* 2 */ },
+ { "SHA224", TLSEXT_hash_sha224 /* 3 */ },
+ { "SHA256", TLSEXT_hash_sha256 /* 4 */ },
+ { "SHA384", TLSEXT_hash_sha384 /* 5 */ },
+ { "SHA512", TLSEXT_hash_sha512 /* 6 */ },
+ { NULL }
};
void tlsext_cb(SSL *s, int client_server, int type,
- const unsigned char *data, int len, void *arg)
+ const unsigned char *data, int len, void *arg)
{
BIO *bio = arg;
const char *extname = lookup(type, tlsext_types, "unknown");
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
- client_server ? "server" : "client", extname, type, len);
+ client_server ? "server" : "client", extname, type, len);
BIO_dump(bio, (const char *)data, len);
(void)BIO_flush(bio);
}
#ifndef OPENSSL_NO_SOCK
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
- size_t *cookie_len)
+ size_t *cookie_len)
{
unsigned char *buffer = NULL;
size_t length = 0;
@@ -815,13 +808,15 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
buffer = app_malloc(length, "cookie generate buffer");
memcpy(buffer, &port, sizeof(port));
- BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
+ if (!BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL))
+ goto end;
if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL,
- cookie_secret, COOKIE_SECRET_LENGTH, buffer, length,
- cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) {
+ cookie_secret, COOKIE_SECRET_LENGTH, buffer, length,
+ cookie, DTLS1_COOKIE_LENGTH, cookie_len)
+ == NULL) {
BIO_printf(bio_err,
- "Error calculating HMAC-SHA1 of buffer with secret\n");
+ "Error calculating HMAC-SHA1 of buffer with secret\n");
goto end;
}
res = 1;
@@ -833,7 +828,7 @@ end:
}
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
- size_t cookie_len)
+ size_t cookie_len)
{
unsigned char result[EVP_MAX_MD_SIZE];
size_t resultlength;
@@ -850,7 +845,7 @@ int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
}
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len)
+ unsigned int *cookie_len)
{
size_t temp = 0;
int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
@@ -861,7 +856,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
}
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
- unsigned int cookie_len)
+ unsigned int cookie_len)
{
return verify_stateless_cookie_callback(ssl, cookie, cookie_len);
}
@@ -890,16 +885,16 @@ struct ssl_excert_st {
};
static STRINT_PAIR chain_flags[] = {
- {"Overall Validity", CERT_PKEY_VALID},
- {"Sign with EE key", CERT_PKEY_SIGN},
- {"EE signature", CERT_PKEY_EE_SIGNATURE},
- {"CA signature", CERT_PKEY_CA_SIGNATURE},
- {"EE key parameters", CERT_PKEY_EE_PARAM},
- {"CA key parameters", CERT_PKEY_CA_PARAM},
- {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
- {"Issuer Name", CERT_PKEY_ISSUER_NAME},
- {"Certificate Type", CERT_PKEY_CERT_TYPE},
- {NULL}
+ { "Overall Validity", CERT_PKEY_VALID },
+ { "Sign with EE key", CERT_PKEY_SIGN },
+ { "EE signature", CERT_PKEY_EE_SIGNATURE },
+ { "CA signature", CERT_PKEY_CA_SIGNATURE },
+ { "EE key parameters", CERT_PKEY_EE_PARAM },
+ { "CA key parameters", CERT_PKEY_CA_PARAM },
+ { "Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN },
+ { "Issuer Name", CERT_PKEY_ISSUER_NAME },
+ { "Certificate Type", CERT_PKEY_CERT_TYPE },
+ { NULL }
};
static void print_chain_flags(SSL *s, int flags)
@@ -908,8 +903,8 @@ static void print_chain_flags(SSL *s, int flags)
for (pp = chain_flags; pp->name; ++pp)
BIO_printf(bio_err, "\t%s: %s\n",
- pp->name,
- (flags & pp->retval) ? "OK" : "NOT OK");
+ pp->name,
+ (flags & pp->retval) ? "OK" : "NOT OK");
BIO_printf(bio_err, "\tSuite B: ");
if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
@@ -931,8 +926,8 @@ static int set_cert_cb(SSL *ssl, void *arg)
if (retry_cnt < 5) {
retry_cnt++;
BIO_printf(bio_err,
- "Certificate callback retry test: count %d\n",
- retry_cnt);
+ "Certificate callback retry test: count %d\n",
+ retry_cnt);
return -1;
}
#endif
@@ -955,12 +950,12 @@ static int set_cert_cb(SSL *ssl, void *arg)
rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
- get_nameopt());
+ get_nameopt());
BIO_puts(bio_err, "\n");
print_chain_flags(ssl, rv);
if (rv & CERT_PKEY_VALID) {
if (!SSL_use_certificate(ssl, exc->cert)
- || !SSL_use_PrivateKey(ssl, exc->key)) {
+ || !SSL_use_PrivateKey(ssl, exc->key)) {
return 0;
}
/*
@@ -1004,7 +999,6 @@ static int ssl_excert_prepend(SSL_EXCERT **pexc)
exc->keyform = FORMAT_PEM;
}
return 1;
-
}
void ssl_excert_free(SSL_EXCERT *exc)
@@ -1041,15 +1035,15 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
}
exc->cert = load_cert(exc->certfile, exc->certform,
- "Server Certificate");
+ "Server Certificate");
if (exc->cert == NULL)
return 0;
if (exc->keyfile != NULL) {
exc->key = load_key(exc->keyfile, exc->keyform,
- 0, NULL, NULL, "server key");
+ 0, NULL, NULL, "server key");
} else {
exc->key = load_key(exc->certfile, exc->certform,
- 0, NULL, NULL, "server key");
+ 0, NULL, NULL, "server key");
}
if (exc->key == NULL)
return 0;
@@ -1073,7 +1067,7 @@ int args_excert(int opt, SSL_EXCERT **pexc)
if (exc == NULL) {
if (!ssl_excert_prepend(&exc)) {
BIO_printf(bio_err, " %s: Error initialising xcert\n",
- opt_getprog());
+ opt_getprog());
goto err;
}
*pexc = exc;
@@ -1101,7 +1095,7 @@ int args_excert(int opt, SSL_EXCERT **pexc)
case OPT_X_CHAIN:
if (exc->chainfile != NULL) {
BIO_printf(bio_err, "%s: Chain already specified\n",
- opt_getprog());
+ opt_getprog());
goto err;
}
exc->chainfile = opt_arg();
@@ -1120,7 +1114,7 @@ int args_excert(int opt, SSL_EXCERT **pexc)
}
return 1;
- err:
+err:
ERR_print_errors(bio_err);
ssl_excert_free(exc);
*pexc = NULL;
@@ -1166,11 +1160,11 @@ static char *hexencode(const unsigned char *data, size_t len)
char *out;
char *cp;
size_t outlen = 2 * len + 1;
- int ilen = (int) outlen;
+ int ilen = (int)outlen;
if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
- opt_getprog(), len);
+ opt_getprog(), len);
exit(1);
}
cp = out = app_malloc(ilen, "TLSA hex data buffer");
@@ -1222,11 +1216,11 @@ void print_verify_detail(SSL *s, BIO *bio)
else
hexdata = hexencode(data, dlen);
BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
- usage, selector, mtype,
- (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
- (mspki != NULL) ? "signed the certificate" :
- mdpth ? "matched TA certificate" : "matched EE certificate",
- mdpth);
+ usage, selector, mtype,
+ (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
+ (mspki != NULL) ? "signed the certificate" : mdpth ? "matched TA certificate"
+ : "matched EE certificate",
+ mdpth);
OPENSSL_free(hexdata);
}
}
@@ -1247,7 +1241,7 @@ void print_ssl_summary(SSL *s)
BIO_puts(bio_err, "Peer certificate: ");
X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
- 0, get_nameopt());
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
if (SSL_get_peer_signature_nid(s, &nid))
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
@@ -1270,7 +1264,7 @@ void print_ssl_summary(SSL *s)
}
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
- SSL_CTX *ctx)
+ SSL_CTX *ctx)
{
int i;
@@ -1281,7 +1275,7 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n",
- flag, arg == NULL ? "<NULL>" : arg);
+ flag, arg == NULL ? "<NULL>" : arg);
ERR_print_errors(bio_err);
return 0;
}
@@ -1319,11 +1313,11 @@ int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
}
int ssl_load_stores(SSL_CTX *ctx,
- const char *vfyCApath, const char *vfyCAfile,
- const char *vfyCAstore,
- const char *chCApath, const char *chCAfile,
- const char *chCAstore,
- STACK_OF(X509_CRL) *crls, int crl_download)
+ const char *vfyCApath, const char *vfyCAfile,
+ const char *vfyCAstore,
+ const char *chCApath, const char *chCAfile,
+ const char *chCAstore,
+ STACK_OF(X509_CRL) *crls, int crl_download)
{
X509_STORE *vfy = NULL, *ch = NULL;
int rv = 0;
@@ -1358,7 +1352,7 @@ int ssl_load_stores(SSL_CTX *ctx,
goto err;
}
rv = 1;
- err:
+err:
X509_STORE_free(vfy);
X509_STORE_free(ch);
return rv;
@@ -1369,38 +1363,38 @@ int ssl_load_stores(SSL_CTX *ctx,
typedef struct {
BIO *out;
int verbose;
- int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
- void *other, void *ex);
+ int (*old_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+ void *other, void *ex);
} security_debug_ex;
static STRINT_PAIR callback_types[] = {
- {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
- {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
- {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
+ { "Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED },
+ { "Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED },
+ { "Check Ciphersuite", SSL_SECOP_CIPHER_CHECK },
#ifndef OPENSSL_NO_DH
- {"Temp DH key bits", SSL_SECOP_TMP_DH},
+ { "Temp DH key bits", SSL_SECOP_TMP_DH },
#endif
- {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
- {"Shared Curve", SSL_SECOP_CURVE_SHARED},
- {"Check Curve", SSL_SECOP_CURVE_CHECK},
- {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
- {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
- {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
- {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
- {"Certificate chain EE key", SSL_SECOP_EE_KEY},
- {"Certificate chain CA key", SSL_SECOP_CA_KEY},
- {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
- {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
- {"Certificate chain CA digest", SSL_SECOP_CA_MD},
- {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
- {"SSL compression", SSL_SECOP_COMPRESSION},
- {"Session ticket", SSL_SECOP_TICKET},
- {NULL}
+ { "Supported Curve", SSL_SECOP_CURVE_SUPPORTED },
+ { "Shared Curve", SSL_SECOP_CURVE_SHARED },
+ { "Check Curve", SSL_SECOP_CURVE_CHECK },
+ { "Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED },
+ { "Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED },
+ { "Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK },
+ { "Signature Algorithm mask", SSL_SECOP_SIGALG_MASK },
+ { "Certificate chain EE key", SSL_SECOP_EE_KEY },
+ { "Certificate chain CA key", SSL_SECOP_CA_KEY },
+ { "Peer Chain EE key", SSL_SECOP_PEER_EE_KEY },
+ { "Peer Chain CA key", SSL_SECOP_PEER_CA_KEY },
+ { "Certificate chain CA digest", SSL_SECOP_CA_MD },
+ { "Peer chain CA digest", SSL_SECOP_PEER_CA_MD },
+ { "SSL compression", SSL_SECOP_COMPRESSION },
+ { "Session ticket", SSL_SECOP_TICKET },
+ { NULL }
};
static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
- int op, int bits, int nid,
- void *other, void *ex)
+ int op, int bits, int nid,
+ void *other, void *ex)
{
security_debug_ex *sdb = ex;
int rv, show_bits = 1, cert_md = 0;
@@ -1446,66 +1440,61 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
break;
#ifndef OPENSSL_NO_EC
- case SSL_SECOP_OTHER_CURVE:
- {
- const char *cname;
- cname = EC_curve_nid2nist(nid);
- if (cname == NULL)
- cname = OBJ_nid2sn(nid);
- BIO_puts(sdb->out, cname);
- }
- break;
+ case SSL_SECOP_OTHER_CURVE: {
+ const char *cname;
+ cname = EC_curve_nid2nist(nid);
+ if (cname == NULL)
+ cname = OBJ_nid2sn(nid);
+ BIO_puts(sdb->out, cname);
+ } break;
#endif
- case SSL_SECOP_OTHER_CERT:
- {
- if (cert_md) {
- int sig_nid = X509_get_signature_nid(other);
+ case SSL_SECOP_OTHER_CERT: {
+ if (cert_md) {
+ int sig_nid = X509_get_signature_nid(other);
- BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
- } else {
- EVP_PKEY *pkey = X509_get0_pubkey(other);
+ BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
+ } else {
+ EVP_PKEY *pkey = X509_get0_pubkey(other);
- if (pkey == NULL) {
- BIO_printf(sdb->out, "Public key missing");
- } else {
- const char *algname = "";
+ if (pkey == NULL) {
+ BIO_printf(sdb->out, "Public key missing");
+ } else {
+ const char *algname = "";
- EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
- &algname, EVP_PKEY_get0_asn1(pkey));
- BIO_printf(sdb->out, "%s, bits=%d",
- algname, EVP_PKEY_get_bits(pkey));
- }
+ EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
+ &algname, EVP_PKEY_get0_asn1(pkey));
+ BIO_printf(sdb->out, "%s, bits=%d",
+ algname, EVP_PKEY_get_bits(pkey));
}
- break;
}
- case SSL_SECOP_OTHER_SIGALG:
- {
- const unsigned char *salg = other;
- const char *sname = NULL;
- int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
- /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
+ break;
+ }
+ case SSL_SECOP_OTHER_SIGALG: {
+ const unsigned char *salg = other;
+ const char *sname = NULL;
+ int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
+ /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
- if (nm != NULL)
- BIO_printf(sdb->out, "%s", nm);
- else
- BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
+ if (nm != NULL)
+ BIO_printf(sdb->out, "%s", nm);
+ else
+ BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
- sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
- if (sname != NULL) {
- BIO_printf(sdb->out, " scheme=%s", sname);
- } else {
- int alg_code = salg[1];
- int hash_code = salg[0];
- const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
- const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
+ sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
+ if (sname != NULL) {
+ BIO_printf(sdb->out, " scheme=%s", sname);
+ } else {
+ int alg_code = salg[1];
+ int hash_code = salg[0];
+ const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
+ const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
- if (alg_str != NULL && hash_str != NULL)
- BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
- else
- BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
- }
+ if (alg_str != NULL && hash_str != NULL)
+ BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
+ else
+ BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
}
-
+ }
}
if (show_bits)
@@ -1565,7 +1554,7 @@ int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
/* Write a header for seekable, empty files (this excludes pipes). */
if (BIO_tell(bio_keylog) == 0) {
BIO_puts(bio_keylog,
- "# SSL/TLS secrets log file, generated by OpenSSL\n");
+ "# SSL/TLS secrets log file, generated by OpenSSL\n");
(void)BIO_flush(bio_keylog);
}
SSL_CTX_set_keylog_callback(ctx, keylog_callback);
@@ -1584,7 +1573,7 @@ void print_ca_names(BIO *bio, SSL *s)
return;
}
- BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
+ BIO_printf(bio, "---\nAcceptable %s certificate CA names\n", cs);
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
BIO_write(bio, "\n", 1);
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 8c6020d01692..d9b73b82429a 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,33 +22,33 @@
* needed to have fileno() declared correctly... So let's define u_int
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-# define __U_INT
+#define __U_INT
typedef unsigned int u_int;
#endif
#ifdef _WIN32
-# include <process.h>
+#include <process.h>
/* MSVC renamed some POSIX functions to have an underscore prefix. */
-# ifdef _MSC_VER
-# define getpid _getpid
-# endif
+#ifdef _MSC_VER
+#define getpid _getpid
+#endif
#endif
#ifndef OPENSSL_NO_SOCK
-# include "apps.h"
-# include "s_apps.h"
-# include "internal/sockets.h"
+#include "apps.h"
+#include "s_apps.h"
+#include "internal/sockets.h"
-# if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_read)>
-# endif
-# endif
+#if defined(__TANDEM)
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_read)>
+#endif
+#endif
-# include <openssl/bio.h>
-# include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
/* Keep track of our peer's address for the cookie callback */
BIO_ADDR *ourpeer = NULL;
@@ -75,8 +75,8 @@ BIO_ADDR *ourpeer = NULL;
* Returns 1 on success, 0 on failure.
*/
int init_client(int *sock, const char *host, const char *port,
- const char *bindhost, const char *bindport,
- int family, int type, int protocol)
+ const char *bindhost, const char *bindport,
+ int family, int type, int protocol)
{
BIO_ADDRINFO *res = NULL;
BIO_ADDRINFO *bindaddr = NULL;
@@ -89,7 +89,7 @@ int init_client(int *sock, const char *host, const char *port,
return 0;
ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
- &res);
+ &res);
if (ret == 0) {
ERR_print_errors(bio_err);
return 0;
@@ -97,9 +97,9 @@ int init_client(int *sock, const char *host, const char *port,
if (bindhost != NULL || bindport != NULL) {
ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
- family, type, protocol, &bindaddr);
+ family, type, protocol, &bindaddr);
if (ret == 0) {
- ERR_print_errors (bio_err);
+ ERR_print_errors(bio_err);
goto out;
}
}
@@ -110,10 +110,10 @@ int init_client(int *sock, const char *host, const char *port,
* anything in the BIO_ADDRINFO chain that we haven't
* asked for. */
OPENSSL_assert((family == AF_UNSPEC
- || family == BIO_ADDRINFO_family(ai))
- && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
- && (protocol == 0
- || protocol == BIO_ADDRINFO_protocol(ai)));
+ || family == BIO_ADDRINFO_family(ai))
+ && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
+ && (protocol == 0
+ || protocol == BIO_ADDRINFO_protocol(ai)));
if (bindaddr != NULL) {
for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
@@ -126,7 +126,7 @@ int init_client(int *sock, const char *host, const char *port,
}
*sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
- BIO_ADDRINFO_protocol(ai), 0);
+ BIO_ADDRINFO_protocol(ai), 0);
if (*sock == INVALID_SOCKET) {
/* Maybe the kernel doesn't support the socket family, even if
* BIO_lookup() added it in the returned result...
@@ -136,7 +136,7 @@ int init_client(int *sock, const char *host, const char *port,
if (bi != NULL) {
if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
- BIO_SOCK_REUSEADDR)) {
+ BIO_SOCK_REUSEADDR)) {
BIO_closesocket(*sock);
*sock = INVALID_SOCKET;
break;
@@ -154,15 +154,16 @@ int init_client(int *sock, const char *host, const char *port,
BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
if (tmpbio == NULL) {
- ERR_print_errors(bio_err);
- return 0;
+ BIO_closesocket(*sock);
+ *sock = INVALID_SOCKET;
+ continue;
}
BIO_free(tmpbio);
}
#endif
if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
- BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+ BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
BIO_closesocket(*sock);
*sock = INVALID_SOCKET;
continue;
@@ -176,13 +177,14 @@ int init_client(int *sock, const char *host, const char *port,
if (bindaddr != NULL && !found) {
BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
#ifdef AF_INET6
- BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
+ BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
#endif
- BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
- BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
- bindhost != NULL ? bindhost : "",
- bindport != NULL ? ":" : "",
- bindport != NULL ? bindport : "");
+ BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 "
+ : BIO_ADDRINFO_family(res) == AF_UNIX ? "unix "
+ : "",
+ bindhost != NULL ? bindhost : "",
+ bindport != NULL ? ":" : "",
+ bindport != NULL ? bindport : "");
ERR_clear_error();
ret = 0;
}
@@ -194,7 +196,7 @@ int init_client(int *sock, const char *host, const char *port,
}
out:
if (bindaddr != NULL) {
- BIO_ADDRINFO_free (bindaddr);
+ BIO_ADDRINFO_free(bindaddr);
}
BIO_ADDRINFO_free(res);
return ret;
@@ -216,10 +218,11 @@ int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
&& (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
&& (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) {
success = BIO_printf(out,
- strchr(hostname, ':') == NULL
- ? /* IPv4 */ " %s:%s"
- : /* IPv6 */ " [%s]:%s",
- hostname, service) > 0;
+ strchr(hostname, ':') == NULL
+ ? /* IPv4 */ " %s:%s"
+ : /* IPv6 */ " [%s]:%s",
+ hostname, service)
+ > 0;
} else {
(void)BIO_printf(out, "unknown:error\n");
success = 0;
@@ -257,8 +260,8 @@ int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
* 0 on failure, something other on success.
*/
int do_server(int *accept_sock, const char *host, const char *port,
- int family, int type, int protocol, do_server_cb cb,
- unsigned char *context, int naccept, BIO *bio_s_out)
+ int family, int type, int protocol, do_server_cb cb,
+ unsigned char *context, int naccept, BIO *bio_s_out)
{
int asock = 0;
int sock;
@@ -276,7 +279,7 @@ int do_server(int *accept_sock, const char *host, const char *port,
return 0;
if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
- &res)) {
+ &res)) {
ERR_print_errors(bio_err);
return 0;
}
@@ -284,8 +287,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
/* Admittedly, these checks are quite paranoid, we should not get
* anything in the BIO_ADDRINFO chain that we haven't asked for */
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
- && (type == 0 || type == BIO_ADDRINFO_socktype(res))
- && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
+ && (type == 0 || type == BIO_ADDRINFO_socktype(res))
+ && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
sock_family = BIO_ADDRINFO_family(res);
sock_type = BIO_ADDRINFO_socktype(res);
@@ -296,10 +299,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (sock_family == AF_INET6)
sock_options |= BIO_SOCK_V6_ONLY;
if (next != NULL
- && BIO_ADDRINFO_socktype(next) == sock_type
- && BIO_ADDRINFO_protocol(next) == sock_protocol) {
+ && BIO_ADDRINFO_socktype(next) == sock_type
+ && BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
- && BIO_ADDRINFO_family(next) == AF_INET6) {
+ && BIO_ADDRINFO_family(next) == AF_INET6) {
/* In case AF_INET6 is returned but not supported by the
* kernel, retry with the first detected address family */
sock_family_fallback = sock_family;
@@ -307,7 +310,7 @@ int do_server(int *accept_sock, const char *host, const char *port,
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
- && BIO_ADDRINFO_family(next) == AF_INET) {
+ && BIO_ADDRINFO_family(next) == AF_INET) {
sock_options &= ~BIO_SOCK_V6_ONLY;
}
}
@@ -338,6 +341,7 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
if (tmpbio == NULL) {
+ BIO_ADDRINFO_free(res);
BIO_closesocket(asock);
ERR_print_errors(bio_err);
goto end;
@@ -383,8 +387,6 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (naccept != -1)
naccept--;
- if (naccept == 0)
- BIO_closesocket(asock);
BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context);
@@ -407,12 +409,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
* alerts are passed on...]
*/
timeout.tv_sec = 0;
- timeout.tv_usec = 500000; /* some extreme round-trip */
+ timeout.tv_usec = 500000; /* some extreme round-trip */
do {
FD_ZERO(&readfds);
openssl_fdset(sock, &readfds);
} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
- && readsocket(sock, sink, sizeof(sink)) > 0);
+ && readsocket(sock, sink, sizeof(sink)) > 0);
BIO_closesocket(sock);
} else {
@@ -424,15 +426,16 @@ int do_server(int *accept_sock, const char *host, const char *port,
if (i < 0 || naccept == 0) {
BIO_closesocket(asock);
+ asock = INVALID_SOCKET;
ret = i;
break;
}
}
- end:
-# ifdef AF_UNIX
+end:
+#ifdef AF_UNIX
if (family == AF_UNIX)
unlink(host);
-# endif
+#endif
BIO_ADDR_free(ourpeer);
ourpeer = NULL;
return ret;
@@ -459,4 +462,4 @@ void do_ssl_shutdown(SSL *ssl)
} while (ret < 0);
}
-#endif /* OPENSSL_NO_SOCK */
+#endif /* OPENSSL_NO_SOCK */
diff --git a/apps/lib/tlssrp_depr.c b/apps/lib/tlssrp_depr.c
index 91c19b096e9a..fc3bcf61ab20 100644
--- a/apps/lib/tlssrp_depr.c
+++ b/apps/lib/tlssrp_depr.c
@@ -29,16 +29,11 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
BN_CTX *bn_ctx = BN_CTX_new();
BIGNUM *p = BN_new();
BIGNUM *r = BN_new();
- int ret =
- g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
- BN_check_prime(N, bn_ctx, NULL) == 1 &&
- p != NULL && BN_rshift1(p, N) &&
+ int ret = g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && BN_check_prime(N, bn_ctx, NULL) == 1 && p != NULL && BN_rshift1(p, N) &&
/* p = (N-1)/2 */
- BN_check_prime(p, bn_ctx, NULL) == 1 &&
- r != NULL &&
+ BN_check_prime(p, bn_ctx, NULL) == 1 && r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
- BN_mod_exp(r, g, p, N, bn_ctx) &&
- BN_add_word(r, 1) && BN_cmp(r, N) == 0;
+ BN_mod_exp(r, g, p, N, bn_ctx) && BN_add_word(r, 1) && BN_cmp(r, N) == 0;
BN_free(r);
BN_free(p);
@@ -84,7 +79,7 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg)
if (srp_arg->amp == 1) {
if (srp_arg->debug)
BIO_printf(bio_err,
- "SRP param N and g are not known params, going to check deeper.\n");
+ "SRP param N and g are not known params, going to check deeper.\n");
/*
* The srp_moregroups is a real debugging feature. Implementors
@@ -120,7 +115,7 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
}
int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
- int c_debug)
+ int c_debug)
{
if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg->srplogin)) {
BIO_printf(bio_err, "Unable to set SRP username\n");
@@ -144,7 +139,7 @@ static char *dummy_srp(SSL *ssl, void *arg)
void set_up_dummy_srp(SSL_CTX *ctx)
{
- SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+ SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
}
/*
@@ -157,7 +152,7 @@ void set_up_dummy_srp(SSL_CTX *ctx)
*/
static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
{
- srpsrvparm *p = (srpsrvparm *) arg;
+ srpsrvparm *p = (srpsrvparm *)arg;
int ret = SSL3_AL_FATAL;
if (p->login == NULL && p->user == NULL) {
@@ -171,18 +166,18 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
goto err;
}
- if (SSL_set_srp_server_param
- (s, p->user->N, p->user->g, p->user->s, p->user->v,
- p->user->info) < 0) {
+ if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
+ p->user->info)
+ < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
goto err;
}
BIO_printf(bio_err,
- "SRP parameters set: username = \"%s\" info=\"%s\" \n",
- p->login, p->user->info);
+ "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+ p->login, p->user->info);
ret = SSL_ERROR_NONE;
- err:
+err:
SRP_user_pwd_free(p->user);
p->user = NULL;
p->login = NULL;
@@ -190,7 +185,7 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
}
int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
- char *srpuserseed, char *srp_verifier_file)
+ char *srpuserseed, char *srp_verifier_file)
{
int ret;
@@ -202,12 +197,12 @@ int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
BIO_printf(bio_err, "Failed to initialize SRP verifier file \n");
return 0;
}
- if ((ret =
- SRP_VBASE_init(srp_callback_parm->vb,
- srp_verifier_file)) != SRP_NO_ERROR) {
+ if ((ret = SRP_VBASE_init(srp_callback_parm->vb,
+ srp_verifier_file))
+ != SRP_NO_ERROR) {
BIO_printf(bio_err,
- "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
- srp_verifier_file, ret);
+ "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+ srp_verifier_file, ret);
return 0;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
@@ -221,11 +216,11 @@ void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out)
{
SRP_user_pwd_free(srp_callback_parm->user);
srp_callback_parm->user = SRP_VBASE_get1_by_user(srp_callback_parm->vb,
- srp_callback_parm->login);
+ srp_callback_parm->login);
if (srp_callback_parm->user != NULL)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
- srp_callback_parm->user->info);
+ srp_callback_parm->user->info);
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
}
diff --git a/apps/lib/vms_decc_argv.c b/apps/lib/vms_decc_argv.c
index 031e5afdeca0..5976bcc9e4e0 100644
--- a/apps/lib/vms_decc_argv.c
+++ b/apps/lib/vms_decc_argv.c
@@ -9,7 +9,7 @@
#include <stdlib.h>
#include <openssl/crypto.h>
-#include "platform.h" /* for copy_argv() */
+#include "platform.h" /* for copy_argv() */
char **newargv = NULL;
diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c
index 1a413376b20b..faceb05d0145 100644
--- a/apps/lib/vms_term_sock.c
+++ b/apps/lib/vms_term_sock.c
@@ -9,107 +9,122 @@
*/
#ifdef __VMS
-# define OPENSSL_SYS_VMS
-# pragma message disable DOLLARID
+#define OPENSSL_SYS_VMS
+#pragma message disable DOLLARID
+#include <openssl/opensslconf.h>
-# include <openssl/opensslconf.h>
-
-# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
/*
* On VMS, you need to define this to get the declaration of fileno(). The
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
*/
-# define _POSIX_C_SOURCE 2
-# endif
+#define _POSIX_C_SOURCE 2
+#endif
-# include <stdio.h>
+#include <stdio.h>
-# undef _POSIX_C_SOURCE
+#undef _POSIX_C_SOURCE
-# include <sys/types.h>
-# include <sys/socket.h>
-# include <netinet/in.h>
-# include <inet.h>
-# include <unistd.h>
-# include <string.h>
-# include <errno.h>
-# include <starlet.h>
-# include <iodef.h>
-# ifdef __alpha
-# include <iosbdef.h>
-# else
-typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */
-# pragma __nomember_alignment
- __union {
- __struct {
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <inet.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <starlet.h>
+#include <iodef.h>
+#ifdef __alpha
+#include <iosbdef.h>
+#else
+typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */
+#pragma __nomember_alignment
+ __union
+ {
+ __struct
+ {
unsigned short int iosb$w_status; /* Final I/O status */
- __union {
- __struct { /* 16-bit byte count variant */
+ __union
+ {
+ __struct
+ { /* 16-bit byte count variant */
unsigned short int iosb$w_bcnt; /* 16-bit byte count */
- __union {
+ __union
+ {
unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
unsigned int iosb$l_pid; /* 32-bit pid */
- } iosb$r_l;
- } iosb$r_bcnt_16;
- __struct { /* 32-bit byte count variant */
+ }
+ iosb$r_l;
+ }
+ iosb$r_bcnt_16;
+ __struct
+ { /* 32-bit byte count variant */
unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
- } iosb$r_bcnt_32;
- } iosb$r_devdepend;
- } iosb$r_io_64;
- __struct {
- __union {
+ }
+ iosb$r_bcnt_32;
+ }
+ iosb$r_devdepend;
+ }
+ iosb$r_io_64;
+ __struct
+ {
+ __union
+ {
unsigned int iosb$l_getxxi_status; /* Final GETxxI status */
unsigned int iosb$l_reg_status; /* Final $Registry status */
- } iosb$r_l_status;
+ }
+ iosb$r_l_status;
unsigned int iosb$l_reserved; /* Reserved field */
- } iosb$r_get_64;
- } iosb$r_io_get;
+ }
+ iosb$r_get_64;
+ }
+ iosb$r_io_get;
} IOSB;
-# if !defined(__VAXC)
-# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
-# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
-# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
-# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
-# define iosb$l_pid iosb$r_l.iosb$l_pid
-# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
-# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
-# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
-# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
-# endif /* #if !defined(__VAXC) */
+#if !defined(__VAXC)
+#define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
+#define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
+#define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
+#define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
+#define iosb$l_pid iosb$r_l.iosb$l_pid
+#define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
+#define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
+#define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
+#define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
+#endif /* #if !defined(__VAXC) */
-# endif /* End of IOSBDEF */
+#endif /* End of IOSBDEF */
-# include <efndef.h>
-# include <stdlib.h>
-# include <ssdef.h>
-# include <time.h>
-# include <stdarg.h>
-# include <descrip.h>
+#include <efndef.h>
+#include <stdlib.h>
+#include <ssdef.h>
+#include <time.h>
+#include <stdarg.h>
+#include <descrip.h>
-# include "vms_term_sock.h"
+#include "vms_term_sock.h"
-# ifdef __alpha
+#ifdef __alpha
static struct _iosb TerminalDeviceIosb;
-# else
+#else
IOSB TerminalDeviceIosb;
-# endif
+#endif
static char TerminalDeviceBuff[255 + 2];
-static int TerminalSocketPair[2] = {0, 0};
+static int TerminalSocketPair[2] = { 0, 0 };
static unsigned short TerminalDeviceChan = 0;
-static int CreateSocketPair (int, int, int, int *);
-static void SocketPairTimeoutAst (int);
-static int TerminalDeviceAst (int);
-static void LogMessage (char *, ...);
+static int CreateSocketPair(int, int, int, int *);
+static void SocketPairTimeoutAst(int);
+static int TerminalDeviceAst(int);
+static void LogMessage(char *, ...);
/*
** Socket Pair Timeout Value (must be 0-59 seconds)
*/
-# define SOCKET_PAIR_TIMEOUT_VALUE 20
+#define SOCKET_PAIR_TIMEOUT_VALUE 20
/*
** Socket Pair Timeout Block which is passed to timeout AST
@@ -119,55 +134,54 @@ typedef struct _SocketPairTimeoutBlock {
unsigned short SockChan2;
} SPTB;
-# ifdef TERM_SOCK_TEST
-
+#ifdef TERM_SOCK_TEST
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-int main (int argc, char *argv[], char *envp[])
+int main(int argc, char *argv[], char *envp[])
{
char TermBuff[80];
int TermSock,
status,
len;
- LogMessage ("Enter 'q' or 'Q' to quit ...");
- while (OPENSSL_strcasecmp (TermBuff, "Q")) {
+ LogMessage("Enter 'q' or 'Q' to quit ...");
+ while (OPENSSL_strcasecmp(TermBuff, "Q")) {
/*
** Create the terminal socket
*/
- status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
+ status = TerminalSocket(TERM_SOCK_CREATE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
- exit (1);
+ exit(1);
/*
** Process the terminal input
*/
- LogMessage ("Waiting on terminal I/O ...\n");
- len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
+ LogMessage("Waiting on terminal I/O ...\n");
+ len = recv(TermSock, TermBuff, sizeof(TermBuff), 0);
TermBuff[len] = '\0';
- LogMessage ("Received terminal I/O [%s]", TermBuff);
+ LogMessage("Received terminal I/O [%s]", TermBuff);
/*
** Delete the terminal socket
*/
- status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
+ status = TerminalSocket(TERM_SOCK_DELETE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
- exit (1);
+ exit(1);
}
return 1;
-
}
-# endif
-
+#endif
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-int TerminalSocket (int FunctionCode, int *ReturnSocket)
+int TerminalSocket(int FunctionCode, int *ReturnSocket)
{
int status;
- $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
+ $DESCRIPTOR(TerminalDeviceDesc, "SYS$COMMAND");
/*
** Process the requested function code
@@ -177,45 +191,45 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
/*
** Create a socket pair
*/
- status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
+ status = CreateSocketPair(AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
if (status == -1) {
- LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
+ LogMessage("TerminalSocket: CreateSocketPair () - %08X", status);
if (TerminalSocketPair[0])
- close (TerminalSocketPair[0]);
+ close(TerminalSocketPair[0]);
if (TerminalSocketPair[1])
- close (TerminalSocketPair[1]);
+ close(TerminalSocketPair[1]);
return TERM_SOCK_FAILURE;
}
/*
** Assign a channel to the terminal device
*/
- status = sys$assign (&TerminalDeviceDesc,
- &TerminalDeviceChan,
- 0, 0, 0);
- if (! (status & 1)) {
- LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
- close (TerminalSocketPair[0]);
- close (TerminalSocketPair[1]);
+ status = sys$assign(&TerminalDeviceDesc,
+ &TerminalDeviceChan,
+ 0, 0, 0);
+ if (!(status & 1)) {
+ LogMessage("TerminalSocket: SYS$ASSIGN () - %08X", status);
+ close(TerminalSocketPair[0]);
+ close(TerminalSocketPair[1]);
return TERM_SOCK_FAILURE;
}
/*
** Queue an async IO to the terminal device
*/
- status = sys$qio (EFN$C_ENF,
- TerminalDeviceChan,
- IO$_READVBLK,
- &TerminalDeviceIosb,
- TerminalDeviceAst,
- 0,
- TerminalDeviceBuff,
- sizeof(TerminalDeviceBuff) - 2,
- 0, 0, 0, 0);
- if (! (status & 1)) {
- LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
- close (TerminalSocketPair[0]);
- close (TerminalSocketPair[1]);
+ status = sys$qio(EFN$C_ENF,
+ TerminalDeviceChan,
+ IO$_READVBLK,
+ &TerminalDeviceIosb,
+ TerminalDeviceAst,
+ 0,
+ TerminalDeviceBuff,
+ sizeof(TerminalDeviceBuff) - 2,
+ 0, 0, 0, 0);
+ if (!(status & 1)) {
+ LogMessage("TerminalSocket: SYS$QIO () - %08X", status);
+ close(TerminalSocketPair[0]);
+ close(TerminalSocketPair[1]);
return TERM_SOCK_FAILURE;
}
@@ -229,30 +243,30 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
/*
** Cancel any pending IO on the terminal channel
*/
- status = sys$cancel (TerminalDeviceChan);
- if (! (status & 1)) {
- LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
- close (TerminalSocketPair[0]);
- close (TerminalSocketPair[1]);
+ status = sys$cancel(TerminalDeviceChan);
+ if (!(status & 1)) {
+ LogMessage("TerminalSocket: SYS$CANCEL () - %08X", status);
+ close(TerminalSocketPair[0]);
+ close(TerminalSocketPair[1]);
return TERM_SOCK_FAILURE;
}
/*
** Deassign the terminal channel
*/
- status = sys$dassgn (TerminalDeviceChan);
- if (! (status & 1)) {
- LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
- close (TerminalSocketPair[0]);
- close (TerminalSocketPair[1]);
+ status = sys$dassgn(TerminalDeviceChan);
+ if (!(status & 1)) {
+ LogMessage("TerminalSocket: SYS$DASSGN () - %08X", status);
+ close(TerminalSocketPair[0]);
+ close(TerminalSocketPair[1]);
return TERM_SOCK_FAILURE;
}
/*
** Close the terminal socket pair
*/
- close (TerminalSocketPair[0]);
- close (TerminalSocketPair[1]);
+ close(TerminalSocketPair[0]);
+ close(TerminalSocketPair[1]);
/*
** Return the initialized socket
@@ -264,7 +278,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
/*
** Invalid function code
*/
- LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
+ LogMessage("TerminalSocket: Invalid Function Code - %d", FunctionCode);
return TERM_SOCK_FAILURE;
break;
}
@@ -273,21 +287,20 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
** Return success
*/
return TERM_SOCK_SUCCESS;
-
}
-
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-static int CreateSocketPair (int SocketFamily,
- int SocketType,
- int SocketProtocol,
- int *SocketPair)
+static int CreateSocketPair(int SocketFamily,
+ int SocketType,
+ int SocketProtocol,
+ int *SocketPair)
{
- struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
- static const char* LocalHostAddr = {"127.0.0.1"};
+ struct dsc$descriptor AscTimeDesc = { 0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL };
+ static const char *LocalHostAddr = { "127.0.0.1" };
unsigned short TcpAcceptChan = 0,
- TcpDeviceChan = 0;
+ TcpDeviceChan = 0;
unsigned long BinTimeBuff[2];
struct sockaddr_in sin;
char AscTimeBuff[32];
@@ -295,23 +308,23 @@ static int CreateSocketPair (int SocketFamily,
int status;
unsigned int slen;
-# ifdef __alpha
+#ifdef __alpha
struct _iosb iosb;
-# else
+#else
IOSB iosb;
-# endif
+#endif
int SockDesc1 = 0,
SockDesc2 = 0;
SPTB sptb;
- $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
+ $DESCRIPTOR(TcpDeviceDesc, "TCPIP$DEVICE");
/*
** Create a socket
*/
- SockDesc1 = socket (SocketFamily, SocketType, 0);
+ SockDesc1 = socket(SocketFamily, SocketType, 0);
if (SockDesc1 < 0) {
- LogMessage ("CreateSocketPair: socket () - %d", errno);
+ LogMessage("CreateSocketPair: socket () - %d", errno);
return -1;
}
@@ -319,28 +332,28 @@ static int CreateSocketPair (int SocketFamily,
** Initialize the socket information
*/
slen = sizeof(sin);
- memset ((char *) &sin, 0, slen);
+ memset((char *)&sin, 0, slen);
sin.sin_family = SocketFamily;
- sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
+ sin.sin_addr.s_addr = inet_addr(LocalHostAddr);
sin.sin_port = 0;
/*
** Bind the socket to the local IP
*/
- status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
+ status = bind(SockDesc1, (struct sockaddr *)&sin, slen);
if (status < 0) {
- LogMessage ("CreateSocketPair: bind () - %d", errno);
- close (SockDesc1);
+ LogMessage("CreateSocketPair: bind () - %d", errno);
+ close(SockDesc1);
return -1;
}
/*
** Get the socket name so we can save the port number
*/
- status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
+ status = getsockname(SockDesc1, (struct sockaddr *)&sin, &slen);
if (status < 0) {
- LogMessage ("CreateSocketPair: getsockname () - %d", errno);
- close (SockDesc1);
+ LogMessage("CreateSocketPair: getsockname () - %d", errno);
+ close(SockDesc1);
return -1;
} else
LocalHostPort = sin.sin_port;
@@ -348,18 +361,18 @@ static int CreateSocketPair (int SocketFamily,
/*
** Setup a listen for the socket
*/
- listen (SockDesc1, 5);
+ listen(SockDesc1, 5);
/*
** Get the binary (64-bit) time of the specified timeout value
*/
BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
- AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
+ AscTimeDesc.dsc$w_length = strlen(AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
- status = sys$bintim (&AscTimeDesc, BinTimeBuff);
- if (! (status & 1)) {
- LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
- close (SockDesc1);
+ status = sys$bintim(&AscTimeDesc, BinTimeBuff);
+ if (!(status & 1)) {
+ LogMessage("CreateSocketPair: SYS$BINTIM () - %08X", status);
+ close(SockDesc1);
return -1;
}
@@ -367,87 +380,87 @@ static int CreateSocketPair (int SocketFamily,
** Assign another channel to the TCP/IP device for the accept.
** This is the channel that ends up being connected to.
*/
- status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
- if (! (status & 1)) {
- LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
- close (SockDesc1);
+ status = sys$assign(&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
+ if (!(status & 1)) {
+ LogMessage("CreateSocketPair: SYS$ASSIGN () - %08X", status);
+ close(SockDesc1);
return -1;
}
/*
** Get the channel of the first socket for the accept
*/
- TcpAcceptChan = decc$get_sdc (SockDesc1);
+ TcpAcceptChan = decc$get_sdc(SockDesc1);
/*
** Perform the accept using $QIO so we can do this asynchronously
*/
- status = sys$qio (EFN$C_ENF,
- TcpAcceptChan,
- IO$_ACCESS | IO$M_ACCEPT,
- &iosb,
- 0, 0, 0, 0, 0,
- &TcpDeviceChan,
- 0, 0);
- if (! (status & 1)) {
- LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
- close (SockDesc1);
- sys$dassgn (TcpDeviceChan);
+ status = sys$qio(EFN$C_ENF,
+ TcpAcceptChan,
+ IO$_ACCESS | IO$M_ACCEPT,
+ &iosb,
+ 0, 0, 0, 0, 0,
+ &TcpDeviceChan,
+ 0, 0);
+ if (!(status & 1)) {
+ LogMessage("CreateSocketPair: SYS$QIO () - %08X", status);
+ close(SockDesc1);
+ sys$dassgn(TcpDeviceChan);
return -1;
}
/*
** Create the second socket to do the connect
*/
- SockDesc2 = socket (SocketFamily, SocketType, 0);
+ SockDesc2 = socket(SocketFamily, SocketType, 0);
if (SockDesc2 < 0) {
- LogMessage ("CreateSocketPair: socket () - %d", errno);
- sys$cancel (TcpAcceptChan);
- close (SockDesc1);
- sys$dassgn (TcpDeviceChan);
- return (-1) ;
+ LogMessage("CreateSocketPair: socket () - %d", errno);
+ sys$cancel(TcpAcceptChan);
+ close(SockDesc1);
+ sys$dassgn(TcpDeviceChan);
+ return (-1);
}
/*
** Setup the Socket Pair Timeout Block
*/
sptb.SockChan1 = TcpAcceptChan;
- sptb.SockChan2 = decc$get_sdc (SockDesc2);
+ sptb.SockChan2 = decc$get_sdc(SockDesc2);
/*
** Before we block on the connect, set a timer that can cancel I/O on our
** two sockets if it never connects.
*/
- status = sys$setimr (EFN$C_ENF,
- BinTimeBuff,
- SocketPairTimeoutAst,
- &sptb,
- 0);
- if (! (status & 1)) {
- LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
- sys$cancel (TcpAcceptChan);
- close (SockDesc1);
- close (SockDesc2);
- sys$dassgn (TcpDeviceChan);
+ status = sys$setimr(EFN$C_ENF,
+ BinTimeBuff,
+ SocketPairTimeoutAst,
+ &sptb,
+ 0);
+ if (!(status & 1)) {
+ LogMessage("CreateSocketPair: SYS$SETIMR () - %08X", status);
+ sys$cancel(TcpAcceptChan);
+ close(SockDesc1);
+ close(SockDesc2);
+ sys$dassgn(TcpDeviceChan);
return -1;
}
/*
** Now issue the connect
*/
- memset ((char *) &sin, 0, sizeof(sin)) ;
+ memset((char *)&sin, 0, sizeof(sin));
sin.sin_family = SocketFamily;
- sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
- sin.sin_port = LocalHostPort ;
+ sin.sin_addr.s_addr = inet_addr(LocalHostAddr);
+ sin.sin_port = LocalHostPort;
- status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
- if (status < 0 ) {
- LogMessage ("CreateSocketPair: connect () - %d", errno);
- sys$cantim (&sptb, 0);
- sys$cancel (TcpAcceptChan);
- close (SockDesc1);
- close (SockDesc2);
- sys$dassgn (TcpDeviceChan);
+ status = connect(SockDesc2, (struct sockaddr *)&sin, sizeof(sin));
+ if (status < 0) {
+ LogMessage("CreateSocketPair: connect () - %d", errno);
+ sys$cantim(&sptb, 0);
+ sys$cancel(TcpAcceptChan);
+ close(SockDesc1);
+ close(SockDesc2);
+ sys$dassgn(TcpDeviceChan);
return -1;
}
@@ -456,18 +469,18 @@ static int CreateSocketPair (int SocketFamily,
** (SS$_ABORT), then we probably canceled it from the AST routine - so log
** a timeout.
*/
- status = sys$synch (EFN$C_ENF, &iosb);
- if (! (iosb.iosb$w_status & 1)) {
+ status = sys$synch(EFN$C_ENF, &iosb);
+ if (!(iosb.iosb$w_status & 1)) {
if (iosb.iosb$w_status == SS$_ABORT)
- LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
+ LogMessage("CreateSocketPair: SYS$QIO(iosb) timeout");
else {
- LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
- iosb.iosb$w_status);
- sys$cantim (&sptb, 0);
+ LogMessage("CreateSocketPair: SYS$QIO(iosb) - %d",
+ iosb.iosb$w_status);
+ sys$cantim(&sptb, 0);
}
- close (SockDesc1);
- close (SockDesc2);
- sys$dassgn (TcpDeviceChan);
+ close(SockDesc1);
+ close(SockDesc2);
+ sys$dassgn(TcpDeviceChan);
return -1;
}
@@ -476,34 +489,32 @@ static int CreateSocketPair (int SocketFamily,
** I/O channel to a socket fd, close the listener socket and return the
** connected pair.
*/
- sys$cantim (&sptb, 0);
+ sys$cantim(&sptb, 0);
- close (SockDesc1) ;
- SocketPair[0] = SockDesc2 ;
- SocketPair[1] = socket_fd (TcpDeviceChan);
-
- return (0) ;
+ close(SockDesc1);
+ SocketPair[0] = SockDesc2;
+ SocketPair[1] = socket_fd(TcpDeviceChan);
+ return (0);
}
-
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-static void SocketPairTimeoutAst (int astparm)
+static void SocketPairTimeoutAst(int astparm)
{
- SPTB *sptb = (SPTB *) astparm;
+ SPTB *sptb = (SPTB *)astparm;
- sys$cancel (sptb->SockChan2); /* Cancel the connect() */
- sys$cancel (sptb->SockChan1); /* Cancel the accept() */
+ sys$cancel(sptb->SockChan2); /* Cancel the connect() */
+ sys$cancel(sptb->SockChan1); /* Cancel the accept() */
return;
-
}
-
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-static int TerminalDeviceAst (int astparm)
+static int TerminalDeviceAst(int astparm)
{
int status;
@@ -511,41 +522,40 @@ static int TerminalDeviceAst (int astparm)
** Terminate the terminal buffer
*/
TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
- strcat (TerminalDeviceBuff, "\n");
+ strcat(TerminalDeviceBuff, "\n");
/*
** Send the data read from the terminal device through the socket pair
*/
- send (TerminalSocketPair[0], TerminalDeviceBuff,
- TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
+ send(TerminalSocketPair[0], TerminalDeviceBuff,
+ TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
/*
** Queue another async IO to the terminal device
*/
- status = sys$qio (EFN$C_ENF,
- TerminalDeviceChan,
- IO$_READVBLK,
- &TerminalDeviceIosb,
- TerminalDeviceAst,
- 0,
- TerminalDeviceBuff,
- sizeof(TerminalDeviceBuff) - 1,
- 0, 0, 0, 0);
+ status = sys$qio(EFN$C_ENF,
+ TerminalDeviceChan,
+ IO$_READVBLK,
+ &TerminalDeviceIosb,
+ TerminalDeviceAst,
+ 0,
+ TerminalDeviceBuff,
+ sizeof(TerminalDeviceBuff) - 2,
+ 0, 0, 0, 0);
/*
** Return status
*/
return status;
-
}
-
+
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
-static void LogMessage (char *msg, ...)
+static void LogMessage(char *msg, ...)
{
- char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+ char *Month[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
static unsigned int pid = 0;
va_list args;
time_t CurTime;
@@ -556,36 +566,35 @@ static void LogMessage (char *msg, ...)
** Get the process pid
*/
if (pid == 0)
- pid = getpid ();
+ pid = getpid();
/*
** Convert the current time into local time
*/
- CurTime = time (NULL);
- LocTime = localtime (&CurTime);
+ CurTime = time(NULL);
+ LocTime = localtime(&CurTime);
/*
** Format the message buffer
*/
BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
- LocTime->tm_mday, Month[LocTime->tm_mon],
- (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
- LocTime->tm_sec, pid, msg);
+ LocTime->tm_mday, Month[LocTime->tm_mon],
+ (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+ LocTime->tm_sec, pid, msg);
/*
** Get any variable arguments and add them to the print of the message
** buffer
*/
- va_start (args, msg);
- vfprintf (stderr, MsgBuff, args);
- va_end (args);
+ va_start(args, msg);
+ vfprintf(stderr, MsgBuff, args);
+ va_end(args);
/*
** Flush standard error output
*/
- fsync (fileno (stderr));
+ fsync(fileno(stderr));
return;
-
}
#endif
diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c
index 6d2be0c62942..824eb676310e 100644
--- a/apps/lib/win32_init.c
+++ b/apps/lib/win32_init.c
@@ -81,18 +81,18 @@ static int process_glob(WCHAR *wstr, int wlen)
break;
if (i == wlen)
- return 0; /* definitely not a glob */
+ return 0; /* definitely not a glob */
saved_char = wstr[wlen];
wstr[wlen] = L'\0';
h = FindFirstFileW(wstr, &data);
wstr[wlen] = saved_char;
if (h == INVALID_HANDLE_VALUE)
- return 0; /* not a valid glob, just pass... */
+ return 0; /* not a valid glob, just pass... */
if (slash)
udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
- NULL, 0, NULL, NULL);
+ NULL, 0, NULL, NULL);
else
udlen = 0;
@@ -104,8 +104,7 @@ static int process_glob(WCHAR *wstr, int wlen)
* skip over . and ..
*/
if (data.cFileName[0] == L'.') {
- if ((data.cFileName[1] == L'\0') ||
- (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
+ if ((data.cFileName[1] == L'\0') || (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
continue;
}
@@ -117,7 +116,7 @@ static int process_glob(WCHAR *wstr, int wlen)
* so that |uflen| covers even trailing '\0'.
*/
uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
- NULL, 0, NULL, NULL);
+ NULL, 0, NULL, NULL);
arg = malloc(udlen + uflen);
if (arg == NULL)
@@ -125,10 +124,10 @@ static int process_glob(WCHAR *wstr, int wlen)
if (udlen)
WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
- arg, udlen, NULL, NULL);
+ arg, udlen, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
- arg + udlen, uflen, NULL, NULL);
+ arg + udlen, uflen, NULL, NULL);
newargv[newargc++] = arg;
} while (FindNextFileW(h, &data));
@@ -154,7 +153,8 @@ void win32_utf8argv(int *argc, char **argv[])
return;
wcmdline = GetCommandLineW();
- if (wcmdline == NULL) return;
+ if (wcmdline == NULL)
+ return;
/*
* make a copy of the command line, since we might have to modify it...
@@ -178,7 +178,7 @@ void win32_utf8argv(int *argc, char **argv[])
*/
warg = wend = p;
while (*p != L'\0'
- && (in_quote || (*p != L' ' && *p != L'\t'))) {
+ && (in_quote || (*p != L' ' && *p != L'\t'))) {
switch (*p) {
case L'\\':
/*
@@ -259,7 +259,7 @@ void win32_utf8argv(int *argc, char **argv[])
ulen = 0;
if (wlen > 0) {
ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
- NULL, 0, NULL, NULL);
+ NULL, 0, NULL, NULL);
if (ulen <= 0)
continue;
}
@@ -272,7 +272,7 @@ void win32_utf8argv(int *argc, char **argv[])
if (wlen > 0)
WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
- arg, ulen, NULL, NULL);
+ arg, ulen, NULL, NULL);
arg[ulen] = '\0';
newargv[newargc++] = arg;
@@ -303,5 +303,7 @@ void win32_utf8argv(int *argc, char **argv[])
}
#else
void win32_utf8argv(int *argc, char **argv[])
-{ return; }
+{
+ return;
+}
#endif
diff --git a/apps/list.c b/apps/list.c
index 7d3136a8a161..c6f92aecb603 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -31,21 +31,21 @@ static int verbose = 0;
static const char *select_name = NULL;
/* Checks to see if algorithms are fetchable */
-#define IS_FETCHABLE(type, TYPE) \
- static int is_ ## type ## _fetchable(const TYPE *alg) \
- { \
- TYPE *impl; \
- const char *propq = app_get0_propq(); \
- OSSL_LIB_CTX *libctx = app_get0_libctx(); \
- const char *name = TYPE ## _get0_name(alg); \
- \
- ERR_set_mark(); \
- impl = TYPE ## _fetch(libctx, name, propq); \
- ERR_pop_to_mark(); \
- if (impl == NULL) \
- return 0; \
- TYPE ## _free(impl); \
- return 1; \
+#define IS_FETCHABLE(type, TYPE) \
+ static int is_##type##_fetchable(const TYPE *alg) \
+ { \
+ TYPE *impl; \
+ const char *propq = app_get0_propq(); \
+ OSSL_LIB_CTX *libctx = app_get0_libctx(); \
+ const char *name = TYPE##_get0_name(alg); \
+ \
+ ERR_set_mark(); \
+ impl = TYPE##_fetch(libctx, name, propq); \
+ ERR_pop_to_mark(); \
+ if (impl == NULL) \
+ return 0; \
+ TYPE##_free(impl); \
+ return 1; \
}
IS_FETCHABLE(cipher, EVP_CIPHER)
IS_FETCHABLE(digest, EVP_MD)
@@ -67,11 +67,11 @@ static int include_legacy(void)
}
static void legacy_cipher_fn(const EVP_CIPHER *c,
- const char *from, const char *to, void *arg)
+ const char *from, const char *to, void *arg)
{
if (select_name != NULL
&& (c == NULL
- || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
+ || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
return;
if (c != NULL) {
BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c));
@@ -86,11 +86,11 @@ static void legacy_cipher_fn(const EVP_CIPHER *c,
#endif
DEFINE_STACK_OF(EVP_CIPHER)
-static int cipher_cmp(const EVP_CIPHER * const *a,
- const EVP_CIPHER * const *b)
+static int cipher_cmp(const EVP_CIPHER *const *a,
+ const EVP_CIPHER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b)));
}
static void collect_ciphers(EVP_CIPHER *cipher, void *stack)
@@ -98,7 +98,7 @@ static void collect_ciphers(EVP_CIPHER *cipher, void *stack)
STACK_OF(EVP_CIPHER) *cipher_stack = stack;
if (is_cipher_fetchable(cipher)
- && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)
+ && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)
EVP_CIPHER_up_ref(cipher);
}
@@ -134,7 +134,7 @@ static void list_ciphers(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c)));
+ OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c)));
if (verbose) {
const char *desc = EVP_CIPHER_get0_description(c);
@@ -142,11 +142,11 @@ static void list_ciphers(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("retrievable algorithm parameters",
- EVP_CIPHER_gettable_params(c), 4);
+ EVP_CIPHER_gettable_params(c), 4);
print_param_types("retrievable operation parameters",
- EVP_CIPHER_gettable_ctx_params(c), 4);
+ EVP_CIPHER_gettable_ctx_params(c), 4);
print_param_types("settable operation parameters",
- EVP_CIPHER_settable_ctx_params(c), 4);
+ EVP_CIPHER_settable_ctx_params(c), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -156,7 +156,7 @@ static void list_ciphers(void)
#ifndef OPENSSL_NO_DEPRECATED_3_0
static void legacy_md_fn(const EVP_MD *m,
- const char *from, const char *to, void *arg)
+ const char *from, const char *to, void *arg)
{
if (m != NULL) {
BIO_printf(arg, " %s\n", EVP_MD_get0_name(m));
@@ -171,10 +171,10 @@ static void legacy_md_fn(const EVP_MD *m,
#endif
DEFINE_STACK_OF(EVP_MD)
-static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b)
+static int md_cmp(const EVP_MD *const *a, const EVP_MD *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b)));
}
static void collect_digests(EVP_MD *digest, void *stack)
@@ -182,7 +182,7 @@ static void collect_digests(EVP_MD *digest, void *stack)
STACK_OF(EVP_MD) *digest_stack = stack;
if (is_digest_fetchable(digest)
- && sk_EVP_MD_push(digest_stack, digest) > 0)
+ && sk_EVP_MD_push(digest_stack, digest) > 0)
EVP_MD_up_ref(digest);
}
@@ -218,7 +218,7 @@ static void list_digests(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m)));
+ OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m)));
if (verbose) {
const char *desc = EVP_MD_get0_description(m);
@@ -226,11 +226,11 @@ static void list_digests(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("retrievable algorithm parameters",
- EVP_MD_gettable_params(m), 4);
+ EVP_MD_gettable_params(m), 4);
print_param_types("retrievable operation parameters",
- EVP_MD_gettable_ctx_params(m), 4);
+ EVP_MD_gettable_ctx_params(m), 4);
print_param_types("settable operation parameters",
- EVP_MD_settable_ctx_params(m), 4);
+ EVP_MD_settable_ctx_params(m), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -239,10 +239,10 @@ static void list_digests(void)
}
DEFINE_STACK_OF(EVP_MAC)
-static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b)
+static int mac_cmp(const EVP_MAC *const *a, const EVP_MAC *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b)));
}
static void collect_macs(EVP_MAC *mac, void *stack)
@@ -250,7 +250,7 @@ static void collect_macs(EVP_MAC *mac, void *stack)
STACK_OF(EVP_MAC) *mac_stack = stack;
if (is_mac_fetchable(mac)
- && sk_EVP_MAC_push(mac_stack, mac) > 0)
+ && sk_EVP_MAC_push(mac_stack, mac) > 0)
EVP_MAC_up_ref(mac);
}
@@ -279,7 +279,7 @@ static void list_macs(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m)));
+ OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m)));
if (verbose) {
const char *desc = EVP_MAC_get0_description(m);
@@ -287,11 +287,11 @@ static void list_macs(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("retrievable algorithm parameters",
- EVP_MAC_gettable_params(m), 4);
+ EVP_MAC_gettable_params(m), 4);
print_param_types("retrievable operation parameters",
- EVP_MAC_gettable_ctx_params(m), 4);
+ EVP_MAC_gettable_ctx_params(m), 4);
print_param_types("settable operation parameters",
- EVP_MAC_settable_ctx_params(m), 4);
+ EVP_MAC_settable_ctx_params(m), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -303,10 +303,10 @@ static void list_macs(void)
* KDFs and PRFs
*/
DEFINE_STACK_OF(EVP_KDF)
-static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b)
+static int kdf_cmp(const EVP_KDF *const *a, const EVP_KDF *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b)));
}
static void collect_kdfs(EVP_KDF *kdf, void *stack)
@@ -314,7 +314,7 @@ static void collect_kdfs(EVP_KDF *kdf, void *stack)
STACK_OF(EVP_KDF) *kdf_stack = stack;
if (is_kdf_fetchable(kdf)
- && sk_EVP_KDF_push(kdf_stack, kdf) > 0)
+ && sk_EVP_KDF_push(kdf_stack, kdf) > 0)
EVP_KDF_up_ref(kdf);
}
@@ -343,7 +343,7 @@ static void list_kdfs(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k)));
if (verbose) {
const char *desc = EVP_KDF_get0_description(k);
@@ -351,11 +351,11 @@ static void list_kdfs(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("retrievable algorithm parameters",
- EVP_KDF_gettable_params(k), 4);
+ EVP_KDF_gettable_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_KDF_gettable_ctx_params(k), 4);
+ EVP_KDF_gettable_ctx_params(k), 4);
print_param_types("settable operation parameters",
- EVP_KDF_settable_ctx_params(k), 4);
+ EVP_KDF_settable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -368,13 +368,13 @@ static void list_kdfs(void)
*/
DEFINE_STACK_OF(EVP_RAND)
-static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b)
+static int rand_cmp(const EVP_RAND *const *a, const EVP_RAND *const *b)
{
int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
if (ret == 0)
ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b)));
return ret;
}
@@ -384,7 +384,7 @@ static void collect_rands(EVP_RAND *rand, void *stack)
STACK_OF(EVP_RAND) *rand_stack = stack;
if (is_rand_fetchable(rand)
- && sk_EVP_RAND_push(rand_stack, rand) > 0)
+ && sk_EVP_RAND_push(rand_stack, rand) > 0)
EVP_RAND_up_ref(rand);
}
@@ -408,7 +408,7 @@ static void list_random_generators(void)
continue;
BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m));
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m)));
+ OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m)));
if (verbose) {
const char *desc = EVP_RAND_get0_description(m);
@@ -416,11 +416,11 @@ static void list_random_generators(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("retrievable algorithm parameters",
- EVP_RAND_gettable_params(m), 4);
+ EVP_RAND_gettable_params(m), 4);
print_param_types("retrievable operation parameters",
- EVP_RAND_gettable_ctx_params(m), 4);
+ EVP_RAND_gettable_ctx_params(m), 4);
print_param_types("settable operation parameters",
- EVP_RAND_settable_ctx_params(m), 4);
+ EVP_RAND_settable_ctx_params(m), 4);
}
}
sk_EVP_RAND_pop_free(rands, EVP_RAND_free);
@@ -441,7 +441,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg)
BIO_printf(bio_out, " %s", EVP_RAND_get0_name(rand));
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand)));
+ OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand)));
switch (EVP_RAND_get_state(drbg)) {
case EVP_RAND_STATE_UNINITIALISED:
@@ -467,13 +467,13 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg)
continue;
/* Outside of verbose mode, we skip non-string values */
if (gettables->data_type != OSSL_PARAM_UTF8_STRING
- && gettables->data_type != OSSL_PARAM_UTF8_PTR
- && !verbose)
+ && gettables->data_type != OSSL_PARAM_UTF8_PTR
+ && !verbose)
continue;
params->key = gettables->key;
params->data_type = gettables->data_type;
if (gettables->data_type == OSSL_PARAM_UNSIGNED_INTEGER
- || gettables->data_type == OSSL_PARAM_INTEGER) {
+ || gettables->data_type == OSSL_PARAM_INTEGER) {
params->data = &u;
params->data_size = sizeof(u);
} else {
@@ -498,11 +498,11 @@ static void list_random_instances(void)
* Encoders
*/
DEFINE_STACK_OF(OSSL_ENCODER)
-static int encoder_cmp(const OSSL_ENCODER * const *a,
- const OSSL_ENCODER * const *b)
+static int encoder_cmp(const OSSL_ENCODER *const *a,
+ const OSSL_ENCODER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b)));
}
static void collect_encoders(OSSL_ENCODER *encoder, void *stack)
@@ -510,7 +510,7 @@ static void collect_encoders(OSSL_ENCODER *encoder, void *stack)
STACK_OF(OSSL_ENCODER) *encoder_stack = stack;
if (is_encoder_fetchable(encoder)
- && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0)
+ && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0)
OSSL_ENCODER_up_ref(encoder);
}
@@ -526,7 +526,7 @@ static void list_encoders(void)
}
BIO_printf(bio_out, "Provided ENCODERs:\n");
OSSL_ENCODER_do_all_provided(app_get0_libctx(), collect_encoders,
- encoders);
+ encoders);
sk_OSSL_ENCODER_sort(encoders);
for (i = 0; i < sk_OSSL_ENCODER_num(encoders); i++) {
@@ -542,8 +542,8 @@ static void list_encoders(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s (%s)\n",
- OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)),
- OSSL_ENCODER_get0_properties(k));
+ OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)),
+ OSSL_ENCODER_get0_properties(k));
if (verbose) {
const char *desc = OSSL_ENCODER_get0_description(k);
@@ -551,7 +551,7 @@ static void list_encoders(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- OSSL_ENCODER_settable_ctx_params(k), 4);
+ OSSL_ENCODER_settable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -563,11 +563,11 @@ static void list_encoders(void)
* Decoders
*/
DEFINE_STACK_OF(OSSL_DECODER)
-static int decoder_cmp(const OSSL_DECODER * const *a,
- const OSSL_DECODER * const *b)
+static int decoder_cmp(const OSSL_DECODER *const *a,
+ const OSSL_DECODER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b)));
}
static void collect_decoders(OSSL_DECODER *decoder, void *stack)
@@ -575,7 +575,7 @@ static void collect_decoders(OSSL_DECODER *decoder, void *stack)
STACK_OF(OSSL_DECODER) *decoder_stack = stack;
if (is_decoder_fetchable(decoder)
- && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0)
+ && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0)
OSSL_DECODER_up_ref(decoder);
}
@@ -591,7 +591,7 @@ static void list_decoders(void)
}
BIO_printf(bio_out, "Provided DECODERs:\n");
OSSL_DECODER_do_all_provided(app_get0_libctx(), collect_decoders,
- decoders);
+ decoders);
sk_OSSL_DECODER_sort(decoders);
for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) {
@@ -607,8 +607,8 @@ static void list_decoders(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s (%s)\n",
- OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)),
- OSSL_DECODER_get0_properties(k));
+ OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)),
+ OSSL_DECODER_get0_properties(k));
if (verbose) {
const char *desc = OSSL_DECODER_get0_description(k);
@@ -616,7 +616,7 @@ static void list_decoders(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- OSSL_DECODER_settable_ctx_params(k), 4);
+ OSSL_DECODER_settable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -625,11 +625,11 @@ static void list_decoders(void)
}
DEFINE_STACK_OF(EVP_KEYMGMT)
-static int keymanager_cmp(const EVP_KEYMGMT * const *a,
- const EVP_KEYMGMT * const *b)
+static int keymanager_cmp(const EVP_KEYMGMT *const *a,
+ const EVP_KEYMGMT *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b)));
}
static void collect_keymanagers(EVP_KEYMGMT *km, void *stack)
@@ -637,7 +637,7 @@ static void collect_keymanagers(EVP_KEYMGMT *km, void *stack)
STACK_OF(EVP_KEYMGMT) *km_stack = stack;
if (is_keymgmt_fetchable(km)
- && sk_EVP_KEYMGMT_push(km_stack, km) > 0)
+ && sk_EVP_KEYMGMT_push(km_stack, km) > 0)
EVP_KEYMGMT_up_ref(km);
}
@@ -647,7 +647,7 @@ static void list_keymanagers(void)
STACK_OF(EVP_KEYMGMT) *km_stack = sk_EVP_KEYMGMT_new(keymanager_cmp);
EVP_KEYMGMT_do_all_provided(app_get0_libctx(), collect_keymanagers,
- km_stack);
+ km_stack);
sk_EVP_KEYMGMT_sort(km_stack);
for (i = 0; i < sk_EVP_KEYMGMT_num(km_stack); i++) {
@@ -671,15 +671,15 @@ static void list_keymanagers(void)
BIO_printf(bio_out, " IDs: ");
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k)));
if (verbose) {
print_param_types("settable key generation parameters",
- EVP_KEYMGMT_gen_settable_params(k), 4);
+ EVP_KEYMGMT_gen_settable_params(k), 4);
print_param_types("settable operation parameters",
- EVP_KEYMGMT_settable_params(k), 4);
+ EVP_KEYMGMT_settable_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_KEYMGMT_gettable_params(k), 4);
+ EVP_KEYMGMT_gettable_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -688,11 +688,11 @@ static void list_keymanagers(void)
}
DEFINE_STACK_OF(EVP_SIGNATURE)
-static int signature_cmp(const EVP_SIGNATURE * const *a,
- const EVP_SIGNATURE * const *b)
+static int signature_cmp(const EVP_SIGNATURE *const *a,
+ const EVP_SIGNATURE *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b)));
}
static void collect_signatures(EVP_SIGNATURE *sig, void *stack)
@@ -700,7 +700,7 @@ static void collect_signatures(EVP_SIGNATURE *sig, void *stack)
STACK_OF(EVP_SIGNATURE) *sig_stack = stack;
if (is_signature_fetchable(sig)
- && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0)
+ && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0)
EVP_SIGNATURE_up_ref(sig);
}
@@ -710,7 +710,7 @@ static void list_signatures(void)
STACK_OF(EVP_SIGNATURE) *sig_stack = sk_EVP_SIGNATURE_new(signature_cmp);
EVP_SIGNATURE_do_all_provided(app_get0_libctx(), collect_signatures,
- sig_stack);
+ sig_stack);
sk_EVP_SIGNATURE_sort(sig_stack);
for (i = 0; i < sk_EVP_SIGNATURE_num(sig_stack); i++) {
@@ -727,7 +727,7 @@ static void list_signatures(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k)));
if (verbose) {
const char *desc = EVP_SIGNATURE_get0_description(k);
@@ -735,9 +735,9 @@ static void list_signatures(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- EVP_SIGNATURE_settable_ctx_params(k), 4);
+ EVP_SIGNATURE_settable_ctx_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_SIGNATURE_gettable_ctx_params(k), 4);
+ EVP_SIGNATURE_gettable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -748,11 +748,11 @@ static void list_signatures(void)
}
DEFINE_STACK_OF(EVP_KEM)
-static int kem_cmp(const EVP_KEM * const *a,
- const EVP_KEM * const *b)
+static int kem_cmp(const EVP_KEM *const *a,
+ const EVP_KEM *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b)));
}
static void collect_kem(EVP_KEM *kem, void *stack)
@@ -760,7 +760,7 @@ static void collect_kem(EVP_KEM *kem, void *stack)
STACK_OF(EVP_KEM) *kem_stack = stack;
if (is_kem_fetchable(kem)
- && sk_EVP_KEM_push(kem_stack, kem) > 0)
+ && sk_EVP_KEM_push(kem_stack, kem) > 0)
EVP_KEM_up_ref(kem);
}
@@ -786,7 +786,7 @@ static void list_kems(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k)));
if (verbose) {
const char *desc = EVP_KEM_get0_description(k);
@@ -794,9 +794,9 @@ static void list_kems(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- EVP_KEM_settable_ctx_params(k), 4);
+ EVP_KEM_settable_ctx_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_KEM_gettable_ctx_params(k), 4);
+ EVP_KEM_gettable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -807,11 +807,11 @@ static void list_kems(void)
}
DEFINE_STACK_OF(EVP_ASYM_CIPHER)
-static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a,
- const EVP_ASYM_CIPHER * const *b)
+static int asymcipher_cmp(const EVP_ASYM_CIPHER *const *a,
+ const EVP_ASYM_CIPHER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b)));
}
static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack)
@@ -819,18 +819,17 @@ static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack)
STACK_OF(EVP_ASYM_CIPHER) *asym_cipher_stack = stack;
if (is_asym_cipher_fetchable(asym_cipher)
- && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0)
+ && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0)
EVP_ASYM_CIPHER_up_ref(asym_cipher);
}
static void list_asymciphers(void)
{
int i, count = 0;
- STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack =
- sk_EVP_ASYM_CIPHER_new(asymcipher_cmp);
+ STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack = sk_EVP_ASYM_CIPHER_new(asymcipher_cmp);
EVP_ASYM_CIPHER_do_all_provided(app_get0_libctx(), collect_asymciph,
- asymciph_stack);
+ asymciph_stack);
sk_EVP_ASYM_CIPHER_sort(asymciph_stack);
for (i = 0; i < sk_EVP_ASYM_CIPHER_num(asymciph_stack); i++) {
@@ -842,13 +841,13 @@ static void list_asymciphers(void)
names = sk_OPENSSL_CSTRING_new(name_cmp);
if (names != NULL
- && EVP_ASYM_CIPHER_names_do_all(k, collect_names, names)) {
+ && EVP_ASYM_CIPHER_names_do_all(k, collect_names, names)) {
count++;
BIO_printf(bio_out, " ");
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k)));
if (verbose) {
const char *desc = EVP_ASYM_CIPHER_get0_description(k);
@@ -856,9 +855,9 @@ static void list_asymciphers(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- EVP_ASYM_CIPHER_settable_ctx_params(k), 4);
+ EVP_ASYM_CIPHER_settable_ctx_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_ASYM_CIPHER_gettable_ctx_params(k), 4);
+ EVP_ASYM_CIPHER_gettable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -869,11 +868,11 @@ static void list_asymciphers(void)
}
DEFINE_STACK_OF(EVP_KEYEXCH)
-static int kex_cmp(const EVP_KEYEXCH * const *a,
- const EVP_KEYEXCH * const *b)
+static int kex_cmp(const EVP_KEYEXCH *const *a,
+ const EVP_KEYEXCH *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b)));
}
static void collect_kex(EVP_KEYEXCH *kex, void *stack)
@@ -881,7 +880,7 @@ static void collect_kex(EVP_KEYEXCH *kex, void *stack)
STACK_OF(EVP_KEYEXCH) *kex_stack = stack;
if (is_keyexch_fetchable(kex)
- && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0)
+ && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0)
EVP_KEYEXCH_up_ref(kex);
}
@@ -907,7 +906,7 @@ static void list_keyexchanges(void)
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k)));
+ OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k)));
if (verbose) {
const char *desc = EVP_KEYEXCH_get0_description(k);
@@ -915,9 +914,9 @@ static void list_keyexchanges(void)
if (desc != NULL)
BIO_printf(bio_out, " description: %s\n", desc);
print_param_types("settable operation parameters",
- EVP_KEYEXCH_settable_ctx_params(k), 4);
+ EVP_KEYEXCH_settable_ctx_params(k), 4);
print_param_types("retrievable operation parameters",
- EVP_KEYEXCH_gettable_ctx_params(k), 4);
+ EVP_KEYEXCH_gettable_ctx_params(k), 4);
}
}
sk_OPENSSL_CSTRING_free(names);
@@ -956,18 +955,18 @@ static void list_objects(void)
continue;
}
if (n < 0)
- break; /* Error */
+ break; /* Error */
if (n > oid_size) {
oid_buf = OPENSSL_realloc(oid_buf, n + 1);
if (oid_buf == NULL) {
BIO_printf(bio_err, "ERROR: Memory allocation\n");
- break; /* Error */
+ break; /* Error */
}
oid_size = n + 1;
}
if (OBJ_obj2txt(oid_buf, oid_size, obj, 1) < 0)
- break; /* Error */
+ break; /* Error */
if (ln == NULL || strcmp(sn, ln) == 0)
BIO_printf(bio_out, "%s = %s\n", sn, oid_buf);
else
@@ -987,23 +986,23 @@ static void list_options_for_command(const char *command)
break;
if (fp->name == NULL) {
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
- command);
+ command);
return;
}
if ((o = fp->help) == NULL)
return;
- for ( ; o->name != NULL; o++) {
+ for (; o->name != NULL; o++) {
char c = o->valtype;
if (o->name == OPT_PARAM_STR)
break;
if (o->name == OPT_HELP_STR
- || o->name == OPT_MORE_STR
- || o->name == OPT_SECTION_STR
- || o->name[0] == '\0')
+ || o->name == OPT_MORE_STR
+ || o->name == OPT_SECTION_STR
+ || o->name[0] == '\0')
continue;
BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c);
}
@@ -1096,16 +1095,15 @@ static void list_pkey(void)
const char *pinfo, *pem_str;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
- &pinfo, &pem_str, ameth);
+ &pinfo, &pem_str, ameth);
if (pkey_flags & ASN1_PKEY_ALIAS) {
BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tAlias for: %s\n",
- OBJ_nid2ln(pkey_base_id));
+ OBJ_nid2ln(pkey_base_id));
} else {
BIO_printf(bio_out, " Name: %s\n", pinfo);
BIO_printf(bio_out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ?
