diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-06 14:32:07 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-06 14:32:07 +0000 |
commit | 97e22bdc8f89f5e24193e9845d7656d4a03a0068 (patch) | |
tree | ff61e3d90ee0c10598309f6598d9c2af7538a81c | |
parent | ae0c68e8b375aa68038abe5bdf446243f1267420 (diff) |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
44 files changed, 3260 insertions, 3260 deletions
diff --git a/usr.bin/openssl/asn1pars.c b/usr.bin/openssl/asn1pars.c index 6f7fa18512e..5824b0ea149 100644 --- a/usr.bin/openssl/asn1pars.c +++ b/usr.bin/openssl/asn1pars.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: asn1pars.c,v 1.13 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,14 +86,14 @@ static struct { int offset; char *oidfile; STACK_OF(OPENSSL_STRING) *osk; -} asn1pars_config; +} cfg; static int asn1pars_opt_dlimit(char *arg) { const char *errstr; - asn1pars_config.dump = strtonum(arg, 1, INT_MAX, &errstr); + cfg.dump = strtonum(arg, 1, INT_MAX, &errstr); if (errstr) { fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n", errstr); @@ -107,7 +107,7 @@ asn1pars_opt_length(char *arg) { const char *errstr; - asn1pars_config.length = strtonum(arg, 1, UINT_MAX, &errstr); + cfg.length = strtonum(arg, 1, UINT_MAX, &errstr); if (errstr) { fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n", errstr); @@ -119,7 +119,7 @@ asn1pars_opt_length(char *arg) static int asn1pars_opt_strparse(char *arg) { - if (sk_OPENSSL_STRING_push(asn1pars_config.osk, arg) == 0) { + if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) { fprintf(stderr, "-strparse cannot add argument\n"); return (-1); } @@ -132,7 +132,7 @@ static const struct option asn1pars_options[] = { .desc = "Dump unknown data in hex form", .type = OPTION_VALUE, .value = -1, - .opt.value = &asn1pars_config.dump, + .opt.value = &cfg.dump, }, { .name = "dlimit", @@ -146,34 +146,34 @@ static const struct option asn1pars_options[] = { .argname = "file", .desc = "File to generate ASN.1 structure from", .type = OPTION_ARG, - .opt.arg = &asn1pars_config.genconf, + .opt.arg = &cfg.genconf, }, { .name = "genstr", .argname = "string", .desc = "String to generate ASN.1 structure from", .type = OPTION_ARG, - .opt.arg = &asn1pars_config.genstr, + .opt.arg = &cfg.genstr, }, { .name = "i", .desc = "Indent output according to depth of structures", .type = OPTION_FLAG, - .opt.flag = &asn1pars_config.indent, + .opt.flag = &cfg.indent, }, { .name = "in", .argname = "file", .desc = "The input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &asn1pars_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "fmt", .desc = "Input format (DER, TXT or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &asn1pars_config.informat, + .opt.value = &cfg.informat, }, { .name = "length", @@ -186,28 +186,28 @@ static const struct option asn1pars_options[] = { .name = "noout", .desc = "Do not produce any output", .type = OPTION_FLAG, - .opt.flag = &asn1pars_config.noout, + .opt.flag = &cfg.noout, }, { .name = "offset", .argname = "num", .desc = "Offset to begin parsing", .type = OPTION_ARG_INT, - .opt.value = &asn1pars_config.offset, + .opt.value = &cfg.offset, }, { .name = "oid", .argname = "file", .desc = "File containing additional object identifiers (OIDs)", .type = OPTION_ARG, - .opt.arg = &asn1pars_config.oidfile, + .opt.arg = &cfg.oidfile, }, { .name = "out", .argname = "file", .desc = "Output file in DER format", .type = OPTION_ARG, - .opt.arg = &asn1pars_config.derfile, + .opt.arg = &cfg.derfile, }, { .name = "strparse", @@ -252,10 +252,10 @@ asn1parse_main(int argc, char **argv) exit(1); } - memset(&asn1pars_config, 0, sizeof(asn1pars_config)); + memset(&cfg, 0, sizeof(cfg)); - asn1pars_config.informat = FORMAT_PEM; - if ((asn1pars_config.osk = sk_OPENSSL_STRING_new_null()) == NULL) { + cfg.informat = FORMAT_PEM; + if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } @@ -273,28 +273,28 @@ asn1parse_main(int argc, char **argv) } BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - if (asn1pars_config.oidfile != NULL) { - if (BIO_read_filename(in, asn1pars_config.oidfile) <= 0) { + if (cfg.oidfile != NULL) { + if (BIO_read_filename(in, cfg.oidfile) <= 0) { BIO_printf(bio_err, "problems opening %s\n", - asn1pars_config.oidfile); + cfg.oidfile); ERR_print_errors(bio_err); goto end; } OBJ_create_objects(in); } - if (asn1pars_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, asn1pars_config.infile) <= 0) { - perror(asn1pars_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (asn1pars_config.derfile) { - if (!(derout = BIO_new_file(asn1pars_config.derfile, "wb"))) { + if (cfg.derfile) { + if (!(derout = BIO_new_file(cfg.derfile, "wb"))) { BIO_printf(bio_err, "problems opening %s\n", - asn1pars_config.derfile); + cfg.derfile); ERR_print_errors(bio_err); goto end; } @@ -304,16 +304,16 @@ asn1parse_main(int argc, char **argv) if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ - if (asn1pars_config.genstr || asn1pars_config.genconf) { - num = do_generate(bio_err, asn1pars_config.genstr, - asn1pars_config.genconf, buf); + if (cfg.genstr || cfg.genconf) { + num = do_generate(bio_err, cfg.genstr, + cfg.genconf, buf); if (num < 0) { ERR_print_errors(bio_err); goto end; } } else { - if (asn1pars_config.informat == FORMAT_PEM) { + if (cfg.informat == FORMAT_PEM) { BIO *tmp; if ((b64 = BIO_new(BIO_f_base64())) == NULL) @@ -337,20 +337,20 @@ asn1parse_main(int argc, char **argv) /* If any structs to parse go through in sequence */ - if (sk_OPENSSL_STRING_num(asn1pars_config.osk)) { + if (sk_OPENSSL_STRING_num(cfg.osk)) { tmpbuf = (unsigned char *) str; tmplen = num; - for (i = 0; i < sk_OPENSSL_STRING_num(asn1pars_config.osk); + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk); i++) { ASN1_TYPE *atmp; int typ; j = strtonum( - sk_OPENSSL_STRING_value(asn1pars_config.osk, i), + sk_OPENSSL_STRING_value(cfg.osk, i), 1, INT_MAX, &errstr); if (errstr) { BIO_printf(bio_err, "'%s' is an invalid number: %s\n", - sk_OPENSSL_STRING_value(asn1pars_config.osk, + sk_OPENSSL_STRING_value(cfg.osk, i), errstr); continue; } @@ -380,28 +380,28 @@ asn1parse_main(int argc, char **argv) str = (char *) tmpbuf; num = tmplen; } - if (asn1pars_config.offset >= num) { + if (cfg.offset >= num) { BIO_printf(bio_err, "Error: offset too large\n"); goto end; } - num -= asn1pars_config.offset; + num -= cfg.offset; - if ((asn1pars_config.length == 0) || - ((long)asn1pars_config.length > num)) - asn1pars_config.length = (unsigned int) num; + if ((cfg.length == 0) || + ((long)cfg.length > num)) + cfg.length = (unsigned int) num; if (derout) { - if (BIO_write(derout, str + asn1pars_config.offset, - asn1pars_config.length) != (int)asn1pars_config.length) { + if (BIO_write(derout, str + cfg.offset, + cfg.length) != (int)cfg.length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } - if (!asn1pars_config.noout && + if (!cfg.noout && !ASN1_parse_dump(out, - (unsigned char *)&(str[asn1pars_config.offset]), - asn1pars_config.length, asn1pars_config.indent, - asn1pars_config.dump)) { + (unsigned char *)&(str[cfg.offset]), + cfg.length, cfg.indent, + cfg.dump)) { ERR_print_errors(bio_err); goto end; } @@ -415,7 +415,7 @@ asn1parse_main(int argc, char **argv) ERR_print_errors(bio_err); BUF_MEM_free(buf); ASN1_TYPE_free(at); - sk_OPENSSL_STRING_free(asn1pars_config.osk); + sk_OPENSSL_STRING_free(cfg.osk); OBJ_cleanup(); return (ret); diff --git a/usr.bin/openssl/ca.c b/usr.bin/openssl/ca.c index e13354f4aff..369d11ead61 100644 --- a/usr.bin/openssl/ca.c +++ b/usr.bin/openssl/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: ca.c,v 1.55 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -207,63 +207,63 @@ static struct { char *startdate; char *subj; int verbose; -} ca_config; +} cfg; static int ca_opt_chtype_utf8(void) { - ca_config.chtype = MBSTRING_UTF8; + cfg.chtype = MBSTRING_UTF8; return (0); } static int ca_opt_crl_ca_compromise(char *arg) { - ca_config.rev_arg = arg; - ca_config.rev_type = REV_CA_COMPROMISE; + cfg.rev_arg = arg; + cfg.rev_type = REV_CA_COMPROMISE; return (0); } static int ca_opt_crl_compromise(char *arg) { - ca_config.rev_arg = arg; - ca_config.rev_type = REV_KEY_COMPROMISE; + cfg.rev_arg = arg; + cfg.rev_type = REV_KEY_COMPROMISE; return (0); } static int ca_opt_crl_hold(char *arg) { - ca_config.rev_arg = arg; - ca_config.rev_type = REV_HOLD; + cfg.rev_arg = arg; + cfg.rev_type = REV_HOLD; return (0); } static int ca_opt_crl_reason(char *arg) { - ca_config.rev_arg = arg; - ca_config.rev_type = REV_CRL_REASON; + cfg.rev_arg = arg; + cfg.rev_type = REV_CRL_REASON; return (0); } static int ca_opt_in(char *arg) { - ca_config.infile = arg; - ca_config.req = 1; + cfg.infile = arg; + cfg.req = 1; return (0); } static int ca_opt_infiles(int argc, char **argv, int *argsused) { - ca_config.infiles_num = argc - 1; - if (ca_config.infiles_num < 1) + cfg.infiles_num = argc - 1; + if (cfg.infiles_num < 1) return (1); - ca_config.infiles = argv + 1; - ca_config.req = 1; + cfg.infiles = argv + 1; + cfg.req = 1; *argsused = argc; return (0); } @@ -271,19 +271,19 @@ ca_opt_infiles(int argc, char **argv, int *argsused) static int ca_opt_revoke(char *arg) { - ca_config.infile = arg; - ca_config.dorevoke = 1; + cfg.infile = arg; + cfg.dorevoke = 1; return (0); } static int ca_opt_sigopt(char *arg) { - if (ca_config.sigopts == NULL) - ca_config.sigopts = sk_OPENSSL_STRING_new_null(); - if (ca_config.sigopts == NULL) + if (cfg.sigopts == NULL) + cfg.sigopts = sk_OPENSSL_STRING_new_null(); + if (cfg.sigopts == NULL) return (1); - if (!sk_OPENSSL_STRING_push(ca_config.sigopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) return (1); return (0); } @@ -291,16 +291,16 @@ ca_opt_sigopt(char *arg) static int ca_opt_spkac(char *arg) { - ca_config.spkac_file = arg; - ca_config.req = 1; + cfg.spkac_file = arg; + cfg.req = 1; return (0); } static int ca_opt_ss_cert(char *arg) { - ca_config.ss_cert_file = arg; - ca_config.req = 1; + cfg.ss_cert_file = arg; + cfg.req = 1; return (0); } @@ -309,27 +309,27 @@ static const struct option ca_options[] = { .name = "batch", .desc = "Operate in batch mode", .type = OPTION_FLAG, - .opt.flag = &ca_config.batch, + .opt.flag = &cfg.batch, }, { .name = "cert", .argname = "file", .desc = "File containing the CA certificate", .type = OPTION_ARG, - .opt.arg = &ca_config.certfile, + .opt.arg = &cfg.certfile, }, { .name = "config", .argname = "file", .desc = "Specify an alternative configuration file", .type = OPTION_ARG, - .opt.arg = &ca_config.configfile, + .opt.arg = &cfg.configfile, }, { .name = "create_serial", .desc = "If reading serial fails, create a new random serial", .type = OPTION_FLAG, - .opt.flag = &ca_config.create_serial, + .opt.flag = &cfg.create_serial, }, { .name = "crl_CA_compromise", @@ -367,62 +367,62 @@ static const struct option ca_options[] = { .argname = "days", .desc = "Number of days before the next CRL is due", .type = OPTION_ARG_LONG, - .opt.lvalue = &ca_config.crldays, + .opt.lvalue = &cfg.crldays, }, { .name = "crlexts", .argname = "section", .desc = "CRL extension section (override value in config file)", .type = OPTION_ARG, - .opt.arg = &ca_config.crl_ext, + .opt.arg = &cfg.crl_ext, }, { .name = "crlhours", .argname = "hours", .desc = "Number of hours before the next CRL is due", .type = OPTION_ARG_LONG, - .opt.lvalue = &ca_config.crlhours, + .opt.lvalue = &cfg.crlhours, }, { .name = "crlsec", .argname = "seconds", .desc = "Number of seconds before the next CRL is due", .type = OPTION_ARG_LONG, - .opt.lvalue = &ca_config.crlsec, + .opt.lvalue = &cfg.crlsec, }, { .name = "days", .argname = "arg", .desc = "Number of days to certify the certificate for", .type = OPTION_ARG_LONG, - .opt.lvalue = &ca_config.days, + .opt.lvalue = &cfg.days, }, { .name = "enddate", .argname = "YYMMDDHHMMSSZ", .desc = "Certificate validity notAfter (overrides -days)", .type = OPTION_ARG, - .opt.arg = &ca_config.enddate, + .opt.arg = &cfg.enddate, }, { .name = "extensions", .argname = "section", .desc = "Extension section (override value in config file)", .type = OPTION_ARG, - .opt.arg = &ca_config.extensions, + .opt.arg = &cfg.extensions, }, { .name = "extfile", .argname = "file", .desc = "Configuration file with X509v3 extentions to add", .type = OPTION_ARG, - .opt.arg = &ca_config.extfile, + .opt.arg = &cfg.extfile, }, { .name = "gencrl", .desc = "Generate a new CRL", .type = OPTION_FLAG, - .opt.flag = &ca_config.gencrl, + .opt.flag = &cfg.gencrl, }, { .name = "in", @@ -443,93 +443,93 @@ static const struct option ca_options[] = { .argname = "password", .desc = "Key to decode the private key if it is encrypted", .type = OPTION_ARG, - .opt.arg = &ca_config.key, + .opt.arg = &cfg.key, }, { .name = "keyfile", .argname = "file", .desc = "Private key file", .type = OPTION_ARG, - .opt.arg = &ca_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "keyform", .argname = "fmt", .desc = "Private key file format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &ca_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "md", .argname = "alg", .desc = "Message digest to use", .type = OPTION_ARG, - .opt.arg = &ca_config.md, + .opt.arg = &cfg.md, }, { .name = "msie_hack", .type = OPTION_FLAG, - .opt.flag = &ca_config.msie_hack, + .opt.flag = &cfg.msie_hack, }, { .name = "multivalue-rdn", .desc = "Enable support for multivalued RDNs", .type = OPTION_FLAG, - .opt.flag = &ca_config.multirdn, + .opt.flag = &cfg.multirdn, }, { .name = "name", .argname = "section", .desc = "Specifies the configuration file section to use", .type = OPTION_ARG, - .opt.arg = &ca_config.section, + .opt.arg = &cfg.section, }, { .name = "noemailDN", .desc = "Do not add the EMAIL field to the DN", .type = OPTION_VALUE, - .opt.value = &ca_config.email_dn, + .opt.value = &cfg.email_dn, .value = 0, }, { .name = "notext", .desc = "Do not print the generated certificate", .type = OPTION_FLAG, - .opt.flag = &ca_config.notext, + .opt.flag = &cfg.notext, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &ca_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outdir", .argname = "directory", .desc = " Directory to output certificates to", .type = OPTION_ARG, - .opt.arg = &ca_config.outdir, + .opt.arg = &cfg.outdir, }, { .name = "passin", .argname = "src", .desc = "Private key input password source", .type = OPTION_ARG, - .opt.arg = &ca_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "policy", .argname = "name", .desc = "The CA 'policy' to support", .type = OPTION_ARG, - .opt.arg = &ca_config.policy, + .opt.arg = &cfg.policy, }, { .name = "preserveDN", .desc = "Do not re-order the DN", .type = OPTION_FLAG, - .opt.flag = &ca_config.preserve, + .opt.flag = &cfg.preserve, }, { .name = "revoke", @@ -542,7 +542,7 @@ static const struct option ca_options[] = { .name = "selfsign", .desc = "Sign a certificate using the key associated with it", .type = OPTION_FLAG, - .opt.flag = &ca_config.selfsign, + .opt.flag = &cfg.selfsign, }, { .name = "sigopt", @@ -570,27 +570,27 @@ static const struct option ca_options[] = { .argname = "YYMMDDHHMMSSZ", .desc = "Certificate validity notBefore", .type = OPTION_ARG, - .opt.arg = &ca_config.startdate, + .opt.arg = &cfg.startdate, }, { .name = "status", .argname = "serial", .desc = "Shows certificate status given the serial number", .type = OPTION_ARG, - .opt.arg = &ca_config.serial_status, + .opt.arg = &cfg.serial_status, }, { .name = "subj", .argname = "arg", .desc = "Use arg instead of request's subject", .type = OPTION_ARG, - .opt.arg = &ca_config.subj, + .opt.arg = &cfg.subj, }, { .name = "updatedb", .desc = "Updates db for expired certificates", .type = OPTION_FLAG, - .opt.flag = &ca_config.doupdatedb, + .opt.flag = &cfg.doupdatedb, }, { .name = "utf8", @@ -602,7 +602,7 @@ static const struct option ca_options[] = { .name = "verbose", .desc = "Verbose output during processing", .type = OPTION_FLAG, - .opt.flag = &ca_config.verbose, + .opt.flag = &cfg.verbose, }, { NULL }, }; @@ -690,11 +690,11 @@ ca_main(int argc, char **argv) exit(1); } - memset(&ca_config, 0, sizeof(ca_config)); - ca_config.email_dn = 1; - ca_config.keyform = FORMAT_PEM; - ca_config.chtype = MBSTRING_ASC; - ca_config.rev_type = REV_NONE; + memset(&cfg, 0, sizeof(cfg)); + cfg.email_dn = 1; + cfg.keyform = FORMAT_PEM; + cfg.chtype = MBSTRING_ASC; + cfg.rev_type = REV_NONE; conf = NULL; @@ -705,37 +705,37 @@ ca_main(int argc, char **argv) /*****************************************************************/ tofree = NULL; - if (ca_config.configfile == NULL) - ca_config.configfile = getenv("OPENSSL_CONF"); - if (ca_config.configfile == NULL) { + if (cfg.configfile == NULL) + cfg.configfile = getenv("OPENSSL_CONF"); + if (cfg.configfile == NULL) { if ((tofree = make_config_name()) == NULL) { BIO_printf(bio_err, "error making config file name\n"); goto err; } - ca_config.configfile = tofree; + cfg.configfile = tofree; } BIO_printf(bio_err, "Using configuration from %s\n", - ca_config.configfile); + cfg.configfile); conf = NCONF_new(NULL); - if (NCONF_load(conf, ca_config.configfile, &errorline) <= 0) { + if (NCONF_load(conf, cfg.configfile, &errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file '%s'\n", - ca_config.configfile); + cfg.configfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n", - errorline, ca_config.configfile); + errorline, cfg.configfile); goto err; } free(tofree); tofree = NULL; /* Lets get the config section we are using */ - if (ca_config.section == NULL) { - ca_config.section = NCONF_get_string(conf, BASE_SECTION, + if (cfg.section == NULL) { + cfg.section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA); - if (ca_config.section == NULL) { + if (cfg.section == NULL) { lookup_fail(BASE_SECTION, ENV_DEFAULT_CA); goto err; } @@ -765,7 +765,7 @@ ca_main(int argc, char **argv) goto err; } } - f = NCONF_get_string(conf, ca_config.section, STRING_MASK); + f = NCONF_get_string(conf, cfg.section, STRING_MASK); if (f == NULL) ERR_clear_error(); @@ -774,15 +774,15 @@ ca_main(int argc, char **argv) "Invalid global string mask setting %s\n", f); goto err; } - if (ca_config.chtype != MBSTRING_UTF8) { - f = NCONF_get_string(conf, ca_config.section, UTF8_IN); + if (cfg.chtype != MBSTRING_UTF8) { + f = NCONF_get_string(conf, cfg.section, UTF8_IN); if (f == NULL) ERR_clear_error(); else if (strcmp(f, "yes") == 0) - ca_config.chtype = MBSTRING_UTF8; + cfg.chtype = MBSTRING_UTF8; } db_attr.unique_subject = 1; - p = NCONF_get_string(conf, ca_config.section, ENV_UNIQUE_SUBJECT); + p = NCONF_get_string(conf, cfg.section, ENV_UNIQUE_SUBJECT); if (p != NULL) { db_attr.unique_subject = parse_yesno(p, 1); } else @@ -798,10 +798,10 @@ ca_main(int argc, char **argv) } /*****************************************************************/ /* report status of cert with serial number given on command line */ - if (ca_config.serial_status) { - if ((dbfile = NCONF_get_string(conf, ca_config.section, + if (cfg.serial_status) { + if ((dbfile = NCONF_get_string(conf, cfg.section, ENV_DATABASE)) == NULL) { - lookup_fail(ca_config.section, ENV_DATABASE); + lookup_fail(cfg.section, ENV_DATABASE); goto err; } db = load_index(dbfile, &db_attr); @@ -811,47 +811,47 @@ ca_main(int argc, char **argv) if (!index_index(db)) goto err; - if (get_certificate_status(ca_config.serial_status, db) != 1) + if (get_certificate_status(cfg.serial_status, db) != 1) BIO_printf(bio_err, "Error verifying serial %s!\n", - ca_config.serial_status); + cfg.serial_status); goto err; } /*****************************************************************/ /* we definitely need a private key, so let's get it */ - if ((ca_config.keyfile == NULL) && - ((ca_config.keyfile = NCONF_get_string(conf, ca_config.section, + if ((cfg.keyfile == NULL) && + ((cfg.keyfile = NCONF_get_string(conf, cfg.section, ENV_PRIVATE_KEY)) == NULL)) { - lookup_fail(ca_config.section, ENV_PRIVATE_KEY); + lookup_fail(cfg.section, ENV_PRIVATE_KEY); goto err; } - if (ca_config.key == NULL) { + if (cfg.key == NULL) { free_key = 1; - if (!app_passwd(bio_err, ca_config.passargin, NULL, - &ca_config.key, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, + &cfg.key, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } } - pkey = load_key(bio_err, ca_config.keyfile, ca_config.keyform, 0, - ca_config.key, "CA private key"); - if (ca_config.key != NULL) - explicit_bzero(ca_config.key, strlen(ca_config.key)); + pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, + cfg.key, "CA private key"); + if (cfg.key != NULL) + explicit_bzero(cfg.key, strlen(cfg.key)); if (pkey == NULL) { /* load_key() has already printed an appropriate message */ goto err; } /*****************************************************************/ /* we need a certificate */ - if (!ca_config.selfsign || ca_config.spkac_file != NULL || - ca_config.ss_cert_file != NULL || ca_config.gencrl) { - if ((ca_config.certfile == NULL) && - ((ca_config.certfile = NCONF_get_string(conf, - ca_config.section, ENV_CERTIFICATE)) == NULL)) { - lookup_fail(ca_config.section, ENV_CERTIFICATE); + if (!cfg.selfsign || cfg.spkac_file != NULL || + cfg.ss_cert_file != NULL || cfg.gencrl) { + if ((cfg.certfile == NULL) && + ((cfg.certfile = NCONF_get_string(conf, + cfg.section, ENV_CERTIFICATE)) == NULL)) { + lookup_fail(cfg.section, ENV_CERTIFICATE); goto err; } - x509 = load_cert(bio_err, ca_config.certfile, FORMAT_PEM, NULL, + x509 = load_cert(bio_err, cfg.certfile, FORMAT_PEM, NULL, "CA certificate"); if (x509 == NULL) goto err; @@ -862,21 +862,21 @@ ca_main(int argc, char **argv) goto err; } } - if (!ca_config.selfsign) + if (!cfg.selfsign) x509p = x509; f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) - ca_config.preserve = 1; + cfg.preserve = 1; f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) - ca_config.msie_hack = 1; + cfg.msie_hack = 1; - f = NCONF_get_string(conf, ca_config.section, ENV_NAMEOPT); + f = NCONF_get_string(conf, cfg.section, ENV_NAMEOPT); if (f != NULL) { if (!set_name_ex(&nameopt, f)) { @@ -888,7 +888,7 @@ ca_main(int argc, char **argv) } else ERR_clear_error(); - f = NCONF_get_string(conf, ca_config.section, ENV_CERTOPT); + f = NCONF_get_string(conf, cfg.section, ENV_CERTOPT); if (f != NULL) { if (!set_cert_ex(&certopt, f)) { @@ -900,7 +900,7 @@ ca_main(int argc, char **argv) } else ERR_clear_error(); - f = NCONF_get_string(conf, ca_config.section, ENV_EXTCOPY); + f = NCONF_get_string(conf, cfg.section, ENV_EXTCOPY); if (f != NULL) { if (!set_ext_copy(&ext_copy, f)) { @@ -913,9 +913,9 @@ ca_main(int argc, char **argv) /*****************************************************************/ /* lookup where to write new certificates */ - if (ca_config.outdir == NULL && ca_config.req) { - if ((ca_config.outdir = NCONF_get_string(conf, - ca_config.section, ENV_NEW_CERTS_DIR)) == NULL) { + if (cfg.outdir == NULL && cfg.req) { + if ((cfg.outdir = NCONF_get_string(conf, + cfg.section, ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err, "output directory %s not defined\n", ENV_NEW_CERTS_DIR); goto err; @@ -923,9 +923,9 @@ ca_main(int argc, char **argv) } /*****************************************************************/ /* we need to load the database file */ - if ((dbfile = NCONF_get_string(conf, ca_config.section, + if ((dbfile = NCONF_get_string(conf, cfg.section, ENV_DATABASE)) == NULL) { - lookup_fail(ca_config.section, ENV_DATABASE); + lookup_fail(cfg.section, ENV_DATABASE); goto err; } db = load_index(dbfile, &db_attr); @@ -976,7 +976,7 @@ ca_main(int argc, char **argv) p++; } } - if (ca_config.verbose) { + if (cfg.verbose) { BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); TXT_DB_write(out, db->db); BIO_printf(bio_err, "%d entries loaded from the database\n", @@ -988,8 +988,8 @@ ca_main(int argc, char **argv) /*****************************************************************/ /* Update the db file for expired certificates */ - if (ca_config.doupdatedb) { - if (ca_config.verbose) + if (cfg.doupdatedb) { + if (cfg.verbose) BIO_printf(bio_err, "Updating %s ...