- "External" : "Builtin");
+ pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
if (pem_str == NULL)
pem_str = "(none)";
@@ -1134,7 +1132,7 @@ static void list_pkey_meth(void)
EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
BIO_printf(bio_out, " %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
+ pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
}
}
#endif
@@ -1150,11 +1148,11 @@ static void list_pkey_meth(void)
}
DEFINE_STACK_OF(OSSL_STORE_LOADER)
-static int store_cmp(const OSSL_STORE_LOADER * const *a,
- const OSSL_STORE_LOADER * const *b)
+static int store_cmp(const OSSL_STORE_LOADER *const *a,
+ const OSSL_STORE_LOADER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)),
- OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b)));
+ OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b)));
}
static void collect_store_loaders(OSSL_STORE_LOADER *store, void *stack)
@@ -1176,7 +1174,7 @@ static void list_store_loaders(void)
}
BIO_printf(bio_out, "Provided STORE LOADERs:\n");
OSSL_STORE_LOADER_do_all_provided(app_get0_libctx(), collect_store_loaders,
- stores);
+ stores);
sk_OSSL_STORE_LOADER_sort(stores);
for (i = 0; i < sk_OSSL_STORE_LOADER_num(stores); i++) {
const OSSL_STORE_LOADER *m = sk_OSSL_STORE_LOADER_value(stores, i);
@@ -1186,13 +1184,12 @@ static void list_store_loaders(void)
continue;
names = sk_OPENSSL_CSTRING_new(name_cmp);
- if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names,
- names)) {
+ if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names, names)) {
BIO_printf(bio_out, " ");
print_names(bio_out, names);
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m)));
+ OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m)));
}
sk_OPENSSL_CSTRING_free(names);
}
@@ -1200,8 +1197,8 @@ static void list_store_loaders(void)
}
DEFINE_STACK_OF(OSSL_PROVIDER)
-static int provider_cmp(const OSSL_PROVIDER * const *a,
- const OSSL_PROVIDER * const *b)
+static int provider_cmp(const OSSL_PROVIDER *const *a,
+ const OSSL_PROVIDER *const *b)
{
return strcmp(OSSL_PROVIDER_get0_name(*a), OSSL_PROVIDER_get0_name(*b));
}
@@ -1245,18 +1242,18 @@ static void list_provider_info(void)
/* Query the "known" information parameters, the order matches below */
params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME,
- &name, 0);
+ &name, 0);
params[1] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION,
- &version, 0);
+ &version, 0);
params[2] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_STATUS, &status);
params[3] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_BUILDINFO,
- &buildinfo, 0);
+ &buildinfo, 0);
params[4] = OSSL_PARAM_construct_end();
OSSL_PARAM_set_all_unmodified(params);
if (!OSSL_PROVIDER_get_params(prov, params)) {
BIO_printf(bio_err,
- "WARNING: Unable to query provider parameters for %s\n",
- provname);
+ "WARNING: Unable to query provider parameters for %s\n",
+ provname);
} else {
/* Print out the provider information, the params order matches above */
if (OSSL_PARAM_modified(params))
@@ -1269,7 +1266,7 @@ static void list_provider_info(void)
if (OSSL_PARAM_modified(params + 3))
BIO_printf(bio_out, " build info: %s\n", buildinfo);
print_param_types("gettable provider parameters",
- OSSL_PROVIDER_gettable_params(prov), 4);
+ OSSL_PROVIDER_gettable_params(prov), 4);
}
}
}
@@ -1279,7 +1276,7 @@ static void list_provider_info(void)
#ifndef OPENSSL_NO_DEPRECATED_3_0
static void list_engines(void)
{
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
BIO_puts(bio_out, "Engines:\n");
@@ -1288,9 +1285,9 @@ static void list_engines(void)
BIO_printf(bio_out, "%s\n", ENGINE_get_id(e));
e = ENGINE_get_next(e);
}
-# else
+#else
BIO_puts(bio_out, "Engine support is disabled.\n");
-# endif
+#endif
}
#endif
@@ -1440,17 +1437,34 @@ static void list_disabled(void)
/* Unified enum for help and list commands. */
typedef enum HELPLIST_CHOICE {
OPT_COMMON,
- OPT_ONE, OPT_VERBOSE,
- OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
- OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
- OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED,
- OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS,
- OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS,
- OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS,
- OPT_STORE_LOADERS, OPT_PROVIDER_INFO,
- OPT_OBJECTS, OPT_SELECT_NAME,
+ OPT_ONE,
+ OPT_VERBOSE,
+ OPT_COMMANDS,
+ OPT_DIGEST_COMMANDS,
+ OPT_MAC_ALGORITHMS,
+ OPT_OPTIONS,
+ OPT_DIGEST_ALGORITHMS,
+ OPT_CIPHER_COMMANDS,
+ OPT_CIPHER_ALGORITHMS,
+ OPT_PK_ALGORITHMS,
+ OPT_PK_METHOD,
+ OPT_DISABLED,
+ OPT_KDF_ALGORITHMS,
+ OPT_RANDOM_INSTANCES,
+ OPT_RANDOM_GENERATORS,
+ OPT_ENCODERS,
+ OPT_DECODERS,
+ OPT_KEYMANAGERS,
+ OPT_KEYEXCHANGE_ALGORITHMS,
+ OPT_KEM_ALGORITHMS,
+ OPT_SIGNATURE_ALGORITHMS,
+ OPT_ASYM_CIPHER_ALGORITHMS,
+ OPT_STORE_LOADERS,
+ OPT_PROVIDER_INFO,
+ OPT_OBJECTS,
+ OPT_SELECT_NAME,
#ifndef OPENSSL_NO_DEPRECATED_3_0
- OPT_ENGINES,
+ OPT_ENGINES,
#endif
OPT_PROV_ENUM
} HELPLIST_CHOICE;
@@ -1458,65 +1472,65 @@ typedef enum HELPLIST_CHOICE {
const OPTIONS list_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Output"),
- {"1", OPT_ONE, '-', "List in one column"},
- {"verbose", OPT_VERBOSE, '-', "Verbose listing"},
- {"select", OPT_SELECT_NAME, 's', "Select a single algorithm"},
- {"commands", OPT_COMMANDS, '-', "List of standard commands"},
- {"standard-commands", OPT_COMMANDS, '-', "List of standard commands"},
+ { "1", OPT_ONE, '-', "List in one column" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose listing" },
+ { "select", OPT_SELECT_NAME, 's', "Select a single algorithm" },
+ { "commands", OPT_COMMANDS, '-', "List of standard commands" },
+ { "standard-commands", OPT_COMMANDS, '-', "List of standard commands" },
#ifndef OPENSSL_NO_DEPRECATED_3_0
- {"digest-commands", OPT_DIGEST_COMMANDS, '-',
- "List of message digest commands (deprecated)"},
+ { "digest-commands", OPT_DIGEST_COMMANDS, '-',
+ "List of message digest commands (deprecated)" },
#endif
- {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
- "List of message digest algorithms"},
- {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
- "List of key derivation and pseudo random function algorithms"},
- {"random-instances", OPT_RANDOM_INSTANCES, '-',
- "List the primary, public and private random number generator details"},
- {"random-generators", OPT_RANDOM_GENERATORS, '-',
- "List of random number generators"},
- {"mac-algorithms", OPT_MAC_ALGORITHMS, '-',
- "List of message authentication code algorithms"},
+ { "digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
+ "List of message digest algorithms" },
+ { "kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
+ "List of key derivation and pseudo random function algorithms" },
+ { "random-instances", OPT_RANDOM_INSTANCES, '-',
+ "List the primary, public and private random number generator details" },
+ { "random-generators", OPT_RANDOM_GENERATORS, '-',
+ "List of random number generators" },
+ { "mac-algorithms", OPT_MAC_ALGORITHMS, '-',
+ "List of message authentication code algorithms" },
#ifndef OPENSSL_NO_DEPRECATED_3_0
- {"cipher-commands", OPT_CIPHER_COMMANDS, '-',
- "List of cipher commands (deprecated)"},
+ { "cipher-commands", OPT_CIPHER_COMMANDS, '-',
+ "List of cipher commands (deprecated)" },
#endif
- {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
- "List of symmetric cipher algorithms"},
- {"encoders", OPT_ENCODERS, '-', "List of encoding methods" },
- {"decoders", OPT_DECODERS, '-', "List of decoding methods" },
- {"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" },
- {"key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-',
- "List of key exchange algorithms" },
- {"kem-algorithms", OPT_KEM_ALGORITHMS, '-',
- "List of key encapsulation mechanism algorithms" },
- {"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-',
- "List of signature algorithms" },
- {"asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
- "List of asymmetric cipher algorithms" },
- {"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
- "List of public key algorithms"},
- {"public-key-methods", OPT_PK_METHOD, '-',
- "List of public key methods"},
- {"store-loaders", OPT_STORE_LOADERS, '-',
- "List of store loaders"},
- {"providers", OPT_PROVIDER_INFO, '-',
- "List of provider information"},
+ { "cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
+ "List of symmetric cipher algorithms" },
+ { "encoders", OPT_ENCODERS, '-', "List of encoding methods" },
+ { "decoders", OPT_DECODERS, '-', "List of decoding methods" },
+ { "key-managers", OPT_KEYMANAGERS, '-', "List of key managers" },
+ { "key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-',
+ "List of key exchange algorithms" },
+ { "kem-algorithms", OPT_KEM_ALGORITHMS, '-',
+ "List of key encapsulation mechanism algorithms" },
+ { "signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-',
+ "List of signature algorithms" },
+ { "asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
+ "List of asymmetric cipher algorithms" },
+ { "public-key-algorithms", OPT_PK_ALGORITHMS, '-',
+ "List of public key algorithms" },
+ { "public-key-methods", OPT_PK_METHOD, '-',
+ "List of public key methods" },
+ { "store-loaders", OPT_STORE_LOADERS, '-',
+ "List of store loaders" },
+ { "providers", OPT_PROVIDER_INFO, '-',
+ "List of provider information" },
#ifndef OPENSSL_NO_DEPRECATED_3_0
- {"engines", OPT_ENGINES, '-',
- "List of loaded engines"},
+ { "engines", OPT_ENGINES, '-',
+ "List of loaded engines" },
#endif
- {"disabled", OPT_DISABLED, '-', "List of disabled features"},
- {"options", OPT_OPTIONS, 's',
- "List options for specified command"},
- {"objects", OPT_OBJECTS, '-',
- "List built in objects (OID<->name mappings)"},
+ { "disabled", OPT_DISABLED, '-', "List of disabled features" },
+ { "options", OPT_OPTIONS, 's',
+ "List options for specified command" },
+ { "objects", OPT_OBJECTS, '-',
+ "List built in objects (OID<->name mappings)" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int list_main(int argc, char **argv)
@@ -1525,42 +1539,44 @@ int list_main(int argc, char **argv)
HELPLIST_CHOICE o;
int one = 0, done = 0;
struct {
- unsigned int commands:1;
- unsigned int random_instances:1;
- unsigned int random_generators:1;
- unsigned int digest_commands:1;
- unsigned int digest_algorithms:1;
- unsigned int kdf_algorithms:1;
- unsigned int mac_algorithms:1;
- unsigned int cipher_commands:1;
- unsigned int cipher_algorithms:1;
- unsigned int encoder_algorithms:1;
- unsigned int decoder_algorithms:1;
- unsigned int keymanager_algorithms:1;
- unsigned int signature_algorithms:1;
- unsigned int keyexchange_algorithms:1;
- unsigned int kem_algorithms:1;
- unsigned int asym_cipher_algorithms:1;
- unsigned int pk_algorithms:1;
- unsigned int pk_method:1;
- unsigned int store_loaders:1;
- unsigned int provider_info:1;
+ unsigned int commands : 1;
+ unsigned int random_instances : 1;
+ unsigned int random_generators : 1;
+ unsigned int digest_commands : 1;
+ unsigned int digest_algorithms : 1;
+ unsigned int kdf_algorithms : 1;
+ unsigned int mac_algorithms : 1;
+ unsigned int cipher_commands : 1;
+ unsigned int cipher_algorithms : 1;
+ unsigned int encoder_algorithms : 1;
+ unsigned int decoder_algorithms : 1;
+ unsigned int keymanager_algorithms : 1;
+ unsigned int signature_algorithms : 1;
+ unsigned int keyexchange_algorithms : 1;
+ unsigned int kem_algorithms : 1;
+ unsigned int asym_cipher_algorithms : 1;
+ unsigned int pk_algorithms : 1;
+ unsigned int pk_method : 1;
+ unsigned int store_loaders : 1;
+ unsigned int provider_info : 1;
#ifndef OPENSSL_NO_DEPRECATED_3_0
- unsigned int engines:1;
+ unsigned int engines : 1;
#endif
- unsigned int disabled:1;
- unsigned int objects:1;
- unsigned int options:1;
- } todo = { 0, };
+ unsigned int disabled : 1;
+ unsigned int objects : 1;
+ unsigned int options : 1;
+ } todo = {
+ 0,
+ };
- verbose = 0; /* Clear a possible previous call */
+ verbose = 0; /* Clear a possible previous call */
prog = opt_init(argc, argv, list_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
- case OPT_EOF: /* Never hit, but suppresses warning */
+ case OPT_EOF: /* Never hit, but suppresses warning */
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
diff --git a/apps/mac.c b/apps/mac.c
index a9b6a265f49a..7eb404c83629 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -18,42 +18,46 @@
#include <openssl/core_names.h>
#undef BUFSIZE
-#define BUFSIZE 1024*8
+#define BUFSIZE 1024 * 8
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT,
- OPT_CIPHER, OPT_DIGEST,
+ OPT_MACOPT,
+ OPT_BIN,
+ OPT_IN,
+ OPT_OUT,
+ OPT_CIPHER,
+ OPT_DIGEST,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS mac_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form"},
- {"cipher", OPT_CIPHER, 's', "Cipher"},
- {"digest", OPT_DIGEST, 's', "Digest"},
- {OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form" },
+ { "cipher", OPT_CIPHER, 's', "Cipher" },
+ { "digest", OPT_DIGEST, 's', "Digest" },
+ { OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file to MAC (default is stdin)"},
+ { "in", OPT_IN, '<', "Input file to MAC (default is stdin)" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"binary", OPT_BIN, '-',
- "Output in binary format (default is hexadecimal)"},
+ { "out", OPT_OUT, '>', "Output to filename rather than stdout" },
+ { "binary", OPT_BIN, '-',
+ "Output in binary format (default is hexadecimal)" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"mac_name", 0, 0, "MAC algorithm"},
- {NULL}
+ { "mac_name", 0, 0, "MAC algorithm" },
+ { NULL }
};
static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
- const char *name, const char *arg)
+ const char *name, const char *arg)
{
size_t len = strlen(name) + strlen(arg) + 2;
char *res;
@@ -95,7 +99,7 @@ int mac_main(int argc, char **argv)
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
default:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto err;
case OPT_HELP:
@@ -156,7 +160,7 @@ opthelp:
int ok = 1;
params = app_params_new_from_opts(opts,
- EVP_MAC_settable_ctx_params(mac));
+ EVP_MAC_settable_ctx_params(mac));
if (params == NULL)
goto err;
@@ -218,7 +222,7 @@ opthelp:
for (i = 0; i < (int)len; ++i)
BIO_printf(out, "%02X", buf[i]);
if (outfile == NULL)
- BIO_printf(out,"\n");
+ BIO_printf(out, "\n");
}
ret = 0;
diff --git a/apps/nseq.c b/apps/nseq.c
index d5524370f26c..8d83abeef244 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -16,23 +16,25 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_TOSEQ, OPT_IN, OPT_OUT,
+ OPT_TOSEQ,
+ OPT_IN,
+ OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS nseq_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
+ { "in", OPT_IN, '<', "Input file" },
OPT_SECTION("Output"),
- {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
- {"out", OPT_OUT, '>', "Output file"},
+ { "toseq", OPT_TOSEQ, '-', "Output NS Sequence file" },
+ { "out", OPT_OUT, '>', "Output file" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int nseq_main(int argc, char **argv)
@@ -49,7 +51,7 @@ int nseq_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -98,7 +100,7 @@ int nseq_main(int argc, char **argv)
if (!sk_X509_num(seq->certs)) {
BIO_printf(bio_err, "%s: Error reading certs file %s\n",
- prog, infile);
+ prog, infile);
ERR_print_errors(bio_err);
goto end;
}
@@ -110,7 +112,7 @@ int nseq_main(int argc, char **argv)
seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
if (seq == NULL) {
BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
- prog, infile);
+ prog, infile);
ERR_print_errors(bio_err);
goto end;
}
@@ -121,7 +123,7 @@ int nseq_main(int argc, char **argv)
PEM_write_bio_X509(out, x509);
}
ret = 0;
- end:
+end:
BIO_free(in);
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 355adf92bf90..d7bf4bf36e33 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,8 +10,8 @@
#include <openssl/opensslconf.h>
#ifdef OPENSSL_SYS_VMS
- /* So fd_set and friends get properly defined on OpenVMS */
-# define _XOPEN_SOURCE_EXTENDED 1
+/* So fd_set and friends get properly defined on OpenVMS */
+#define _XOPEN_SOURCE_EXTENDED 1
#endif
#include <stdio.h>
@@ -34,9 +34,9 @@
#include <openssl/x509v3.h>
#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_fork)>
-# endif
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_fork)>
+#endif
#endif
#if defined(OPENSSL_SYS_VXWORKS)
@@ -50,33 +50,33 @@ int setpgid(pid_t pid, pid_t pgid)
pid_t fork(void)
{
errno = ENOSYS;
- return (pid_t) -1;
+ return (pid_t)-1;
}
#endif
/* Maximum leeway in validity period: default 5 minutes */
-#define MAX_VALIDITY_PERIOD (5 * 60)
+#define MAX_VALIDITY_PERIOD (5 * 60)
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
- const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
+ const EVP_MD *cert_id_md, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
- const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
+ const EVP_MD *cert_id_md, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(OPENSSL_STRING) *names,
- STACK_OF(OCSP_CERTID) *ids, long nsec,
- long maxage);
+ STACK_OF(OPENSSL_STRING) *names,
+ STACK_OF(OCSP_CERTID) *ids, long nsec,
+ long maxage);
static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
- CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
- EVP_PKEY *rkey, const EVP_MD *md,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays, int badsig,
- const EVP_MD *resp_md);
+ CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+ EVP_PKEY *rkey, const EVP_MD *md,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays, int badsig,
+ const EVP_MD *resp_md);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port, int timeout);
+ const char *port, int timeout);
static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp);
static char *prog;
@@ -86,129 +86,173 @@ static int index_changed(CA_DB *);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+ OPT_OUTFILE,
+ OPT_TIMEOUT,
+ OPT_URL,
+ OPT_HOST,
+ OPT_PORT,
#ifndef OPENSSL_NO_SOCK
- OPT_PROXY, OPT_NO_PROXY,
+ OPT_PROXY,
+ OPT_NO_PROXY,
#endif
- OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
- OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
- OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
- OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER,
- OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT,
- OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER,
- OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE,
- OPT_NOCAPATH, OPT_NOCASTORE,
- OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT,
- OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
- OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
- OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER,
+ OPT_IGNORE_ERR,
+ OPT_NOVERIFY,
+ OPT_NONCE,
+ OPT_NO_NONCE,
+ OPT_RESP_NO_CERTS,
+ OPT_RESP_KEY_ID,
+ OPT_NO_CERTS,
+ OPT_NO_SIGNATURE_VERIFY,
+ OPT_NO_CERT_VERIFY,
+ OPT_NO_CHAIN,
+ OPT_NO_CERT_CHECKS,
+ OPT_NO_EXPLICIT,
+ OPT_TRUST_OTHER,
+ OPT_NO_INTERN,
+ OPT_BADSIG,
+ OPT_TEXT,
+ OPT_REQ_TEXT,
+ OPT_RESP_TEXT,
+ OPT_REQIN,
+ OPT_RESPIN,
+ OPT_SIGNER,
+ OPT_VAFILE,
+ OPT_SIGN_OTHER,
+ OPT_VERIFY_OTHER,
+ OPT_CAFILE,
+ OPT_CAPATH,
+ OPT_CASTORE,
+ OPT_NOCAFILE,
+ OPT_NOCAPATH,
+ OPT_NOCASTORE,
+ OPT_VALIDITY_PERIOD,
+ OPT_STATUS_AGE,
+ OPT_SIGNKEY,
+ OPT_REQOUT,
+ OPT_RESPOUT,
+ OPT_PATH,
+ OPT_ISSUER,
+ OPT_CERT,
+ OPT_SERIAL,
+ OPT_INDEX,
+ OPT_CA,
+ OPT_NMIN,
+ OPT_REQUEST,
+ OPT_NDAYS,
+ OPT_RSIGNER,
+ OPT_RKEY,
+ OPT_ROTHER,
+ OPT_RMD,
+ OPT_RSIGOPT,
+ OPT_HEADER,
OPT_PASSIN,
OPT_RCID,
OPT_V_ENUM,
OPT_MD,
- OPT_MULTI, OPT_PROV_ENUM
+ OPT_MULTI,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ocsp_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"ignore_err", OPT_IGNORE_ERR, '-',
- "Ignore error on OCSP request or response and continue running"},
- {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
- {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"},
- {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "ignore_err", OPT_IGNORE_ERR, '-',
+ "Ignore error on OCSP request or response and continue running" },
+ { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" },
+ { "CApath", OPT_CAPATH, '<', "Trusted certificates directory" },
+ { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
OPT_SECTION("Responder"),
- {"timeout", OPT_TIMEOUT, 'p',
- "Connection timeout (in seconds) to the OCSP responder"},
- {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
- "Don't include any certificates in response"},
+ { "timeout", OPT_TIMEOUT, 'p',
+ "Connection timeout (in seconds) to the OCSP responder" },
+ { "resp_no_certs", OPT_RESP_NO_CERTS, '-',
+ "Don't include any certificates in response" },
#ifdef HTTP_DAEMON
- {"multi", OPT_MULTI, 'p', "run multiple responder processes"},
+ { "multi", OPT_MULTI, 'p', "run multiple responder processes" },
#endif
- {"no_certs", OPT_NO_CERTS, '-',
- "Don't include any certificates in signed request"},
- {"badsig", OPT_BADSIG, '-',
- "Corrupt last byte of loaded OCSP response signature (for test)"},
- {"CA", OPT_CA, '<', "CA certificate"},
- {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
- {"nrequest", OPT_REQUEST, 'p',
- "Number of requests to accept (default unlimited)"},
- {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"},
- {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"},
- {"sign_other", OPT_SIGN_OTHER, '<',
- "Additional certificates to include in signed request"},
- {"index", OPT_INDEX, '<', "Certificate status index file"},
- {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
- {"rsigner", OPT_RSIGNER, '<',
- "Responder certificate to sign responses with"},
- {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
- {"passin", OPT_PASSIN, 's', "Responder key pass phrase source"},
- {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
- {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
- {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"},
- {"header", OPT_HEADER, 's', "key=value header to add"},
- {"rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response"},
- {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
+ { "no_certs", OPT_NO_CERTS, '-',
+ "Don't include any certificates in signed request" },
+ { "badsig", OPT_BADSIG, '-',
+ "Corrupt last byte of loaded OCSP response signature (for test)" },
+ { "CA", OPT_CA, '<', "CA certificate" },
+ { "nmin", OPT_NMIN, 'p', "Number of minutes before next update" },
+ { "nrequest", OPT_REQUEST, 'p',
+ "Number of requests to accept (default unlimited)" },
+ { "reqin", OPT_REQIN, 's', "File with the DER-encoded request" },
+ { "signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with" },
+ { "sign_other", OPT_SIGN_OTHER, '<',
+ "Additional certificates to include in signed request" },
+ { "index", OPT_INDEX, '<', "Certificate status index file" },
+ { "ndays", OPT_NDAYS, 'p', "Number of days before next update" },
+ { "rsigner", OPT_RSIGNER, '<',
+ "Responder certificate to sign responses with" },
+ { "rkey", OPT_RKEY, '<', "Responder key to sign responses with" },
+ { "passin", OPT_PASSIN, 's', "Responder key pass phrase source" },
+ { "rother", OPT_ROTHER, '<', "Other certificates to include in response" },
+ { "rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response" },
+ { "rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form" },
+ { "header", OPT_HEADER, 's', "key=value header to add" },
+ { "rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response" },
+ { "", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )" },
OPT_SECTION("Client"),
- {"url", OPT_URL, 's', "Responder URL"},
- {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
- {"port", OPT_PORT, 'N', "Port to run responder on"},
- {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+ { "url", OPT_URL, 's', "Responder URL" },
+ { "host", OPT_HOST, 's', "TCP/IP hostname:port to connect to" },
+ { "port", OPT_PORT, 'N', "Port to run responder on" },
+ { "path", OPT_PATH, 's', "Path to use in OCSP request" },
#ifndef OPENSSL_NO_SOCK
- {"proxy", OPT_PROXY, 's',
- "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
- {"no_proxy", OPT_NO_PROXY, 's',
- "List of addresses of servers not to use HTTP(S) proxy for"},
- {OPT_MORE_STR, 0, 0,
- "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
+ { "proxy", OPT_PROXY, 's',
+ "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored" },
+ { "no_proxy", OPT_NO_PROXY, 's',
+ "List of addresses of servers not to use HTTP(S) proxy for" },
+ { OPT_MORE_STR, 0, 0,
+ "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" },
#endif
- {"out", OPT_OUTFILE, '>', "Output filename"},
- {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
- {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
- {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
- {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
- "Don't check signature on response"},
- {"resp_key_id", OPT_RESP_KEY_ID, '-',
- "Identify response by signing certificate key ID"},
- {"no_cert_verify", OPT_NO_CERT_VERIFY, '-',
- "Don't check signing certificate"},
- {"text", OPT_TEXT, '-', "Print text form of request and response"},
- {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
- {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
- {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
- {"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
- "Don't do additional checks on signing certificate"},
- {"no_explicit", OPT_NO_EXPLICIT, '-',
- "Do not explicitly check the chain, just verify the root"},
- {"trust_other", OPT_TRUST_OTHER, '-',
- "Don't verify additional certificates"},
- {"no_intern", OPT_NO_INTERN, '-',
- "Don't search certificates contained in response for signer"},
- {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"},
- {"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
- {"verify_other", OPT_VERIFY_OTHER, '<',
- "Additional certificates to search for signer"},
- {"cert", OPT_CERT, '<', "Certificate to check"},
- {"serial", OPT_SERIAL, 's', "Serial number to check"},
- {"validity_period", OPT_VALIDITY_PERIOD, 'u',
- "Maximum validity discrepancy in seconds"},
- {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
- {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"},
- {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"},
- {"issuer", OPT_ISSUER, '<', "Issuer certificate"},
- {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
+ { "out", OPT_OUTFILE, '>', "Output filename" },
+ { "noverify", OPT_NOVERIFY, '-', "Don't verify response at all" },
+ { "nonce", OPT_NONCE, '-', "Add OCSP nonce to request" },
+ { "no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request" },
+ { "no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
+ "Don't check signature on response" },
+ { "resp_key_id", OPT_RESP_KEY_ID, '-',
+ "Identify response by signing certificate key ID" },
+ { "no_cert_verify", OPT_NO_CERT_VERIFY, '-',
+ "Don't check signing certificate" },
+ { "text", OPT_TEXT, '-', "Print text form of request and response" },
+ { "req_text", OPT_REQ_TEXT, '-', "Print text form of request" },
+ { "resp_text", OPT_RESP_TEXT, '-', "Print text form of response" },
+ { "no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response" },
+ { "no_cert_checks", OPT_NO_CERT_CHECKS, '-',
+ "Don't do additional checks on signing certificate" },
+ { "no_explicit", OPT_NO_EXPLICIT, '-',
+ "Do not explicitly check the chain, just verify the root" },
+ { "trust_other", OPT_TRUST_OTHER, '-',
+ "Don't verify additional certificates" },
+ { "no_intern", OPT_NO_INTERN, '-',
+ "Don't search certificates contained in response for signer" },
+ { "respin", OPT_RESPIN, 's', "File with the DER-encoded response" },
+ { "VAfile", OPT_VAFILE, '<', "Validator certificates file" },
+ { "verify_other", OPT_VERIFY_OTHER, '<',
+ "Additional certificates to search for signer" },
+ { "cert", OPT_CERT, '<', "Certificate to check" },
+ { "serial", OPT_SERIAL, 's', "Serial number to check" },
+ { "validity_period", OPT_VALIDITY_PERIOD, 'u',
+ "Maximum validity discrepancy in seconds" },
+ { "signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with" },
+ { "reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request" },
+ { "respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response" },
+ { "issuer", OPT_ISSUER, '<', "Issuer certificate" },
+ { "status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds" },
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int ocsp_main(int argc, char **argv)
@@ -257,8 +301,8 @@ int ocsp_main(int argc, char **argv)
OPTION_CHOICE o;
if ((reqnames = sk_OPENSSL_STRING_new_null()) == NULL
- || (ids = sk_OCSP_CERTID_new_null()) == NULL
- || (vpm = X509_VERIFY_PARAM_new()) == NULL)
+ || (ids = sk_OCSP_CERTID_new_null()) == NULL
+ || (vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
prog = opt_init(argc, argv, ocsp_options);
@@ -266,7 +310,7 @@ int ocsp_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -287,8 +331,8 @@ int ocsp_main(int argc, char **argv)
OPENSSL_free(tpath);
thost = tport = tpath = NULL;
if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */,
- &host, &port, NULL /* port_num */,
- &path, NULL /* qry */, NULL /* frag */)) {
+ &host, &port, NULL /* port_num */,
+ &path, NULL /* qry */, NULL /* frag */)) {
BIO_printf(bio_err, "%s Error parsing -url argument\n", prog);
goto end;
}
@@ -486,7 +530,7 @@ int ocsp_main(int argc, char **argv)
case OPT_ROTHER:
rcertfile = opt_arg();
break;
- case OPT_RMD: /* Response MessageDigest */
+ case OPT_RMD: /* Response MessageDigest */
respdigname = opt_arg();
break;
case OPT_RSIGOPT:
@@ -514,8 +558,8 @@ int ocsp_main(int argc, char **argv)
case OPT_MD:
if (trailing_md) {
BIO_printf(bio_err,
- "%s: Digest must be before -cert or -serial\n",
- prog);
+ "%s: Digest must be before -cert or -serial\n",
+ prog);
goto opthelp;
}
if (!opt_md(opt_unknown(), &cert_id_md))
@@ -541,7 +585,7 @@ int ocsp_main(int argc, char **argv)
if (trailing_md) {
BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
- prog);
+ prog);
goto opthelp;
}
@@ -597,7 +641,7 @@ int ocsp_main(int argc, char **argv)
goto end;
if (rcertfile != NULL) {
if (!load_certs(rcertfile, 0, &rother, NULL,
- "responder other certificates"))
+ "responder other certificates"))
goto end;
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
@@ -605,7 +649,7 @@ int ocsp_main(int argc, char **argv)
goto end;
}
rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
- "responder private key");
+ "responder private key");
if (rkey == NULL)
goto end;
}
@@ -613,7 +657,7 @@ int ocsp_main(int argc, char **argv)
if (ridx_filename != NULL
&& (rkey == NULL || rsigner == NULL || rca_cert == NULL)) {
BIO_printf(bio_err,
- "Responder mode requires certificate, key, and CA.\n");
+ "Responder mode requires certificate, key, and CA.\n");
goto end;
}
@@ -651,7 +695,7 @@ redo_accept:
} else {
free_index(newrdb);
log_message(prog, LOG_ERR, "error reloading updated index: %s",
- ridx_filename);
+ ridx_filename);
}
}
#endif
@@ -663,9 +707,8 @@ redo_accept:
if (req == NULL) {
if (res == 1) {
- resp =
- OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
- NULL);
+ resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+ NULL);
if (resp != NULL)
send_ocsp_response(cbio, resp);
}
@@ -695,16 +738,16 @@ redo_accept:
}
if (sign_certfile != NULL) {
if (!load_certs(sign_certfile, 0, &sign_other, NULL,
- "signer certificates"))
+ "signer certificates"))
goto end;
}
key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
- "signer private key");
+ "signer private key");
if (key == NULL)
goto end;
if (!OCSP_request_sign(req, signer, key, NULL,
- sign_other, sign_flags)) {
+ sign_other, sign_flags)) {
BIO_printf(bio_err, "Error signing OCSP request\n");
goto end;
}
@@ -723,8 +766,8 @@ redo_accept:
if (rdb != NULL) {
make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey,
- rsign_md, rsign_sigopts, rother, rflags, nmin, ndays,
- badsig, resp_certid_md);
+ rsign_md, rsign_sigopts, rother, rflags, nmin, ndays,
+ badsig, resp_certid_md);
if (resp == NULL)
goto end;
if (cbio != NULL)
@@ -732,12 +775,12 @@ redo_accept:
} else if (host != NULL) {
#ifndef OPENSSL_NO_SOCK
resp = process_responder(req, host, port, path, opt_proxy, opt_no_proxy,
- use_ssl, headers, req_timeout);
+ use_ssl, headers, req_timeout);
if (resp == NULL)
goto end;
#else
BIO_printf(bio_err,
- "Error creating connect BIO - sockets not supported\n");
+ "Error creating connect BIO - sockets not supported\n");
goto end;
#endif
} else if (respin != NULL) {
@@ -755,7 +798,7 @@ redo_accept:
goto end;
}
- done_resp:
+done_resp:
if (respout != NULL) {
derbio = bio_open_default(respout, 'w', FORMAT_ASN1);
@@ -769,7 +812,7 @@ redo_accept:
i = OCSP_response_status(resp);
if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
BIO_printf(out, "Responder Error: %s (%d)\n",
- OCSP_response_status_str(i), i);
+ OCSP_response_status_str(i), i);
if (!ignore_err)
goto end;
}
@@ -800,7 +843,7 @@ redo_accept:
if (store == NULL) {
store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore);
+ CAstore, noCAstore);
if (!store)
goto end;
}
@@ -808,7 +851,7 @@ redo_accept:
X509_STORE_set1_param(store, vpm);
if (verify_certfile != NULL) {
if (!load_certs(verify_certfile, 0, &verify_other, NULL,
- "validator certificates"))
+ "validator certificates"))
goto end;
}
@@ -849,7 +892,7 @@ redo_accept:
if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
ret = 1;
- end:
+end:
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
@@ -904,8 +947,8 @@ static int index_changed(CA_DB *rdb)
#endif
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
- const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
+ const EVP_MD *cert_id_md, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
{
OCSP_CERTID *id;
@@ -924,14 +967,14 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
goto err;
return 1;
- err:
+err:
BIO_printf(bio_err, "Error Creating OCSP request\n");
return 0;
}
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
- const EVP_MD *cert_id_md, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
+ const EVP_MD *cert_id_md, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
{
OCSP_CERTID *id;
const X509_NAME *iname;
@@ -961,15 +1004,15 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
goto err;
return 1;
- err:
+err:
BIO_printf(bio_err, "Error Creating OCSP request\n");
return 0;
}
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(OPENSSL_STRING) *names,
- STACK_OF(OCSP_CERTID) *ids, long nsec,
- long maxage)
+ STACK_OF(OPENSSL_STRING) *names,
+ STACK_OF(OCSP_CERTID) *ids, long nsec,
+ long maxage)
{
OCSP_CERTID *id;
const char *name;
@@ -989,7 +1032,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
BIO_printf(out, "%s: ", name);
if (!OCSP_resp_find_status(bs, id, &status, &reason,
- &rev, &thisupd, &nextupd)) {
+ &rev, &thisupd, &nextupd)) {
BIO_puts(out, "ERROR: No Status found.\n");
ret = 0;
continue;
@@ -1029,12 +1072,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
}
static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
- CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
- EVP_PKEY *rkey, const EVP_MD *rmd,
- STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays, int badsig,
- const EVP_MD *resp_md)
+ CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+ EVP_PKEY *rkey, const EVP_MD *rmd,
+ STACK_OF(OPENSSL_STRING) *sigopts,
+ STACK_OF(X509) *rother, unsigned long flags,
+ int nmin, int ndays, int badsig,
+ const EVP_MD *resp_md)
{
ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid;
@@ -1046,8 +1089,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
id_count = OCSP_request_onereq_count(req);
if (id_count <= 0) {
- *resp =
- OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
goto end;
}
@@ -1079,13 +1121,19 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
if (cert_id_md == NULL) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
- NULL);
+ NULL);
goto end;
}
for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) {
X509 *ca_cert = sk_X509_value(ca, jj);
OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert);
+ if (ca_id == NULL) {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+ NULL);
+ goto end;
+ }
+
if (OCSP_id_issuer_cmp(ca_id, cid) == 0) {
found = 1;
if (resp_md != NULL)
@@ -1101,18 +1149,18 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
if (!found) {
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL, thisupd, nextupd);
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL, thisupd, nextupd);
continue;
}
if (inf == NULL) {
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL, thisupd, nextupd);
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL, thisupd, nextupd);
} else if (inf[DB_type][0] == DB_TYPE_VAL) {
OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_GOOD,
- 0, NULL, thisupd, nextupd);
+ V_OCSP_CERTSTATUS_GOOD,
+ 0, NULL, thisupd, nextupd);
} else if (inf[DB_type][0] == DB_TYPE_REV) {
ASN1_OBJECT *inst = NULL;
ASN1_TIME *revtm = NULL;
@@ -1122,20 +1170,20 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
single = OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_REVOKED,
- reason, revtm, thisupd, nextupd);
+ V_OCSP_CERTSTATUS_REVOKED,
+ reason, revtm, thisupd, nextupd);
if (single == NULL) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
- NULL);
+ NULL);
goto end;
}
if (invtm != NULL)
OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
- invtm, 0, 0);
+ invtm, 0, 0);
else if (inst != NULL)
OCSP_SINGLERESP_add1_ext_i2d(single,
- NID_hold_instruction_code, inst,
- 0, 0);
+ NID_hold_instruction_code, inst,
+ 0, 0);
ASN1_OBJECT_free(inst);
ASN1_TIME_free(revtm);
ASN1_GENERALIZEDTIME_free(invtm);
@@ -1146,7 +1194,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
OCSP_copy_nonce(bs, req);
mctx = EVP_MD_CTX_new();
- if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) {
+ if (mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL);
goto end;
}
@@ -1157,7 +1205,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
BIO_printf(err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
- NULL);
+ NULL);
goto end;
}
}
@@ -1173,7 +1221,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
- end:
+end:
EVP_MD_CTX_free(mctx);
ASN1_TIME_free(thisupd);
ASN1_TIME_free(nextupd);
@@ -1188,8 +1236,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser, NULL);
- OPENSSL_assert(bn); /* FIXME: should report an error at this
- * point and abort */
+ OPENSSL_assert(bn); /* FIXME: should report an error at this
+ * point and abort */
if (BN_is_zero(bn)) {
itmp = OPENSSL_strdup("00");
OPENSSL_assert(itmp);
@@ -1204,16 +1252,16 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
}
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port, int timeout)
+ const char *port, int timeout)
{
#ifndef OPENSSL_NO_SOCK
return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
- (ASN1_VALUE **)preq, NULL, pcbio, acbio,
- NULL /* found_keep_alive */,
- prog, port, 1 /* accept_get */, timeout);
+ (ASN1_VALUE **)preq, NULL, pcbio, acbio,
+ NULL /* found_keep_alive */,
+ prog, port, 1 /* accept_get */, timeout);
#else
BIO_printf(bio_err,
- "Error getting OCSP request - sockets not supported\n");
+ "Error getting OCSP request - sockets not supported\n");
*preq = NULL;
return 0;
#endif
@@ -1223,23 +1271,23 @@ static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp)
{
#ifndef OPENSSL_NO_SOCK
return http_server_send_asn1_resp(cbio,
- 0 /* no keep-alive */,
- "application/ocsp-response",
- ASN1_ITEM_rptr(OCSP_RESPONSE),
- (const ASN1_VALUE *)resp);
+ 0 /* no keep-alive */,
+ "application/ocsp-response",
+ ASN1_ITEM_rptr(OCSP_RESPONSE),
+ (const ASN1_VALUE *)resp);
#else
BIO_printf(bio_err,
- "Error sending OCSP response - sockets not supported\n");
+ "Error sending OCSP response - sockets not supported\n");
return 0;
#endif
}
#ifndef OPENSSL_NO_SOCK
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
- const char *port, const char *path,
- const char *proxy, const char *no_proxy,
- int use_ssl, STACK_OF(CONF_VALUE) *headers,
- int req_timeout)
+ const char *port, const char *path,
+ const char *proxy, const char *no_proxy,
+ int use_ssl, STACK_OF(CONF_VALUE) *headers,
+ int req_timeout)
{
SSL_CTX *ctx = NULL;
OCSP_RESPONSE *resp = NULL;
@@ -1254,15 +1302,15 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
resp = (OCSP_RESPONSE *)
app_http_post_asn1(host, port, path, proxy, no_proxy,
- ctx, headers, "application/ocsp-request",
- (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST),
- "application/ocsp-response",
- req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE));
+ ctx, headers, "application/ocsp-request",
+ (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST),
+ "application/ocsp-response",
+ req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE));
if (resp == NULL)
BIO_printf(bio_err, "Error querying OCSP responder\n");
- end:
+end:
SSL_CTX_free(ctx);
return resp;
}
diff --git a/apps/openssl.c b/apps/openssl.c
index a3056c799f85..3080ae5c03c2 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -19,12 +19,12 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
+#include <openssl/engine.h>
#endif
#include <openssl/err.h>
/* Needed to get the other O_xxx flags. */
#ifdef OPENSSL_SYS_VMS
-# include <unixio.h>
+#include <unixio.h>
#endif
#include "apps.h"
#include "progs.h"
@@ -47,7 +47,7 @@ static void warn_deprecated(const FUNCTION *fp)
{
if (fp->deprecated_version != NULL)
BIO_printf(bio_err, "The command %s was deprecated in version %s.",
- fp->name, fp->deprecated_version);
+ fp->name, fp->deprecated_version);
else
BIO_printf(bio_err, "The command %s is deprecated.", fp->name);
if (strcmp(fp->deprecated_alternative, DEPRECATED_NO_ALTERNATIVE) != 0)
@@ -64,7 +64,8 @@ static int apps_startup(void)
/* Set non-default library initialisation settings */
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_LOAD_CONFIG, NULL))
+ | OPENSSL_INIT_LOAD_CONFIG,
+ NULL))
return 0;
(void)setup_ui_method();
@@ -94,15 +95,14 @@ static void apps_shutdown(void)
destroy_ui_method();
}
-
#ifndef OPENSSL_NO_TRACE
typedef struct tracedata_st {
BIO *bio;
- unsigned int ingroup:1;
+ unsigned int ingroup : 1;
} tracedata;
static size_t internal_trace_cb(const char *buf, size_t cnt,
- int category, int cmd, void *vdata)
+ int category, int cmd, void *vdata)
{
int ret = 0;
tracedata *trace_data = vdata;
@@ -120,8 +120,8 @@ static size_t internal_trace_cb(const char *buf, size_t cnt,
tid = CRYPTO_THREAD_get_current_id();
hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid));
BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ",
- hex == NULL ? "<null>" : hex,
- OSSL_trace_get_category_name(category));
+ hex == NULL ? "<null>" : hex,
+ OSSL_trace_get_category_name(category));
OPENSSL_free(hex);
BIO_set_prefix(trace_data->bio, buffer);
break;
@@ -181,12 +181,13 @@ static void setup_trace_category(int category)
|| bio == NULL
|| (trace_data->bio = channel) == NULL
|| OSSL_trace_set_callback(category, internal_trace_cb,
- trace_data) == 0
+ trace_data)
+ == 0
|| sk_tracedata_push(trace_data_stack, trace_data) == 0) {
fprintf(stderr,
- "warning: unable to setup trace callback for category '%s'.\n",
- OSSL_trace_get_category_name(category));
+ "warning: unable to setup trace callback for category '%s'.\n",
+ OSSL_trace_get_category_name(category));
OSSL_trace_set_callback(category, NULL, NULL);
BIO_free_all(channel);
@@ -222,7 +223,7 @@ static void setup_trace(const char *str)
setup_trace_category(category);
} else {
fprintf(stderr,
- "warning: unknown trace category: '%s'.\n", item);
+ "warning: unknown trace category: '%s'.\n", item);
}
}
}
@@ -263,10 +264,10 @@ int main(int argc, char *argv[])
#endif
if ((fname = "apps_startup", !apps_startup())
- || (fname = "prog_init", (prog = prog_init()) == NULL)) {
+ || (fname = "prog_init", (prog = prog_init()) == NULL)) {
BIO_printf(bio_err,
- "FATAL: Startup failure (dev note: %s()) for %s\n",
- fname, argv[0]);
+ "FATAL: Startup failure (dev note: %s()) for %s\n",
+ fname, argv[0]);
ERR_print_errors(bio_err);
ret = 1;
goto end;
@@ -297,7 +298,7 @@ int main(int argc, char *argv[])
? do_cmd(prog, 1, help_argv)
: do_cmd(prog, argc, argv);
- end:
+end:
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
@@ -312,21 +313,22 @@ int main(int argc, char *argv[])
}
typedef enum HELP_CHOICE {
- OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
+ OPT_hERR = -1,
+ OPT_hEOF = 0,
+ OPT_hHELP
} HELP_CHOICE;
const OPTIONS help_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n" },
OPT_SECTION("General"),
- {"help", OPT_hHELP, '-', "Display this summary"},
+ { "help", OPT_hHELP, '-', "Display this summary" },
OPT_PARAMETERS(),
- {"command", 0, 0, "Name of command to display help (optional)"},
- {NULL}
+ { "command", 0, 0, "Name of command to display help (optional)" },
+ { NULL }
};
-
int help_main(int argc, char **argv)
{
FUNCTION *fp;
@@ -379,11 +381,11 @@ int help_main(int argc, char **argv)
if (tp == FT_md) {
i = 1;
BIO_printf(bio_err,
- "\nMessage Digest commands (see the `dgst' command for more details)\n");
+ "\nMessage Digest commands (see the `dgst' command for more details)\n");
} else if (tp == FT_cipher) {
i = 1;
BIO_printf(bio_err,
- "\nCipher commands (see the `enc' command for more details)\n");
+ "\nCipher commands (see the `enc' command for more details)\n");
}
}
BIO_printf(bio_err, "%-*s", dc.width, fp->name);
@@ -432,16 +434,16 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
}
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
- argv[0]);
+ argv[0]);
return 1;
}
-static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+static int function_cmp(const FUNCTION *a, const FUNCTION *b)
{
return strncmp(a->name, b->name, 8);
}
-static unsigned long function_hash(const FUNCTION * a)
+static unsigned long function_hash(const FUNCTION *a)
{
return OPENSSL_LH_strhash(a->name);
}
diff --git a/apps/passwd.c b/apps/passwd.c
index 31d8bdd87cb6..4cb6ceabd3f6 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -17,7 +17,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-# include <openssl/des.h>
+#include <openssl/des.h>
#endif
#include <openssl/md5.h>
#include <openssl/sha.h>
@@ -46,48 +46,58 @@ typedef enum {
} passwd_modes;
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table,
- int reverse, size_t pw_maxlen, passwd_modes mode);
+ char *passwd, BIO *out, int quiet, int table,
+ int reverse, size_t pw_maxlen, passwd_modes mode);
typedef enum OPTION_choice {
OPT_COMMON,
OPT_IN,
- OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_NOVERIFY,
+ OPT_QUIET,
+ OPT_TABLE,
+ OPT_REVERSE,
+ OPT_APR1,
+ OPT_1,
+ OPT_5,
+ OPT_6,
+ OPT_AIXMD5,
+ OPT_SALT,
+ OPT_STDIN,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Read passwords from file"},
- {"noverify", OPT_NOVERIFY, '-',
- "Never verify when reading password from terminal"},
- {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
+ { "in", OPT_IN, '<', "Read passwords from file" },
+ { "noverify", OPT_NOVERIFY, '-',
+ "Never verify when reading password from terminal" },
+ { "stdin", OPT_STDIN, '-', "Read passwords from stdin" },
OPT_SECTION("Output"),
- {"quiet", OPT_QUIET, '-', "No warnings"},
- {"table", OPT_TABLE, '-', "Format output as table"},
- {"reverse", OPT_REVERSE, '-', "Switch table columns"},
+ { "quiet", OPT_QUIET, '-', "No warnings" },
+ { "table", OPT_TABLE, '-', "Format output as table" },
+ { "reverse", OPT_REVERSE, '-', "Switch table columns" },
OPT_SECTION("Cryptographic"),
- {"salt", OPT_SALT, 's', "Use provided salt"},
- {"6", OPT_6, '-', "SHA512-based password algorithm"},
- {"5", OPT_5, '-', "SHA256-based password algorithm"},
- {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
- {"1", OPT_1, '-', "MD5-based password algorithm"},
- {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
+ { "salt", OPT_SALT, 's', "Use provided salt" },
+ { "6", OPT_6, '-', "SHA512-based password algorithm" },
+ { "5", OPT_5, '-', "SHA256-based password algorithm" },
+ { "apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant" },
+ { "1", OPT_1, '-', "MD5-based password algorithm" },
+ { "aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"password", 0, 0, "Password text to digest (optional)"},
- {NULL}
+ { "password", 0, 0, "Password text to digest (optional)" },
+ { NULL }
};
int passwd_main(int argc, char **argv)
@@ -112,7 +122,7 @@ int passwd_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -223,8 +233,7 @@ int passwd_main(int argc, char **argv)
passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */
- passwd = passwd_malloc =
- app_malloc(passwd_malloc_size, "password buffer");
+ passwd = passwd_malloc = app_malloc(passwd_malloc_size, "password buffer");
}
if ((in == NULL) && (passwds == NULL)) {
@@ -240,9 +249,9 @@ int passwd_main(int argc, char **argv)
passwds = passwds_static;
if (in == NULL) {
- if (EVP_read_pw_string
- (passwd_malloc, passwd_malloc_size, "Password: ",
- !(passed_salt || in_noverify)) != 0)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ",
+ !(passed_salt || in_noverify))
+ != 0)
goto end;
}
passwds[0] = passwd_malloc;
@@ -257,10 +266,10 @@ int passwd_main(int argc, char **argv)
assert(passwds != NULL);
assert(*passwds != NULL);
- do { /* loop over list of passwords */
+ do { /* loop over list of passwords */
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
- quiet, table, reverse, pw_maxlen, mode))
+ quiet, table, reverse, pw_maxlen, mode))
goto end;
} while (*passwds != NULL);
} else {
@@ -273,7 +282,7 @@ int passwd_main(int argc, char **argv)
if (r > 0) {
char *c = (strchr(passwd, '\n'));
if (c != NULL) {
- *c = 0; /* truncate at newline */
+ *c = 0; /* truncate at newline */
} else {
/* ignore rest of line */
char trash[BUFSIZ];
@@ -282,9 +291,8 @@ int passwd_main(int argc, char **argv)
while ((r > 0) && (!strchr(trash, '\n')));
}
- if (!do_passwd
- (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
- table, reverse, pw_maxlen, mode))
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
+ table, reverse, pw_maxlen, mode))
goto end;
}
done = (r <= 0);
@@ -292,7 +300,7 @@ int passwd_main(int argc, char **argv)
}
ret = 0;
- end:
+end:
#if 0
ERR_print_errors(bio_err);
#endif
@@ -316,8 +324,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
/* "$apr1$..salt..$.......md5hash..........\0" */
static char out_buf[6 + 9 + 24 + 2];
unsigned char buf[MD5_DIGEST_LENGTH];
- char ascii_magic[5]; /* "apr1" plus '\0' */
- char ascii_salt[9]; /* Max 8 chars plus '\0' */
+ char ascii_magic[5]; /* "apr1" plus '\0' */
+ char ascii_salt[9]; /* Max 8 chars plus '\0' */
char *ascii_passwd = NULL;
char *salt_out;
int n;
@@ -331,7 +339,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
magic_len = strlen(magic);
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
- if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
+ if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
@@ -353,7 +361,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (magic_len > 0) {
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
- if (magic_len > 4) /* assert it's "1" or "apr1" */
+ if (magic_len > 4) /* assert it's "1" or "apr1" */
goto err;
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
@@ -382,7 +390,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (!EVP_DigestUpdate(md, ascii_dollar, 1)
|| !EVP_DigestUpdate(md, ascii_magic, magic_len)
|| !EVP_DigestUpdate(md, ascii_dollar, 1))
- goto err;
+ goto err;
if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
goto err;
@@ -416,8 +424,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(md2,
- (i & 1) ? (const unsigned char *)passwd : buf,
- (i & 1) ? passwd_len : sizeof(buf)))
+ (i & 1) ? (const unsigned char *)passwd : buf,
+ (i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
@@ -428,11 +436,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
goto err;
}
if (!EVP_DigestUpdate(md2,
- (i & 1) ? buf : (const unsigned char *)passwd,
- (i & 1) ? sizeof(buf) : passwd_len))
- goto err;
+ (i & 1) ? buf : (const unsigned char *)passwd,
+ (i & 1) ? sizeof(buf) : passwd_len))
+ goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
- goto err;
+ goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
@@ -447,14 +455,14 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
/* silly output permutation */
for (dest = 0, source = 0; dest < 14;
- dest++, source = (source + 6) % 17)
+ dest++, source = (source + 6) % 17)
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
-# ifndef PEDANTIC /* Unfortunately, this generates a "no
- * effect" warning */
+#ifndef PEDANTIC /* Unfortunately, this generates a "no \
+ * effect" warning */
assert(16 == sizeof(buf_perm));
-# endif
+#endif
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));
@@ -463,10 +471,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 15; i += 3) {
*output++ = cov_2char[buf_perm[i + 2] & 0x3f];
- *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
- (buf_perm[i + 2] >> 6)];
- *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
- (buf_perm[i + 1] >> 4)];
+ *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | (buf_perm[i + 2] >> 6)];
+ *output++ = cov_2char[((buf_perm[i] & 3) << 4) | (buf_perm[i + 1] >> 4)];
*output++ = cov_2char[buf_perm[i] >> 2];
}
assert(i == 15);
@@ -481,7 +487,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
return out_buf;
- err:
+err:
OPENSSL_free(ascii_passwd);
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
@@ -498,13 +504,13 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
/* Prefix for optional rounds specification. */
static const char rounds_prefix[] = "rounds=";
/* Maximum salt string length. */
-# define SALT_LEN_MAX 16
+#define SALT_LEN_MAX 16
/* Default number of rounds if not explicitly specified. */
-# define ROUNDS_DEFAULT 5000
+#define ROUNDS_DEFAULT 5000
/* Minimum number of rounds. */
-# define ROUNDS_MIN 1000
+#define ROUNDS_MIN 1000
/* Maximum number of rounds. */
-# define ROUNDS_MAX 999999999
+#define ROUNDS_MAX 999999999
/* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
static char out_buf[3 + 17 + 17 + 86 + 1];
@@ -512,13 +518,13 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
unsigned char temp_buf[SHA512_DIGEST_LENGTH];
size_t buf_size = 0;
char ascii_magic[2];
- char ascii_salt[17]; /* Max 16 chars plus '\0' */
+ char ascii_salt[17]; /* Max 16 chars plus '\0' */
char *ascii_passwd = NULL;
size_t n;
EVP_MD_CTX *md = NULL, *md2 = NULL;
const EVP_MD *sha = NULL;
size_t passwd_len, salt_len, magic_len;
- unsigned int rounds = ROUNDS_DEFAULT; /* Default */
+ unsigned int rounds = ROUNDS_DEFAULT; /* Default */
char rounds_custom = 0;
char *p_bytes = NULL;
char *s_bytes = NULL;
@@ -547,7 +553,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
const char *num = salt + sizeof(rounds_prefix) - 1;
char *endp;
- unsigned long int srounds = strtoul (num, &endp, 10);
+ unsigned long int srounds = strtoul(num, &endp, 10);
if (*endp == '$') {
salt = endp + 1;
if (srounds > ROUNDS_MAX)
@@ -564,7 +570,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
- if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
+ if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
@@ -593,7 +599,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */
- if (tmp_buf[0] != 0x72) /* ASCII 'r' */
+ if (tmp_buf[0] != 0x72) /* ASCII 'r' */
ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
#endif
OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
@@ -602,7 +608,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
/* assert "$5$rounds=999999999$......salt......" */
- if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
+ if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len)
goto err;
md = EVP_MD_CTX_new();
@@ -631,8 +637,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
n = passwd_len;
while (n) {
if (!EVP_DigestUpdate(md,
- (n & 1) ? buf : (const unsigned char *)passwd,
- (n & 1) ? buf_size : passwd_len))
+ (n & 1) ? buf : (const unsigned char *)passwd,
+ (n & 1) ? buf_size : passwd_len))
goto err;
n >>= 1;
}
@@ -677,8 +683,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
if (!EVP_DigestUpdate(md2,
- (n & 1) ? (const unsigned char *)p_bytes : buf,
- (n & 1) ? passwd_len : buf_size))
+ (n & 1) ? (const unsigned char *)p_bytes : buf,
+ (n & 1) ? passwd_len : buf_size))
goto err;
if (n % 3) {
if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
@@ -689,11 +695,11 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
goto err;
}
if (!EVP_DigestUpdate(md2,
- (n & 1) ? buf : (const unsigned char *)p_bytes,
- (n & 1) ? buf_size : passwd_len))
- goto err;
+ (n & 1) ? buf : (const unsigned char *)p_bytes,
+ (n & 1) ? buf_size : passwd_len))
+ goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
- goto err;
+ goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
@@ -707,54 +713,53 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
cp = out_buf + strlen(out_buf);
*cp++ = ascii_dollar[0];
-# define b64_from_24bit(B2, B1, B0, N) \
- do { \
- unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
- int i = (N); \
- while (i-- > 0) \
- { \
- *cp++ = cov_2char[w & 0x3f]; \
- w >>= 6; \
- } \
+#define b64_from_24bit(B2, B1, B0, N) \
+ do { \
+ unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
+ int i = (N); \
+ while (i-- > 0) { \
+ *cp++ = cov_2char[w & 0x3f]; \
+ w >>= 6; \
+ } \
} while (0)
switch (magic[0]) {
case '5':
- b64_from_24bit (buf[0], buf[10], buf[20], 4);
- b64_from_24bit (buf[21], buf[1], buf[11], 4);
- b64_from_24bit (buf[12], buf[22], buf[2], 4);
- b64_from_24bit (buf[3], buf[13], buf[23], 4);
- b64_from_24bit (buf[24], buf[4], buf[14], 4);
- b64_from_24bit (buf[15], buf[25], buf[5], 4);
- b64_from_24bit (buf[6], buf[16], buf[26], 4);
- b64_from_24bit (buf[27], buf[7], buf[17], 4);
- b64_from_24bit (buf[18], buf[28], buf[8], 4);
- b64_from_24bit (buf[9], buf[19], buf[29], 4);
- b64_from_24bit (0, buf[31], buf[30], 3);
+ b64_from_24bit(buf[0], buf[10], buf[20], 4);
+ b64_from_24bit(buf[21], buf[1], buf[11], 4);
+ b64_from_24bit(buf[12], buf[22], buf[2], 4);
+ b64_from_24bit(buf[3], buf[13], buf[23], 4);
+ b64_from_24bit(buf[24], buf[4], buf[14], 4);
+ b64_from_24bit(buf[15], buf[25], buf[5], 4);
+ b64_from_24bit(buf[6], buf[16], buf[26], 4);
+ b64_from_24bit(buf[27], buf[7], buf[17], 4);
+ b64_from_24bit(buf[18], buf[28], buf[8], 4);
+ b64_from_24bit(buf[9], buf[19], buf[29], 4);
+ b64_from_24bit(0, buf[31], buf[30], 3);
break;
case '6':
- b64_from_24bit (buf[0], buf[21], buf[42], 4);
- b64_from_24bit (buf[22], buf[43], buf[1], 4);
- b64_from_24bit (buf[44], buf[2], buf[23], 4);
- b64_from_24bit (buf[3], buf[24], buf[45], 4);
- b64_from_24bit (buf[25], buf[46], buf[4], 4);
- b64_from_24bit (buf[47], buf[5], buf[26], 4);
- b64_from_24bit (buf[6], buf[27], buf[48], 4);
- b64_from_24bit (buf[28], buf[49], buf[7], 4);
- b64_from_24bit (buf[50], buf[8], buf[29], 4);
- b64_from_24bit (buf[9], buf[30], buf[51], 4);
- b64_from_24bit (buf[31], buf[52], buf[10], 4);
- b64_from_24bit (buf[53], buf[11], buf[32], 4);
- b64_from_24bit (buf[12], buf[33], buf[54], 4);
- b64_from_24bit (buf[34], buf[55], buf[13], 4);
- b64_from_24bit (buf[56], buf[14], buf[35], 4);
- b64_from_24bit (buf[15], buf[36], buf[57], 4);
- b64_from_24bit (buf[37], buf[58], buf[16], 4);
- b64_from_24bit (buf[59], buf[17], buf[38], 4);
- b64_from_24bit (buf[18], buf[39], buf[60], 4);
- b64_from_24bit (buf[40], buf[61], buf[19], 4);
- b64_from_24bit (buf[62], buf[20], buf[41], 4);
- b64_from_24bit (0, 0, buf[63], 2);
+ b64_from_24bit(buf[0], buf[21], buf[42], 4);
+ b64_from_24bit(buf[22], buf[43], buf[1], 4);
+ b64_from_24bit(buf[44], buf[2], buf[23], 4);
+ b64_from_24bit(buf[3], buf[24], buf[45], 4);
+ b64_from_24bit(buf[25], buf[46], buf[4], 4);
+ b64_from_24bit(buf[47], buf[5], buf[26], 4);
+ b64_from_24bit(buf[6], buf[27], buf[48], 4);
+ b64_from_24bit(buf[28], buf[49], buf[7], 4);
+ b64_from_24bit(buf[50], buf[8], buf[29], 4);
+ b64_from_24bit(buf[9], buf[30], buf[51], 4);
+ b64_from_24bit(buf[31], buf[52], buf[10], 4);
+ b64_from_24bit(buf[53], buf[11], buf[32], 4);
+ b64_from_24bit(buf[12], buf[33], buf[54], 4);
+ b64_from_24bit(buf[34], buf[55], buf[13], 4);
+ b64_from_24bit(buf[56], buf[14], buf[35], 4);
+ b64_from_24bit(buf[15], buf[36], buf[57], 4);
+ b64_from_24bit(buf[37], buf[58], buf[16], 4);
+ b64_from_24bit(buf[59], buf[17], buf[38], 4);
+ b64_from_24bit(buf[18], buf[39], buf[60], 4);
+ b64_from_24bit(buf[40], buf[61], buf[19], 4);
+ b64_from_24bit(buf[62], buf[20], buf[41], 4);
+ b64_from_24bit(0, 0, buf[63], 2);
break;
default:
goto err;
@@ -766,7 +771,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
return out_buf;
- err:
+err:
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
OPENSSL_free(p_bytes);
@@ -776,8 +781,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
}
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table,
- int reverse, size_t pw_maxlen, passwd_modes mode)
+ char *passwd, BIO *out, int quiet, int table,
+ int reverse, size_t pw_maxlen, passwd_modes mode)
{
char *hash = NULL;
@@ -805,10 +810,10 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
for (i = 0; i < saltlen; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[i] = 0;
-# ifdef CHARSET_EBCDIC
+#ifdef CHARSET_EBCDIC
/* The password encryption function will convert back to ASCII */
ascii2ebcdic(*salt_p, *salt_p, saltlen);
-# endif
+#endif
}
assert(*salt_p != NULL);
@@ -820,8 +825,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
* XXX: really we should know how to print a size_t, not cast it
*/
BIO_printf(bio_err,
- "Warning: truncating password to %u characters\n",
- (unsigned)pw_maxlen);
+ "Warning: truncating password to %u characters\n",
+ (unsigned)pw_maxlen);
passwd[pw_maxlen] = 0;
}
assert(strlen(passwd) <= pw_maxlen);
@@ -843,6 +848,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
BIO_printf(out, "%s\n", hash);
return 1;
- end:
+end:
return 0;
}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 5146699f1672..7c792d925846 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,11 +21,11 @@
#include <openssl/provider.h>
#include <openssl/kdf.h>
-#define NOKEYS 0x1
-#define NOCERTS 0x2
-#define INFO 0x4
-#define CLCERTS 0x8
-#define CACERTS 0x10
+#define NOKEYS 0x1
+#define NOCERTS 0x2
+#define INFO 0x4
+#define CLCERTS 0x8
+#define CACERTS 0x10
#define PASSWD_BUF_SIZE 2048
@@ -35,20 +35,20 @@
BIO_printf(bio_err, "Warning: -%s option ignored without -export\n", opt);
static int get_cert_chain(X509 *cert, X509_STORE *store,
- STACK_OF(X509) *untrusted_certs,
- STACK_OF(X509) **chain);
+ STACK_OF(X509) *untrusted_certs,
+ STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
- const char *pass, int passlen, int options,
- char *pempass, const EVP_CIPHER *enc);
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
- const char *pass, int passlen, int options,
- char *pempass, const EVP_CIPHER *enc);
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
- const char *pass, int passlen,
- int options, char *pempass, const EVP_CIPHER *enc);
+ const char *pass, int passlen,
+ int options, char *pempass, const EVP_CIPHER *enc);
void print_attribute(BIO *out, const ASN1_TYPE *av);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
- const char *name);
+ const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
static int alg_print(const X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
@@ -56,18 +56,54 @@ static int set_pbe(int *ppbe, const char *str);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
- OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
+ OPT_CIPHER,
+ OPT_NOKEYS,
+ OPT_KEYEX,
+ OPT_KEYSIG,
+ OPT_NOCERTS,
+ OPT_CLCERTS,
+ OPT_CACERTS,
+ OPT_NOOUT,
+ OPT_INFO,
+ OPT_CHAIN,
+ OPT_TWOPASS,
+ OPT_NOMACVER,
#ifndef OPENSSL_NO_DES
OPT_DESCERT,
#endif
- OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
- OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
- OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS,
- OPT_NAME, OPT_CSP, OPT_CANAME,
- OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
- OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
- OPT_R_ENUM, OPT_PROV_ENUM,
+ OPT_EXPORT,
+ OPT_ITER,
+ OPT_NOITER,
+ OPT_MACITER,
+ OPT_NOMACITER,
+ OPT_NOMAC,
+ OPT_LMK,
+ OPT_NODES,
+ OPT_NOENC,
+ OPT_MACALG,
+ OPT_CERTPBE,
+ OPT_KEYPBE,
+ OPT_INKEY,
+ OPT_CERTFILE,
+ OPT_UNTRUSTED,
+ OPT_PASSCERTS,
+ OPT_NAME,
+ OPT_CSP,
+ OPT_CANAME,
+ OPT_IN,
+ OPT_OUT,
+ OPT_PASSIN,
+ OPT_PASSOUT,
+ OPT_PASSWORD,
+ OPT_CAPATH,
+ OPT_CAFILE,
+ OPT_CASTORE,
+ OPT_NOCAPATH,
+ OPT_NOCAFILE,
+ OPT_NOCASTORE,
+ OPT_ENGINE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
#ifndef OPENSSL_NO_DES
OPT_LEGACY_ALG
#endif
@@ -75,81 +111,81 @@ typedef enum OPTION_choice {
const OPTIONS pkcs12_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"password", OPT_PASSWORD, 's', "Set PKCS#12 import/export password source"},
- {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
- {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
- {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
- {"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "in", OPT_IN, '<', "Input file" },
+ { "out", OPT_OUT, '>', "Output file" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
+ { "password", OPT_PASSWORD, 's', "Set PKCS#12 import/export password source" },
+ { "twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords" },
+ { "nokeys", OPT_NOKEYS, '-', "Don't output private keys" },
+ { "nocerts", OPT_NOCERTS, '-', "Don't output certificates" },
+ { "noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input" },
#ifndef OPENSSL_NO_DES
- {"legacy", OPT_LEGACY_ALG, '-',
-# ifdef OPENSSL_NO_RC2
- "Use legacy encryption algorithm 3DES_CBC for keys and certs"
-# else
- "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs"
-# endif
+ { "legacy", OPT_LEGACY_ALG, '-',
+#ifdef OPENSSL_NO_RC2
+ "Use legacy encryption algorithm 3DES_CBC for keys and certs"
+#else
+ "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs"
+#endif
},
#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
OPT_SECTION("PKCS#12 import (parsing PKCS#12)"),
- {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
- {"nomacver", OPT_NOMACVER, '-', "Don't verify integrity MAC"},
- {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
- {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
- {"", OPT_CIPHER, '-', "Any supported cipher for output encryption"},
- {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"},
- {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"},
+ { "info", OPT_INFO, '-', "Print info about PKCS#12 structure" },
+ { "nomacver", OPT_NOMACVER, '-', "Don't verify integrity MAC" },
+ { "clcerts", OPT_CLCERTS, '-', "Only output client certificates" },
+ { "cacerts", OPT_CACERTS, '-', "Only output CA certificates" },
+ { "", OPT_CIPHER, '-', "Any supported cipher for output encryption" },
+ { "noenc", OPT_NOENC, '-', "Don't encrypt private keys" },
+ { "nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated" },
OPT_SECTION("PKCS#12 output (export)"),
- {"export", OPT_EXPORT, '-', "Create PKCS12 file"},
- {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"},
- {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"},
- {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"},
- {"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"},
- {OPT_MORE_STR, 0, 0,
- "which is the 1st cert from -in matching the private key (if given)"},
- {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"},
- {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
- {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
- {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
- {"name", OPT_NAME, 's', "Use name as friendly name"},
- {"caname", OPT_CANAME, 's',
- "Use name as CA friendly name (can be repeated)"},
- {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
- {"LMK", OPT_LMK, '-',
- "Add local machine keyset attribute to private key"},
- {"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"},
- {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"},
- {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)"},
- {"certpbe", OPT_CERTPBE, 's',
- "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"},
+ { "export", OPT_EXPORT, '-', "Create PKCS12 file" },
+ { "inkey", OPT_INKEY, 's', "Private key, else read from -in input file" },
+ { "certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output" },
+ { "passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source" },
+ { "chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert," },
+ { OPT_MORE_STR, 0, 0,
+ "which is the 1st cert from -in matching the private key (if given)" },
+ { "untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building" },
+ { "CAfile", OPT_CAFILE, '<', "PEM-format file of CA's" },
+ { "CApath", OPT_CAPATH, '/', "PEM-format directory of CA's" },
+ { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
+ { "name", OPT_NAME, 's', "Use name as friendly name" },
+ { "caname", OPT_CANAME, 's',
+ "Use name as CA friendly name (can be repeated)" },
+ { "CSP", OPT_CSP, 's', "Microsoft CSP name" },
+ { "LMK", OPT_LMK, '-',
+ "Add local machine keyset attribute to private key" },
+ { "keyex", OPT_KEYEX, '-', "Set key type to MS key exchange" },
+ { "keysig", OPT_KEYSIG, '-', "Set key type to MS key signature" },
+ { "keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)" },
+ { "certpbe", OPT_CERTPBE, 's',
+ "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)" },
#ifndef OPENSSL_NO_DES
- {"descert", OPT_DESCERT, '-',
- "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"},
+ { "descert", OPT_DESCERT, '-',
+ "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)" },
#endif
- {"macalg", OPT_MACALG, 's',
- "Digest algorithm to use in MAC (default SHA256)"},
- {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"},
- {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
- {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"},
- {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
- {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
- {NULL}
+ { "macalg", OPT_MACALG, 's',
+ "Digest algorithm to use in MAC (default SHA256)" },
+ { "iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC" },
+ { "noiter", OPT_NOITER, '-', "Don't use encryption iteration" },
+ { "nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)" },
+ { "maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility" },
+ { "nomac", OPT_NOMAC, '-', "Don't generate MAC" },
+ { NULL }
};
int pkcs12_main(int argc, char **argv)
@@ -187,7 +223,7 @@ int pkcs12_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -379,7 +415,7 @@ int pkcs12_main(int argc, char **argv)
WARN_EXPORT("cacerts");
if (enc != default_enc)
BIO_printf(bio_err,
- "Warning: output encryption option -%s ignored with -export\n", enc_flag);
+ "Warning: output encryption option -%s ignored with -export\n", enc_flag);
} else {
if (keyname != NULL)
WARN_NO_EXPORT("inkey");
@@ -440,11 +476,11 @@ int pkcs12_main(int argc, char **argv)
}
if (cert_pbe == NID_undef) {
/* Adapt default algorithm */
-# ifndef OPENSSL_NO_RC2
+#ifndef OPENSSL_NO_RC2
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-# else
+#else
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-# endif
+#endif
}
if (key_pbe == NID_undef)
@@ -502,7 +538,7 @@ int pkcs12_main(int argc, char **argv)
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(
- macpass, sizeof(macpass), "Enter MAC Password:", export_pkcs12)) {
+ macpass, sizeof(macpass), "Enter MAC Password:", export_pkcs12)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -534,10 +570,8 @@ int pkcs12_main(int argc, char **argv)
if (!(options & NOKEYS)) {
key = load_key(keyname ? keyname : infile,
- FORMAT_PEM, 1, passin, e,
- keyname ?
- "private key from -inkey file" :
- "private key from -in file");
+ FORMAT_PEM, 1, passin, e,
+ keyname ? "private key from -inkey file" : "private key from -in file");
if (key == NULL)
goto export_end;
}
@@ -545,7 +579,7 @@ int pkcs12_main(int argc, char **argv)
/* Load all certs in input file */
if (!(options & NOCERTS)) {
if (!load_certs(infile, 1, &certs, passin,
- "certificates from -in file"))
+ "certificates from -in file"))
goto export_end;
if (sk_X509_num(certs) < 1) {
BIO_printf(bio_err, "No certificate in -in file %s\n", infile);
@@ -568,8 +602,8 @@ int pkcs12_main(int argc, char **argv)
}
if (ee_cert == NULL) {
BIO_printf(bio_err,
- "No cert in -in file '%s' matches private key\n",
- infile);
+ "No cert in -in file '%s' matches private key\n",
+ infile);
goto export_end;
}
}
@@ -578,7 +612,7 @@ int pkcs12_main(int argc, char **argv)
/* Load any untrusted certificates for chain building */
if (untrusted != NULL) {
if (!load_certs(untrusted, 0, &untrusted_certs, passcerts,
- "untrusted certificates"))
+ "untrusted certificates"))
goto export_end;
}
@@ -595,13 +629,13 @@ int pkcs12_main(int argc, char **argv)
if (ee_cert_tmp == NULL) {
BIO_printf(bio_err,
- "No end entity certificate to check with -chain\n");
+ "No end entity certificate to check with -chain\n");
goto export_end;
}
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore))
- == NULL)
+ CAstore, noCAstore))
+ == NULL)
goto export_end;
vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2);
@@ -612,15 +646,14 @@ int pkcs12_main(int argc, char **argv)
/* Remove from chain2 the first (end entity) certificate */
X509_free(sk_X509_shift(chain2));
/* Add the remaining certs (except for duplicates) */
- add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
- | X509_ADD_FLAG_NO_DUP);
+ add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP);
sk_X509_pop_free(chain2, X509_free);
if (!add_certs)
goto export_end;
} else {
if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error getting chain: %s\n",
- X509_verify_cert_error_string(vret));
+ X509_verify_cert_error_string(vret));
goto export_end;
}
}
@@ -628,7 +661,7 @@ int pkcs12_main(int argc, char **argv)
/* Add any extra certificates asked for */
if (certfile != NULL) {
if (!load_certs(certfile, 0, &certs, passcerts,
- "extra certificates from -certfile"))
+ "extra certificates from -certfile"))
goto export_end;
}
@@ -640,8 +673,8 @@ int pkcs12_main(int argc, char **argv)
if (csp_name != NULL && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)csp_name,
- -1);
+ MBSTRING_ASC, (unsigned char *)csp_name,
+ -1);
if (add_lmk && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
@@ -651,7 +684,7 @@ int pkcs12_main(int argc, char **argv)
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass),
- "Enter Export Password:", 1)) {
+ "Enter Export Password:", 1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
@@ -666,12 +699,12 @@ int pkcs12_main(int argc, char **argv)
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
p12 = PKCS12_create_ex(cpass, name, key, ee_cert, certs,
- key_pbe, cert_pbe, iter, -1, keytype,
- app_get0_libctx(), app_get0_propq());
+ key_pbe, cert_pbe, iter, -1, keytype,
+ app_get0_libctx(), app_get0_propq());
if (p12 == NULL) {
BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n",
- outfile);
+ outfile);
goto export_end;
}
@@ -697,7 +730,7 @@ int pkcs12_main(int argc, char **argv)
ret = 0;
- export_end:
+ export_end:
EVP_PKEY_free(key);
EVP_MD_free(macmd);
@@ -707,7 +740,6 @@ int pkcs12_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
-
}
in = bio_open_default(infile, 'r', FORMAT_PKCS12);
@@ -728,7 +760,7 @@ int pkcs12_main(int argc, char **argv)
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
- 0)) {
+ 0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -756,16 +788,16 @@ int pkcs12_main(int argc, char **argv)
BIO_puts(bio_err, "MAC: ");
i2a_ASN1_OBJECT(bio_err, macobj);
BIO_printf(bio_err, ", Iteration %ld\n",
- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
- tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
- tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
+ tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+ tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
}
if (macver) {
EVP_KDF *pkcs12kdf;
pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF",
- app_get0_propq());
+ app_get0_propq());
if (pkcs12kdf == NULL) {
BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
@@ -797,6 +829,12 @@ int pkcs12_main(int argc, char **argv)
if (utmp == NULL)
goto end;
badpass = OPENSSL_uni2utf8(utmp, utmplen);
+ if (badpass == NULL) {
+ BIO_printf(bio_err, "Verbatim password did not match, and fallback conversion to UTF-8 failed\n"
+ "The password entered or the input encoding may be wrong\n");
+ OPENSSL_free(utmp);
+ goto end;
+ }
OPENSSL_free(utmp);
if (!PKCS12_verify_mac(p12, badpass, -1)) {
BIO_printf(bio_err, "Mac verify error: invalid password?\n");
@@ -810,7 +848,7 @@ int pkcs12_main(int argc, char **argv)
}
}
- dump:
+dump:
assert(private);
out = bio_open_owner(outfile, FORMAT_PEM, private);
@@ -823,7 +861,7 @@ int pkcs12_main(int argc, char **argv)
goto end;
}
ret = 0;
- end:
+end:
PKCS12_free(p12);
release_engine(e);
BIO_free(in);
@@ -837,8 +875,8 @@ int pkcs12_main(int argc, char **argv)
}
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
- int passlen, int options, char *pempass,
- const EVP_CIPHER *enc)
+ int passlen, int options, char *pempass,
+ const EVP_CIPHER *enc)
{
STACK_OF(PKCS7) *asafes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags;
@@ -871,7 +909,7 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
if (!bags)
goto err;
if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
- options, pempass, enc)) {
+ options, pempass, enc)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
goto err;
}
@@ -880,28 +918,28 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
}
ret = 1;
- err:
+err:
sk_PKCS7_pop_free(asafes, PKCS7_free);
return ret;
}
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
- const char *pass, int passlen, int options,
- char *pempass, const EVP_CIPHER *enc)
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!dump_certs_pkeys_bag(out,
- sk_PKCS12_SAFEBAG_value(bags, i),
- pass, passlen, options, pempass, enc))
+ sk_PKCS12_SAFEBAG_value(bags, i),
+ pass, passlen, options, pempass, enc))
return 0;
}
return 1;
}
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
- const char *pass, int passlen, int options,
- char *pempass, const EVP_CIPHER *enc)
+ const char *pass, int passlen, int options,
+ char *pempass, const EVP_CIPHER *enc)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
@@ -987,7 +1025,7 @@ int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
BIO_printf(bio_err, "Safe Contents bag\n");
print_attribs(out, attrs, "Bag Attributes");
return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
- pass, passlen, options, pempass, enc);
+ pass, passlen, options, pempass, enc);
default:
BIO_printf(bio_err, "Warning unsupported bag type: ");
@@ -1001,8 +1039,8 @@ int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
/* Given a single certificate return a verified chain or NULL if error */
static int get_cert_chain(X509 *cert, X509_STORE *store,
- STACK_OF(X509) *untrusted_certs,
- STACK_OF(X509) **chain)
+ STACK_OF(X509) *untrusted_certs,
+ STACK_OF(X509) **chain)
{
X509_STORE_CTX *store_ctx = NULL;
STACK_OF(X509) *chn = NULL;
@@ -1010,15 +1048,14 @@ static int get_cert_chain(X509 *cert, X509_STORE *store,
store_ctx = X509_STORE_CTX_new_ex(app_get0_libctx(), app_get0_propq());
if (store_ctx == NULL) {
- i = X509_V_ERR_UNSPECIFIED;
+ i = X509_V_ERR_UNSPECIFIED;
goto end;
}
if (!X509_STORE_CTX_init(store_ctx, store, cert, untrusted_certs)) {
- i = X509_V_ERR_UNSPECIFIED;
+ i = X509_V_ERR_UNSPECIFIED;
goto end;
}
-
if (X509_verify_cert(store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(store_ctx);
else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
@@ -1061,7 +1098,7 @@ static int alg_print(const X509_ALGOR *alg)
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
encnid = OBJ_obj2nid(aoid);
BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
- OBJ_nid2sn(encnid));
+ OBJ_nid2sn(encnid));
/* If KDF is PBKDF2 decode parameters */
if (pbenid == NID_id_pbkdf2) {
PBKDF2PARAM *kdf = NULL;
@@ -1080,7 +1117,7 @@ static int alg_print(const X509_ALGOR *alg)
prfnid = OBJ_obj2nid(aoid);
}
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
- ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
+ ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
#ifndef OPENSSL_NO_SCRYPT
} else if (pbenid == NID_id_scrypt) {
@@ -1093,11 +1130,11 @@ static int alg_print(const X509_ALGOR *alg)
goto done;
}
BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
- "Block size(r): %ld, Parallelism(p): %ld",
- ASN1_STRING_length(kdf->salt),
- ASN1_INTEGER_get(kdf->costParameter),
- ASN1_INTEGER_get(kdf->blockSize),
- ASN1_INTEGER_get(kdf->parallelizationParameter));
+ "Block size(r): %ld, Parallelism(p): %ld",
+ ASN1_STRING_length(kdf->salt),
+ ASN1_INTEGER_get(kdf->costParameter),
+ ASN1_INTEGER_get(kdf->blockSize),
+ ASN1_INTEGER_get(kdf->parallelizationParameter));
SCRYPT_PARAMS_free(kdf);
#endif
}
@@ -1112,7 +1149,7 @@ static int alg_print(const X509_ALGOR *alg)
BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free(pbe);
}
- done:
+done:
BIO_puts(bio_err, "\n");
return 1;
}
@@ -1143,25 +1180,25 @@ void print_attribute(BIO *out, const ASN1_TYPE *av)
switch (av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
+ av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_UTF8STRING:
BIO_printf(out, "%.*s\n", av->value.utf8string->length,
- av->value.utf8string->data);
+ av->value.utf8string->data);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
+ av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
+ av->value.bit_string->length);
BIO_printf(out, "\n");
break;
@@ -1174,7 +1211,7 @@ void print_attribute(BIO *out, const ASN1_TYPE *av)
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
- const char *name)
+ const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
@@ -1202,8 +1239,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
}
if (X509_ATTRIBUTE_count(attr)) {
- for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
- {
+ for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) {
av = X509_ATTRIBUTE_get0_type(attr, j);
print_attribute(out, av);
}
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index ba11e8151ae9..aa71091ce905 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -22,33 +22,40 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
- OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_NOOUT,
+ OPT_TEXT,
+ OPT_PRINT,
+ OPT_PRINT_CERTS,
+ OPT_ENGINE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs7_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" },
OPT_SECTION("Output"),
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
- {"out", OPT_OUT, '>', "Output file"},
- {"noout", OPT_NOOUT, '-', "Don't output encoded data"},
- {"text", OPT_TEXT, '-', "Print full details of certificates"},
- {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
- {"print_certs", OPT_PRINT_CERTS, '-',
- "Print_certs print any certs or crl in the input"},
+ { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" },
+ { "out", OPT_OUT, '>', "Output file" },
+ { "noout", OPT_NOOUT, '-', "Don't output encoded data" },
+ { "text", OPT_TEXT, '-', "Print full details of certificates" },
+ { "print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure" },
+ { "print_certs", OPT_PRINT_CERTS, '-',
+ "Print_certs print any certs or crl in the input" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int pkcs7_main(int argc, char **argv)
@@ -67,7 +74,7 @@ int pkcs7_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -211,7 +218,7 @@ int pkcs7_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 6b09b909eb7a..4e1bdbe901d9 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -19,52 +19,67 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
- OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_ENGINE,
+ OPT_IN,
+ OPT_OUT,
+ OPT_TOPK8,
+ OPT_NOITER,
+ OPT_NOCRYPT,
#ifndef OPENSSL_NO_SCRYPT
- OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+ OPT_SCRYPT,
+ OPT_SCRYPT_N,
+ OPT_SCRYPT_R,
+ OPT_SCRYPT_P,
#endif
- OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+ OPT_V2,
+ OPT_V1,
+ OPT_V2PRF,
+ OPT_ITER,
+ OPT_PASSIN,
+ OPT_PASSOUT,
OPT_TRADITIONAL,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs8_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
- {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
- {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
+ { "v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher" },
+ { "v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher" },
+ { "v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'F', "Input format (DER or PEM)" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
- {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
- {"iter", OPT_ITER, 'p', "Specify the iteration count"},
- {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)" },
+ { "topk8", OPT_TOPK8, '-', "Output PKCS8 file" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
+ { "traditional", OPT_TRADITIONAL, '-', "use traditional format private key" },
+ { "iter", OPT_ITER, 'p', "Specify the iteration count" },
+ { "noiter", OPT_NOITER, '-', "Use 1 as iteration count" },
#ifndef OPENSSL_NO_SCRYPT
OPT_SECTION("Scrypt"),
- {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
- {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
- {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
- {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+ { "scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm" },
+ { "scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter" },
+ { "scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter" },
+ { "scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter" },
#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int pkcs8_main(int argc, char **argv)
@@ -94,7 +109,7 @@ int pkcs8_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -142,7 +157,7 @@ int pkcs8_main(int argc, char **argv)
pbe_nid = OBJ_txt2nid(opt_arg());
if (pbe_nid == NID_undef) {
BIO_printf(bio_err,
- "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
+ "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
@@ -150,14 +165,14 @@ int pkcs8_main(int argc, char **argv)
pbe_nid = OBJ_txt2nid(opt_arg());
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err,
- "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
+ "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
goto opthelp;
}
if (cipher == NULL)
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
break;
case OPT_ITER:
- iter = opt_int_arg();
+ iter = opt_int_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
@@ -215,7 +230,7 @@ int pkcs8_main(int argc, char **argv)
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
in = bio_open_default(infile, 'r',
- informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
+ informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
@@ -247,11 +262,11 @@ int pkcs8_main(int argc, char **argv)
#ifndef OPENSSL_NO_SCRYPT
if (scrypt_N && scrypt_r && scrypt_p)
pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
- scrypt_N, scrypt_r, scrypt_p);
+ scrypt_N, scrypt_r, scrypt_p);
else
#endif
pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
- pbe_nid);
+ pbe_nid);
} else {
pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
}
@@ -266,8 +281,7 @@ int pkcs8_main(int argc, char **argv)
/* To avoid bit rot */
#ifndef OPENSSL_NO_UI_CONSOLE
p8pass = pass;
- if (EVP_read_pw_string
- (pass, sizeof(pass), "Enter Encryption Password:", 1)) {
+ if (EVP_read_pw_string(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
X509_ALGOR_free(pbe);
goto end;
}
@@ -355,7 +369,7 @@ int pkcs8_main(int argc, char **argv)
if (outformat == FORMAT_PEM) {
if (traditional)
PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
- NULL, passout);
+ NULL, passout);
else
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
} else if (outformat == FORMAT_ASN1) {
@@ -366,7 +380,7 @@ int pkcs8_main(int argc, char **argv)
}
ret = 0;
- end:
+end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
diff --git a/apps/pkey.c b/apps/pkey.c
index 196678533c1d..25404a8a5d06 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -19,50 +19,64 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
- OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
- OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
- OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_PASSIN,
+ OPT_PASSOUT,
+ OPT_ENGINE,
+ OPT_IN,
+ OPT_OUT,
+ OPT_PUBIN,
+ OPT_PUBOUT,
+ OPT_TEXT_PUB,
+ OPT_TEXT,
+ OPT_NOOUT,
+ OPT_CIPHER,
+ OPT_TRADITIONAL,
+ OPT_CHECK,
+ OPT_PUB_CHECK,
+ OPT_EC_PARAM_ENC,
+ OPT_EC_CONV_FORM,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkey_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_PROV_OPTIONS,
- {"check", OPT_CHECK, '-', "Check key consistency"},
- {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
+ { "check", OPT_CHECK, '-', "Check key consistency" },
+ { "pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency" },
OPT_SECTION("Input"),
- {"in", OPT_IN, 's', "Input key"},
- {"inform", OPT_INFORM, 'f',
- "Key input format (ENGINE, other values ignored)"},
- {"passin", OPT_PASSIN, 's', "Key input pass phrase source"},
- {"pubin", OPT_PUBIN, '-',
- "Read only public components from key input"},
+ { "in", OPT_IN, 's', "Input key" },
+ { "inform", OPT_INFORM, 'f',
+ "Key input format (ENGINE, other values ignored)" },
+ { "passin", OPT_PASSIN, 's', "Key input pass phrase source" },
+ { "pubin", OPT_PUBIN, '-',
+ "Read only public components from key input" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file for encoded and/or text output"},
- {"outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)"},
- {"", OPT_CIPHER, '-', "Any supported cipher to be used for encryption"},
- {"passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source"},
- {"traditional", OPT_TRADITIONAL, '-',
- "Use traditional format for private key PEM output"},
- {"pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components"},
- {"noout", OPT_NOOUT, '-', "Do not output the key in encoded form"},
- {"text", OPT_TEXT, '-', "Output key components in plaintext"},
- {"text_pub", OPT_TEXT_PUB, '-',
- "Output only public key components in text form"},
- {"ec_conv_form", OPT_EC_CONV_FORM, 's',
- "Specifies the EC point conversion form in the encoding"},
- {"ec_param_enc", OPT_EC_PARAM_ENC, 's',
- "Specifies the way the EC parameters are encoded"},
+ { "out", OPT_OUT, '>', "Output file for encoded and/or text output" },
+ { "outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)" },
+ { "", OPT_CIPHER, '-', "Any supported cipher to be used for encryption" },
+ { "passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source" },
+ { "traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private key PEM output" },
+ { "pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components" },
+ { "noout", OPT_NOOUT, '-', "Do not output the key in encoded form" },
+ { "text", OPT_TEXT, '-', "Output key components in plaintext" },
+ { "text_pub", OPT_TEXT_PUB, '-',
+ "Output only public key components in text form" },
+ { "ec_conv_form", OPT_EC_CONV_FORM, 's',
+ "Specifies the EC point conversion form in the encoding" },
+ { "ec_param_enc", OPT_EC_PARAM_ENC, 's',
+ "Specifies the way the EC parameters are encoded" },
- {NULL}
+ { NULL }
};
int pkey_main(int argc, char **argv)
@@ -88,7 +102,7 @@ int pkey_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -177,10 +191,10 @@ int pkey_main(int argc, char **argv)
if (text && text_pub)
BIO_printf(bio_err,
- "Warning: The -text option is ignored with -text_pub\n");
+ "Warning: The -text option is ignored with -text_pub\n");
if (traditional && (noout || outformat != FORMAT_PEM))
BIO_printf(bio_err,
- "Warning: The -traditional is ignored since there is no PEM output\n");
+ "Warning: The -traditional is ignored since there is no PEM output\n");
/* -pubout and -text is the same as -text_pub */
if (!text_pub && pubout && text) {
@@ -197,11 +211,11 @@ int pkey_main(int argc, char **argv)
if (cipher == NULL) {
if (passoutarg != NULL)
BIO_printf(bio_err,
- "Warning: The -passout option is ignored without a cipher option\n");
+ "Warning: The -passout option is ignored without a cipher option\n");
} else {
if (noout || outformat != FORMAT_PEM) {
BIO_printf(bio_err,
- "Error: Cipher options are supported only for PEM output\n");
+ "Error: Cipher options are supported only for PEM output\n");
goto end;
}
}
@@ -230,11 +244,11 @@ int pkey_main(int argc, char **argv)
if (asn1_encoding != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
- asn1_encoding, 0);
+ asn1_encoding, 0);
if (point_format != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(
- OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
- point_format, 0);
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format, 0);
*p = OSSL_PARAM_construct_end();
if (EVP_PKEY_set_params(pkey, params) <= 0)
goto end;
@@ -277,19 +291,19 @@ int pkey_main(int argc, char **argv)
assert(private);
if (traditional) {
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
- NULL, 0, NULL,
- passout))
+ NULL, 0, NULL,
+ passout))
goto end;
} else {
if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout))
+ NULL, 0, NULL, passout))
goto end;
}
}
} else if (outformat == FORMAT_ASN1) {
if (text || text_pub) {
BIO_printf(bio_err,
- "Error: Text output cannot be combined with DER output\n");
+ "Error: Text output cannot be combined with DER output\n");
goto end;
}
if (pubout) {
@@ -317,7 +331,7 @@ int pkey_main(int argc, char **argv)
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index b02882ccc296..d31c1bb9e0b6 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -18,29 +18,33 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
- OPT_ENGINE, OPT_CHECK,
+ OPT_IN,
+ OPT_OUT,
+ OPT_TEXT,
+ OPT_NOOUT,
+ OPT_ENGINE,
+ OPT_CHECK,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"check", OPT_CHECK, '-', "Check key param consistency"},
+ { "check", OPT_CHECK, '-', "Check key param consistency" },
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
+ { "in", OPT_IN, '<', "Input file" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"text", OPT_TEXT, '-', "Print parameters as text"},
- {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "text", OPT_TEXT, '-', "Print parameters as text" },
+ { "noout", OPT_NOOUT, '-', "Don't output encoded parameters" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int pkeyparam_main(int argc, char **argv)
@@ -58,7 +62,7 @@ int pkeyparam_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -102,7 +106,7 @@ int pkeyparam_main(int argc, char **argv)
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters_ex(in, NULL, app_get0_libctx(),
- app_get0_propq());
+ app_get0_propq());
if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
@@ -112,7 +116,7 @@ int pkeyparam_main(int argc, char **argv)
if (check) {
if (e == NULL)
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey,
- app_get0_propq());
+ app_get0_propq());
else
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
@@ -143,7 +147,7 @@ int pkeyparam_main(int argc, char **argv)
ret = EXIT_SUCCESS;
- end:
+end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index caf3f639eae5..cd3186c883d2 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -15,90 +15,112 @@
#include <openssl/evp.h>
#include <sys/stat.h>
-#define KEY_NONE 0
-#define KEY_PRIVKEY 1
-#define KEY_PUBKEY 2
-#define KEY_CERT 3
+#define KEY_NONE 0
+#define KEY_PRIVKEY 1
+#define KEY_PUBKEY 2
+#define KEY_CERT 3
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
- const char *keyfile, int keyform, int key_type,
- char *passinarg, int pkey_op, ENGINE *e,
- const int impl, int rawin, EVP_PKEY **ppkey,
- EVP_MD_CTX *mctx, const char *digestname,
- OSSL_LIB_CTX *libctx, const char *propq);
+ const char *keyfile, int keyform, int key_type,
+ char *passinarg, int pkey_op, ENGINE *e,
+ const int impl, int rawin, EVP_PKEY **ppkey,
+ EVP_MD_CTX *mctx, const char *digestname,
+ OSSL_LIB_CTX *libctx, const char *propq);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
- ENGINE *e);
+ ENGINE *e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
- const unsigned char *in, size_t inlen);
+ unsigned char *out, size_t *poutlen,
+ const unsigned char *in, size_t inlen);
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
- unsigned char **out, size_t *poutlen);
+ EVP_PKEY *pkey, BIO *in,
+ int filesize, unsigned char *sig, int siglen,
+ unsigned char **out, size_t *poutlen);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
- OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
- OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
- OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
- OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
- OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
+ OPT_ENGINE,
+ OPT_ENGINE_IMPL,
+ OPT_IN,
+ OPT_OUT,
+ OPT_PUBIN,
+ OPT_CERTIN,
+ OPT_ASN1PARSE,
+ OPT_HEXDUMP,
+ OPT_SIGN,
+ OPT_VERIFY,
+ OPT_VERIFYRECOVER,
+ OPT_REV,
+ OPT_ENCRYPT,
+ OPT_DECRYPT,
+ OPT_DERIVE,
+ OPT_SIGFILE,
+ OPT_INKEY,
+ OPT_PEERKEY,
+ OPT_PASSIN,
+ OPT_PEERFORM,
+ OPT_KEYFORM,
+ OPT_PKEYOPT,
+ OPT_PKEYOPT_PASSIN,
+ OPT_KDF,
+ OPT_KDFLEN,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
OPT_CONFIG,
- OPT_RAWIN, OPT_DIGEST
+ OPT_RAWIN,
+ OPT_DIGEST
} OPTION_CHOICE;
const OPTIONS pkeyutl_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"engine_impl", OPT_ENGINE_IMPL, '-',
- "Also use engine given by -engine for crypto operations"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
+ { "engine_impl", OPT_ENGINE_IMPL, '-',
+ "Also use engine given by -engine for crypto operations" },
#endif
- {"sign", OPT_SIGN, '-', "Sign input data with private key"},
- {"verify", OPT_VERIFY, '-', "Verify with public key"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
- {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+ { "sign", OPT_SIGN, '-', "Sign input data with private key" },
+ { "verify", OPT_VERIFY, '-', "Verify with public key" },
+ { "encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key" },
+ { "decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key" },
+ { "derive", OPT_DERIVE, '-', "Derive shared secret" },
OPT_CONFIG_OPTION,
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file - default stdin"},
- {"rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form"},
- {"pubin", OPT_PUBIN, '-', "Input is a public key"},
- {"inkey", OPT_INKEY, 's', "Input private key file"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
- {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)"},
- {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
- {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
- {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
- {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"},
+ { "in", OPT_IN, '<', "Input file - default stdin" },
+ { "rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form" },
+ { "pubin", OPT_PUBIN, '-', "Input is a public key" },
+ { "inkey", OPT_INKEY, 's', "Input private key file" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation" },
+ { "peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)" },
+ { "certin", OPT_CERTIN, '-', "Input is a cert with a public key" },
+ { "rev", OPT_REV, '-', "Reverse the order of the input buffer" },
+ { "sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)" },
+ { "keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"asn1parse", OPT_ASN1PARSE, '-',
- "parse the output as ASN.1 data to check its DER encoding and print errors"},
- {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
- {"verifyrecover", OPT_VERIFYRECOVER, '-',
- "Verify RSA signature, recovering original signature input data"},
+ { "out", OPT_OUT, '>', "Output file - default stdout" },
+ { "asn1parse", OPT_ASN1PARSE, '-',
+ "parse the output as ASN.1 data to check its DER encoding and print errors" },
+ { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" },
+ { "verifyrecover", OPT_VERIFYRECOVER, '-',
+ "Verify RSA signature, recovering original signature input data" },
OPT_SECTION("Signing/Derivation"),
- {"digest", OPT_DIGEST, 's',
- "Specify the digest algorithm when signing the raw input data"},
- {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
- {"pkeyopt_passin", OPT_PKEYOPT_PASSIN, 's',
- "Public key option that is read as a passphrase argument opt:passphrase"},
- {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
- {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
+ { "digest", OPT_DIGEST, 's',
+ "Specify the digest algorithm when signing the raw input data" },
+ { "pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value" },
+ { "pkeyopt_passin", OPT_PKEYOPT_PASSIN, 's',
+ "Public key option that is read as a passphrase argument opt:passphrase" },
+ { "kdf", OPT_KDF, 's', "Use KDF algorithm" },
+ { "kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int pkeyutl_main(int argc, char **argv)
@@ -135,7 +157,7 @@ int pkeyutl_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -229,17 +251,13 @@ int pkeyutl_main(int argc, char **argv)
rev = 1;
break;
case OPT_PKEYOPT:
- if ((pkeyopts == NULL &&
- (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
- sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
+ if ((pkeyopts == NULL && (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
BIO_puts(bio_err, "out of memory\n");
goto end;
}
break;
case OPT_PKEYOPT_PASSIN:
- if ((pkeyopts_passin == NULL &&
- (pkeyopts_passin = sk_OPENSSL_STRING_new_null()) == NULL) ||
- sk_OPENSSL_STRING_push(pkeyopts_passin, opt_arg()) == 0) {
+ if ((pkeyopts_passin == NULL && (pkeyopts_passin = sk_OPENSSL_STRING_new_null()) == NULL) || sk_OPENSSL_STRING_push(pkeyopts_passin, opt_arg()) == 0) {
BIO_puts(bio_err, "out of memory\n");
goto end;
}
@@ -263,37 +281,37 @@ int pkeyutl_main(int argc, char **argv)
if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
BIO_printf(bio_err,
- "%s: -rawin can only be used with -sign or -verify\n",
- prog);
+ "%s: -rawin can only be used with -sign or -verify\n",
+ prog);
goto opthelp;
}
if (digestname != NULL && !rawin) {
BIO_printf(bio_err,
- "%s: -digest can only be used with -rawin\n",
- prog);
+ "%s: -digest can only be used with -rawin\n",
+ prog);
goto opthelp;
}
if (rawin && rev) {
BIO_printf(bio_err, "%s: -rev cannot be used with raw input\n",
- prog);
+ prog);
goto opthelp;
}
if (kdfalg != NULL) {
if (kdflen == 0) {
BIO_printf(bio_err,
- "%s: no KDF length given (-kdflen parameter).\n", prog);
+ "%s: no KDF length given (-kdflen parameter).\n", prog);
goto opthelp;
}
} else if (inkey == NULL) {
BIO_printf(bio_err,
- "%s: no private key given (-inkey parameter).\n", prog);
+ "%s: no private key given (-inkey parameter).\n", prog);
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
- "%s: no peer key given (-peerkey parameter).\n", prog);
+ "%s: no peer key given (-peerkey parameter).\n", prog);
goto opthelp;
}
@@ -304,8 +322,8 @@ int pkeyutl_main(int argc, char **argv)
}
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
- passinarg, pkey_op, e, engine_impl, rawin, &pkey,
- mctx, digestname, libctx, app_get0_propq());
+ passinarg, pkey_op, e, engine_impl, rawin, &pkey,
+ mctx, digestname, libctx, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
goto end;
@@ -323,7 +341,7 @@ int pkeyutl_main(int argc, char **argv)
if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
- prog, opt);
+ prog, opt);
goto end;
}
}
@@ -344,7 +362,7 @@ int pkeyutl_main(int argc, char **argv)
BIO_snprintf(passwd_buf, sizeof(passwd_buf), "Enter %s: ", opt);
r = EVP_read_pw_string(passwd_buf, sizeof(passwd_buf) - 1,
- passwd_buf, 0);
+ passwd_buf, 0);
if (r < 0) {
if (r == -2)
BIO_puts(bio_err, "user abort\n");
@@ -370,7 +388,7 @@ int pkeyutl_main(int argc, char **argv)
if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
- prog, opt);
+ prog, opt);
OPENSSL_free(passwd);
goto end;
}
@@ -380,13 +398,13 @@ int pkeyutl_main(int argc, char **argv)
if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
- "%s: Signature file specified for non verify\n", prog);
+ "%s: Signature file specified for non verify\n", prog);
goto end;
}
if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
- "%s: No signature file specified for verify\n", prog);
+ "%s: No signature file specified for verify\n", prog);
goto end;
}
@@ -442,21 +460,21 @@ int pkeyutl_main(int argc, char **argv)
/* Sanity check the input if the input is not raw */
if (!rawin
- && buf_inlen > EVP_MAX_MD_SIZE
- && (pkey_op == EVP_PKEY_OP_SIGN
- || pkey_op == EVP_PKEY_OP_VERIFY)) {
+ && buf_inlen > EVP_MAX_MD_SIZE
+ && (pkey_op == EVP_PKEY_OP_SIGN
+ || pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
- "Error: The input data looks too long to be a hash\n");
+ "Error: The input data looks too long to be a hash\n");
goto end;
}
if (pkey_op == EVP_PKEY_OP_VERIFY) {
if (rawin) {
rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
- NULL, 0);
+ NULL, 0);
} else {
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
- buf_in, (size_t)buf_inlen);
+ buf_in, (size_t)buf_inlen);
}
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
@@ -469,20 +487,20 @@ int pkeyutl_main(int argc, char **argv)
if (rawin) {
/* rawin allocates the buffer in do_raw_keyop() */
rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
- &buf_out, (size_t *)&buf_outlen);
+ &buf_out, (size_t *)&buf_outlen);
} else {
if (kdflen != 0) {
buf_outlen = kdflen;
rv = 1;
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen);
+ buf_in, (size_t)buf_inlen);
}
if (rv > 0 && buf_outlen != 0) {
buf_out = app_malloc(buf_outlen, "buffer output");
rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen);
+ buf_out, (size_t *)&buf_outlen,
+ buf_in, (size_t)buf_inlen);
}
}
if (rv <= 0) {
@@ -504,7 +522,7 @@ int pkeyutl_main(int argc, char **argv)
BIO_write(out, buf_out, buf_outlen);
}
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
EVP_MD_CTX_free(mctx);
@@ -523,11 +541,11 @@ int pkeyutl_main(int argc, char **argv)
}
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
- const char *keyfile, int keyform, int key_type,
- char *passinarg, int pkey_op, ENGINE *e,
- const int engine_impl, int rawin,
- EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname,
- OSSL_LIB_CTX *libctx, const char *propq)
+ const char *keyfile, int keyform, int key_type,
+ char *passinarg, int pkey_op, ENGINE *e,
+ const int engine_impl, int rawin,
+ EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@@ -537,7 +555,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
X509 *x;
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
- || (pkey_op == EVP_PKEY_OP_DERIVE))
+ || (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
@@ -565,7 +583,6 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
case KEY_NONE:
break;
-
}
#ifndef OPENSSL_NO_ENGINE
@@ -580,7 +597,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
- kdfalg);
+ kdfalg);
goto end;
}
}
@@ -611,12 +628,12 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
switch (pkey_op) {
case EVP_PKEY_OP_SIGN:
rv = EVP_DigestSignInit_ex(mctx, NULL, digestname, libctx, propq,
- pkey, NULL);
+ pkey, NULL);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_DigestVerifyInit_ex(mctx, NULL, digestname, libctx, propq,
- pkey, NULL);
+ pkey, NULL);
break;
}
@@ -653,14 +670,13 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
ctx = NULL;
}
- end:
+end:
OPENSSL_free(passin);
return ctx;
-
}
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
- ENGINE *e)
+ ENGINE *e)
{
EVP_PKEY *peer = NULL;
ENGINE *engine = NULL;
@@ -681,8 +697,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
}
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
- const unsigned char *in, size_t inlen)
+ unsigned char *out, size_t *poutlen,
+ const unsigned char *in, size_t inlen)
{
int rv = 0;
switch (pkey_op) {
@@ -705,7 +721,6 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive(ctx, out, poutlen);
break;
-
}
return rv;
}
@@ -713,9 +728,9 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
#define TBUF_MAXSIZE 2048
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
- unsigned char **out, size_t *poutlen)
+ EVP_PKEY *pkey, BIO *in,
+ int filesize, unsigned char *sig, int siglen,
+ unsigned char **out, size_t *poutlen)
{
int rv = 0;
unsigned char tbuf[TBUF_MAXSIZE];
@@ -724,14 +739,14 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
/* Some algorithms only support oneshot digests */
if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519
- || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) {
+ || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) {
if (filesize < 0) {
BIO_printf(bio_err,
- "Error: unable to determine file size for oneshot operation\n");
+ "Error: unable to determine file size for oneshot operation\n");
goto end;
}
mbuf = app_malloc(filesize, "oneshot sign/verify buffer");
- switch(pkey_op) {
+ switch (pkey_op) {
case EVP_PKEY_OP_VERIFY:
buf_len = BIO_read(in, mbuf, filesize);
if (buf_len != filesize) {
@@ -756,7 +771,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
goto end;
}
- switch(pkey_op) {
+ switch (pkey_op) {
case EVP_PKEY_OP_VERIFY:
for (;;) {
buf_len = BIO_read(in, tbuf, TBUF_MAXSIZE);
@@ -797,7 +812,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
break;
}
- end:
+end:
OPENSSL_free(mbuf);
return rv;
}
diff --git a/apps/prime.c b/apps/prime.c
index e269493d5cd7..84887e965fe6 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -15,29 +15,33 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS,
+ OPT_HEX,
+ OPT_GENERATE,
+ OPT_BITS,
+ OPT_SAFE,
+ OPT_CHECKS,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS prime_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"bits", OPT_BITS, 'p', "Size of number in bits"},
- {"checks", OPT_CHECKS, 'p', "Number of checks"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "bits", OPT_BITS, 'p', "Size of number in bits" },
+ { "checks", OPT_CHECKS, 'p', "Number of checks" },
OPT_SECTION("Output"),
- {"hex", OPT_HEX, '-', "Hex output"},
- {"generate", OPT_GENERATE, '-', "Generate a prime"},
- {"safe", OPT_SAFE, '-',
- "When used with -generate, generate a safe prime"},
+ { "hex", OPT_HEX, '-', "Hex output" },
+ { "generate", OPT_GENERATE, '-', "Generate a prime" },
+ { "safe", OPT_SAFE, '-',
+ "When used with -generate, generate a safe prime" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"number", 0, 0, "Number(s) to check for primality if not generating"},
- {NULL}
+ { "number", 0, 0, "Number(s) to check for primality if not generating" },
+ { NULL }
};
int prime_main(int argc, char **argv)
@@ -52,7 +56,7 @@ int prime_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -116,7 +120,7 @@ opthelp:
BIO_printf(bio_out, "%s\n", s);
OPENSSL_free(s);
} else {
- for ( ; *argv; argv++) {
+ for (; *argv; argv++) {
int r;
if (hex)
@@ -131,14 +135,15 @@ opthelp:
BN_print(bio_out, bn);
BIO_printf(bio_out, " (%s) %s prime\n",
- argv[0],
- BN_check_prime(bn, NULL, NULL)
- ? "is" : "is not");
+ argv[0],
+ BN_check_prime(bn, NULL, NULL)
+ ? "is"
+ : "is not");
}
}
ret = 0;
- end:
+end:
BN_free(bn);
return ret;
}
diff --git a/apps/progs.pl b/apps/progs.pl
index 29f9be13ca08..57f33030a79d 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,10 @@ die "Unrecognised option, must be -C or -H\n"
unless ($opt eq '-H' || $opt eq '-C');
my %commands = ();
-my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+# I think it is best reconsidered in favour of just a table
+# of commands instead of this fragile regex. There really are not that
+# many commands.
+my $cmdre = qr/^\s*(int\s+|)\s*([a-z_][a-z0-9_]*)_main\s*\(\s*int\s+argc\s*,/;
my $apps_openssl = shift @ARGV;
my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900;
@@ -36,7 +39,7 @@ foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach ( grep /$cmdre/, <F> ) {
my @foo = /$cmdre/;
- $commands{$1} = 1;
+ $commands{$2} = 1;
}
close F;
}
@@ -104,7 +107,7 @@ EOF
# The format of this table is:
# [0] = alternative command to use instead
# [1] = deprecented in this version
-# [2] = preprocessor conditional for exclusing irrespective of deprecation
+# [2] = preprocessor conditional for excluding irrespective of deprecation
# rsa => [ "pkey", "3_0", "rsa" ],
# genrsa => [ "genpkey", "3_0", "rsa" ],
rsautl => [ "pkeyutl", "3_0", "rsa" ],
diff --git a/apps/rand.c b/apps/rand.c
index cbf495d5bc53..7d78730ac9ac 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -20,30 +20,34 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_OUT,
+ OPT_ENGINE,
+ OPT_BASE64,
+ OPT_HEX,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"base64", OPT_BASE64, '-', "Base64 encode output"},
- {"hex", OPT_HEX, '-', "Hex encode output"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "base64", OPT_BASE64, '-', "Base64 encode output" },
+ { "hex", OPT_HEX, '-', "Hex encode output" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"num", 0, 0, "Number of bytes to generate"},
- {NULL}
+ { "num", 0, 0, "Number of bytes to generate" },
+ { NULL }
};
int rand_main(int argc, char **argv)
@@ -59,7 +63,7 @@ int rand_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -140,7 +144,7 @@ int rand_main(int argc, char **argv)
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
release_engine(e);
diff --git a/apps/rehash.c b/apps/rehash.c
index 6e0ca3642c40..373376a5679d 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -11,15 +11,14 @@
#include "apps.h"
#include "progs.h"
-#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
- (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
-# include <unistd.h>
-# include <stdio.h>
-# include <limits.h>
-# include <errno.h>
-# include <string.h>
-# include <ctype.h>
-# include <sys/stat.h>
+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
/*
* Make sure that the processing of symbol names is treated the same as when
@@ -27,32 +26,32 @@
* include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
* but not for internal headers.
*/
-# ifdef __VMS
-# pragma names save
-# pragma names as_is,shortened
-# endif
+#ifdef __VMS
+#pragma names save
+#pragma names as_is, shortened
+#endif
-# include "internal/o_dir.h"
+#include "internal/o_dir.h"
-# ifdef __VMS
-# pragma names restore
-# endif
+#ifdef __VMS
+#pragma names restore
+#endif
-# include <openssl/evp.h>
-# include <openssl/pem.h>
-# include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
-# ifndef PATH_MAX
-# define PATH_MAX 4096
-# endif
-# define MAX_COLLISIONS 256
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+#define MAX_COLLISIONS 256
-# if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS)
/*
* VxWorks has no symbolic links
*/
-# define lstat(path, buf) stat(path, buf)
+#define lstat(path, buf) stat(path, buf)
int symlink(const char *target, const char *linkpath)
{
@@ -65,7 +64,7 @@ ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
errno = ENOSYS;
return -1;
}
-# endif
+#endif
typedef struct hentry_st {
struct hentry_st *next;
@@ -85,14 +84,16 @@ typedef struct bucket_st {
enum Type {
/* Keep in sync with |suffixes|, below. */
- TYPE_CERT=0, TYPE_CRL=1
+ TYPE_CERT = 0,
+ TYPE_CRL = 1
};
enum Hash {
- HASH_OLD, HASH_NEW, HASH_BOTH
+ HASH_OLD,
+ HASH_NEW,
+ HASH_BOTH
};
-
static int evpmdsize;
static const EVP_MD *evpmd;
static int remove_links = 1;
@@ -102,7 +103,6 @@ static BUCKET *hash_table[257];
static const char *suffixes[] = { "", "r" };
static const char *extensions[] = { "pem", "crt", "cer", "crl" };
-
static void bit_set(unsigned char *set, unsigned int bit)
{
set[bit >> 3] |= 1 << (bit & 0x7);
@@ -113,13 +113,12 @@ static int bit_isset(unsigned char *set, unsigned int bit)
return set[bit >> 3] & (1 << (bit & 0x7));
}
-
/*
* Process an entry; return number of errors.
*/
static int add_entry(enum Type type, unsigned int hash, const char *filename,
- const unsigned char *digest, int need_symlink,
- unsigned short old_id)
+ const unsigned char *digest, int need_symlink,
+ unsigned short old_id)
{
static BUCKET nilbucket;
static HENTRY nilhentry;
@@ -142,9 +141,9 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
for (ep = bp->first_entry; ep; ep = ep->next) {
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
BIO_printf(bio_err,
- "%s: warning: skipping duplicate %s in %s\n",
- opt_getprog(),
- type == TYPE_CERT ? "certificate" : "CRL", filename);
+ "%s: warning: skipping duplicate %s in %s\n",
+ opt_getprog(),
+ type == TYPE_CERT ? "certificate" : "CRL", filename);
return 0;
}
if (strcmp(filename, ep->filename) == 0) {
@@ -157,8 +156,8 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
if (ep == NULL) {
if (bp->num_needed >= MAX_COLLISIONS) {
BIO_printf(bio_err,
- "%s: error: hash table overflow for %s\n",
- opt_getprog(), filename);
+ "%s: error: hash table overflow for %s\n",
+ opt_getprog(), filename);
return 1;
}
ep = app_malloc(sizeof(*ep), "collision bucket");
@@ -233,7 +232,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
*/
static int do_file(const char *filename, const char *fullpath, enum Hash h)
{
- STACK_OF (X509_INFO) *inf = NULL;
+ STACK_OF(X509_INFO) *inf = NULL;
X509_INFO *x;
const X509_NAME *name = NULL;
BIO *b;
@@ -255,7 +254,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
/* Does it have X.509 data in it? */
if ((b = BIO_new_file(fullpath, "r")) == NULL) {
BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
- opt_getprog(), filename);
+ opt_getprog(), filename);
errs++;
goto end;
}
@@ -266,9 +265,9 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (sk_X509_INFO_num(inf) != 1) {
BIO_printf(bio_err,
- "%s: warning: skipping %s,"
- "it does not contain exactly one certificate or CRL\n",
- opt_getprog(), filename);
+ "%s: warning: skipping %s,"
+ "it does not contain exactly one certificate or CRL\n",
+ opt_getprog(), filename);
/* This is not an error. */
goto end;
}
@@ -296,21 +295,20 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (name != NULL) {
if (h == HASH_NEW || h == HASH_BOTH) {
int ok;
- unsigned long hash_value =
- X509_NAME_hash_ex(name,
- app_get0_libctx(), app_get0_propq(), &ok);
+ unsigned long hash_value = X509_NAME_hash_ex(name,
+ app_get0_libctx(), app_get0_propq(), &ok);
if (ok) {
errs += add_entry(type, hash_value, filename, digest, 1, ~0);
} else {
BIO_printf(bio_err, "%s: error calculating SHA1 hash value\n",
- opt_getprog());
+ opt_getprog());
errs++;
}
}
if ((h == HASH_OLD) || (h == HASH_BOTH))
errs += add_entry(type, X509_NAME_hash_old(name),
- filename, digest, 1, ~0);
+ filename, digest, 1, ~0);
}
end:
@@ -327,17 +325,17 @@ static int ends_with_dirsep(const char *path)
{
if (*path != '\0')
path += strlen(path) - 1;
-# if defined __VMS
+#if defined __VMS
if (*path == ']' || *path == '>' || *path == ':')
return 1;
-# elif defined _WIN32
+#elif defined _WIN32
if (*path == '\\')
return 1;
-# endif
+#endif
return *path == '/';
}
-static int sk_strcmp(const char * const *a, const char * const *b)
+static int sk_strcmp(const char *const *a, const char *const *b)
{
return strcmp(*a, *b);
}
@@ -381,7 +379,7 @@ static int do_dir(const char *dirname, enum Hash h)
size_t fname_len = strlen(filename);
if ((copy = OPENSSL_strdup(filename)) == NULL
- || sk_OPENSSL_STRING_push(files, copy) == 0) {
+ || sk_OPENSSL_STRING_push(files, copy) == 0) {
OPENSSL_free(copy);
OPENSSL_DIR_end(&d);
BIO_puts(bio_err, "out of memory\n");
@@ -401,7 +399,8 @@ static int do_dir(const char *dirname, enum Hash h)
for (n = 0; n < numfiles; ++n) {
filename = sk_OPENSSL_STRING_value(files, n);
if (BIO_snprintf(buf, buflen, "%s%s%s",
- dirname, pathsep, filename) >= buflen)
+ dirname, pathsep, filename)
+ >= buflen)
continue;
if (lstat(buf, &st) < 0)
continue;
@@ -424,47 +423,47 @@ static int do_dir(const char *dirname, enum Hash h)
if (ep->old_id < bp->num_needed) {
/* Link exists, and is used as-is */
BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
- suffixes[bp->type], ep->old_id);
+ suffixes[bp->type], ep->old_id);
if (verbose)
BIO_printf(bio_out, "link %s -> %s\n",
- ep->filename, buf);
+ ep->filename, buf);
} else if (ep->need_symlink) {
/* New link needed (it may replace something) */
while (bit_isset(idmask, nextid))
nextid++;
BIO_snprintf(buf, buflen, "%s%s%08x.%s%d",
- dirname, pathsep, bp->hash,
- suffixes[bp->type], nextid);
+ dirname, pathsep, bp->hash,
+ suffixes[bp->type], nextid);
if (verbose)
BIO_printf(bio_out, "link %s -> %s\n",
- ep->filename, &buf[dirlen]);
+ ep->filename, &buf[dirlen]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
- "%s: Can't unlink %s, %s\n",
- opt_getprog(), buf, strerror(errno));
+ "%s: Can't unlink %s, %s\n",
+ opt_getprog(), buf, strerror(errno));
errs++;
}
if (symlink(ep->filename, buf) < 0) {
BIO_printf(bio_err,
- "%s: Can't symlink %s, %s\n",
- opt_getprog(), ep->filename,
- strerror(errno));
+ "%s: Can't symlink %s, %s\n",
+ opt_getprog(), ep->filename,
+ strerror(errno));
errs++;
}
bit_set(idmask, nextid);
} else if (remove_links) {
/* Link to be deleted */
BIO_snprintf(buf, buflen, "%s%s%08x.%s%d",
- dirname, pathsep, bp->hash,
- suffixes[bp->type], ep->old_id);
+ dirname, pathsep, bp->hash,
+ suffixes[bp->type], ep->old_id);
if (verbose)
BIO_printf(bio_out, "unlink %s\n",
- &buf[dirlen]);
+ &buf[dirlen]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
- "%s: Can't unlink %s, %s\n",
- opt_getprog(), buf, strerror(errno));
+ "%s: Can't unlink %s, %s\n",
+ opt_getprog(), buf, strerror(errno));
errs++;
}
}
@@ -476,7 +475,7 @@ static int do_dir(const char *dirname, enum Hash h)
hash_table[i] = NULL;
}
- err:
+err:
sk_OPENSSL_STRING_pop_free(files, str_free);
OPENSSL_free(buf);
return errs;
@@ -484,31 +483,33 @@ static int do_dir(const char *dirname, enum Hash h)
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE,
+ OPT_COMPAT,
+ OPT_OLD,
+ OPT_N,
+ OPT_VERBOSE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rehash_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"h", OPT_HELP, '-', "Display this summary"},
- {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
- {"old", OPT_OLD, '-', "Use old-style hash to generate links"},
- {"n", OPT_N, '-', "Do not remove existing links"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "h", OPT_HELP, '-', "Display this summary" },
+ { "compat", OPT_COMPAT, '-', "Create both new- and old-style hash links" },
+ { "old", OPT_OLD, '-', "Use old-style hash to generate links" },
+ { "n", OPT_N, '-', "Do not remove existing links" },
OPT_SECTION("Output"),
- {"v", OPT_VERBOSE, '-', "Verbose output"},
+ { "v", OPT_VERBOSE, '-', "Verbose output" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"directory", 0, 0, "One or more directories to process (optional)"},
- {NULL}
+ { "directory", 0, 0, "One or more directories to process (optional)" },
+ { NULL }
};
-
int rehash_main(int argc, char **argv)
{
const char *env, *prog;
@@ -571,13 +572,13 @@ int rehash_main(int argc, char **argv)
errs += do_dir(X509_get_default_cert_dir(), h);
}
- end:
+end:
return errs;
}
#else
const OPTIONS rehash_options[] = {
- {NULL}
+ { NULL }
};
int rehash_main(int argc, char **argv)
diff --git a/apps/req.c b/apps/req.c
index 2fc53d4bfcfa..d31bd8c753a0 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -28,51 +28,51 @@
#include <openssl/lhash.h>
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
+#include <openssl/dsa.h>
#endif
-#define BITS "default_bits"
-#define KEYFILE "default_keyfile"
-#define PROMPT "prompt"
+#define BITS "default_bits"
+#define KEYFILE "default_keyfile"
+#define PROMPT "prompt"
#define DISTINGUISHED_NAME "distinguished_name"
-#define ATTRIBUTES "attributes"
-#define V3_EXTENSIONS "x509_extensions"
-#define REQ_EXTENSIONS "req_extensions"
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
+#define ATTRIBUTES "attributes"
+#define V3_EXTENSIONS "x509_extensions"
+#define REQ_EXTENSIONS "req_extensions"
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
#define DEFAULT_KEY_LENGTH 2048
-#define MIN_KEY_LENGTH 512
-#define DEFAULT_DAYS 30 /* default cert validity period in days */
-#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */
-#define EXT_COPY_UNSET -1
+#define MIN_KEY_LENGTH 512
+#define DEFAULT_DAYS 30 /* default cert validity period in days */
+#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */
+#define EXT_COPY_UNSET -1
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
- int mutlirdn, int attribs, unsigned long chtype);
+ int mutlirdn, int attribs, unsigned long chtype);
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
- int attribs, unsigned long chtype);
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+ int attribs, unsigned long chtype);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
- STACK_OF(CONF_VALUE) *attr, int attribs,
- unsigned long chtype);
+ STACK_OF(CONF_VALUE) *attr, int attribs,
+ unsigned long chtype);
static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min, int n_max,
- unsigned long chtype);
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype);
static int add_DN_object(X509_NAME *n, char *text, const char *def,
- char *value, int nid, int n_min, int n_max,
- unsigned long chtype, int mval);
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype, int mval);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
static int build_data(char *text, const char *def, char *value,
- int n_min, int n_max, char *buf, const int buf_size,
- const char *desc1, const char *desc2);
+ int n_min, int n_max, char *buf, const int buf_size,
+ const char *desc1, const char *desc2);
static int req_check_len(int len, int n_min, int n_max);
static int check_end(const char *str, const char *end);
static int join(char buf[], size_t buf_size, const char *name,
- const char *tail, const char *desc);
+ const char *tail, const char *desc);
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
- char **pkeytype, long *pkeylen,
- ENGINE *keygen_engine);
+ char **pkeytype, long *pkeylen,
+ ENGINE *keygen_engine);
static const char *section = "req";
static CONF *req_conf = NULL;
@@ -81,93 +81,128 @@ static int batch = 0;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
- OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
- OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
- OPT_PKEYOPT, OPT_SIGOPT, OPT_VFYOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
- OPT_VERIFY, OPT_NOENC, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
- OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
- OPT_CA, OPT_CAKEY,
- OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL,
- OPT_COPY_EXTENSIONS, OPT_ADDEXT, OPT_EXTENSIONS,
- OPT_REQEXTS, OPT_PRECERT, OPT_MD,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_ENGINE,
+ OPT_KEYGEN_ENGINE,
+ OPT_KEY,
+ OPT_PUBKEY,
+ OPT_NEW,
+ OPT_CONFIG,
+ OPT_KEYFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_KEYOUT,
+ OPT_PASSIN,
+ OPT_PASSOUT,
+ OPT_NEWKEY,
+ OPT_PKEYOPT,
+ OPT_SIGOPT,
+ OPT_VFYOPT,
+ OPT_BATCH,
+ OPT_NEWHDR,
+ OPT_MODULUS,
+ OPT_VERIFY,
+ OPT_NOENC,
+ OPT_NODES,
+ OPT_NOOUT,
+ OPT_VERBOSE,
+ OPT_UTF8,
+ OPT_NAMEOPT,
+ OPT_REQOPT,
+ OPT_SUBJ,
+ OPT_SUBJECT,
+ OPT_TEXT,
+ OPT_X509,
+ OPT_CA,
+ OPT_CAKEY,
+ OPT_MULTIVALUE_RDN,
+ OPT_DAYS,
+ OPT_SET_SERIAL,
+ OPT_COPY_EXTENSIONS,
+ OPT_ADDEXT,
+ OPT_EXTENSIONS,
+ OPT_REQEXTS,
+ OPT_PRECERT,
+ OPT_MD,
OPT_SECTION,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS req_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"keygen_engine", OPT_KEYGEN_ENGINE, 's',
- "Specify engine to be used for key generation operations"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
+ { "keygen_engine", OPT_KEYGEN_ENGINE, 's',
+ "Specify engine to be used for key generation operations" },
#endif
- {"in", OPT_IN, '<', "X.509 request input file (default stdin)"},
- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
- {"verify", OPT_VERIFY, '-', "Verify self-signature on the request"},
+ { "in", OPT_IN, '<', "X.509 request input file (default stdin)" },
+ { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" },
+ { "verify", OPT_VERIFY, '-', "Verify self-signature on the request" },
OPT_SECTION("Certificate"),
- {"new", OPT_NEW, '-', "New request"},
- {"config", OPT_CONFIG, '<', "Request template file"},
- {"section", OPT_SECTION, 's', "Config section to use (default \"req\")"},
- {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"reqopt", OPT_REQOPT, 's', "Various request text options"},
- {"text", OPT_TEXT, '-', "Text form of request"},
- {"x509", OPT_X509, '-',
- "Output an X.509 certificate structure instead of a cert request"},
- {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"},
- {"CAkey", OPT_CAKEY, 's',
- "Issuer private key to use with -CA; default is -CA arg"},
- {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
- {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"},
- {"subject", OPT_SUBJECT, '-',
- "Print the subject of the output request or cert"},
- {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
- "Deprecated; multi-valued RDNs support is always on."},
- {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
- {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
- {"copy_extensions", OPT_COPY_EXTENSIONS, 's',
- "copy extensions from request when using -x509"},
- {"addext", OPT_ADDEXT, 's',
- "Additional cert extension key=value pair (may be given more than once)"},
- {"extensions", OPT_EXTENSIONS, 's',
- "Cert extension section (override value in config file)"},
- {"reqexts", OPT_REQEXTS, 's',
- "Request extension section (override value in config file)"},
- {"precert", OPT_PRECERT, '-',
- "Add a poison extension to the generated cert (implies -new)"},
+ { "new", OPT_NEW, '-', "New request" },
+ { "config", OPT_CONFIG, '<', "Request template file" },
+ { "section", OPT_SECTION, 's', "Config section to use (default \"req\")" },
+ { "utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)" },
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
+ { "reqopt", OPT_REQOPT, 's', "Various request text options" },
+ { "text", OPT_TEXT, '-', "Text form of request" },
+ { "x509", OPT_X509, '-',
+ "Output an X.509 certificate structure instead of a cert request" },
+ { "CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509" },
+ { "CAkey", OPT_CAKEY, 's',
+ "Issuer private key to use with -CA; default is -CA arg" },
+ { OPT_MORE_STR, 1, 1, "(Required by some CA's)" },
+ { "subj", OPT_SUBJ, 's', "Set or modify subject of request or cert" },
+ { "subject", OPT_SUBJECT, '-',
+ "Print the subject of the output request or cert" },
+ { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+ "Deprecated; multi-valued RDNs support is always on." },
+ { "days", OPT_DAYS, 'p', "Number of days cert is valid for" },
+ { "set_serial", OPT_SET_SERIAL, 's', "Serial number to use" },
+ { "copy_extensions", OPT_COPY_EXTENSIONS, 's',
+ "copy extensions from request when using -x509" },
+ { "addext", OPT_ADDEXT, 's',
+ "Additional cert extension key=value pair (may be given more than once)" },
+ { "extensions", OPT_EXTENSIONS, 's',
+ "Cert extension section (override value in config file)" },
+ { "reqexts", OPT_REQEXTS, 's',
+ "Request extension section (override value in config file)" },
+ { "precert", OPT_PRECERT, '-',
+ "Add a poison extension to the generated cert (implies -new)" },
OPT_SECTION("Keys and Signing"),
- {"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"},
- {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
- {"pubkey", OPT_PUBKEY, '-', "Output public key"},
- {"keyout", OPT_KEYOUT, '>', "File to write private key to"},
- {"passin", OPT_PASSIN, 's', "Private key and certificate password source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"newkey", OPT_NEWKEY, 's',
- "Generate new key with [<alg>:]<nbits> or <alg>[:<file>] or param:<file>"},
- {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
- {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
- {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"},
- {"", OPT_MD, '-', "Any supported digest"},
+ { "key", OPT_KEY, 's', "Key for signing, and to include unless -in given" },
+ { "keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)" },
+ { "pubkey", OPT_PUBKEY, '-', "Output public key" },
+ { "keyout", OPT_KEYOUT, '>', "File to write private key to" },
+ { "passin", OPT_PASSIN, 's', "Private key and certificate password source" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
+ { "newkey", OPT_NEWKEY, 's',
+ "Generate new key with [<alg>:]<nbits> or <alg>[:<file>] or param:<file>" },
+ { "pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value" },
+ { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" },
+ { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" },
+ { "", OPT_MD, '-', "Any supported digest" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
- {"batch", OPT_BATCH, '-',
- "Do not ask anything during request generation"},
- {"verbose", OPT_VERBOSE, '-', "Verbose output"},
- {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"},
- {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"},
- {"noout", OPT_NOOUT, '-', "Do not output REQ"},
- {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
- {"modulus", OPT_MODULUS, '-', "RSA modulus"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" },
+ { "batch", OPT_BATCH, '-',
+ "Do not ask anything during request generation" },
+ { "verbose", OPT_VERBOSE, '-', "Verbose output" },
+ { "noenc", OPT_NOENC, '-', "Don't encrypt private keys" },
+ { "nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated" },
+ { "noout", OPT_NOOUT, '-', "Do not output REQ" },
+ { "newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines" },
+ { "modulus", OPT_MODULUS, '-', "RSA modulus" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
/*
@@ -274,7 +309,7 @@ int req_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -351,7 +386,7 @@ int req_main(int argc, char **argv)
if (pkeyopts == NULL)
pkeyopts = sk_OPENSSL_STRING_new_null();
if (pkeyopts == NULL
- || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
+ || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
goto opthelp;
break;
case OPT_SIGOPT:
@@ -416,7 +451,7 @@ int req_main(int argc, char **argv)
days = atoi(opt_arg());
if (days < -1) {
BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n",
- prog);
+ prog);
goto end;
}
break;
@@ -441,7 +476,7 @@ int req_main(int argc, char **argv)
case OPT_COPY_EXTENSIONS:
if (!set_ext_copy(&ext_copy, opt_arg())) {
BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n",
- opt_arg());
+ opt_arg());
goto end;
}
break;
@@ -503,7 +538,7 @@ int req_main(int argc, char **argv)
if (addext_bio != NULL) {
if (verbose)
BIO_printf(bio_err,
- "Using additional configuration from -addext options\n");
+ "Using additional configuration from -addext options\n");
if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL)
goto end;
}
@@ -520,7 +555,7 @@ int req_main(int argc, char **argv)
if (oid_bio == NULL) {
if (verbose)
BIO_printf(bio_err,
- "Problems opening '%s' for extra OIDs\n", p);
+ "Problems opening '%s' for extra OIDs\n", p);
} else {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
@@ -559,8 +594,8 @@ int req_main(int argc, char **argv)
X509V3_set_nconf(&ctx, req_conf);
if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
- "Error checking x509 extension section %s\n",
- extensions);
+ "Error checking x509 extension section %s\n",
+ extensions);
goto end;
}
}
@@ -577,15 +612,13 @@ int req_main(int argc, char **argv)
}
if (passin == NULL) {
- passin = nofree_passin =
- NCONF_get_string(req_conf, section, "input_password");
+ passin = nofree_passin = NCONF_get_string(req_conf, section, "input_password");
if (passin == NULL)
ERR_clear_error();
}
if (passout == NULL) {
- passout = nofree_passout =
- NCONF_get_string(req_conf, section, "output_password");
+ passout = nofree_passout = NCONF_get_string(req_conf, section, "output_password");
if (passout == NULL)
ERR_clear_error();
}
@@ -620,8 +653,8 @@ int req_main(int argc, char **argv)
X509V3_set_nconf(&ctx, req_conf);
if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
- "Error checking request extension section %s\n",
- req_exts);
+ "Error checking request extension section %s\n",
+ req_exts);
goto end;
}
}
@@ -649,7 +682,7 @@ int req_main(int argc, char **argv)
|| EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")
|| EVP_PKEY_CTX_is_a(genctx, "DSA"))) {
BIO_printf(bio_err, "Private key length too short, needs to be at least %d bits, not %ld.\n",
- MIN_KEY_LENGTH, newkey_len);
+ MIN_KEY_LENGTH, newkey_len);
goto end;
}
@@ -657,17 +690,17 @@ int req_main(int argc, char **argv)
&& (EVP_PKEY_CTX_is_a(genctx, "RSA")
|| EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")))
BIO_printf(bio_err,
- "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
- " Your key size is %ld! Larger key size may behave not as expected.\n",
- OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len);
+ "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+ " Your key size is %ld! Larger key size may behave not as expected.\n",
+ OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len);
#ifndef OPENSSL_NO_DSA
if (EVP_PKEY_CTX_is_a(genctx, "DSA")
- && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS)
+ && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
- "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
- " Your key size is %ld! Larger key size may behave not as expected.\n",
- OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len);
+ "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+ " Your key size is %ld! Larger key size may behave not as expected.\n",
+ OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len);
#endif
if (pkeyopts != NULL) {
@@ -705,7 +738,7 @@ int req_main(int argc, char **argv)
else
BIO_printf(bio_err, "'%s'\n", keyout);
}
- out = bio_open_owner(keyout, outformat, newreq);
+ out = bio_open_owner(keyout, outformat, 1);
if (out == NULL)
goto end;
@@ -722,11 +755,10 @@ int req_main(int argc, char **argv)
cipher = NULL;
i = 0;
- loop:
+ loop:
if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout)) {
- if ((ERR_GET_REASON(ERR_peek_error()) ==
- PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
+ NULL, 0, NULL, passout)) {
+ if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
ERR_clear_error();
i++;
goto loop;
@@ -743,12 +775,12 @@ int req_main(int argc, char **argv)
* where characters may be escaped by \
*/
if (subj != NULL
- && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
+ && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
goto end;
if (!newreq) {
req = load_csr(infile /* if NULL, reads from stdin */,
- informat, "X509 request");
+ informat, "X509 request");
if (req == NULL)
goto end;
}
@@ -758,30 +790,32 @@ int req_main(int argc, char **argv)
if (CAkeyfile != NULL) {
if (CAfile == NULL) {
BIO_printf(bio_err,
- "Warning: Ignoring -CAkey option since no -CA option is given\n");
+ "Warning: Ignoring -CAkey option since no -CA option is given\n");
} else {
if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
- 0, passin, e,
- CAkeyfile != CAfile
- ? "issuer private key from -CAkey arg"
- : "issuer private key from -CA arg")) == NULL)
+ 0, passin, e,
+ CAkeyfile != CAfile
+ ? "issuer private key from -CAkey arg"
+ : "issuer private key from -CA arg"))
+ == NULL)
goto end;
}
}
if (CAfile != NULL) {
if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
- "issuer cert from -CA arg")) == NULL)
+ "issuer cert from -CA arg"))
+ == NULL)
goto end;
if (!X509_check_private_key(CAcert, CAkey)) {
BIO_printf(bio_err,
- "Issuer CA certificate and key do not match\n");
+ "Issuer CA certificate and key do not match\n");
goto end;
}
}
if (newreq || gen_x509) {
if (CAcert == NULL && pkey == NULL) {
BIO_printf(bio_err, "Must provide a signature key using -key or"
- " provide -CA / -CAkey\n");
+ " provide -CA / -CAkey\n");
goto end;
}
@@ -791,7 +825,7 @@ int req_main(int argc, char **argv)
goto end;
}
- if (!make_REQ(req, pkey, fsubj, multirdn, !gen_x509, chtype)){
+ if (!make_REQ(req, pkey, fsubj, multirdn, !gen_x509, chtype)) {
BIO_printf(bio_err, "Error making certificate request\n");
goto end;
}
@@ -801,13 +835,12 @@ int req_main(int argc, char **argv)
EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req);
EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey;
X509V3_CTX ext_ctx;
- X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) :
- X509_REQ_get_subject_name(req);
- X509_NAME *n_subj = fsubj != NULL ? fsubj :
- X509_REQ_get_subject_name(req);
+ X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : X509_REQ_get_subject_name(req);
+ X509_NAME *n_subj = fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req);
if ((new_x509 = X509_new_ex(app_get0_libctx(),
- app_get0_propq())) == NULL)
+ app_get0_propq()))
+ == NULL)
goto end;
if (serial != NULL) {
@@ -839,7 +872,7 @@ int req_main(int argc, char **argv)
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509,
- new_x509, NULL, NULL, X509V3_CTX_REPLACE);
+ new_x509, NULL, NULL, X509V3_CTX_REPLACE);
/* prepare fallback for AKID, but only if issuer cert == new_x509 */
if (CAcert == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key))
@@ -847,22 +880,22 @@ int req_main(int argc, char **argv)
ERR_set_mark();
if (!X509_check_private_key(new_x509, issuer_key))
BIO_printf(bio_err,
- "Warning: Signature key and public key of cert do not match\n");
+ "Warning: Signature key and public key of cert do not match\n");
ERR_pop_to_mark();
}
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
if (extensions != NULL
- && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions,
- new_x509)) {
+ && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions,
+ new_x509)) {
BIO_printf(bio_err, "Error adding x509 extensions from section %s\n",
- extensions);
+ extensions);
goto end;
}
if (addext_conf != NULL
&& !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default",
- new_x509)) {
+ new_x509)) {
BIO_printf(bio_err, "Error adding extensions defined via -addext\n");
goto end;
}
@@ -870,7 +903,8 @@ int req_main(int argc, char **argv)
/* If a pre-cert was requested, we need to add a poison extension */
if (precert) {
if (X509_add1_ext_i2d(new_x509, NID_ct_precert_poison,
- NULL, 1, 0) != 1) {
+ NULL, 1, 0)
+ != 1) {
BIO_printf(bio_err, "Error adding poison extension\n");
goto end;
}
@@ -889,14 +923,14 @@ int req_main(int argc, char **argv)
/* Add extensions */
if (req_exts != NULL
&& !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx,
- req_exts, req)) {
+ req_exts, req)) {
BIO_printf(bio_err, "Error adding request extensions from section %s\n",
- req_exts);
+ req_exts);
goto end;
}
if (addext_conf != NULL
&& !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default",
- req)) {
+ req)) {
BIO_printf(bio_err, "Error adding extensions defined via -addext\n");
goto end;
}
@@ -947,9 +981,8 @@ int req_main(int argc, char **argv)
}
out = bio_open_default(outfile,
- keyout != NULL && outfile != NULL &&
- strcmp(keyout, outfile) == 0 ? 'a' : 'w',
- outformat);
+ keyout != NULL && outfile != NULL && strcmp(keyout, outfile) == 0 ? 'a' : 'w',
+ outformat);
if (out == NULL)
goto end;
@@ -979,9 +1012,7 @@ int req_main(int argc, char **argv)
}
if (subject) {
- print_name(out, "subject=", gen_x509
- ? X509_get_subject_name(new_x509)
- : X509_REQ_get_subject_name(req));
+ print_name(out, "subject=", gen_x509 ? X509_get_subject_name(new_x509) : X509_REQ_get_subject_name(req));
}
if (modulus) {
@@ -1032,7 +1063,7 @@ int req_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
if (ret) {
ERR_print_errors(bio_err);
}
@@ -1066,7 +1097,7 @@ int req_main(int argc, char **argv)
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
- int multirdn, int attribs, unsigned long chtype)
+ int multirdn, int attribs, unsigned long chtype)
{
int ret = 0, i;
char no_prompt = 0;
@@ -1111,7 +1142,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
else
i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
- chtype);
+ chtype);
if (!i)
goto err;
@@ -1119,14 +1150,14 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
goto err;
ret = 1;
- err:
+err:
return ret;
}
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
- int attribs, unsigned long chtype)
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+ int attribs, unsigned long chtype)
{
int i;
char *p, *q;
@@ -1140,22 +1171,22 @@ static int prompt_info(X509_REQ *req,
if (!batch) {
BIO_printf(bio_err,
- "You are about to be asked to enter information that will be incorporated\n");
+ "You are about to be asked to enter information that will be incorporated\n");
BIO_printf(bio_err, "into your certificate request.\n");
BIO_printf(bio_err,
- "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ "What you are about to enter is what is called a Distinguished Name or a DN.\n");
BIO_printf(bio_err,
- "There are quite a few fields but you can leave some blank\n");
+ "There are quite a few fields but you can leave some blank\n");
BIO_printf(bio_err,
- "For some fields there will be a default value,\n");
+ "For some fields there will be a default value,\n");
BIO_printf(bio_err,
- "If you enter '.', the field will be left blank.\n");
+ "If you enter '.', the field will be left blank.\n");
BIO_printf(bio_err, "-----\n");
}
if (sk_CONF_VALUE_num(dn_sk)) {
i = -1;
- start:
+ start:
for (;;) {
i++;
if (sk_CONF_VALUE_num(dn_sk) <= i)
@@ -1164,8 +1195,7 @@ static int prompt_info(X509_REQ *req,
v = sk_CONF_VALUE_value(dn_sk, i);
p = q = NULL;
type = v->name;
- if (!check_end(type, "_min") || !check_end(type, "_max") ||
- !check_end(type, "_default") || !check_end(type, "_value"))
+ if (!check_end(type, "_min") || !check_end(type, "_max") || !check_end(type, "_default") || !check_end(type, "_value"))
continue;
/*
* Skip past any leading X. X: X, etc to allow for multiple
@@ -1216,7 +1246,7 @@ static int prompt_info(X509_REQ *req,
}
if (!add_DN_object(subj, v->value, def, value, nid,
- n_min, n_max, chtype, mval))
+ n_min, n_max, chtype, mval))
return 0;
}
if (X509_NAME_entry_count(subj) == 0) {
@@ -1228,13 +1258,13 @@ static int prompt_info(X509_REQ *req,
if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)
&& (!batch)) {
BIO_printf(bio_err,
- "\nPlease enter the following 'extra' attributes\n");
+ "\nPlease enter the following 'extra' attributes\n");
BIO_printf(bio_err,
- "to be sent with your certificate request\n");
+ "to be sent with your certificate request\n");
}
i = -1;
- start2:
+ start2:
for (;;) {
i++;
if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
@@ -1276,8 +1306,8 @@ static int prompt_info(X509_REQ *req,
}
if (!add_attribute_object(req,
- v->value, def, value, nid, n_min,
- n_max, chtype))
+ v->value, def, value, nid, n_min,
+ n_max, chtype))
return 0;
}
}
@@ -1287,12 +1317,11 @@ static int prompt_info(X509_REQ *req,
}
return 1;
-
}
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
- STACK_OF(CONF_VALUE) *attr_sk, int attribs,
- unsigned long chtype)
+ STACK_OF(CONF_VALUE) *attr_sk, int attribs,
+ unsigned long chtype)
{
int i, spec_char, plus_char;
char *p, *q;
@@ -1315,7 +1344,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
spec_char = (*p == ':' || *p == ',' || *p == '.');
#else
spec_char = (*p == os_toascii[':'] || *p == os_toascii[',']
- || *p == os_toascii['.']);
+ || *p == os_toascii['.']);
#endif
if (spec_char) {
p++;
@@ -1336,10 +1365,9 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
mval = 0;
}
if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
- (unsigned char *)v->value, -1, -1,
- mval))
+ (unsigned char *)v->value, -1, -1,
+ mval))
return 0;
-
}
if (!X509_NAME_entry_count(subj)) {
@@ -1350,7 +1378,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
v = sk_CONF_VALUE_value(attr_sk, i);
if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
- (unsigned char *)v->value, -1))
+ (unsigned char *)v->value, -1))
return 0;
}
}
@@ -1358,40 +1386,40 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
}
static int add_DN_object(X509_NAME *n, char *text, const char *def,
- char *value, int nid, int n_min, int n_max,
- unsigned long chtype, int mval)
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype, int mval)
{
int ret = 0;
char buf[1024];
ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
- "DN value", "DN default");
+ "DN value", "DN default");
if ((ret == 0) || (ret == 1))
return ret;
ret = 1;
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
- (unsigned char *)buf, -1, -1, mval))
+ (unsigned char *)buf, -1, -1, mval))
ret = 0;
return ret;
}
static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype)
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype)
{
int ret = 0;
char buf[1024];
ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
- "Attribute value", "Attribute default");
+ "Attribute value", "Attribute default");
if ((ret == 0) || (ret == 1))
return ret;
ret = 1;
if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
- (unsigned char *)buf, -1)) {
+ (unsigned char *)buf, -1)) {
BIO_printf(bio_err, "Error adding attribute\n");
ret = 0;
}
@@ -1400,11 +1428,11 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
}
static int build_data(char *text, const char *def, char *value,
- int n_min, int n_max, char *buf, const int buf_size,
- const char *desc1, const char *desc2)
+ int n_min, int n_max, char *buf, const int buf_size,
+ const char *desc1, const char *desc2)
{
int i;
- start:
+start:
if (!batch)
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
@@ -1455,12 +1483,12 @@ static int req_check_len(int len, int n_min, int n_max)
{
if (n_min > 0 && len < n_min) {
BIO_printf(bio_err,
- "String too short, must be at least %d bytes long\n", n_min);
+ "String too short, must be at least %d bytes long\n", n_min);
return 0;
}
if (n_max >= 0 && len > n_max) {
BIO_printf(bio_err,
- "String too long, must be at most %d bytes long\n", n_max);
+ "String too long, must be at most %d bytes long\n", n_max);
return 0;
}
return 1;
@@ -1485,7 +1513,7 @@ static int check_end(const char *str, const char *end)
* overflow and producing an error message if there is.
*/
static int join(char buf[], size_t buf_size, const char *name,
- const char *tail, const char *desc)
+ const char *tail, const char *desc)
{
const size_t name_len = strlen(name), tail_len = strlen(tail);
@@ -1499,8 +1527,8 @@ static int join(char buf[], size_t buf_size, const char *name,
}
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
- char **pkeytype, long *pkeylen,
- ENGINE *keygen_engine)
+ char **pkeytype, long *pkeylen,
+ ENGINE *keygen_engine)
{
EVP_PKEY_CTX *gctx = NULL;
EVP_PKEY *param = NULL;
@@ -1536,8 +1564,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
expect_paramfile = 1;
if (p == NULL) {
BIO_printf(bio_err,
- "Parameter file requested but no path given: %s\n",
- gstr);
+ "Parameter file requested but no path given: %s\n",
+ gstr);
return NULL;
}
} else {
@@ -1620,19 +1648,19 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
gctx = EVP_PKEY_CTX_new(param, keygen_engine);
else
gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
- param, app_get0_propq());
+ param, app_get0_propq());
*pkeylen = EVP_PKEY_get_bits(param);
EVP_PKEY_free(param);
} else {
if (keygen_engine != NULL) {
int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype,
- keygen_engine);
+ keygen_engine);
if (pkey_id != NID_undef)
gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine);
} else {
gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
- *pkeytype, app_get0_propq());
+ *pkeytype, app_get0_propq());
}
}
@@ -1646,16 +1674,14 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
EVP_PKEY_CTX_free(gctx);
return NULL;
}
- if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA")
- || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS")))
+ if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA") || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS")))
keylen = *pkeylen;
if (keylen != -1) {
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
size_t bits = keylen;
- params[0] =
- OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits);
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits);
if (EVP_PKEY_CTX_set_params(gctx, params) <= 0) {
BIO_puts(bio_err, "Error setting keysize\n");
EVP_PKEY_CTX_free(gctx);
diff --git a/apps/rsa.c b/apps/rsa.c
index 0da342c38f2c..dfe5eb213341 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -34,63 +34,78 @@
#include <openssl/core_dispatch.h>
#ifndef OPENSSL_NO_RC4
-# define DEFAULT_PVK_ENCR_STRENGTH 2
+#define DEFAULT_PVK_ENCR_STRENGTH 2
#else
-# define DEFAULT_PVK_ENCR_STRENGTH 0
+#define DEFAULT_PVK_ENCR_STRENGTH 0
#endif
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
- OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
- OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_ENGINE,
+ OPT_IN,
+ OPT_OUT,
+ OPT_PUBIN,
+ OPT_PUBOUT,
+ OPT_PASSOUT,
+ OPT_PASSIN,
+ OPT_RSAPUBKEY_IN,
+ OPT_RSAPUBKEY_OUT,
/* Do not change the order here; see case statements below */
- OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
- OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
- OPT_PROV_ENUM, OPT_TRADITIONAL
+ OPT_PVK_NONE,
+ OPT_PVK_WEAK,
+ OPT_PVK_STRONG,
+ OPT_NOOUT,
+ OPT_TEXT,
+ OPT_MODULUS,
+ OPT_CHECK,
+ OPT_CIPHER,
+ OPT_PROV_ENUM,
+ OPT_TRADITIONAL
} OPTION_CHOICE;
const OPTIONS rsa_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"check", OPT_CHECK, '-', "Verify key consistency"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "check", OPT_CHECK, '-', "Verify key consistency" },
+ { "", OPT_CIPHER, '-', "Any supported cipher" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, 's', "Input file"},
- {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
- {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
- {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ { "in", OPT_IN, 's', "Input file" },
+ { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)" },
+ { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" },
+ { "RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
- {"pubout", OPT_PUBOUT, '-', "Output a public key"},
- {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"noout", OPT_NOOUT, '-', "Don't print key out"},
- {"text", OPT_TEXT, '-', "Print the key in text"},
- {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
- {"traditional", OPT_TRADITIONAL, '-',
- "Use traditional format for private keys"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK" },
+ { "pubout", OPT_PUBOUT, '-', "Output a public key" },
+ { "RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
+ { "noout", OPT_NOOUT, '-', "Don't print key out" },
+ { "text", OPT_TEXT, '-', "Print the key in text" },
+ { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" },
+ { "traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private keys" },
#ifndef OPENSSL_NO_RC4
OPT_SECTION("PVK"),
- {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
- {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
- {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+ { "pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)" },
+ { "pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level" },
+ { "pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding" },
#endif
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout,
- BIO *out)
+ BIO *out)
{
int ret = 0;
#ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -109,10 +124,10 @@ static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout,
ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0;
else
ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0;
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
ret = i2b_PublicKey_bio(out, pkey) > 0;
-# endif
+#endif
}
#endif
@@ -144,7 +159,7 @@ int rsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -186,9 +201,9 @@ int rsa_main(int argc, char **argv)
case OPT_RSAPUBKEY_OUT:
pubout = 2;
break;
- case OPT_PVK_STRONG: /* pvk_encr:= 2 */
- case OPT_PVK_WEAK: /* pvk_encr:= 1 */
- case OPT_PVK_NONE: /* pvk_encr:= 0 */
+ case OPT_PVK_STRONG: /* pvk_encr:= 2 */
+ case OPT_PVK_WEAK: /* pvk_encr:= 1 */
+ case OPT_PVK_NONE: /* pvk_encr:= 0 */
pvk_encr = (o - OPT_PVK_NONE);
break;
case OPT_NOOUT:
@@ -340,7 +355,7 @@ int rsa_main(int argc, char **argv)
} else {
assert(private);
selection = (OSSL_KEYMGMT_SELECT_KEYPAIR
- | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+ | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
}
/* For DER based output, select the desired output structure */
@@ -361,8 +376,8 @@ int rsa_main(int argc, char **argv)
/* Now, perform the encoding */
ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
- output_type, output_structure,
- NULL);
+ output_type, output_structure,
+ NULL);
if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
if ((!pubout && !pubin)
|| !try_legacy_encoding(pkey, outformat, pubout, out))
@@ -382,8 +397,8 @@ int rsa_main(int argc, char **argv)
if (passout != NULL)
/* When passout given, override the passphrase prompter */
OSSL_ENCODER_CTX_set_passphrase(ectx,
- (const unsigned char *)passout,
- strlen(passout));
+ (const unsigned char *)passout,
+ strlen(passout));
}
/* PVK is a bit special... */
@@ -403,7 +418,7 @@ int rsa_main(int argc, char **argv)
goto end;
}
ret = 0;
- end:
+end:
OSSL_ENCODER_CTX_free(ectx);
release_engine(e);
BIO_free_all(out);
diff --git a/apps/rsautl.c b/apps/rsautl.c
index df29069bc1f4..c1ed725c0b9a 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -16,57 +16,73 @@
#include <openssl/pem.h>
#include <openssl/rsa.h>
-#define RSA_SIGN 1
-#define RSA_VERIFY 2
-#define RSA_ENCRYPT 3
-#define RSA_DECRYPT 4
+#define RSA_SIGN 1
+#define RSA_VERIFY 2
+#define RSA_ENCRYPT 3
+#define RSA_DECRYPT 4
-#define KEY_PRIVKEY 1
-#define KEY_PUBKEY 2
-#define KEY_CERT 3
+#define KEY_PRIVKEY 1
+#define KEY_PUBKEY 2
+#define KEY_CERT 3
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
- OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931,
- OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
- OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_ENGINE,
+ OPT_IN,
+ OPT_OUT,
+ OPT_ASN1PARSE,
+ OPT_HEXDUMP,
+ OPT_RSA_RAW,
+ OPT_OAEP,
+ OPT_PKCS,
+ OPT_X931,
+ OPT_SIGN,
+ OPT_VERIFY,
+ OPT_REV,
+ OPT_ENCRYPT,
+ OPT_DECRYPT,
+ OPT_PUBIN,
+ OPT_CERTIN,
+ OPT_INKEY,
+ OPT_PASSIN,
+ OPT_KEYFORM,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rsautl_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"sign", OPT_SIGN, '-', "Sign with private key"},
- {"verify", OPT_VERIFY, '-', "Verify with public key"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "sign", OPT_SIGN, '-', "Sign with private key" },
+ { "verify", OPT_VERIFY, '-', "Verify with public key" },
+ { "encrypt", OPT_ENCRYPT, '-', "Encrypt with public key" },
+ { "decrypt", OPT_DECRYPT, '-', "Decrypt with private key" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"inkey", OPT_INKEY, 's', "Input key"},
- {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"},
- {"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
- {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
- {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "inkey", OPT_INKEY, 's', "Input key" },
+ { "keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)" },
+ { "pubin", OPT_PUBIN, '-', "Input is an RSA public" },
+ { "certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key" },
+ { "rev", OPT_REV, '-', "Reverse the order of the input buffer" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file"},
- {"raw", OPT_RSA_RAW, '-', "Use no padding"},
- {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
- {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
- {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
- {"asn1parse", OPT_ASN1PARSE, '-',
- "Run output through asn1parse; useful with -verify"},
- {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+ { "out", OPT_OUT, '>', "Output file" },
+ { "raw", OPT_RSA_RAW, '-', "Use no padding" },
+ { "pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)" },
+ { "x931", OPT_X931, '-', "Use ANSI X9.31 padding" },
+ { "oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP" },
+ { "asn1parse", OPT_ASN1PARSE, '-',
+ "Run output through asn1parse; useful with -verify" },
+ { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int rsautl_main(int argc, char **argv)
@@ -90,7 +106,7 @@ int rsautl_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -246,7 +262,8 @@ int rsautl_main(int argc, char **argv)
rv = EVP_PKEY_verify_recover_init(ctx) > 0
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0
&& EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen,
- rsa_in, rsa_inlen) > 0;
+ rsa_in, rsa_inlen)
+ > 0;
break;
case RSA_SIGN:
rv = EVP_PKEY_sign_init(ctx) > 0
@@ -280,7 +297,7 @@ int rsautl_main(int argc, char **argv)
} else {
BIO_write(out, rsa_out, rsa_outlen);
}
- end:
+end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
diff --git a/apps/s_client.c b/apps/s_client.c
index efa2879ca0e7..cff00dcecbf2 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -25,7 +25,7 @@
* needed to have fileno() declared correctly... So let's define u_int
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-# define __U_INT
+#define __U_INT
typedef unsigned int u_int;
#endif
@@ -41,20 +41,20 @@ typedef unsigned int u_int;
#include <openssl/trace.h>
#include <openssl/async.h>
#ifndef OPENSSL_NO_CT
-# include <openssl/ct.h>
+#include <openssl/ct.h>
#endif
#include "s_apps.h"
#include "timeouts.h"
#include "internal/sockets.h"
#if defined(__has_feature)
-# if __has_feature(memory_sanitizer)
-# include <sanitizer/msan_interface.h>
-# endif
+#if __has_feature(memory_sanitizer)
+#include <sanitizer/msan_interface.h>
+#endif
#endif
#undef BUFSIZZ
-#define BUFSIZZ 1024*8
+#define BUFSIZZ 1024 * 8
#define S_CLIENT_IRC_READ_TIMEOUT 8
static char *prog;
@@ -94,9 +94,9 @@ static char *psk_identity = "Client_identity";
#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
- unsigned int max_identity_len,
- unsigned char *psk,
- unsigned int max_psk_len)
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len)
{
int ret;
long key_len;
@@ -108,7 +108,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
/* no ServerKeyExchange message */
if (c_debug)
BIO_printf(bio_c_out,
- "NULL received PSK identity hint, continuing anyway\n");
+ "NULL received PSK identity hint, continuing anyway\n");
} else if (c_debug) {
BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
}
@@ -121,19 +121,19 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
goto out_err;
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
- ret);
+ ret);
/* convert the PSK key to binary */
key = OPENSSL_hexstr2buf(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
+ psk_key);
return 0;
}
if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%ld)\n",
- max_psk_len, key_len);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
OPENSSL_free(key);
return 0;
}
@@ -145,7 +145,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
return key_len;
- out_err:
+out_err:
if (c_debug)
BIO_printf(bio_err, "Error in PSK client callback\n");
return 0;
@@ -156,8 +156,8 @@ const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 };
static int psk_use_session_cb(SSL *s, const EVP_MD *md,
- const unsigned char **id, size_t *idlen,
- SSL_SESSION **sess)
+ const unsigned char **id, size_t *idlen,
+ SSL_SESSION **sess)
{
SSL_SESSION *usesess = NULL;
const SSL_CIPHER *cipher = NULL;
@@ -171,7 +171,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
+ psk_key);
return 0;
}
@@ -185,9 +185,9 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
usesess = SSL_SESSION_new();
if (usesess == NULL
- || !SSL_SESSION_set1_master_key(usesess, key, key_len)
- || !SSL_SESSION_set_cipher(usesess, cipher)
- || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) {
+ || !SSL_SESSION_set1_master_key(usesess, key, key_len)
+ || !SSL_SESSION_set_cipher(usesess, cipher)
+ || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) {
OPENSSL_free(key);
goto err;
}
@@ -212,7 +212,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
return 1;
- err:
+err:
SSL_SESSION_free(usesess);
return 0;
}
@@ -225,7 +225,7 @@ typedef struct tlsextctx_st {
static int ssl_servername_cb(SSL *s, int *ad, void *arg)
{
- tlsextctx *p = (tlsextctx *) arg;
+ tlsextctx *p = (tlsextctx *)arg;
const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (SSL_get_servername_type(s) != -1)
p->ack = !SSL_session_reused(s) && hn != NULL;
@@ -246,8 +246,8 @@ typedef struct tlsextnextprotoctx_st {
static tlsextnextprotoctx next_proto;
static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
- const unsigned char *in, unsigned int inlen,
- void *arg)
+ const unsigned char *in, unsigned int inlen,
+ void *arg)
{
tlsextnextprotoctx *ctx = arg;
@@ -264,15 +264,14 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
BIO_write(bio_c_out, "\n", 1);
}
- ctx->status =
- SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
+ ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
- const unsigned char *in, size_t inlen,
- int *al, void *arg)
+ const unsigned char *in, size_t inlen,
+ int *al, void *arg)
{
char pem_name[100];
unsigned char ext_buf[4 + 65536];
@@ -286,7 +285,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
- ext_type);
+ ext_type);
PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
return 1;
}
@@ -350,9 +349,7 @@ static ossl_ssize_t checked_uint8(const char **inptr, void *out)
v = strtol(in, &endp, 10);
e = restore_errno();
- if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
- endp == in || !isspace(_UC(*endp)) ||
- v != (*result = (uint8_t) v)) {
+ if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || endp == in || !isspace(_UC(*endp)) || v != (*result = (uint8_t)v)) {
return -1;
}
for (in = endp; isspace(_UC(*in)); ++in)
@@ -380,7 +377,9 @@ static int tlsa_import_rr(SSL *con, const char *rrdata)
{ &selector, "selector", checked_uint8 },
{ &mtype, "mtype", checked_uint8 },
{ &data, "data", hexdecode },
- { NULL, }
+ {
+ NULL,
+ }
};
struct tlsa_field *f;
int ret;
@@ -391,7 +390,7 @@ static int tlsa_import_rr(SSL *con, const char *rrdata)
/* Returns number of bytes produced, advances cp to next field */
if ((len = f->parser(&cp, f->var)) <= 0) {
BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n",
- prog, f->name, rrdata);
+ prog, f->name, rrdata);
return 0;
}
}
@@ -402,13 +401,13 @@ static int tlsa_import_rr(SSL *con, const char *rrdata)
if (ret == 0) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n",
- prog, rrdata);
+ prog, rrdata);
return 0;
}
if (ret < 0) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n",
- prog, rrdata);
+ prog, rrdata);
return 0;
}
return ret;
@@ -430,268 +429,350 @@ static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset)
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX,
- OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT,
- OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
- OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
- OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
- OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
- OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
- OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
- OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
- OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS,
+ OPT_4,
+ OPT_6,
+ OPT_HOST,
+ OPT_PORT,
+ OPT_CONNECT,
+ OPT_BIND,
+ OPT_UNIX,
+ OPT_XMPPHOST,
+ OPT_VERIFY,
+ OPT_NAMEOPT,
+ OPT_CERT,
+ OPT_CRL,
+ OPT_CRL_DOWNLOAD,
+ OPT_SESS_OUT,
+ OPT_SESS_IN,
+ OPT_CERTFORM,
+ OPT_CRLFORM,
+ OPT_VERIFY_RET_ERROR,
+ OPT_VERIFY_QUIET,
+ OPT_BRIEF,
+ OPT_PREXIT,
+ OPT_CRLF,
+ OPT_QUIET,
+ OPT_NBIO,
+ OPT_SSL_CLIENT_ENGINE,
+ OPT_IGN_EOF,
+ OPT_NO_IGN_EOF,
+ OPT_DEBUG,
+ OPT_TLSEXTDEBUG,
+ OPT_STATUS,
+ OPT_WDEBUG,
+ OPT_MSG,
+ OPT_MSGFILE,
+ OPT_ENGINE,
+ OPT_TRACE,
+ OPT_SECURITY_DEBUG,
+ OPT_SECURITY_DEBUG_VERBOSE,
+ OPT_SHOWCERTS,
+ OPT_NBIO_TEST,
+ OPT_STATE,
+ OPT_PSK_IDENTITY,
+ OPT_PSK,
+ OPT_PSK_SESS,
#ifndef OPENSSL_NO_SRP
- OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+ OPT_SRPUSER,
+ OPT_SRPPASS,
+ OPT_SRP_STRENGTH,
+ OPT_SRP_LATEUSER,
OPT_SRP_MOREGROUPS,
#endif
- OPT_SSL3, OPT_SSL_CONFIG,
- OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
- OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
- OPT_CERT_CHAIN, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN,
- OPT_NEXTPROTONEG, OPT_ALPN,
- OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
- OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE,
- OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE,
- OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC,
- OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST,
- OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,
- OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE,
+ OPT_SSL3,
+ OPT_SSL_CONFIG,
+ OPT_TLS1_3,
+ OPT_TLS1_2,
+ OPT_TLS1_1,
+ OPT_TLS1,
+ OPT_DTLS,
+ OPT_DTLS1,
+ OPT_DTLS1_2,
+ OPT_SCTP,
+ OPT_TIMEOUT,
+ OPT_MTU,
+ OPT_KEYFORM,
+ OPT_PASS,
+ OPT_CERT_CHAIN,
+ OPT_KEY,
+ OPT_RECONNECT,
+ OPT_BUILD_CHAIN,
+ OPT_NEXTPROTONEG,
+ OPT_ALPN,
+ OPT_CAPATH,
+ OPT_NOCAPATH,
+ OPT_CHAINCAPATH,
+ OPT_VERIFYCAPATH,
+ OPT_CAFILE,
+ OPT_NOCAFILE,
+ OPT_CHAINCAFILE,
+ OPT_VERIFYCAFILE,
+ OPT_CASTORE,
+ OPT_NOCASTORE,
+ OPT_CHAINCASTORE,
+ OPT_VERIFYCASTORE,
+ OPT_SERVERINFO,
+ OPT_STARTTLS,
+ OPT_SERVERNAME,
+ OPT_NOSERVERNAME,
+ OPT_ASYNC,
+ OPT_USE_SRTP,
+ OPT_KEYMATEXPORT,
+ OPT_KEYMATEXPORTLEN,
+ OPT_PROTOHOST,
+ OPT_MAXFRAGLEN,
+ OPT_MAX_SEND_FRAG,
+ OPT_SPLIT_SEND_FRAG,
+ OPT_MAX_PIPELINES,
+ OPT_READ_BUF,
+ OPT_KEYLOG_FILE,
+ OPT_EARLY_DATA,
+ OPT_REQCAFILE,
OPT_V_ENUM,
OPT_X_ENUM,
- OPT_S_ENUM, OPT_IGNORE_UNEXPECTED_EOF,
- OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_PROXY_USER, OPT_PROXY_PASS,
+ OPT_S_ENUM,
+ OPT_IGNORE_UNEXPECTED_EOF,
+ OPT_FALLBACKSCSV,
+ OPT_NOCMDS,
+ OPT_PROXY,
+ OPT_PROXY_USER,
+ OPT_PROXY_PASS,
OPT_DANE_TLSA_DOMAIN,
#ifndef OPENSSL_NO_CT
- OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
+ OPT_CT,
+ OPT_NOCT,
+ OPT_CTLOG_FILE,
#endif
- OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+ OPT_DANE_TLSA_RRDATA,
+ OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
OPT_SCTP_LABEL_BUG,
- OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
- "Specify engine to be used for client certificate operations"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
+ { "ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
+ "Specify engine to be used for client certificate operations" },
#endif
- {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration"},
+ { "ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration" },
#ifndef OPENSSL_NO_CT
- {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
- {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
- {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
+ { "ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)" },
+ { "noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)" },
+ { "ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file" },
#endif
OPT_SECTION("Network"),
- {"host", OPT_HOST, 's', "Use -connect instead"},
- {"port", OPT_PORT, 'p', "Use -connect instead"},
- {"connect", OPT_CONNECT, 's',
- "TCP/IP where to connect; default: " PORT ")"},
- {"bind", OPT_BIND, 's', "bind local address for connection"},
- {"proxy", OPT_PROXY, 's',
- "Connect to via specified proxy to the real server"},
- {"proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication"},
- {"proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password source"},
+ { "host", OPT_HOST, 's', "Use -connect instead" },
+ { "port", OPT_PORT, 'p', "Use -connect instead" },
+ { "connect", OPT_CONNECT, 's',
+ "TCP/IP where to connect; default: " PORT ")" },
+ { "bind", OPT_BIND, 's', "bind local address for connection" },
+ { "proxy", OPT_PROXY, 's',
+ "Connect to via specified proxy to the real server" },
+ { "proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication" },
+ { "proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password source" },
#ifdef AF_UNIX
- {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
+ { "unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket" },
#endif
- {"4", OPT_4, '-', "Use IPv4 only"},
+ { "4", OPT_4, '-', "Use IPv4 only" },
#ifdef AF_INET6
- {"6", OPT_6, '-', "Use IPv6 only"},
+ { "6", OPT_6, '-', "Use IPv6 only" },
#endif
- {"maxfraglen", OPT_MAXFRAGLEN, 'p',
- "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"},
- {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
- {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
- "Size used to split data for encrypt pipelines"},
- {"max_pipelines", OPT_MAX_PIPELINES, 'p',
- "Maximum number of encrypt/decrypt pipelines to be used"},
- {"read_buf", OPT_READ_BUF, 'p',
- "Default read buffer size to be used for connections"},
- {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+ { "maxfraglen", OPT_MAXFRAGLEN, 'p',
+ "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)" },
+ { "max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames " },
+ { "split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+ "Size used to split data for encrypt pipelines" },
+ { "max_pipelines", OPT_MAX_PIPELINES, 'p',
+ "Maximum number of encrypt/decrypt pipelines to be used" },
+ { "read_buf", OPT_READ_BUF, 'p',
+ "Default read buffer size to be used for connections" },
+ { "fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV" },
OPT_SECTION("Identity"),
- {"cert", OPT_CERT, '<', "Client certificate file to use"},
- {"certform", OPT_CERTFORM, 'F',
- "Client certificate file format (PEM/DER/P12); has no effect"},
- {"cert_chain", OPT_CERT_CHAIN, '<',
- "Client certificate chain file (in PEM format)"},
- {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"},
- {"key", OPT_KEY, 's', "Private key file to use; default: -cert file"},
- {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"},
- {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"},
- {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
- {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
- {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
- {"requestCAfile", OPT_REQCAFILE, '<',
- "PEM format file of CA names to send to the server"},
- {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
- {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
- "DANE TLSA rrdata presentation form"},
- {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
- "Disable name checks when matching DANE-EE(3) TLSA records"},
- {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
- {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
- {"name", OPT_PROTOHOST, 's',
- "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""},
+ { "cert", OPT_CERT, '<', "Client certificate file to use" },
+ { "certform", OPT_CERTFORM, 'F',
+ "Client certificate file format (PEM/DER/P12); has no effect" },
+ { "cert_chain", OPT_CERT_CHAIN, '<',
+ "Client certificate chain file (in PEM format)" },
+ { "build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain" },
+ { "key", OPT_KEY, 's', "Private key file to use; default: -cert file" },
+ { "keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)" },
+ { "pass", OPT_PASS, 's', "Private key and cert file pass phrase source" },
+ { "verify", OPT_VERIFY, 'p', "Turn on peer certificate verification" },
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
+ { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" },
+ { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" },
+ { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
+ { "requestCAfile", OPT_REQCAFILE, '<',
+ "PEM format file of CA names to send to the server" },
+ { "dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain" },
+ { "dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
+ "DANE TLSA rrdata presentation form" },
+ { "dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
+ "Disable name checks when matching DANE-EE(3) TLSA records" },
+ { "psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity" },
+ { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" },
+ { "psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from" },
+ { "name", OPT_PROTOHOST, 's',
+ "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\"" },
OPT_SECTION("Session"),
- {"reconnect", OPT_RECONNECT, '-',
- "Drop and re-make the connection with the same Session-ID"},
- {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
- {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+ { "reconnect", OPT_RECONNECT, '-',
+ "Drop and re-make the connection with the same Session-ID" },
+ { "sess_out", OPT_SESS_OUT, '>', "File to write SSL session to" },
+ { "sess_in", OPT_SESS_IN, '<', "File to read SSL session from" },
OPT_SECTION("Input/Output"),
- {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
- {"quiet", OPT_QUIET, '-', "No s_client output"},
- {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
- {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
- {"starttls", OPT_STARTTLS, 's',
- "Use the appropriate STARTTLS command before starting TLS"},
- {"xmpphost", OPT_XMPPHOST, 's',
- "Alias of -name option for \"-starttls xmpp[-server]\""},
- {"brief", OPT_BRIEF, '-',
- "Restrict output to brief summary of connection parameters"},
- {"prexit", OPT_PREXIT, '-',
- "Print session information when the program exits"},
+ { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" },
+ { "quiet", OPT_QUIET, '-', "No s_client output" },
+ { "ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)" },
+ { "no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof" },
+ { "starttls", OPT_STARTTLS, 's',
+ "Use the appropriate STARTTLS command before starting TLS" },
+ { "xmpphost", OPT_XMPPHOST, 's',
+ "Alias of -name option for \"-starttls xmpp[-server]\"" },
+ { "brief", OPT_BRIEF, '-',
+ "Restrict output to brief summary of connection parameters" },
+ { "prexit", OPT_PREXIT, '-',
+ "Print session information when the program exits" },
OPT_SECTION("Debug"),
- {"showcerts", OPT_SHOWCERTS, '-',
- "Show all certificates sent by the server"},
- {"debug", OPT_DEBUG, '-', "Extra output"},
- {"msg", OPT_MSG, '-', "Show protocol messages"},
- {"msgfile", OPT_MSGFILE, '>',
- "File to send output of -msg or -trace, instead of stdout"},
- {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
- {"state", OPT_STATE, '-', "Print the ssl states"},
- {"keymatexport", OPT_KEYMATEXPORT, 's',
- "Export keying material using label"},
- {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
- "Export len bytes of keying material; default 20"},
- {"security_debug", OPT_SECURITY_DEBUG, '-',
- "Enable security debug messages"},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
- "Output more security debug output"},
+ { "showcerts", OPT_SHOWCERTS, '-',
+ "Show all certificates sent by the server" },
+ { "debug", OPT_DEBUG, '-', "Extra output" },
+ { "msg", OPT_MSG, '-', "Show protocol messages" },
+ { "msgfile", OPT_MSGFILE, '>',
+ "File to send output of -msg or -trace, instead of stdout" },
+ { "nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing" },
+ { "state", OPT_STATE, '-', "Print the ssl states" },
+ { "keymatexport", OPT_KEYMATEXPORT, 's',
+ "Export keying material using label" },
+ { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+ "Export len bytes of keying material; default 20" },
+ { "security_debug", OPT_SECURITY_DEBUG, '-',
+ "Enable security debug messages" },
+ { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+ "Output more security debug output" },
#ifndef OPENSSL_NO_SSL_TRACE
- {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
+ { "trace", OPT_TRACE, '-', "Show trace output of protocol messages" },
#endif
#ifdef WATT32
- {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
+ { "wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging" },
#endif
- {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
- {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
- {"servername", OPT_SERVERNAME, 's',
- "Set TLS extension servername (SNI) in ClientHello (default)"},
- {"noservername", OPT_NOSERVERNAME, '-',
- "Do not send the server name (SNI) extension in the ClientHello"},
- {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
- "Hex dump of all TLS extensions received"},
- {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-',
- "Do not treat lack of close_notify from a peer as an error"},
+ { "keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file" },
+ { "nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters" },
+ { "servername", OPT_SERVERNAME, 's',
+ "Set TLS extension servername (SNI) in ClientHello (default)" },
+ { "noservername", OPT_NOSERVERNAME, '-',
+ "Do not send the server name (SNI) extension in the ClientHello" },
+ { "tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received" },
+ { "ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-',
+ "Do not treat lack of close_notify from a peer as an error" },
#ifndef OPENSSL_NO_OCSP
- {"status", OPT_STATUS, '-', "Request certificate status from server"},
+ { "status", OPT_STATUS, '-', "Request certificate status from server" },
#endif
- {"serverinfo", OPT_SERVERINFO, 's',
- "types Send empty ClientHello extensions (comma-separated numbers)"},
- {"alpn", OPT_ALPN, 's',
- "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
- {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
- {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+ { "serverinfo", OPT_SERVERINFO, 's',
+ "types Send empty ClientHello extensions (comma-separated numbers)" },
+ { "alpn", OPT_ALPN, 's',
+ "Enable ALPN extension, considering named protocols supported (comma-separated list)" },
+ { "async", OPT_ASYNC, '-', "Support asynchronous operation" },
+ { "nbio", OPT_NBIO, '-', "Use non-blocking IO" },
OPT_SECTION("Protocol and version"),
#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+ { "ssl3", OPT_SSL3, '-', "Just use SSLv3" },
#endif
#ifndef OPENSSL_NO_TLS1
- {"tls1", OPT_TLS1, '-', "Just use TLSv1"},
+ { "tls1", OPT_TLS1, '-', "Just use TLSv1" },
#endif
#ifndef OPENSSL_NO_TLS1_1
- {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+ { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" },
#endif
#ifndef OPENSSL_NO_TLS1_2
- {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+ { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" },
#endif
#ifndef OPENSSL_NO_TLS1_3
- {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+ { "tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3" },
#endif
#ifndef OPENSSL_NO_DTLS
- {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
- {"timeout", OPT_TIMEOUT, '-',
- "Enable send/receive timeout on DTLS connections"},
- {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+ { "dtls", OPT_DTLS, '-', "Use any version of DTLS" },
+ { "timeout", OPT_TIMEOUT, '-',
+ "Enable send/receive timeout on DTLS connections" },
+ { "mtu", OPT_MTU, 'p', "Set the link layer MTU" },
#endif
#ifndef OPENSSL_NO_DTLS1
- {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+ { "dtls1", OPT_DTLS1, '-', "Just use DTLSv1" },
#endif
#ifndef OPENSSL_NO_DTLS1_2
- {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
+ { "dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2" },
#endif
#ifndef OPENSSL_NO_SCTP
- {"sctp", OPT_SCTP, '-', "Use SCTP"},
- {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+ { "sctp", OPT_SCTP, '-', "Use SCTP" },
+ { "sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug" },
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
- {"nextprotoneg", OPT_NEXTPROTONEG, 's',
- "Enable NPN extension, considering named protocols supported (comma-separated list)"},
+ { "nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Enable NPN extension, considering named protocols supported (comma-separated list)" },
#endif
- {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},
- {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},
+ { "early_data", OPT_EARLY_DATA, '<', "File to send as early data" },
+ { "enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication" },
#ifndef OPENSSL_NO_SRTP
- {"use_srtp", OPT_USE_SRTP, 's',
- "Offer SRTP key management with a colon-separated profile list"},
+ { "use_srtp", OPT_USE_SRTP, 's',
+ "Offer SRTP key management with a colon-separated profile list" },
#endif
#ifndef OPENSSL_NO_SRP
- {"srpuser", OPT_SRPUSER, 's', "(deprecated) SRP authentication for 'user'"},
- {"srppass", OPT_SRPPASS, 's', "(deprecated) Password for 'user'"},
- {"srp_lateuser", OPT_SRP_LATEUSER, '-',
- "(deprecated) SRP username into second ClientHello message"},
- {"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
- "(deprecated) Tolerate other than the known g N values."},
- {"srp_strength", OPT_SRP_STRENGTH, 'p',
- "(deprecated) Minimal length in bits for N"},
+ { "srpuser", OPT_SRPUSER, 's', "(deprecated) SRP authentication for 'user'" },
+ { "srppass", OPT_SRPPASS, 's', "(deprecated) Password for 'user'" },
+ { "srp_lateuser", OPT_SRP_LATEUSER, '-',
+ "(deprecated) SRP username into second ClientHello message" },
+ { "srp_moregroups", OPT_SRP_MOREGROUPS, '-',
+ "(deprecated) Tolerate other than the known g N values." },
+ { "srp_strength", OPT_SRP_STRENGTH, 'p',
+ "(deprecated) Minimal length in bits for N" },
#endif
OPT_R_OPTIONS,
OPT_S_OPTIONS,
OPT_V_OPTIONS,
- {"CRL", OPT_CRL, '<', "CRL file to use"},
- {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
- {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER); default PEM"},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
- "Close connection on verification error"},
- {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
- {"chainCAfile", OPT_CHAINCAFILE, '<',
- "CA file for certificate chain (PEM format)"},
- {"chainCApath", OPT_CHAINCAPATH, '/',
- "Use dir as certificate store path to build CA certificate chain"},
- {"chainCAstore", OPT_CHAINCASTORE, ':',
- "CA store URI for certificate chain"},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<',
- "CA file for certificate verification (PEM format)"},
- {"verifyCApath", OPT_VERIFYCAPATH, '/',
- "Use dir as certificate store path to verify CA certificate"},
- {"verifyCAstore", OPT_VERIFYCASTORE, ':',
- "CA store URI for certificate verification"},
+ { "CRL", OPT_CRL, '<', "CRL file to use" },
+ { "crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points" },
+ { "CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER); default PEM" },
+ { "verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+ "Close connection on verification error" },
+ { "verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors" },
+ { "chainCAfile", OPT_CHAINCAFILE, '<',
+ "CA file for certificate chain (PEM format)" },
+ { "chainCApath", OPT_CHAINCAPATH, '/',
+ "Use dir as certificate store path to build CA certificate chain" },
+ { "chainCAstore", OPT_CHAINCASTORE, ':',
+ "CA store URI for certificate chain" },
+ { "verifyCAfile", OPT_VERIFYCAFILE, '<',
+ "CA file for certificate verification (PEM format)" },
+ { "verifyCApath", OPT_VERIFYCAPATH, '/',
+ "Use dir as certificate store path to verify CA certificate" },
+ { "verifyCAstore", OPT_VERIFYCASTORE, ':',
+ "CA store URI for certificate verification" },
OPT_X_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"host:port", 0, 0, "Where to connect; same as -connect option"},
- {NULL}
+ { "host:port", 0, 0, "Where to connect; same as -connect option" },
+ { NULL }
};
typedef enum PROTOCOL_choice {
@@ -713,30 +794,30 @@ typedef enum PROTOCOL_choice {
} PROTOCOL_CHOICE;
static const OPT_PAIR services[] = {
- {"smtp", PROTO_SMTP},
- {"pop3", PROTO_POP3},
- {"imap", PROTO_IMAP},
- {"ftp", PROTO_FTP},
- {"xmpp", PROTO_XMPP},
- {"xmpp-server", PROTO_XMPP_SERVER},
- {"telnet", PROTO_TELNET},
- {"irc", PROTO_IRC},
- {"mysql", PROTO_MYSQL},
- {"postgres", PROTO_POSTGRES},
- {"lmtp", PROTO_LMTP},
- {"nntp", PROTO_NNTP},
- {"sieve", PROTO_SIEVE},
- {"ldap", PROTO_LDAP},
- {NULL, 0}
+ { "smtp", PROTO_SMTP },
+ { "pop3", PROTO_POP3 },
+ { "imap", PROTO_IMAP },
+ { "ftp", PROTO_FTP },
+ { "xmpp", PROTO_XMPP },
+ { "xmpp-server", PROTO_XMPP_SERVER },
+ { "telnet", PROTO_TELNET },
+ { "irc", PROTO_IRC },
+ { "mysql", PROTO_MYSQL },
+ { "postgres", PROTO_POSTGRES },
+ { "lmtp", PROTO_LMTP },
+ { "nntp", PROTO_NNTP },
+ { "sieve", PROTO_SIEVE },
+ { "ldap", PROTO_LDAP },
+ { NULL, 0 }
};
#define IS_INET_FLAG(o) \
- (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
-#define IS_PROT_FLAG(o) \
- (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
- || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
/* Free |*dest| and optionally set it to a copy of |source|. */
static void freeandcopy(char **dest, const char *source)
@@ -767,7 +848,7 @@ static int new_session_cb(SSL *s, SSL_SESSION *sess)
*/
if (SSL_version(s) == TLS1_3_VERSION) {
BIO_printf(bio_c_out,
- "---\nPost-Handshake New Session Ticket arrived:\n");
+ "---\nPost-Handshake New Session Ticket arrived:\n");
SSL_SESSION_print(bio_c_out, sess);
BIO_printf(bio_c_out, "---\n");
}
@@ -869,7 +950,10 @@ int s_client_main(int argc, char **argv)
int async = 0;
unsigned int max_send_fragment = 0;
unsigned int split_send_fragment = 0, max_pipelines = 0;
- enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
+ enum { use_inet,
+ use_unix,
+ use_unknown } connect_type
+ = use_unknown;
int count4or6 = 0;
uint8_t maxfraglen = 0;
int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
@@ -893,10 +977,10 @@ int s_client_main(int argc, char **argv)
FD_ZERO(&writefds);
/* Known false-positive of MemorySanitizer. */
#if defined(__has_feature)
-# if __has_feature(memory_sanitizer)
+#if __has_feature(memory_sanitizer)
__msan_unpoison(&readfds, sizeof(readfds));
__msan_unpoison(&writefds, sizeof(writefds));
-# endif
+#endif
#endif
c_quiet = 0;
@@ -923,14 +1007,14 @@ int s_client_main(int argc, char **argv)
/* Check for intermixing flags. */
if (connect_type == use_unix && IS_INET_FLAG(o)) {
BIO_printf(bio_err,
- "%s: Intermixed protocol flags (unix and internet domains)\n",
- prog);
+ "%s: Intermixed protocol flags (unix and internet domains)\n",
+ prog);
goto end;
}
if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
BIO_printf(bio_err,
- "%s: Intermixed protocol flags (internet and unix domains)\n",
- prog);
+ "%s: Intermixed protocol flags (internet and unix domains)\n",
+ prog);
goto end;
}
@@ -942,14 +1026,14 @@ int s_client_main(int argc, char **argv)
no_prot_opt++;
if (prot_opt == 1 && no_prot_opt) {
BIO_printf(bio_err,
- "Cannot supply both a protocol flag and '-no_<prot>'\n");
+ "Cannot supply both a protocol flag and '-no_<prot>'\n");
goto end;
}
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -1184,7 +1268,7 @@ int s_client_main(int argc, char **argv)
case OPT_SRP_STRENGTH:
srp_arg.strength = atoi(opt_arg());
BIO_printf(bio_err, "SRP minimal length for N is %d\n",
- srp_arg.strength);
+ srp_arg.strength);
if (min_version < TLS1_VERSION)
min_version = TLS1_VERSION;
break;
@@ -1365,8 +1449,7 @@ int s_client_main(int argc, char **argv)
case OPT_DANE_TLSA_RRDATA:
if (dane_tlsa_rrset == NULL)
dane_tlsa_rrset = sk_OPENSSL_STRING_new_null();
- if (dane_tlsa_rrset == NULL ||
- !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) {
+ if (dane_tlsa_rrset == NULL || !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) {
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
@@ -1435,8 +1518,8 @@ int s_client_main(int argc, char **argv)
break;
default:
BIO_printf(bio_err,
- "%s: Max Fragment Len %u is out of permitted values",
- prog, len);
+ "%s: Max Fragment Len %u is out of permitted values",
+ prog, len);
goto opthelp;
}
break;
@@ -1470,8 +1553,8 @@ int s_client_main(int argc, char **argv)
/* Don't allow -connect and a separate argument. */
if (connectstr != NULL) {
BIO_printf(bio_err,
- "%s: cannot provide both -connect option and target parameter\n",
- prog);
+ "%s: cannot provide both -connect option and target parameter\n",
+ prog);
goto opthelp;
}
connect_type = use_inet;
@@ -1489,14 +1572,14 @@ int s_client_main(int argc, char **argv)
if (noservername) {
if (servername != NULL) {
BIO_printf(bio_err,
- "%s: Can't use -servername and -noservername together\n",
- prog);
+ "%s: Can't use -servername and -noservername together\n",
+ prog);
goto opthelp;
}
if (dane_tlsa_domain != NULL) {
BIO_printf(bio_err,
- "%s: Can't use -dane_tlsa_domain and -noservername together\n",
- prog);
+ "%s: Can't use -dane_tlsa_domain and -noservername together\n",
+ prog);
goto opthelp;
}
}
@@ -1519,8 +1602,8 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
- "%s: -connect argument or target parameter malformed or ambiguous\n",
- prog);
+ "%s: -connect argument or target parameter malformed or ambiguous\n",
+ prog);
goto end;
}
}
@@ -1557,7 +1640,7 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(tmp_port);
if (!res) {
BIO_printf(bio_err,
- "%s: -proxy argument malformed or ambiguous\n", prog);
+ "%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
}
@@ -1565,11 +1648,11 @@ int s_client_main(int argc, char **argv)
if (bindstr != NULL) {
int res;
res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
- BIO_PARSE_PRIO_HOST);
+ BIO_PARSE_PRIO_HOST);
if (!res) {
BIO_printf(bio_err,
- "%s: -bind argument parameter malformed or ambiguous\n",
- prog);
+ "%s: -bind argument parameter malformed or ambiguous\n",
+ prog);
goto end;
}
}
@@ -1577,7 +1660,7 @@ int s_client_main(int argc, char **argv)
#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
- "Can't use unix sockets and datagrams together\n");
+ "Can't use unix sockets and datagrams together\n");
goto end;
}
#endif
@@ -1596,8 +1679,7 @@ int s_client_main(int argc, char **argv)
#if !defined(OPENSSL_NO_NEXTPROTONEG)
next_proto.status = -1;
if (next_proto_neg_in) {
- next_proto.data =
- next_protos_parse(&next_proto.len, next_proto_neg_in);
+ next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
if (next_proto.data == NULL) {
BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
goto end;
@@ -1626,14 +1708,14 @@ int s_client_main(int argc, char **argv)
if (key_file != NULL) {
key = load_key(key_file, key_format, 0, pass, e,
- "client certificate private key");
+ "client certificate private key");
if (key == NULL)
goto end;
}
if (cert_file != NULL) {
cert = load_cert_pass(cert_file, cert_format, 1, pass,
- "client certificate");
+ "client certificate");
if (cert == NULL)
goto end;
}
@@ -1703,7 +1785,7 @@ int s_client_main(int argc, char **argv)
if (ssl_config != NULL) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
- ssl_config);
+ ssl_config);
ERR_print_errors(bio_err);
goto end;
}
@@ -1737,21 +1819,21 @@ int s_client_main(int argc, char **argv)
if (max_send_fragment > 0
&& !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
- prog, max_send_fragment);
+ prog, max_send_fragment);
goto end;
}
if (split_send_fragment > 0
&& !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
- prog, split_send_fragment);
+ prog, split_send_fragment);
goto end;
}
if (max_pipelines > 0
&& !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
- prog, max_pipelines);
+ prog, max_pipelines);
goto end;
}
@@ -1760,17 +1842,18 @@ int s_client_main(int argc, char **argv)
}
if (maxfraglen > 0
- && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) {
+ && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) {
BIO_printf(bio_err,
- "%s: Max Fragment Length code %u is out of permitted values"
- "\n", prog, maxfraglen);
+ "%s: Max Fragment Length code %u is out of permitted values"
+ "\n",
+ prog, maxfraglen);
goto end;
}
if (!ssl_load_stores(ctx,
- vfyCApath, vfyCAfile, vfyCAstore,
- chCApath, chCAfile, chCAstore,
- crls, crl_download)) {
+ vfyCApath, vfyCAfile, vfyCAstore,
+ chCApath, chCAfile, chCAstore,
+ crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
goto end;
@@ -1860,12 +1943,12 @@ int s_client_main(int argc, char **argv)
for (i = 0; i < serverinfo_count; i++) {
if (!SSL_CTX_add_client_custom_ext(ctx,
- serverinfo_types[i],
- NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL)) {
+ serverinfo_types[i],
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err,
- "Warning: Unable to add custom extension %u, skipping\n",
- serverinfo_types[i]);
+ "Warning: Unable to add custom extension %u, skipping\n",
+ serverinfo_types[i]);
}
}
@@ -1874,8 +1957,7 @@ int s_client_main(int argc, char **argv)
#ifndef OPENSSL_NO_CT
/* Enable SCT processing, without early connection termination */
- if (ct_validation &&
- !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
+ if (ct_validation && !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
ERR_print_errors(bio_err);
goto end;
}
@@ -1899,7 +1981,7 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_verify(ctx, verify, verify_callback);
if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) {
+ CAstore, noCAstore)) {
ERR_print_errors(bio_err);
goto end;
}
@@ -1916,15 +1998,15 @@ int s_client_main(int argc, char **argv)
}
#ifndef OPENSSL_NO_SRP
if (srp_arg.srplogin != NULL
- && !set_up_srp_arg(ctx, &srp_arg, srp_lateuser, c_msg, c_debug))
+ && !set_up_srp_arg(ctx, &srp_arg, srp_lateuser, c_msg, c_debug))
goto end;
-# endif
+#endif
if (dane_tlsa_domain != NULL) {
if (SSL_CTX_dane_enable(ctx) <= 0) {
BIO_printf(bio_err,
- "%s: Error enabling DANE TLSA authentication.\n",
- prog);
+ "%s: Error enabling DANE TLSA authentication.\n",
+ prog);
ERR_print_errors(bio_err);
goto end;
}
@@ -1935,8 +2017,7 @@ int s_client_main(int argc, char **argv)
* come at any time. Therefore we use a callback to write out the session
* when we know about it. This approach works for < TLSv1.3 as well.
*/
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
- | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
if (set_keylog_file(ctx, keylog_file))
@@ -1978,7 +2059,7 @@ int s_client_main(int argc, char **argv)
if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
if (servername == NULL) {
- if(host == NULL || is_dNS_name(host))
+ if (host == NULL || is_dNS_name(host))
servername = (host == NULL) ? "localhost" : host;
}
if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
@@ -1991,31 +2072,36 @@ int s_client_main(int argc, char **argv)
if (dane_tlsa_domain != NULL) {
if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) {
BIO_printf(bio_err, "%s: Error enabling DANE TLSA "
- "authentication.\n", prog);
+ "authentication.\n",
+ prog);
ERR_print_errors(bio_err);
goto end;
}
if (dane_tlsa_rrset == NULL) {
BIO_printf(bio_err, "%s: DANE TLSA authentication requires at "
- "least one -dane_tlsa_rrdata option.\n", prog);
+ "least one -dane_tlsa_rrdata option.\n",
+ prog);
goto end;
}
if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) {
BIO_printf(bio_err, "%s: Failed to import any TLSA "
- "records.\n", prog);
+ "records.\n",
+ prog);
goto end;
}
if (dane_ee_no_name)
SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
} else if (dane_tlsa_rrset != NULL) {
BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
- "-dane_tlsa_domain option.\n", prog);
+ "-dane_tlsa_domain option.\n",
+ prog);
goto end;
}
- re_start:
+re_start:
if (init_client(&sock, host, port, bindhost, bindport, socket_family,
- socket_type, protocol) == 0) {
+ socket_type, protocol)
+ == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
BIO_closesocket(sock);
goto end;
@@ -2048,7 +2134,7 @@ int s_client_main(int argc, char **argv)
}
if (!BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
BIO_printf(bio_err, "getsockname:errno=%d\n",
- get_last_socket_error());
+ get_last_socket_error());
BIO_free(sbio);
BIO_ADDR_free(peer_info.addr);
BIO_closesocket(sock);
@@ -2072,7 +2158,7 @@ int s_client_main(int argc, char **argv)
if (socket_mtu) {
if (socket_mtu < DTLS_get_link_min_mtu(con)) {
BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
- DTLS_get_link_min_mtu(con));
+ DTLS_get_link_min_mtu(con));
BIO_free(sbio);
goto shut;
}
@@ -2158,535 +2244,507 @@ int s_client_main(int argc, char **argv)
if (proxystr != NULL) {
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
- 0 /* no timeout */, bio_err, prog))
+ 0 /* no timeout */, bio_err, prog))
goto shut;
}
- switch ((PROTOCOL_CHOICE) starttls_proto) {
+ switch ((PROTOCOL_CHOICE)starttls_proto) {
case PROTO_OFF:
break;
case PROTO_LMTP:
- case PROTO_SMTP:
- {
- /*
- * This is an ugly hack that does a lot of assumptions. We do
- * have to handle multi-line responses which may come in a single
- * packet or not. We therefore have to use BIO_gets() which does
- * need a buffering BIO. So during the initial chitchat we do
- * push a buffering BIO into the chain that is removed again
- * later on to not disturb the rest of the s_client operation.
- */
- int foundit = 0;
- BIO *fbio = BIO_new(BIO_f_buffer());
+ case PROTO_SMTP: {
+ /*
+ * This is an ugly hack that does a lot of assumptions. We do
+ * have to handle multi-line responses which may come in a single
+ * packet or not. We therefore have to use BIO_gets() which does
+ * need a buffering BIO. So during the initial chitchat we do
+ * push a buffering BIO into the chain that is removed again
+ * later on to not disturb the rest of the s_client operation.
+ */
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto shut;
- }
- BIO_push(fbio, sbio);
- /* Wait for multi-line response to end from LMTP or SMTP */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- } while (mbuf_len > 3 && mbuf[3] == '-');
- if (protohost == NULL)
- protohost = "mail.example.com";
- if (starttls_proto == (int)PROTO_LMTP)
- BIO_printf(fbio, "LHLO %s\r\n", protohost);
- else
- BIO_printf(fbio, "EHLO %s\r\n", protohost);
- (void)BIO_flush(fbio);
- /*
- * Wait for multi-line response to end LHLO LMTP or EHLO SMTP
- * response.
- */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- if (strstr(mbuf, "STARTTLS"))
- foundit = 1;
- } while (mbuf_len > 3 && mbuf[3] == '-');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "Didn't find STARTTLS in server response,"
- " trying anyway...\n");
- BIO_printf(sbio, "STARTTLS\r\n");
- BIO_read(sbio, sbuf, BUFSIZZ);
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto shut;
}
- break;
- case PROTO_POP3:
- {
- BIO_read(sbio, mbuf, BUFSIZZ);
- BIO_printf(sbio, "STLS\r\n");
- mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ);
- if (mbuf_len < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto end;
- }
+ BIO_push(fbio, sbio);
+ /* Wait for multi-line response to end from LMTP or SMTP */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ } while (mbuf_len > 3 && mbuf[3] == '-');
+ if (protohost == NULL)
+ protohost = "mail.example.com";
+ if (starttls_proto == (int)PROTO_LMTP)
+ BIO_printf(fbio, "LHLO %s\r\n", protohost);
+ else
+ BIO_printf(fbio, "EHLO %s\r\n", protohost);
+ (void)BIO_flush(fbio);
+ /*
+ * Wait for multi-line response to end LHLO LMTP or EHLO SMTP
+ * response.
+ */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ } while (mbuf_len > 3 && mbuf[3] == '-');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "Didn't find STARTTLS in server response,"
+ " trying anyway...\n");
+ BIO_printf(sbio, "STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } break;
+ case PROTO_POP3: {
+ BIO_read(sbio, mbuf, BUFSIZZ);
+ BIO_printf(sbio, "STLS\r\n");
+ mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ);
+ if (mbuf_len < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto end;
}
- break;
- case PROTO_IMAP:
- {
- int foundit = 0;
- BIO *fbio = BIO_new(BIO_f_buffer());
+ } break;
+ case PROTO_IMAP: {
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto shut;
- }
- BIO_push(fbio, sbio);
- BIO_gets(fbio, mbuf, BUFSIZZ);
- /* STARTTLS command requires CAPABILITY... */
- BIO_printf(fbio, ". CAPABILITY\r\n");
- (void)BIO_flush(fbio);
- /* wait for multi-line CAPABILITY response */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- if (strstr(mbuf, "STARTTLS"))
- foundit = 1;
- }
- while (mbuf_len > 3 && mbuf[0] != '.');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "Didn't find STARTTLS in server response,"
- " trying anyway...\n");
- BIO_printf(sbio, ". STARTTLS\r\n");
- BIO_read(sbio, sbuf, BUFSIZZ);
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto shut;
}
- break;
- case PROTO_FTP:
- {
- BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ BIO_gets(fbio, mbuf, BUFSIZZ);
+ /* STARTTLS command requires CAPABILITY... */
+ BIO_printf(fbio, ". CAPABILITY\r\n");
+ (void)BIO_flush(fbio);
+ /* wait for multi-line CAPABILITY response */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ } while (mbuf_len > 3 && mbuf[0] != '.');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "Didn't find STARTTLS in server response,"
+ " trying anyway...\n");
+ BIO_printf(sbio, ". STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } break;
+ case PROTO_FTP: {
+ BIO *fbio = BIO_new(BIO_f_buffer());
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto shut;
- }
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from FTP */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- }
- while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' '));
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- BIO_printf(sbio, "AUTH TLS\r\n");
- BIO_read(sbio, sbuf, BUFSIZZ);
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto shut;
}
- break;
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from FTP */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ } while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' '));
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ BIO_printf(sbio, "AUTH TLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } break;
case PROTO_XMPP:
- case PROTO_XMPP_SERVER:
- {
- int seen = 0;
- BIO_printf(sbio, "<stream:stream "
- "xmlns:stream='http://etherx.jabber.org/streams' "
- "xmlns='jabber:%s' to='%s' version='1.0'>",
- starttls_proto == PROTO_XMPP ? "client" : "server",
- protohost ? protohost : host);
+ case PROTO_XMPP_SERVER: {
+ int seen = 0;
+ BIO_printf(sbio, "<stream:stream "
+ "xmlns:stream='http://etherx.jabber.org/streams' "
+ "xmlns='jabber:%s' to='%s' version='1.0'>",
+ starttls_proto == PROTO_XMPP ? "client" : "server",
+ protohost ? protohost : host);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (seen < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto end;
+ }
+ mbuf[seen] = '\0';
+ while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
+ && !strstr(mbuf,
+ "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
seen = BIO_read(sbio, mbuf, BUFSIZZ);
- if (seen < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto end;
- }
- mbuf[seen] = '\0';
- while (!strstr
- (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
- && !strstr(mbuf,
- "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
- {
- seen = BIO_read(sbio, mbuf, BUFSIZZ);
-
- if (seen <= 0)
- goto shut;
- mbuf[seen] = '\0';
- }
- BIO_printf(sbio,
- "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
- seen = BIO_read(sbio, sbuf, BUFSIZZ);
- if (seen < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto shut;
- }
- sbuf[seen] = '\0';
- if (!strstr(sbuf, "<proceed"))
+ if (seen <= 0)
goto shut;
- mbuf[0] = '\0';
- }
- break;
- case PROTO_TELNET:
- {
- static const unsigned char tls_do[] = {
- /* IAC DO START_TLS */
- 255, 253, 46
- };
- static const unsigned char tls_will[] = {
- /* IAC WILL START_TLS */
- 255, 251, 46
- };
- static const unsigned char tls_follows[] = {
- /* IAC SB START_TLS FOLLOWS IAC SE */
- 255, 250, 46, 1, 255, 240
- };
- int bytes;
- /* Telnet server should demand we issue START_TLS */
- bytes = BIO_read(sbio, mbuf, BUFSIZZ);
- if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
- goto shut;
- /* Agree to issue START_TLS and send the FOLLOWS sub-command */
- BIO_write(sbio, tls_will, 3);
- BIO_write(sbio, tls_follows, 6);
- (void)BIO_flush(sbio);
- /* Telnet server also sent the FOLLOWS sub-command */
- bytes = BIO_read(sbio, mbuf, BUFSIZZ);
- if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
- goto shut;
+ mbuf[seen] = '\0';
}
- break;
- case PROTO_IRC:
- {
- int numeric;
- BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_printf(sbio,
+ "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+ seen = BIO_read(sbio, sbuf, BUFSIZZ);
+ if (seen < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto shut;
+ }
+ sbuf[seen] = '\0';
+ if (!strstr(sbuf, "<proceed"))
+ goto shut;
+ mbuf[0] = '\0';
+ } break;
+ case PROTO_TELNET: {
+ static const unsigned char tls_do[] = {
+ /* IAC DO START_TLS */
+ 255, 253, 46
+ };
+ static const unsigned char tls_will[] = {
+ /* IAC WILL START_TLS */
+ 255, 251, 46
+ };
+ static const unsigned char tls_follows[] = {
+ /* IAC SB START_TLS FOLLOWS IAC SE */
+ 255, 250, 46, 1, 255, 240
+ };
+ int bytes;
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto end;
- }
- BIO_push(fbio, sbio);
- BIO_printf(fbio, "STARTTLS\r\n");
- (void)BIO_flush(fbio);
- width = SSL_get_fd(con) + 1;
+ /* Telnet server should demand we issue START_TLS */
+ bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
+ goto shut;
+ /* Agree to issue START_TLS and send the FOLLOWS sub-command */
+ BIO_write(sbio, tls_will, 3);
+ BIO_write(sbio, tls_follows, 6);
+ (void)BIO_flush(sbio);
+ /* Telnet server also sent the FOLLOWS sub-command */
+ bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
+ goto shut;
+ } break;
+ case PROTO_IRC: {
+ int numeric;
+ BIO *fbio = BIO_new(BIO_f_buffer());
- do {
- numeric = 0;
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto end;
+ }
+ BIO_push(fbio, sbio);
+ BIO_printf(fbio, "STARTTLS\r\n");
+ (void)BIO_flush(fbio);
+ width = SSL_get_fd(con) + 1;
- FD_ZERO(&readfds);
- openssl_fdset(SSL_get_fd(con), &readfds);
- timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
- timeout.tv_usec = 0;
- /*
- * If the IRCd doesn't respond within
- * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
- * it doesn't support STARTTLS. Many IRCds
- * will not give _any_ sort of response to a
- * STARTTLS command when it's not supported.
- */
- if (!BIO_get_buffer_num_lines(fbio)
- && !BIO_pending(fbio)
- && !BIO_pending(sbio)
- && select(width, (void *)&readfds, NULL, NULL,
- &timeout) < 1) {
- BIO_printf(bio_err,
- "Timeout waiting for response (%d seconds).\n",
- S_CLIENT_IRC_READ_TIMEOUT);
- break;
- }
+ do {
+ numeric = 0;
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
- break;
- /* :example.net 451 STARTTLS :You have not registered */
- /* :example.net 421 STARTTLS :Unknown command */
- if ((numeric == 451 || numeric == 421)
- && strstr(mbuf, "STARTTLS") != NULL) {
- BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
- break;
- }
- if (numeric == 691) {
- BIO_printf(bio_err, "STARTTLS negotiation failed: ");
- ERR_print_errors(bio_err);
- break;
- }
- } while (numeric != 670);
+ FD_ZERO(&readfds);
+ openssl_fdset(SSL_get_fd(con), &readfds);
+ timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
+ timeout.tv_usec = 0;
+ /*
+ * If the IRCd doesn't respond within
+ * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
+ * it doesn't support STARTTLS. Many IRCds
+ * will not give _any_ sort of response to a
+ * STARTTLS command when it's not supported.
+ */
+ if (!BIO_get_buffer_num_lines(fbio)
+ && !BIO_pending(fbio)
+ && !BIO_pending(sbio)
+ && select(width, (void *)&readfds, NULL, NULL,
+ &timeout)
+ < 1) {
+ BIO_printf(bio_err,
+ "Timeout waiting for response (%d seconds).\n",
+ S_CLIENT_IRC_READ_TIMEOUT);
+ break;
+ }
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (numeric != 670) {
- BIO_printf(bio_err, "Server does not support STARTTLS.\n");
- ret = 1;
- goto shut;
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
+ break;
+ /* :example.net 451 STARTTLS :You have not registered */
+ /* :example.net 421 STARTTLS :Unknown command */
+ if ((numeric == 451 || numeric == 421)
+ && strstr(mbuf, "STARTTLS") != NULL) {
+ BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+ break;
}
+ if (numeric == 691) {
+ BIO_printf(bio_err, "STARTTLS negotiation failed: ");
+ ERR_print_errors(bio_err);
+ break;
+ }
+ } while (numeric != 670);
+
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (numeric != 670) {
+ BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+ ret = 1;
+ goto shut;
}
- break;
- case PROTO_MYSQL:
- {
- /* SSL request packet */
- static const unsigned char ssl_req[] = {
- /* payload_length, sequence_id */
- 0x20, 0x00, 0x00, 0x01,
- /* payload */
- /* capability flags, CLIENT_SSL always set */
- 0x85, 0xae, 0x7f, 0x00,
- /* max-packet size */
- 0x00, 0x00, 0x00, 0x01,
- /* character set */
- 0x21,
- /* string[23] reserved (all [0]) */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- int bytes = 0;
- int ssl_flg = 0x800;
- int pos;
- const unsigned char *packet = (const unsigned char *)sbuf;
+ } break;
+ case PROTO_MYSQL: {
+ /* SSL request packet */
+ static const unsigned char ssl_req[] = {
+ /* payload_length, sequence_id */
+ 0x20, 0x00, 0x00, 0x01,
+ /* payload */
+ /* capability flags, CLIENT_SSL always set */
+ 0x85, 0xae, 0x7f, 0x00,
+ /* max-packet size */
+ 0x00, 0x00, 0x00, 0x01,
+ /* character set */
+ 0x21,
+ /* string[23] reserved (all [0]) */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ int bytes = 0;
+ int ssl_flg = 0x800;
+ int pos;
+ const unsigned char *packet = (const unsigned char *)sbuf;
- /* Receiving Initial Handshake packet. */
- bytes = BIO_read(sbio, (void *)packet, BUFSIZZ);
- if (bytes < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto shut;
+ /* Receiving Initial Handshake packet. */
+ bytes = BIO_read(sbio, (void *)packet, BUFSIZZ);
+ if (bytes < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto shut;
/* Packet length[3], Packet number[1] + minimum payload[17] */
- } else if (bytes < 21) {
- BIO_printf(bio_err, "MySQL packet too short.\n");
- goto shut;
- } else if (bytes != (4 + packet[0] +
- (packet[1] << 8) +
- (packet[2] << 16))) {
- BIO_printf(bio_err, "MySQL packet length does not match.\n");
- goto shut;
+ } else if (bytes < 21) {
+ BIO_printf(bio_err, "MySQL packet too short.\n");
+ goto shut;
+ } else if (bytes != (4 + packet[0] + (packet[1] << 8) + (packet[2] << 16))) {
+ BIO_printf(bio_err, "MySQL packet length does not match.\n");
+ goto shut;
/* protocol version[1] */
- } else if (packet[4] != 0xA) {
- BIO_printf(bio_err,
- "Only MySQL protocol version 10 is supported.\n");
- goto shut;
- }
-
- pos = 5;
- /* server version[string+NULL] */
- for (;;) {
- if (pos >= bytes) {
- BIO_printf(bio_err, "Cannot confirm server version. ");
- goto shut;
- } else if (packet[pos++] == '\0') {
- break;
- }
- }
+ } else if (packet[4] != 0xA) {
+ BIO_printf(bio_err,
+ "Only MySQL protocol version 10 is supported.\n");
+ goto shut;
+ }
- /* make sure we have at least 15 bytes left in the packet */
- if (pos + 15 > bytes) {
- BIO_printf(bio_err,
- "MySQL server handshake packet is broken.\n");
+ pos = 5;
+ /* server version[string+NULL] */
+ for (;;) {
+ if (pos >= bytes) {
+ BIO_printf(bio_err, "Cannot confirm server version. ");
goto shut;
+ } else if (packet[pos++] == '\0') {
+ break;
}
+ }
- pos += 12; /* skip over conn id[4] + SALT[8] */
- if (packet[pos++] != '\0') { /* verify filler */
- BIO_printf(bio_err,
- "MySQL packet is broken.\n");
- goto shut;
- }
+ /* make sure we have at least 15 bytes left in the packet */
+ if (pos + 15 > bytes) {
+ BIO_printf(bio_err,
+ "MySQL server handshake packet is broken.\n");
+ goto shut;
+ }
- /* capability flags[2] */
- if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) {
- BIO_printf(bio_err, "MySQL server does not support SSL.\n");
- goto shut;
- }
+ pos += 12; /* skip over conn id[4] + SALT[8] */
+ if (packet[pos++] != '\0') { /* verify filler */
+ BIO_printf(bio_err,
+ "MySQL packet is broken.\n");
+ goto shut;
+ }
- /* Sending SSL Handshake packet. */
- BIO_write(sbio, ssl_req, sizeof(ssl_req));
- (void)BIO_flush(sbio);
+ /* capability flags[2] */
+ if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) {
+ BIO_printf(bio_err, "MySQL server does not support SSL.\n");
+ goto shut;
}
- break;
- case PROTO_POSTGRES:
- {
- static const unsigned char ssl_request[] = {
- /* Length SSLRequest */
- 0, 0, 0, 8, 4, 210, 22, 47
- };
- int bytes;
- /* Send SSLRequest packet */
- BIO_write(sbio, ssl_request, 8);
- (void)BIO_flush(sbio);
+ /* Sending SSL Handshake packet. */
+ BIO_write(sbio, ssl_req, sizeof(ssl_req));
+ (void)BIO_flush(sbio);
+ } break;
+ case PROTO_POSTGRES: {
+ static const unsigned char ssl_request[] = {
+ /* Length SSLRequest */
+ 0, 0, 0, 8, 4, 210, 22, 47
+ };
+ int bytes;
- /* Reply will be a single S if SSL is enabled */
- bytes = BIO_read(sbio, sbuf, BUFSIZZ);
- if (bytes != 1 || sbuf[0] != 'S')
- goto shut;
- }
- break;
- case PROTO_NNTP:
- {
- int foundit = 0;
- BIO *fbio = BIO_new(BIO_f_buffer());
+ /* Send SSLRequest packet */
+ BIO_write(sbio, ssl_request, 8);
+ (void)BIO_flush(sbio);
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto end;
- }
- BIO_push(fbio, sbio);
- BIO_gets(fbio, mbuf, BUFSIZZ);
- /* STARTTLS command requires CAPABILITIES... */
- BIO_printf(fbio, "CAPABILITIES\r\n");
- (void)BIO_flush(fbio);
- BIO_gets(fbio, mbuf, BUFSIZZ);
- /* no point in trying to parse the CAPABILITIES response if there is none */
- if (strstr(mbuf, "101") != NULL) {
- /* wait for multi-line CAPABILITIES response */
- do {
- mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- if (strstr(mbuf, "STARTTLS"))
- foundit = 1;
- } while (mbuf_len > 1 && mbuf[0] != '.');
- }
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "Didn't find STARTTLS in server response,"
- " trying anyway...\n");
- BIO_printf(sbio, "STARTTLS\r\n");
- mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
- if (mbuf_len < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto end;
- }
- mbuf[mbuf_len] = '\0';
- if (strstr(mbuf, "382") == NULL) {
- BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
- goto shut;
- }
- }
- break;
- case PROTO_SIEVE:
- {
- int foundit = 0;
- BIO *fbio = BIO_new(BIO_f_buffer());
+ /* Reply will be a single S if SSL is enabled */
+ bytes = BIO_read(sbio, sbuf, BUFSIZZ);
+ if (bytes != 1 || sbuf[0] != 'S')
+ goto shut;
+ } break;
+ case PROTO_NNTP: {
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
- if (fbio == NULL) {
- BIO_printf(bio_err, "Unable to create BIO\n");
- goto end;
- }
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from Sieve */
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto end;
+ }
+ BIO_push(fbio, sbio);
+ BIO_gets(fbio, mbuf, BUFSIZZ);
+ /* STARTTLS command requires CAPABILITIES... */
+ BIO_printf(fbio, "CAPABILITIES\r\n");
+ (void)BIO_flush(fbio);
+ BIO_gets(fbio, mbuf, BUFSIZZ);
+ /* no point in trying to parse the CAPABILITIES response if there is none */
+ if (strstr(mbuf, "101") != NULL) {
+ /* wait for multi-line CAPABILITIES response */
do {
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
- /*
- * According to RFC 5804 § 1.7, capability
- * is case-insensitive, make it uppercase
- */
- if (mbuf_len > 1 && mbuf[0] == '"') {
- make_uppercase(mbuf);
- if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0)
- foundit = 1;
- }
- } while (mbuf_len > 1 && mbuf[0] == '"');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "Didn't find STARTTLS in server response,"
- " trying anyway...\n");
- BIO_printf(sbio, "STARTTLS\r\n");
- mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
- if (mbuf_len < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto end;
- }
- mbuf[mbuf_len] = '\0';
- if (mbuf_len < 2) {
- BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
- goto shut;
- }
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ } while (mbuf_len > 1 && mbuf[0] != '.');
+ }
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "Didn't find STARTTLS in server response,"
+ " trying anyway...\n");
+ BIO_printf(sbio, "STARTTLS\r\n");
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (mbuf_len < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto end;
+ }
+ mbuf[mbuf_len] = '\0';
+ if (strstr(mbuf, "382") == NULL) {
+ BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+ goto shut;
+ }
+ } break;
+ case PROTO_SIEVE: {
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+
+ if (fbio == NULL) {
+ BIO_printf(bio_err, "Unable to create BIO\n");
+ goto end;
+ }
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from Sieve */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
/*
- * According to RFC 5804 § 2.2, response codes are case-
- * insensitive, make it uppercase but preserve the response.
+ * According to RFC 5804 § 1.7, capability
+ * is case-insensitive, make it uppercase
*/
- strncpy(sbuf, mbuf, 2);
- make_uppercase(sbuf);
- if (strncmp(sbuf, "OK", 2) != 0) {
- BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
- goto shut;
+ if (mbuf_len > 1 && mbuf[0] == '"') {
+ make_uppercase(mbuf);
+ if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0)
+ foundit = 1;
}
+ } while (mbuf_len > 1 && mbuf[0] == '"');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "Didn't find STARTTLS in server response,"
+ " trying anyway...\n");
+ BIO_printf(sbio, "STARTTLS\r\n");
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (mbuf_len < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto end;
}
- break;
- case PROTO_LDAP:
- {
- /* StartTLS Operation according to RFC 4511 */
- static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n"
- "[LDAPMessage]\n"
- "messageID=INTEGER:1\n"
- "extendedReq=EXPLICIT:23A,IMPLICIT:0C,"
- "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
- long errline = -1;
- char *genstr = NULL;
- int result = -1;
- ASN1_TYPE *atyp = NULL;
- BIO *ldapbio = BIO_new(BIO_s_mem());
- CONF *cnf = NCONF_new(NULL);
+ mbuf[mbuf_len] = '\0';
+ if (mbuf_len < 2) {
+ BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+ goto shut;
+ }
+ /*
+ * According to RFC 5804 § 2.2, response codes are case-
+ * insensitive, make it uppercase but preserve the response.
+ */
+ strncpy(sbuf, mbuf, 2);
+ make_uppercase(sbuf);
+ if (strncmp(sbuf, "OK", 2) != 0) {
+ BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+ goto shut;
+ }
+ } break;
+ case PROTO_LDAP: {
+ /* StartTLS Operation according to RFC 4511 */
+ static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n"
+ "[LDAPMessage]\n"
+ "messageID=INTEGER:1\n"
+ "extendedReq=EXPLICIT:23A,IMPLICIT:0C,"
+ "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+ long errline = -1;
+ char *genstr = NULL;
+ int result = -1;
+ ASN1_TYPE *atyp = NULL;
+ BIO *ldapbio = BIO_new(BIO_s_mem());
+ CONF *cnf = NCONF_new(NULL);
- if (ldapbio == NULL || cnf == NULL) {
- BIO_free(ldapbio);
- NCONF_free(cnf);
- goto end;
- }
- BIO_puts(ldapbio, ldap_tls_genconf);
- if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) {
- BIO_free(ldapbio);
- NCONF_free(cnf);
- if (errline <= 0) {
- BIO_printf(bio_err, "NCONF_load_bio failed\n");
- goto end;
- } else {
- BIO_printf(bio_err, "Error on line %ld\n", errline);
- goto end;
- }
- }
+ if (ldapbio == NULL || cnf == NULL) {
+ BIO_free(ldapbio);
+ NCONF_free(cnf);
+ goto end;
+ }
+ BIO_puts(ldapbio, ldap_tls_genconf);
+ if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) {
BIO_free(ldapbio);
- genstr = NCONF_get_string(cnf, "default", "asn1");
- if (genstr == NULL) {
- NCONF_free(cnf);
- BIO_printf(bio_err, "NCONF_get_string failed\n");
+ NCONF_free(cnf);
+ if (errline <= 0) {
+ BIO_printf(bio_err, "NCONF_load_bio failed\n");
goto end;
- }
- atyp = ASN1_generate_nconf(genstr, cnf);
- if (atyp == NULL) {
- NCONF_free(cnf);
- BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+ } else {
+ BIO_printf(bio_err, "Error on line %ld\n", errline);
goto end;
}
+ }
+ BIO_free(ldapbio);
+ genstr = NCONF_get_string(cnf, "default", "asn1");
+ if (genstr == NULL) {
+ NCONF_free(cnf);
+ BIO_printf(bio_err, "NCONF_get_string failed\n");
+ goto end;
+ }
+ atyp = ASN1_generate_nconf(genstr, cnf);
+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
NCONF_free(cnf);
-
- /* Send SSLRequest packet */
- BIO_write(sbio, atyp->value.sequence->data,
- atyp->value.sequence->length);
- (void)BIO_flush(sbio);
ASN1_TYPE_free(atyp);
+ BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+ goto end;
+ }
+ NCONF_free(cnf);
- mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
- if (mbuf_len < 0) {
- BIO_printf(bio_err, "BIO_read failed\n");
- goto end;
- }
- result = ldap_ExtendedResponse_parse(mbuf, mbuf_len);
- if (result < 0) {
- BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n");
- goto shut;
- } else if (result > 0) {
- BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n",
- result);
- goto shut;
- }
- mbuf_len = 0;
+ /* Send SSLRequest packet */
+ BIO_write(sbio, atyp->value.sequence->data,
+ atyp->value.sequence->length);
+ (void)BIO_flush(sbio);
+ ASN1_TYPE_free(atyp);
+
+ mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (mbuf_len < 0) {
+ BIO_printf(bio_err, "BIO_read failed\n");
+ goto end;
}
- break;
+ result = ldap_ExtendedResponse_parse(mbuf, mbuf_len);
+ if (result < 0) {
+ BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n");
+ goto shut;
+ } else if (result > 0) {
+ BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n",
+ result);
+ goto shut;
+ }
+ mbuf_len = 0;
+ } break;
}
if (early_data_file != NULL
- && ((SSL_get0_session(con) != NULL
- && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
- || (psksess != NULL
- && SSL_SESSION_get_max_early_data(psksess) > 0))) {
+ && ((SSL_get0_session(con) != NULL
+ && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
+ || (psksess != NULL
+ && SSL_SESSION_get_max_early_data(psksess) > 0))) {
BIO *edfile = BIO_new_file(early_data_file, "r");
size_t readbytes, writtenbytes;
int finish = 0;
@@ -2729,7 +2787,7 @@ int s_client_main(int argc, char **argv)
timeoutp = NULL;
if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0
- && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
+ && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
in_init = 1;
tty_on = 0;
} else {
@@ -2755,7 +2813,7 @@ int s_client_main(int argc, char **argv)
if (reconnect) {
reconnect--;
BIO_printf(bio_c_out,
- "drop connection and then reconnect\n");
+ "drop connection and then reconnect\n");
do_ssl_shutdown(con);
SSL_set_connect_state(con);
BIO_closesocket(SSL_get_fd(con));
@@ -2815,20 +2873,20 @@ int s_client_main(int argc, char **argv)
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
- NULL, &tv);
+ NULL, &tv);
if (!i && (!has_stdin_waiting() || !read_tty))
continue;
} else
i = select(width, (void *)&readfds, (void *)&writefds,
- NULL, timeoutp);
+ NULL, timeoutp);
}
#else
i = select(width, (void *)&readfds, (void *)&writefds,
- NULL, timeoutp);
+ NULL, timeoutp);
#endif
if (i < 0) {
BIO_printf(bio_err, "bad select %d\n",
- get_last_socket_error());
+ get_last_socket_error());
goto shut;
}
}
@@ -2848,7 +2906,7 @@ int s_client_main(int argc, char **argv)
if (cbuf_len <= 0) {
read_tty = 1;
write_ssl = 0;
- } else { /* if (cbuf_len > 0) */
+ } else { /* if (cbuf_len > 0) */
read_tty = 0;
write_ssl = 1;
@@ -2888,7 +2946,7 @@ int s_client_main(int argc, char **argv)
case SSL_ERROR_SYSCALL:
if ((k != 0) || (cbuf_len != 0)) {
BIO_printf(bio_err, "write:errno=%d\n",
- get_last_socket_error());
+ get_last_socket_error());
goto shut;
} else {
read_tty = 1;
@@ -2936,7 +2994,7 @@ int s_client_main(int argc, char **argv)
}
}
#endif
- k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
+ k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */);
switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
@@ -3031,12 +3089,12 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
- } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
- && cmdletters) {
+ } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k')
+ && cmdletters) {
BIO_printf(bio_err, "KEYUPDATE\n");
SSL_key_update(con,
- cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED
- : SSL_KEY_UPDATE_NOT_REQUESTED);
+ cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED
+ : SSL_KEY_UPDATE_NOT_REQUESTED);
cbuf_len = 0;
} else {
cbuf_len = i;
@@ -3051,7 +3109,7 @@ int s_client_main(int argc, char **argv)
}
}
- shut:
+shut:
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
@@ -3073,15 +3131,15 @@ int s_client_main(int argc, char **argv)
* data. [In testing context this ensures that alerts are passed on...]
*/
timeout.tv_sec = 0;
- timeout.tv_usec = 500000; /* some extreme round-trip */
+ timeout.tv_usec = 500000; /* some extreme round-trip */
do {
FD_ZERO(&readfds);
openssl_fdset(sock, &readfds);
} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
- && BIO_read(sbio, sbuf, BUFSIZZ) > 0);
+ && BIO_read(sbio, sbuf, BUFSIZZ) > 0);
BIO_closesocket(SSL_get_fd(con));
- end:
+end:
if (con != NULL) {
if (prexit != 0)
print_stuff(bio_c_out, con, 1);
@@ -3161,9 +3219,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
public_key = X509_get_pubkey(sk_X509_value(sk, i));
if (public_key != NULL) {
BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n",
- OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)),
- EVP_PKEY_get_bits(public_key),
- OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i))));
+ OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)),
+ EVP_PKEY_get_bits(public_key),
+ OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i))));
EVP_PKEY_free(public_key);
}
BIO_printf(bio, " v:NotBefore: ");
@@ -3216,7 +3274,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
SCT *sct = sk_SCT_value(scts, i);
BIO_printf(bio, "SCT validation status: %s\n",
- SCT_validation_status_string(sct));
+ SCT_validation_status_string(sct));
SCT_print(sct, bio, 0, log_store);
if (i < sct_count - 1)
BIO_printf(bio, "\n---\n");
@@ -3227,32 +3285,32 @@ static void print_stuff(BIO *bio, SSL *s, int full)
#endif
BIO_printf(bio,
- "---\nSSL handshake has read %ju bytes "
- "and written %ju bytes\n",
- BIO_number_read(SSL_get_rbio(s)),
- BIO_number_written(SSL_get_wbio(s)));
+ "---\nSSL handshake has read %ju bytes "
+ "and written %ju bytes\n",
+ BIO_number_read(SSL_get_rbio(s)),
+ BIO_number_written(SSL_get_wbio(s)));
}
print_verify_detail(s, bio);
BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, "));
c = SSL_get_current_cipher(s);
BIO_printf(bio, "%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get0_pubkey(peer);
BIO_printf(bio, "Server public key is %d bit\n",
- EVP_PKEY_get_bits(pktmp));
+ EVP_PKEY_get_bits(pktmp));
}
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP
comp = SSL_get_current_compression(s);
expansion = SSL_get_current_expansion(s);
BIO_printf(bio, "Compression: %s\n",
- comp ? SSL_COMP_get_name(comp) : "NONE");
+ comp ? SSL_COMP_get_name(comp) : "NONE");
BIO_printf(bio, "Expansion: %s\n",
- expansion ? SSL_COMP_get_name(expansion) : "NONE");
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
#endif
#ifndef OPENSSL_NO_KTLS
if (BIO_get_ktls_send(SSL_get_wbio(s)))
@@ -3270,7 +3328,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if ((info.addr = BIO_ADDR_new()) != NULL
&& BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
- ntohs(BIO_ADDR_rawport(info.addr)));
+ ntohs(BIO_ADDR_rawport(info.addr)));
}
BIO_ADDR_free(info.addr);
}
@@ -3299,12 +3357,11 @@ static void print_stuff(BIO *bio, SSL *s, int full)
#ifndef OPENSSL_NO_SRTP
{
- SRTP_PROTECTION_PROFILE *srtp_profile =
- SSL_get_selected_srtp_profile(s);
+ SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s);
if (srtp_profile)
BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
- srtp_profile->name);
+ srtp_profile->name);
}
#endif
@@ -3321,7 +3378,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
case SSL_EARLY_DATA_ACCEPTED:
BIO_printf(bio, "Early data was accepted\n");
break;
-
}
/*
@@ -3331,7 +3387,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
*/
verify_result = SSL_get_verify_result(s);
BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result,
- X509_verify_cert_error_string(verify_result));
+ X509_verify_cert_error_string(verify_result));
} else {
/* In TLSv1.3 we do this on arrival of a NewSessionTicket */
SSL_SESSION_print(bio, SSL_get_session(s));
@@ -3343,10 +3399,11 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
exportedkeymat = app_malloc(keymatexportlen, "export key");
if (SSL_export_keying_material(s, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0) <= 0) {
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)
+ <= 0) {
BIO_printf(bio, " Error\n");
} else {
BIO_printf(bio, " Keying material: ");
@@ -3361,7 +3418,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
(void)BIO_flush(bio);
}
-# ifndef OPENSSL_NO_OCSP
+#ifndef OPENSSL_NO_OCSP
static int ocsp_resp_cb(SSL *s, void *arg)
{
const unsigned char *p;
@@ -3385,7 +3442,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
OCSP_RESPONSE_free(rsp);
return 1;
}
-# endif
+#endif
static int ldap_ExtendedResponse_parse(const char *buf, long rem)
{
@@ -3425,18 +3482,16 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
/* pull SEQUENCE */
inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
- if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE ||
- (rem = end - cur, len > rem)) {
+ if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || (rem = end - cur, len > rem)) {
BIO_printf(bio_err, "Unexpected LDAP response\n");
goto end;
}
- rem = len; /* ensure that we don't overstep the SEQUENCE */
+ rem = len; /* ensure that we don't overstep the SEQUENCE */
/* pull MessageID */
inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
- if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER ||
- (rem = end - cur, len > rem)) {
+ if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER || (rem = end - cur, len > rem)) {
BIO_printf(bio_err, "No MessageID\n");
goto end;
}
@@ -3446,8 +3501,7 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
/* pull [APPLICATION 24] */
rem = end - cur;
inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
- if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION ||
- tag != 24) {
+ if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION || tag != 24) {
BIO_printf(bio_err, "Not ExtendedResponse\n");
goto end;
}
@@ -3455,8 +3509,7 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
/* pull resultCode */
rem = end - cur;
inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
- if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 ||
- (rem = end - cur, len > rem)) {
+ if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 || (rem = end - cur, len > rem)) {
BIO_printf(bio_err, "Not LDAPResult\n");
goto end;
}
@@ -3467,7 +3520,7 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
ret |= cur[inf];
}
/* There is more data, but we don't care... */
- end:
+end:
return ret;
}
@@ -3536,4 +3589,4 @@ static int is_dNS_name(const char *host)
return isdnsname;
}
-#endif /* OPENSSL_NO_SOCK */
+#endif /* OPENSSL_NO_SOCK */
diff --git a/apps/s_server.c b/apps/s_server.c
index 3c3b209d62de..6c8b02c2a347 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -15,7 +15,7 @@
#include <string.h>
#if defined(_WIN32)
/* Included before async.h to avoid some warnings */
-# include <windows.h>
+#include <windows.h>
#endif
#include <openssl/e_os2.h>
@@ -32,7 +32,7 @@
* needed to have fileno() declared correctly... So let's define u_int
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-# define __U_INT
+#define __U_INT
typedef unsigned int u_int;
#endif
@@ -46,7 +46,7 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include <openssl/ocsp.h>
#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
+#include <openssl/dh.h>
#endif
#include <openssl/rsa.h>
#include "s_apps.h"
@@ -64,7 +64,7 @@ static void close_accept_socket(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx);
static int generate_session_id(SSL *ssl, unsigned char *id,
- unsigned int *id_len);
+ unsigned int *id_len);
static void init_session_cache_ctx(SSL_CTX *sctx);
static void free_sessions(void);
static void print_connection_info(SSL *con);
@@ -72,8 +72,8 @@ static void print_connection_info(SSL *con);
static const int bufsize = 16 * 1024;
static int accept_socket = -1;
-#define TEST_CERT "server.pem"
-#define TEST_CERT2 "server2.pem"
+#define TEST_CERT "server.pem"
+#define TEST_CERT2 "server2.pem"
static int s_nbio = 0;
static int s_nbio_test = 0;
@@ -116,14 +116,14 @@ static int early_data = 0;
static SSL_SESSION *psksess = NULL;
static char *psk_identity = "Client_identity";
-char *psk_key = NULL; /* by default PSK is not used */
+char *psk_key = NULL; /* by default PSK is not used */
static char http_server_binmode = 0; /* for now: 0/1 = default/binary */
#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
- unsigned char *psk,
- unsigned int max_psk_len)
+ unsigned char *psk,
+ unsigned int max_psk_len)
{
long key_len = 0;
unsigned char *key;
@@ -147,28 +147,29 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
}
if (s_debug)
BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
- (int)strlen(identity), identity);
+ (int)strlen(identity), identity);
/* here we could lookup the given identity e.g. from a database */
if (strcmp(identity, psk_identity) != 0) {
BIO_printf(bio_s_out, "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ " (got '%s' expected '%s')\n",
+ identity, psk_identity);
} else {
- if (s_debug)
- BIO_printf(bio_s_out, "PSK client identity found\n");
+ if (s_debug)
+ BIO_printf(bio_s_out, "PSK client identity found\n");
}
/* convert the PSK key to binary */
key = OPENSSL_hexstr2buf(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
+ psk_key);
return 0;
}
if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%ld)\n",
- max_psk_len, key_len);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
OPENSSL_free(key);
return 0;
}
@@ -179,7 +180,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
if (s_debug)
BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
return key_len;
- out_err:
+out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
(void)BIO_flush(bio_err);
@@ -189,7 +190,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
#endif
static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
- size_t identity_len, SSL_SESSION **sess)
+ size_t identity_len, SSL_SESSION **sess)
{
SSL_SESSION *tmpsess = NULL;
unsigned char *key;
@@ -197,7 +198,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
const SSL_CIPHER *cipher = NULL;
if (strlen(psk_identity) != identity_len
- || memcmp(psk_identity, identity, identity_len) != 0) {
+ || memcmp(psk_identity, identity, identity_len) != 0) {
*sess = NULL;
return 1;
}
@@ -211,7 +212,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
key = OPENSSL_hexstr2buf(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
+ psk_key);
return 0;
}
@@ -225,9 +226,9 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
tmpsess = SSL_SESSION_new();
if (tmpsess == NULL
- || !SSL_SESSION_set1_master_key(tmpsess, key, key_len)
- || !SSL_SESSION_set_cipher(tmpsess, cipher)
- || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
+ || !SSL_SESSION_set1_master_key(tmpsess, key, key_len)
+ || !SSL_SESSION_set_cipher(tmpsess, cipher)
+ || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
OPENSSL_free(key);
SSL_SESSION_free(tmpsess);
return 0;
@@ -254,7 +255,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
static int ebcdic_puts(BIO *bp, const char *str);
-# define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
+#define BIO_TYPE_EBCDIC_FILTER (18 | 0x0200)
static BIO_METHOD *methods_ebcdic = NULL;
/* This struct is "unwarranted chumminess with the compiler." */
@@ -267,7 +268,7 @@ static const BIO_METHOD *BIO_f_ebcdic_filter()
{
if (methods_ebcdic == NULL) {
methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter");
+ "EBCDIC/ASCII filter");
if (methods_ebcdic == NULL
|| !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
|| !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
@@ -336,10 +337,10 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
if (next == NULL)
return 0;
- wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
+ wbuf = (EBCDIC_OUTBUFF *)BIO_get_data(b);
if (inl > (num = wbuf->alloced)) {
- num = num + num; /* double the size */
+ num = num + num; /* double the size */
if (num < inl)
num = inl;
OPENSSL_free(wbuf);
@@ -383,7 +384,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
if (next == NULL)
return 0;
-/* return(BIO_gets(bp->next_bio,buf,size));*/
+ /* return(BIO_gets(bp->next_bio,buf,size));*/
for (i = 0; i < size - 1; ++i) {
ret = ebcdic_read(bp, &buf[i], 1);
if (ret <= 0)
@@ -415,7 +416,7 @@ typedef struct tlsextctx_st {
static int ssl_servername_cb(SSL *s, int *ad, void *arg)
{
- tlsextctx *p = (tlsextctx *) arg;
+ tlsextctx *p = (tlsextctx *)arg;
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (servername != NULL && p->biodebug != NULL) {
@@ -425,7 +426,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
while ((uc = *cp++) != 0)
BIO_printf(p->biodebug,
- (((uc) & ~127) == 0) && isprint(uc) ? "%c" : "\\x%02x", uc);
+ (((uc) & ~127) == 0) && isprint(uc) ? "%c" : "\\x%02x", uc);
BIO_printf(p->biodebug, "\"\n");
}
@@ -467,7 +468,7 @@ static tlsextstatusctx tlscstatp = { -1 };
* them until they were considered "expired".
*/
static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
- OCSP_RESPONSE **resp)
+ OCSP_RESPONSE **resp)
{
char *host = NULL, *port = NULL, *path = NULL;
char *proxy = NULL, *no_proxy = NULL;
@@ -487,17 +488,17 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
aia = X509_get1_ocsp(x);
if (aia != NULL) {
if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl,
- NULL, &host, &port, NULL, &path, NULL, NULL)) {
+ NULL, &host, &port, NULL, &path, NULL, NULL)) {
BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
goto err;
}
if (srctx->verbose)
BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
- sk_OPENSSL_STRING_value(aia, 0));
+ sk_OPENSSL_STRING_value(aia, 0));
} else {
if (srctx->host == NULL) {
BIO_puts(bio_err,
- "cert_status: no AIA and no default responder URL\n");
+ "cert_status: no AIA and no default responder URL\n");
goto done;
}
host = srctx->host;
@@ -512,11 +513,11 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
if (inctx == NULL)
goto err;
if (!X509_STORE_CTX_init(inctx,
- SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
- NULL, NULL))
+ SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+ NULL, NULL))
goto err;
obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
- X509_get_issuer_name(x));
+ X509_get_issuer_name(x));
if (obj == NULL) {
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
goto done;
@@ -539,7 +540,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
goto err;
}
*resp = process_responder(req, host, port, path, proxy, no_proxy,
- use_ssl, NULL /* headers */, srctx->timeout);
+ use_ssl, NULL /* headers */, srctx->timeout);
if (*resp == NULL) {
BIO_puts(bio_err, "cert_status: error querying responder\n");
goto done;
@@ -548,9 +549,9 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
ret = SSL_TLSEXT_ERR_OK;
goto done;
- err:
+err:
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- done:
+done:
/*
* If we parsed aia we need to free; otherwise they were copied and we
* don't
@@ -613,7 +614,7 @@ static int cert_status_cb(SSL *s, void *arg)
ret = SSL_TLSEXT_ERR_OK;
- err:
+err:
if (ret != SSL_TLSEXT_ERR_OK)
ERR_print_errors(bio_err);
@@ -631,7 +632,7 @@ typedef struct tlsextnextprotoctx_st {
} tlsextnextprotoctx;
static int next_proto_cb(SSL *s, const unsigned char **data,
- unsigned int *len, void *arg)
+ unsigned int *len, void *arg)
{
tlsextnextprotoctx *next_proto = arg;
@@ -640,7 +641,7 @@ static int next_proto_cb(SSL *s, const unsigned char **data,
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
/* This the context that we pass to alpn_cb */
typedef struct tlsextalpnctx_st {
@@ -649,7 +650,7 @@ typedef struct tlsextalpnctx_st {
} tlsextalpnctx;
static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
- const unsigned char *in, unsigned int inlen, void *arg)
+ const unsigned char *in, unsigned int inlen, void *arg)
{
tlsextalpnctx *alpn_ctx = arg;
@@ -666,9 +667,9 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
BIO_write(bio_s_out, "\n", 1);
}
- if (SSL_select_next_proto
- ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
- inlen) != OPENSSL_NPN_NEGOTIATED) {
+ if (SSL_select_next_proto((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
+ inlen)
+ != OPENSSL_NPN_NEGOTIATED) {
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
@@ -690,34 +691,127 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE,
- OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
- OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
- OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
- OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
- OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
- OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
- OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
- OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE,
+ OPT_4,
+ OPT_6,
+ OPT_ACCEPT,
+ OPT_PORT,
+ OPT_UNIX,
+ OPT_UNLINK,
+ OPT_NACCEPT,
+ OPT_VERIFY,
+ OPT_NAMEOPT,
+ OPT_UPPER_V_VERIFY,
+ OPT_CONTEXT,
+ OPT_CERT,
+ OPT_CRL,
+ OPT_CRL_DOWNLOAD,
+ OPT_SERVERINFO,
+ OPT_CERTFORM,
+ OPT_KEY,
+ OPT_KEYFORM,
+ OPT_PASS,
+ OPT_CERT_CHAIN,
+ OPT_DHPARAM,
+ OPT_DCERTFORM,
+ OPT_DCERT,
+ OPT_DKEYFORM,
+ OPT_DPASS,
+ OPT_DKEY,
+ OPT_DCERT_CHAIN,
+ OPT_NOCERT,
+ OPT_CAPATH,
+ OPT_NOCAPATH,
+ OPT_CHAINCAPATH,
+ OPT_VERIFYCAPATH,
+ OPT_NO_CACHE,
+ OPT_EXT_CACHE,
+ OPT_CRLFORM,
+ OPT_VERIFY_RET_ERROR,
+ OPT_VERIFY_QUIET,
+ OPT_BUILD_CHAIN,
+ OPT_CAFILE,
+ OPT_NOCAFILE,
+ OPT_CHAINCAFILE,
OPT_VERIFYCAFILE,
- OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE,
- OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
- OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
- OPT_STATUS_TIMEOUT, OPT_PROXY, OPT_NO_PROXY, OPT_STATUS_URL,
- OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
- OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE,
- OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
- OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK,
- OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW,
- OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG,
- OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
- OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
- OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS,
- OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
- OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SENDFILE,
- OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
- OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
- OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
- OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF,
+ OPT_CASTORE,
+ OPT_NOCASTORE,
+ OPT_CHAINCASTORE,
+ OPT_VERIFYCASTORE,
+ OPT_NBIO,
+ OPT_NBIO_TEST,
+ OPT_IGN_EOF,
+ OPT_NO_IGN_EOF,
+ OPT_DEBUG,
+ OPT_TLSEXTDEBUG,
+ OPT_STATUS,
+ OPT_STATUS_VERBOSE,
+ OPT_STATUS_TIMEOUT,
+ OPT_PROXY,
+ OPT_NO_PROXY,
+ OPT_STATUS_URL,
+ OPT_STATUS_FILE,
+ OPT_MSG,
+ OPT_MSGFILE,
+ OPT_TRACE,
+ OPT_SECURITY_DEBUG,
+ OPT_SECURITY_DEBUG_VERBOSE,
+ OPT_STATE,
+ OPT_CRLF,
+ OPT_QUIET,
+ OPT_BRIEF,
+ OPT_NO_DHE,
+ OPT_NO_RESUME_EPHEMERAL,
+ OPT_PSK_IDENTITY,
+ OPT_PSK_HINT,
+ OPT_PSK,
+ OPT_PSK_SESS,
+ OPT_SRPVFILE,
+ OPT_SRPUSERSEED,
+ OPT_REV,
+ OPT_WWW,
+ OPT_UPPER_WWW,
+ OPT_HTTP,
+ OPT_ASYNC,
+ OPT_SSL_CONFIG,
+ OPT_MAX_SEND_FRAG,
+ OPT_SPLIT_SEND_FRAG,
+ OPT_MAX_PIPELINES,
+ OPT_READ_BUF,
+ OPT_SSL3,
+ OPT_TLS1_3,
+ OPT_TLS1_2,
+ OPT_TLS1_1,
+ OPT_TLS1,
+ OPT_DTLS,
+ OPT_DTLS1,
+ OPT_DTLS1_2,
+ OPT_SCTP,
+ OPT_TIMEOUT,
+ OPT_MTU,
+ OPT_LISTEN,
+ OPT_STATELESS,
+ OPT_ID_PREFIX,
+ OPT_SERVERNAME,
+ OPT_SERVERNAME_FATAL,
+ OPT_CERT2,
+ OPT_KEY2,
+ OPT_NEXTPROTONEG,
+ OPT_ALPN,
+ OPT_SENDFILE,
+ OPT_SRTP_PROFILES,
+ OPT_KEYMATEXPORT,
+ OPT_KEYMATEXPORTLEN,
+ OPT_KEYLOG_FILE,
+ OPT_MAX_EARLY,
+ OPT_RECV_MAX_EARLY,
+ OPT_EARLY_DATA,
+ OPT_S_NUM_TICKETS,
+ OPT_ANTI_REPLAY,
+ OPT_NO_ANTI_REPLAY,
+ OPT_SCTP_LABEL_BUG,
+ OPT_HTTP_SERVER_BINMODE,
+ OPT_NOCANAMES,
+ OPT_IGNORE_UNEXPECTED_EOF,
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
@@ -727,239 +821,239 @@ typedef enum OPTION_choice {
const OPTIONS s_server_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"ssl_config", OPT_SSL_CONFIG, 's',
- "Configure SSL_CTX using the given configuration value"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "ssl_config", OPT_SSL_CONFIG, 's',
+ "Configure SSL_CTX using the given configuration value" },
#ifndef OPENSSL_NO_SSL_TRACE
- {"trace", OPT_TRACE, '-', "trace protocol messages"},
+ { "trace", OPT_TRACE, '-', "trace protocol messages" },
#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Network"),
- {"port", OPT_PORT, 'p',
- "TCP/IP port to listen on for connections (default is " PORT ")"},
- {"accept", OPT_ACCEPT, 's',
- "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"},
+ { "port", OPT_PORT, 'p',
+ "TCP/IP port to listen on for connections (default is " PORT ")" },
+ { "accept", OPT_ACCEPT, 's',
+ "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")" },
#ifdef AF_UNIX
- {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
- {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+ { "unix", OPT_UNIX, 's', "Unix domain socket to accept on" },
+ { "unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first" },
#endif
- {"4", OPT_4, '-', "Use IPv4 only"},
- {"6", OPT_6, '-', "Use IPv6 only"},
+ { "4", OPT_4, '-', "Use IPv4 only" },
+ { "6", OPT_6, '-', "Use IPv6 only" },
OPT_SECTION("Identity"),
- {"context", OPT_CONTEXT, 's', "Set session ID context"},
- {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
- {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
- {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store URI"},
- {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
- {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
- {"Verify", OPT_UPPER_V_VERIFY, 'n',
- "Turn on peer certificate verification, must have a cert"},
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT},
- {"cert2", OPT_CERT2, '<',
- "Certificate file to use for servername; default " TEST_CERT2},
- {"certform", OPT_CERTFORM, 'F',
- "Server certificate file format (PEM/DER/P12); has no effect"},
- {"cert_chain", OPT_CERT_CHAIN, '<',
- "Server certificate chain file in PEM format"},
- {"build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain"},
- {"serverinfo", OPT_SERVERINFO, 's',
- "PEM serverinfo file for certificate"},
- {"key", OPT_KEY, 's',
- "Private key file to use; default is -cert file or else" TEST_CERT},
- {"key2", OPT_KEY2, '<',
- "-Private Key file to use for servername if not in -cert2"},
- {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"},
- {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"},
- {"dcert", OPT_DCERT, '<',
- "Second server certificate file to use (usually for DSA)"},
- {"dcertform", OPT_DCERTFORM, 'F',
- "Second server certificate file format (PEM/DER/P12); has no effect"},
- {"dcert_chain", OPT_DCERT_CHAIN, '<',
- "second server certificate chain file in PEM format"},
- {"dkey", OPT_DKEY, '<',
- "Second private key file to use (usually for DSA)"},
- {"dkeyform", OPT_DKEYFORM, 'f',
- "Second key file format (ENGINE, other values ignored)"},
- {"dpass", OPT_DPASS, 's',
- "Second private key and cert file pass phrase source"},
- {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
- {"servername", OPT_SERVERNAME, 's',
- "Servername for HostName TLS extension"},
- {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
- "On servername mismatch send fatal alert (default warning alert)"},
- {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
- {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
- {"quiet", OPT_QUIET, '-', "No server output"},
- {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
- "Disable caching and tickets if ephemeral (EC)DH is used"},
- {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
- {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
- {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-',
- "Do not treat lack of close_notify from a peer as an error"},
- {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
- "Hex dump of all TLS extensions received"},
- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
- {"id_prefix", OPT_ID_PREFIX, 's',
- "Generate SSL/TLS session IDs prefixed by arg"},
- {"keymatexport", OPT_KEYMATEXPORT, 's',
- "Export keying material using label"},
- {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
- "Export len bytes of keying material; default 20"},
- {"CRL", OPT_CRL, '<', "CRL file to use"},
- {"CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM"},
- {"crl_download", OPT_CRL_DOWNLOAD, '-',
- "Download CRLs from distribution points in certificate CDP entries"},
- {"chainCAfile", OPT_CHAINCAFILE, '<',
- "CA file for certificate chain (PEM format)"},
- {"chainCApath", OPT_CHAINCAPATH, '/',
- "use dir as certificate store path to build CA certificate chain"},
- {"chainCAstore", OPT_CHAINCASTORE, ':',
- "use URI as certificate store to build CA certificate chain"},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<',
- "CA file for certificate verification (PEM format)"},
- {"verifyCApath", OPT_VERIFYCAPATH, '/',
- "use dir as certificate store path to verify CA certificate"},
- {"verifyCAstore", OPT_VERIFYCASTORE, ':',
- "use URI as certificate store to verify CA certificate"},
- {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
- {"ext_cache", OPT_EXT_CACHE, '-',
- "Disable internal cache, set up and use external cache"},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
- "Close connection on verification error"},
- {"verify_quiet", OPT_VERIFY_QUIET, '-',
- "No verify output except verify errors"},
- {"ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)"},
- {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF"},
+ { "context", OPT_CONTEXT, 's', "Set session ID context" },
+ { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" },
+ { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" },
+ { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store URI" },
+ { "nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)" },
+ { "verify", OPT_VERIFY, 'n', "Turn on peer certificate verification" },
+ { "Verify", OPT_UPPER_V_VERIFY, 'n',
+ "Turn on peer certificate verification, must have a cert" },
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
+ { "cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT },
+ { "cert2", OPT_CERT2, '<',
+ "Certificate file to use for servername; default " TEST_CERT2 },
+ { "certform", OPT_CERTFORM, 'F',
+ "Server certificate file format (PEM/DER/P12); has no effect" },
+ { "cert_chain", OPT_CERT_CHAIN, '<',
+ "Server certificate chain file in PEM format" },
+ { "build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain" },
+ { "serverinfo", OPT_SERVERINFO, 's',
+ "PEM serverinfo file for certificate" },
+ { "key", OPT_KEY, 's',
+ "Private key file to use; default is -cert file or else" TEST_CERT },
+ { "key2", OPT_KEY2, '<',
+ "-Private Key file to use for servername if not in -cert2" },
+ { "keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)" },
+ { "pass", OPT_PASS, 's', "Private key and cert file pass phrase source" },
+ { "dcert", OPT_DCERT, '<',
+ "Second server certificate file to use (usually for DSA)" },
+ { "dcertform", OPT_DCERTFORM, 'F',
+ "Second server certificate file format (PEM/DER/P12); has no effect" },
+ { "dcert_chain", OPT_DCERT_CHAIN, '<',
+ "second server certificate chain file in PEM format" },
+ { "dkey", OPT_DKEY, '<',
+ "Second private key file to use (usually for DSA)" },
+ { "dkeyform", OPT_DKEYFORM, 'f',
+ "Second key file format (ENGINE, other values ignored)" },
+ { "dpass", OPT_DPASS, 's',
+ "Second private key and cert file pass phrase source" },
+ { "dhparam", OPT_DHPARAM, '<', "DH parameters file to use" },
+ { "servername", OPT_SERVERNAME, 's',
+ "Servername for HostName TLS extension" },
+ { "servername_fatal", OPT_SERVERNAME_FATAL, '-',
+ "On servername mismatch send fatal alert (default warning alert)" },
+ { "nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio" },
+ { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" },
+ { "quiet", OPT_QUIET, '-', "No server output" },
+ { "no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
+ "Disable caching and tickets if ephemeral (EC)DH is used" },
+ { "www", OPT_WWW, '-', "Respond to a 'GET /' with a status page" },
+ { "WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path" },
+ { "ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-',
+ "Do not treat lack of close_notify from a peer as an error" },
+ { "tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received" },
+ { "HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers" },
+ { "id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg" },
+ { "keymatexport", OPT_KEYMATEXPORT, 's',
+ "Export keying material using label" },
+ { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+ "Export len bytes of keying material; default 20" },
+ { "CRL", OPT_CRL, '<', "CRL file to use" },
+ { "CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM" },
+ { "crl_download", OPT_CRL_DOWNLOAD, '-',
+ "Download CRLs from distribution points in certificate CDP entries" },
+ { "chainCAfile", OPT_CHAINCAFILE, '<',
+ "CA file for certificate chain (PEM format)" },
+ { "chainCApath", OPT_CHAINCAPATH, '/',
+ "use dir as certificate store path to build CA certificate chain" },
+ { "chainCAstore", OPT_CHAINCASTORE, ':',
+ "use URI as certificate store to build CA certificate chain" },
+ { "verifyCAfile", OPT_VERIFYCAFILE, '<',
+ "CA file for certificate verification (PEM format)" },
+ { "verifyCApath", OPT_VERIFYCAPATH, '/',
+ "use dir as certificate store path to verify CA certificate" },
+ { "verifyCAstore", OPT_VERIFYCASTORE, ':',
+ "use URI as certificate store to verify CA certificate" },
+ { "no_cache", OPT_NO_CACHE, '-', "Disable session cache" },
+ { "ext_cache", OPT_EXT_CACHE, '-',
+ "Disable internal cache, set up and use external cache" },
+ { "verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+ "Close connection on verification error" },
+ { "verify_quiet", OPT_VERIFY_QUIET, '-',
+ "No verify output except verify errors" },
+ { "ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)" },
+ { "no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF" },
#ifndef OPENSSL_NO_OCSP
OPT_SECTION("OCSP"),
- {"status", OPT_STATUS, '-', "Request certificate status from server"},
- {"status_verbose", OPT_STATUS_VERBOSE, '-',
- "Print more output in certificate status callback"},
- {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
- "Status request responder timeout"},
- {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
- {"proxy", OPT_PROXY, 's',
- "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
- {"no_proxy", OPT_NO_PROXY, 's',
- "List of addresses of servers not to use HTTP(S) proxy for"},
- {OPT_MORE_STR, 0, 0,
- "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
- {"status_file", OPT_STATUS_FILE, '<',
- "File containing DER encoded OCSP Response"},
+ { "status", OPT_STATUS, '-', "Request certificate status from server" },
+ { "status_verbose", OPT_STATUS_VERBOSE, '-',
+ "Print more output in certificate status callback" },
+ { "status_timeout", OPT_STATUS_TIMEOUT, 'n',
+ "Status request responder timeout" },
+ { "status_url", OPT_STATUS_URL, 's', "Status request fallback URL" },
+ { "proxy", OPT_PROXY, 's',
+ "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored" },
+ { "no_proxy", OPT_NO_PROXY, 's',
+ "List of addresses of servers not to use HTTP(S) proxy for" },
+ { OPT_MORE_STR, 0, 0,
+ "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" },
+ { "status_file", OPT_STATUS_FILE, '<',
+ "File containing DER encoded OCSP Response" },
#endif
OPT_SECTION("Debug"),
- {"security_debug", OPT_SECURITY_DEBUG, '-',
- "Print output from SSL/TLS security framework"},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
- "Print more output from SSL/TLS security framework"},
- {"brief", OPT_BRIEF, '-',
- "Restrict output to brief summary of connection parameters"},
- {"rev", OPT_REV, '-',
- "act as an echo server that sends back received text reversed"},
- {"debug", OPT_DEBUG, '-', "Print more output"},
- {"msg", OPT_MSG, '-', "Show protocol messages"},
- {"msgfile", OPT_MSGFILE, '>',
- "File to send output of -msg or -trace, instead of stdout"},
- {"state", OPT_STATE, '-', "Print the SSL states"},
- {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
- {"max_pipelines", OPT_MAX_PIPELINES, 'p',
- "Maximum number of encrypt/decrypt pipelines to be used"},
- {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
- {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
+ { "security_debug", OPT_SECURITY_DEBUG, '-',
+ "Print output from SSL/TLS security framework" },
+ { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+ "Print more output from SSL/TLS security framework" },
+ { "brief", OPT_BRIEF, '-',
+ "Restrict output to brief summary of connection parameters" },
+ { "rev", OPT_REV, '-',
+ "act as an echo server that sends back received text reversed" },
+ { "debug", OPT_DEBUG, '-', "Print more output" },
+ { "msg", OPT_MSG, '-', "Show protocol messages" },
+ { "msgfile", OPT_MSGFILE, '>',
+ "File to send output of -msg or -trace, instead of stdout" },
+ { "state", OPT_STATE, '-', "Print the SSL states" },
+ { "async", OPT_ASYNC, '-', "Operate in asynchronous mode" },
+ { "max_pipelines", OPT_MAX_PIPELINES, 'p',
+ "Maximum number of encrypt/decrypt pipelines to be used" },
+ { "naccept", OPT_NACCEPT, 'p', "Terminate after #num connections" },
+ { "keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file" },
OPT_SECTION("Network"),
- {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
- {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
- {"mtu", OPT_MTU, 'p', "Set link-layer MTU"},
- {"read_buf", OPT_READ_BUF, 'p',
- "Default read buffer size to be used for connections"},
- {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
- "Size used to split data for encrypt pipelines"},
- {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
+ { "nbio", OPT_NBIO, '-', "Use non-blocking IO" },
+ { "timeout", OPT_TIMEOUT, '-', "Enable timeouts" },
+ { "mtu", OPT_MTU, 'p', "Set link-layer MTU" },
+ { "read_buf", OPT_READ_BUF, 'p',
+ "Default read buffer size to be used for connections" },
+ { "split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+ "Size used to split data for encrypt pipelines" },
+ { "max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames " },
OPT_SECTION("Server identity"),
- {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
+ { "psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect" },
#ifndef OPENSSL_NO_PSK
- {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+ { "psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use" },
#endif
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
- {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
+ { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" },
+ { "psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from" },
#ifndef OPENSSL_NO_SRP
- {"srpvfile", OPT_SRPVFILE, '<', "(deprecated) The verifier file for SRP"},
- {"srpuserseed", OPT_SRPUSERSEED, 's',
- "(deprecated) A seed string for a default user salt"},
+ { "srpvfile", OPT_SRPVFILE, '<', "(deprecated) The verifier file for SRP" },
+ { "srpuserseed", OPT_SRPUSERSEED, 's',
+ "(deprecated) A seed string for a default user salt" },
#endif
OPT_SECTION("Protocol and version"),
- {"max_early_data", OPT_MAX_EARLY, 'n',
- "The maximum number of bytes of early data as advertised in tickets"},
- {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
- "The maximum number of bytes of early data (hard limit)"},
- {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"},
- {"num_tickets", OPT_S_NUM_TICKETS, 'n',
- "The number of TLSv1.3 session tickets that a server will automatically issue" },
- {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"},
- {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"},
- {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"},
- {"no_ca_names", OPT_NOCANAMES, '-',
- "Disable TLS Extension CA Names"},
- {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"},
+ { "max_early_data", OPT_MAX_EARLY, 'n',
+ "The maximum number of bytes of early data as advertised in tickets" },
+ { "recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
+ "The maximum number of bytes of early data (hard limit)" },
+ { "early_data", OPT_EARLY_DATA, '-', "Attempt to read early data" },
+ { "num_tickets", OPT_S_NUM_TICKETS, 'n',
+ "The number of TLSv1.3 session tickets that a server will automatically issue" },
+ { "anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)" },
+ { "no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection" },
+ { "http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)" },
+ { "no_ca_names", OPT_NOCANAMES, '-',
+ "Disable TLS Extension CA Names" },
+ { "stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies" },
#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+ { "ssl3", OPT_SSL3, '-', "Just talk SSLv3" },
#endif
#ifndef OPENSSL_NO_TLS1
- {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
+ { "tls1", OPT_TLS1, '-', "Just talk TLSv1" },
#endif
#ifndef OPENSSL_NO_TLS1_1
- {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
+ { "tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1" },
#endif
#ifndef OPENSSL_NO_TLS1_2
- {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
+ { "tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2" },
#endif
#ifndef OPENSSL_NO_TLS1_3
- {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"},
+ { "tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3" },
#endif
#ifndef OPENSSL_NO_DTLS
- {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
- {"listen", OPT_LISTEN, '-',
- "Listen for a DTLS ClientHello with a cookie and then connect"},
+ { "dtls", OPT_DTLS, '-', "Use any DTLS version" },
+ { "listen", OPT_LISTEN, '-',
+ "Listen for a DTLS ClientHello with a cookie and then connect" },
#endif
#ifndef OPENSSL_NO_DTLS1
- {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+ { "dtls1", OPT_DTLS1, '-', "Just talk DTLSv1" },
#endif
#ifndef OPENSSL_NO_DTLS1_2
- {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+ { "dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2" },
#endif
#ifndef OPENSSL_NO_SCTP
- {"sctp", OPT_SCTP, '-', "Use SCTP"},
- {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+ { "sctp", OPT_SCTP, '-', "Use SCTP" },
+ { "sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug" },
#endif
#ifndef OPENSSL_NO_SRTP
- {"use_srtp", OPT_SRTP_PROFILES, 's',
- "Offer SRTP key management with a colon-separated profile list"},
+ { "use_srtp", OPT_SRTP_PROFILES, 's',
+ "Offer SRTP key management with a colon-separated profile list" },
#endif
- {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+ { "no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH" },
#ifndef OPENSSL_NO_NEXTPROTONEG
- {"nextprotoneg", OPT_NEXTPROTONEG, 's',
- "Set the advertised protocols for the NPN extension (comma-separated list)"},
+ { "nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Set the advertised protocols for the NPN extension (comma-separated list)" },
#endif
- {"alpn", OPT_ALPN, 's',
- "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+ { "alpn", OPT_ALPN, 's',
+ "Set the advertised protocols for the ALPN extension (comma-separated list)" },
#ifndef OPENSSL_NO_KTLS
- {"sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW"},
+ { "sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW" },
#endif
OPT_R_OPTIONS,
@@ -967,12 +1061,12 @@ const OPTIONS s_server_options[] = {
OPT_V_OPTIONS,
OPT_X_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
-#define IS_PROT_FLAG(o) \
- (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
- || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
int s_server_main(int argc, char *argv[])
{
@@ -1076,7 +1170,7 @@ int s_server_main(int argc, char *argv[])
if (port == NULL || cctx == NULL || vpm == NULL)
goto end;
SSL_CONF_CTX_set_flags(cctx,
- SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_server_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -1088,13 +1182,13 @@ int s_server_main(int argc, char *argv[])
no_prot_opt++;
if (prot_opt == 1 && no_prot_opt) {
BIO_printf(bio_err,
- "Cannot supply both a protocol flag and '-no_<prot>'\n");
+ "Cannot supply both a protocol flag and '-no_<prot>'\n");
goto end;
}
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -1105,8 +1199,10 @@ int s_server_main(int argc, char *argv[])
case OPT_4:
#ifdef AF_UNIX
if (socket_family == AF_UNIX) {
- OPENSSL_free(host); host = NULL;
- OPENSSL_free(port); port = NULL;
+ OPENSSL_free(host);
+ host = NULL;
+ OPENSSL_free(port);
+ port = NULL;
}
#endif
socket_family = AF_INET;
@@ -1116,8 +1212,10 @@ int s_server_main(int argc, char *argv[])
#ifdef AF_INET6
#ifdef AF_UNIX
if (socket_family == AF_UNIX) {
- OPENSSL_free(host); host = NULL;
- OPENSSL_free(port); port = NULL;
+ OPENSSL_free(host);
+ host = NULL;
+ OPENSSL_free(port);
+ port = NULL;
}
#endif
socket_family = AF_INET6;
@@ -1133,12 +1231,14 @@ int s_server_main(int argc, char *argv[])
socket_family = AF_UNSPEC;
}
#endif
- OPENSSL_free(port); port = NULL;
- OPENSSL_free(host); host = NULL;
+ OPENSSL_free(port);
+ port = NULL;
+ OPENSSL_free(host);
+ host = NULL;
if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) {
BIO_printf(bio_err,
- "%s: -port argument malformed or ambiguous\n",
- port);
+ "%s: -port argument malformed or ambiguous\n",
+ prog);
goto end;
}
break;
@@ -1148,22 +1248,26 @@ int s_server_main(int argc, char *argv[])
socket_family = AF_UNSPEC;
}
#endif
- OPENSSL_free(port); port = NULL;
- OPENSSL_free(host); host = NULL;
+ OPENSSL_free(port);
+ port = NULL;
+ OPENSSL_free(host);
+ host = NULL;
if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) {
BIO_printf(bio_err,
- "%s: -accept argument malformed or ambiguous\n",
- port);
+ "%s: -accept argument malformed or ambiguous\n",
+ prog);
goto end;
}
break;
#ifdef AF_UNIX
case OPT_UNIX:
socket_family = AF_UNIX;
- OPENSSL_free(host); host = OPENSSL_strdup(opt_arg());
+ OPENSSL_free(host);
+ host = OPENSSL_strdup(opt_arg());
if (host == NULL)
goto end;
- OPENSSL_free(port); port = NULL;
+ OPENSSL_free(port);
+ port = NULL;
break;
case OPT_UNLINK:
unlink_unix_path = 1;
@@ -1179,14 +1283,12 @@ int s_server_main(int argc, char *argv[])
BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_UPPER_V_VERIFY:
- s_server_verify =
- SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
- SSL_VERIFY_CLIENT_ONCE;
+ s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
verify_args.depth = atoi(opt_arg());
if (!s_quiet)
BIO_printf(bio_err,
- "verify depth is %d, must return a certificate\n",
- verify_args.depth);
+ "verify depth is %d, must return a certificate\n",
+ verify_args.depth);
break;
case OPT_CONTEXT:
context = (unsigned char *)opt_arg();
@@ -1375,8 +1477,8 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_OCSP
s_tlsextstatus = 1;
if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL,
- &tlscstatp.host, &tlscstatp.port, NULL,
- &tlscstatp.path, NULL, NULL)) {
+ &tlscstatp.host, &tlscstatp.port, NULL,
+ &tlscstatp.path, NULL, NULL)) {
BIO_printf(bio_err, "Error parsing -status_url argument\n");
goto end;
}
@@ -1574,7 +1676,7 @@ int s_server_main(int argc, char *argv[])
s_key_file2 = opt_arg();
break;
case OPT_NEXTPROTONEG:
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
#endif
break;
@@ -1685,13 +1787,13 @@ int s_server_main(int argc, char *argv[])
#ifdef AF_UNIX
if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
- "Can't use unix sockets and datagrams together\n");
+ "Can't use unix sockets and datagrams together\n");
goto end;
}
#endif
if (early_data && (www > 0 || rev)) {
BIO_printf(bio_err,
- "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
goto end;
}
@@ -1729,29 +1831,29 @@ int s_server_main(int argc, char *argv[])
if (nocert == 0) {
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
- "server certificate private key");
+ "server certificate private key");
if (s_key == NULL)
goto end;
s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass,
- "server certificate");
+ "server certificate");
if (s_cert == NULL)
goto end;
if (s_chain_file != NULL) {
if (!load_certs(s_chain_file, 0, &s_chain, NULL,
- "server certificate chain"))
+ "server certificate chain"))
goto end;
}
if (tlsextcbp.servername != NULL) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
- "second server certificate private key");
+ "second server certificate private key");
if (s_key2 == NULL)
goto end;
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass,
- "second server certificate");
+ "second server certificate");
if (s_cert2 == NULL)
goto end;
@@ -1791,12 +1893,12 @@ int s_server_main(int argc, char *argv[])
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, engine, "second certificate private key");
+ 0, dpass, engine, "second certificate private key");
if (s_dkey == NULL)
goto end;
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass,
- "second server certificate");
+ "second server certificate");
if (s_dcert == NULL) {
ERR_print_errors(bio_err);
@@ -1804,10 +1906,9 @@ int s_server_main(int argc, char *argv[])
}
if (s_dchain_file != NULL) {
if (!load_certs(s_dchain_file, 0, &s_dchain, NULL,
- "second server certificate chain"))
+ "second server certificate chain"))
goto end;
}
-
}
if (bio_s_out == NULL) {
@@ -1854,7 +1955,7 @@ int s_server_main(int argc, char *argv[])
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
- ssl_config);
+ ssl_config);
ERR_print_errors(bio_err);
goto end;
}
@@ -1874,7 +1975,7 @@ int s_server_main(int argc, char *argv[])
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
BIO_printf(bio_err,
- "warning: id_prefix is too long, only one new session will be possible\n");
+ "warning: id_prefix is too long, only one new session will be possible\n");
if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
BIO_printf(bio_err, "error setting 'id_prefix'\n");
ERR_print_errors(bio_err);
@@ -1908,20 +2009,20 @@ int s_server_main(int argc, char *argv[])
if (max_send_fragment > 0
&& !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
- prog, max_send_fragment);
+ prog, max_send_fragment);
goto end;
}
if (split_send_fragment > 0
&& !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
- prog, split_send_fragment);
+ prog, split_send_fragment);
goto end;
}
if (max_pipelines > 0
&& !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
- prog, max_pipelines);
+ prog, max_pipelines);
goto end;
}
@@ -1940,7 +2041,7 @@ int s_server_main(int argc, char *argv[])
#endif
if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) {
+ CAstore, noCAstore)) {
ERR_print_errors(bio_err);
goto end;
}
@@ -1953,9 +2054,9 @@ int s_server_main(int argc, char *argv[])
ssl_ctx_add_crls(ctx, crls, 0);
if (!ssl_load_stores(ctx,
- vfyCApath, vfyCAfile, vfyCAstore,
- chCApath, chCAfile, chCAstore,
- crls, crl_download)) {
+ vfyCApath, vfyCAfile, vfyCAstore,
+ chCApath, chCAfile, chCAstore,
+ crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
ERR_print_errors(bio_err);
goto end;
@@ -1978,7 +2079,7 @@ int s_server_main(int argc, char *argv[])
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
BIO_printf(bio_err,
- "warning: id_prefix is too long, only one new session will be possible\n");
+ "warning: id_prefix is too long, only one new session will be possible\n");
if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
BIO_printf(bio_err, "error setting 'id_prefix'\n");
ERR_print_errors(bio_err);
@@ -2003,7 +2104,7 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
if (!ctx_set_verify_locations(ctx2, CAfile, noCAfile, CApath,
- noCApath, CAstore, noCAstore)) {
+ noCApath, CAstore, noCAstore)) {
ERR_print_errors(bio_err);
goto end;
}
@@ -2020,7 +2121,7 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
- &next_proto);
+ &next_proto);
#endif
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
@@ -2032,7 +2133,7 @@ int s_server_main(int argc, char *argv[])
dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters");
else if (s_cert_file != NULL)
dhpkey = load_keyparams_suppress(s_cert_file, FORMAT_UNDEF, 0, "DH",
- "DH parameters", 1);
+ "DH parameters", 1);
if (dhpkey != NULL) {
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -2065,9 +2166,9 @@ int s_server_main(int argc, char *argv[])
if (ctx2 != NULL) {
if (dhfile != NULL) {
EVP_PKEY *dhpkey2 = load_keyparams_suppress(s_cert_file2,
- FORMAT_UNDEF,
- 0, "DH",
- "DH parameters", 1);
+ FORMAT_UNDEF,
+ 0, "DH",
+ "DH parameters", 1);
if (dhpkey2 != NULL) {
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -2110,11 +2211,11 @@ int s_server_main(int argc, char *argv[])
if (no_resume_ephemeral) {
SSL_CTX_set_not_resumable_session_callback(ctx,
- not_resumable_sess_cb);
+ not_resumable_sess_cb);
if (ctx2 != NULL)
SSL_CTX_set_not_resumable_session_callback(ctx2,
- not_resumable_sess_cb);
+ not_resumable_sess_cb);
}
#ifndef OPENSSL_NO_PSK
if (psk_key != NULL) {
@@ -2150,7 +2251,6 @@ int s_server_main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
-
}
if (psk_key != NULL || psksess != NULL)
@@ -2158,8 +2258,8 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx,
- (void *)&s_server_session_id_context,
- sizeof(s_server_session_id_context))) {
+ (void *)&s_server_session_id_context,
+ sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -2176,8 +2276,8 @@ int s_server_main(int argc, char *argv[])
if (ctx2 != NULL) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx2,
- (void *)&s_server_session_id_context,
- sizeof(s_server_session_id_context))) {
+ (void *)&s_server_session_id_context,
+ sizeof(s_server_session_id_context))) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -2192,11 +2292,11 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_SRP
if (srp_verifier_file != NULL) {
if (!set_up_srp_verifier_file(ctx, &srp_callback_parm, srpuserseed,
- srp_verifier_file))
+ srp_verifier_file))
goto end;
} else
#endif
- if (CAfile != NULL) {
+ if (CAfile != NULL) {
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
if (ctx2)
@@ -2232,10 +2332,10 @@ int s_server_main(int argc, char *argv[])
unlink(host);
#endif
do_server(&accept_socket, host, port, socket_family, socket_type, protocol,
- server_cb, context, naccept, bio_s_out);
+ server_cb, context, naccept, bio_s_out);
print_stats(bio_s_out, ctx);
ret = 0;
- end:
+end:
SSL_CTX_free(ctx);
SSL_SESSION_free(psksess);
set_keylog_file(NULL, NULL);
@@ -2279,38 +2379,38 @@ int s_server_main(int argc, char *argv[])
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
{
BIO_printf(bio, "%4ld items in the session cache\n",
- SSL_CTX_sess_number(ssl_ctx));
+ SSL_CTX_sess_number(ssl_ctx));
BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ssl_ctx));
+ SSL_CTX_sess_connect(ssl_ctx));
BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
- SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+ SSL_CTX_sess_connect_renegotiate(ssl_ctx));
BIO_printf(bio, "%4ld client connects that finished\n",
- SSL_CTX_sess_connect_good(ssl_ctx));
+ SSL_CTX_sess_connect_good(ssl_ctx));
BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
- SSL_CTX_sess_accept(ssl_ctx));
+ SSL_CTX_sess_accept(ssl_ctx));
BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
- SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+ SSL_CTX_sess_accept_renegotiate(ssl_ctx));
BIO_printf(bio, "%4ld server accepts that finished\n",
- SSL_CTX_sess_accept_good(ssl_ctx));
+ SSL_CTX_sess_accept_good(ssl_ctx));
BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
BIO_printf(bio, "%4ld session cache misses\n",
- SSL_CTX_sess_misses(ssl_ctx));
+ SSL_CTX_sess_misses(ssl_ctx));
BIO_printf(bio, "%4ld session cache timeouts\n",
- SSL_CTX_sess_timeouts(ssl_ctx));
+ SSL_CTX_sess_timeouts(ssl_ctx));
BIO_printf(bio, "%4ld callback cache hits\n",
- SSL_CTX_sess_cb_hits(ssl_ctx));
+ SSL_CTX_sess_cb_hits(ssl_ctx));
BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
- SSL_CTX_sess_cache_full(ssl_ctx),
- SSL_CTX_sess_get_cache_size(ssl_ctx));
+ SSL_CTX_sess_cache_full(ssl_ctx),
+ SSL_CTX_sess_get_cache_size(ssl_ctx));
}
static long int count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len,
- int argi, long argl, int ret, size_t *processed)
+ int argi, long argl, int ret, size_t *processed)
{
unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio);
switch (cmd) {
- case BIO_CB_READ: /* No break here */
+ case BIO_CB_READ: /* No break here */
case BIO_CB_GETS:
if (p_counter != NULL)
++*p_counter;
@@ -2342,11 +2442,11 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
struct timeval *timeoutp;
#endif
#ifndef OPENSSL_NO_DTLS
-# ifndef OPENSSL_NO_SCTP
+#ifndef OPENSSL_NO_SCTP
int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP);
-# else
+#else
int isdtls = (stype == SOCK_DGRAM);
-# endif
+#endif
#endif
buf = app_malloc(bufsize, "server buffer");
@@ -2370,7 +2470,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
if (context != NULL
&& !SSL_set_session_id_context(con, context,
- strlen((char *)context))) {
+ strlen((char *)context))) {
BIO_printf(bio_err, "Error setting session id context\n");
ret = -1;
goto err;
@@ -2383,11 +2483,11 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
}
#ifndef OPENSSL_NO_DTLS
if (isdtls) {
-# ifndef OPENSSL_NO_SCTP
+#ifndef OPENSSL_NO_SCTP
if (prot == IPPROTO_SCTP)
sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE);
else
-# endif
+#endif
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
if (sbio == NULL) {
BIO_printf(bio_err, "Unable to create BIO\n");
@@ -2408,7 +2508,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
if (socket_mtu) {
if (socket_mtu < DTLS_get_link_min_mtu(con)) {
BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
- DTLS_get_link_min_mtu(con));
+ DTLS_get_link_min_mtu(con));
ret = -1;
BIO_free(sbio);
goto err;
@@ -2424,9 +2524,9 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-# ifndef OPENSSL_NO_SCTP
+#ifndef OPENSSL_NO_SCTP
if (prot != IPPROTO_SCTP)
-# endif
+#endif
/* Turn on cookie exchange. Not necessary for SCTP */
SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
} else
@@ -2526,7 +2626,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
read_from_terminal = 0;
read_from_sslcon = SSL_has_pending(con)
- || (async && SSL_waiting_for_async(con));
+ || (async && SSL_waiting_for_async(con));
if (!read_from_sslcon) {
FD_ZERO(&readfds);
@@ -2620,24 +2720,22 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
SSL_renegotiate(con);
i = SSL_do_handshake(con);
printf("SSL_do_handshake -> %d\n", i);
- i = 0; /* 13; */
+ i = 0; /* 13; */
continue;
}
if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_set_verify(con,
- SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
- NULL);
+ SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+ NULL);
SSL_renegotiate(con);
i = SSL_do_handshake(con);
printf("SSL_do_handshake -> %d\n", i);
- i = 0; /* 13; */
+ i = 0; /* 13; */
continue;
}
if ((buf[0] == 'K' || buf[0] == 'k')
- && ((buf[1] == '\n') || (buf[1] == '\r'))) {
- SSL_key_update(con, buf[0] == 'K' ?
- SSL_KEY_UPDATE_REQUESTED
- : SSL_KEY_UPDATE_NOT_REQUESTED);
+ && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+ SSL_key_update(con, buf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED : SSL_KEY_UPDATE_NOT_REQUESTED);
i = SSL_do_handshake(con);
printf("SSL_do_handshake -> %d\n", i);
i = 0;
@@ -2658,7 +2756,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
}
if (buf[0] == 'P') {
static const char str[] = "Lets print some clear text\n";
- BIO_write(SSL_get_wbio(con), str, sizeof(str) -1);
+ BIO_write(SSL_get_wbio(con), str, sizeof(str) - 1);
}
if (buf[0] == 'S') {
print_stats(bio_s_out, SSL_get_SSL_CTX(con));
@@ -2734,7 +2832,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
* init_ssl_connection
*/
if ((!async || !SSL_waiting_for_async(con))
- && !SSL_is_init_finished(con)) {
+ && !SSL_is_init_finished(con)) {
/*
* Count number of reads during init_ssl_connection.
* It helps us to distinguish configuration errors from errors
@@ -2762,7 +2860,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
goto err;
}
} else {
- again:
+ again:
i = SSL_read(con, (char *)buf, bufsize);
#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
@@ -2813,7 +2911,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
}
}
}
- err:
+err:
if (con != NULL) {
BIO_printf(bio_s_out, "shutting down SSL\n");
do_ssl_shutdown(con);
@@ -2838,8 +2936,8 @@ static int is_retryable(SSL *con, int i)
/* If it's not a fatal error, it must be retryable */
return (err != SSL_ERROR_SSL)
- && (err != SSL_ERROR_SYSCALL)
- && (err != SSL_ERROR_ZERO_RETURN);
+ && (err != SSL_ERROR_SYSCALL)
+ && (err != SSL_ERROR_ZERO_RETURN);
}
static int init_ssl_connection(SSL *con)
@@ -2895,10 +2993,10 @@ static int init_ssl_connection(SSL *con)
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0
- && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
- && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
+ && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+ && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
BIO_printf(bio_err,
- "LOOKUP from certificate callback during accept\n");
+ "LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
if (i <= 0)
retry = is_retryable(con, i);
@@ -2908,9 +3006,9 @@ static int init_ssl_connection(SSL *con)
#ifndef OPENSSL_NO_SRP
while (i <= 0
- && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
- srp_callback_parm.login);
+ srp_callback_parm.login);
lookup_srp_user(&srp_callback_parm, bio_s_out);
@@ -2924,7 +3022,7 @@ static int init_ssl_connection(SSL *con)
if (i <= 0) {
if (((dtlslisten || stateless) && i == 0)
- || (!dtlslisten && !stateless && retry)) {
+ || (!dtlslisten && !stateless && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
return 1;
}
@@ -2934,7 +3032,7 @@ static int init_ssl_connection(SSL *con)
verify_err = SSL_get_verify_result(con);
if (verify_err != X509_V_OK) {
BIO_printf(bio_err, "verify error:%s\n",
- X509_verify_cert_error_string(verify_err));
+ X509_verify_cert_error_string(verify_err));
}
/* Always print any error messages */
ERR_print_errors(bio_err);
@@ -2996,13 +3094,13 @@ static void print_connection_info(SSL *con)
if (srtp_profile)
BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
- srtp_profile->name);
+ srtp_profile->name);
}
#endif
if (SSL_session_reused(con))
BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
@@ -3012,10 +3110,11 @@ static void print_connection_info(SSL *con)
BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen);
exportedkeymat = app_malloc(keymatexportlen, "export key");
if (SSL_export_keying_material(con, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0) <= 0) {
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)
+ <= 0) {
BIO_printf(bio_s_out, " Error\n");
} else {
BIO_printf(bio_s_out, " Keying material: ");
@@ -3088,7 +3187,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
if (context != NULL
&& !SSL_set_session_id_context(con, context,
- strlen((char *)context))) {
+ strlen((char *)context))) {
SSL_free(con);
goto err;
}
@@ -3142,7 +3241,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
for (;;) {
i = BIO_gets(io, buf, bufsize + 1);
- if (i < 0) { /* error */
+ if (i < 0) { /* error */
if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
if (!s_quiet)
ERR_print_errors(bio_err);
@@ -3162,14 +3261,13 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
ossl_sleep(1000);
continue;
}
- } else if (i == 0) { /* end of input */
+ } else if (i == 0) { /* end of input */
ret = 1;
goto end;
}
/* else we have data */
- if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
- ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
char *p;
X509 *peer = NULL;
STACK_OF(SSL_CIPHER) *sk;
@@ -3178,15 +3276,15 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
if (strncmp("GET /renegcert", buf, 14) == 0)
SSL_set_verify(con,
- SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
- NULL);
+ SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+ NULL);
i = SSL_renegotiate(con);
BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
/* Send the HelloRequest */
i = SSL_do_handshake(con);
if (i <= 0) {
BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
- SSL_get_error(con, i));
+ SSL_get_error(con, i));
ERR_print_errors(bio_err);
goto err;
}
@@ -3196,7 +3294,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
i = select(width, (void *)&readfds, NULL, NULL, NULL);
if (i <= 0 || !FD_ISSET(s, &readfds)) {
BIO_printf(bio_s_out,
- "Error waiting for client response\n");
+ "Error waiting for client response\n");
ERR_print_errors(bio_err);
goto err;
}
@@ -3210,7 +3308,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
}
BIO_puts(io,
- "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
BIO_puts(io, "<pre>\n");
/* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
@@ -3237,9 +3335,8 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
BIO_puts(io, "\n");
BIO_printf(io,
- "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(con) ?
- "" : " NOT");
+ "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
/*
* The following is evil and should not really be done
@@ -3250,7 +3347,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
for (i = 0; i < j; i++) {
c = sk_SSL_CIPHER_value(sk, i);
BIO_printf(io, "%-11s:%-25s ",
- SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
if ((((i + 1) % 2) == 0) && (i + 1 != j))
BIO_puts(io, "\n");
}
@@ -3258,7 +3355,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
p = SSL_get_shared_ciphers(con, buf, bufsize);
if (p != NULL) {
BIO_printf(io,
- "---\nCiphers common between both SSL end points:\n");
+ "---\nCiphers common between both SSL end points:\n");
j = i = 0;
while (*p) {
if (*p == ':') {
@@ -3279,11 +3376,10 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
ssl_print_groups(io, con, 0);
#endif
print_ca_names(io, con);
- BIO_printf(io, (SSL_session_reused(con)
- ? "---\nReused, " : "---\nNew, "));
+ BIO_printf(io, (SSL_session_reused(con) ? "---\nReused, " : "---\nNew, "));
c = SSL_get_current_cipher(con);
BIO_printf(io, "%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
SSL_SESSION_print(io, SSL_get_session(con));
BIO_printf(io, "---\n");
print_stats(io, SSL_get_SSL_CTX(con));
@@ -3300,11 +3396,10 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
- && (strncmp("GET /", buf, 5) == 0)) {
+ && (strncmp("GET /", buf, 5) == 0)) {
BIO *file;
char *p, *e;
- static const char *text =
- "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+ static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
p = &(buf[5]);
@@ -3376,14 +3471,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
if (www == 2) {
i = strlen(p);
- if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
- ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
- ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+ if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
BIO_puts(io,
- "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
else
BIO_puts(io,
- "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
}
/* send the file */
#ifndef OPENSSL_NO_KTLS
@@ -3466,7 +3559,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
}
}
}
- write_error:
+ write_error:
BIO_free(file);
break;
}
@@ -3480,11 +3573,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
} else
break;
}
- end:
+end:
/* make sure we re-use sessions */
do_ssl_shutdown(con);
- err:
+err:
OPENSSL_free(buf);
BIO_free(ssl_bio);
BIO_free_all(io);
@@ -3523,7 +3616,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
}
if (context != NULL
&& !SSL_set_session_id_context(con, context,
- strlen((char *)context))) {
+ strlen((char *)context))) {
SSL_free(con);
ERR_print_errors(bio_err);
goto err;
@@ -3590,7 +3683,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
for (;;) {
i = BIO_gets(io, buf, bufsize + 1);
- if (i < 0) { /* error */
+ if (i < 0) { /* error */
if (!BIO_should_retry(io)) {
if (!s_quiet)
ERR_print_errors(bio_err);
@@ -3610,7 +3703,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
ossl_sleep(1000);
continue;
}
- } else if (i == 0) { /* end of input */
+ } else if (i == 0) { /* end of input */
ret = 1;
BIO_printf(bio_err, "CONNECTION CLOSED\n");
goto end;
@@ -3637,11 +3730,11 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
}
}
}
- end:
+end:
/* make sure we re-use sessions */
do_ssl_shutdown(con);
- err:
+err:
OPENSSL_free(buf);
BIO_free(ssl_bio);
@@ -3651,7 +3744,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
#define MAX_SESSION_ID_ATTEMPTS 10
static int generate_session_id(SSL *ssl, unsigned char *id,
- unsigned int *id_len)
+ unsigned int *id_len)
{
unsigned int count = 0;
unsigned int session_id_prefix_len = strlen(session_id_prefix);
@@ -3667,11 +3760,8 @@ static int generate_session_id(SSL *ssl, unsigned char *id,
* conflicts.
*/
memcpy(id, session_id_prefix,
- (session_id_prefix_len < *id_len) ?
- session_id_prefix_len : *id_len);
- }
- while (SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
+ (session_id_prefix_len < *id_len) ? session_id_prefix_len : *id_len);
+ } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS));
if (count >= MAX_SESSION_ID_ATTEMPTS)
return 0;
return 1;
@@ -3734,7 +3824,7 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
}
static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen,
- int *do_copy)
+ int *do_copy)
{
simple_ssl_session *sess;
*do_copy = 0;
@@ -3773,8 +3863,7 @@ static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
static void init_session_cache_ctx(SSL_CTX *sctx)
{
SSL_CTX_set_session_cache_mode(sctx,
- SSL_SESS_CACHE_NO_INTERNAL |
- SSL_SESS_CACHE_SERVER);
+ SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_SERVER);
SSL_CTX_sess_set_new_cb(sctx, add_session);
SSL_CTX_sess_set_get_cb(sctx, get_session);
SSL_CTX_sess_set_remove_cb(sctx, del_session);
@@ -3793,4 +3882,4 @@ static void free_sessions(void)
first = NULL;
}
-#endif /* OPENSSL_NO_SOCK */
+#endif /* OPENSSL_NO_SOCK */
diff --git a/apps/s_time.c b/apps/s_time.c
index b77619156261..48f9d66df7db 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -24,10 +24,10 @@
#include <openssl/err.h>
#include "internal/sockets.h"
#if !defined(OPENSSL_SYS_MSDOS)
-# include <unistd.h>
+#include <unistd.h>
#endif
-#define SSL_CONNECT_NAME "localhost:4433"
+#define SSL_CONNECT_NAME "localhost:4433"
#define SECONDS 30
#define SECONDSSTR "30"
@@ -44,68 +44,86 @@ static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
- OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
- OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
- OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
- OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3,
+ OPT_CONNECT,
+ OPT_CIPHER,
+ OPT_CIPHERSUITES,
+ OPT_CERT,
+ OPT_NAMEOPT,
+ OPT_KEY,
+ OPT_CAPATH,
+ OPT_CAFILE,
+ OPT_CASTORE,
+ OPT_NOCAPATH,
+ OPT_NOCAFILE,
+ OPT_NOCASTORE,
+ OPT_NEW,
+ OPT_REUSE,
+ OPT_BUGS,
+ OPT_VERIFY,
+ OPT_TIME,
+ OPT_SSL3,
+ OPT_WWW,
+ OPT_TLS1,
+ OPT_TLS1_1,
+ OPT_TLS1_2,
+ OPT_TLS1_3,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_time_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Connection"),
- {"connect", OPT_CONNECT, 's',
- "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
- {"new", OPT_NEW, '-', "Just time new connections"},
- {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
- {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
- {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
- {"ciphersuites", OPT_CIPHERSUITES, 's',
- "Specify TLSv1.3 ciphersuites to be used"},
+ { "connect", OPT_CONNECT, 's',
+ "Where to connect as post:port (default is " SSL_CONNECT_NAME ")" },
+ { "new", OPT_NEW, '-', "Just time new connections" },
+ { "reuse", OPT_REUSE, '-', "Just time connection reuse" },
+ { "bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility" },
+ { "cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used" },
+ { "ciphersuites", OPT_CIPHERSUITES, 's',
+ "Specify TLSv1.3 ciphersuites to be used" },
#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+ { "ssl3", OPT_SSL3, '-', "Just use SSLv3" },
#endif
#ifndef OPENSSL_NO_TLS1
- {"tls1", OPT_TLS1, '-', "Just use TLSv1.0"},
+ { "tls1", OPT_TLS1, '-', "Just use TLSv1.0" },
#endif
#ifndef OPENSSL_NO_TLS1_1
- {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+ { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" },
#endif
#ifndef OPENSSL_NO_TLS1_2
- {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+ { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" },
#endif
#ifndef OPENSSL_NO_TLS1_3
- {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+ { "tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3" },
#endif
- {"verify", OPT_VERIFY, 'p',
- "Turn on peer certificate verification, set depth"},
- {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
- {"www", OPT_WWW, 's', "Fetch specified page from the site"},
+ { "verify", OPT_VERIFY, 'p',
+ "Turn on peer certificate verification, set depth" },
+ { "time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR },
+ { "www", OPT_WWW, 's', "Fetch specified page from the site" },
OPT_SECTION("Certificate"),
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
- {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
- {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
- {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
- {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
- {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
- {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store URI"},
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
+ { "cert", OPT_CERT, '<', "Cert file to use, PEM format assumed" },
+ { "key", OPT_KEY, '<', "File with key, PEM; default is -cert file" },
+ { "cafile", OPT_CAFILE, '<', "PEM format file of CA's" },
+ { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" },
+ { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" },
+ { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store URI" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
-#define START 0
-#define STOP 1
+#define START 0
+#define STOP 1
static double tm_Time_F(int s)
{
@@ -137,7 +155,7 @@ int s_time_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -156,7 +174,7 @@ int s_time_main(int argc, char **argv)
case OPT_VERIFY:
verify_args.depth = opt_int_arg();
BIO_printf(bio_err, "%s: verify depth is %d\n",
- prog, verify_args.depth);
+ prog, verify_args.depth);
break;
case OPT_CERT:
certfile = opt_arg();
@@ -260,7 +278,7 @@ int s_time_main(int argc, char **argv)
goto end;
if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) {
+ CAstore, noCAstore)) {
ERR_print_errors(bio_err);
goto end;
}
@@ -282,7 +300,7 @@ int s_time_main(int argc, char **argv)
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
- www_path);
+ www_path);
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@@ -312,19 +330,17 @@ int s_time_main(int argc, char **argv)
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i = (int)((long)time(NULL) - finishtime + maxtime);
- printf
- ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
- nConn, totalTime, ((double)nConn / totalTime), bytes_read);
- printf
- ("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxtime,
- nConn > 0 ? bytes_read / nConn : 0l);
+ printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+ nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+ printf("%d connections in %ld real seconds, %ld bytes read per connection\n",
+ nConn, (long)time(NULL) - finishtime + maxtime,
+ nConn > 0 ? bytes_read / nConn : 0l);
/*
* Now loop and time connections using the same session id over and over
*/
- next:
+next:
if (!(perform & 2)) {
ret = 0;
goto end;
@@ -366,7 +382,7 @@ int s_time_main(int argc, char **argv)
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
- www_path);
+ www_path);
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@@ -393,19 +409,17 @@ int s_time_main(int argc, char **argv)
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
- printf
- ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
- nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+ printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+ nConn, totalTime, ((double)nConn / totalTime), bytes_read);
if (nConn > 0)
- printf
- ("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+ printf("%d connections in %ld real seconds, %ld bytes read per connection\n",
+ nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
else
printf("0 connections in %ld real seconds\n",
- (long)time(NULL) - finishtime + maxtime);
+ (long)time(NULL) - finishtime + maxtime);
ret = 0;
- end:
+end:
SSL_free(scon);
SSL_CTX_free(ctx);
return ret;
@@ -424,7 +438,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
return NULL;
if (BIO_set_conn_hostname(conn, host) <= 0
- || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) {
+ || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) {
BIO_free(conn);
return NULL;
}
@@ -437,6 +451,16 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
}
} else {
serverCon = scon;
+ /*
+ * Reset the SSL object before reusing it for a new connection.
+ * This clears prior handshake and I/O state while keeping
+ * configuration inherited from the SSL_CTX.
+ */
+ if (!SSL_clear(serverCon)) {
+ ERR_print_errors(bio_err);
+ BIO_free(conn);
+ return NULL;
+ }
SSL_set_connect_state(serverCon);
}
@@ -448,7 +472,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
- X509_verify_cert_error_string(verify_args.error));
+ X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
@@ -461,12 +485,12 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
struct linger no_linger;
int fd;
- no_linger.l_onoff = 1;
+ no_linger.l_onoff = 1;
no_linger.l_linger = 0;
fd = SSL_get_fd(serverCon);
if (fd >= 0)
- (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
- sizeof(no_linger));
+ (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&no_linger,
+ sizeof(no_linger));
}
#endif
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 714c0f77877e..870d3e6f94fc 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -20,27 +20,33 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
- OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_IN,
+ OPT_OUT,
+ OPT_TEXT,
+ OPT_CERT,
+ OPT_NOOUT,
+ OPT_CONTEXT
} OPTION_CHOICE;
const OPTIONS sess_id_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"context", OPT_CONTEXT, 's', "Set the session ID context"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "context", OPT_CONTEXT, 's', "Set the session ID context" },
OPT_SECTION("Input"),
- {"in", OPT_IN, 's', "Input file - default stdin"},
- {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+ { "in", OPT_IN, 's', "Input file - default stdin" },
+ { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"outform", OPT_OUTFORM, 'f',
- "Output format - default PEM (PEM, DER or NSS)"},
- {"text", OPT_TEXT, '-', "Print ssl session id details"},
- {"cert", OPT_CERT, '-', "Output certificate "},
- {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
- {NULL}
+ { "out", OPT_OUT, '>', "Output file - default stdout" },
+ { "outform", OPT_OUTFORM, 'f',
+ "Output format - default PEM (PEM, DER or NSS)" },
+ { "text", OPT_TEXT, '-', "Print ssl session id details" },
+ { "cert", OPT_CERT, '-', "Output certificate " },
+ { "noout", OPT_NOOUT, '-', "Don't output the encoded session info" },
+ { NULL }
};
static SSL_SESSION *load_sess_id(char *file, int format);
@@ -60,7 +66,7 @@ int sess_id_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -73,7 +79,7 @@ int sess_id_main(int argc, char **argv)
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS,
- &outformat))
+ &outformat))
goto opthelp;
break;
case OPT_IN:
@@ -115,7 +121,7 @@ int sess_id_main(int argc, char **argv)
goto end;
}
if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
- ctx_len)) {
+ ctx_len)) {
BIO_printf(bio_err, "Error setting id context\n");
goto end;
}
@@ -168,7 +174,7 @@ int sess_id_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
BIO_free_all(out);
SSL_SESSION_free(x);
return ret;
@@ -192,7 +198,7 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
goto end;
}
- end:
+end:
BIO_free(in);
return x;
}
diff --git a/apps/smime.c b/apps/smime.c
index 790a8d06ad0c..5c3c3c71f4b8 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -22,111 +22,146 @@
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int smime_cb(int ok, X509_STORE_CTX *ctx);
-#define SMIME_OP 0x10
-#define SMIME_IP 0x20
-#define SMIME_SIGNERS 0x40
-#define SMIME_ENCRYPT (1 | SMIME_OP)
-#define SMIME_DECRYPT (2 | SMIME_IP)
-#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY (4 | SMIME_IP)
-#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
-#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_OP 0x10
+#define SMIME_IP 0x20
+#define SMIME_SIGNERS 0x40
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT (2 | SMIME_IP)
+#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY (4 | SMIME_IP)
+#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
- OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
- OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
- OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
- OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
- OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
- OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
- OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE,
- OPT_R_ENUM, OPT_PROV_ENUM, OPT_CONFIG,
+ OPT_ENCRYPT,
+ OPT_DECRYPT,
+ OPT_SIGN,
+ OPT_RESIGN,
+ OPT_VERIFY,
+ OPT_PK7OUT,
+ OPT_TEXT,
+ OPT_NOINTERN,
+ OPT_NOVERIFY,
+ OPT_NOCHAIN,
+ OPT_NOCERTS,
+ OPT_NOATTR,
+ OPT_NODETACH,
+ OPT_NOSMIMECAP,
+ OPT_BINARY,
+ OPT_NOSIGS,
+ OPT_STREAM,
+ OPT_INDEF,
+ OPT_NOINDEF,
+ OPT_CRLFEOL,
+ OPT_ENGINE,
+ OPT_PASSIN,
+ OPT_TO,
+ OPT_FROM,
+ OPT_SUBJECT,
+ OPT_SIGNER,
+ OPT_RECIP,
+ OPT_MD,
+ OPT_CIPHER,
+ OPT_INKEY,
+ OPT_KEYFORM,
+ OPT_CERTFILE,
+ OPT_CAFILE,
+ OPT_CAPATH,
+ OPT_CASTORE,
+ OPT_NOCAFILE,
+ OPT_NOCAPATH,
+ OPT_NOCASTORE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
+ OPT_CONFIG,
OPT_V_ENUM,
- OPT_IN, OPT_INFORM, OPT_OUT,
- OPT_OUTFORM, OPT_CONTENT
+ OPT_IN,
+ OPT_INFORM,
+ OPT_OUT,
+ OPT_OUTFORM,
+ OPT_CONTENT
} OPTION_CHOICE;
const OPTIONS smime_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'c',
- "Output format SMIME (default), PEM or DER"},
- {"inkey", OPT_INKEY, 's',
- "Input private key (if not signer or recipient)"},
- {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "in", OPT_IN, '<', "Input file" },
+ { "inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER" },
+ { "out", OPT_OUT, '>', "Output file" },
+ { "outform", OPT_OUTFORM, 'c',
+ "Output format SMIME (default), PEM or DER" },
+ { "inkey", OPT_INKEY, 's',
+ "Input private key (if not signer or recipient)" },
+ { "keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
- {"indef", OPT_INDEF, '-', "Same as -stream" },
- {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+ { "stream", OPT_STREAM, '-', "Enable CMS streaming" },
+ { "indef", OPT_INDEF, '-', "Same as -stream" },
+ { "noindef", OPT_NOINDEF, '-', "Disable CMS streaming" },
OPT_CONFIG_OPTION,
OPT_SECTION("Action"),
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
- {"sign", OPT_SIGN, '-', "Sign message"},
- {"resign", OPT_RESIGN, '-', "Resign a signed message"},
- {"verify", OPT_VERIFY, '-', "Verify signed message"},
+ { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" },
+ { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" },
+ { "sign", OPT_SIGN, '-', "Sign message" },
+ { "resign", OPT_RESIGN, '-', "Resign a signed message" },
+ { "verify", OPT_VERIFY, '-', "Verify signed message" },
OPT_SECTION("Signing/Encryption"),
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
- {"nointern", OPT_NOINTERN, '-',
- "Don't search certificates in message for signer"},
- {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
- {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
- {"binary", OPT_BINARY, '-', "Don't translate message to text"},
- {"signer", OPT_SIGNER, 's', "Signer certificate file"},
- {"content", OPT_CONTENT, '<',
- "Supply or override content for detached signature"},
- {"nocerts", OPT_NOCERTS, '-',
- "Don't include signers certificate when signing"},
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "md", OPT_MD, 's', "Digest algorithm to use when signing or resigning" },
+ { "", OPT_CIPHER, '-', "Any supported cipher" },
+ { "pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure" },
+ { "nointern", OPT_NOINTERN, '-',
+ "Don't search certificates in message for signer" },
+ { "nodetach", OPT_NODETACH, '-', "Use opaque signing" },
+ { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" },
+ { "binary", OPT_BINARY, '-', "Don't translate message to text" },
+ { "signer", OPT_SIGNER, 's', "Signer certificate file" },
+ { "content", OPT_CONTENT, '<',
+ "Supply or override content for detached signature" },
+ { "nocerts", OPT_NOCERTS, '-',
+ "Don't include signers certificate when signing" },
OPT_SECTION("Verification/Decryption"),
- {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
- {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+ { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" },
+ { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" },
- {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
- {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
+ { "certfile", OPT_CERTFILE, '<', "Other certificates file" },
+ { "recip", OPT_RECIP, '<', "Recipient certificate file for decryption" },
OPT_SECTION("Email"),
- {"to", OPT_TO, 's', "To address"},
- {"from", OPT_FROM, 's', "From address"},
- {"subject", OPT_SUBJECT, 's', "Subject"},
- {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
- {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+ { "to", OPT_TO, 's', "To address" },
+ { "from", OPT_FROM, 's', "From address" },
+ { "subject", OPT_SUBJECT, 's', "Subject" },
+ { "text", OPT_TEXT, '-', "Include or delete text MIME headers" },
+ { "nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute" },
OPT_SECTION("Certificate chain"),
- {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
- {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
- {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load certificates from the default certificates store"},
- {"nochain", OPT_NOCHAIN, '-',
- "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
- {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},
+ { "CApath", OPT_CAPATH, '/', "Trusted certificates directory" },
+ { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" },
+ { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load certificates from the default certificates store" },
+ { "nochain", OPT_NOCHAIN, '-',
+ "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+ { "crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only" },
OPT_R_OPTIONS,
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"cert", 0, 0, "Recipient certs, used when encrypting"},
- {NULL}
+ { "cert", 0, 0, "Recipient certs, used when encrypting" },
+ { NULL }
};
int smime_main(int argc, char **argv)
@@ -150,8 +185,7 @@ int smime_main(int argc, char **argv)
OPTION_CHOICE o;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
- int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
- FORMAT_UNDEF;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
const char *mime_eol = "\n";
@@ -165,7 +199,7 @@ int smime_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -306,7 +340,7 @@ int smime_main(int argc, char **argv)
if (keyfile != NULL) {
if (signerfile == NULL) {
BIO_printf(bio_err,
- "%s: Must have -signer before -inkey\n", prog);
+ "%s: Must have -signer before -inkey\n", prog);
goto opthelp;
}
if (sksigners == NULL
@@ -380,7 +414,7 @@ int smime_main(int argc, char **argv)
}
if (!operation) {
BIO_puts(bio_err,
- "No operation (-encrypt|-sign|...) specified\n");
+ "No operation (-encrypt|-sign|...) specified\n");
goto opthelp;
}
@@ -412,7 +446,7 @@ int smime_main(int argc, char **argv)
} else if (operation == SMIME_DECRYPT) {
if (recipfile == NULL && keyfile == NULL) {
BIO_printf(bio_err,
- "No recipient certificate or key specified\n");
+ "No recipient certificate or key specified\n");
goto opthelp;
}
} else if (operation == SMIME_ENCRYPT) {
@@ -456,7 +490,7 @@ int smime_main(int argc, char **argv)
goto end;
while (*argv != NULL) {
cert = load_cert(*argv, FORMAT_UNDEF,
- "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
if (!sk_X509_push(encerts, cert))
@@ -475,7 +509,8 @@ int smime_main(int argc, char **argv)
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
- "recipient certificate file")) == NULL) {
+ "recipient certificate file"))
+ == NULL) {
ERR_print_errors(bio_err);
goto end;
}
@@ -539,7 +574,8 @@ int smime_main(int argc, char **argv)
if (operation == SMIME_VERIFY) {
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) == NULL)
+ CAstore, noCAstore))
+ == NULL)
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpmtouched)
@@ -657,7 +693,7 @@ int smime_main(int argc, char **argv)
}
}
ret = 0;
- end:
+end:
if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
diff --git a/apps/speed.c b/apps/speed.c
index bafcacf7775e..17b652bcdaeb 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -9,16 +9,16 @@
*/
#undef SECONDS
-#define SECONDS 3
-#define PKEY_SECONDS 10
+#define SECONDS 3
+#define PKEY_SECONDS 10
-#define RSA_SECONDS PKEY_SECONDS
-#define DSA_SECONDS PKEY_SECONDS
-#define ECDSA_SECONDS PKEY_SECONDS
-#define ECDH_SECONDS PKEY_SECONDS
-#define EdDSA_SECONDS PKEY_SECONDS
-#define SM2_SECONDS PKEY_SECONDS
-#define FFDH_SECONDS PKEY_SECONDS
+#define RSA_SECONDS PKEY_SECONDS
+#define DSA_SECONDS PKEY_SECONDS
+#define ECDSA_SECONDS PKEY_SECONDS
+#define ECDH_SECONDS PKEY_SECONDS
+#define EdDSA_SECONDS PKEY_SECONDS
+#define SM2_SECONDS PKEY_SECONDS
+#define FFDH_SECONDS PKEY_SECONDS
/* We need to use some deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
@@ -38,24 +38,24 @@
#include <openssl/core_names.h>
#include <openssl/async.h>
#if !defined(OPENSSL_SYS_MSDOS)
-# include <unistd.h>
+#include <unistd.h>
#endif
#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-# include <floss.h(floss_fork)>
-# endif
+#if defined(OPENSSL_TANDEM_FLOSS)
+#include <floss.h(floss_fork)>
+#endif
#endif
#if defined(_WIN32)
-# include <windows.h>
+#include <windows.h>
#endif
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include "./testrsa.h"
#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
+#include <openssl/dh.h>
#endif
#include <openssl/x509.h>
#include <openssl/dsa.h>
@@ -63,27 +63,27 @@
#include <openssl/modes.h>
#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
-# define HAVE_FORK 0
-# else
-# define HAVE_FORK 1
-# include <sys/wait.h>
-# endif
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
+#define HAVE_FORK 0
+#else
+#define HAVE_FORK 1
+#include <sys/wait.h>
+#endif
#endif
#if HAVE_FORK
-# undef NO_FORK
+#undef NO_FORK
#else
-# define NO_FORK
+#define NO_FORK
#endif
#define MAX_MISALIGNMENT 63
-#define MAX_ECDH_SIZE 256
-#define MISALIGN 64
+#define MAX_ECDH_SIZE 256
+#define MISALIGN 64
#define MAX_FFDH_SIZE 1024
#ifndef RSA_DEFAULT_PRIME_NUM
-# define RSA_DEFAULT_PRIME_NUM 2
+#define RSA_DEFAULT_PRIME_NUM 2
#endif
typedef struct openssl_speed_sec_st {
@@ -99,13 +99,13 @@ typedef struct openssl_speed_sec_st {
static volatile int run = 0;
-static int mr = 0; /* machine-readeable output format to merge fork results */
+static int mr = 0; /* machine-readeable output format to merge fork results */
static int usertime = 1;
static double Time_F(int s);
static void print_message(const char *s, long num, int length, int tm);
static void pkey_print_message(const char *str, const char *str2,
- long num, unsigned int bits, int sec);
+ long num, unsigned int bits, int sec);
static void print_result(int alg, int run_no, int count, double time_used);
#ifndef NO_FORK
static int do_multi(int multi, int size_num);
@@ -114,15 +114,15 @@ static int do_multi(int multi, int size_num);
static const int lengths_list[] = {
16, 64, 256, 1024, 8 * 1024, 16 * 1024
};
-#define SIZE_NUM OSSL_NELEM(lengths_list)
+#define SIZE_NUM OSSL_NELEM(lengths_list)
static const int *lengths = lengths_list;
static const int aead_lengths_list[] = {
2, 31, 136, 1024, 8 * 1024, 16 * 1024
};
-#define START 0
-#define STOP 1
+#define START 0
+#define STOP 1
#ifdef SIGALRM
@@ -142,7 +142,7 @@ static double Time_F(int s)
#elif defined(_WIN32)
-# define SIGALRM -1
+#define SIGALRM -1
static unsigned int lapse;
static volatile unsigned int schlock;
@@ -151,9 +151,9 @@ static void alarm_win32(unsigned int secs)
lapse = secs * 1000;
}
-# define alarm alarm_win32
+#define alarm alarm_win32
-static DWORD WINAPI sleepy(VOID * arg)
+static DWORD WINAPI sleepy(VOID *arg)
{
schlock = 1;
Sleep(lapse);
@@ -175,7 +175,7 @@ static double Time_F(int s)
ExitProcess(err);
}
while (!schlock)
- Sleep(0); /* scheduler spinlock */
+ Sleep(0); /* scheduler spinlock */
ret = app_tminterval(s, usertime);
} else {
ret = app_tminterval(s, usertime);
@@ -187,14 +187,14 @@ static double Time_F(int s)
return ret;
}
#else
-# error "SIGALRM not defined and the platform is not Windows"
+#error "SIGALRM not defined and the platform is not Windows"
#endif
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
- const openssl_speed_sec_t *seconds);
+ const openssl_speed_sec_t *seconds);
static int opt_found(const char *name, unsigned int *result,
- const OPT_PAIR pairs[], unsigned int nbelem)
+ const OPT_PAIR pairs[], unsigned int nbelem)
{
unsigned int idx;
@@ -205,71 +205,108 @@ static int opt_found(const char *name, unsigned int *result,
}
return 0;
}
-#define opt_found(value, pairs, result)\
+#define opt_found(value, pairs, result) \
opt_found(value, result, pairs, OSSL_NELEM(pairs))
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
- OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
- OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
+ OPT_ELAPSED,
+ OPT_EVP,
+ OPT_HMAC,
+ OPT_DECRYPT,
+ OPT_ENGINE,
+ OPT_MULTI,
+ OPT_MR,
+ OPT_MB,
+ OPT_MISALIGN,
+ OPT_ASYNCJOBS,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
+ OPT_PRIMES,
+ OPT_SECONDS,
+ OPT_BYTES,
+ OPT_AEAD,
+ OPT_CMAC
} OPTION_CHOICE;
const OPTIONS speed_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"mb", OPT_MB, '-',
- "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
- {"mr", OPT_MR, '-', "Produce machine readable output"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "mb", OPT_MB, '-',
+ "Enable (tls1>=1) multi-block mode on EVP-named cipher" },
+ { "mr", OPT_MR, '-', "Produce machine readable output" },
#ifndef NO_FORK
- {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
+ { "multi", OPT_MULTI, 'p', "Run benchmarks in parallel" },
#endif
#ifndef OPENSSL_NO_ASYNC
- {"async_jobs", OPT_ASYNCJOBS, 'p',
- "Enable async mode and start specified number of jobs"},
+ { "async_jobs", OPT_ASYNCJOBS, 'p',
+ "Enable async mode and start specified number of jobs" },
#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
+ { "primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)" },
OPT_SECTION("Selection"),
- {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
- {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
- {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
- {"decrypt", OPT_DECRYPT, '-',
- "Time decryption instead of encryption (only EVP)"},
- {"aead", OPT_AEAD, '-',
- "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
+ { "evp", OPT_EVP, 's', "Use EVP-named cipher or digest" },
+ { "hmac", OPT_HMAC, 's', "HMAC using EVP-named digest" },
+ { "cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher" },
+ { "decrypt", OPT_DECRYPT, '-',
+ "Time decryption instead of encryption (only EVP)" },
+ { "aead", OPT_AEAD, '-',
+ "Benchmark EVP-named AEAD cipher in TLS-like sequence" },
OPT_SECTION("Timing"),
- {"elapsed", OPT_ELAPSED, '-',
- "Use wall-clock time instead of CPU user time as divisor"},
- {"seconds", OPT_SECONDS, 'p',
- "Run benchmarks for specified amount of seconds"},
- {"bytes", OPT_BYTES, 'p',
- "Run [non-PKI] benchmarks on custom-sized buffer"},
- {"misalign", OPT_MISALIGN, 'p',
- "Use specified offset to mis-align buffers"},
+ { "elapsed", OPT_ELAPSED, '-',
+ "Use wall-clock time instead of CPU user time as divisor" },
+ { "seconds", OPT_SECONDS, 'p',
+ "Run benchmarks for specified amount of seconds" },
+ { "bytes", OPT_BYTES, 'p',
+ "Run [non-PKI] benchmarks on custom-sized buffer" },
+ { "misalign", OPT_MISALIGN, 'p',
+ "Use specified offset to mis-align buffers" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
- {NULL}
+ { "algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)" },
+ { NULL }
};
enum {
- D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
- D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
- D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
- D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
- D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
- D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
- D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
+ D_MD2,
+ D_MDC2,
+ D_MD4,
+ D_MD5,
+ D_SHA1,
+ D_RMD160,
+ D_SHA256,
+ D_SHA512,
+ D_WHIRLPOOL,
+ D_HMAC,
+ D_CBC_DES,
+ D_EDE3_DES,
+ D_RC4,
+ D_CBC_IDEA,
+ D_CBC_SEED,
+ D_CBC_RC2,
+ D_CBC_RC5,
+ D_CBC_BF,
+ D_CBC_CAST,
+ D_CBC_128_AES,
+ D_CBC_192_AES,
+ D_CBC_256_AES,
+ D_CBC_128_CML,
+ D_CBC_192_CML,
+ D_CBC_256_CML,
+ D_EVP,
+ D_GHASH,
+ D_RAND,
+ D_EVP_CMAC,
+ ALGOR_NUM
};
/* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
static const char *names[ALGOR_NUM] = {
@@ -284,173 +321,210 @@ static const char *names[ALGOR_NUM] = {
/* list of configured algorithm (remaining), with some few alias */
static const OPT_PAIR doit_choices[] = {
- {"md2", D_MD2},
- {"mdc2", D_MDC2},
- {"md4", D_MD4},
- {"md5", D_MD5},
- {"hmac", D_HMAC},
- {"sha1", D_SHA1},
- {"sha256", D_SHA256},
- {"sha512", D_SHA512},
- {"whirlpool", D_WHIRLPOOL},
- {"ripemd", D_RMD160},
- {"rmd160", D_RMD160},
- {"ripemd160", D_RMD160},
- {"rc4", D_RC4},
- {"des-cbc", D_CBC_DES},
- {"des-ede3", D_EDE3_DES},
- {"aes-128-cbc", D_CBC_128_AES},
- {"aes-192-cbc", D_CBC_192_AES},
- {"aes-256-cbc", D_CBC_256_AES},
- {"camellia-128-cbc", D_CBC_128_CML},
- {"camellia-192-cbc", D_CBC_192_CML},
- {"camellia-256-cbc", D_CBC_256_CML},
- {"rc2-cbc", D_CBC_RC2},
- {"rc2", D_CBC_RC2},
- {"rc5-cbc", D_CBC_RC5},
- {"rc5", D_CBC_RC5},
- {"idea-cbc", D_CBC_IDEA},
- {"idea", D_CBC_IDEA},
- {"seed-cbc", D_CBC_SEED},
- {"seed", D_CBC_SEED},
- {"bf-cbc", D_CBC_BF},
- {"blowfish", D_CBC_BF},
- {"bf", D_CBC_BF},
- {"cast-cbc", D_CBC_CAST},
- {"cast", D_CBC_CAST},
- {"cast5", D_CBC_CAST},
- {"ghash", D_GHASH},
- {"rand", D_RAND}
+ { "md2", D_MD2 },
+ { "mdc2", D_MDC2 },
+ { "md4", D_MD4 },
+ { "md5", D_MD5 },
+ { "hmac", D_HMAC },
+ { "sha1", D_SHA1 },
+ { "sha256", D_SHA256 },
+ { "sha512", D_SHA512 },
+ { "whirlpool", D_WHIRLPOOL },
+ { "ripemd", D_RMD160 },
+ { "rmd160", D_RMD160 },
+ { "ripemd160", D_RMD160 },
+ { "rc4", D_RC4 },
+ { "des-cbc", D_CBC_DES },
+ { "des-ede3", D_EDE3_DES },
+ { "aes-128-cbc", D_CBC_128_AES },
+ { "aes-192-cbc", D_CBC_192_AES },
+ { "aes-256-cbc", D_CBC_256_AES },
+ { "camellia-128-cbc", D_CBC_128_CML },
+ { "camellia-192-cbc", D_CBC_192_CML },
+ { "camellia-256-cbc", D_CBC_256_CML },
+ { "rc2-cbc", D_CBC_RC2 },
+ { "rc2", D_CBC_RC2 },
+ { "rc5-cbc", D_CBC_RC5 },
+ { "rc5", D_CBC_RC5 },
+ { "idea-cbc", D_CBC_IDEA },
+ { "idea", D_CBC_IDEA },
+ { "seed-cbc", D_CBC_SEED },
+ { "seed", D_CBC_SEED },
+ { "bf-cbc", D_CBC_BF },
+ { "blowfish", D_CBC_BF },
+ { "bf", D_CBC_BF },
+ { "cast-cbc", D_CBC_CAST },
+ { "cast", D_CBC_CAST },
+ { "cast5", D_CBC_CAST },
+ { "ghash", D_GHASH },
+ { "rand", D_RAND }
};
static double results[ALGOR_NUM][SIZE_NUM];
-enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
+enum { R_DSA_512,
+ R_DSA_1024,
+ R_DSA_2048,
+ DSA_NUM };
static const OPT_PAIR dsa_choices[DSA_NUM] = {
- {"dsa512", R_DSA_512},
- {"dsa1024", R_DSA_1024},
- {"dsa2048", R_DSA_2048}
+ { "dsa512", R_DSA_512 },
+ { "dsa1024", R_DSA_1024 },
+ { "dsa2048", R_DSA_2048 }
};
-static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
+static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
enum {
- R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
- R_RSA_15360, RSA_NUM
+ R_RSA_512,
+ R_RSA_1024,
+ R_RSA_2048,
+ R_RSA_3072,
+ R_RSA_4096,
+ R_RSA_7680,
+ R_RSA_15360,
+ RSA_NUM
};
static const OPT_PAIR rsa_choices[RSA_NUM] = {
- {"rsa512", R_RSA_512},
- {"rsa1024", R_RSA_1024},
- {"rsa2048", R_RSA_2048},
- {"rsa3072", R_RSA_3072},
- {"rsa4096", R_RSA_4096},
- {"rsa7680", R_RSA_7680},
- {"rsa15360", R_RSA_15360}
+ { "rsa512", R_RSA_512 },
+ { "rsa1024", R_RSA_1024 },
+ { "rsa2048", R_RSA_2048 },
+ { "rsa3072", R_RSA_3072 },
+ { "rsa4096", R_RSA_4096 },
+ { "rsa7680", R_RSA_7680 },
+ { "rsa15360", R_RSA_15360 }
};
-static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
+static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#ifndef OPENSSL_NO_DH
enum ff_params_t {
- R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
+ R_FFDH_2048,
+ R_FFDH_3072,
+ R_FFDH_4096,
+ R_FFDH_6144,
+ R_FFDH_8192,
+ FFDH_NUM
};
static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
- {"ffdh2048", R_FFDH_2048},
- {"ffdh3072", R_FFDH_3072},
- {"ffdh4096", R_FFDH_4096},
- {"ffdh6144", R_FFDH_6144},
- {"ffdh8192", R_FFDH_8192},
+ { "ffdh2048", R_FFDH_2048 },
+ { "ffdh3072", R_FFDH_3072 },
+ { "ffdh4096", R_FFDH_4096 },
+ { "ffdh6144", R_FFDH_6144 },
+ { "ffdh8192", R_FFDH_8192 },
};
-static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
+static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
#endif /* OPENSSL_NO_DH */
enum ec_curves_t {
- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
+ R_EC_P160,
+ R_EC_P192,
+ R_EC_P224,
+ R_EC_P256,
+ R_EC_P384,
+ R_EC_P521,
#ifndef OPENSSL_NO_EC2M
- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
+ R_EC_K163,
+ R_EC_K233,
+ R_EC_K283,
+ R_EC_K409,
+ R_EC_K571,
+ R_EC_B163,
+ R_EC_B233,
+ R_EC_B283,
+ R_EC_B409,
+ R_EC_B571,
#endif
- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
+ R_EC_BRP256R1,
+ R_EC_BRP256T1,
+ R_EC_BRP384R1,
+ R_EC_BRP384T1,
+ R_EC_BRP512R1,
+ R_EC_BRP512T1,
+ ECDSA_NUM
};
/* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
- {"ecdsap160", R_EC_P160},
- {"ecdsap192", R_EC_P192},
- {"ecdsap224", R_EC_P224},
- {"ecdsap256", R_EC_P256},
- {"ecdsap384", R_EC_P384},
- {"ecdsap521", R_EC_P521},
+ { "ecdsap160", R_EC_P160 },
+ { "ecdsap192", R_EC_P192 },
+ { "ecdsap224", R_EC_P224 },
+ { "ecdsap256", R_EC_P256 },
+ { "ecdsap384", R_EC_P384 },
+ { "ecdsap521", R_EC_P521 },
#ifndef OPENSSL_NO_EC2M
- {"ecdsak163", R_EC_K163},
- {"ecdsak233", R_EC_K233},
- {"ecdsak283", R_EC_K283},
- {"ecdsak409", R_EC_K409},
- {"ecdsak571", R_EC_K571},
- {"ecdsab163", R_EC_B163},
- {"ecdsab233", R_EC_B233},
- {"ecdsab283", R_EC_B283},
- {"ecdsab409", R_EC_B409},
- {"ecdsab571", R_EC_B571},
+ { "ecdsak163", R_EC_K163 },
+ { "ecdsak233", R_EC_K233 },
+ { "ecdsak283", R_EC_K283 },
+ { "ecdsak409", R_EC_K409 },
+ { "ecdsak571", R_EC_K571 },
+ { "ecdsab163", R_EC_B163 },
+ { "ecdsab233", R_EC_B233 },
+ { "ecdsab283", R_EC_B283 },
+ { "ecdsab409", R_EC_B409 },
+ { "ecdsab571", R_EC_B571 },
#endif
- {"ecdsabrp256r1", R_EC_BRP256R1},
- {"ecdsabrp256t1", R_EC_BRP256T1},
- {"ecdsabrp384r1", R_EC_BRP384R1},
- {"ecdsabrp384t1", R_EC_BRP384T1},
- {"ecdsabrp512r1", R_EC_BRP512R1},
- {"ecdsabrp512t1", R_EC_BRP512T1}
+ { "ecdsabrp256r1", R_EC_BRP256R1 },
+ { "ecdsabrp256t1", R_EC_BRP256T1 },
+ { "ecdsabrp384r1", R_EC_BRP384R1 },
+ { "ecdsabrp384t1", R_EC_BRP384T1 },
+ { "ecdsabrp512r1", R_EC_BRP512R1 },
+ { "ecdsabrp512t1", R_EC_BRP512T1 }
};
-enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
+enum { R_EC_X25519 = ECDSA_NUM,
+ R_EC_X448,
+ EC_NUM };
/* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = {
- {"ecdhp160", R_EC_P160},
- {"ecdhp192", R_EC_P192},
- {"ecdhp224", R_EC_P224},
- {"ecdhp256", R_EC_P256},
- {"ecdhp384", R_EC_P384},
- {"ecdhp521", R_EC_P521},
+ { "ecdhp160", R_EC_P160 },
+ { "ecdhp192", R_EC_P192 },
+ { "ecdhp224", R_EC_P224 },
+ { "ecdhp256", R_EC_P256 },
+ { "ecdhp384", R_EC_P384 },
+ { "ecdhp521", R_EC_P521 },
#ifndef OPENSSL_NO_EC2M
- {"ecdhk163", R_EC_K163},
- {"ecdhk233", R_EC_K233},
- {"ecdhk283", R_EC_K283},
- {"ecdhk409", R_EC_K409},
- {"ecdhk571", R_EC_K571},
- {"ecdhb163", R_EC_B163},
- {"ecdhb233", R_EC_B233},
- {"ecdhb283", R_EC_B283},
- {"ecdhb409", R_EC_B409},
- {"ecdhb571", R_EC_B571},
+ { "ecdhk163", R_EC_K163 },
+ { "ecdhk233", R_EC_K233 },
+ { "ecdhk283", R_EC_K283 },
+ { "ecdhk409", R_EC_K409 },
+ { "ecdhk571", R_EC_K571 },
+ { "ecdhb163", R_EC_B163 },
+ { "ecdhb233", R_EC_B233 },
+ { "ecdhb283", R_EC_B283 },
+ { "ecdhb409", R_EC_B409 },
+ { "ecdhb571", R_EC_B571 },
#endif
- {"ecdhbrp256r1", R_EC_BRP256R1},
- {"ecdhbrp256t1", R_EC_BRP256T1},
- {"ecdhbrp384r1", R_EC_BRP384R1},
- {"ecdhbrp384t1", R_EC_BRP384T1},
- {"ecdhbrp512r1", R_EC_BRP512R1},
- {"ecdhbrp512t1", R_EC_BRP512T1},
- {"ecdhx25519", R_EC_X25519},
- {"ecdhx448", R_EC_X448}
+ { "ecdhbrp256r1", R_EC_BRP256R1 },
+ { "ecdhbrp256t1", R_EC_BRP256T1 },
+ { "ecdhbrp384r1", R_EC_BRP384R1 },
+ { "ecdhbrp384t1", R_EC_BRP384T1 },
+ { "ecdhbrp512r1", R_EC_BRP512R1 },
+ { "ecdhbrp512t1", R_EC_BRP512T1 },
+ { "ecdhx25519", R_EC_X25519 },
+ { "ecdhx448", R_EC_X448 }
};
-static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
-static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
+static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
+static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
-enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
+enum { R_EC_Ed25519,
+ R_EC_Ed448,
+ EdDSA_NUM };
static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
- {"ed25519", R_EC_Ed25519},
- {"ed448", R_EC_Ed448}
+ { "ed25519", R_EC_Ed25519 },
+ { "ed448", R_EC_Ed448 }
};
-static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
+static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
#ifndef OPENSSL_NO_SM2
-enum { R_EC_CURVESM2, SM2_NUM };
+enum { R_EC_CURVESM2,
+ SM2_NUM };
static const OPT_PAIR sm2_choices[SM2_NUM] = {
- {"curveSM2", R_EC_CURVESM2}
+ { "curveSM2", R_EC_CURVESM2 }
};
-# define SM2_ID "TLSv1.3+GM+Cipher+Suite"
-# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
-static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
+#define SM2_ID "TLSv1.3+GM+Cipher+Suite"
+#define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
+static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_SM2 */
#define COND(unused_cond) (run && count < INT_MAX)
@@ -500,8 +574,8 @@ typedef struct loopargs_st {
EVP_CIPHER_CTX *ctx;
EVP_MAC_CTX *mctx;
} loopargs_t;
-static int run_benchmark(int async_jobs, int (*loop_function) (void *),
- loopargs_t * loopargs);
+static int run_benchmark(int async_jobs, int (*loop_function)(void *),
+ loopargs_t *loopargs);
static unsigned int testnum;
@@ -549,7 +623,7 @@ static int have_cipher(const char *name)
static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char digest[EVP_MAX_MD_SIZE];
int count;
@@ -559,7 +633,7 @@ static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
return -1;
for (count = 0; COND(c[algindex][testnum]); count++) {
if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
- NULL)) {
+ NULL)) {
count = -1;
break;
}
@@ -595,7 +669,7 @@ static int MD5_loop(void *args)
static int EVP_MAC_loop(int algindex, void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MAC_CTX *mctx = tempargs->mctx;
unsigned char mac[EVP_MAX_MD_SIZE];
@@ -651,7 +725,7 @@ static int algindex;
static int EVP_Cipher_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
int count;
@@ -665,7 +739,7 @@ static int EVP_Cipher_loop(void *args)
static int GHASH_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MAC_CTX *mctx = tempargs->mctx;
int count;
@@ -683,8 +757,8 @@ static int GHASH_loop(void *args)
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
- const unsigned char *key,
- int keylen)
+ const unsigned char *key,
+ int keylen)
{
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher = NULL;
@@ -720,7 +794,7 @@ end:
static int RAND_bytes_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
int count;
@@ -732,7 +806,7 @@ static int RAND_bytes_loop(void *args)
static int decrypt = 0;
static int EVP_Update_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count, rc;
@@ -771,7 +845,7 @@ static int EVP_Update_loop(void *args)
*/
static int EVP_Update_loop_aead_enc(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *key = tempargs->key;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
@@ -781,7 +855,7 @@ static int EVP_Update_loop_aead_enc(void *args)
/* Set length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
- aead_ivlen, NULL)) {
+ aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -791,7 +865,7 @@ static int EVP_Update_loop_aead_enc(void *args)
if (mode_op != EVP_CIPH_GCM_MODE
&& mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- TAG_LEN, NULL)) {
+ TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -805,7 +879,7 @@ static int EVP_Update_loop_aead_enc(void *args)
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(ctx, NULL, &outl,
- NULL, lengths[testnum])) {
+ NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -840,7 +914,7 @@ static int EVP_Update_loop_aead_enc(void *args)
*/
static int EVP_Update_loop_aead_dec(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *outbuf = tempargs->buf2;
unsigned char *key = tempargs->key;
@@ -852,7 +926,7 @@ static int EVP_Update_loop_aead_dec(void *args)
/* Set the length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
- aead_ivlen, NULL)) {
+ aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -863,7 +937,7 @@ static int EVP_Update_loop_aead_dec(void *args)
if (mode_op != EVP_CIPH_SIV_MODE
&& mode_op != EVP_CIPH_GCM_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- TAG_LEN, NULL)) {
+ TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -885,7 +959,7 @@ static int EVP_Update_loop_aead_dec(void *args)
memcpy(tag, tempargs->tag, TAG_LEN);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- TAG_LEN, tag)) {
+ TAG_LEN, tag)) {
BIO_printf(bio_err, "\nFailed to set tag\n");
ERR_print_errors(bio_err);
exit(1);
@@ -893,7 +967,7 @@ static int EVP_Update_loop_aead_dec(void *args)
/* Set the total length of cipher text. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_DecryptUpdate(ctx, NULL, &outl,
- NULL, lengths[testnum])) {
+ NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -917,11 +991,11 @@ static int EVP_Update_loop_aead_dec(void *args)
return realcount;
}
-static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
+static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
static int RSA_sign_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t *rsa_num = &tempargs->sigsize;
@@ -943,7 +1017,7 @@ static int RSA_sign_loop(void *args)
static int RSA_verify_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t rsa_num = tempargs->sigsize;
@@ -967,7 +1041,7 @@ static long ffdh_c[FFDH_NUM][1];
static int FFDH_derive_key_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
unsigned char *derived_secret = tempargs->secret_ff_a;
int count;
@@ -985,7 +1059,7 @@ static int FFDH_derive_key_loop(void *args)
static long dsa_c[DSA_NUM][2];
static int DSA_sign_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t *dsa_num = &tempargs->sigsize;
@@ -1007,7 +1081,7 @@ static int DSA_sign_loop(void *args)
static int DSA_verify_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t dsa_num = tempargs->sigsize;
@@ -1029,7 +1103,7 @@ static int DSA_verify_loop(void *args)
static long ecdsa_c[ECDSA_NUM][2];
static int ECDSA_sign_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t *ecdsa_num = &tempargs->sigsize;
@@ -1051,7 +1125,7 @@ static int ECDSA_sign_loop(void *args)
static int ECDSA_verify_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char *buf2 = tempargs->buf2;
size_t ecdsa_num = tempargs->sigsize;
@@ -1060,7 +1134,7 @@ static int ECDSA_verify_loop(void *args)
for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
- buf, 20);
+ buf, 20);
if (ret <= 0) {
BIO_printf(bio_err, "ECDSA verify failure\n");
ERR_print_errors(bio_err);
@@ -1076,7 +1150,7 @@ static long ecdh_c[EC_NUM][1];
static int ECDH_EVP_derive_key_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
unsigned char *derived_secret = tempargs->secret_a;
int count;
@@ -1091,7 +1165,7 @@ static int ECDH_EVP_derive_key_loop(void *args)
static long eddsa_c[EdDSA_NUM][2];
static int EdDSA_sign_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
unsigned char *eddsasig = tempargs->buf2;
@@ -1119,7 +1193,7 @@ static int EdDSA_sign_loop(void *args)
static int EdDSA_verify_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
unsigned char *eddsasig = tempargs->buf2;
@@ -1149,7 +1223,7 @@ static int EdDSA_verify_loop(void *args)
static long sm2_c[SM2_NUM][2];
static int SM2_sign_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
unsigned char *sm2sig = tempargs->buf2;
@@ -1162,14 +1236,14 @@ static int SM2_sign_loop(void *args)
sm2sigsize = max_size;
if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
- NULL, sm2_pkey[testnum])) {
+ NULL, sm2_pkey[testnum])) {
BIO_printf(bio_err, "SM2 init sign failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
- buf, 20);
+ buf, 20);
if (ret == 0) {
BIO_printf(bio_err, "SM2 sign failure\n");
ERR_print_errors(bio_err);
@@ -1185,7 +1259,7 @@ static int SM2_sign_loop(void *args)
static int SM2_verify_loop(void *args)
{
- loopargs_t *tempargs = *(loopargs_t **) args;
+ loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
unsigned char *sm2sig = tempargs->buf2;
@@ -1195,14 +1269,14 @@ static int SM2_verify_loop(void *args)
for (count = 0; COND(sm2_c[testnum][1]); count++) {
if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
- NULL, sm2_pkey[testnum])) {
+ NULL, sm2_pkey[testnum])) {
BIO_printf(bio_err, "SM2 verify init failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
- buf, 20);
+ buf, 20);
if (ret != 1) {
BIO_printf(bio_err, "SM2 verify failure\n");
ERR_print_errors(bio_err);
@@ -1212,10 +1286,10 @@ static int SM2_verify_loop(void *args)
}
return count;
}
-#endif /* OPENSSL_NO_SM2 */
+#endif /* OPENSSL_NO_SM2 */
static int run_benchmark(int async_jobs,
- int (*loop_function) (void *), loopargs_t * loopargs)
+ int (*loop_function)(void *), loopargs_t *loopargs)
{
int job_op_count = 0;
int total_op_count = 0;
@@ -1233,8 +1307,8 @@ static int run_benchmark(int async_jobs,
/* Copy pointer content (looparg_t item address) into async context */
ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
- &job_op_count, loop_function,
- (void *)&looparg_item, sizeof(looparg_item));
+ &job_op_count, loop_function,
+ (void *)&looparg_item, sizeof(looparg_item));
switch (ret) {
case ASYNC_PAUSE:
++num_inprogress;
@@ -1269,8 +1343,7 @@ static int run_benchmark(int async_jobs,
if (loopargs[i].inprogress_job == NULL)
continue;
- if (!ASYNC_WAIT_CTX_get_all_fds
- (loopargs[i].wait_ctx, NULL, &num_job_fds)
+ if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds)
|| num_job_fds > 1) {
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
ERR_print_errors(bio_err);
@@ -1278,7 +1351,7 @@ static int run_benchmark(int async_jobs,
break;
}
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
- &num_job_fds);
+ &num_job_fds);
FD_SET(job_fd, &waitfdset);
if (job_fd > max_fd)
max_fd = job_fd;
@@ -1286,9 +1359,9 @@ static int run_benchmark(int async_jobs,
if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
BIO_printf(bio_err,
- "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
- "Decrease the value of async_jobs\n",
- max_fd, FD_SETSIZE);
+ "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
+ "Decrease the value of async_jobs\n",
+ max_fd, FD_SETSIZE);
ERR_print_errors(bio_err);
error = 1;
break;
@@ -1313,8 +1386,7 @@ static int run_benchmark(int async_jobs,
if (loopargs[i].inprogress_job == NULL)
continue;
- if (!ASYNC_WAIT_CTX_get_all_fds
- (loopargs[i].wait_ctx, NULL, &num_job_fds)
+ if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds)
|| num_job_fds > 1) {
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
ERR_print_errors(bio_err);
@@ -1322,7 +1394,7 @@ static int run_benchmark(int async_jobs,
break;
}
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
- &num_job_fds);
+ &num_job_fds);
#if defined(OPENSSL_SYS_UNIX)
if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
@@ -1335,9 +1407,9 @@ static int run_benchmark(int async_jobs,
#endif
ret = ASYNC_start_job(&loopargs[i].inprogress_job,
- loopargs[i].wait_ctx, &job_op_count,
- loop_function, (void *)(loopargs + i),
- sizeof(loopargs_t));
+ loopargs[i].wait_ctx, &job_op_count,
+ loop_function, (void *)(loopargs + i),
+ sizeof(loopargs_t));
switch (ret) {
case ASYNC_PAUSE:
break;
@@ -1380,7 +1452,7 @@ static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
/* Ensure that the error queue is empty */
if (ERR_peek_error()) {
BIO_printf(bio_err,
- "WARNING: the error queue contains previous unhandled errors.\n");
+ "WARNING: the error queue contains previous unhandled errors.\n");
ERR_print_errors(bio_err);
}
@@ -1412,7 +1484,7 @@ static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
ERR_get_error(); /* pop error from queue */
if (ERR_peek_error()) {
BIO_printf(bio_err,
- "Unhandled error in the error queue during EC key setup.\n");
+ "Unhandled error in the error queue during EC key setup.\n");
ERR_print_errors(bio_err);
return NULL;
}
@@ -1421,7 +1493,8 @@ static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
|| EVP_PKEY_paramgen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
- curve->nid) <= 0
+ curve->nid)
+ <= 0
|| EVP_PKEY_paramgen(pctx, &params) <= 0) {
BIO_printf(bio_err, "EC params init failure.\n");
ERR_print_errors(bio_err);
@@ -1445,7 +1518,7 @@ static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
return key;
}
-#define stop_it(do_it, test_num)\
+#define stop_it(do_it, test_num) \
memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
int speed_main(int argc, char **argv)
@@ -1473,9 +1546,9 @@ int speed_main(int argc, char **argv)
#endif
long op_count = 1;
openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
- ECDSA_SECONDS, ECDH_SECONDS,
- EdDSA_SECONDS, SM2_SECONDS,
- FFDH_SECONDS };
+ ECDSA_SECONDS, ECDH_SECONDS,
+ EdDSA_SECONDS, SM2_SECONDS,
+ FFDH_SECONDS };
static const unsigned char key32[32] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
@@ -1486,19 +1559,19 @@ int speed_main(int argc, char **argv)
static const unsigned char deskey[] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
- 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
};
static const struct {
const unsigned char *data;
unsigned int length;
unsigned int bits;
} rsa_keys[] = {
- { test512, sizeof(test512), 512 },
- { test1024, sizeof(test1024), 1024 },
- { test2048, sizeof(test2048), 2048 },
- { test3072, sizeof(test3072), 3072 },
- { test4096, sizeof(test4096), 4096 },
- { test7680, sizeof(test7680), 7680 },
+ { test512, sizeof(test512), 512 },
+ { test1024, sizeof(test1024), 1024 },
+ { test2048, sizeof(test2048), 2048 },
+ { test3072, sizeof(test3072), 3072 },
+ { test4096, sizeof(test4096), 4096 },
+ { test7680, sizeof(test7680), 7680 },
{ test15360, sizeof(test15360), 15360 }
};
uint8_t rsa_doit[RSA_NUM] = { 0 };
@@ -1511,11 +1584,11 @@ int speed_main(int argc, char **argv)
} FFDH_PARAMS;
static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
- {"ffdh2048", NID_ffdhe2048, 2048},
- {"ffdh3072", NID_ffdhe3072, 3072},
- {"ffdh4096", NID_ffdhe4096, 4096},
- {"ffdh6144", NID_ffdhe6144, 6144},
- {"ffdh8192", NID_ffdhe8192, 8192}
+ { "ffdh2048", NID_ffdhe2048, 2048 },
+ { "ffdh3072", NID_ffdhe3072, 3072 },
+ { "ffdh4096", NID_ffdhe4096, 4096 },
+ { "ffdh6144", NID_ffdhe6144, 6144 },
+ { "ffdh8192", NID_ffdhe8192, 8192 }
};
uint8_t ffdh_doit[FFDH_NUM] = { 0 };
@@ -1530,44 +1603,44 @@ int speed_main(int argc, char **argv)
*/
static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */
- {"secp160r1", NID_secp160r1, 160},
- {"nistp192", NID_X9_62_prime192v1, 192},
- {"nistp224", NID_secp224r1, 224},
- {"nistp256", NID_X9_62_prime256v1, 256},
- {"nistp384", NID_secp384r1, 384},
- {"nistp521", NID_secp521r1, 521},
+ { "secp160r1", NID_secp160r1, 160 },
+ { "nistp192", NID_X9_62_prime192v1, 192 },
+ { "nistp224", NID_secp224r1, 224 },
+ { "nistp256", NID_X9_62_prime256v1, 256 },
+ { "nistp384", NID_secp384r1, 384 },
+ { "nistp521", NID_secp521r1, 521 },
#ifndef OPENSSL_NO_EC2M
/* Binary Curves */
- {"nistk163", NID_sect163k1, 163},
- {"nistk233", NID_sect233k1, 233},
- {"nistk283", NID_sect283k1, 283},
- {"nistk409", NID_sect409k1, 409},
- {"nistk571", NID_sect571k1, 571},
- {"nistb163", NID_sect163r2, 163},
- {"nistb233", NID_sect233r1, 233},
- {"nistb283", NID_sect283r1, 283},
- {"nistb409", NID_sect409r1, 409},
- {"nistb571", NID_sect571r1, 571},
+ { "nistk163", NID_sect163k1, 163 },
+ { "nistk233", NID_sect233k1, 233 },
+ { "nistk283", NID_sect283k1, 283 },
+ { "nistk409", NID_sect409k1, 409 },
+ { "nistk571", NID_sect571k1, 571 },
+ { "nistb163", NID_sect163r2, 163 },
+ { "nistb233", NID_sect233r1, 233 },
+ { "nistb283", NID_sect283r1, 283 },
+ { "nistb409", NID_sect409r1, 409 },
+ { "nistb571", NID_sect571r1, 571 },
#endif
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+ { "brainpoolP256r1", NID_brainpoolP256r1, 256 },
+ { "brainpoolP256t1", NID_brainpoolP256t1, 256 },
+ { "brainpoolP384r1", NID_brainpoolP384r1, 384 },
+ { "brainpoolP384t1", NID_brainpoolP384t1, 384 },
+ { "brainpoolP512r1", NID_brainpoolP512r1, 512 },
+ { "brainpoolP512t1", NID_brainpoolP512t1, 512 },
/* Other and ECDH only ones */
- {"X25519", NID_X25519, 253},
- {"X448", NID_X448, 448}
+ { "X25519", NID_X25519, 253 },
+ { "X448", NID_X448, 448 }
};
static const EC_CURVE ed_curves[EdDSA_NUM] = {
/* EdDSA */
- {"Ed25519", NID_ED25519, 253, 64},
- {"Ed448", NID_ED448, 456, 114}
+ { "Ed25519", NID_ED25519, 253, 64 },
+ { "Ed448", NID_ED448, 456, 114 }
};
#ifndef OPENSSL_NO_SM2
static const EC_CURVE sm2_curves[SM2_NUM] = {
/* SM2 */
- {"CurveSM2", NID_sm2, 256}
+ { "CurveSM2", NID_sm2, 256 }
};
uint8_t sm2_doit[SM2_NUM] = { 0 };
#endif
@@ -1575,7 +1648,7 @@ int speed_main(int argc, char **argv)
uint8_t ecdh_doit[EC_NUM] = { 0 };
uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
- /* checks declarated curves against choices list. */
+ /* checks declared curves against choices list. */
OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
@@ -1595,7 +1668,7 @@ int speed_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opterr:
+ opterr:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -1618,8 +1691,8 @@ int speed_main(int argc, char **argv)
if (evp_cipher == NULL && evp_md_name == NULL) {
ERR_clear_last_mark();
BIO_printf(bio_err,
- "%s: %s is an unknown cipher or digest\n",
- prog, opt_arg());
+ "%s: %s is an unknown cipher or digest\n",
+ prog, opt_arg());
goto end;
}
ERR_pop_to_mark();
@@ -1628,7 +1701,7 @@ int speed_main(int argc, char **argv)
case OPT_HMAC:
if (!have_md(opt_arg())) {
BIO_printf(bio_err, "%s: %s is an unknown digest\n",
- prog, opt_arg());
+ prog, opt_arg());
goto end;
}
evp_mac_mdname = opt_arg();
@@ -1637,7 +1710,7 @@ int speed_main(int argc, char **argv)
case OPT_CMAC:
if (!have_cipher(opt_arg())) {
BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
- prog, opt_arg());
+ prog, opt_arg());
goto end;
}
evp_mac_ciphername = opt_arg();
@@ -1668,8 +1741,8 @@ int speed_main(int argc, char **argv)
async_jobs = atoi(opt_arg());
if (!ASYNC_is_capable()) {
BIO_printf(bio_err,
- "%s: async_jobs specified but async not supported\n",
- prog);
+ "%s: async_jobs specified but async not supported\n",
+ prog);
goto opterr;
}
if (async_jobs > 99999) {
@@ -1682,7 +1755,7 @@ int speed_main(int argc, char **argv)
misalign = opt_int_arg();
if (misalign > MISALIGN) {
BIO_printf(bio_err,
- "%s: Maximum offset is %d\n", prog, MISALIGN);
+ "%s: Maximum offset is %d\n", prog, MISALIGN);
goto opterr;
}
break;
@@ -1693,8 +1766,8 @@ int speed_main(int argc, char **argv)
multiblock = 1;
#ifdef OPENSSL_NO_MULTIBLOCK
BIO_printf(bio_err,
- "%s: -mb specified but multi-block support is disabled\n",
- prog);
+ "%s: -mb specified but multi-block support is disabled\n",
+ prog);
goto end;
#endif
break;
@@ -1711,8 +1784,8 @@ int speed_main(int argc, char **argv)
break;
case OPT_SECONDS:
seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
- = seconds.ecdh = seconds.eddsa
- = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
+ = seconds.ecdh = seconds.eddsa
+ = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
break;
case OPT_BYTES:
lengths_single = atoi(opt_arg());
@@ -1838,10 +1911,9 @@ int speed_main(int argc, char **argv)
if (evp_cipher == NULL) {
BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
goto end;
- } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
- EVP_CIPH_FLAG_AEAD_CIPHER)) {
+ } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
BIO_printf(bio_err, "%s is not an AEAD cipher\n",
- EVP_CIPHER_get0_name(evp_cipher));
+ EVP_CIPHER_get0_name(evp_cipher));
goto end;
}
}
@@ -1850,10 +1922,9 @@ int speed_main(int argc, char **argv)
BIO_printf(bio_err, "-mb can be used only with a multi-block"
" capable cipher\n");
goto end;
- } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
- EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+ } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
BIO_printf(bio_err, "%s is not a multi-block capable\n",
- EVP_CIPHER_get0_name(evp_cipher));
+ EVP_CIPHER_get0_name(evp_cipher));
goto end;
} else if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with -mb");
@@ -1871,8 +1942,7 @@ int speed_main(int argc, char **argv)
}
loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
- loopargs =
- app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
+ loopargs = app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
for (i = 0; i < loopargs_len; i++) {
@@ -1885,7 +1955,7 @@ int speed_main(int argc, char **argv)
}
buflen = lengths[size_num - 1];
- if (buflen < 36) /* size of random vector in RSA benchmark */
+ if (buflen < 36) /* size of random vector in RSA benchmark */
buflen = 36;
if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
BIO_printf(bio_err, "Error: buffer size too large\n");
@@ -1932,14 +2002,16 @@ int speed_main(int argc, char **argv)
doit[i] = 0;
}
if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
- app_get0_propq())) != NULL) {
+ app_get0_propq()))
+ != NULL) {
EVP_MAC_free(mac);
mac = NULL;
} else {
doit[D_GHASH] = 0;
}
if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
- app_get0_propq())) != NULL) {
+ app_get0_propq()))
+ != NULL) {
EVP_MAC_free(mac);
mac = NULL;
} else {
@@ -1964,8 +2036,8 @@ int speed_main(int argc, char **argv)
if (usertime == 0 && !mr)
BIO_printf(bio_err,
- "You have chosen to measure elapsed time "
- "instead of user CPU time.\n");
+ "You have chosen to measure elapsed time "
+ "instead of user CPU time.\n");
#if SIGALRM > 0
signal(SIGALRM, alarmed);
@@ -1974,7 +2046,7 @@ int speed_main(int argc, char **argv)
if (doit[D_MD2]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
d = Time_F(STOP);
@@ -1987,7 +2059,7 @@ int speed_main(int argc, char **argv)
if (doit[D_MDC2]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
d = Time_F(STOP);
@@ -2000,7 +2072,7 @@ int speed_main(int argc, char **argv)
if (doit[D_MD4]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
d = Time_F(STOP);
@@ -2013,7 +2085,7 @@ int speed_main(int argc, char **argv)
if (doit[D_MD5]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, MD5_loop, loopargs);
d = Time_F(STOP);
@@ -2026,7 +2098,7 @@ int speed_main(int argc, char **argv)
if (doit[D_SHA1]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, SHA1_loop, loopargs);
d = Time_F(STOP);
@@ -2039,7 +2111,7 @@ int speed_main(int argc, char **argv)
if (doit[D_SHA256]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_SHA256], c[D_SHA256][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, SHA256_loop, loopargs);
d = Time_F(STOP);
@@ -2052,7 +2124,7 @@ int speed_main(int argc, char **argv)
if (doit[D_SHA512]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_SHA512], c[D_SHA512][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, SHA512_loop, loopargs);
d = Time_F(STOP);
@@ -2065,7 +2137,7 @@ int speed_main(int argc, char **argv)
if (doit[D_WHIRLPOOL]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
d = Time_F(STOP);
@@ -2078,7 +2150,7 @@ int speed_main(int argc, char **argv)
if (doit[D_RMD160]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_RMD160], c[D_RMD160][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
d = Time_F(STOP);
@@ -2101,12 +2173,10 @@ int speed_main(int argc, char **argv)
BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
names[D_HMAC] = evp_hmac_name;
- params[0] =
- OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- evp_mac_mdname, 0);
- params[1] =
- OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
- (char *)hmac_key, len);
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+ evp_mac_mdname, 0);
+ params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+ (char *)hmac_key, len);
params[2] = OSSL_PARAM_construct_end();
for (i = 0; i < loopargs_len; i++) {
@@ -2119,7 +2189,7 @@ int speed_main(int argc, char **argv)
}
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, HMAC_loop, loopargs);
d = Time_F(STOP);
@@ -2138,13 +2208,13 @@ skip_hmac:
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
- sizeof(deskey) / 3);
+ sizeof(deskey) / 3);
st = loopargs[i].ctx != NULL;
}
algindex = D_CBC_DES;
for (testnum = 0; st && testnum < size_num; testnum++) {
print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
d = Time_F(STOP);
@@ -2159,16 +2229,15 @@ skip_hmac:
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
- sizeof(deskey));
+ sizeof(deskey));
st = loopargs[i].ctx != NULL;
}
algindex = D_EDE3_DES;
for (testnum = 0; st && testnum < size_num; testnum++) {
print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
- count =
- run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
+ count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
d = Time_F(STOP);
print_result(D_EDE3_DES, testnum, count, d);
}
@@ -2184,16 +2253,15 @@ skip_hmac:
keylen = 16 + k * 8;
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
- key32, keylen);
+ key32, keylen);
st = loopargs[i].ctx != NULL;
}
for (testnum = 0; st && testnum < size_num; testnum++) {
print_message(names[algindex], c[algindex][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
- count =
- run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
+ count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
d = Time_F(STOP);
print_result(algindex, testnum, count, d);
}
@@ -2210,16 +2278,15 @@ skip_hmac:
keylen = 16 + k * 8;
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
- key32, keylen);
+ key32, keylen);
st = loopargs[i].ctx != NULL;
}
for (testnum = 0; st && testnum < size_num; testnum++) {
print_message(names[algindex], c[algindex][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
- count =
- run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
+ count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
d = Time_F(STOP);
print_result(algindex, testnum, count, d);
}
@@ -2235,16 +2302,15 @@ skip_hmac:
keylen = 16;
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
- key32, keylen);
+ key32, keylen);
st = loopargs[i].ctx != NULL;
}
for (testnum = 0; st && testnum < size_num; testnum++) {
print_message(names[algindex], c[algindex][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
- count =
- run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
+ count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
d = Time_F(STOP);
print_result(algindex, testnum, count, d);
}
@@ -2261,10 +2327,10 @@ skip_hmac:
goto end;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
- "aes-128-gcm", 0);
+ "aes-128-gcm", 0);
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
- (char *)gmac_iv,
- sizeof(gmac_iv) - 1);
+ (char *)gmac_iv,
+ sizeof(gmac_iv) - 1);
params[2] = OSSL_PARAM_construct_end();
for (i = 0; i < loopargs_len; i++) {
@@ -2277,7 +2343,7 @@ skip_hmac:
}
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, GHASH_loop, loopargs);
d = Time_F(STOP);
@@ -2294,7 +2360,7 @@ skip_hmac:
if (doit[D_RAND]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
d = Time_F(STOP);
@@ -2310,12 +2376,11 @@ skip_hmac:
*/
if (doit[D_EVP]) {
if (evp_cipher != NULL) {
- int (*loopfunc) (void *);
+ int (*loopfunc)(void *);
int outlen = 0;
unsigned int ae_mode = 0;
- if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
- & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+ if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
multiblock_speed(evp_cipher, lengths_single, &seconds);
ret = 0;
goto end;
@@ -2346,7 +2411,7 @@ skip_hmac:
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
for (k = 0; k < loopargs_len; k++) {
loopargs[k].ctx = EVP_CIPHER_CTX_new();
@@ -2362,8 +2427,8 @@ skip_hmac:
* authenticity and hence decryption will fail.
*/
if (!EVP_CipherInit_ex(loopargs[k].ctx,
- evp_cipher, NULL, NULL, NULL,
- ae_mode ? 1 : !decrypt)) {
+ evp_cipher, NULL, NULL, NULL,
+ ae_mode ? 1 : !decrypt)) {
BIO_printf(bio_err, "\nCouldn't init the context\n");
ERR_print_errors(bio_err);
exit(1);
@@ -2378,21 +2443,21 @@ skip_hmac:
if (!ae_mode) {
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
- loopargs[k].key, iv, -1)) {
+ loopargs[k].key, iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
}
} else if (mode_op == EVP_CIPH_SIV_MODE) {
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
- EVP_CTRL_SET_SPEED, 1, NULL);
+ EVP_CTRL_SET_SPEED, 1, NULL);
}
if (ae_mode && decrypt) {
/* Set length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
- EVP_CTRL_AEAD_SET_IVLEN,
- aead_ivlen, NULL)) {
+ EVP_CTRL_AEAD_SET_IVLEN,
+ aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
@@ -2402,16 +2467,16 @@ skip_hmac:
if (mode_op != EVP_CIPH_GCM_MODE
&& mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
- EVP_CTRL_AEAD_SET_TAG,
- TAG_LEN, NULL)) {
+ EVP_CTRL_AEAD_SET_TAG,
+ TAG_LEN, NULL)) {
BIO_printf(bio_err,
- "\nFailed to set tag length\n");
+ "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
- loopargs[k].key, aead_iv, -1)) {
+ loopargs[k].key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
@@ -2419,43 +2484,43 @@ skip_hmac:
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
- &outlen, NULL,
- lengths[testnum])) {
+ &outlen, NULL,
+ lengths[testnum])) {
BIO_printf(bio_err,
- "\nCouldn't set input text length\n");
+ "\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
- &outlen, aad, sizeof(aad))) {
+ &outlen, aad, sizeof(aad))) {
BIO_printf(bio_err,
- "\nCouldn't insert AAD when encrypting\n");
+ "\nCouldn't insert AAD when encrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
- &outlen, loopargs[k].buf,
- lengths[testnum])) {
+ &outlen, loopargs[k].buf,
+ lengths[testnum])) {
BIO_printf(bio_err,
- "\nFailed to to encrypt the data\n");
+ "\nFailed to to encrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
- loopargs[k].buf, &outlen)) {
+ loopargs[k].buf, &outlen)) {
BIO_printf(bio_err,
- "\nFailed finalize the encryption\n");
+ "\nFailed finalize the encryption\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
- EVP_CTRL_AEAD_GET_TAG,
- TAG_LEN, &loopargs[k].tag)) {
+ EVP_CTRL_AEAD_GET_TAG,
+ TAG_LEN, &loopargs[k].tag)) {
BIO_printf(bio_err, "\nFailed to get the tag\n");
ERR_print_errors(bio_err);
exit(1);
@@ -2465,13 +2530,13 @@ skip_hmac:
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (loopargs[k].ctx == NULL) {
BIO_printf(bio_err,
- "\nEVP_CIPHER_CTX_new failure\n");
+ "\nEVP_CIPHER_CTX_new failure\n");
exit(1);
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
- NULL, NULL, NULL, 0)) {
+ NULL, NULL, NULL, 0)) {
BIO_printf(bio_err,
- "\nFailed initializing the context\n");
+ "\nFailed initializing the context\n");
ERR_print_errors(bio_err);
exit(1);
}
@@ -2481,7 +2546,7 @@ skip_hmac:
/* SIV only allows for one Update operation */
if (mode_op == EVP_CIPH_SIV_MODE)
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
- EVP_CTRL_SET_SPEED, 1, NULL);
+ EVP_CTRL_SET_SPEED, 1, NULL);
}
}
@@ -2499,7 +2564,7 @@ skip_hmac:
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
- seconds.sym);
+ seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
d = Time_F(STOP);
@@ -2532,9 +2597,9 @@ skip_hmac:
names[D_EVP_CMAC] = evp_cmac_name;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
- evp_mac_ciphername, 0);
+ evp_mac_ciphername, 0);
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
- (char *)key32, keylen);
+ (char *)key32, keylen);
params[2] = OSSL_PARAM_construct_end();
for (i = 0; i < loopargs_len; i++) {
@@ -2548,7 +2613,7 @@ skip_hmac:
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
- lengths[testnum], seconds.sym);
+ lengths[testnum], seconds.sym);
Time_F(START);
count = run_benchmark(async_jobs, CMAC_loop, loopargs);
d = Time_F(STOP);
@@ -2591,7 +2656,8 @@ skip_hmac:
const unsigned char *p = rsa_keys[testnum].data;
st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
- rsa_keys[testnum].length)) != NULL;
+ rsa_keys[testnum].length))
+ != NULL;
}
for (i = 0; st && i < loopargs_len; i++) {
@@ -2600,59 +2666,61 @@ skip_hmac:
if (loopargs[i].rsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
|| EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
- loopargs[i].buf2,
- &loopargs[i].sigsize,
- loopargs[i].buf, 36) <= 0)
+ loopargs[i].buf2,
+ &loopargs[i].sigsize,
+ loopargs[i].buf, 36)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "RSA sign setup failure. No RSA sign will be done.\n");
+ "RSA sign setup failure. No RSA sign will be done.\n");
ERR_print_errors(bio_err);
op_count = 1;
} else {
pkey_print_message("private", "rsa",
- rsa_c[testnum][0], rsa_keys[testnum].bits,
- seconds.rsa);
+ rsa_c[testnum][0], rsa_keys[testnum].bits,
+ seconds.rsa);
/* RSA_blinding_on(rsa_key[testnum],NULL); */
Time_F(START);
count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R1:%ld:%d:%.2f\n"
- : "%ld %u bits private RSA's in %.2fs\n",
- count, rsa_keys[testnum].bits, d);
+ mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %u bits private RSA's in %.2fs\n",
+ count, rsa_keys[testnum].bits, d);
rsa_results[testnum][0] = (double)count / d;
op_count = count;
}
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
- NULL);
+ NULL);
if (loopargs[i].rsa_verify_ctx[testnum] == NULL
|| EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
|| EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
- loopargs[i].buf2,
- loopargs[i].sigsize,
- loopargs[i].buf, 36) <= 0)
+ loopargs[i].buf2,
+ loopargs[i].sigsize,
+ loopargs[i].buf, 36)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "RSA verify setup failure. No RSA verify will be done.\n");
+ "RSA verify setup failure. No RSA verify will be done.\n");
ERR_print_errors(bio_err);
rsa_doit[testnum] = 0;
} else {
pkey_print_message("public", "rsa",
- rsa_c[testnum][1], rsa_keys[testnum].bits,
- seconds.rsa);
+ rsa_c[testnum][1], rsa_keys[testnum].bits,
+ seconds.rsa);
Time_F(START);
count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R2:%ld:%d:%.2f\n"
- : "%ld %u bits public RSA's in %.2fs\n",
- count, rsa_keys[testnum].bits, d);
+ mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %u bits public RSA's in %.2fs\n",
+ count, rsa_keys[testnum].bits, d);
rsa_results[testnum][1] = (double)count / d;
}
@@ -2674,64 +2742,66 @@ skip_hmac:
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
- NULL);
+ NULL);
loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].dsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
|| EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
- loopargs[i].buf2,
- &loopargs[i].sigsize,
- loopargs[i].buf, 20) <= 0)
+ loopargs[i].buf2,
+ &loopargs[i].sigsize,
+ loopargs[i].buf, 20)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "DSA sign setup failure. No DSA sign will be done.\n");
+ "DSA sign setup failure. No DSA sign will be done.\n");
ERR_print_errors(bio_err);
op_count = 1;
} else {
pkey_print_message("sign", "dsa",
- dsa_c[testnum][0], dsa_bits[testnum],
- seconds.dsa);
+ dsa_c[testnum][0], dsa_bits[testnum],
+ seconds.dsa);
Time_F(START);
count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R3:%ld:%u:%.2f\n"
- : "%ld %u bits DSA signs in %.2fs\n",
- count, dsa_bits[testnum], d);
+ mr ? "+R3:%ld:%u:%.2f\n"
+ : "%ld %u bits DSA signs in %.2fs\n",
+ count, dsa_bits[testnum], d);
dsa_results[testnum][0] = (double)count / d;
op_count = count;
}
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
- NULL);
+ NULL);
if (loopargs[i].dsa_verify_ctx[testnum] == NULL
|| EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
|| EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
- loopargs[i].buf2,
- loopargs[i].sigsize,
- loopargs[i].buf, 36) <= 0)
+ loopargs[i].buf2,
+ loopargs[i].sigsize,
+ loopargs[i].buf, 36)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "DSA verify setup failure. No DSA verify will be done.\n");
+ "DSA verify setup failure. No DSA verify will be done.\n");
ERR_print_errors(bio_err);
dsa_doit[testnum] = 0;
} else {
pkey_print_message("verify", "dsa",
- dsa_c[testnum][1], dsa_bits[testnum],
- seconds.dsa);
+ dsa_c[testnum][1], dsa_bits[testnum],
+ seconds.dsa);
Time_F(START);
count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R4:%ld:%u:%.2f\n"
- : "%ld %u bits DSA verify in %.2fs\n",
- count, dsa_bits[testnum], d);
+ mr ? "+R4:%ld:%u:%.2f\n"
+ : "%ld %u bits DSA verify in %.2fs\n",
+ count, dsa_bits[testnum], d);
dsa_results[testnum][1] = (double)count / d;
}
@@ -2753,64 +2823,66 @@ skip_hmac:
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
- NULL);
+ NULL);
loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
|| EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
- loopargs[i].buf2,
- &loopargs[i].sigsize,
- loopargs[i].buf, 20) <= 0)
+ loopargs[i].buf2,
+ &loopargs[i].sigsize,
+ loopargs[i].buf, 20)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "ECDSA sign setup failure. No ECDSA sign will be done.\n");
+ "ECDSA sign setup failure. No ECDSA sign will be done.\n");
ERR_print_errors(bio_err);
op_count = 1;
} else {
pkey_print_message("sign", "ecdsa",
- ecdsa_c[testnum][0], ec_curves[testnum].bits,
- seconds.ecdsa);
+ ecdsa_c[testnum][0], ec_curves[testnum].bits,
+ seconds.ecdsa);
Time_F(START);
count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R5:%ld:%u:%.2f\n"
- : "%ld %u bits ECDSA signs in %.2fs\n",
- count, ec_curves[testnum].bits, d);
+ mr ? "+R5:%ld:%u:%.2f\n"
+ : "%ld %u bits ECDSA signs in %.2fs\n",
+ count, ec_curves[testnum].bits, d);
ecdsa_results[testnum][0] = (double)count / d;
op_count = count;
}
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
- NULL);
+ NULL);
if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
|| EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
|| EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
- loopargs[i].buf2,
- loopargs[i].sigsize,
- loopargs[i].buf, 20) <= 0)
+ loopargs[i].buf2,
+ loopargs[i].sigsize,
+ loopargs[i].buf, 20)
+ <= 0)
st = 0;
}
if (!st) {
BIO_printf(bio_err,
- "ECDSA verify setup failure. No ECDSA verify will be done.\n");
+ "ECDSA verify setup failure. No ECDSA verify will be done.\n");
ERR_print_errors(bio_err);
ecdsa_doit[testnum] = 0;
} else {
pkey_print_message("verify", "ecdsa",
- ecdsa_c[testnum][1], ec_curves[testnum].bits,
- seconds.ecdsa);
+ ecdsa_c[testnum][1], ec_curves[testnum].bits,
+ seconds.ecdsa);
Time_F(START);
count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R6:%ld:%u:%.2f\n"
- : "%ld %u bits ECDSA verify in %.2fs\n",
- count, ec_curves[testnum].bits, d);
+ mr ? "+R6:%ld:%u:%.2f\n"
+ : "%ld %u bits ECDSA verify in %.2fs\n",
+ count, ec_curves[testnum].bits, d);
ecdsa_results[testnum][1] = (double)count / d;
}
@@ -2871,7 +2943,7 @@ skip_hmac:
/* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
if (CRYPTO_memcmp(loopargs[i].secret_a,
- loopargs[i].secret_b, outlen)) {
+ loopargs[i].secret_b, outlen)) {
ecdh_checks = 0;
BIO_printf(bio_err, "ECDH computations don't match.\n");
ERR_print_errors(bio_err);
@@ -2889,16 +2961,14 @@ skip_hmac:
}
if (ecdh_checks != 0) {
pkey_print_message("", "ecdh",
- ecdh_c[testnum][0],
- ec_curves[testnum].bits, seconds.ecdh);
+ ecdh_c[testnum][0],
+ ec_curves[testnum].bits, seconds.ecdh);
Time_F(START);
- count =
- run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
+ count = run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R7:%ld:%d:%.2f\n" :
- "%ld %u-bits ECDH ops in %.2fs\n", count,
- ec_curves[testnum].bits, d);
+ mr ? "+R7:%ld:%d:%.2f\n" : "%ld %u-bits ECDH ops in %.2fs\n", count,
+ ec_curves[testnum].bits, d);
ecdh_results[testnum][0] = (double)count / d;
op_count = count;
}
@@ -2915,7 +2985,7 @@ skip_hmac:
EVP_PKEY_CTX *ed_pctx = NULL;
if (!eddsa_doit[testnum])
- continue; /* Ignore Curve */
+ continue; /* Ignore Curve */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
if (loopargs[i].eddsa_ctx[testnum] == NULL) {
@@ -2929,7 +2999,8 @@ skip_hmac:
}
if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
- NULL)) == NULL
+ NULL))
+ == NULL
|| EVP_PKEY_keygen_init(ed_pctx) <= 0
|| EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
st = 0;
@@ -2939,13 +3010,13 @@ skip_hmac:
EVP_PKEY_CTX_free(ed_pctx);
if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
- NULL, ed_pkey)) {
+ NULL, ed_pkey)) {
st = 0;
EVP_PKEY_free(ed_pkey);
break;
}
if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
- NULL, NULL, ed_pkey)) {
+ NULL, NULL, ed_pkey)) {
st = 0;
EVP_PKEY_free(ed_pkey);
break;
@@ -2963,57 +3034,56 @@ skip_hmac:
/* Perform EdDSA signature test */
loopargs[i].sigsize = ed_curves[testnum].sigsize;
st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
- loopargs[i].buf2, &loopargs[i].sigsize,
- loopargs[i].buf, 20);
+ loopargs[i].buf2, &loopargs[i].sigsize,
+ loopargs[i].buf, 20);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
- "EdDSA sign failure. No EdDSA sign will be done.\n");
+ "EdDSA sign failure. No EdDSA sign will be done.\n");
ERR_print_errors(bio_err);
op_count = 1;
} else {
pkey_print_message("sign", ed_curves[testnum].name,
- eddsa_c[testnum][0],
- ed_curves[testnum].bits, seconds.eddsa);
+ eddsa_c[testnum][0],
+ ed_curves[testnum].bits, seconds.eddsa);
Time_F(START);
count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R8:%ld:%u:%s:%.2f\n" :
- "%ld %u bits %s signs in %.2fs \n",
- count, ed_curves[testnum].bits,
- ed_curves[testnum].name, d);
+ mr ? "+R8:%ld:%u:%s:%.2f\n" : "%ld %u bits %s signs in %.2fs \n",
+ count, ed_curves[testnum].bits,
+ ed_curves[testnum].name, d);
eddsa_results[testnum][0] = (double)count / d;
op_count = count;
}
/* Perform EdDSA verification test */
for (i = 0; i < loopargs_len; i++) {
st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
- loopargs[i].buf2, loopargs[i].sigsize,
- loopargs[i].buf, 20);
+ loopargs[i].buf2, loopargs[i].sigsize,
+ loopargs[i].buf, 20);
if (st != 1)
break;
}
if (st != 1) {
BIO_printf(bio_err,
- "EdDSA verify failure. No EdDSA verify will be done.\n");
+ "EdDSA verify failure. No EdDSA verify will be done.\n");
ERR_print_errors(bio_err);
eddsa_doit[testnum] = 0;
} else {
pkey_print_message("verify", ed_curves[testnum].name,
- eddsa_c[testnum][1],
- ed_curves[testnum].bits, seconds.eddsa);
+ eddsa_c[testnum][1],
+ ed_curves[testnum].bits, seconds.eddsa);
Time_F(START);
count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R9:%ld:%u:%s:%.2f\n"
- : "%ld %u bits %s verify in %.2fs\n",
- count, ed_curves[testnum].bits,
- ed_curves[testnum].name, d);
+ mr ? "+R9:%ld:%u:%s:%.2f\n"
+ : "%ld %u bits %s verify in %.2fs\n",
+ count, ed_curves[testnum].bits,
+ ed_curves[testnum].name, d);
eddsa_results[testnum][1] = (double)count / d;
}
@@ -3030,7 +3100,7 @@ skip_hmac:
EVP_PKEY *sm2_pkey = NULL;
if (!sm2_doit[testnum])
- continue; /* Ignore Curve */
+ continue; /* Ignore Curve */
/* Init signing and verification */
for (i = 0; i < loopargs_len; i++) {
EVP_PKEY_CTX *sm2_pctx = NULL;
@@ -3041,7 +3111,7 @@ skip_hmac:
loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
if (loopargs[i].sm2_ctx[testnum] == NULL
- || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
+ || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
break;
sm2_pkey = NULL;
@@ -3049,7 +3119,8 @@ skip_hmac:
st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
- sm2_curves[testnum].nid) <= 0
+ sm2_curves[testnum].nid)
+ <= 0
|| EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
EVP_PKEY_CTX_free(pctx);
if (st == 0)
@@ -3080,12 +3151,12 @@ skip_hmac:
break;
if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
- EVP_sm3(), NULL, sm2_pkey))
+ EVP_sm3(), NULL, sm2_pkey))
break;
if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
- EVP_sm3(), NULL, sm2_pkey))
+ EVP_sm3(), NULL, sm2_pkey))
break;
- st = 1; /* mark loop as succeeded */
+ st = 1; /* mark loop as succeeded */
}
if (st == 0) {
BIO_printf(bio_err, "SM2 init failure.\n");
@@ -3095,29 +3166,28 @@ skip_hmac:
for (i = 0; i < loopargs_len; i++) {
/* Perform SM2 signature test */
st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
- loopargs[i].buf2, &loopargs[i].sigsize,
- loopargs[i].buf, 20);
+ loopargs[i].buf2, &loopargs[i].sigsize,
+ loopargs[i].buf, 20);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
- "SM2 sign failure. No SM2 sign will be done.\n");
+ "SM2 sign failure. No SM2 sign will be done.\n");
ERR_print_errors(bio_err);
op_count = 1;
} else {
pkey_print_message("sign", sm2_curves[testnum].name,
- sm2_c[testnum][0],
- sm2_curves[testnum].bits, seconds.sm2);
+ sm2_c[testnum][0],
+ sm2_curves[testnum].bits, seconds.sm2);
Time_F(START);
count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R10:%ld:%u:%s:%.2f\n" :
- "%ld %u bits %s signs in %.2fs \n",
- count, sm2_curves[testnum].bits,
- sm2_curves[testnum].name, d);
+ mr ? "+R10:%ld:%u:%s:%.2f\n" : "%ld %u bits %s signs in %.2fs \n",
+ count, sm2_curves[testnum].bits,
+ sm2_curves[testnum].name, d);
sm2_results[testnum][0] = (double)count / d;
op_count = count;
}
@@ -3125,28 +3195,28 @@ skip_hmac:
/* Perform SM2 verification test */
for (i = 0; i < loopargs_len; i++) {
st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
- loopargs[i].buf2, loopargs[i].sigsize,
- loopargs[i].buf, 20);
+ loopargs[i].buf2, loopargs[i].sigsize,
+ loopargs[i].buf, 20);
if (st != 1)
break;
}
if (st != 1) {
BIO_printf(bio_err,
- "SM2 verify failure. No SM2 verify will be done.\n");
+ "SM2 verify failure. No SM2 verify will be done.\n");
ERR_print_errors(bio_err);
sm2_doit[testnum] = 0;
} else {
pkey_print_message("verify", sm2_curves[testnum].name,
- sm2_c[testnum][1],
- sm2_curves[testnum].bits, seconds.sm2);
+ sm2_c[testnum][1],
+ sm2_curves[testnum].bits, seconds.sm2);
Time_F(START);
count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R11:%ld:%u:%s:%.2f\n"
- : "%ld %u bits %s verify in %.2fs\n",
- count, sm2_curves[testnum].bits,
- sm2_curves[testnum].name, d);
+ mr ? "+R11:%ld:%u:%s:%.2f\n"
+ : "%ld %u bits %s verify in %.2fs\n",
+ count, sm2_curves[testnum].bits,
+ sm2_curves[testnum].name, d);
sm2_results[testnum][1] = (double)count / d;
}
@@ -3157,7 +3227,7 @@ skip_hmac:
}
}
}
-#endif /* OPENSSL_NO_SM2 */
+#endif /* OPENSSL_NO_SM2 */
#ifndef OPENSSL_NO_DH
for (testnum = 0; testnum < FFDH_NUM; testnum++) {
@@ -3177,7 +3247,7 @@ skip_hmac:
/* Ensure that the error queue is empty */
if (ERR_peek_error()) {
BIO_printf(bio_err,
- "WARNING: the error queue contains previous unhandled errors.\n");
+ "WARNING: the error queue contains previous unhandled errors.\n");
ERR_print_errors(bio_err);
}
@@ -3222,8 +3292,7 @@ skip_hmac:
break;
}
- if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
- EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
+ if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 || EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
BIO_printf(bio_err, "FFDH key generation failure.\n");
ERR_print_errors(bio_err);
op_count = 1;
@@ -3274,8 +3343,9 @@ skip_hmac:
break;
}
if (EVP_PKEY_derive(ffdh_ctx,
- loopargs[i].secret_ff_a,
- &secret_size) <= 0) {
+ loopargs[i].secret_ff_a,
+ &secret_size)
+ <= 0) {
BIO_printf(bio_err, "Shared secret derive failure.\n");
ERR_print_errors(bio_err);
op_count = 1;
@@ -3291,11 +3361,7 @@ skip_hmac:
ffdh_checks = 0;
break;
}
- if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
- EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
- EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
- EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
- test_out != secret_size) {
+ if (EVP_PKEY_derive_init(test_ctx) <= 0 || EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 || EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 || EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 || test_out != secret_size) {
BIO_printf(bio_err, "FFDH computation failure.\n");
op_count = 1;
ffdh_checks = 0;
@@ -3304,7 +3370,7 @@ skip_hmac:
/* compare the computed secrets */
if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
- loopargs[i].secret_ff_b, secret_size)) {
+ loopargs[i].secret_ff_b, secret_size)) {
BIO_printf(bio_err, "FFDH computations don't match.\n");
ERR_print_errors(bio_err);
op_count = 1;
@@ -3323,15 +3389,13 @@ skip_hmac:
}
if (ffdh_checks != 0) {
pkey_print_message("", "ffdh", ffdh_c[testnum][0],
- ffdh_params[testnum].bits, seconds.ffdh);
+ ffdh_params[testnum].bits, seconds.ffdh);
Time_F(START);
- count =
- run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
+ count = run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
- mr ? "+R12:%ld:%d:%.2f\n" :
- "%ld %u-bits FFDH ops in %.2fs\n", count,
- ffdh_params[testnum].bits, d);
+ mr ? "+R12:%ld:%d:%.2f\n" : "%ld %u-bits FFDH ops in %.2fs\n", count,
+ ffdh_params[testnum].bits, d);
ffdh_results[testnum][0] = (double)count / d;
op_count = count;
}
@@ -3340,9 +3404,9 @@ skip_hmac:
stop_it(ffdh_doit, testnum);
}
}
-#endif /* OPENSSL_NO_DH */
+#endif /* OPENSSL_NO_DH */
#ifndef NO_FORK
- show_res:
+show_res:
#endif
if (!mr) {
printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
@@ -3399,11 +3463,11 @@ skip_hmac:
}
if (mr)
printf("+F2:%u:%u:%f:%f\n",
- k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
+ k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
else
printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
- rsa_results[k][0], rsa_results[k][1]);
+ rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
+ rsa_results[k][0], rsa_results[k][1]);
}
testnum = 1;
for (k = 0; k < DSA_NUM; k++) {
@@ -3415,11 +3479,11 @@ skip_hmac:
}
if (mr)
printf("+F3:%u:%u:%f:%f\n",
- k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+ k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
else
printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
- dsa_results[k][0], dsa_results[k][1]);
+ dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
+ dsa_results[k][0], dsa_results[k][1]);
}
testnum = 1;
for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
@@ -3432,13 +3496,13 @@ skip_hmac:
if (mr)
printf("+F4:%u:%u:%f:%f\n",
- k, ec_curves[k].bits,
- ecdsa_results[k][0], ecdsa_results[k][1]);
+ k, ec_curves[k].bits,
+ ecdsa_results[k][0], ecdsa_results[k][1]);
else
printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- ec_curves[k].bits, ec_curves[k].name,
- 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
- ecdsa_results[k][0], ecdsa_results[k][1]);
+ ec_curves[k].bits, ec_curves[k].name,
+ 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
+ ecdsa_results[k][0], ecdsa_results[k][1]);
}
testnum = 1;
@@ -3451,13 +3515,13 @@ skip_hmac:
}
if (mr)
printf("+F5:%u:%u:%f:%f\n",
- k, ec_curves[k].bits,
- ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+ k, ec_curves[k].bits,
+ ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
else
printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
- ec_curves[k].bits, ec_curves[k].name,
- 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
+ ec_curves[k].bits, ec_curves[k].name,
+ 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
}
testnum = 1;
@@ -3471,13 +3535,13 @@ skip_hmac:
if (mr)
printf("+F6:%u:%u:%s:%f:%f\n",
- k, ed_curves[k].bits, ed_curves[k].name,
- eddsa_results[k][0], eddsa_results[k][1]);
+ k, ed_curves[k].bits, ed_curves[k].name,
+ eddsa_results[k][0], eddsa_results[k][1]);
else
printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- ed_curves[k].bits, ed_curves[k].name,
- 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
- eddsa_results[k][0], eddsa_results[k][1]);
+ ed_curves[k].bits, ed_curves[k].name,
+ 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
+ eddsa_results[k][0], eddsa_results[k][1]);
}
#ifndef OPENSSL_NO_SM2
@@ -3492,13 +3556,13 @@ skip_hmac:
if (mr)
printf("+F7:%u:%u:%s:%f:%f\n",
- k, sm2_curves[k].bits, sm2_curves[k].name,
- sm2_results[k][0], sm2_results[k][1]);
+ k, sm2_curves[k].bits, sm2_curves[k].name,
+ sm2_results[k][0], sm2_results[k][1]);
else
printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- sm2_curves[k].bits, sm2_curves[k].name,
- 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
- sm2_results[k][0], sm2_results[k][1]);
+ sm2_curves[k].bits, sm2_curves[k].name,
+ 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
+ sm2_results[k][0], sm2_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_DH
@@ -3512,19 +3576,19 @@ skip_hmac:
}
if (mr)
printf("+F8:%u:%u:%f:%f\n",
- k, ffdh_params[k].bits,
- ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
+ k, ffdh_params[k].bits,
+ ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
else
printf("%4u bits ffdh %8.4fs %8.1f\n",
- ffdh_params[k].bits,
- 1.0 / ffdh_results[k][0], ffdh_results[k][0]);
+ ffdh_params[k].bits,
+ 1.0 / ffdh_results[k][0], ffdh_results[k][0]);
}
#endif /* OPENSSL_NO_DH */
ret = 0;
- end:
+end:
ERR_print_errors(bio_err);
for (i = 0; i < loopargs_len; i++) {
OPENSSL_free(loopargs[i].buf_malloc);
@@ -3598,19 +3662,21 @@ skip_hmac:
static void print_message(const char *s, long num, int length, int tm)
{
BIO_printf(bio_err,
- mr ? "+DT:%s:%d:%d\n"
- : "Doing %s for %ds on %d size blocks: ", s, tm, length);
+ mr ? "+DT:%s:%d:%d\n"
+ : "Doing %s for %ds on %d size blocks: ",
+ s, tm, length);
(void)BIO_flush(bio_err);
run = 1;
alarm(tm);
}
static void pkey_print_message(const char *str, const char *str2, long num,
- unsigned int bits, int tm)
+ unsigned int bits, int tm)
{
BIO_printf(bio_err,
- mr ? "+DTP:%d:%s:%s:%d\n"
- : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
+ mr ? "+DTP:%d:%s:%s:%d\n"
+ : "Doing %u bits %s %s's for %ds: ",
+ bits, str, str2, tm);
(void)BIO_flush(bio_err);
run = 1;
alarm(tm);
@@ -3624,8 +3690,9 @@ static void print_result(int alg, int run_no, int count, double time_used)
return;
}
BIO_printf(bio_err,
- mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n", count, names[alg], time_used);
+ mr ? "+R:%d:%s:%f\n"
+ : "%d %s's in %.2fs\n",
+ count, names[alg], time_used);
results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
}
@@ -3700,7 +3767,7 @@ static int do_multi(int multi, int size_num)
if ((f = fdopen(fds[n], "r")) == NULL) {
BIO_printf(bio_err, "fdopen failure with 0x%x\n",
- errno);
+ errno);
OPENSSL_free(fds);
return 1;
}
@@ -3710,8 +3777,8 @@ static int do_multi(int multi, int size_num)
*p = '\0';
if (buf[0] != '+') {
BIO_printf(bio_err,
- "Don't understand line '%s' from child %d\n", buf,
- n);
+ "Don't understand line '%s' from child %d\n", buf,
+ n);
continue;
}
printf("Got: %s from %d\n", buf, n);
@@ -3787,7 +3854,7 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
eddsa_results[k][1] += d;
-# ifndef OPENSSL_NO_SM2
+#ifndef OPENSSL_NO_SM2
} else if (strncmp(buf, "+F7:", 4) == 0) {
int k;
double d;
@@ -3802,8 +3869,8 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
sm2_results[k][1] += d;
-# endif /* OPENSSL_NO_SM2 */
-# ifndef OPENSSL_NO_DH
+#endif /* OPENSSL_NO_SM2 */
+#ifndef OPENSSL_NO_DH
} else if (strncmp(buf, "+F8:", 4) == 0) {
int k;
double d;
@@ -3814,12 +3881,12 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
ffdh_results[k][0] += d;
-# endif /* OPENSSL_NO_DH */
+#endif /* OPENSSL_NO_DH */
} else if (strncmp(buf, "+H:", 3) == 0) {
;
} else {
BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
- n);
+ n);
}
}
@@ -3830,14 +3897,14 @@ static int do_multi(int multi, int size_num)
while (wait(&status) == -1)
if (errno != EINTR) {
BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
- errno);
+ errno);
return 1;
}
if (WIFEXITED(status) && WEXITSTATUS(status)) {
BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
BIO_printf(bio_err, "Child terminated by signal %d\n",
- WTERMSIG(status));
+ WTERMSIG(status));
}
}
return 1;
@@ -3845,10 +3912,9 @@ static int do_multi(int multi, int size_num)
#endif
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
- const openssl_speed_sec_t *seconds)
+ const openssl_speed_sec_t *seconds)
{
- static const int mblengths_list[] =
- { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
+ static const int mblengths_list[] = { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
const int *mblengths = mblengths_list;
int j, count, keylen, num = OSSL_NELEM(mblengths_list);
const char *alg_name;
@@ -3880,7 +3946,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
OPENSSL_clear_free(key, keylen);
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
- sizeof(no_key), no_key) <= 0)
+ sizeof(no_key), no_key)
+ <= 0)
app_bail_out("failed to set AEAD key\n");
if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
app_bail_out("failed to get cipher name\n");
@@ -3893,11 +3960,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
size_t len = mblengths[j];
int packlen;
- memset(aad, 0, 8); /* avoid uninitialized values */
- aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
- aad[9] = 3; /* version */
+ memset(aad, 0, 8); /* avoid uninitialized values */
+ aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
+ aad[9] = 3; /* version */
aad[10] = 2;
- aad[11] = 0; /* length */
+ aad[11] = 0; /* length */
aad[12] = 0;
mb_param.out = NULL;
mb_param.inp = aad;
@@ -3905,15 +3972,15 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
mb_param.interleave = 8;
packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
- sizeof(mb_param), &mb_param);
+ sizeof(mb_param), &mb_param);
if (packlen > 0) {
mb_param.out = out;
mb_param.inp = inp;
mb_param.len = len;
(void)EVP_CIPHER_CTX_ctrl(ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
- sizeof(mb_param), &mb_param);
+ EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+ sizeof(mb_param), &mb_param);
} else {
int pad;
@@ -3923,13 +3990,12 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
aad[11] = (unsigned char)(len >> 8);
aad[12] = (unsigned char)(len);
pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
- EVP_AEAD_TLS1_AAD_LEN, aad);
+ EVP_AEAD_TLS1_AAD_LEN, aad);
EVP_Cipher(ctx, out, inp, len + pad);
}
}
d = Time_F(STOP);
- BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n", count, "evp", d);
+ BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n" : "%d %s's in %.2fs\n", count, "evp", d);
results[D_EVP][j] = ((double)count) / d * mblengths[j];
}
@@ -3944,7 +4010,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
fprintf(stdout, "\n");
} else {
fprintf(stdout,
- "The 'numbers' are in 1000s of bytes per second processed.\n");
+ "The 'numbers' are in 1000s of bytes per second processed.\n");
fprintf(stdout, "type ");
for (j = 0; j < num; j++)
fprintf(stdout, "%7d bytes", mblengths[j]);
@@ -3960,7 +4026,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
fprintf(stdout, "\n");
}
- err:
+err:
OPENSSL_free(inp);
OPENSSL_free(out);
EVP_CIPHER_CTX_free(ctx);
diff --git a/apps/spkac.c b/apps/spkac.c
index d92be7d6450e..61fc814e58dc 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -22,38 +22,48 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
- OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
- OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST,
+ OPT_NOOUT,
+ OPT_PUBKEY,
+ OPT_VERIFY,
+ OPT_IN,
+ OPT_OUT,
+ OPT_ENGINE,
+ OPT_KEY,
+ OPT_CHALLENGE,
+ OPT_PASSIN,
+ OPT_SPKAC,
+ OPT_SPKSECT,
+ OPT_KEYFORM,
+ OPT_DIGEST,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS spkac_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"spksect", OPT_SPKSECT, 's',
- "Specify the name of an SPKAC-dedicated section of configuration"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "spksect", OPT_SPKSECT, 's',
+ "Specify the name of an SPKAC-dedicated section of configuration" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file"},
- {"key", OPT_KEY, '<', "Create SPKAC using private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"challenge", OPT_CHALLENGE, 's', "Challenge string"},
- {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
+ { "in", OPT_IN, '<', "Input file" },
+ { "key", OPT_KEY, '<', "Create SPKAC using private key" },
+ { "keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "challenge", OPT_CHALLENGE, 's', "Challenge string" },
+ { "spkac", OPT_SPKAC, 's', "Alternative SPKAC name" },
OPT_SECTION("Output"),
- {"digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" },
- {"out", OPT_OUT, '>', "Output file"},
- {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
- {"pubkey", OPT_PUBKEY, '-', "Output public key"},
- {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
+ { "digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" },
+ { "out", OPT_OUT, '>', "Output file" },
+ { "noout", OPT_NOOUT, '-', "Don't print SPKAC" },
+ { "pubkey", OPT_PUBKEY, '-', "Output public key" },
+ { "verify", OPT_VERIFY, '-', "Verify SPKAC signature" },
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
int spkac_main(int argc, char **argv)
@@ -78,7 +88,7 @@ int spkac_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -147,7 +157,7 @@ int spkac_main(int argc, char **argv)
goto end;
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
- keyformat, 1, passin, e, "private key");
+ keyformat, 1, passin, e, "private key");
if (pkey == NULL)
goto end;
spki = NETSCAPE_SPKI_new();
@@ -155,7 +165,7 @@ int spkac_main(int argc, char **argv)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
- challenge, (int)strlen(challenge));
+ challenge, (int)strlen(challenge));
if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
BIO_printf(bio_err, "Error setting public key\n");
goto end;
@@ -221,7 +231,7 @@ int spkac_main(int argc, char **argv)
ret = 0;
- end:
+end:
EVP_MD_free(md);
NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
diff --git a/apps/srp.c b/apps/srp.c
index a9466f830289..ac0e15f49c0b 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -28,12 +28,11 @@
#include "apps.h"
#include "progs.h"
-#define BASE_SECTION "srp"
+#define BASE_SECTION "srp"
#define CONFIG_FILE "openssl.cnf"
-
-#define ENV_DATABASE "srpvfile"
-#define ENV_DEFAULT_SRP "default_srp"
+#define ENV_DATABASE "srpvfile"
+#define ENV_DEFAULT_SRP "default_srp"
static int get_index(CA_DB *db, char *id, char type)
{
@@ -86,9 +85,8 @@ static void print_user(CA_DB *db, int userindex, int verbose)
if (pp[DB_srptype][0] != 'I') {
print_entry(db, userindex, verbose, "User entry");
print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
- "g N entry");
+ "g N entry");
}
-
}
}
@@ -120,8 +118,8 @@ static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
}
static char *srp_verify_user(const char *user, const char *srp_verifier,
- char *srp_usersalt, const char *g, const char *N,
- const char *passin, int verbose)
+ char *srp_usersalt, const char *g, const char *N,
+ const char *passin, int verbose)
{
char password[1025];
PW_CB_DATA cb_tmp;
@@ -132,19 +130,20 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
- len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+ len = password_callback(password, sizeof(password) - 1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
if (verbose)
BIO_printf(bio_err,
- "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
- user, srp_verifier, srp_usersalt, g, N);
+ "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+ user, srp_verifier, srp_usersalt, g, N);
if (verbose > 1)
BIO_printf(bio_err, "Pass %s\n", password);
OPENSSL_assert(srp_usersalt != NULL);
if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
- &verifier, N, g)) == NULL) {
+ &verifier, N, g))
+ == NULL) {
BIO_printf(bio_err, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
@@ -157,8 +156,8 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
}
static char *srp_create_user(char *user, char **srp_verifier,
- char **srp_usersalt, char *g, char *N,
- char *passout, int verbose)
+ char **srp_usersalt, char *g, char *N,
+ char *passout, int verbose)
{
char password[1025];
PW_CB_DATA cb_tmp;
@@ -168,14 +167,15 @@ static char *srp_create_user(char *user, char **srp_verifier,
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
- len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+ len = password_callback(password, sizeof(password) - 1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
if (verbose)
BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
- user, g, N);
+ user, g, N);
if ((gNid = SRP_create_verifier(user, password, &salt,
- srp_verifier, N, g)) == NULL) {
+ srp_verifier, N, g))
+ == NULL) {
BIO_printf(bio_err, "Internal error creating SRP verifier\n");
} else {
*srp_usersalt = salt;
@@ -183,50 +183,61 @@ static char *srp_create_user(char *user, char **srp_verifier,
OPENSSL_cleanse(password, len);
if (verbose > 1)
BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
- gNid, salt, *srp_verifier);
-
+ gNid, salt, *srp_verifier);
}
return gNid;
}
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
- OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
- OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_VERBOSE,
+ OPT_CONFIG,
+ OPT_NAME,
+ OPT_SRPVFILE,
+ OPT_ADD,
+ OPT_DELETE,
+ OPT_MODIFY,
+ OPT_LIST,
+ OPT_GN,
+ OPT_USERINFO,
+ OPT_PASSIN,
+ OPT_PASSOUT,
+ OPT_ENGINE,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS srp_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
- {"config", OPT_CONFIG, '<', "A config file"},
- {"name", OPT_NAME, 's', "The particular srp definition to use"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "verbose", OPT_VERBOSE, '-', "Talk a lot while doing things" },
+ { "config", OPT_CONFIG, '<', "A config file" },
+ { "name", OPT_NAME, 's', "The particular srp definition to use" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Action"),
- {"add", OPT_ADD, '-', "Add a user and SRP verifier"},
- {"modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user"},
- {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
- {"list", OPT_LIST, '-', "List users"},
+ { "add", OPT_ADD, '-', "Add a user and SRP verifier" },
+ { "modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user" },
+ { "delete", OPT_DELETE, '-', "Delete user from verifier file" },
+ { "list", OPT_LIST, '-', "List users" },
OPT_SECTION("Configuration"),
- {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
- {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
- {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ { "srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name" },
+ { "gn", OPT_GN, 's', "Set g and N values to be used for new verifier" },
+ { "userinfo", OPT_USERINFO, 's', "Additional info to be set for user" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" },
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"user", 0, 0, "Username(s) to process (optional)"},
- {NULL}
+ { "user", 0, 0, "Username(s) to process (optional)" },
+ { NULL }
};
int srp_main(int argc, char **argv)
@@ -248,7 +259,7 @@ int srp_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -273,8 +284,8 @@ int srp_main(int argc, char **argv)
case OPT_LIST:
if (mode != OPT_ERR) {
BIO_printf(bio_err,
- "%s: Only one of -add/-delete/-modify/-list\n",
- prog);
+ "%s: Only one of -add/-delete/-modify/-list\n",
+ prog);
goto opthelp;
}
mode = o;
@@ -314,12 +325,12 @@ int srp_main(int argc, char **argv)
if (srpvfile != NULL && configfile != NULL) {
BIO_printf(bio_err,
- "-srpvfile and -configfile cannot be specified together.\n");
+ "-srpvfile and -configfile cannot be specified together.\n");
goto end;
}
if (mode == OPT_ERR) {
BIO_printf(bio_err,
- "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+ "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
goto opthelp;
}
if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
@@ -331,7 +342,7 @@ int srp_main(int argc, char **argv)
}
if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
BIO_printf(bio_err,
- "-passin, -passout arguments only valid with one user.\n");
+ "-passin, -passout arguments only valid with one user.\n");
goto opthelp;
}
@@ -354,8 +365,8 @@ int srp_main(int argc, char **argv)
if (section == NULL) {
if (verbose)
BIO_printf(bio_err,
- "trying to read " ENV_DEFAULT_SRP
- " in " BASE_SECTION "\n");
+ "trying to read " ENV_DEFAULT_SRP
+ " in " BASE_SECTION "\n");
section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
if (section == NULL)
@@ -366,8 +377,8 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err,
- "trying to read " ENV_DATABASE " in section \"%s\"\n",
- section);
+ "trying to read " ENV_DATABASE " in section \"%s\"\n",
+ section);
srpvfile = lookup_conf(conf, section, ENV_DATABASE);
if (srpvfile == NULL)
@@ -376,7 +387,7 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
- srpvfile);
+ srpvfile);
db = load_index(srpvfile, NULL);
if (db == NULL) {
@@ -431,14 +442,13 @@ int srp_main(int argc, char **argv)
print_user(db, i, 1);
} else if (userindex < 0) {
BIO_printf(bio_err,
- "user \"%s\" does not exist, ignored. t\n", user);
+ "user \"%s\" does not exist, ignored. t\n", user);
errors++;
}
} else if (mode == OPT_ADD) {
if (userindex >= 0) {
/* reactivation of a new user */
- char **row =
- sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
@@ -449,16 +459,14 @@ int srp_main(int argc, char **argv)
row[DB_srpverifier] = NULL;
row[DB_srpsalt] = NULL;
row[DB_srpinfo] = NULL;
- if (!
- (gNid =
- srp_create_user(user, &(row[DB_srpverifier]),
- &(row[DB_srpsalt]),
- gNrow ? gNrow[DB_srpsalt] : gN,
- gNrow ? gNrow[DB_srpverifier] : NULL,
- passout, verbose))) {
+ if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
+ &(row[DB_srpsalt]),
+ gNrow ? gNrow[DB_srpsalt] : gN,
+ gNrow ? gNrow[DB_srpverifier] : NULL,
+ passout, verbose))) {
BIO_printf(bio_err,
- "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
- user);
+ "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
+ user);
errors++;
goto end;
}
@@ -487,18 +495,17 @@ int srp_main(int argc, char **argv)
} else if (mode == OPT_MODIFY) {
if (userindex < 0) {
BIO_printf(bio_err,
- "user \"%s\" does not exist, operation ignored.\n",
- user);
+ "user \"%s\" does not exist, operation ignored.\n",
+ user);
errors++;
} else {
- char **row =
- sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
if (type == 'v') {
BIO_printf(bio_err,
- "user \"%s\" already updated, operation ignored.\n",
- user);
+ "user \"%s\" already updated, operation ignored.\n",
+ user);
errors++;
} else {
char *gNid;
@@ -508,40 +515,35 @@ int srp_main(int argc, char **argv)
char **irow = NULL;
if (verbose)
BIO_printf(bio_err,
- "Verifying password for user \"%s\"\n",
- user);
- if ((user_gN =
- get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
- irow =
- sk_OPENSSL_PSTRING_value(db->db->data,
- userindex);
+ "Verifying password for user \"%s\"\n",
+ user);
+ if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+ irow = sk_OPENSSL_PSTRING_value(db->db->data,
+ userindex);
- if (!srp_verify_user
- (user, row[DB_srpverifier], row[DB_srpsalt],
- irow ? irow[DB_srpsalt] : row[DB_srpgN],
- irow ? irow[DB_srpverifier] : NULL, passin,
- verbose)) {
+ if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt],
+ irow ? irow[DB_srpsalt] : row[DB_srpgN],
+ irow ? irow[DB_srpverifier] : NULL, passin,
+ verbose)) {
BIO_printf(bio_err,
- "Invalid password for user \"%s\", operation abandoned.\n",
- user);
+ "Invalid password for user \"%s\", operation abandoned.\n",
+ user);
errors++;
goto end;
}
}
if (verbose)
BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
- user);
+ user);
- if (!
- (gNid =
- srp_create_user(user, &(row[DB_srpverifier]),
- &(row[DB_srpsalt]),
- gNrow ? gNrow[DB_srpsalt] : NULL,
- gNrow ? gNrow[DB_srpverifier] : NULL,
- passout, verbose))) {
+ if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]),
+ &(row[DB_srpsalt]),
+ gNrow ? gNrow[DB_srpsalt] : NULL,
+ gNrow ? gNrow[DB_srpverifier] : NULL,
+ passout, verbose))) {
BIO_printf(bio_err,
- "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
- user);
+ "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
+ user);
errors++;
goto end;
}
@@ -565,8 +567,8 @@ int srp_main(int argc, char **argv)
} else if (mode == OPT_DELETE) {
if (userindex < 0) {
BIO_printf(bio_err,
- "user \"%s\" does not exist, operation ignored. t\n",
- user);
+ "user \"%s\" does not exist, operation ignored. t\n",
+ user);
errors++;
} else {
char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
@@ -612,7 +614,7 @@ int srp_main(int argc, char **argv)
}
ret = (errors != 0);
- end:
+end:
if (errors != 0)
if (verbose)
BIO_printf(bio_err, "User errors %d.\n", errors);
diff --git a/apps/storeutl.c b/apps/storeutl.c
index e7e614833769..4cea29bab006 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -14,57 +14,67 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/store.h>
-#include <openssl/x509v3.h> /* s2i_ASN1_INTEGER */
+#include <openssl/x509v3.h> /* s2i_ASN1_INTEGER */
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
- int expected, int criterion, OSSL_STORE_SEARCH *search,
- int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx);
+ int expected, int criterion, OSSL_STORE_SEARCH *search,
+ int text, int noout, int recursive, int indent, BIO *out,
+ const char *prog, OSSL_LIB_CTX *libctx);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_OUT, OPT_PASSIN,
- OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
- OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
- OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
- OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS,
- OPT_MD, OPT_PROV_ENUM
+ OPT_ENGINE,
+ OPT_OUT,
+ OPT_PASSIN,
+ OPT_NOOUT,
+ OPT_TEXT,
+ OPT_RECURSIVE,
+ OPT_SEARCHFOR_CERTS,
+ OPT_SEARCHFOR_KEYS,
+ OPT_SEARCHFOR_CRLS,
+ OPT_CRITERION_SUBJECT,
+ OPT_CRITERION_ISSUER,
+ OPT_CRITERION_SERIAL,
+ OPT_CRITERION_FINGERPRINT,
+ OPT_CRITERION_ALIAS,
+ OPT_MD,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS storeutl_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"", OPT_MD, '-', "Any supported digest"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "", OPT_MD, '-', "Any supported digest" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_SECTION("Search"),
- {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
- {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"},
- {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"},
- {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"},
- {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"},
- {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"},
- {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"},
- {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"},
- {"r", OPT_RECURSIVE, '-', "Recurse through names"},
+ { "certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only" },
+ { "keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only" },
+ { "crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only" },
+ { "subject", OPT_CRITERION_SUBJECT, 's', "Search by subject" },
+ { "issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name" },
+ { "serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number" },
+ { "fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex" },
+ { "alias", OPT_CRITERION_ALIAS, 's', "Search by alias" },
+ { "r", OPT_RECURSIVE, '-', "Recurse through names" },
OPT_SECTION("Input"),
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"text", OPT_TEXT, '-', "Print a text form of the objects"},
- {"noout", OPT_NOOUT, '-', "No PEM output, just status"},
+ { "out", OPT_OUT, '>', "Output file - default stdout" },
+ { "text", OPT_TEXT, '-', "Print a text form of the objects" },
+ { "noout", OPT_NOOUT, '-', "No PEM output, just status" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"uri", 0, 0, "URI of the store object"},
- {NULL}
+ { "uri", 0, 0, "URI of the store object" },
+ { NULL }
};
int storeutl_main(int argc, char *argv[])
@@ -91,7 +101,7 @@ int storeutl_main(int argc, char *argv[])
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -118,7 +128,7 @@ int storeutl_main(int argc, char *argv[])
case OPT_SEARCHFOR_CRLS:
if (expected != 0) {
BIO_printf(bio_err, "%s: only one search type can be given.\n",
- prog);
+ prog);
goto end;
}
{
@@ -126,9 +136,9 @@ int storeutl_main(int argc, char *argv[])
enum OPTION_choice choice;
int type;
} map[] = {
- {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT},
- {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY},
- {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL},
+ { OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT },
+ { OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY },
+ { OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL },
};
size_t i;
@@ -148,13 +158,13 @@ int storeutl_main(int argc, char *argv[])
case OPT_CRITERION_SUBJECT:
if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
- prog);
+ prog);
goto end;
}
criterion = OSSL_STORE_SEARCH_BY_NAME;
if (subject != NULL) {
BIO_printf(bio_err, "%s: subject already given.\n",
- prog);
+ prog);
goto end;
}
subject = parse_name(opt_arg(), MBSTRING_UTF8, 1, "subject");
@@ -165,13 +175,13 @@ int storeutl_main(int argc, char *argv[])
if (criterion != 0
&& criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) {
BIO_printf(bio_err, "%s: criterion already given.\n",
- prog);
+ prog);
goto end;
}
criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
if (issuer != NULL) {
BIO_printf(bio_err, "%s: issuer already given.\n",
- prog);
+ prog);
goto end;
}
issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1, "issuer");
@@ -182,31 +192,31 @@ int storeutl_main(int argc, char *argv[])
if (criterion != 0
&& criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) {
BIO_printf(bio_err, "%s: criterion already given.\n",
- prog);
+ prog);
goto end;
}
criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
if (serial != NULL) {
BIO_printf(bio_err, "%s: serial number already given.\n",
- prog);
+ prog);
goto end;
}
if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) {
BIO_printf(bio_err, "%s: can't parse serial number argument.\n",
- prog);
+ prog);
goto end;
}
break;
case OPT_CRITERION_FINGERPRINT:
if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
- prog);
+ prog);
goto end;
}
criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
if (fingerprint != NULL) {
BIO_printf(bio_err, "%s: fingerprint already given.\n",
- prog);
+ prog);
goto end;
}
{
@@ -215,8 +225,8 @@ int storeutl_main(int argc, char *argv[])
if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen))
== NULL) {
BIO_printf(bio_err,
- "%s: can't parse fingerprint argument.\n",
- prog);
+ "%s: can't parse fingerprint argument.\n",
+ prog);
goto end;
}
fingerprintlen = (size_t)tmplen;
@@ -225,18 +235,18 @@ int storeutl_main(int argc, char *argv[])
case OPT_CRITERION_ALIAS:
if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
- prog);
+ prog);
goto end;
}
criterion = OSSL_STORE_SEARCH_BY_ALIAS;
if (alias != NULL) {
BIO_printf(bio_err, "%s: alias already given.\n",
- prog);
+ prog);
goto end;
}
if ((alias = OPENSSL_strdup(opt_arg())) == NULL) {
BIO_printf(bio_err, "%s: can't parse alias argument.\n",
- prog);
+ prog);
goto end;
}
break;
@@ -275,8 +285,8 @@ int storeutl_main(int argc, char *argv[])
case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
if (issuer == NULL || serial == NULL) {
BIO_printf(bio_err,
- "%s: both -issuer and -serial must be given.\n",
- prog);
+ "%s: both -issuer and -serial must be given.\n",
+ prog);
goto end;
}
if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial))
@@ -287,8 +297,8 @@ int storeutl_main(int argc, char *argv[])
break;
case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest,
- fingerprint,
- fingerprintlen))
+ fingerprint,
+ fingerprintlen))
== NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -315,10 +325,10 @@ int storeutl_main(int argc, char *argv[])
goto end;
ret = process(argv[0], get_ui_method(), &pw_cb_data,
- expected, criterion, search,
- text, noout, recursive, 0, out, prog, libctx);
+ expected, criterion, search,
+ text, noout, recursive, 0, out, prog, libctx);
- end:
+end:
EVP_MD_free(digest);
OPENSSL_free(fingerprint);
OPENSSL_free(alias);
@@ -354,15 +364,15 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...)
}
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
- int expected, int criterion, OSSL_STORE_SEARCH *search,
- int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx)
+ int expected, int criterion, OSSL_STORE_SEARCH *search,
+ int text, int noout, int recursive, int indent, BIO *out,
+ const char *prog, OSSL_LIB_CTX *libctx)
{
OSSL_STORE_CTX *store_ctx = NULL;
int ret = 1, items = 0;
if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
- NULL, NULL, NULL))
+ NULL, NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
ERR_print_errors(bio_err);
@@ -379,8 +389,8 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
if (criterion != 0) {
if (!OSSL_STORE_supports_search(store_ctx, criterion)) {
BIO_printf(bio_err,
- "%s: the store scheme doesn't support the given search criteria.\n",
- prog);
+ "%s: the store scheme doesn't support the given search criteria.\n",
+ prog);
goto end2;
}
@@ -396,8 +406,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
for (;;) {
OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
- const char *infostr =
- info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
+ const char *infostr = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
if (info == NULL) {
if (OSSL_STORE_error(store_ctx)) {
@@ -415,8 +424,8 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
break;
BIO_printf(bio_err,
- "ERROR: OSSL_STORE_load() returned NULL without "
- "eof or error indications\n");
+ "ERROR: OSSL_STORE_load() returned NULL without "
+ "eof or error indications\n");
BIO_printf(bio_err, " This is an error in the loader\n");
ERR_print_errors(bio_err);
ret++;
@@ -427,7 +436,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
const char *name = OSSL_STORE_INFO_get0_NAME(info);
const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
- name);
+ name);
if (desc != NULL)
indent_printf(indent, bio_out, "%s\n", desc);
} else {
@@ -444,33 +453,33 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
if (recursive) {
const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
ret += process(suburi, uimeth, uidata,
- expected, criterion, search,
- text, noout, recursive, indent + 2, out, prog,
- libctx);
+ expected, criterion, search,
+ text, noout, recursive, indent + 2, out, prog,
+ libctx);
}
break;
case OSSL_STORE_INFO_PARAMS:
if (text)
EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
- 0, NULL);
+ 0, NULL);
if (!noout)
PEM_write_bio_Parameters(out,
- OSSL_STORE_INFO_get0_PARAMS(info));
+ OSSL_STORE_INFO_get0_PARAMS(info));
break;
case OSSL_STORE_INFO_PUBKEY:
if (text)
EVP_PKEY_print_public(out, OSSL_STORE_INFO_get0_PUBKEY(info),
- 0, NULL);
+ 0, NULL);
if (!noout)
PEM_write_bio_PUBKEY(out, OSSL_STORE_INFO_get0_PUBKEY(info));
break;
case OSSL_STORE_INFO_PKEY:
if (text)
EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
- 0, NULL);
+ 0, NULL);
if (!noout)
PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
- NULL, NULL, 0, NULL, NULL);
+ NULL, NULL, 0, NULL, NULL);
break;
case OSSL_STORE_INFO_CERT:
if (text)
@@ -494,7 +503,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
}
indent_printf(indent, out, "Total found: %d\n", items);
- end2:
+end2:
if (!OSSL_STORE_close(store_ctx)) {
ERR_print_errors(bio_err);
ret++;
diff --git a/apps/testdsa.h b/apps/testdsa.h
index d80d2cf7f2d2..e8d04bb31e8a 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -13,45 +13,274 @@
EVP_PKEY *get_dsa(int);
static unsigned char dsa512_priv[] = {
- 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
- 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
+ 0x65,
+ 0xe5,
+ 0xc7,
+ 0x38,
+ 0x60,
+ 0x24,
+ 0xb5,
+ 0x89,
+ 0xd4,
+ 0x9c,
+ 0xeb,
+ 0x4c,
+ 0x9c,
+ 0x1d,
+ 0x7a,
+ 0x22,
+ 0xbd,
+ 0xd1,
+ 0xc2,
+ 0xd2,
};
static unsigned char dsa512_pub[] = {
- 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
- 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
- 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
- 0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
- 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
- 0xbe, 0xba, 0x0a, 0x6b, 0xc8,
+ 0x00,
+ 0x95,
+ 0xa7,
+ 0x0d,
+ 0xec,
+ 0x93,
+ 0x68,
+ 0xba,
+ 0x5f,
+ 0xf7,
+ 0x5f,
+ 0x07,
+ 0xf2,
+ 0x3b,
+ 0xad,
+ 0x6b,
+ 0x01,
+ 0xdc,
+ 0xbe,
+ 0xec,
+ 0xde,
+ 0x04,
+ 0x7a,
+ 0x3a,
+ 0x27,
+ 0xb3,
+ 0xec,
+ 0x49,
+ 0xfd,
+ 0x08,
+ 0x43,
+ 0x3d,
+ 0x7e,
+ 0xa8,
+ 0x2c,
+ 0x5e,
+ 0x7b,
+ 0xbb,
+ 0xfc,
+ 0xf4,
+ 0x6e,
+ 0xeb,
+ 0x6c,
+ 0xb0,
+ 0x6e,
+ 0xf8,
+ 0x02,
+ 0x12,
+ 0x8c,
+ 0x38,
+ 0x5d,
+ 0x83,
+ 0x56,
+ 0x7d,
+ 0xee,
+ 0x53,
+ 0x05,
+ 0x3e,
+ 0x24,
+ 0x84,
+ 0xbe,
+ 0xba,
+ 0x0a,
+ 0x6b,
+ 0xc8,
};
static unsigned char dsa512_p[] = {
- 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
- 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
- 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
- 0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
- 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
- 0xA2, 0x76, 0x7D, 0x31,
+ 0x9D,
+ 0x1B,
+ 0x69,
+ 0x8E,
+ 0x26,
+ 0xDB,
+ 0xF2,
+ 0x2B,
+ 0x11,
+ 0x70,
+ 0x19,
+ 0x86,
+ 0xF6,
+ 0x19,
+ 0xC8,
+ 0xF8,
+ 0x19,
+ 0xF2,
+ 0x18,
+ 0x53,
+ 0x94,
+ 0x46,
+ 0x06,
+ 0xD0,
+ 0x62,
+ 0x50,
+ 0x33,
+ 0x4B,
+ 0x02,
+ 0x3C,
+ 0x52,
+ 0x30,
+ 0x03,
+ 0x8B,
+ 0x3B,
+ 0xF9,
+ 0x5F,
+ 0xD1,
+ 0x24,
+ 0x06,
+ 0x4F,
+ 0x7B,
+ 0x4C,
+ 0xBA,
+ 0xAA,
+ 0x40,
+ 0x9B,
+ 0xFD,
+ 0x96,
+ 0xE4,
+ 0x37,
+ 0x33,
+ 0xBB,
+ 0x2D,
+ 0x5A,
+ 0xD7,
+ 0x5A,
+ 0x11,
+ 0x40,
+ 0x66,
+ 0xA2,
+ 0x76,
+ 0x7D,
+ 0x31,
};
static unsigned char dsa512_q[] = {
- 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
- 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
+ 0xFB,
+ 0x53,
+ 0xEF,
+ 0x50,
+ 0xB4,
+ 0x40,
+ 0x92,
+ 0x31,
+ 0x56,
+ 0x86,
+ 0x53,
+ 0x7A,
+ 0xE8,
+ 0x8B,
+ 0x22,
+ 0x9A,
+ 0x49,
+ 0xFB,
+ 0x71,
+ 0x8F,
};
static unsigned char dsa512_g[] = {
- 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
- 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
- 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
- 0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
- 0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
- 0xA2, 0x03, 0x9D, 0x20,
+ 0x83,
+ 0x3E,
+ 0x88,
+ 0xE5,
+ 0xC5,
+ 0x89,
+ 0x73,
+ 0xCE,
+ 0x3B,
+ 0x6C,
+ 0x01,
+ 0x49,
+ 0xBF,
+ 0xB3,
+ 0xC7,
+ 0x9F,
+ 0x0A,
+ 0xEA,
+ 0x44,
+ 0x91,
+ 0xE5,
+ 0x30,
+ 0xAA,
+ 0xD9,
+ 0xBE,
+ 0x5B,
+ 0x5F,
+ 0xB7,
+ 0x10,
+ 0xD7,
+ 0x89,
+ 0xB7,
+ 0x8E,
+ 0x74,
+ 0xFB,
+ 0xCF,
+ 0x29,
+ 0x1E,
+ 0xEB,
+ 0xA8,
+ 0x2C,
+ 0x54,
+ 0x51,
+ 0xB8,
+ 0x10,
+ 0xDE,
+ 0xA0,
+ 0xCE,
+ 0x2F,
+ 0xCC,
+ 0x24,
+ 0x6B,
+ 0x90,
+ 0x77,
+ 0xDE,
+ 0xA2,
+ 0x68,
+ 0xA6,
+ 0x52,
+ 0x12,
+ 0xA2,
+ 0x03,
+ 0x9D,
+ 0x20,
};
static unsigned char dsa1024_priv[] = {
- 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
- 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
+ 0x7d,
+ 0x21,
+ 0xda,
+ 0xbb,
+ 0x62,
+ 0x15,
+ 0x47,
+ 0x36,
+ 0x07,
+ 0x67,
+ 0x12,
+ 0xe8,
+ 0x8c,
+ 0xaa,
+ 0x1c,
+ 0xcd,
+ 0x38,
+ 0x12,
+ 0x61,
+ 0x18,
};
static unsigned char dsa1024_pub[] = {
@@ -69,121 +298,1111 @@ static unsigned char dsa1024_pub[] = {
};
static unsigned char dsa1024_p[] = {
- 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
- 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
- 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
- 0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
- 0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
- 0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
- 0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
- 0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
- 0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
- 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
- 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
+ 0xA7,
+ 0x3F,
+ 0x6E,
+ 0x85,
+ 0xBF,
+ 0x41,
+ 0x6A,
+ 0x29,
+ 0x7D,
+ 0xF0,
+ 0x9F,
+ 0x47,
+ 0x19,
+ 0x30,
+ 0x90,
+ 0x9A,
+ 0x09,
+ 0x1D,
+ 0xDA,
+ 0x6A,
+ 0x33,
+ 0x1E,
+ 0xC5,
+ 0x3D,
+ 0x86,
+ 0x96,
+ 0xB3,
+ 0x15,
+ 0xE0,
+ 0x53,
+ 0x2E,
+ 0x8F,
+ 0xE0,
+ 0x59,
+ 0x82,
+ 0x73,
+ 0x90,
+ 0x3E,
+ 0x75,
+ 0x31,
+ 0x99,
+ 0x47,
+ 0x7A,
+ 0x52,
+ 0xFB,
+ 0x85,
+ 0xE4,
+ 0xD9,
+ 0xA6,
+ 0x7B,
+ 0x38,
+ 0x9B,
+ 0x68,
+ 0x8A,
+ 0x84,
+ 0x9B,
+ 0x87,
+ 0xC6,
+ 0x1E,
+ 0xB5,
+ 0x7E,
+ 0x86,
+ 0x4B,
+ 0x53,
+ 0x5B,
+ 0x59,
+ 0xCF,
+ 0x71,
+ 0x65,
+ 0x19,
+ 0x88,
+ 0x6E,
+ 0xCE,
+ 0x66,
+ 0xAE,
+ 0x6B,
+ 0x88,
+ 0x36,
+ 0xFB,
+ 0xEC,
+ 0x28,
+ 0xDC,
+ 0xC2,
+ 0xD7,
+ 0xA5,
+ 0xBB,
+ 0xE5,
+ 0x2C,
+ 0x39,
+ 0x26,
+ 0x4B,
+ 0xDA,
+ 0x9A,
+ 0x70,
+ 0x18,
+ 0x95,
+ 0x37,
+ 0x95,
+ 0x10,
+ 0x56,
+ 0x23,
+ 0xF6,
+ 0x15,
+ 0xED,
+ 0xBA,
+ 0x04,
+ 0x5E,
+ 0xDE,
+ 0x39,
+ 0x4F,
+ 0xFD,
+ 0xB7,
+ 0x43,
+ 0x1F,
+ 0xB5,
+ 0xA4,
+ 0x65,
+ 0x6F,
+ 0xCD,
+ 0x80,
+ 0x11,
+ 0xE4,
+ 0x70,
+ 0x95,
+ 0x5B,
+ 0x50,
+ 0xCD,
+ 0x49,
};
static unsigned char dsa1024_q[] = {
- 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
- 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
+ 0xF7,
+ 0x07,
+ 0x31,
+ 0xED,
+ 0xFA,
+ 0x6C,
+ 0x06,
+ 0x03,
+ 0xD5,
+ 0x85,
+ 0x8A,
+ 0x1C,
+ 0xAC,
+ 0x9C,
+ 0x65,
+ 0xE7,
+ 0x50,
+ 0x66,
+ 0x65,
+ 0x6F,
};
static unsigned char dsa1024_g[] = {
- 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
- 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
- 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
- 0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
- 0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
- 0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
- 0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
- 0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
- 0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
- 0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
- 0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
+ 0x4D,
+ 0xDF,
+ 0x4C,
+ 0x03,
+ 0xA6,
+ 0x91,
+ 0x8A,
+ 0xF5,
+ 0x19,
+ 0x6F,
+ 0x50,
+ 0x46,
+ 0x25,
+ 0x99,
+ 0xE5,
+ 0x68,
+ 0x6F,
+ 0x30,
+ 0xE3,
+ 0x69,
+ 0xE1,
+ 0xE5,
+ 0xB3,
+ 0x5D,
+ 0x98,
+ 0xBB,
+ 0x28,
+ 0x86,
+ 0x48,
+ 0xFC,
+ 0xDE,
+ 0x99,
+ 0x04,
+ 0x3F,
+ 0x5F,
+ 0x88,
+ 0x0C,
+ 0x9C,
+ 0x73,
+ 0x24,
+ 0x0D,
+ 0x20,
+ 0x5D,
+ 0xB9,
+ 0x2A,
+ 0x9A,
+ 0x3F,
+ 0x18,
+ 0x96,
+ 0x27,
+ 0xE4,
+ 0x62,
+ 0x87,
+ 0xC1,
+ 0x7B,
+ 0x74,
+ 0x62,
+ 0x53,
+ 0xFC,
+ 0x61,
+ 0x27,
+ 0xA8,
+ 0x7A,
+ 0x91,
+ 0x09,
+ 0x9D,
+ 0xB6,
+ 0xF1,
+ 0x4D,
+ 0x9C,
+ 0x54,
+ 0x0F,
+ 0x58,
+ 0x06,
+ 0xEE,
+ 0x49,
+ 0x74,
+ 0x07,
+ 0xCE,
+ 0x55,
+ 0x7E,
+ 0x23,
+ 0xCE,
+ 0x16,
+ 0xF6,
+ 0xCA,
+ 0xDC,
+ 0x5A,
+ 0x61,
+ 0x01,
+ 0x7E,
+ 0xC9,
+ 0x71,
+ 0xB5,
+ 0x4D,
+ 0xF6,
+ 0xDC,
+ 0x34,
+ 0x29,
+ 0x87,
+ 0x68,
+ 0xF6,
+ 0x5E,
+ 0x20,
+ 0x93,
+ 0xB3,
+ 0xDB,
+ 0xF5,
+ 0xE4,
+ 0x09,
+ 0x6C,
+ 0x41,
+ 0x17,
+ 0x95,
+ 0x92,
+ 0xEB,
+ 0x01,
+ 0xB5,
+ 0x73,
+ 0xA5,
+ 0x6A,
+ 0x7E,
+ 0xD8,
+ 0x32,
+ 0xED,
+ 0x0E,
+ 0x02,
+ 0xB8,
};
static unsigned char dsa2048_priv[] = {
- 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
- 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
+ 0x32,
+ 0x67,
+ 0x92,
+ 0xf6,
+ 0xc4,
+ 0xe2,
+ 0xe2,
+ 0xe8,
+ 0xa0,
+ 0x8b,
+ 0x6b,
+ 0x45,
+ 0x0c,
+ 0x8a,
+ 0x76,
+ 0xb0,
+ 0xee,
+ 0xcf,
+ 0x91,
+ 0xa7,
};
static unsigned char dsa2048_pub[] = {
- 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
- 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
- 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
- 0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
- 0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
- 0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
- 0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
- 0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
- 0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
- 0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
- 0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
- 0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
- 0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
- 0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
- 0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
- 0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
- 0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
- 0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
- 0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
- 0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
- 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
- 0x8b, 0x33, 0xb7, 0xce,
+ 0x17,
+ 0x8f,
+ 0xa8,
+ 0x11,
+ 0x84,
+ 0x92,
+ 0xec,
+ 0x83,
+ 0x47,
+ 0xc7,
+ 0x6a,
+ 0xb0,
+ 0x92,
+ 0xaf,
+ 0x5a,
+ 0x20,
+ 0x37,
+ 0xa3,
+ 0x64,
+ 0x79,
+ 0xd2,
+ 0xd0,
+ 0x3d,
+ 0xcd,
+ 0xe0,
+ 0x61,
+ 0x88,
+ 0x88,
+ 0x21,
+ 0xcc,
+ 0x74,
+ 0x5d,
+ 0xce,
+ 0x4c,
+ 0x51,
+ 0x47,
+ 0xf0,
+ 0xc5,
+ 0x5c,
+ 0x4c,
+ 0x82,
+ 0x7a,
+ 0xaf,
+ 0x72,
+ 0xad,
+ 0xb9,
+ 0xe0,
+ 0x53,
+ 0xf2,
+ 0x78,
+ 0xb7,
+ 0xf0,
+ 0xb5,
+ 0x48,
+ 0x7f,
+ 0x8a,
+ 0x3a,
+ 0x18,
+ 0xd1,
+ 0x9f,
+ 0x8b,
+ 0x7d,
+ 0xa5,
+ 0x47,
+ 0xb7,
+ 0x95,
+ 0xab,
+ 0x98,
+ 0xf8,
+ 0x7b,
+ 0x74,
+ 0x50,
+ 0x56,
+ 0x8e,
+ 0x57,
+ 0xf0,
+ 0xee,
+ 0xf5,
+ 0xb7,
+ 0xba,
+ 0xab,
+ 0x85,
+ 0x86,
+ 0xf9,
+ 0x2b,
+ 0xef,
+ 0x41,
+ 0x56,
+ 0xa0,
+ 0xa4,
+ 0x9f,
+ 0xb7,
+ 0x38,
+ 0x00,
+ 0x46,
+ 0x0a,
+ 0xa6,
+ 0xf1,
+ 0xfc,
+ 0x1f,
+ 0xd8,
+ 0x4e,
+ 0x85,
+ 0x44,
+ 0x92,
+ 0x43,
+ 0x21,
+ 0x5d,
+ 0x6e,
+ 0xcc,
+ 0xc2,
+ 0xcb,
+ 0x26,
+ 0x31,
+ 0x0d,
+ 0x21,
+ 0xc4,
+ 0xbd,
+ 0x8d,
+ 0x24,
+ 0xbc,
+ 0xd9,
+ 0x18,
+ 0x19,
+ 0xd7,
+ 0xdc,
+ 0xf1,
+ 0xe7,
+ 0x93,
+ 0x50,
+ 0x48,
+ 0x03,
+ 0x2c,
+ 0xae,
+ 0x2e,
+ 0xe7,
+ 0x49,
+ 0x88,
+ 0x5f,
+ 0x93,
+ 0x57,
+ 0x27,
+ 0x99,
+ 0x36,
+ 0xb4,
+ 0x20,
+ 0xab,
+ 0xfc,
+ 0xa7,
+ 0x2b,
+ 0xf2,
+ 0xd9,
+ 0x98,
+ 0xd7,
+ 0xd4,
+ 0x34,
+ 0x9d,
+ 0x96,
+ 0x50,
+ 0x58,
+ 0x9a,
+ 0xea,
+ 0x54,
+ 0xf3,
+ 0xee,
+ 0xf5,
+ 0x63,
+ 0x14,
+ 0xee,
+ 0x85,
+ 0x83,
+ 0x74,
+ 0x76,
+ 0xe1,
+ 0x52,
+ 0x95,
+ 0xc3,
+ 0xf7,
+ 0xeb,
+ 0x04,
+ 0x04,
+ 0x7b,
+ 0xa7,
+ 0x28,
+ 0x1b,
+ 0xcc,
+ 0xea,
+ 0x4a,
+ 0x4e,
+ 0x84,
+ 0xda,
+ 0xd8,
+ 0x9c,
+ 0x79,
+ 0xd8,
+ 0x9b,
+ 0x66,
+ 0x89,
+ 0x2f,
+ 0xcf,
+ 0xac,
+ 0xd7,
+ 0x79,
+ 0xf9,
+ 0xa9,
+ 0xd8,
+ 0x45,
+ 0x13,
+ 0x78,
+ 0xb9,
+ 0x00,
+ 0x14,
+ 0xc9,
+ 0x7e,
+ 0x22,
+ 0x51,
+ 0x86,
+ 0x67,
+ 0xb0,
+ 0x9f,
+ 0x26,
+ 0x11,
+ 0x23,
+ 0xc8,
+ 0x38,
+ 0xd7,
+ 0x70,
+ 0x1d,
+ 0x15,
+ 0x8e,
+ 0x4d,
+ 0x4f,
+ 0x95,
+ 0x97,
+ 0x40,
+ 0xa1,
+ 0xc2,
+ 0x7e,
+ 0x01,
+ 0x18,
+ 0x72,
+ 0xf4,
+ 0x10,
+ 0xe6,
+ 0x8d,
+ 0x52,
+ 0x16,
+ 0x7f,
+ 0xf2,
+ 0xc9,
+ 0xf8,
+ 0x33,
+ 0x8b,
+ 0x33,
+ 0xb7,
+ 0xce,
};
static unsigned char dsa2048_p[] = {
- 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
- 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
- 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
- 0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
- 0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
- 0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
- 0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
- 0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
- 0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
- 0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
- 0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
- 0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
- 0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
- 0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
- 0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
- 0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
- 0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
- 0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
- 0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
- 0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
- 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
- 0xF8, 0x68, 0xCF, 0x9B,
+ 0xA0,
+ 0x25,
+ 0xFA,
+ 0xAD,
+ 0xF4,
+ 0x8E,
+ 0xB9,
+ 0xE5,
+ 0x99,
+ 0xF3,
+ 0x5D,
+ 0x6F,
+ 0x4F,
+ 0x83,
+ 0x34,
+ 0xE2,
+ 0x7E,
+ 0xCF,
+ 0x6F,
+ 0xBF,
+ 0x30,
+ 0xAF,
+ 0x6F,
+ 0x81,
+ 0xEB,
+ 0xF8,
+ 0xC4,
+ 0x13,
+ 0xD9,
+ 0xA0,
+ 0x5D,
+ 0x8B,
+ 0x5C,
+ 0x8E,
+ 0xDC,
+ 0xC2,
+ 0x1D,
+ 0x0B,
+ 0x41,
+ 0x32,
+ 0xB0,
+ 0x1F,
+ 0xFE,
+ 0xEF,
+ 0x0C,
+ 0xC2,
+ 0xA2,
+ 0x7E,
+ 0x68,
+ 0x5C,
+ 0x28,
+ 0x21,
+ 0xE9,
+ 0xF5,
+ 0xB1,
+ 0x58,
+ 0x12,
+ 0x63,
+ 0x4C,
+ 0x19,
+ 0x4E,
+ 0xFF,
+ 0x02,
+ 0x4B,
+ 0x92,
+ 0xED,
+ 0xD2,
+ 0x07,
+ 0x11,
+ 0x4D,
+ 0x8C,
+ 0x58,
+ 0x16,
+ 0x5C,
+ 0x55,
+ 0x8E,
+ 0xAD,
+ 0xA3,
+ 0x67,
+ 0x7D,
+ 0xB9,
+ 0x86,
+ 0x6E,
+ 0x0B,
+ 0xE6,
+ 0x54,
+ 0x6F,
+ 0x40,
+ 0xAE,
+ 0x0E,
+ 0x67,
+ 0x4C,
+ 0xF9,
+ 0x12,
+ 0x5B,
+ 0x3C,
+ 0x08,
+ 0x7A,
+ 0xF7,
+ 0xFC,
+ 0x67,
+ 0x86,
+ 0x69,
+ 0xE7,
+ 0x0A,
+ 0x94,
+ 0x40,
+ 0xBF,
+ 0x8B,
+ 0x76,
+ 0xFE,
+ 0x26,
+ 0xD1,
+ 0xF2,
+ 0xA1,
+ 0x1A,
+ 0x84,
+ 0xA1,
+ 0x43,
+ 0x56,
+ 0x28,
+ 0xBC,
+ 0x9A,
+ 0x5F,
+ 0xD7,
+ 0x3B,
+ 0x69,
+ 0x89,
+ 0x8A,
+ 0x36,
+ 0x2C,
+ 0x51,
+ 0xDF,
+ 0x12,
+ 0x77,
+ 0x2F,
+ 0x57,
+ 0x7B,
+ 0xA0,
+ 0xAA,
+ 0xDD,
+ 0x7F,
+ 0xA1,
+ 0x62,
+ 0x3B,
+ 0x40,
+ 0x7B,
+ 0x68,
+ 0x1A,
+ 0x8F,
+ 0x0D,
+ 0x38,
+ 0xBB,
+ 0x21,
+ 0x5D,
+ 0x18,
+ 0xFC,
+ 0x0F,
+ 0x46,
+ 0xF7,
+ 0xA3,
+ 0xB0,
+ 0x1D,
+ 0x23,
+ 0xC3,
+ 0xD2,
+ 0xC7,
+ 0x72,
+ 0x51,
+ 0x18,
+ 0xDF,
+ 0x46,
+ 0x95,
+ 0x79,
+ 0xD9,
+ 0xBD,
+ 0xB5,
+ 0x19,
+ 0x02,
+ 0x2C,
+ 0x87,
+ 0xDC,
+ 0xE7,
+ 0x57,
+ 0x82,
+ 0x7E,
+ 0xF1,
+ 0x8B,
+ 0x06,
+ 0x3D,
+ 0x00,
+ 0xA5,
+ 0x7B,
+ 0x6B,
+ 0x26,
+ 0x27,
+ 0x91,
+ 0x0F,
+ 0x6A,
+ 0x77,
+ 0xE4,
+ 0xD5,
+ 0x04,
+ 0xE4,
+ 0x12,
+ 0x2C,
+ 0x42,
+ 0xFF,
+ 0xD2,
+ 0x88,
+ 0xBB,
+ 0xD3,
+ 0x92,
+ 0xA0,
+ 0xF9,
+ 0xC8,
+ 0x51,
+ 0x64,
+ 0x14,
+ 0x5C,
+ 0xD8,
+ 0xF9,
+ 0x6C,
+ 0x47,
+ 0x82,
+ 0xB4,
+ 0x1C,
+ 0x7F,
+ 0x09,
+ 0xB8,
+ 0xF0,
+ 0x25,
+ 0x83,
+ 0x1D,
+ 0x3F,
+ 0x3F,
+ 0x05,
+ 0xB3,
+ 0x21,
+ 0x0A,
+ 0x5D,
+ 0xA7,
+ 0xD8,
+ 0x54,
+ 0xC3,
+ 0x65,
+ 0x7D,
+ 0xC3,
+ 0xB0,
+ 0x1D,
+ 0xBF,
+ 0xAE,
+ 0xF8,
+ 0x68,
+ 0xCF,
+ 0x9B,
};
static unsigned char dsa2048_q[] = {
- 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
- 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
+ 0x97,
+ 0xE7,
+ 0x33,
+ 0x4D,
+ 0xD3,
+ 0x94,
+ 0x3E,
+ 0x0B,
+ 0xDB,
+ 0x62,
+ 0x74,
+ 0xC6,
+ 0xA1,
+ 0x08,
+ 0xDD,
+ 0x19,
+ 0xA3,
+ 0x75,
+ 0x17,
+ 0x1B,
};
static unsigned char dsa2048_g[] = {
- 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
- 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
- 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
- 0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
- 0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
- 0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
- 0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
- 0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
- 0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
- 0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
- 0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
- 0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
- 0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
- 0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
- 0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
- 0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
- 0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
- 0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
- 0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
- 0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
- 0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
- 0xF8, 0xB2, 0xE5, 0x38,
+ 0x2C,
+ 0x78,
+ 0x16,
+ 0x59,
+ 0x34,
+ 0x63,
+ 0xF4,
+ 0xF3,
+ 0x92,
+ 0xFC,
+ 0xB5,
+ 0xA5,
+ 0x4F,
+ 0x13,
+ 0xDE,
+ 0x2F,
+ 0x1C,
+ 0xA4,
+ 0x3C,
+ 0xAE,
+ 0xAD,
+ 0x38,
+ 0x3F,
+ 0x7E,
+ 0x90,
+ 0xBF,
+ 0x96,
+ 0xA6,
+ 0xAE,
+ 0x25,
+ 0x90,
+ 0x72,
+ 0xF5,
+ 0x8E,
+ 0x80,
+ 0x0C,
+ 0x39,
+ 0x1C,
+ 0xD9,
+ 0xEC,
+ 0xBA,
+ 0x90,
+ 0x5B,
+ 0x3A,
+ 0xE8,
+ 0x58,
+ 0x6C,
+ 0x9E,
+ 0x30,
+ 0x42,
+ 0x37,
+ 0x02,
+ 0x31,
+ 0x82,
+ 0xBC,
+ 0x6A,
+ 0xDF,
+ 0x6A,
+ 0x09,
+ 0x29,
+ 0xE3,
+ 0xC0,
+ 0x46,
+ 0xD1,
+ 0xCB,
+ 0x85,
+ 0xEC,
+ 0x0C,
+ 0x30,
+ 0x5E,
+ 0xEA,
+ 0xC8,
+ 0x39,
+ 0x8E,
+ 0x22,
+ 0x9F,
+ 0x22,
+ 0x10,
+ 0xD2,
+ 0x34,
+ 0x61,
+ 0x68,
+ 0x37,
+ 0x3D,
+ 0x2E,
+ 0x4A,
+ 0x5B,
+ 0x9A,
+ 0xF5,
+ 0xC1,
+ 0x48,
+ 0xC6,
+ 0xF6,
+ 0xDC,
+ 0x63,
+ 0x1A,
+ 0xD3,
+ 0x96,
+ 0x64,
+ 0xBA,
+ 0x34,
+ 0xC9,
+ 0xD1,
+ 0xA0,
+ 0xD1,
+ 0xAE,
+ 0x6C,
+ 0x2F,
+ 0x48,
+ 0x17,
+ 0x93,
+ 0x14,
+ 0x43,
+ 0xED,
+ 0xF0,
+ 0x21,
+ 0x30,
+ 0x19,
+ 0xC3,
+ 0x1B,
+ 0x5F,
+ 0xDE,
+ 0xA3,
+ 0xF0,
+ 0x70,
+ 0x78,
+ 0x18,
+ 0xE1,
+ 0xA8,
+ 0xE4,
+ 0xEE,
+ 0x2E,
+ 0x00,
+ 0xA5,
+ 0xE4,
+ 0xB3,
+ 0x17,
+ 0xC8,
+ 0x0C,
+ 0x7D,
+ 0x6E,
+ 0x42,
+ 0xDC,
+ 0xB7,
+ 0x46,
+ 0x00,
+ 0x36,
+ 0x4D,
+ 0xD4,
+ 0x46,
+ 0xAA,
+ 0x3D,
+ 0x3C,
+ 0x46,
+ 0x89,
+ 0x40,
+ 0xBF,
+ 0x1D,
+ 0x84,
+ 0x77,
+ 0x0A,
+ 0x75,
+ 0xF3,
+ 0x87,
+ 0x1D,
+ 0x08,
+ 0x4C,
+ 0xA6,
+ 0xD1,
+ 0xA9,
+ 0x1C,
+ 0x1E,
+ 0x12,
+ 0x1E,
+ 0xE1,
+ 0xC7,
+ 0x30,
+ 0x28,
+ 0x76,
+ 0xA5,
+ 0x7F,
+ 0x6C,
+ 0x85,
+ 0x96,
+ 0x2B,
+ 0x6F,
+ 0xDB,
+ 0x80,
+ 0x66,
+ 0x26,
+ 0xAE,
+ 0xF5,
+ 0x93,
+ 0xC7,
+ 0x8E,
+ 0xAE,
+ 0x9A,
+ 0xED,
+ 0xE4,
+ 0xCA,
+ 0x04,
+ 0xEA,
+ 0x3B,
+ 0x72,
+ 0xEF,
+ 0xDC,
+ 0x87,
+ 0xED,
+ 0x0D,
+ 0xA5,
+ 0x4C,
+ 0x4A,
+ 0xDD,
+ 0x71,
+ 0x22,
+ 0x64,
+ 0x59,
+ 0x69,
+ 0x4E,
+ 0x8E,
+ 0xBF,
+ 0x43,
+ 0xDC,
+ 0xAB,
+ 0x8E,
+ 0x66,
+ 0xBB,
+ 0x01,
+ 0xB6,
+ 0xF4,
+ 0xE7,
+ 0xFD,
+ 0xD2,
+ 0xAD,
+ 0x9F,
+ 0x36,
+ 0xC1,
+ 0xA0,
+ 0x29,
+ 0x99,
+ 0xD1,
+ 0x96,
+ 0x70,
+ 0x59,
+ 0x06,
+ 0x78,
+ 0x35,
+ 0xBD,
+ 0x65,
+ 0x55,
+ 0x52,
+ 0x9E,
+ 0xF8,
+ 0xB2,
+ 0xE5,
+ 0x38,
};
typedef struct testdsa_st {
@@ -199,18 +1418,18 @@ typedef struct testdsa_st {
int q_l;
} testdsa;
-#define set_dsa_ptr(st, bits) \
- do { \
- st.priv = dsa##bits##_priv; \
- st.pub = dsa##bits##_pub; \
- st.p = dsa##bits##_p; \
- st.g = dsa##bits##_g; \
- st.q = dsa##bits##_q; \
+#define set_dsa_ptr(st, bits) \
+ do { \
+ st.priv = dsa##bits##_priv; \
+ st.pub = dsa##bits##_pub; \
+ st.p = dsa##bits##_p; \
+ st.g = dsa##bits##_g; \
+ st.q = dsa##bits##_q; \
st.priv_l = sizeof(dsa##bits##_priv); \
- st.pub_l = sizeof(dsa##bits##_pub); \
- st.p_l = sizeof(dsa##bits##_p); \
- st.g_l = sizeof(dsa##bits##_g); \
- st.q_l = sizeof(dsa##bits##_q); \
+ st.pub_l = sizeof(dsa##bits##_pub); \
+ st.p_l = sizeof(dsa##bits##_p); \
+ st.g_l = sizeof(dsa##bits##_g); \
+ st.q_l = sizeof(dsa##bits##_q); \
} while (0)
EVP_PKEY *get_dsa(int dsa_bits)
@@ -250,21 +1469,22 @@ EVP_PKEY *get_dsa(int dsa_bits)
}
if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P,
- p)
+ p)
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q,
- q)
+ q)
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G,
- g)
+ g)
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
- priv_key)
+ priv_key)
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
- pub_key)
+ pub_key)
|| (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
goto err;
if (EVP_PKEY_fromdata_init(pctx) <= 0
|| EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
- params) <= 0)
+ params)
+ <= 0)
pkey = NULL;
err:
OSSL_PARAM_free(params);
diff --git a/apps/testrsa.h b/apps/testrsa.h
index 8c3a967414c6..db9221e8aaa4 100644
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -8,224 +8,2128 @@
*/
static unsigned char test512[] = {
- 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
- 0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01,
- 0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f,
- 0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde,
- 0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71,
- 0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87,
- 0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83,
- 0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
- 0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc,
- 0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66,
- 0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf,
- 0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4,
- 0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf,
- 0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26,
- 0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb,
- 0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9,
- 0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a,
- 0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3,
- 0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2,
- 0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53,
- 0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda,
- 0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8,
- 0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d,
- 0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b,
- 0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01,
- 0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11,
- 0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47,
- 0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4,
- 0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99,
- 0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c,
- 0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb,
- 0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c,
+ 0x30,
+ 0x82,
+ 0x01,
+ 0x3a,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0x02,
+ 0x41,
+ 0x00,
+ 0xd6,
+ 0x33,
+ 0xb9,
+ 0xc8,
+ 0xfb,
+ 0x4f,
+ 0x3c,
+ 0x7d,
+ 0xc0,
+ 0x01,
+ 0x86,
+ 0xd0,
+ 0xe7,
+ 0xa0,
+ 0x55,
+ 0xf2,
+ 0x95,
+ 0x93,
+ 0xcc,
+ 0x4f,
+ 0xb7,
+ 0x5b,
+ 0x67,
+ 0x5b,
+ 0x94,
+ 0x68,
+ 0xc9,
+ 0x34,
+ 0x15,
+ 0xde,
+ 0xa5,
+ 0x2e,
+ 0x1c,
+ 0x33,
+ 0xc2,
+ 0x6e,
+ 0xfc,
+ 0x34,
+ 0x5e,
+ 0x71,
+ 0x13,
+ 0xb7,
+ 0xd6,
+ 0xee,
+ 0xd8,
+ 0xa5,
+ 0x65,
+ 0x05,
+ 0x72,
+ 0x87,
+ 0xa8,
+ 0xb0,
+ 0x77,
+ 0xfe,
+ 0x57,
+ 0xf5,
+ 0xfc,
+ 0x5f,
+ 0x55,
+ 0x83,
+ 0x87,
+ 0xdd,
+ 0x57,
+ 0x49,
+ 0x02,
+ 0x03,
+ 0x01,
+ 0x00,
+ 0x01,
+ 0x02,
+ 0x41,
+ 0x00,
+ 0xa7,
+ 0xf7,
+ 0x91,
+ 0xc5,
+ 0x0f,
+ 0x84,
+ 0x57,
+ 0xdc,
+ 0x07,
+ 0xf7,
+ 0x6a,
+ 0x7f,
+ 0x60,
+ 0x52,
+ 0xb3,
+ 0x72,
+ 0xf1,
+ 0x66,
+ 0x1f,
+ 0x7d,
+ 0x97,
+ 0x3b,
+ 0x9e,
+ 0xb6,
+ 0x0a,
+ 0x8f,
+ 0x8c,
+ 0xcf,
+ 0x42,
+ 0x23,
+ 0x00,
+ 0x04,
+ 0xd4,
+ 0x28,
+ 0x0e,
+ 0x1c,
+ 0x90,
+ 0xc4,
+ 0x11,
+ 0x25,
+ 0x25,
+ 0xa5,
+ 0x93,
+ 0xa5,
+ 0x2f,
+ 0x70,
+ 0x02,
+ 0xdf,
+ 0x81,
+ 0x9c,
+ 0x49,
+ 0x03,
+ 0xa0,
+ 0xf8,
+ 0x6d,
+ 0x54,
+ 0x2e,
+ 0x26,
+ 0xde,
+ 0xaa,
+ 0x85,
+ 0x59,
+ 0xa8,
+ 0x31,
+ 0x02,
+ 0x21,
+ 0x00,
+ 0xeb,
+ 0x47,
+ 0xd7,
+ 0x3b,
+ 0xf6,
+ 0xc3,
+ 0xdd,
+ 0x5a,
+ 0x46,
+ 0xc5,
+ 0xb9,
+ 0x2b,
+ 0x9a,
+ 0xa0,
+ 0x09,
+ 0x8f,
+ 0xa6,
+ 0xfb,
+ 0xf3,
+ 0x78,
+ 0x7a,
+ 0x33,
+ 0x70,
+ 0x9d,
+ 0x0f,
+ 0x42,
+ 0x6b,
+ 0x13,
+ 0x68,
+ 0x24,
+ 0xd3,
+ 0x15,
+ 0x02,
+ 0x21,
+ 0x00,
+ 0xe9,
+ 0x10,
+ 0xb0,
+ 0xb3,
+ 0x0d,
+ 0xe2,
+ 0x82,
+ 0x68,
+ 0x77,
+ 0x8a,
+ 0x6e,
+ 0x7c,
+ 0xda,
+ 0xbc,
+ 0x3e,
+ 0x53,
+ 0x83,
+ 0xfb,
+ 0xd6,
+ 0x22,
+ 0xe7,
+ 0xb5,
+ 0xae,
+ 0x6e,
+ 0x80,
+ 0xda,
+ 0x00,
+ 0x55,
+ 0x97,
+ 0xc1,
+ 0xd0,
+ 0x65,
+ 0x02,
+ 0x20,
+ 0x4c,
+ 0xf8,
+ 0x73,
+ 0xb1,
+ 0x6a,
+ 0x49,
+ 0x29,
+ 0x61,
+ 0x1f,
+ 0x46,
+ 0x10,
+ 0x0d,
+ 0xf3,
+ 0xc7,
+ 0xe7,
+ 0x58,
+ 0xd7,
+ 0x88,
+ 0x15,
+ 0x5e,
+ 0x94,
+ 0x9b,
+ 0xbf,
+ 0x7b,
+ 0xa2,
+ 0x42,
+ 0x58,
+ 0x45,
+ 0x41,
+ 0x0c,
+ 0xcb,
+ 0x01,
+ 0x02,
+ 0x20,
+ 0x12,
+ 0x11,
+ 0xba,
+ 0x31,
+ 0x57,
+ 0x9d,
+ 0x3d,
+ 0x11,
+ 0x0e,
+ 0x5b,
+ 0x8c,
+ 0x2f,
+ 0x5f,
+ 0xe2,
+ 0x02,
+ 0x4f,
+ 0x05,
+ 0x47,
+ 0x8c,
+ 0x15,
+ 0x8e,
+ 0xb3,
+ 0x56,
+ 0x3f,
+ 0xb8,
+ 0xfb,
+ 0xad,
+ 0xd4,
+ 0xf4,
+ 0xfc,
+ 0x10,
+ 0xc5,
+ 0x02,
+ 0x20,
+ 0x18,
+ 0xa1,
+ 0x29,
+ 0x99,
+ 0x5b,
+ 0xd9,
+ 0xc8,
+ 0xd4,
+ 0xfc,
+ 0x49,
+ 0x7a,
+ 0x2a,
+ 0x21,
+ 0x2c,
+ 0x49,
+ 0xe4,
+ 0x4f,
+ 0xeb,
+ 0xef,
+ 0x51,
+ 0xf1,
+ 0xab,
+ 0x6d,
+ 0xfb,
+ 0x4b,
+ 0x14,
+ 0xe9,
+ 0x4b,
+ 0x52,
+ 0xb5,
+ 0x82,
+ 0x2c,
};
static unsigned char test1024[] = {
- 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
- 0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05,
- 0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5,
- 0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55,
- 0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9,
- 0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96,
- 0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37,
- 0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd,
- 0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24,
- 0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23,
- 0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37,
- 0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94,
- 0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b,
- 0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02,
- 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f,
- 0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0,
- 0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f,
- 0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f,
- 0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88,
- 0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba,
- 0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c,
- 0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43,
- 0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc,
- 0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee,
- 0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d,
- 0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed,
- 0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20,
- 0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c,
- 0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3,
- 0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02,
- 0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4,
- 0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a,
- 0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc,
- 0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2,
- 0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04,
- 0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52,
- 0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38,
- 0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7,
- 0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20,
- 0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4,
- 0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02,
- 0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b,
- 0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52,
- 0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde,
- 0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f,
- 0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66,
- 0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46,
- 0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad,
- 0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80,
- 0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf,
- 0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84,
- 0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60,
- 0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c,
- 0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b,
- 0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c,
- 0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7,
- 0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53,
- 0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9,
- 0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba,
- 0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14,
- 0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45,
+ 0x30,
+ 0x82,
+ 0x02,
+ 0x5c,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0x02,
+ 0x81,
+ 0x81,
+ 0x00,
+ 0xdc,
+ 0x98,
+ 0x43,
+ 0xe8,
+ 0x3d,
+ 0x43,
+ 0x5b,
+ 0xe4,
+ 0x05,
+ 0xcd,
+ 0xd0,
+ 0xa9,
+ 0x3e,
+ 0xcb,
+ 0x83,
+ 0x75,
+ 0xf6,
+ 0xb5,
+ 0xa5,
+ 0x9f,
+ 0x6b,
+ 0xe9,
+ 0x34,
+ 0x41,
+ 0x29,
+ 0x18,
+ 0xfa,
+ 0x6a,
+ 0x55,
+ 0x4d,
+ 0x70,
+ 0xfc,
+ 0xec,
+ 0xae,
+ 0x87,
+ 0x38,
+ 0x0a,
+ 0x20,
+ 0xa9,
+ 0xc0,
+ 0x45,
+ 0x77,
+ 0x6e,
+ 0x57,
+ 0x60,
+ 0x57,
+ 0xf4,
+ 0xed,
+ 0x96,
+ 0x22,
+ 0xcb,
+ 0x8f,
+ 0xe1,
+ 0x33,
+ 0x3a,
+ 0x17,
+ 0x1f,
+ 0xed,
+ 0x37,
+ 0xa5,
+ 0x6f,
+ 0xeb,
+ 0xa6,
+ 0xbc,
+ 0x12,
+ 0x80,
+ 0x1d,
+ 0x53,
+ 0xbd,
+ 0x70,
+ 0xeb,
+ 0x21,
+ 0x76,
+ 0x3e,
+ 0xc9,
+ 0x2f,
+ 0x1a,
+ 0x45,
+ 0x24,
+ 0x82,
+ 0xff,
+ 0xcd,
+ 0x59,
+ 0x32,
+ 0x06,
+ 0x2e,
+ 0x12,
+ 0x3b,
+ 0x23,
+ 0x78,
+ 0xed,
+ 0x12,
+ 0x3d,
+ 0xe0,
+ 0x8d,
+ 0xf9,
+ 0x67,
+ 0x4f,
+ 0x37,
+ 0x4e,
+ 0x47,
+ 0x02,
+ 0x4c,
+ 0x2d,
+ 0xc0,
+ 0x4f,
+ 0x1f,
+ 0xb3,
+ 0x94,
+ 0xe1,
+ 0x41,
+ 0x2e,
+ 0x2d,
+ 0x90,
+ 0x10,
+ 0xfc,
+ 0x82,
+ 0x91,
+ 0x8b,
+ 0x0f,
+ 0x22,
+ 0xd4,
+ 0xf2,
+ 0xfc,
+ 0x2c,
+ 0xab,
+ 0x53,
+ 0x55,
+ 0x02,
+ 0x03,
+ 0x01,
+ 0x00,
+ 0x01,
+ 0x02,
+ 0x81,
+ 0x80,
+ 0x2b,
+ 0xcc,
+ 0x3f,
+ 0x8f,
+ 0x58,
+ 0xba,
+ 0x8b,
+ 0x00,
+ 0x16,
+ 0xf6,
+ 0xea,
+ 0x3a,
+ 0xf0,
+ 0x30,
+ 0xd0,
+ 0x05,
+ 0x17,
+ 0xda,
+ 0xb0,
+ 0xeb,
+ 0x9a,
+ 0x2d,
+ 0x4f,
+ 0x26,
+ 0xb0,
+ 0xd6,
+ 0x38,
+ 0xc1,
+ 0xeb,
+ 0xf5,
+ 0xd8,
+ 0x3d,
+ 0x1f,
+ 0x70,
+ 0xf7,
+ 0x7f,
+ 0xf4,
+ 0xe2,
+ 0xcf,
+ 0x51,
+ 0x51,
+ 0x79,
+ 0x88,
+ 0xfa,
+ 0xe8,
+ 0x32,
+ 0x0e,
+ 0x7b,
+ 0x2d,
+ 0x97,
+ 0xf2,
+ 0xfa,
+ 0xba,
+ 0x27,
+ 0xc5,
+ 0x9c,
+ 0xd9,
+ 0xc5,
+ 0xeb,
+ 0x8a,
+ 0x79,
+ 0x52,
+ 0x3c,
+ 0x64,
+ 0x34,
+ 0x7d,
+ 0xc2,
+ 0xcf,
+ 0x28,
+ 0xc7,
+ 0x4e,
+ 0xd5,
+ 0x43,
+ 0x0b,
+ 0xd1,
+ 0xa6,
+ 0xca,
+ 0x6d,
+ 0x03,
+ 0x2d,
+ 0x72,
+ 0x23,
+ 0xbc,
+ 0x6d,
+ 0x05,
+ 0xfa,
+ 0x16,
+ 0x09,
+ 0x2f,
+ 0x2e,
+ 0x5c,
+ 0xb6,
+ 0xee,
+ 0x74,
+ 0xdd,
+ 0xd2,
+ 0x48,
+ 0x8e,
+ 0x36,
+ 0x0c,
+ 0x06,
+ 0x3d,
+ 0x4d,
+ 0xe5,
+ 0x10,
+ 0x82,
+ 0xeb,
+ 0x6a,
+ 0xf3,
+ 0x4b,
+ 0x9f,
+ 0xd6,
+ 0xed,
+ 0x11,
+ 0xb1,
+ 0x6e,
+ 0xec,
+ 0xf4,
+ 0xfe,
+ 0x8e,
+ 0x75,
+ 0x94,
+ 0x20,
+ 0x2f,
+ 0xcb,
+ 0xac,
+ 0x46,
+ 0xf1,
+ 0x02,
+ 0x41,
+ 0x00,
+ 0xf9,
+ 0x8c,
+ 0xa3,
+ 0x85,
+ 0xb1,
+ 0xdd,
+ 0x29,
+ 0xaf,
+ 0x65,
+ 0xc1,
+ 0x33,
+ 0xf3,
+ 0x95,
+ 0xc5,
+ 0x52,
+ 0x68,
+ 0x0b,
+ 0xd4,
+ 0xf1,
+ 0xe5,
+ 0x0e,
+ 0x02,
+ 0x9f,
+ 0x4f,
+ 0xfa,
+ 0x77,
+ 0xdc,
+ 0x46,
+ 0x9e,
+ 0xc7,
+ 0xa6,
+ 0xe4,
+ 0x16,
+ 0x29,
+ 0xda,
+ 0xb0,
+ 0x07,
+ 0xcf,
+ 0x5b,
+ 0xa9,
+ 0x12,
+ 0x8a,
+ 0xdd,
+ 0x63,
+ 0x0a,
+ 0xde,
+ 0x2e,
+ 0x8c,
+ 0x66,
+ 0x8b,
+ 0x8c,
+ 0xdc,
+ 0x19,
+ 0xa3,
+ 0x7e,
+ 0xf4,
+ 0x3b,
+ 0xd0,
+ 0x1a,
+ 0x8c,
+ 0xa4,
+ 0xc2,
+ 0xe1,
+ 0xd3,
+ 0x02,
+ 0x41,
+ 0x00,
+ 0xe2,
+ 0x4c,
+ 0x05,
+ 0xf2,
+ 0x04,
+ 0x86,
+ 0x4e,
+ 0x61,
+ 0x43,
+ 0xdb,
+ 0xb0,
+ 0xb9,
+ 0x96,
+ 0x86,
+ 0x52,
+ 0x2c,
+ 0xca,
+ 0x8d,
+ 0x7b,
+ 0xab,
+ 0x0b,
+ 0x13,
+ 0x0d,
+ 0x7e,
+ 0x38,
+ 0x5b,
+ 0xe2,
+ 0x2e,
+ 0x7b,
+ 0x0e,
+ 0xe7,
+ 0x19,
+ 0x99,
+ 0x38,
+ 0xe7,
+ 0xf2,
+ 0x21,
+ 0xbd,
+ 0x85,
+ 0x85,
+ 0xe3,
+ 0xfd,
+ 0x28,
+ 0x77,
+ 0x20,
+ 0x31,
+ 0x71,
+ 0x2c,
+ 0xd0,
+ 0xff,
+ 0xfb,
+ 0x2e,
+ 0xaf,
+ 0x85,
+ 0xb4,
+ 0x86,
+ 0xca,
+ 0xf3,
+ 0xbb,
+ 0xca,
+ 0xaa,
+ 0x0f,
+ 0x95,
+ 0x37,
+ 0x02,
+ 0x40,
+ 0x0e,
+ 0x41,
+ 0x9a,
+ 0x95,
+ 0xe8,
+ 0xb3,
+ 0x59,
+ 0xce,
+ 0x4b,
+ 0x61,
+ 0xde,
+ 0x35,
+ 0xec,
+ 0x38,
+ 0x79,
+ 0x9c,
+ 0xb8,
+ 0x10,
+ 0x52,
+ 0x41,
+ 0x63,
+ 0xab,
+ 0x82,
+ 0xae,
+ 0x6f,
+ 0x00,
+ 0xa9,
+ 0xf4,
+ 0xde,
+ 0xdd,
+ 0x49,
+ 0x0b,
+ 0x7e,
+ 0xb8,
+ 0xa5,
+ 0x65,
+ 0xa9,
+ 0x0c,
+ 0x8f,
+ 0x8f,
+ 0xf9,
+ 0x1f,
+ 0x35,
+ 0xc6,
+ 0x92,
+ 0xb8,
+ 0x5e,
+ 0xb0,
+ 0x66,
+ 0xab,
+ 0x52,
+ 0x40,
+ 0xc0,
+ 0xb6,
+ 0x36,
+ 0x6a,
+ 0x7d,
+ 0x80,
+ 0x46,
+ 0x04,
+ 0x02,
+ 0xe5,
+ 0x9f,
+ 0x41,
+ 0x02,
+ 0x41,
+ 0x00,
+ 0xc0,
+ 0xad,
+ 0xcc,
+ 0x4e,
+ 0x21,
+ 0xee,
+ 0x1d,
+ 0x24,
+ 0x91,
+ 0xfb,
+ 0xa7,
+ 0x80,
+ 0x8d,
+ 0x9a,
+ 0xb6,
+ 0xb3,
+ 0x2e,
+ 0x8f,
+ 0xc2,
+ 0xe1,
+ 0x82,
+ 0xdf,
+ 0x69,
+ 0x18,
+ 0xb4,
+ 0x71,
+ 0xff,
+ 0xa6,
+ 0x65,
+ 0xde,
+ 0xed,
+ 0x84,
+ 0x8d,
+ 0x42,
+ 0xb7,
+ 0xb3,
+ 0x21,
+ 0x69,
+ 0x56,
+ 0x1c,
+ 0x07,
+ 0x60,
+ 0x51,
+ 0x29,
+ 0x04,
+ 0xff,
+ 0x34,
+ 0x06,
+ 0xdd,
+ 0xb9,
+ 0x67,
+ 0x2c,
+ 0x7c,
+ 0x04,
+ 0x93,
+ 0x0e,
+ 0x46,
+ 0x15,
+ 0xbb,
+ 0x2a,
+ 0xb7,
+ 0x1b,
+ 0xe7,
+ 0x87,
+ 0x02,
+ 0x40,
+ 0x78,
+ 0xda,
+ 0x5d,
+ 0x07,
+ 0x51,
+ 0x0c,
+ 0x16,
+ 0x7a,
+ 0x9f,
+ 0x29,
+ 0x20,
+ 0x84,
+ 0x0d,
+ 0x42,
+ 0xfa,
+ 0xd7,
+ 0x00,
+ 0xd8,
+ 0x77,
+ 0x7e,
+ 0xb0,
+ 0xb0,
+ 0x6b,
+ 0xd6,
+ 0x5b,
+ 0x53,
+ 0xb8,
+ 0x9b,
+ 0x7a,
+ 0xcd,
+ 0xc7,
+ 0x2b,
+ 0xb8,
+ 0x6a,
+ 0x63,
+ 0xa9,
+ 0xfb,
+ 0x6f,
+ 0xa4,
+ 0x72,
+ 0xbf,
+ 0x4c,
+ 0x5d,
+ 0x00,
+ 0x14,
+ 0xba,
+ 0xfa,
+ 0x59,
+ 0x88,
+ 0xed,
+ 0xe4,
+ 0xe0,
+ 0x8c,
+ 0xa2,
+ 0xec,
+ 0x14,
+ 0x7e,
+ 0x2d,
+ 0xe2,
+ 0xf0,
+ 0x46,
+ 0x49,
+ 0x95,
+ 0x45,
};
static unsigned char test2048[] = {
- 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
- 0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f,
- 0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27,
- 0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f,
- 0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde,
- 0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a,
- 0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32,
- 0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f,
- 0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab,
- 0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33,
- 0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f,
- 0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4,
- 0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e,
- 0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29,
- 0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b,
- 0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0,
- 0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34,
- 0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1,
- 0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15,
- 0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c,
- 0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66,
- 0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2,
- 0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27,
- 0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15,
- 0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20,
- 0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1,
- 0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03,
- 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3,
- 0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa,
- 0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c,
- 0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac,
- 0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40,
- 0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3,
- 0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d,
- 0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01,
- 0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4,
- 0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5,
- 0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9,
- 0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6,
- 0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3,
- 0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e,
- 0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46,
- 0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53,
- 0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59,
- 0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab,
- 0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48,
- 0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca,
- 0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35,
- 0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9,
- 0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b,
- 0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f,
- 0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0,
- 0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33,
- 0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7,
- 0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50,
- 0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c,
- 0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8,
- 0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56,
- 0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f,
- 0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04,
- 0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14,
- 0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c,
- 0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06,
- 0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c,
- 0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28,
- 0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80,
- 0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1,
- 0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc,
- 0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63,
- 0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61,
- 0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94,
- 0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95,
- 0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4,
- 0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84,
- 0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94,
- 0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e,
- 0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11,
- 0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1,
- 0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb,
- 0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80,
- 0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5,
- 0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a,
- 0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29,
- 0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72,
- 0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54,
- 0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8,
- 0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d,
- 0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90,
- 0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27,
- 0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28,
- 0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82,
- 0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90,
- 0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81,
- 0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf,
- 0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01,
- 0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16,
- 0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5,
- 0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3,
- 0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc,
- 0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1,
- 0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8,
- 0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31,
- 0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c,
- 0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b,
- 0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32,
- 0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02,
- 0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9,
- 0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84,
- 0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04,
- 0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a,
- 0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd,
- 0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43,
- 0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46,
- 0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41,
- 0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5,
- 0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b,
- 0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55,
- 0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d,
- 0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4,
+ 0x30,
+ 0x82,
+ 0x04,
+ 0xa3,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x01,
+ 0x00,
+ 0xc0,
+ 0xc0,
+ 0xce,
+ 0x3e,
+ 0x3c,
+ 0x53,
+ 0x67,
+ 0x3f,
+ 0x4f,
+ 0xc5,
+ 0x2f,
+ 0xa4,
+ 0xc2,
+ 0x5a,
+ 0x2f,
+ 0x58,
+ 0xfd,
+ 0x27,
+ 0x52,
+ 0x6a,
+ 0xe8,
+ 0xcf,
+ 0x4a,
+ 0x73,
+ 0x47,
+ 0x8d,
+ 0x25,
+ 0x0f,
+ 0x5f,
+ 0x03,
+ 0x26,
+ 0x78,
+ 0xef,
+ 0xf0,
+ 0x22,
+ 0x12,
+ 0xd3,
+ 0xde,
+ 0x47,
+ 0xb2,
+ 0x1c,
+ 0x0b,
+ 0x38,
+ 0x63,
+ 0x1a,
+ 0x6c,
+ 0x85,
+ 0x7a,
+ 0x80,
+ 0xc6,
+ 0x8f,
+ 0xa0,
+ 0x41,
+ 0xaf,
+ 0x62,
+ 0xc4,
+ 0x67,
+ 0x32,
+ 0x88,
+ 0xf8,
+ 0xa6,
+ 0x9c,
+ 0xf5,
+ 0x23,
+ 0x1d,
+ 0xe4,
+ 0xac,
+ 0x3f,
+ 0x29,
+ 0xf9,
+ 0xec,
+ 0xe1,
+ 0x8b,
+ 0x26,
+ 0x03,
+ 0x2c,
+ 0xb2,
+ 0xab,
+ 0xf3,
+ 0x7d,
+ 0xb5,
+ 0xca,
+ 0x49,
+ 0xc0,
+ 0x8f,
+ 0x1c,
+ 0xdf,
+ 0x33,
+ 0x3a,
+ 0x60,
+ 0xda,
+ 0x3c,
+ 0xb0,
+ 0x16,
+ 0xf8,
+ 0xa9,
+ 0x12,
+ 0x8f,
+ 0x64,
+ 0xac,
+ 0x23,
+ 0x0c,
+ 0x69,
+ 0x64,
+ 0x97,
+ 0x5d,
+ 0x99,
+ 0xd4,
+ 0x09,
+ 0x83,
+ 0x9b,
+ 0x61,
+ 0xd3,
+ 0xac,
+ 0xf0,
+ 0xde,
+ 0xdd,
+ 0x5e,
+ 0x9f,
+ 0x44,
+ 0x94,
+ 0xdb,
+ 0x3a,
+ 0x4d,
+ 0x97,
+ 0xe8,
+ 0x52,
+ 0x29,
+ 0xf7,
+ 0xdb,
+ 0x94,
+ 0x07,
+ 0x45,
+ 0x90,
+ 0x78,
+ 0x1e,
+ 0x31,
+ 0x0b,
+ 0x80,
+ 0xf7,
+ 0x57,
+ 0xad,
+ 0x1c,
+ 0x79,
+ 0xc5,
+ 0xcb,
+ 0x32,
+ 0xb0,
+ 0xce,
+ 0xcd,
+ 0x74,
+ 0xb3,
+ 0xe2,
+ 0x94,
+ 0xc5,
+ 0x78,
+ 0x2f,
+ 0x34,
+ 0x1a,
+ 0x45,
+ 0xf7,
+ 0x8c,
+ 0x52,
+ 0xa5,
+ 0xbc,
+ 0x8d,
+ 0xec,
+ 0xd1,
+ 0x2f,
+ 0x31,
+ 0x3b,
+ 0xf0,
+ 0x49,
+ 0x59,
+ 0x5e,
+ 0x88,
+ 0x9d,
+ 0x15,
+ 0x92,
+ 0x35,
+ 0x32,
+ 0xc1,
+ 0xe7,
+ 0x61,
+ 0xec,
+ 0x50,
+ 0x48,
+ 0x7c,
+ 0xba,
+ 0x05,
+ 0xf9,
+ 0xf8,
+ 0xf8,
+ 0xa7,
+ 0x8c,
+ 0x83,
+ 0xe8,
+ 0x66,
+ 0x5b,
+ 0xeb,
+ 0xfe,
+ 0xd8,
+ 0x4f,
+ 0xdd,
+ 0x6d,
+ 0x36,
+ 0xc0,
+ 0xb2,
+ 0x90,
+ 0x0f,
+ 0xb8,
+ 0x52,
+ 0xf9,
+ 0x04,
+ 0x9b,
+ 0x40,
+ 0x2c,
+ 0x27,
+ 0xd6,
+ 0x36,
+ 0x8e,
+ 0xc2,
+ 0x1b,
+ 0x44,
+ 0xf3,
+ 0x92,
+ 0xd5,
+ 0x15,
+ 0x9e,
+ 0x9a,
+ 0xbc,
+ 0xf3,
+ 0x7d,
+ 0x03,
+ 0xd7,
+ 0x02,
+ 0x14,
+ 0x20,
+ 0xe9,
+ 0x10,
+ 0x92,
+ 0xfd,
+ 0xf9,
+ 0xfc,
+ 0x8f,
+ 0xe5,
+ 0x18,
+ 0xe1,
+ 0x95,
+ 0xcc,
+ 0x9e,
+ 0x60,
+ 0xa6,
+ 0xfa,
+ 0x38,
+ 0x4d,
+ 0x02,
+ 0x03,
+ 0x01,
+ 0x00,
+ 0x01,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x00,
+ 0x00,
+ 0xc3,
+ 0xc3,
+ 0x0d,
+ 0xb4,
+ 0x27,
+ 0x90,
+ 0x8d,
+ 0x4b,
+ 0xbf,
+ 0xb8,
+ 0x84,
+ 0xaa,
+ 0xd0,
+ 0xb8,
+ 0xc7,
+ 0x5d,
+ 0x99,
+ 0xbe,
+ 0x55,
+ 0xf6,
+ 0x3e,
+ 0x7c,
+ 0x49,
+ 0x20,
+ 0xcb,
+ 0x8a,
+ 0x8e,
+ 0x19,
+ 0x0e,
+ 0x66,
+ 0x24,
+ 0xac,
+ 0xaf,
+ 0x03,
+ 0x33,
+ 0x97,
+ 0xeb,
+ 0x95,
+ 0xd5,
+ 0x3b,
+ 0x0f,
+ 0x40,
+ 0x56,
+ 0x04,
+ 0x50,
+ 0xd1,
+ 0xe6,
+ 0xbe,
+ 0x84,
+ 0x0b,
+ 0x25,
+ 0xd3,
+ 0x9c,
+ 0xe2,
+ 0x83,
+ 0x6c,
+ 0xf5,
+ 0x62,
+ 0x5d,
+ 0xba,
+ 0x2b,
+ 0x7d,
+ 0x3d,
+ 0x7a,
+ 0x6c,
+ 0xe1,
+ 0xd2,
+ 0x0e,
+ 0x54,
+ 0x93,
+ 0x80,
+ 0x01,
+ 0x91,
+ 0x51,
+ 0x09,
+ 0xe8,
+ 0x5b,
+ 0x8e,
+ 0x47,
+ 0xbd,
+ 0x64,
+ 0xe4,
+ 0x0e,
+ 0x03,
+ 0x83,
+ 0x55,
+ 0xcf,
+ 0x5a,
+ 0x37,
+ 0xf0,
+ 0x25,
+ 0xb5,
+ 0x7d,
+ 0x21,
+ 0xd7,
+ 0x69,
+ 0xdf,
+ 0x6f,
+ 0xc2,
+ 0xcf,
+ 0x10,
+ 0xc9,
+ 0x8a,
+ 0x40,
+ 0x9f,
+ 0x7a,
+ 0x70,
+ 0xc0,
+ 0xe8,
+ 0xe8,
+ 0xc0,
+ 0xe6,
+ 0x9a,
+ 0x15,
+ 0x0a,
+ 0x8d,
+ 0x4e,
+ 0x46,
+ 0xcb,
+ 0x7a,
+ 0xdb,
+ 0xb3,
+ 0xcb,
+ 0x83,
+ 0x02,
+ 0xc4,
+ 0xf0,
+ 0xab,
+ 0xeb,
+ 0x02,
+ 0x01,
+ 0x0e,
+ 0x23,
+ 0xfc,
+ 0x1d,
+ 0xc4,
+ 0xbd,
+ 0xd4,
+ 0xaa,
+ 0x5d,
+ 0x31,
+ 0x46,
+ 0x99,
+ 0xce,
+ 0x9e,
+ 0xf8,
+ 0x04,
+ 0x75,
+ 0x10,
+ 0x67,
+ 0xc4,
+ 0x53,
+ 0x47,
+ 0x44,
+ 0xfa,
+ 0xc2,
+ 0x25,
+ 0x73,
+ 0x7e,
+ 0xd0,
+ 0x8e,
+ 0x59,
+ 0xd1,
+ 0xb2,
+ 0x5a,
+ 0xf4,
+ 0xc7,
+ 0x18,
+ 0x92,
+ 0x2f,
+ 0x39,
+ 0xab,
+ 0xcd,
+ 0xa3,
+ 0xb5,
+ 0xc2,
+ 0xb9,
+ 0xc7,
+ 0xb9,
+ 0x1b,
+ 0x9f,
+ 0x48,
+ 0xfa,
+ 0x13,
+ 0xc6,
+ 0x98,
+ 0x4d,
+ 0xca,
+ 0x84,
+ 0x9c,
+ 0x06,
+ 0xca,
+ 0xe7,
+ 0x89,
+ 0x01,
+ 0x04,
+ 0xc4,
+ 0x6c,
+ 0xfd,
+ 0x29,
+ 0x59,
+ 0x35,
+ 0xe7,
+ 0xf3,
+ 0xdd,
+ 0xce,
+ 0x64,
+ 0x59,
+ 0xbf,
+ 0x21,
+ 0x13,
+ 0xa9,
+ 0x9f,
+ 0x0e,
+ 0xc5,
+ 0xff,
+ 0xbd,
+ 0x33,
+ 0x00,
+ 0xec,
+ 0xac,
+ 0x6b,
+ 0x11,
+ 0xef,
+ 0x51,
+ 0x5e,
+ 0xad,
+ 0x07,
+ 0x15,
+ 0xde,
+ 0xb8,
+ 0x5f,
+ 0xc6,
+ 0xb9,
+ 0xa3,
+ 0x22,
+ 0x65,
+ 0x46,
+ 0x83,
+ 0x14,
+ 0xdf,
+ 0xd0,
+ 0xf1,
+ 0x44,
+ 0x8a,
+ 0xe1,
+ 0x9c,
+ 0x23,
+ 0x33,
+ 0xb4,
+ 0x97,
+ 0x33,
+ 0xe6,
+ 0x6b,
+ 0x81,
+ 0x02,
+ 0x81,
+ 0x81,
+ 0x00,
+ 0xec,
+ 0x12,
+ 0xa7,
+ 0x59,
+ 0x74,
+ 0x6a,
+ 0xde,
+ 0x3e,
+ 0xad,
+ 0xd8,
+ 0x36,
+ 0x80,
+ 0x50,
+ 0xa2,
+ 0xd5,
+ 0x21,
+ 0x81,
+ 0x07,
+ 0xf1,
+ 0xd0,
+ 0x91,
+ 0xf2,
+ 0x6c,
+ 0x12,
+ 0x2f,
+ 0x9d,
+ 0x1a,
+ 0x26,
+ 0xf8,
+ 0x30,
+ 0x65,
+ 0xdf,
+ 0xe8,
+ 0xc0,
+ 0x9b,
+ 0x6a,
+ 0x30,
+ 0x98,
+ 0x82,
+ 0x87,
+ 0xec,
+ 0xa2,
+ 0x56,
+ 0x87,
+ 0x62,
+ 0x6f,
+ 0xe7,
+ 0x9f,
+ 0xf6,
+ 0x56,
+ 0xe6,
+ 0x71,
+ 0x8f,
+ 0x49,
+ 0x86,
+ 0x93,
+ 0x5a,
+ 0x4d,
+ 0x34,
+ 0x58,
+ 0xfe,
+ 0xd9,
+ 0x04,
+ 0x13,
+ 0xaf,
+ 0x79,
+ 0xb7,
+ 0xad,
+ 0x11,
+ 0xd1,
+ 0x30,
+ 0x9a,
+ 0x14,
+ 0x06,
+ 0xa0,
+ 0xfa,
+ 0xb7,
+ 0x55,
+ 0xdc,
+ 0x6c,
+ 0x5a,
+ 0x4c,
+ 0x2c,
+ 0x59,
+ 0x56,
+ 0xf6,
+ 0xe8,
+ 0x9d,
+ 0xaf,
+ 0x0a,
+ 0x78,
+ 0x99,
+ 0x06,
+ 0x06,
+ 0x9e,
+ 0xe7,
+ 0x9c,
+ 0x51,
+ 0x55,
+ 0x43,
+ 0xfc,
+ 0x3b,
+ 0x6c,
+ 0x0b,
+ 0xbf,
+ 0x2d,
+ 0x41,
+ 0xa7,
+ 0xaf,
+ 0xb7,
+ 0xe0,
+ 0xe8,
+ 0x28,
+ 0x18,
+ 0xb4,
+ 0x13,
+ 0xd1,
+ 0xe6,
+ 0x97,
+ 0xd0,
+ 0x9f,
+ 0x6a,
+ 0x80,
+ 0xca,
+ 0xdd,
+ 0x1a,
+ 0x7e,
+ 0x15,
+ 0x02,
+ 0x81,
+ 0x81,
+ 0x00,
+ 0xd1,
+ 0x06,
+ 0x0c,
+ 0x1f,
+ 0xe3,
+ 0xd0,
+ 0xab,
+ 0xd6,
+ 0xca,
+ 0x7c,
+ 0xbc,
+ 0x7d,
+ 0x13,
+ 0x35,
+ 0xce,
+ 0x27,
+ 0xcd,
+ 0xd8,
+ 0x49,
+ 0x51,
+ 0x63,
+ 0x64,
+ 0x0f,
+ 0xca,
+ 0x06,
+ 0x12,
+ 0xfc,
+ 0x07,
+ 0x3e,
+ 0xaf,
+ 0x61,
+ 0x6d,
+ 0xe2,
+ 0x53,
+ 0x39,
+ 0x27,
+ 0xae,
+ 0xc3,
+ 0x11,
+ 0x9e,
+ 0x94,
+ 0x01,
+ 0x4f,
+ 0xe3,
+ 0xf3,
+ 0x67,
+ 0xf9,
+ 0x77,
+ 0xf9,
+ 0xe7,
+ 0x95,
+ 0x3a,
+ 0x6f,
+ 0xe2,
+ 0x20,
+ 0x73,
+ 0x3e,
+ 0xa4,
+ 0x7a,
+ 0x28,
+ 0xd4,
+ 0x61,
+ 0x97,
+ 0xf6,
+ 0x17,
+ 0xa0,
+ 0x23,
+ 0x10,
+ 0x2b,
+ 0xce,
+ 0x84,
+ 0x57,
+ 0x7e,
+ 0x25,
+ 0x1f,
+ 0xf4,
+ 0xa8,
+ 0x54,
+ 0xd2,
+ 0x65,
+ 0x94,
+ 0xcc,
+ 0x95,
+ 0x0a,
+ 0xab,
+ 0x30,
+ 0xc1,
+ 0x59,
+ 0x1f,
+ 0x61,
+ 0x8e,
+ 0xb9,
+ 0x6b,
+ 0xd7,
+ 0x4e,
+ 0xb9,
+ 0x83,
+ 0x43,
+ 0x79,
+ 0x85,
+ 0x11,
+ 0xbc,
+ 0x0f,
+ 0xae,
+ 0x25,
+ 0x20,
+ 0x05,
+ 0xbc,
+ 0xd2,
+ 0x48,
+ 0xa1,
+ 0x68,
+ 0x09,
+ 0x84,
+ 0xf6,
+ 0x12,
+ 0x9a,
+ 0x66,
+ 0xb9,
+ 0x2b,
+ 0xbb,
+ 0x76,
+ 0x03,
+ 0x17,
+ 0x46,
+ 0x4e,
+ 0x97,
+ 0x59,
+ 0x02,
+ 0x81,
+ 0x80,
+ 0x09,
+ 0x4c,
+ 0xfa,
+ 0xd6,
+ 0xe5,
+ 0x65,
+ 0x48,
+ 0x78,
+ 0x43,
+ 0xb5,
+ 0x1f,
+ 0x00,
+ 0x93,
+ 0x2c,
+ 0xb7,
+ 0x24,
+ 0xe8,
+ 0xc6,
+ 0x7d,
+ 0x5a,
+ 0x70,
+ 0x45,
+ 0x92,
+ 0xc8,
+ 0x6c,
+ 0xa3,
+ 0xcd,
+ 0xe1,
+ 0xf7,
+ 0x29,
+ 0x40,
+ 0xfa,
+ 0x3f,
+ 0x5b,
+ 0x47,
+ 0x44,
+ 0x39,
+ 0xc1,
+ 0xe8,
+ 0x72,
+ 0x9e,
+ 0x7a,
+ 0x0e,
+ 0xda,
+ 0xaa,
+ 0xa0,
+ 0x2a,
+ 0x09,
+ 0xfd,
+ 0x54,
+ 0x93,
+ 0x23,
+ 0xaa,
+ 0x37,
+ 0x85,
+ 0x5b,
+ 0xcc,
+ 0xd4,
+ 0xf9,
+ 0xd8,
+ 0xff,
+ 0xc1,
+ 0x61,
+ 0x0d,
+ 0xbd,
+ 0x7e,
+ 0x18,
+ 0x24,
+ 0x73,
+ 0x6d,
+ 0x40,
+ 0x72,
+ 0xf1,
+ 0x93,
+ 0x09,
+ 0x48,
+ 0x97,
+ 0x6c,
+ 0x84,
+ 0x90,
+ 0xa8,
+ 0x46,
+ 0x14,
+ 0x01,
+ 0x39,
+ 0x11,
+ 0xe5,
+ 0x3c,
+ 0x41,
+ 0x27,
+ 0x32,
+ 0x75,
+ 0x24,
+ 0xed,
+ 0xa1,
+ 0xd9,
+ 0x12,
+ 0x29,
+ 0x8a,
+ 0x28,
+ 0x71,
+ 0x89,
+ 0x8d,
+ 0xca,
+ 0x30,
+ 0xb0,
+ 0x01,
+ 0xc4,
+ 0x2f,
+ 0x82,
+ 0x19,
+ 0x14,
+ 0x4c,
+ 0x70,
+ 0x1c,
+ 0xb8,
+ 0x23,
+ 0x2e,
+ 0xe8,
+ 0x90,
+ 0x49,
+ 0x97,
+ 0x92,
+ 0x97,
+ 0x6b,
+ 0x7a,
+ 0x9d,
+ 0xb9,
+ 0x02,
+ 0x81,
+ 0x80,
+ 0x0f,
+ 0x0e,
+ 0xa1,
+ 0x76,
+ 0xf6,
+ 0xa1,
+ 0x44,
+ 0x8f,
+ 0xaf,
+ 0x7c,
+ 0x76,
+ 0xd3,
+ 0x87,
+ 0xbb,
+ 0xbb,
+ 0x83,
+ 0x10,
+ 0x88,
+ 0x01,
+ 0x18,
+ 0x14,
+ 0xd1,
+ 0xd3,
+ 0x75,
+ 0x59,
+ 0x24,
+ 0xaa,
+ 0xf5,
+ 0x16,
+ 0xa5,
+ 0xe9,
+ 0x9d,
+ 0xd1,
+ 0xcc,
+ 0xee,
+ 0xf4,
+ 0x15,
+ 0xd9,
+ 0xc5,
+ 0x7e,
+ 0x27,
+ 0xe9,
+ 0x44,
+ 0x49,
+ 0x06,
+ 0x72,
+ 0xb9,
+ 0xfc,
+ 0xd3,
+ 0x8a,
+ 0xc4,
+ 0x2c,
+ 0x36,
+ 0x7d,
+ 0x12,
+ 0x9b,
+ 0x5a,
+ 0xaa,
+ 0xdc,
+ 0x85,
+ 0xee,
+ 0x6e,
+ 0xad,
+ 0x54,
+ 0xb3,
+ 0xf4,
+ 0xfc,
+ 0x31,
+ 0xa1,
+ 0x06,
+ 0x3a,
+ 0x70,
+ 0x57,
+ 0x0c,
+ 0xf3,
+ 0x95,
+ 0x5b,
+ 0x3e,
+ 0xe8,
+ 0xfd,
+ 0x1a,
+ 0x4f,
+ 0xf6,
+ 0x78,
+ 0x93,
+ 0x46,
+ 0x6a,
+ 0xd7,
+ 0x31,
+ 0xb4,
+ 0x84,
+ 0x64,
+ 0x85,
+ 0x09,
+ 0x38,
+ 0x89,
+ 0x92,
+ 0x94,
+ 0x1c,
+ 0xbf,
+ 0xe2,
+ 0x3c,
+ 0x2a,
+ 0xe0,
+ 0xff,
+ 0x99,
+ 0xa3,
+ 0xf0,
+ 0x2b,
+ 0x31,
+ 0xc2,
+ 0x36,
+ 0xcd,
+ 0x60,
+ 0xbf,
+ 0x9d,
+ 0x2d,
+ 0x74,
+ 0x32,
+ 0xe8,
+ 0x9c,
+ 0x93,
+ 0x6e,
+ 0xbb,
+ 0x91,
+ 0x7b,
+ 0xfd,
+ 0xd9,
+ 0x02,
+ 0x81,
+ 0x81,
+ 0x00,
+ 0xa2,
+ 0x71,
+ 0x25,
+ 0x38,
+ 0xeb,
+ 0x2a,
+ 0xe9,
+ 0x37,
+ 0xcd,
+ 0xfe,
+ 0x44,
+ 0xce,
+ 0x90,
+ 0x3f,
+ 0x52,
+ 0x87,
+ 0x84,
+ 0x52,
+ 0x1b,
+ 0xae,
+ 0x8d,
+ 0x22,
+ 0x94,
+ 0xce,
+ 0x38,
+ 0xe6,
+ 0x04,
+ 0x88,
+ 0x76,
+ 0x85,
+ 0x9a,
+ 0xd3,
+ 0x14,
+ 0x09,
+ 0xe5,
+ 0x69,
+ 0x9a,
+ 0xff,
+ 0x58,
+ 0x92,
+ 0x02,
+ 0x6a,
+ 0x7d,
+ 0x7c,
+ 0x1e,
+ 0x2c,
+ 0xfd,
+ 0xa8,
+ 0xca,
+ 0x32,
+ 0x14,
+ 0x4f,
+ 0x0d,
+ 0x84,
+ 0x0d,
+ 0x37,
+ 0x43,
+ 0xbf,
+ 0xe4,
+ 0x5d,
+ 0x12,
+ 0xc8,
+ 0x24,
+ 0x91,
+ 0x27,
+ 0x8d,
+ 0x46,
+ 0xd9,
+ 0x54,
+ 0x53,
+ 0xe7,
+ 0x62,
+ 0x71,
+ 0xa8,
+ 0x2b,
+ 0x71,
+ 0x41,
+ 0x8d,
+ 0x75,
+ 0xf8,
+ 0x3a,
+ 0xa0,
+ 0x61,
+ 0x29,
+ 0x46,
+ 0xa6,
+ 0xe5,
+ 0x82,
+ 0xfa,
+ 0x3a,
+ 0xd9,
+ 0x08,
+ 0xfa,
+ 0xfc,
+ 0x63,
+ 0xfd,
+ 0x6b,
+ 0x30,
+ 0xbc,
+ 0xf4,
+ 0x4e,
+ 0x9e,
+ 0x8c,
+ 0x25,
+ 0x0c,
+ 0xb6,
+ 0x55,
+ 0xe7,
+ 0x3c,
+ 0xd4,
+ 0x4e,
+ 0x0b,
+ 0xfd,
+ 0x8b,
+ 0xc3,
+ 0x0e,
+ 0x1d,
+ 0x9c,
+ 0x44,
+ 0x57,
+ 0x8f,
+ 0x1f,
+ 0x86,
+ 0xf7,
+ 0xd5,
+ 0x1b,
+ 0xe4,
0x95,
};
@@ -410,241 +2314,2355 @@ static unsigned char test3072[] = {
};
static unsigned char test4096[] = {
- 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
- 0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43,
- 0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21,
- 0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44,
- 0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28,
- 0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41,
- 0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7,
- 0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd,
- 0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e,
- 0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b,
- 0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6,
- 0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf,
- 0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d,
- 0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e,
- 0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0,
- 0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99,
- 0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90,
- 0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8,
- 0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a,
- 0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda,
- 0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca,
- 0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28,
- 0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7,
- 0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb,
- 0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26,
- 0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c,
- 0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03,
- 0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1,
- 0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09,
- 0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83,
- 0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95,
- 0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc,
- 0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36,
- 0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5,
- 0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc,
- 0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8,
- 0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa,
- 0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca,
- 0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e,
- 0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56,
- 0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48,
- 0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46,
- 0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b,
- 0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe,
- 0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3,
- 0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69,
- 0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe,
- 0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3,
- 0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f,
- 0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed,
- 0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4,
- 0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3,
- 0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
- 0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f,
- 0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb,
- 0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd,
- 0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5,
- 0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17,
- 0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52,
- 0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c,
- 0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f,
- 0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12,
- 0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61,
- 0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8,
- 0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4,
- 0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e,
- 0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50,
- 0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea,
- 0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16,
- 0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae,
- 0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6,
- 0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c,
- 0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a,
- 0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e,
- 0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb,
- 0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5,
- 0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6,
- 0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe,
- 0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14,
- 0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88,
- 0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7,
- 0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19,
- 0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40,
- 0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b,
- 0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69,
- 0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9,
- 0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c,
- 0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62,
- 0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2,
- 0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9,
- 0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25,
- 0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d,
- 0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab,
- 0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f,
- 0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c,
- 0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda,
- 0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd,
- 0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54,
- 0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41,
- 0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7,
- 0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1,
- 0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d,
- 0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65,
- 0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28,
- 0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d,
- 0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14,
- 0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc,
- 0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37,
- 0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81,
- 0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94,
- 0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e,
- 0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9,
- 0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c,
- 0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24,
- 0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc,
- 0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1,
- 0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc,
- 0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84,
- 0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77,
- 0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21,
- 0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6,
- 0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa,
- 0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14,
- 0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39,
- 0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06,
- 0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3,
- 0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35,
- 0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97,
- 0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed,
- 0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01,
- 0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8,
- 0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4,
- 0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94,
- 0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4,
- 0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d,
- 0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c,
- 0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e,
- 0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1,
- 0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc,
- 0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55,
- 0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61,
- 0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92,
- 0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80,
- 0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13,
- 0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48,
- 0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed,
- 0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9,
- 0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a,
- 0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35,
- 0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7,
- 0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c,
- 0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47,
- 0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8,
- 0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7,
- 0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc,
- 0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82,
- 0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b,
- 0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef,
- 0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6,
- 0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80,
- 0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac,
- 0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b,
- 0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35,
- 0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c,
- 0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e,
- 0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a,
- 0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd,
- 0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5,
- 0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc,
- 0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30,
- 0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f,
- 0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c,
- 0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe,
- 0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f,
- 0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91,
- 0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9,
- 0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf,
- 0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76,
- 0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0,
- 0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78,
- 0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10,
- 0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82,
- 0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00,
- 0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25,
- 0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3,
- 0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b,
- 0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79,
- 0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94,
- 0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8,
- 0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38,
- 0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0,
- 0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44,
- 0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b,
- 0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf,
- 0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f,
- 0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28,
- 0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97,
- 0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f,
- 0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48,
- 0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35,
- 0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84,
- 0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a,
- 0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b,
- 0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e,
- 0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55,
- 0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16,
- 0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c,
- 0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82,
- 0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05,
- 0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3,
- 0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e,
- 0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43,
- 0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e,
- 0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a,
- 0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed,
- 0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7,
- 0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c,
- 0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b,
- 0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e,
- 0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95,
- 0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11,
- 0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb,
- 0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e,
- 0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a,
- 0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc,
- 0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35,
- 0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21,
- 0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a,
- 0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70,
- 0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01,
- 0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c,
- 0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26,
- 0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55,
- 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
+ 0x30,
+ 0x82,
+ 0x09,
+ 0x29,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0x02,
+ 0x82,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0xc0,
+ 0x71,
+ 0xac,
+ 0x1a,
+ 0x13,
+ 0x88,
+ 0x82,
+ 0x43,
+ 0x3b,
+ 0x51,
+ 0x57,
+ 0x71,
+ 0x8d,
+ 0xb6,
+ 0x2b,
+ 0x82,
+ 0x65,
+ 0x21,
+ 0x53,
+ 0x5f,
+ 0x28,
+ 0x29,
+ 0x4f,
+ 0x8d,
+ 0x7c,
+ 0x8a,
+ 0xb9,
+ 0x44,
+ 0xb3,
+ 0x28,
+ 0x41,
+ 0x4f,
+ 0xd3,
+ 0xfa,
+ 0x6a,
+ 0xf8,
+ 0xb9,
+ 0x28,
+ 0x50,
+ 0x39,
+ 0x67,
+ 0x53,
+ 0x2c,
+ 0x3c,
+ 0xd7,
+ 0xcb,
+ 0x96,
+ 0x41,
+ 0x40,
+ 0x32,
+ 0xbb,
+ 0xeb,
+ 0x70,
+ 0xae,
+ 0x1f,
+ 0xb0,
+ 0x65,
+ 0xf7,
+ 0x3a,
+ 0xd9,
+ 0x22,
+ 0xfd,
+ 0x10,
+ 0xae,
+ 0xbd,
+ 0x02,
+ 0xe2,
+ 0xdd,
+ 0xf3,
+ 0xc2,
+ 0x79,
+ 0x3c,
+ 0xc6,
+ 0xfc,
+ 0x75,
+ 0xbb,
+ 0xaf,
+ 0x4e,
+ 0x3a,
+ 0x36,
+ 0xc2,
+ 0x4f,
+ 0xea,
+ 0x25,
+ 0xdf,
+ 0x13,
+ 0x16,
+ 0x4b,
+ 0x20,
+ 0xfe,
+ 0x4b,
+ 0x69,
+ 0x16,
+ 0xc4,
+ 0x7f,
+ 0x1a,
+ 0x43,
+ 0xa6,
+ 0x17,
+ 0x1b,
+ 0xb9,
+ 0x0a,
+ 0xf3,
+ 0x09,
+ 0x86,
+ 0x28,
+ 0x89,
+ 0xcf,
+ 0x2c,
+ 0xd0,
+ 0xd4,
+ 0x81,
+ 0xaf,
+ 0xc6,
+ 0x6d,
+ 0xe6,
+ 0x21,
+ 0x8d,
+ 0xee,
+ 0xef,
+ 0xea,
+ 0xdc,
+ 0xb7,
+ 0xc6,
+ 0x3b,
+ 0x63,
+ 0x9f,
+ 0x0e,
+ 0xad,
+ 0x89,
+ 0x78,
+ 0x23,
+ 0x18,
+ 0xbf,
+ 0x70,
+ 0x7e,
+ 0x84,
+ 0xe0,
+ 0x37,
+ 0xec,
+ 0xdb,
+ 0x8e,
+ 0x9c,
+ 0x3e,
+ 0x6a,
+ 0x19,
+ 0xcc,
+ 0x99,
+ 0x72,
+ 0xe6,
+ 0xb5,
+ 0x7d,
+ 0x6d,
+ 0xfa,
+ 0xe5,
+ 0xd3,
+ 0xe4,
+ 0x90,
+ 0xb5,
+ 0xb2,
+ 0xb2,
+ 0x12,
+ 0x70,
+ 0x4e,
+ 0xca,
+ 0xf8,
+ 0x10,
+ 0xf8,
+ 0xa3,
+ 0x14,
+ 0xc2,
+ 0x48,
+ 0x19,
+ 0xeb,
+ 0x60,
+ 0x99,
+ 0xbb,
+ 0x2a,
+ 0x1f,
+ 0xb1,
+ 0x7a,
+ 0xb1,
+ 0x3d,
+ 0x24,
+ 0xfb,
+ 0xa0,
+ 0x29,
+ 0xda,
+ 0xbd,
+ 0x1b,
+ 0xd7,
+ 0xa4,
+ 0xbf,
+ 0xef,
+ 0x60,
+ 0x2d,
+ 0x22,
+ 0xca,
+ 0x65,
+ 0x98,
+ 0xf1,
+ 0xc4,
+ 0xe1,
+ 0xc9,
+ 0x02,
+ 0x6b,
+ 0x16,
+ 0x28,
+ 0x2f,
+ 0xa1,
+ 0xaa,
+ 0x79,
+ 0x00,
+ 0xda,
+ 0xdc,
+ 0x7c,
+ 0x43,
+ 0xf7,
+ 0x42,
+ 0x3c,
+ 0xa0,
+ 0xef,
+ 0x68,
+ 0xf7,
+ 0xdf,
+ 0xb9,
+ 0x69,
+ 0xfb,
+ 0x8e,
+ 0x01,
+ 0xed,
+ 0x01,
+ 0x42,
+ 0xb5,
+ 0x4e,
+ 0x57,
+ 0xa6,
+ 0x26,
+ 0xb8,
+ 0xd0,
+ 0x7b,
+ 0x56,
+ 0x6d,
+ 0x03,
+ 0xc6,
+ 0x40,
+ 0x8c,
+ 0x8c,
+ 0x2a,
+ 0x55,
+ 0xd7,
+ 0x9c,
+ 0x35,
+ 0x00,
+ 0x94,
+ 0x93,
+ 0xec,
+ 0x03,
+ 0xeb,
+ 0x22,
+ 0xef,
+ 0x77,
+ 0xbb,
+ 0x79,
+ 0x13,
+ 0x3f,
+ 0x15,
+ 0xa1,
+ 0x8f,
+ 0xca,
+ 0xdf,
+ 0xfd,
+ 0xd3,
+ 0xb8,
+ 0xe1,
+ 0xd4,
+ 0xcc,
+ 0x09,
+ 0x3f,
+ 0x3c,
+ 0x2c,
+ 0xdb,
+ 0xd1,
+ 0x49,
+ 0x7f,
+ 0x38,
+ 0x07,
+ 0x83,
+ 0x6d,
+ 0xeb,
+ 0x08,
+ 0x66,
+ 0xe9,
+ 0x06,
+ 0x44,
+ 0x12,
+ 0xac,
+ 0x95,
+ 0x22,
+ 0x90,
+ 0x23,
+ 0x67,
+ 0xd4,
+ 0x08,
+ 0xcc,
+ 0xf4,
+ 0xb7,
+ 0xdc,
+ 0xcc,
+ 0x87,
+ 0xd4,
+ 0xac,
+ 0x69,
+ 0x35,
+ 0x4c,
+ 0xb5,
+ 0x39,
+ 0x36,
+ 0xcd,
+ 0xa4,
+ 0xd2,
+ 0x95,
+ 0xca,
+ 0x0d,
+ 0xc5,
+ 0xda,
+ 0xc2,
+ 0xc5,
+ 0x22,
+ 0x32,
+ 0x28,
+ 0x08,
+ 0xe3,
+ 0xd2,
+ 0x8b,
+ 0x38,
+ 0x30,
+ 0xdc,
+ 0x8c,
+ 0x75,
+ 0x4f,
+ 0x6a,
+ 0xec,
+ 0x7a,
+ 0xac,
+ 0x16,
+ 0x3e,
+ 0xa8,
+ 0xd4,
+ 0x6a,
+ 0x45,
+ 0xe1,
+ 0xa8,
+ 0x4f,
+ 0x2e,
+ 0x80,
+ 0x34,
+ 0xaa,
+ 0x54,
+ 0x1b,
+ 0x02,
+ 0x95,
+ 0x7d,
+ 0x8a,
+ 0x6d,
+ 0xcc,
+ 0x79,
+ 0xca,
+ 0xf2,
+ 0xa4,
+ 0x2e,
+ 0x8d,
+ 0xfb,
+ 0xfe,
+ 0x15,
+ 0x51,
+ 0x10,
+ 0x0e,
+ 0x4d,
+ 0x88,
+ 0xb1,
+ 0xc7,
+ 0xf4,
+ 0x79,
+ 0xdb,
+ 0xf0,
+ 0xb4,
+ 0x56,
+ 0x44,
+ 0x37,
+ 0xca,
+ 0x5a,
+ 0xc1,
+ 0x8c,
+ 0x48,
+ 0xac,
+ 0xae,
+ 0x48,
+ 0x80,
+ 0x83,
+ 0x01,
+ 0x3f,
+ 0xde,
+ 0xd9,
+ 0xd3,
+ 0x2c,
+ 0x51,
+ 0x46,
+ 0xb1,
+ 0x41,
+ 0xb6,
+ 0xc6,
+ 0x91,
+ 0x72,
+ 0xf9,
+ 0x83,
+ 0x55,
+ 0x1b,
+ 0x8c,
+ 0xba,
+ 0xf3,
+ 0x73,
+ 0xe5,
+ 0x2c,
+ 0x74,
+ 0x50,
+ 0x3a,
+ 0xbe,
+ 0xc5,
+ 0x2f,
+ 0xa7,
+ 0xb2,
+ 0x6d,
+ 0x8c,
+ 0x9e,
+ 0x13,
+ 0x77,
+ 0xa3,
+ 0x13,
+ 0xcd,
+ 0x6d,
+ 0x8c,
+ 0x45,
+ 0xe1,
+ 0xfc,
+ 0x0b,
+ 0xb7,
+ 0x69,
+ 0xe9,
+ 0x27,
+ 0xbc,
+ 0x65,
+ 0xc3,
+ 0xfa,
+ 0x9b,
+ 0xd0,
+ 0xef,
+ 0xfe,
+ 0xe8,
+ 0x1f,
+ 0xb3,
+ 0x5e,
+ 0x34,
+ 0xf4,
+ 0x8c,
+ 0xea,
+ 0xfc,
+ 0xd3,
+ 0x81,
+ 0xbf,
+ 0x3d,
+ 0x30,
+ 0xb2,
+ 0xb4,
+ 0x01,
+ 0xe8,
+ 0x43,
+ 0x0f,
+ 0xba,
+ 0x02,
+ 0x23,
+ 0x42,
+ 0x76,
+ 0x82,
+ 0x31,
+ 0x73,
+ 0x91,
+ 0xed,
+ 0x07,
+ 0x46,
+ 0x61,
+ 0x0d,
+ 0x39,
+ 0x83,
+ 0x40,
+ 0xce,
+ 0x7a,
+ 0xd4,
+ 0xdb,
+ 0x80,
+ 0x2c,
+ 0x1f,
+ 0x0d,
+ 0xd1,
+ 0x34,
+ 0xd4,
+ 0x92,
+ 0xe3,
+ 0xd4,
+ 0xf1,
+ 0xc2,
+ 0x01,
+ 0x02,
+ 0x03,
+ 0x01,
+ 0x00,
+ 0x01,
+ 0x02,
+ 0x82,
+ 0x02,
+ 0x01,
+ 0x00,
+ 0x97,
+ 0x6c,
+ 0xda,
+ 0x6e,
+ 0xea,
+ 0x4f,
+ 0xcf,
+ 0xaf,
+ 0xf7,
+ 0x4c,
+ 0xd9,
+ 0xf1,
+ 0x90,
+ 0x00,
+ 0x77,
+ 0xdb,
+ 0xf2,
+ 0x97,
+ 0x76,
+ 0x72,
+ 0xb9,
+ 0xb7,
+ 0x47,
+ 0xd1,
+ 0x9c,
+ 0xdd,
+ 0xcb,
+ 0x4a,
+ 0x33,
+ 0x6e,
+ 0xc9,
+ 0x75,
+ 0x76,
+ 0xe6,
+ 0xe4,
+ 0xa5,
+ 0x31,
+ 0x8c,
+ 0x77,
+ 0x13,
+ 0xb4,
+ 0x29,
+ 0xcd,
+ 0xf5,
+ 0x52,
+ 0x17,
+ 0xef,
+ 0xf3,
+ 0x08,
+ 0x00,
+ 0xe3,
+ 0xbd,
+ 0x2e,
+ 0xbc,
+ 0xd4,
+ 0x52,
+ 0x88,
+ 0xe9,
+ 0x30,
+ 0x75,
+ 0x0b,
+ 0x02,
+ 0xf5,
+ 0xcd,
+ 0x89,
+ 0x0c,
+ 0x6c,
+ 0x57,
+ 0x19,
+ 0x27,
+ 0x3d,
+ 0x1e,
+ 0x85,
+ 0xb4,
+ 0xc1,
+ 0x2f,
+ 0x1d,
+ 0x92,
+ 0x00,
+ 0x5c,
+ 0x76,
+ 0x29,
+ 0x4b,
+ 0xa4,
+ 0xe1,
+ 0x12,
+ 0xb3,
+ 0xc8,
+ 0x09,
+ 0xfe,
+ 0x0e,
+ 0x78,
+ 0x72,
+ 0x61,
+ 0xcb,
+ 0x61,
+ 0x6f,
+ 0x39,
+ 0x91,
+ 0x95,
+ 0x4e,
+ 0xd5,
+ 0x3e,
+ 0xc7,
+ 0x8f,
+ 0xb8,
+ 0xf6,
+ 0x36,
+ 0xfe,
+ 0x9c,
+ 0x93,
+ 0x9a,
+ 0x38,
+ 0x25,
+ 0x7a,
+ 0xf4,
+ 0x4a,
+ 0x12,
+ 0xd4,
+ 0xa0,
+ 0x13,
+ 0xbd,
+ 0xf9,
+ 0x1d,
+ 0x12,
+ 0x3e,
+ 0x21,
+ 0x39,
+ 0xfb,
+ 0x72,
+ 0xe0,
+ 0x05,
+ 0x3d,
+ 0xc3,
+ 0xe5,
+ 0x50,
+ 0xa8,
+ 0x5d,
+ 0x85,
+ 0xa3,
+ 0xea,
+ 0x5f,
+ 0x1c,
+ 0xb2,
+ 0x3f,
+ 0xea,
+ 0x6d,
+ 0x03,
+ 0x91,
+ 0x55,
+ 0xd8,
+ 0x19,
+ 0x0a,
+ 0x21,
+ 0x12,
+ 0x16,
+ 0xd9,
+ 0x12,
+ 0xc4,
+ 0xe6,
+ 0x07,
+ 0x18,
+ 0x5b,
+ 0x26,
+ 0xa4,
+ 0xae,
+ 0xed,
+ 0x2b,
+ 0xb7,
+ 0xa6,
+ 0xed,
+ 0xf8,
+ 0xad,
+ 0xec,
+ 0x77,
+ 0xe6,
+ 0x7f,
+ 0x4f,
+ 0x76,
+ 0x00,
+ 0xc0,
+ 0xfa,
+ 0x15,
+ 0x92,
+ 0xb4,
+ 0x2c,
+ 0x22,
+ 0xc2,
+ 0xeb,
+ 0x6a,
+ 0xad,
+ 0x14,
+ 0x05,
+ 0xb2,
+ 0xe5,
+ 0x8a,
+ 0x9e,
+ 0x85,
+ 0x83,
+ 0xcc,
+ 0x04,
+ 0xf1,
+ 0x56,
+ 0x78,
+ 0x44,
+ 0x5e,
+ 0xde,
+ 0xe0,
+ 0x60,
+ 0x1a,
+ 0x65,
+ 0x79,
+ 0x31,
+ 0x23,
+ 0x05,
+ 0xbb,
+ 0x01,
+ 0xff,
+ 0xdd,
+ 0x2e,
+ 0xb7,
+ 0xb3,
+ 0xaa,
+ 0x74,
+ 0xe0,
+ 0xa5,
+ 0x94,
+ 0xaf,
+ 0x4b,
+ 0xde,
+ 0x58,
+ 0x0f,
+ 0x55,
+ 0xde,
+ 0x33,
+ 0xf6,
+ 0xe3,
+ 0xd6,
+ 0x34,
+ 0x36,
+ 0x57,
+ 0xd6,
+ 0x79,
+ 0x91,
+ 0x2e,
+ 0xbe,
+ 0x3b,
+ 0xd9,
+ 0x4e,
+ 0xb6,
+ 0x9d,
+ 0x21,
+ 0x5c,
+ 0xd3,
+ 0x48,
+ 0x14,
+ 0x7f,
+ 0x4a,
+ 0xc4,
+ 0x60,
+ 0xa9,
+ 0x29,
+ 0xf8,
+ 0x53,
+ 0x7f,
+ 0x88,
+ 0x11,
+ 0x2d,
+ 0xb5,
+ 0xc5,
+ 0x2d,
+ 0x6f,
+ 0xee,
+ 0x85,
+ 0x0b,
+ 0xf7,
+ 0x8d,
+ 0x9a,
+ 0xbe,
+ 0xb0,
+ 0x42,
+ 0xf2,
+ 0x2e,
+ 0x71,
+ 0xaf,
+ 0x19,
+ 0x31,
+ 0x6d,
+ 0xec,
+ 0xcd,
+ 0x6f,
+ 0x2b,
+ 0x23,
+ 0xdf,
+ 0xb4,
+ 0x40,
+ 0xaf,
+ 0x2c,
+ 0x0a,
+ 0xc3,
+ 0x1b,
+ 0x7d,
+ 0x7d,
+ 0x03,
+ 0x1d,
+ 0x4b,
+ 0xf3,
+ 0xb5,
+ 0xe0,
+ 0x85,
+ 0xd8,
+ 0xdf,
+ 0x91,
+ 0x6b,
+ 0x0a,
+ 0x69,
+ 0xf7,
+ 0xf2,
+ 0x69,
+ 0x66,
+ 0x5b,
+ 0xf1,
+ 0xcf,
+ 0x46,
+ 0x7d,
+ 0xe9,
+ 0x70,
+ 0xfa,
+ 0x6d,
+ 0x7e,
+ 0x75,
+ 0x4e,
+ 0xa9,
+ 0x77,
+ 0xe6,
+ 0x8c,
+ 0x02,
+ 0xf7,
+ 0x14,
+ 0x4d,
+ 0xa5,
+ 0x41,
+ 0x8f,
+ 0x3f,
+ 0xc1,
+ 0x62,
+ 0x1e,
+ 0x71,
+ 0x5e,
+ 0x38,
+ 0xb4,
+ 0xd6,
+ 0xe6,
+ 0xe1,
+ 0x4b,
+ 0xc2,
+ 0x2c,
+ 0x30,
+ 0x83,
+ 0x81,
+ 0x6f,
+ 0x49,
+ 0x2e,
+ 0x96,
+ 0xe6,
+ 0xc9,
+ 0x9a,
+ 0xf7,
+ 0x5d,
+ 0x09,
+ 0xa0,
+ 0x55,
+ 0x02,
+ 0xa5,
+ 0x3a,
+ 0x25,
+ 0x23,
+ 0xd0,
+ 0x92,
+ 0xc3,
+ 0xa3,
+ 0xe3,
+ 0x0e,
+ 0x12,
+ 0x2f,
+ 0x4d,
+ 0xef,
+ 0xf3,
+ 0x55,
+ 0x5a,
+ 0xbe,
+ 0xe6,
+ 0x19,
+ 0x86,
+ 0x31,
+ 0xab,
+ 0x75,
+ 0x9a,
+ 0xd3,
+ 0xf0,
+ 0x2c,
+ 0xc5,
+ 0x41,
+ 0x92,
+ 0xd9,
+ 0x1f,
+ 0x5f,
+ 0x11,
+ 0x8c,
+ 0x75,
+ 0x1c,
+ 0x63,
+ 0xd0,
+ 0x02,
+ 0x80,
+ 0x2c,
+ 0x68,
+ 0xcb,
+ 0x93,
+ 0xfb,
+ 0x51,
+ 0x73,
+ 0x49,
+ 0xb4,
+ 0x60,
+ 0xda,
+ 0xe2,
+ 0x26,
+ 0xaf,
+ 0xa9,
+ 0x46,
+ 0x12,
+ 0xb8,
+ 0xec,
+ 0x50,
+ 0xdd,
+ 0x12,
+ 0x06,
+ 0x5f,
+ 0xce,
+ 0x59,
+ 0xe6,
+ 0xf6,
+ 0x1c,
+ 0xe0,
+ 0x54,
+ 0x10,
+ 0xad,
+ 0xf6,
+ 0xcd,
+ 0x98,
+ 0xcc,
+ 0x0f,
+ 0xfb,
+ 0xcb,
+ 0x41,
+ 0x14,
+ 0x9d,
+ 0xed,
+ 0xe4,
+ 0xb4,
+ 0x74,
+ 0x5f,
+ 0x09,
+ 0x60,
+ 0xc7,
+ 0x12,
+ 0xf6,
+ 0x7b,
+ 0x3c,
+ 0x8f,
+ 0xa7,
+ 0x20,
+ 0xbc,
+ 0xe4,
+ 0xb1,
+ 0xef,
+ 0xeb,
+ 0xa4,
+ 0x93,
+ 0xc5,
+ 0x06,
+ 0xca,
+ 0x9a,
+ 0x27,
+ 0x9d,
+ 0x87,
+ 0xf3,
+ 0xde,
+ 0xca,
+ 0xe5,
+ 0xe7,
+ 0xf6,
+ 0x1c,
+ 0x01,
+ 0x65,
+ 0x5b,
+ 0xfb,
+ 0x19,
+ 0x79,
+ 0x6e,
+ 0x08,
+ 0x26,
+ 0xc5,
+ 0xc8,
+ 0x28,
+ 0x0e,
+ 0xb6,
+ 0x3b,
+ 0x07,
+ 0x08,
+ 0xc1,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x01,
+ 0x00,
+ 0xe8,
+ 0x1c,
+ 0x73,
+ 0xa6,
+ 0xb8,
+ 0xe0,
+ 0x0e,
+ 0x6d,
+ 0x8d,
+ 0x1b,
+ 0xb9,
+ 0x53,
+ 0xed,
+ 0x58,
+ 0x94,
+ 0xe6,
+ 0x1d,
+ 0x60,
+ 0x14,
+ 0x5c,
+ 0x76,
+ 0x43,
+ 0xc4,
+ 0x58,
+ 0x19,
+ 0xc4,
+ 0x24,
+ 0xe8,
+ 0xbc,
+ 0x1b,
+ 0x3b,
+ 0x0b,
+ 0x13,
+ 0x24,
+ 0x45,
+ 0x54,
+ 0x0e,
+ 0xcc,
+ 0x37,
+ 0xf0,
+ 0xe0,
+ 0x63,
+ 0x7d,
+ 0xc3,
+ 0xf7,
+ 0xfb,
+ 0x81,
+ 0x74,
+ 0x81,
+ 0xc4,
+ 0x0f,
+ 0x1a,
+ 0x21,
+ 0x48,
+ 0xaf,
+ 0xce,
+ 0xc1,
+ 0xc4,
+ 0x94,
+ 0x18,
+ 0x06,
+ 0x44,
+ 0x8d,
+ 0xd3,
+ 0xd2,
+ 0x22,
+ 0x2d,
+ 0x2d,
+ 0x3e,
+ 0x5a,
+ 0x31,
+ 0xdc,
+ 0x95,
+ 0x8e,
+ 0xf4,
+ 0x41,
+ 0xfc,
+ 0x58,
+ 0xc9,
+ 0x40,
+ 0x92,
+ 0x17,
+ 0x5f,
+ 0xe3,
+ 0xda,
+ 0xac,
+ 0x9e,
+ 0x3f,
+ 0x1c,
+ 0x2a,
+ 0x6b,
+ 0x58,
+ 0x5f,
+ 0x48,
+ 0x78,
+ 0x20,
+ 0xb1,
+ 0xaf,
+ 0x24,
+ 0x9b,
+ 0x3c,
+ 0x20,
+ 0x8b,
+ 0x93,
+ 0x25,
+ 0x9e,
+ 0xe6,
+ 0x6b,
+ 0xbc,
+ 0x13,
+ 0x42,
+ 0x14,
+ 0x6c,
+ 0x36,
+ 0x31,
+ 0xff,
+ 0x7a,
+ 0xd1,
+ 0xc1,
+ 0x1a,
+ 0x26,
+ 0x14,
+ 0x7f,
+ 0xa9,
+ 0x76,
+ 0xa7,
+ 0x0c,
+ 0xf8,
+ 0xcc,
+ 0xed,
+ 0x07,
+ 0x6a,
+ 0xd2,
+ 0xdf,
+ 0x62,
+ 0xee,
+ 0x0a,
+ 0x7c,
+ 0x84,
+ 0xcb,
+ 0x49,
+ 0x90,
+ 0xb2,
+ 0x03,
+ 0x0d,
+ 0xa2,
+ 0x82,
+ 0x06,
+ 0x77,
+ 0xf1,
+ 0xcd,
+ 0x67,
+ 0xf2,
+ 0x47,
+ 0x21,
+ 0x02,
+ 0x3f,
+ 0x43,
+ 0x21,
+ 0xf0,
+ 0x46,
+ 0x30,
+ 0x62,
+ 0x51,
+ 0x72,
+ 0xb1,
+ 0xe7,
+ 0x48,
+ 0xc6,
+ 0x67,
+ 0x12,
+ 0xcd,
+ 0x9e,
+ 0xd6,
+ 0x15,
+ 0xe5,
+ 0x21,
+ 0xed,
+ 0xfa,
+ 0x8f,
+ 0x30,
+ 0xa6,
+ 0x41,
+ 0xfe,
+ 0xb6,
+ 0xfa,
+ 0x8f,
+ 0x34,
+ 0x14,
+ 0x19,
+ 0xe8,
+ 0x11,
+ 0xf7,
+ 0xa5,
+ 0x77,
+ 0x3e,
+ 0xb7,
+ 0xf9,
+ 0x39,
+ 0x07,
+ 0x8c,
+ 0x67,
+ 0x2a,
+ 0xab,
+ 0x7b,
+ 0x08,
+ 0xf8,
+ 0xb0,
+ 0x06,
+ 0xa8,
+ 0xea,
+ 0x2f,
+ 0x8f,
+ 0xfa,
+ 0xcc,
+ 0xcc,
+ 0x40,
+ 0xce,
+ 0xf3,
+ 0x70,
+ 0x4f,
+ 0x3f,
+ 0x7f,
+ 0xe2,
+ 0x0c,
+ 0xea,
+ 0x76,
+ 0x4a,
+ 0x35,
+ 0x4e,
+ 0x47,
+ 0xad,
+ 0x2b,
+ 0xa7,
+ 0x97,
+ 0x5d,
+ 0x74,
+ 0x43,
+ 0x97,
+ 0x90,
+ 0xd2,
+ 0xfb,
+ 0xd9,
+ 0xf9,
+ 0x96,
+ 0x01,
+ 0x33,
+ 0x05,
+ 0xed,
+ 0x7b,
+ 0x03,
+ 0x05,
+ 0xad,
+ 0xf8,
+ 0x49,
+ 0x03,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x01,
+ 0x00,
+ 0xd4,
+ 0x40,
+ 0x17,
+ 0x66,
+ 0x10,
+ 0x92,
+ 0x95,
+ 0xc8,
+ 0xec,
+ 0x62,
+ 0xa9,
+ 0x7a,
+ 0xcb,
+ 0x93,
+ 0x8e,
+ 0xe6,
+ 0x53,
+ 0xd4,
+ 0x80,
+ 0x48,
+ 0x27,
+ 0x4b,
+ 0x41,
+ 0xce,
+ 0x61,
+ 0xdf,
+ 0xbf,
+ 0x94,
+ 0xa4,
+ 0x3d,
+ 0x71,
+ 0x03,
+ 0x0b,
+ 0xed,
+ 0x25,
+ 0x71,
+ 0x98,
+ 0xa4,
+ 0xd6,
+ 0xd5,
+ 0x4a,
+ 0x57,
+ 0xf5,
+ 0x6c,
+ 0x1b,
+ 0xda,
+ 0x21,
+ 0x7d,
+ 0x35,
+ 0x45,
+ 0xb3,
+ 0xf3,
+ 0x6a,
+ 0xd9,
+ 0xd3,
+ 0x43,
+ 0xe8,
+ 0x5c,
+ 0x54,
+ 0x1c,
+ 0x83,
+ 0x1b,
+ 0xb4,
+ 0x5f,
+ 0xf2,
+ 0x97,
+ 0x24,
+ 0x2e,
+ 0xdc,
+ 0x40,
+ 0xde,
+ 0x92,
+ 0x23,
+ 0x59,
+ 0x8e,
+ 0xbc,
+ 0xd2,
+ 0xa1,
+ 0xf2,
+ 0xe0,
+ 0x4c,
+ 0xdd,
+ 0x0b,
+ 0xd1,
+ 0xe7,
+ 0xae,
+ 0x65,
+ 0xbc,
+ 0xb5,
+ 0xf5,
+ 0x5b,
+ 0x98,
+ 0xe9,
+ 0xd7,
+ 0xc2,
+ 0xb7,
+ 0x0e,
+ 0x55,
+ 0x71,
+ 0x0e,
+ 0x3c,
+ 0x0a,
+ 0x24,
+ 0x6b,
+ 0xa6,
+ 0xe6,
+ 0x14,
+ 0x61,
+ 0x11,
+ 0xfd,
+ 0x33,
+ 0x42,
+ 0x99,
+ 0x2b,
+ 0x84,
+ 0x77,
+ 0x74,
+ 0x92,
+ 0x91,
+ 0xf5,
+ 0x79,
+ 0x79,
+ 0xcf,
+ 0xad,
+ 0x8e,
+ 0x04,
+ 0xef,
+ 0x80,
+ 0x1e,
+ 0x57,
+ 0xf4,
+ 0x14,
+ 0xf5,
+ 0x35,
+ 0x09,
+ 0x74,
+ 0xb2,
+ 0x13,
+ 0x71,
+ 0x58,
+ 0x6b,
+ 0xea,
+ 0x32,
+ 0x5d,
+ 0xf3,
+ 0xd3,
+ 0x76,
+ 0x48,
+ 0x39,
+ 0x10,
+ 0x23,
+ 0x84,
+ 0x9d,
+ 0xbe,
+ 0x92,
+ 0x77,
+ 0x4a,
+ 0xed,
+ 0x70,
+ 0x3e,
+ 0x1a,
+ 0xa2,
+ 0x6c,
+ 0xb3,
+ 0x81,
+ 0x00,
+ 0xc3,
+ 0xc9,
+ 0xe4,
+ 0x52,
+ 0xc8,
+ 0x24,
+ 0x88,
+ 0x0c,
+ 0x41,
+ 0xad,
+ 0x87,
+ 0x5a,
+ 0xea,
+ 0xa3,
+ 0x7a,
+ 0x85,
+ 0x1c,
+ 0x5e,
+ 0x31,
+ 0x7f,
+ 0xc3,
+ 0x35,
+ 0xc6,
+ 0xfa,
+ 0x10,
+ 0xc8,
+ 0x75,
+ 0x10,
+ 0xc4,
+ 0x96,
+ 0x99,
+ 0xe7,
+ 0xfe,
+ 0x01,
+ 0xb4,
+ 0x74,
+ 0xdb,
+ 0xb4,
+ 0x11,
+ 0xc3,
+ 0xc8,
+ 0x8c,
+ 0xf6,
+ 0xf7,
+ 0x3b,
+ 0x66,
+ 0x50,
+ 0xfc,
+ 0xdb,
+ 0xeb,
+ 0xca,
+ 0x47,
+ 0x85,
+ 0x89,
+ 0xe1,
+ 0x65,
+ 0xd9,
+ 0x62,
+ 0x34,
+ 0x3c,
+ 0x70,
+ 0xd8,
+ 0x2e,
+ 0xb4,
+ 0x2f,
+ 0x65,
+ 0x3c,
+ 0x4a,
+ 0xa6,
+ 0x2a,
+ 0xe7,
+ 0xc7,
+ 0xd8,
+ 0x41,
+ 0x8f,
+ 0x8a,
+ 0x43,
+ 0xbf,
+ 0x42,
+ 0xf2,
+ 0x4d,
+ 0xbc,
+ 0xfc,
+ 0x9e,
+ 0x27,
+ 0x95,
+ 0xfb,
+ 0x75,
+ 0xff,
+ 0xab,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x00,
+ 0x41,
+ 0x2f,
+ 0x44,
+ 0x57,
+ 0x6d,
+ 0x12,
+ 0x17,
+ 0x5b,
+ 0x32,
+ 0xc6,
+ 0xb7,
+ 0x6c,
+ 0x57,
+ 0x7a,
+ 0x8a,
+ 0x0e,
+ 0x79,
+ 0xef,
+ 0x72,
+ 0xa8,
+ 0x68,
+ 0xda,
+ 0x2d,
+ 0x38,
+ 0xe4,
+ 0xbb,
+ 0x8d,
+ 0xf6,
+ 0x02,
+ 0x65,
+ 0xcf,
+ 0x56,
+ 0x13,
+ 0xe1,
+ 0x1a,
+ 0xcb,
+ 0x39,
+ 0x80,
+ 0xa6,
+ 0xb1,
+ 0x32,
+ 0x03,
+ 0x1e,
+ 0xdd,
+ 0xbb,
+ 0x35,
+ 0xd9,
+ 0xac,
+ 0x43,
+ 0x89,
+ 0x31,
+ 0x08,
+ 0x90,
+ 0x92,
+ 0x5e,
+ 0x35,
+ 0x3d,
+ 0x7b,
+ 0x9c,
+ 0x6f,
+ 0x86,
+ 0xcb,
+ 0x17,
+ 0xdd,
+ 0x85,
+ 0xe4,
+ 0xed,
+ 0x35,
+ 0x08,
+ 0x8e,
+ 0xc1,
+ 0xf4,
+ 0x05,
+ 0xd8,
+ 0x68,
+ 0xc6,
+ 0x63,
+ 0x3c,
+ 0xf7,
+ 0xff,
+ 0xf7,
+ 0x47,
+ 0x33,
+ 0x39,
+ 0xc5,
+ 0x3e,
+ 0xb7,
+ 0x0e,
+ 0x58,
+ 0x35,
+ 0x9d,
+ 0x81,
+ 0xea,
+ 0xf8,
+ 0x6a,
+ 0x2c,
+ 0x1c,
+ 0x5a,
+ 0x68,
+ 0x78,
+ 0x64,
+ 0x11,
+ 0x6b,
+ 0xc1,
+ 0x3e,
+ 0x4e,
+ 0x7a,
+ 0xbd,
+ 0x84,
+ 0xcb,
+ 0x0f,
+ 0xc2,
+ 0xb6,
+ 0x85,
+ 0x1d,
+ 0xd3,
+ 0x76,
+ 0xc5,
+ 0x93,
+ 0x6a,
+ 0x69,
+ 0x89,
+ 0x56,
+ 0x34,
+ 0xdc,
+ 0x4a,
+ 0x9b,
+ 0xbc,
+ 0xff,
+ 0xa8,
+ 0x0d,
+ 0x6e,
+ 0x35,
+ 0x9c,
+ 0x60,
+ 0xa7,
+ 0x23,
+ 0x30,
+ 0xc7,
+ 0x06,
+ 0x64,
+ 0x39,
+ 0x8b,
+ 0x94,
+ 0x89,
+ 0xee,
+ 0xba,
+ 0x7f,
+ 0x60,
+ 0x8d,
+ 0xfa,
+ 0xb6,
+ 0x97,
+ 0x76,
+ 0xdc,
+ 0x51,
+ 0x4a,
+ 0x3c,
+ 0xeb,
+ 0x3a,
+ 0x14,
+ 0x2c,
+ 0x20,
+ 0x60,
+ 0x69,
+ 0x4a,
+ 0x86,
+ 0xfe,
+ 0x8c,
+ 0x21,
+ 0x84,
+ 0x49,
+ 0x54,
+ 0xb3,
+ 0x20,
+ 0xe1,
+ 0x01,
+ 0x7f,
+ 0x58,
+ 0xdf,
+ 0x7f,
+ 0xb5,
+ 0x21,
+ 0x51,
+ 0x8c,
+ 0x47,
+ 0x9f,
+ 0x91,
+ 0xeb,
+ 0x97,
+ 0x3e,
+ 0xf2,
+ 0x54,
+ 0xcf,
+ 0x16,
+ 0x46,
+ 0xf9,
+ 0xd9,
+ 0xb6,
+ 0xe7,
+ 0x64,
+ 0xc9,
+ 0xd0,
+ 0x54,
+ 0xea,
+ 0x2f,
+ 0xa1,
+ 0xcf,
+ 0xa5,
+ 0x7f,
+ 0x28,
+ 0x8d,
+ 0x84,
+ 0xec,
+ 0xd5,
+ 0x39,
+ 0x03,
+ 0x76,
+ 0x5b,
+ 0x2d,
+ 0x8e,
+ 0x43,
+ 0xf2,
+ 0x01,
+ 0x24,
+ 0xc9,
+ 0x6f,
+ 0xc0,
+ 0xf5,
+ 0x69,
+ 0x6f,
+ 0x7d,
+ 0xb5,
+ 0x85,
+ 0xd2,
+ 0x5f,
+ 0x7f,
+ 0x78,
+ 0x40,
+ 0x07,
+ 0x7f,
+ 0x09,
+ 0x15,
+ 0xb5,
+ 0x1f,
+ 0x28,
+ 0x65,
+ 0x10,
+ 0xe4,
+ 0x19,
+ 0xa8,
+ 0xc6,
+ 0x9e,
+ 0x8d,
+ 0xdc,
+ 0xcb,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x00,
+ 0x13,
+ 0x01,
+ 0xee,
+ 0x56,
+ 0x80,
+ 0x93,
+ 0x70,
+ 0x00,
+ 0x7f,
+ 0x52,
+ 0xd2,
+ 0x94,
+ 0xa1,
+ 0x98,
+ 0x84,
+ 0x4a,
+ 0x92,
+ 0x25,
+ 0x4c,
+ 0x9b,
+ 0xa9,
+ 0x91,
+ 0x2e,
+ 0xc2,
+ 0x79,
+ 0xb7,
+ 0x5c,
+ 0xe3,
+ 0xc5,
+ 0xd5,
+ 0x8e,
+ 0xc2,
+ 0x54,
+ 0x16,
+ 0x17,
+ 0xad,
+ 0x55,
+ 0x9b,
+ 0x25,
+ 0x76,
+ 0x12,
+ 0x63,
+ 0x50,
+ 0x22,
+ 0x2f,
+ 0x58,
+ 0x58,
+ 0x79,
+ 0x6b,
+ 0x04,
+ 0xe3,
+ 0xf9,
+ 0x9f,
+ 0x8f,
+ 0x04,
+ 0x41,
+ 0x67,
+ 0x94,
+ 0xa5,
+ 0x1f,
+ 0xac,
+ 0x8a,
+ 0x15,
+ 0x9c,
+ 0x26,
+ 0x10,
+ 0x6c,
+ 0xf8,
+ 0x19,
+ 0x57,
+ 0x61,
+ 0xd7,
+ 0x3a,
+ 0x7d,
+ 0x31,
+ 0xb0,
+ 0x2d,
+ 0x38,
+ 0xbd,
+ 0x94,
+ 0x62,
+ 0xad,
+ 0xc4,
+ 0xfa,
+ 0x36,
+ 0x42,
+ 0x42,
+ 0xf0,
+ 0x24,
+ 0x67,
+ 0x65,
+ 0x9d,
+ 0x8b,
+ 0x0b,
+ 0x7c,
+ 0x6f,
+ 0x82,
+ 0x44,
+ 0x1a,
+ 0x8c,
+ 0xc8,
+ 0xc9,
+ 0xab,
+ 0xbb,
+ 0x4c,
+ 0x45,
+ 0xfc,
+ 0x7b,
+ 0x38,
+ 0xee,
+ 0x30,
+ 0xe1,
+ 0xfc,
+ 0xef,
+ 0x8d,
+ 0xbc,
+ 0x58,
+ 0xdf,
+ 0x2b,
+ 0x5d,
+ 0x0d,
+ 0x54,
+ 0xe0,
+ 0x49,
+ 0x4d,
+ 0x97,
+ 0x99,
+ 0x8f,
+ 0x22,
+ 0xa8,
+ 0x83,
+ 0xbe,
+ 0x40,
+ 0xbb,
+ 0x50,
+ 0x2e,
+ 0x78,
+ 0x28,
+ 0x0f,
+ 0x95,
+ 0x78,
+ 0x8c,
+ 0x8f,
+ 0x98,
+ 0x24,
+ 0x56,
+ 0xc2,
+ 0x97,
+ 0xf3,
+ 0x2c,
+ 0x43,
+ 0xd2,
+ 0x03,
+ 0x82,
+ 0x66,
+ 0x81,
+ 0x72,
+ 0x5f,
+ 0x53,
+ 0x16,
+ 0xec,
+ 0xb1,
+ 0xb1,
+ 0x04,
+ 0x5e,
+ 0x40,
+ 0x20,
+ 0x48,
+ 0x7b,
+ 0x3f,
+ 0x02,
+ 0x97,
+ 0x6a,
+ 0xeb,
+ 0x96,
+ 0x12,
+ 0x21,
+ 0x35,
+ 0xfe,
+ 0x1f,
+ 0x47,
+ 0xc0,
+ 0x95,
+ 0xea,
+ 0xc5,
+ 0x8a,
+ 0x08,
+ 0x84,
+ 0x4f,
+ 0x5e,
+ 0x63,
+ 0x94,
+ 0x60,
+ 0x0f,
+ 0x71,
+ 0x5b,
+ 0x7f,
+ 0x4a,
+ 0xec,
+ 0x4f,
+ 0x60,
+ 0xc6,
+ 0xba,
+ 0x4a,
+ 0x24,
+ 0xf1,
+ 0x20,
+ 0x8b,
+ 0xa7,
+ 0x2e,
+ 0x3a,
+ 0xce,
+ 0x8d,
+ 0xe0,
+ 0x27,
+ 0x1d,
+ 0xb5,
+ 0x8e,
+ 0xb4,
+ 0x21,
+ 0xc5,
+ 0xe2,
+ 0xa6,
+ 0x16,
+ 0x0a,
+ 0x51,
+ 0x83,
+ 0x55,
+ 0x88,
+ 0xd1,
+ 0x30,
+ 0x11,
+ 0x63,
+ 0xd5,
+ 0xd7,
+ 0x8d,
+ 0xae,
+ 0x16,
+ 0x12,
+ 0x82,
+ 0xc4,
+ 0x85,
+ 0x00,
+ 0x4e,
+ 0x27,
+ 0x83,
+ 0xa5,
+ 0x7c,
+ 0x90,
+ 0x2e,
+ 0xe5,
+ 0xa2,
+ 0xa3,
+ 0xd3,
+ 0x4c,
+ 0x63,
+ 0x02,
+ 0x82,
+ 0x01,
+ 0x01,
+ 0x00,
+ 0x86,
+ 0x08,
+ 0x98,
+ 0x98,
+ 0xa5,
+ 0x00,
+ 0x05,
+ 0x39,
+ 0x77,
+ 0xd9,
+ 0x66,
+ 0xb3,
+ 0xcf,
+ 0xca,
+ 0xa0,
+ 0x71,
+ 0xb3,
+ 0x50,
+ 0xce,
+ 0x3d,
+ 0xb1,
+ 0x93,
+ 0x95,
+ 0x35,
+ 0xc4,
+ 0xd4,
+ 0x2e,
+ 0x90,
+ 0xdf,
+ 0x0f,
+ 0xfc,
+ 0x60,
+ 0xc1,
+ 0x94,
+ 0x68,
+ 0x61,
+ 0x43,
+ 0xca,
+ 0x9a,
+ 0x23,
+ 0x4a,
+ 0x1e,
+ 0x45,
+ 0x72,
+ 0x99,
+ 0xb5,
+ 0x1e,
+ 0x61,
+ 0x8d,
+ 0x77,
+ 0x0f,
+ 0xa0,
+ 0xbb,
+ 0xd7,
+ 0x77,
+ 0xb4,
+ 0x2a,
+ 0x15,
+ 0x11,
+ 0x88,
+ 0x2d,
+ 0xb3,
+ 0x56,
+ 0x61,
+ 0x5e,
+ 0x6a,
+ 0xed,
+ 0xa4,
+ 0x46,
+ 0x4a,
+ 0x3f,
+ 0x50,
+ 0x11,
+ 0xd6,
+ 0xba,
+ 0xb6,
+ 0xd7,
+ 0x95,
+ 0x65,
+ 0x53,
+ 0xc3,
+ 0xa1,
+ 0x8f,
+ 0xe0,
+ 0xa3,
+ 0xf5,
+ 0x1c,
+ 0xfd,
+ 0xaf,
+ 0x6e,
+ 0x43,
+ 0xd7,
+ 0x17,
+ 0xa7,
+ 0xd3,
+ 0x81,
+ 0x1b,
+ 0xa4,
+ 0xdf,
+ 0xe0,
+ 0x97,
+ 0x8a,
+ 0x46,
+ 0x03,
+ 0xd3,
+ 0x46,
+ 0x0e,
+ 0x83,
+ 0x48,
+ 0x4e,
+ 0xd2,
+ 0x02,
+ 0xcb,
+ 0xc0,
+ 0xad,
+ 0x79,
+ 0x95,
+ 0x8c,
+ 0x96,
+ 0xba,
+ 0x40,
+ 0x34,
+ 0x11,
+ 0x71,
+ 0x5e,
+ 0xe9,
+ 0x11,
+ 0xf9,
+ 0xc5,
+ 0x4a,
+ 0x5e,
+ 0x91,
+ 0x9d,
+ 0xf5,
+ 0x92,
+ 0x4f,
+ 0xeb,
+ 0xc6,
+ 0x70,
+ 0x02,
+ 0x2d,
+ 0x3d,
+ 0x04,
+ 0xaa,
+ 0xe9,
+ 0x3a,
+ 0x8e,
+ 0xd5,
+ 0xa8,
+ 0xad,
+ 0xf7,
+ 0xce,
+ 0x0d,
+ 0x16,
+ 0xb2,
+ 0xec,
+ 0x0a,
+ 0x9c,
+ 0xf5,
+ 0x94,
+ 0x39,
+ 0xb9,
+ 0x8a,
+ 0xfc,
+ 0x1e,
+ 0xf9,
+ 0xcc,
+ 0xf2,
+ 0x5f,
+ 0x21,
+ 0x31,
+ 0x74,
+ 0x72,
+ 0x6b,
+ 0x64,
+ 0xae,
+ 0x35,
+ 0x61,
+ 0x8d,
+ 0x0d,
+ 0xcb,
+ 0xe7,
+ 0xda,
+ 0x39,
+ 0xca,
+ 0xf3,
+ 0x21,
+ 0x66,
+ 0x0b,
+ 0x95,
+ 0xd7,
+ 0x0a,
+ 0x7c,
+ 0xca,
+ 0xa1,
+ 0xa9,
+ 0x5a,
+ 0xe8,
+ 0xac,
+ 0xe0,
+ 0x71,
+ 0x54,
+ 0xaf,
+ 0x28,
+ 0xcf,
+ 0xd5,
+ 0x70,
+ 0x89,
+ 0xe0,
+ 0xf3,
+ 0x9e,
+ 0x43,
+ 0x6c,
+ 0x8d,
+ 0x7b,
+ 0x99,
+ 0x01,
+ 0x68,
+ 0x4d,
+ 0xa1,
+ 0x45,
+ 0x46,
+ 0x0c,
+ 0x43,
+ 0xbc,
+ 0xcc,
+ 0x2c,
+ 0xdd,
+ 0xc5,
+ 0x46,
+ 0xc8,
+ 0x4e,
+ 0x0e,
+ 0xbe,
+ 0xed,
+ 0xb9,
+ 0x26,
+ 0xab,
+ 0x2e,
+ 0xdb,
+ 0xeb,
+ 0x8f,
+ 0xff,
+ 0xdb,
+ 0xb0,
+ 0xc6,
+ 0x55,
+ 0xaf,
+ 0xf8,
+ 0x2a,
+ 0x91,
+ 0x9d,
+ 0x50,
+ 0x44,
+ 0x21,
+ 0x17,
};
static unsigned char test7680[] = {
diff --git a/apps/timeouts.h b/apps/timeouts.h
index 002852724763..3f9b2b50c9b8 100644
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
@@ -8,10 +8,10 @@
*/
#ifndef OSSL_APPS_TIMEOUTS_H
-# define OSSL_APPS_TIMEOUTS_H
+#define OSSL_APPS_TIMEOUTS_H
/* numbers in us */
-# define DGRAM_RCV_TIMEOUT 250000
-# define DGRAM_SND_TIMEOUT 250000
+#define DGRAM_RCV_TIMEOUT 250000
+#define DGRAM_SND_TIMEOUT 250000
-#endif /* ! OSSL_APPS_TIMEOUTS_H */
+#endif /* ! OSSL_APPS_TIMEOUTS_H */
diff --git a/apps/ts.c b/apps/ts.c
index 01b73f380428..8054d7f70486 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -21,117 +21,138 @@
#include <openssl/bn.h>
/* Request nonce length, in bits (must be a multiple of 8). */
-#define NONCE_LENGTH 64
+#define NONCE_LENGTH 64
/* Name of config entry that defines the OID file. */
-#define ENV_OID_FILE "oid_file"
+#define ENV_OID_FILE "oid_file"
/* Is |EXACTLY_ONE| of three pointers set? */
#define EXACTLY_ONE(a, b, c) \
- (( a && !b && !c) || \
- ( b && !a && !c) || \
- ( c && !a && !b))
+ ((a && !b && !c) || (b && !a && !c) || (c && !a && !b))
static ASN1_OBJECT *txt2obj(const char *oid);
static CONF *load_config_file(const char *configfile);
/* Query related functions. */
static int query_command(const char *data, const char *digest,
- const EVP_MD *md, const char *policy, int no_nonce,
- int cert, const char *in, const char *out, int text);
+ const EVP_MD *md, const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text);
static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
- const char *policy, int no_nonce, int cert);
+ const char *policy, int no_nonce, int cert);
static int create_digest(BIO *input, const char *digest,
- const EVP_MD *md, unsigned char **md_value);
+ const EVP_MD *md, unsigned char **md_value);
static ASN1_INTEGER *create_nonce(int bits);
/* Reply related functions. */
static int reply_command(CONF *conf, const char *section, const char *engine,
- const char *queryfile, const char *passin, const char *inkey,
- const EVP_MD *md, const char *signer, const char *chain,
- const char *policy, const char *in, int token_in,
- const char *out, int token_out, int text);
+ const char *queryfile, const char *passin, const char *inkey,
+ const EVP_MD *md, const char *signer, const char *chain,
+ const char *policy, const char *in, int token_in,
+ const char *out, int token_out, int text);
static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
- const char *queryfile, const char *passin,
- const char *inkey, const EVP_MD *md, const char *signer,
- const char *chain, const char *policy);
+ const char *queryfile, const char *passin,
+ const char *inkey, const EVP_MD *md, const char *signer,
+ const char *chain, const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
/* Verify related functions. */
static int verify_command(const char *data, const char *digest, const char *queryfile,
- const char *in, int token_in,
- const char *CApath, const char *CAfile,
- const char *CAstore,
- char *untrusted, X509_VERIFY_PARAM *vpm);
+ const char *in, int token_in,
+ const char *CApath, const char *CAfile,
+ const char *CAstore,
+ char *untrusted, X509_VERIFY_PARAM *vpm);
static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
- const char *queryfile,
- const char *CApath, const char *CAfile,
- const char *CAstore,
- char *untrusted,
- X509_VERIFY_PARAM *vpm);
+ const char *queryfile,
+ const char *CApath, const char *CAfile,
+ const char *CAstore,
+ char *untrusted,
+ X509_VERIFY_PARAM *vpm);
static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
- const char *CAstore, X509_VERIFY_PARAM *vpm);
+ const char *CAstore, X509_VERIFY_PARAM *vpm);
static int verify_cb(int ok, X509_STORE_CTX *ctx);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
- OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
- OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
- OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
- OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_UNTRUSTED,
- OPT_MD, OPT_V_ENUM, OPT_R_ENUM, OPT_PROV_ENUM
+ OPT_ENGINE,
+ OPT_CONFIG,
+ OPT_SECTION,
+ OPT_QUERY,
+ OPT_DATA,
+ OPT_DIGEST,
+ OPT_TSPOLICY,
+ OPT_NO_NONCE,
+ OPT_CERT,
+ OPT_IN,
+ OPT_TOKEN_IN,
+ OPT_OUT,
+ OPT_TOKEN_OUT,
+ OPT_TEXT,
+ OPT_REPLY,
+ OPT_QUERYFILE,
+ OPT_PASSIN,
+ OPT_INKEY,
+ OPT_SIGNER,
+ OPT_CHAIN,
+ OPT_VERIFY,
+ OPT_CAPATH,
+ OPT_CAFILE,
+ OPT_CASTORE,
+ OPT_UNTRUSTED,
+ OPT_MD,
+ OPT_V_ENUM,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ts_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
- {"config", OPT_CONFIG, '<', "Configuration file"},
- {"section", OPT_SECTION, 's', "Section to use within config file"},
+ { "help", OPT_HELP, '-', "Display this summary" },
+ { "config", OPT_CONFIG, '<', "Configuration file" },
+ { "section", OPT_SECTION, 's', "Section to use within config file" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"inkey", OPT_INKEY, 's', "File with private key for reply"},
- {"signer", OPT_SIGNER, 's', "Signer certificate file"},
- {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
- {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
- {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
- {"CAstore", OPT_CASTORE, ':', "URI to trusted CA store"},
- {"untrusted", OPT_UNTRUSTED, '<', "Extra untrusted certs"},
- {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
- {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"", OPT_MD, '-', "Any supported digest"},
+ { "inkey", OPT_INKEY, 's', "File with private key for reply" },
+ { "signer", OPT_SIGNER, 's', "Signer certificate file" },
+ { "chain", OPT_CHAIN, '<', "File with signer CA chain" },
+ { "CAfile", OPT_CAFILE, '<', "File with trusted CA certs" },
+ { "CApath", OPT_CAPATH, '/', "Path to trusted CA files" },
+ { "CAstore", OPT_CASTORE, ':', "URI to trusted CA store" },
+ { "untrusted", OPT_UNTRUSTED, '<', "Extra untrusted certs" },
+ { "token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file" },
+ { "token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file" },
+ { "passin", OPT_PASSIN, 's', "Input file pass phrase source" },
+ { "", OPT_MD, '-', "Any supported digest" },
OPT_SECTION("Query"),
- {"query", OPT_QUERY, '-', "Generate a TS query"},
- {"data", OPT_DATA, '<', "File to hash"},
- {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
- {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
- {"cert", OPT_CERT, '-', "Put cert request into query"},
- {"in", OPT_IN, '<', "Input file"},
+ { "query", OPT_QUERY, '-', "Generate a TS query" },
+ { "data", OPT_DATA, '<', "File to hash" },
+ { "digest", OPT_DIGEST, 's', "Digest (as a hex string)" },
+ { "queryfile", OPT_QUERYFILE, '<', "File containing a TS query" },
+ { "cert", OPT_CERT, '-', "Put cert request into query" },
+ { "in", OPT_IN, '<', "Input file" },
OPT_SECTION("Verify"),
- {"verify", OPT_VERIFY, '-', "Verify a TS response"},
- {"reply", OPT_REPLY, '-', "Generate a TS reply"},
- {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
- {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
- {"out", OPT_OUT, '>', "Output file"},
- {"text", OPT_TEXT, '-', "Output text (not DER)"},
+ { "verify", OPT_VERIFY, '-', "Verify a TS response" },
+ { "reply", OPT_REPLY, '-', "Generate a TS reply" },
+ { "tspolicy", OPT_TSPOLICY, 's', "Policy OID to use" },
+ { "no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce" },
+ { "out", OPT_OUT, '>', "Output file" },
+ { "text", OPT_TEXT, '-', "Output text (not DER)" },
OPT_R_OPTIONS,
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
/*
* This command is so complex, special help is needed.
*/
-static char* opt_helplist[] = {
+static char *opt_helplist[] = {
"",
"Typical uses:",
" openssl ts -query [-rand file...] [-config file] [-data file]",
@@ -186,7 +207,7 @@ int ts_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -299,8 +320,7 @@ int ts_main(int argc, char **argv)
if (!opt_md(digestname, &md))
goto opthelp;
}
- if (mode == OPT_REPLY && passin &&
- !app_passwd(passin, NULL, &password, NULL)) {
+ if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");
goto end;
}
@@ -317,7 +337,7 @@ int ts_main(int argc, char **argv)
if ((data != NULL) && (digest != NULL))
goto opthelp;
ret = !query_command(data, digest, md, policy, no_nonce, cert,
- in, out, text);
+ in, out, text);
} else if (mode == OPT_REPLY) {
if (vpmtouched)
goto opthelp;
@@ -328,20 +348,20 @@ int ts_main(int argc, char **argv)
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
- password, inkey, md, signer, chain, policy,
- in, token_in, out, token_out, text);
+ password, inkey, md, signer, chain, policy,
+ in, token_in, out, token_out, text);
} else if (mode == OPT_VERIFY) {
if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
goto opthelp;
ret = !verify_command(data, digest, queryfile, in, token_in,
- CApath, CAfile, CAstore, untrusted,
- vpmtouched ? vpm : NULL);
+ CApath, CAfile, CAstore, untrusted,
+ vpmtouched ? vpm : NULL);
} else {
goto opthelp;
}
- end:
+end:
X509_VERIFY_PARAM_free(vpm);
EVP_MD_free(md);
NCONF_free(conf);
@@ -392,8 +412,8 @@ static CONF *load_config_file(const char *configfile)
* Query-related method definitions.
*/
static int query_command(const char *data, const char *digest, const EVP_MD *md,
- const char *policy, int no_nonce,
- int cert, const char *in, const char *out, int text)
+ const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text)
{
int ret = 0;
TS_REQ *query = NULL;
@@ -429,7 +449,7 @@ static int query_command(const char *data, const char *digest, const EVP_MD *md,
ret = 1;
- end:
+end:
ERR_print_errors(bio_err);
BIO_free_all(in_bio);
BIO_free_all(data_bio);
@@ -439,7 +459,7 @@ static int query_command(const char *data, const char *digest, const EVP_MD *md,
}
static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
- const char *policy, int no_nonce, int cert)
+ const char *policy, int no_nonce, int cert)
{
int ret = 0;
TS_REQ *ts_req = NULL;
@@ -487,7 +507,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
goto err;
ret = 1;
- err:
+err:
if (!ret) {
TS_REQ_free(ts_req);
ts_req = NULL;
@@ -503,7 +523,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
}
static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
- unsigned char **md_value)
+ unsigned char **md_value)
{
int md_value_len;
int rv = 0;
@@ -536,12 +556,13 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
*md_value = OPENSSL_hexstr2buf(digest, &digest_len);
if (*md_value == NULL || md_value_len != digest_len) {
BIO_printf(bio_err, "bad digest, %d bytes "
- "must be specified\n", md_value_len);
+ "must be specified\n",
+ md_value_len);
goto err;
}
}
rv = md_value_len;
- err:
+err:
if (rv <= 0) {
OPENSSL_free(*md_value);
*md_value = NULL;
@@ -574,7 +595,7 @@ static ASN1_INTEGER *create_nonce(int bits)
memcpy(nonce->data, buf + i, nonce->length);
return nonce;
- err:
+err:
BIO_printf(bio_err, "could not create nonce\n");
ASN1_INTEGER_free(nonce);
return NULL;
@@ -585,10 +606,10 @@ static ASN1_INTEGER *create_nonce(int bits)
*/
static int reply_command(CONF *conf, const char *section, const char *engine,
- const char *queryfile, const char *passin, const char *inkey,
- const EVP_MD *md, const char *signer, const char *chain,
- const char *policy, const char *in, int token_in,
- const char *out, int token_out, int text)
+ const char *queryfile, const char *passin, const char *inkey,
+ const EVP_MD *md, const char *signer, const char *chain,
+ const char *policy, const char *in, int token_in,
+ const char *out, int token_out, int text)
{
int ret = 0;
TS_RESP *response = NULL;
@@ -608,7 +629,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine,
}
} else {
response = create_response(conf, section, engine, queryfile,
- passin, inkey, md, signer, chain, policy);
+ passin, inkey, md, signer, chain, policy);
if (response != NULL)
BIO_printf(bio_err, "Response has been generated.\n");
else
@@ -620,7 +641,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine,
/* Write response. */
if (text) {
if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
- goto end;
+ goto end;
if (token_out) {
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
if (!TS_TST_INFO_print_bio(out_bio, tst_info))
@@ -644,7 +665,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine,
ret = 1;
- end:
+end:
ERR_print_errors(bio_err);
BIO_free_all(in_bio);
BIO_free_all(query_bio);
@@ -677,11 +698,11 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
if (!TS_RESP_set_status_info(resp, si))
goto end;
TS_RESP_set_tst_info(resp, token, tst_info);
- token = NULL; /* Ownership is lost. */
- tst_info = NULL; /* Ownership is lost. */
+ token = NULL; /* Ownership is lost. */
+ tst_info = NULL; /* Ownership is lost. */
ret = 1;
- end:
+end:
PKCS7_free(token);
TS_TST_INFO_free(tst_info);
if (!ret) {
@@ -693,9 +714,9 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
}
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
- const char *queryfile, const char *passin,
- const char *inkey, const EVP_MD *md, const char *signer,
- const char *chain, const char *policy)
+ const char *queryfile, const char *passin,
+ const char *inkey, const EVP_MD *md, const char *signer,
+ const char *chain, const char *policy)
{
int ret = 0;
TS_RESP *response = NULL;
@@ -725,7 +746,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng
if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
goto end;
} else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
- goto end;
+ goto end;
}
if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx))
@@ -750,7 +771,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng
goto end;
ret = 1;
- end:
+end:
if (!ret) {
TS_RESP_free(response);
response = NULL;
@@ -767,8 +788,8 @@ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
if (serial == NULL) {
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
- "Error during serial number "
- "generation.");
+ "Error during serial number "
+ "generation.");
TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
} else {
save_ts_serial(serial_file, serial);
@@ -790,14 +811,15 @@ static ASN1_INTEGER *next_serial(const char *serialfile)
if ((in = BIO_new_file(serialfile, "r")) == NULL) {
ERR_clear_error();
BIO_printf(bio_err, "Warning: could not open file %s for "
- "reading, using serial number: 1\n", serialfile);
+ "reading, using serial number: 1\n",
+ serialfile);
if (!ASN1_INTEGER_set(serial, 1))
goto err;
} else {
char buf[1024];
if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
BIO_printf(bio_err, "unable to load number from %s\n",
- serialfile);
+ serialfile);
goto err;
}
if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
@@ -811,7 +833,7 @@ static ASN1_INTEGER *next_serial(const char *serialfile)
}
ret = 1;
- err:
+err:
if (!ret) {
ASN1_INTEGER_free(serial);
serial = NULL;
@@ -833,24 +855,23 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
if (BIO_puts(out, "\n") <= 0)
goto err;
ret = 1;
- err:
+err:
if (!ret)
BIO_printf(bio_err, "could not save serial number to %s\n",
- serialfile);
+ serialfile);
BIO_free_all(out);
return ret;
}
-
/*
* Verify-related method definitions.
*/
static int verify_command(const char *data, const char *digest, const char *queryfile,
- const char *in, int token_in,
- const char *CApath, const char *CAfile,
- const char *CAstore, char *untrusted,
- X509_VERIFY_PARAM *vpm)
+ const char *in, int token_in,
+ const char *CApath, const char *CAfile,
+ const char *CAstore, char *untrusted,
+ X509_VERIFY_PARAM *vpm)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
@@ -869,15 +890,16 @@ static int verify_command(const char *data, const char *digest, const char *quer
}
if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
- CApath, CAfile, CAstore, untrusted,
- vpm)) == NULL)
+ CApath, CAfile, CAstore, untrusted,
+ vpm))
+ == NULL)
goto end;
ret = token_in
? TS_RESP_verify_token(verify_ctx, token)
: TS_RESP_verify_response(verify_ctx, response);
- end:
+end:
printf("Verification: ");
if (ret)
printf("OK\n");
@@ -894,11 +916,11 @@ static int verify_command(const char *data, const char *digest, const char *quer
}
static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
- const char *queryfile,
- const char *CApath, const char *CAfile,
- const char *CAstore,
- char *untrusted,
- X509_VERIFY_PARAM *vpm)
+ const char *queryfile,
+ const char *CApath, const char *CAfile,
+ const char *CAstore,
+ char *untrusted,
+ X509_VERIFY_PARAM *vpm)
{
TS_VERIFY_CTX *ctx = NULL;
STACK_OF(X509) *certs;
@@ -947,20 +969,20 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
/* Initialising the X509_STORE object. */
if (TS_VERIFY_CTX_set_store(ctx,
- create_cert_store(CApath, CAfile, CAstore, vpm))
- == NULL)
+ create_cert_store(CApath, CAfile, CAstore, vpm))
+ == NULL)
goto err;
/* Loading any extra untrusted certificates. */
if (untrusted != NULL) {
certs = load_certs_multifile(untrusted, NULL, "extra untrusted certs",
- vpm);
+ vpm);
if (certs == NULL || TS_VERIFY_CTX_set_certs(ctx, certs) == NULL)
goto err;
}
ret = 1;
- err:
+err:
if (!ret) {
TS_VERIFY_CTX_free(ctx);
ctx = NULL;
@@ -971,7 +993,7 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
}
static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
- const char *CAstore, X509_VERIFY_PARAM *vpm)
+ const char *CAstore, X509_VERIFY_PARAM *vpm)
{
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
@@ -1003,7 +1025,8 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
goto err;
}
if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx,
- propq) <= 0) {
+ propq)
+ <= 0) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto err;
}
@@ -1026,7 +1049,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
return cert_ctx;
- err:
+err:
X509_STORE_free(cert_ctx);
return NULL;
}
diff --git a/apps/verify.c b/apps/verify.c
index 3aae931f69df..5ff7770e1f18 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -20,60 +20,71 @@
static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, const char *file,
- STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, int show_chain,
- STACK_OF(OPENSSL_STRING) *opts);
+ STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+ STACK_OF(X509_CRL) *crls, int show_chain,
+ STACK_OF(OPENSSL_STRING) *opts);
static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
- OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
- OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
- OPT_V_ENUM, OPT_NAMEOPT, OPT_VFYOPT,
+ OPT_ENGINE,
+ OPT_CAPATH,
+ OPT_CAFILE,
+ OPT_CASTORE,
+ OPT_NOCAPATH,
+ OPT_NOCAFILE,
+ OPT_NOCASTORE,
+ OPT_UNTRUSTED,
+ OPT_TRUSTED,
+ OPT_CRLFILE,
+ OPT_CRL_DOWNLOAD,
+ OPT_SHOW_CHAIN,
+ OPT_V_ENUM,
+ OPT_NAMEOPT,
+ OPT_VFYOPT,
OPT_VERBOSE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS verify_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" },
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
- {"verbose", OPT_VERBOSE, '-',
- "Print extra information about the operations being performed."},
- {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
+ { "verbose", OPT_VERBOSE, '-',
+ "Print extra information about the operations being performed." },
+ { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" },
OPT_SECTION("Certificate chain"),
- {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
- {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
- {"CApath", OPT_CAPATH, '/', "A directory of files with trusted certificates"},
- {"CAstore", OPT_CASTORE, ':', "URI to a store of trusted certificates"},
- {"no-CAfile", OPT_NOCAFILE, '-',
- "Do not load the default trusted certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load trusted certificates from the default directory"},
- {"no-CAstore", OPT_NOCASTORE, '-',
- "Do not load trusted certificates from the default certificates store"},
- {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
- {"CRLfile", OPT_CRLFILE, '<',
- "File containing one or more CRL's (in PEM format) to load"},
- {"crl_download", OPT_CRL_DOWNLOAD, '-',
- "Try downloading CRL information for certificates via their CDP entries"},
- {"show_chain", OPT_SHOW_CHAIN, '-',
- "Display information about the certificate chain"},
+ { "trusted", OPT_TRUSTED, '<', "A file of trusted certificates" },
+ { "CAfile", OPT_CAFILE, '<', "A file of trusted certificates" },
+ { "CApath", OPT_CAPATH, '/', "A directory of files with trusted certificates" },
+ { "CAstore", OPT_CASTORE, ':', "URI to a store of trusted certificates" },
+ { "no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default trusted certificates file" },
+ { "no-CApath", OPT_NOCAPATH, '-',
+ "Do not load trusted certificates from the default directory" },
+ { "no-CAstore", OPT_NOCASTORE, '-',
+ "Do not load trusted certificates from the default certificates store" },
+ { "untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates" },
+ { "CRLfile", OPT_CRLFILE, '<',
+ "File containing one or more CRL's (in PEM format) to load" },
+ { "crl_download", OPT_CRL_DOWNLOAD, '-',
+ "Try downloading CRL information for certificates via their CDP entries" },
+ { "show_chain", OPT_SHOW_CHAIN, '-',
+ "Display information about the certificate chain" },
OPT_V_OPTIONS,
- {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"},
+ { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" },
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
- {"cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)"},
- {NULL}
+ { "cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)" },
+ { NULL }
};
int verify_main(int argc, char **argv)
@@ -97,7 +108,7 @@ int verify_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -107,8 +118,8 @@ int verify_main(int argc, char **argv)
X509_PURPOSE *ptmp = X509_PURPOSE_get0(i);
BIO_printf(bio_err, " %-15s %s\n",
- X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
+ X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
}
BIO_printf(bio_err, "Recognized certificate policy names:\n");
@@ -116,7 +127,7 @@ int verify_main(int argc, char **argv)
const X509_VERIFY_PARAM *vptmp = X509_VERIFY_PARAM_get0(i);
BIO_printf(bio_err, " %s\n",
- X509_VERIFY_PARAM_get0_name(vptmp));
+ X509_VERIFY_PARAM_get0_name(vptmp));
}
ret = 0;
goto end;
@@ -146,7 +157,7 @@ int verify_main(int argc, char **argv)
case OPT_UNTRUSTED:
/* Zero or more times */
if (!load_certs(opt_arg(), 0, &untrusted, NULL,
- "untrusted certificates"))
+ "untrusted certificates"))
goto end;
break;
case OPT_TRUSTED:
@@ -201,13 +212,14 @@ int verify_main(int argc, char **argv)
if (trusted != NULL
&& (CAfile != NULL || CApath != NULL || CAstore != NULL)) {
BIO_printf(bio_err,
- "%s: Cannot use -trusted with -CAfile, -CApath or -CAstore\n",
- prog);
+ "%s: Cannot use -trusted with -CAfile, -CApath or -CAstore\n",
+ prog);
goto end;
}
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) == NULL)
+ CAstore, noCAstore))
+ == NULL)
goto end;
X509_STORE_set_verify_cb(store, cb);
@@ -222,16 +234,18 @@ int verify_main(int argc, char **argv)
ret = 0;
if (argc < 1) {
if (check(store, NULL, untrusted, trusted, crls, show_chain,
- vfyopts) != 1)
+ vfyopts)
+ != 1)
ret = -1;
} else {
for (i = 0; i < argc; i++)
if (check(store, argv[i], untrusted, trusted, crls, show_chain,
- vfyopts) != 1)
+ vfyopts)
+ != 1)
ret = -1;
}
- end:
+end:
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
@@ -243,9 +257,9 @@ int verify_main(int argc, char **argv)
}
static int check(X509_STORE *ctx, const char *file,
- STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, int show_chain,
- STACK_OF(OPENSSL_STRING) *opts)
+ STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+ STACK_OF(X509_CRL) *crls, int show_chain,
+ STACK_OF(OPENSSL_STRING) *opts)
{
X509 *x = NULL;
int i = 0, ret = 0;
@@ -272,7 +286,7 @@ static int check(X509_STORE *ctx, const char *file,
csc = X509_STORE_CTX_new();
if (csc == NULL) {
BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n",
- (file == NULL) ? "stdin" : file);
+ (file == NULL) ? "stdin" : file);
goto end;
}
@@ -280,8 +294,8 @@ static int check(X509_STORE *ctx, const char *file,
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
X509_STORE_CTX_free(csc);
BIO_printf(bio_err,
- "error %s: X.509 store context initialization failed\n",
- (file == NULL) ? "stdin" : file);
+ "error %s: X.509 store context initialization failed\n",
+ (file == NULL) ? "stdin" : file);
goto end;
}
if (tchain != NULL)
@@ -302,8 +316,8 @@ static int check(X509_STORE *ctx, const char *file,
X509 *cert = sk_X509_value(chain, j);
BIO_printf(bio_out, "depth=%d: ", j);
X509_NAME_print_ex_fp(stdout,
- X509_get_subject_name(cert),
- 0, get_nameopt());
+ X509_get_subject_name(cert),
+ 0, get_nameopt());
if (j < num_untrusted)
BIO_printf(bio_out, " (untrusted)");
BIO_printf(bio_out, "\n");
@@ -312,12 +326,12 @@ static int check(X509_STORE *ctx, const char *file,
}
} else {
BIO_printf(bio_err,
- "error %s: verification failed\n",
- (file == NULL) ? "stdin" : file);
+ "error %s: verification failed\n",
+ (file == NULL) ? "stdin" : file);
}
X509_STORE_CTX_free(csc);
- end:
+end:
if (i <= 0)
ERR_print_errors(bio_err);
X509_free(x);
@@ -333,15 +347,15 @@ static int cb(int ok, X509_STORE_CTX *ctx)
if (!ok) {
if (current_cert != NULL) {
X509_NAME_print_ex(bio_err,
- X509_get_subject_name(current_cert),
- 0, get_nameopt());
+ X509_get_subject_name(current_cert),
+ 0, get_nameopt());
BIO_printf(bio_err, "\n");
}
BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
- X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
- cert_error,
- X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(cert_error));
+ X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
+ cert_error,
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(cert_error));
/*
* Pretend that some errors are ok, so they don't stop further
@@ -383,7 +397,6 @@ static int cb(int ok, X509_STORE_CTX *ctx)
ok = 1;
}
return ok;
-
}
if (cert_error == X509_V_OK && ok == 2)
policies_print(ctx);
diff --git a/apps/version.c b/apps/version.c
index cab17a46bf18..fdfca478543a 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -18,26 +18,36 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C
+ OPT_B,
+ OPT_D,
+ OPT_E,
+ OPT_M,
+ OPT_F,
+ OPT_O,
+ OPT_P,
+ OPT_V,
+ OPT_A,
+ OPT_R,
+ OPT_C
} OPTION_CHOICE;
const OPTIONS version_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
OPT_SECTION("Output"),
- {"a", OPT_A, '-', "Show all data"},
- {"b", OPT_B, '-', "Show build date"},
- {"d", OPT_D, '-', "Show configuration directory"},
- {"e", OPT_E, '-', "Show engines directory"},
- {"m", OPT_M, '-', "Show modules directory"},
- {"f", OPT_F, '-', "Show compiler flags used"},
- {"o", OPT_O, '-', "Show some internal datatype options"},
- {"p", OPT_P, '-', "Show target build platform"},
- {"r", OPT_R, '-', "Show random seeding options"},
- {"v", OPT_V, '-', "Show library version"},
- {"c", OPT_C, '-', "Show CPU settings info"},
- {NULL}
+ { "a", OPT_A, '-', "Show all data" },
+ { "b", OPT_B, '-', "Show build date" },
+ { "d", OPT_D, '-', "Show configuration directory" },
+ { "e", OPT_E, '-', "Show engines directory" },
+ { "m", OPT_M, '-', "Show modules directory" },
+ { "f", OPT_F, '-', "Show compiler flags used" },
+ { "o", OPT_O, '-', "Show some internal datatype options" },
+ { "p", OPT_P, '-', "Show target build platform" },
+ { "r", OPT_R, '-', "Show random seeding options" },
+ { "v", OPT_V, '-', "Show library version" },
+ { "c", OPT_C, '-', "Show CPU settings info" },
+ { NULL }
};
int version_main(int argc, char **argv)
@@ -53,7 +63,7 @@ int version_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -108,7 +118,7 @@ opthelp:
if (version)
printf("%s (Library: %s)\n",
- OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
+ OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
if (date)
printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
if (platform)
@@ -133,19 +143,18 @@ opthelp:
if (cpuinfo)
printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
ret = 0;
- end:
+end:
return ret;
}
-
#if defined(__TANDEM) && defined(OPENSSL_VPROC)
/*
* Define a VPROC function for the openssl program.
* This is used by platform version identification tools.
* Do not inline this procedure or make it static.
*/
-# define OPENSSL_VPROC_STRING_(x) x##_OPENSSL
-# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
-# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
-void OPENSSL_VPROC_FUNC(void) {}
+#define OPENSSL_VPROC_STRING_(x) x##_OPENSSL
+#define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
+#define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
+void OPENSSL_VPROC_FUNC(void) { }
#endif
diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c
index 21481e27bf93..58b9b190a120 100644
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@@ -7,9 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
- defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
-# define USE_DECC_INIT 1
+#if defined(__VMS) && !defined(OPENSSL_NO_DECC_INIT) && defined(__DECC) && !defined(__VAX) && (__CRTL_VER >= 70301000)
+#define USE_DECC_INIT 1
#endif
#ifdef USE_DECC_INIT
@@ -21,9 +20,9 @@
* ----------------------------------------------------------------------
*/
-# include <stdio.h>
-# include <stdlib.h>
-# include <unixlib.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unixlib.h>
/* Global storage. */
@@ -45,22 +44,21 @@ typedef struct {
decc_feat_t decc_feat_array[] = {
/* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
- {"DECC$ARGV_PARSE_STYLE", 1},
+ { "DECC$ARGV_PARSE_STYLE", 1 },
/* Preserve case for file names on ODS5 disks. */
- {"DECC$EFS_CASE_PRESERVE", 1},
+ { "DECC$EFS_CASE_PRESERVE", 1 },
/*
* Enable multiple dots (and most characters) in ODS5 file names, while
* preserving VMS-ness of ";version".
*/
- {"DECC$EFS_CHARSET", 1},
+ { "DECC$EFS_CHARSET", 1 },
/* List terminator. */
- {(char *)NULL, 0}
+ { (char *)NULL, 0 }
};
-
/* LIB$INITIALIZE initialization function. */
static void decc_init(void)
@@ -98,31 +96,30 @@ static void decc_init(void)
feat_value_max = decc$feature_get_value(feat_index, 3);
/* Check the validity of our desired value. */
- if ((decc_feat_array[i].value >= feat_value_min) &&
- (decc_feat_array[i].value <= feat_value_max)) {
+ if ((decc_feat_array[i].value >= feat_value_min) && (decc_feat_array[i].value <= feat_value_max)) {
/* Valid value. Set it if necessary. */
if (feat_value != decc_feat_array[i].value) {
sts = decc$feature_set_value(feat_index,
- 1, decc_feat_array[i].value);
+ 1, decc_feat_array[i].value);
if (verbose > 1) {
fprintf(stderr, " %s = %d, sts = %d.\n",
- decc_feat_array[i].name,
- decc_feat_array[i].value, sts);
+ decc_feat_array[i].name,
+ decc_feat_array[i].value, sts);
}
}
} else {
/* Invalid DECC feature value. */
fprintf(stderr,
- " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
- feat_value,
- feat_value_min, decc_feat_array[i].name,
- feat_value_max);
+ " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+ feat_value,
+ feat_value_min, decc_feat_array[i].name,
+ feat_value_max);
}
} else {
/* Invalid DECC feature name. */
fprintf(stderr,
- " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
+ " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
}
}
@@ -133,44 +130,44 @@ static void decc_init(void)
/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
-# pragma nostandard
+#pragma nostandard
/*
* Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
* attributes. Note that "nopic" is significant only on VAX.
*/
-# pragma extern_model save
+#pragma extern_model save
-# if __INITIAL_POINTER_SIZE == 64
-# define PSECT_ALIGN 3
-# else
-# define PSECT_ALIGN 2
-# endif
+#if __INITIAL_POINTER_SIZE == 64
+#define PSECT_ALIGN 3
+#else
+#define PSECT_ALIGN 2
+#endif
-# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
const int spare[8] = { 0 };
-# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
-void (*const x_decc_init) () = decc_init;
+#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init)() = decc_init;
-# pragma extern_model restore
+#pragma extern_model restore
/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
-# pragma extern_model save
+#pragma extern_model save
int LIB$INITIALIZE(void);
-# pragma extern_model strict_refdef
+#pragma extern_model strict_refdef
int dmy_lib$initialize = (int)LIB$INITIALIZE;
-# pragma extern_model restore
+#pragma extern_model restore
-# pragma standard
+#pragma standard
-#else /* def USE_DECC_INIT */
+#else /* def USE_DECC_INIT */
/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
int decc_init_dummy(void);
-#endif /* def USE_DECC_INIT */
+#endif /* def USE_DECC_INIT */
diff --git a/apps/x509.c b/apps/x509.c
index a919d787457c..2a8908e158ce 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -23,161 +23,216 @@
#include <openssl/pem.h>
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
+#include <openssl/dsa.h>
#endif
#undef POSTFIX
#define POSTFIX ".srl"
-#define DEFAULT_DAYS 30 /* default cert validity period in days */
-#define UNSET_DAYS -2 /* -1 is used for testing expiration checks */
-#define EXT_COPY_UNSET -1
+#define DEFAULT_DAYS 30 /* default cert validity period in days */
+#define UNSET_DAYS -2 /* -1 is used for testing expiration checks */
+#define EXT_COPY_UNSET -1
static int callb(int ok, X509_STORE_CTX *ctx);
static ASN1_INTEGER *x509_load_serial(const char *CAfile,
- const char *serialfile, int create);
+ const char *serialfile, int create);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names);
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
- OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE,
- OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY,
- OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ,
- OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_DATEOPT, OPT_NAMEOPT,
- OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
- OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
- OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
- OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
- OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
- OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
- OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, OPT_COPY_EXTENSIONS,
- OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
- OPT_R_ENUM, OPT_PROV_ENUM, OPT_EXT
+ OPT_INFORM,
+ OPT_OUTFORM,
+ OPT_KEYFORM,
+ OPT_REQ,
+ OPT_CAFORM,
+ OPT_CAKEYFORM,
+ OPT_VFYOPT,
+ OPT_SIGOPT,
+ OPT_DAYS,
+ OPT_PASSIN,
+ OPT_EXTFILE,
+ OPT_EXTENSIONS,
+ OPT_IN,
+ OPT_OUT,
+ OPT_KEY,
+ OPT_SIGNKEY,
+ OPT_CA,
+ OPT_CAKEY,
+ OPT_CASERIAL,
+ OPT_SET_SERIAL,
+ OPT_NEW,
+ OPT_FORCE_PUBKEY,
+ OPT_SUBJ,
+ OPT_ADDTRUST,
+ OPT_ADDREJECT,
+ OPT_SETALIAS,
+ OPT_CERTOPT,
+ OPT_DATEOPT,
+ OPT_NAMEOPT,
+ OPT_EMAIL,
+ OPT_OCSP_URI,
+ OPT_SERIAL,
+ OPT_NEXT_SERIAL,
+ OPT_MODULUS,
+ OPT_PUBKEY,
+ OPT_X509TOREQ,
+ OPT_TEXT,
+ OPT_HASH,
+ OPT_ISSUER_HASH,
+ OPT_SUBJECT,
+ OPT_ISSUER,
+ OPT_FINGERPRINT,
+ OPT_DATES,
+ OPT_PURPOSE,
+ OPT_STARTDATE,
+ OPT_ENDDATE,
+ OPT_CHECKEND,
+ OPT_CHECKHOST,
+ OPT_CHECKEMAIL,
+ OPT_CHECKIP,
+ OPT_NOOUT,
+ OPT_TRUSTOUT,
+ OPT_CLRTRUST,
+ OPT_CLRREJECT,
+ OPT_ALIAS,
+ OPT_CACREATESERIAL,
+ OPT_CLREXT,
+ OPT_OCSPID,
+ OPT_SUBJECT_HASH_OLD,
+ OPT_ISSUER_HASH_OLD,
+ OPT_COPY_EXTENSIONS,
+ OPT_BADSIG,
+ OPT_MD,
+ OPT_ENGINE,
+ OPT_NOCERT,
+ OPT_PRESERVE_DATES,
+ OPT_R_ENUM,
+ OPT_PROV_ENUM,
+ OPT_EXT
} OPTION_CHOICE;
const OPTIONS x509_options[] = {
OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
+ { "help", OPT_HELP, '-', "Display this summary" },
- {"in", OPT_IN, '<',
- "Certificate input, or CSR input file with -req (default stdin)"},
- {"passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source"},
- {"new", OPT_NEW, '-', "Generate a certificate from scratch"},
- {"x509toreq", OPT_X509TOREQ, '-',
- "Output a certification request (rather than a certificate)"},
- {"req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)"},
- {"copy_extensions", OPT_COPY_EXTENSIONS, 's',
- "copy extensions when converting from CSR to x509 or vice versa"},
- {"inform", OPT_INFORM, 'f',
- "CSR input file format (DER or PEM) - default PEM"},
- {"vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form"},
- {"key", OPT_KEY, 's',
- "Key for signing, and to include unless using -force_pubkey"},
- {"signkey", OPT_SIGNKEY, 's',
- "Same as -key"},
- {"keyform", OPT_KEYFORM, 'E',
- "Key input format (ENGINE, other values ignored)"},
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"outform", OPT_OUTFORM, 'f',
- "Output format (DER or PEM) - default PEM"},
- {"nocert", OPT_NOCERT, '-',
- "No cert output (except for requested printing)"},
- {"noout", OPT_NOOUT, '-', "No output (except for requested printing)"},
+ { "in", OPT_IN, '<',
+ "Certificate input, or CSR input file with -req (default stdin)" },
+ { "passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source" },
+ { "new", OPT_NEW, '-', "Generate a certificate from scratch" },
+ { "x509toreq", OPT_X509TOREQ, '-',
+ "Output a certification request (rather than a certificate)" },
+ { "req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)" },
+ { "copy_extensions", OPT_COPY_EXTENSIONS, 's',
+ "copy extensions when converting from CSR to x509 or vice versa" },
+ { "inform", OPT_INFORM, 'f',
+ "CSR input file format (DER or PEM) - default PEM" },
+ { "vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form" },
+ { "key", OPT_KEY, 's',
+ "Key for signing, and to include unless using -force_pubkey" },
+ { "signkey", OPT_SIGNKEY, 's',
+ "Same as -key" },
+ { "keyform", OPT_KEYFORM, 'E',
+ "Key input format (ENGINE, other values ignored)" },
+ { "out", OPT_OUT, '>', "Output file - default stdout" },
+ { "outform", OPT_OUTFORM, 'f',
+ "Output format (DER or PEM) - default PEM" },
+ { "nocert", OPT_NOCERT, '-',
+ "No cert output (except for requested printing)" },
+ { "noout", OPT_NOOUT, '-', "No output (except for requested printing)" },
OPT_SECTION("Certificate printing"),
- {"text", OPT_TEXT, '-', "Print the certificate in text form"},
- {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."},
- {"certopt", OPT_CERTOPT, 's', "Various certificate text printing options"},
- {"fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint"},
- {"alias", OPT_ALIAS, '-', "Print certificate alias"},
- {"serial", OPT_SERIAL, '-', "Print serial number value"},
- {"startdate", OPT_STARTDATE, '-', "Print the notBefore field"},
- {"enddate", OPT_ENDDATE, '-', "Print the notAfter field"},
- {"dates", OPT_DATES, '-', "Print both notBefore and notAfter fields"},
- {"subject", OPT_SUBJECT, '-', "Print subject DN"},
- {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
- {"nameopt", OPT_NAMEOPT, 's',
- "Certificate subject/issuer name printing options"},
- {"email", OPT_EMAIL, '-', "Print email address(es)"},
- {"hash", OPT_HASH, '-', "Synonym for -subject_hash (for backward compat)"},
- {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
+ { "text", OPT_TEXT, '-', "Print the certificate in text form" },
+ { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." },
+ { "certopt", OPT_CERTOPT, 's', "Various certificate text printing options" },
+ { "fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint" },
+ { "alias", OPT_ALIAS, '-', "Print certificate alias" },
+ { "serial", OPT_SERIAL, '-', "Print serial number value" },
+ { "startdate", OPT_STARTDATE, '-', "Print the notBefore field" },
+ { "enddate", OPT_ENDDATE, '-', "Print the notAfter field" },
+ { "dates", OPT_DATES, '-', "Print both notBefore and notAfter fields" },
+ { "subject", OPT_SUBJECT, '-', "Print subject DN" },
+ { "issuer", OPT_ISSUER, '-', "Print issuer DN" },
+ { "nameopt", OPT_NAMEOPT, 's',
+ "Certificate subject/issuer name printing options" },
+ { "email", OPT_EMAIL, '-', "Print email address(es)" },
+ { "hash", OPT_HASH, '-', "Synonym for -subject_hash (for backward compat)" },
+ { "subject_hash", OPT_HASH, '-', "Print subject hash value" },
#ifndef OPENSSL_NO_MD5
- {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
- "Print old-style (MD5) subject hash value"},
+ { "subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+ "Print old-style (MD5) subject hash value" },
#endif
- {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
+ { "issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value" },
#ifndef OPENSSL_NO_MD5
- {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
- "Print old-style (MD5) issuer hash value"},
+ { "issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+ "Print old-style (MD5) issuer hash value" },
#endif
- {"ext", OPT_EXT, 's',
- "Restrict which X.509 extensions to print and/or copy"},
- {"ocspid", OPT_OCSPID, '-',
- "Print OCSP hash values for the subject name and public key"},
- {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
- {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"},
- {"pubkey", OPT_PUBKEY, '-', "Print the public key in PEM format"},
- {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+ { "ext", OPT_EXT, 's',
+ "Restrict which X.509 extensions to print and/or copy" },
+ { "ocspid", OPT_OCSPID, '-',
+ "Print OCSP hash values for the subject name and public key" },
+ { "ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)" },
+ { "purpose", OPT_PURPOSE, '-', "Print out certificate purposes" },
+ { "pubkey", OPT_PUBKEY, '-', "Print the public key in PEM format" },
+ { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" },
OPT_SECTION("Certificate checking"),
- {"checkend", OPT_CHECKEND, 'M',
- "Check whether cert expires in the next arg seconds"},
- {OPT_MORE_STR, 1, 1, "Exit 1 (failure) if so, 0 if not"},
- {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"},
- {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
- {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
+ { "checkend", OPT_CHECKEND, 'M',
+ "Check whether cert expires in the next arg seconds" },
+ { OPT_MORE_STR, 1, 1, "Exit 1 (failure) if so, 0 if not" },
+ { "checkhost", OPT_CHECKHOST, 's', "Check certificate matches host" },
+ { "checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email" },
+ { "checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr" },
OPT_SECTION("Certificate output"),
- {"set_serial", OPT_SET_SERIAL, 's',
- "Serial number to use, overrides -CAserial"},
- {"next_serial", OPT_NEXT_SERIAL, '-',
- "Increment current certificate serial number"},
- {"days", OPT_DAYS, 'n',
- "Number of days until newly generated certificate expires - default 30"},
- {"preserve_dates", OPT_PRESERVE_DATES, '-',
- "Preserve existing validity dates"},
- {"subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"},
- {"force_pubkey", OPT_FORCE_PUBKEY, '<',
- "Place the given key in new certificate"},
- {"clrext", OPT_CLREXT, '-',
- "Do not take over any extensions from the source certificate or request"},
- {"extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add"},
- {"extensions", OPT_EXTENSIONS, 's',
- "Section of extfile to use - default: unnamed section"},
- {"sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form"},
- {"badsig", OPT_BADSIG, '-',
- "Corrupt last byte of certificate signature (for test)"},
- {"", OPT_MD, '-', "Any supported digest, used for signing and printing"},
+ { "set_serial", OPT_SET_SERIAL, 's',
+ "Serial number to use, overrides -CAserial" },
+ { "next_serial", OPT_NEXT_SERIAL, '-',
+ "Increment current certificate serial number" },
+ { "days", OPT_DAYS, 'n',
+ "Number of days until newly generated certificate expires - default 30" },
+ { "preserve_dates", OPT_PRESERVE_DATES, '-',
+ "Preserve existing validity dates" },
+ { "subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)" },
+ { "force_pubkey", OPT_FORCE_PUBKEY, '<',
+ "Place the given key in new certificate" },
+ { "clrext", OPT_CLREXT, '-',
+ "Do not take over any extensions from the source certificate or request" },
+ { "extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add" },
+ { "extensions", OPT_EXTENSIONS, 's',
+ "Section of extfile to use - default: unnamed section" },
+ { "sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form" },
+ { "badsig", OPT_BADSIG, '-',
+ "Corrupt last byte of certificate signature (for test)" },
+ { "", OPT_MD, '-', "Any supported digest, used for signing and printing" },
OPT_SECTION("Micro-CA"),
- {"CA", OPT_CA, '<',
- "Use the given CA certificate, conflicts with -key"},
- {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"},
- {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"},
- {"CAkeyform", OPT_CAKEYFORM, 'E',
- "CA key format (ENGINE, other values ignored)"},
- {"CAserial", OPT_CASERIAL, 's',
- "File that keeps track of CA-generated serial number"},
- {"CAcreateserial", OPT_CACREATESERIAL, '-',
- "Create CA serial number file if it does not exist"},
+ { "CA", OPT_CA, '<',
+ "Use the given CA certificate, conflicts with -key" },
+ { "CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect" },
+ { "CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg" },
+ { "CAkeyform", OPT_CAKEYFORM, 'E',
+ "CA key format (ENGINE, other values ignored)" },
+ { "CAserial", OPT_CASERIAL, 's',
+ "File that keeps track of CA-generated serial number" },
+ { "CAcreateserial", OPT_CACREATESERIAL, '-',
+ "Create CA serial number file if it does not exist" },
OPT_SECTION("Certificate trust output"),
- {"trustout", OPT_TRUSTOUT, '-', "Mark certificate PEM output as trusted"},
- {"setalias", OPT_SETALIAS, 's', "Set certificate alias (nickname)"},
- {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
- {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
- {"clrreject", OPT_CLRREJECT, '-',
- "Clears all the prohibited or rejected uses of the certificate"},
- {"addreject", OPT_ADDREJECT, 's',
- "Reject certificate for a given purpose"},
+ { "trustout", OPT_TRUSTOUT, '-', "Mark certificate PEM output as trusted" },
+ { "setalias", OPT_SETALIAS, 's', "Set certificate alias (nickname)" },
+ { "clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes" },
+ { "addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose" },
+ { "clrreject", OPT_CLRREJECT, '-',
+ "Clears all the prohibited or rejected uses of the certificate" },
+ { "addreject", OPT_ADDREJECT, 's',
+ "Reject certificate for a given purpose" },
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" },
#endif
OPT_PROV_OPTIONS,
- {NULL}
+ { NULL }
};
static void warn_copying(ASN1_OBJECT *excluded, const char *names)
@@ -186,8 +241,8 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names)
if (names != NULL && strstr(names, sn) != NULL)
BIO_printf(bio_err,
- "Warning: -ext should not specify copying %s extension to CSR; ignoring this\n",
- sn);
+ "Warning: -ext should not specify copying %s extension to CSR; ignoring this\n",
+ sn);
}
static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
@@ -215,13 +270,13 @@ static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
if (OBJ_cmp(obj, skid) != 0 && OBJ_cmp(obj, akid) != 0
- && !sk_X509_EXTENSION_push(exts, ex))
+ && !sk_X509_EXTENSION_push(exts, ex))
goto err;
}
if (sk_X509_EXTENSION_num(exts) > 0) {
if (ext_copy != EXT_COPY_UNSET && ext_copy != EXT_COPY_NONE
- && !X509_REQ_add_extensions(req, exts)) {
+ && !X509_REQ_add_extensions(req, exts)) {
BIO_printf(bio_err, "Error copying extensions from certificate\n");
goto err;
}
@@ -229,7 +284,7 @@ static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
sk_X509_EXTENSION_free(exts);
return req;
- err:
+err:
sk_X509_EXTENSION_free(exts);
X509_REQ_free(req);
return NULL;
@@ -307,7 +362,7 @@ int x509_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
- opthelp:
+ opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
@@ -347,14 +402,14 @@ int x509_main(int argc, char **argv)
case OPT_DATEOPT:
if (!set_dateopt(&dateopt, opt_arg())) {
BIO_printf(bio_err,
- "Invalid date format: %s\n", opt_arg());
+ "Invalid date format: %s\n", opt_arg());
goto end;
}
break;
case OPT_COPY_EXTENSIONS:
if (!set_ext_copy(&ext_copy, opt_arg())) {
BIO_printf(bio_err,
- "Invalid extension copy option: %s\n", opt_arg());
+ "Invalid extension copy option: %s\n", opt_arg());
goto end;
}
break;
@@ -375,7 +430,7 @@ int x509_main(int argc, char **argv)
days = atoi(opt_arg());
if (days < -1) {
BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n",
- prog);
+ prog);
goto end;
}
break;
@@ -431,7 +486,7 @@ int x509_main(int argc, char **argv)
goto end;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
- prog, opt_arg());
+ prog, opt_arg());
goto opthelp;
}
sk_ASN1_OBJECT_push(trust, objtmp);
@@ -442,7 +497,7 @@ int x509_main(int argc, char **argv)
goto end;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
- prog, opt_arg());
+ prog, opt_arg());
goto opthelp;
}
sk_ASN1_OBJECT_push(reject, objtmp);
@@ -570,7 +625,7 @@ int x509_main(int argc, char **argv)
checkoffset = (time_t)temp;
if ((ossl_intmax_t)checkoffset != temp) {
BIO_printf(bio_err, "%s: Checkend time out of range %s\n",
- prog, opt_arg());
+ prog, opt_arg());
goto opthelp;
}
}
@@ -614,7 +669,7 @@ int x509_main(int argc, char **argv)
}
if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
- app_get0_propq()))
+ app_get0_propq()))
goto end;
if (newcert && infile != NULL) {
@@ -623,7 +678,7 @@ int x509_main(int argc, char **argv)
}
if (newcert && reqfile) {
BIO_printf(bio_err,
- "The -req option cannot be used with -new\n");
+ "The -req option cannot be used with -new\n");
goto end;
}
if (privkeyfile != NULL) {
@@ -633,24 +688,25 @@ int x509_main(int argc, char **argv)
}
if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
- "explicitly set public key")) == NULL)
+ "explicitly set public key"))
+ == NULL)
goto end;
}
if (newcert) {
if (subj == NULL) {
BIO_printf(bio_err,
- "The -new option requires a subject to be set using -subj\n");
+ "The -new option requires a subject to be set using -subj\n");
goto end;
}
if (privkeyfile == NULL && pubkeyfile == NULL) {
BIO_printf(bio_err,
- "The -new option requires using the -key or -force_pubkey option\n");
+ "The -new option requires using the -key or -force_pubkey option\n");
goto end;
}
}
if (subj != NULL
- && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
+ && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
goto end;
if (CAkeyfile == NULL)
@@ -662,7 +718,7 @@ int x509_main(int argc, char **argv)
}
} else {
#define WARN_NO_CA(opt) BIO_printf(bio_err, \
- "Warning: ignoring " opt " option since -CA option is not given\n");
+ "Warning: ignoring " opt " option since -CA option is not given\n");
if (CAkeyfile != NULL)
WARN_NO_CA("-CAkey");
if (CAkeyformat != FORMAT_UNDEF)
@@ -678,7 +734,7 @@ int x509_main(int argc, char **argv)
if (extfile == NULL) {
if (extsect != NULL)
BIO_printf(bio_err,
- "Warning: ignoring -extensions option without -extfile\n");
+ "Warning: ignoring -extensions option without -extfile\n");
} else {
X509V3_CTX ctx2;
@@ -695,7 +751,7 @@ int x509_main(int argc, char **argv)
X509V3_set_nconf(&ctx2, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
BIO_printf(bio_err,
- "Error checking extension section %s\n", extsect);
+ "Error checking extension section %s\n", extsect);
goto end;
}
}
@@ -711,9 +767,7 @@ int x509_main(int argc, char **argv)
}
i = do_X509_REQ_verify(req, pkey, vfyopts);
if (i <= 0) {
- BIO_printf(bio_err, i < 0
- ? "Error while verifying certificate request self-signature\n"
- : "Certificate request self-signature did not match the contents\n");
+ BIO_printf(bio_err, i < 0 ? "Error while verifying certificate request self-signature\n" : "Certificate request self-signature did not match the contents\n");
goto end;
}
BIO_printf(bio_err, "Certificate request self-signature ok\n");
@@ -726,11 +780,11 @@ int x509_main(int argc, char **argv)
if (reqfile || newcert) {
if (preserve_dates)
BIO_printf(bio_err,
- "Warning: ignoring -preserve_dates option with -req or -new\n");
+ "Warning: ignoring -preserve_dates option with -req or -new\n");
preserve_dates = 0;
if (privkeyfile == NULL && CAkeyfile == NULL) {
BIO_printf(bio_err,
- "We need a private key to sign with, use -key or -CAkey or -CA with private key\n");
+ "We need a private key to sign with, use -key or -CAkey or -CA with private key\n");
goto end;
}
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
@@ -755,13 +809,11 @@ int x509_main(int argc, char **argv)
goto end;
}
if ((fsubj != NULL || req != NULL)
- && !X509_set_subject_name(x, fsubj != NULL ? fsubj :
- X509_REQ_get_subject_name(req)))
+ && !X509_set_subject_name(x, fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req)))
goto end;
if ((pubkey != NULL || privkey != NULL || req != NULL)
- && !X509_set_pubkey(x, pubkey != NULL ? pubkey :
- privkey != NULL ? privkey :
- X509_REQ_get0_pubkey(req)))
+ && !X509_set_pubkey(x, pubkey != NULL ? pubkey : privkey != NULL ? privkey
+ : X509_REQ_get0_pubkey(req)))
goto end;
if (CAfile != NULL) {
@@ -836,7 +888,7 @@ int x509_main(int argc, char **argv)
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) {
BIO_printf(bio_err,
- "Error adding extensions from section %s\n", extsect);
+ "Error adding extensions from section %s\n", extsect);
goto end;
}
}
@@ -864,7 +916,7 @@ int x509_main(int argc, char **argv)
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
BIO_printf(bio_err,
- "Error adding request extensions from section %s\n", extsect);
+ "Error adding request extensions from section %s\n", extsect);
goto end;
}
}
@@ -879,7 +931,7 @@ int x509_main(int argc, char **argv)
}
if (!i) {
BIO_printf(bio_err,
- "Unable to write certificate request\n");
+ "Unable to write certificate request\n");
goto end;
}
}
@@ -889,11 +941,12 @@ int x509_main(int argc, char **argv)
goto end;
} else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat,
- 0, passin, e, "CA private key")) == NULL)
+ 0, passin, e, "CA private key"))
+ == NULL)
goto end;
if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err,
- "CA certificate and CA private key do not match\n");
+ "CA certificate and CA private key do not match\n");
goto end;
}
@@ -924,7 +977,7 @@ int x509_main(int argc, char **argv)
if (bnser == NULL)
goto end;
if (!BN_add_word(bnser, 1)
- || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
+ || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
BN_free(bnser);
goto end;
}
@@ -933,8 +986,7 @@ int x509_main(int argc, char **argv)
ASN1_INTEGER_free(ser);
BIO_puts(out, "\n");
} else if (i == email || i == ocsp_uri) {
- STACK_OF(OPENSSL_STRING) *emlst =
- i == email ? X509_get1_email(x) : X509_get1_ocsp(x);
+ STACK_OF(OPENSSL_STRING) *emlst = i == email ? X509_get1_email(x) : X509_get1_ocsp(x);
for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
BIO_printf(out, "%s\n", sk_OPENSSL_STRING_value(emlst, j));
@@ -1005,7 +1057,8 @@ int x509_main(int argc, char **argv)
fdigname = "SHA1";
if ((fdig = EVP_MD_fetch(app_get0_libctx(), fdigname,
- app_get0_propq())) == NULL) {
+ app_get0_propq()))
+ == NULL) {
BIO_printf(bio_err, "Unknown digest\n");
goto end;
}
@@ -1061,7 +1114,7 @@ int x509_main(int argc, char **argv)
}
ret = 0;
- end:
+end:
if (ret != 0)
ERR_print_errors(bio_err);
NCONF_free(extconf);
@@ -1086,7 +1139,7 @@ int x509_main(int argc, char **argv)
}
static ASN1_INTEGER *x509_load_serial(const char *CAfile,
- const char *serialfile, int create)
+ const char *serialfile, int create)
{
char *buf = NULL;
ASN1_INTEGER *bs = NULL;
@@ -1118,7 +1171,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
else
bs = BN_to_ASN1_INTEGER(serial, NULL);
- end:
+end:
OPENSSL_free(buf);
BN_free(serial);
return bs;
@@ -1144,15 +1197,15 @@ static int callb(int ok, X509_STORE_CTX *ctx)
*/
if (ok) {
BIO_printf(bio_err,
- "Error with certificate to be certified - should be self-signed\n");
+ "Error with certificate to be certified - should be self-signed\n");
return 0;
} else {
err_cert = X509_STORE_CTX_get_current_cert(ctx);
print_name(bio_err, "subject=", X509_get_subject_name(err_cert));
BIO_printf(bio_err,
- "Error with certificate - error %d at depth %d\n%s\n", err,
- X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(err));
+ "Error with certificate - error %d at depth %d\n%s\n", err,
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(err));
return 1;
}
}
@@ -1259,7 +1312,7 @@ static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names)
}
ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0);
- end:
+end:
sk_X509_EXTENSION_free(exts2);
OPENSSL_free(names);
OPENSSL_free(tmp_ext_names);
generated by cgit v1.3 (git 2.53.0) at 2026-03-30 05:21:44 +0000