\n", dbfile); i = do_updatedb(db); @@ -997,7 +997,7 @@ ca_main(int argc, char **argv) BIO_printf(bio_err, "Malloc failure\n"); goto err; } else if (i == 0) { - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "No entries found to mark expired\n"); } else { @@ -1007,92 +1007,92 @@ ca_main(int argc, char **argv) if (!rotate_index(dbfile, "new", "old")) goto err; - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n", i); } } /*****************************************************************/ /* Read extentions config file */ - if (ca_config.extfile != NULL) { + if (cfg.extfile != NULL) { extconf = NCONF_new(NULL); - if (NCONF_load(extconf, ca_config.extfile, &errorline) <= 0) { + if (NCONF_load(extconf, cfg.extfile, &errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", - ca_config.extfile); + cfg.extfile); else BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", - errorline, ca_config.extfile); + errorline, cfg.extfile); ret = 1; goto err; } - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "Successfully loaded extensions file %s\n", - ca_config.extfile); + cfg.extfile); /* We can have sections in the ext file */ - if (ca_config.extensions == NULL && - (ca_config.extensions = NCONF_get_string(extconf, "default", + if (cfg.extensions == NULL && + (cfg.extensions = NCONF_get_string(extconf, "default", "extensions")) == NULL) - ca_config.extensions = "default"; + cfg.extensions = "default"; } /*****************************************************************/ - if (ca_config.req || ca_config.gencrl) { - if (ca_config.outfile != NULL) { - if (BIO_write_filename(Sout, ca_config.outfile) <= 0) { - perror(ca_config.outfile); + if (cfg.req || cfg.gencrl) { + if (cfg.outfile != NULL) { + if (BIO_write_filename(Sout, cfg.outfile) <= 0) { + perror(cfg.outfile); goto err; } } else { BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT); } } - if ((ca_config.md == NULL) && - ((ca_config.md = NCONF_get_string(conf, ca_config.section, + if ((cfg.md == NULL) && + ((cfg.md = NCONF_get_string(conf, cfg.section, ENV_DEFAULT_MD)) == NULL)) { - lookup_fail(ca_config.section, ENV_DEFAULT_MD); + lookup_fail(cfg.section, ENV_DEFAULT_MD); goto err; } - if (strcmp(ca_config.md, "default") == 0) { + if (strcmp(cfg.md, "default") == 0) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { BIO_puts(bio_err, "no default digest\n"); goto err; } - ca_config.md = (char *) OBJ_nid2sn(def_nid); - if (ca_config.md == NULL) + cfg.md = (char *) OBJ_nid2sn(def_nid); + if (cfg.md == NULL) goto err; } - if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) { + if ((dgst = EVP_get_digestbyname(cfg.md)) == NULL) { BIO_printf(bio_err, - "%s is an unsupported message digest type\n", ca_config.md); + "%s is an unsupported message digest type\n", cfg.md); goto err; } - if (ca_config.req) { - if ((ca_config.email_dn == 1) && - ((tmp_email_dn = NCONF_get_string(conf, ca_config.section, + if (cfg.req) { + if ((cfg.email_dn == 1) && + ((tmp_email_dn = NCONF_get_string(conf, cfg.section, ENV_DEFAULT_EMAIL_DN)) != NULL)) { if (strcmp(tmp_email_dn, "no") == 0) - ca_config.email_dn = 0; + cfg.email_dn = 0; } - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "message digest is %s\n", OBJ_nid2ln(EVP_MD_type(dgst))); - if ((ca_config.policy == NULL) && - ((ca_config.policy = NCONF_get_string(conf, - ca_config.section, ENV_POLICY)) == NULL)) { - lookup_fail(ca_config.section, ENV_POLICY); + if ((cfg.policy == NULL) && + ((cfg.policy = NCONF_get_string(conf, + cfg.section, ENV_POLICY)) == NULL)) { + lookup_fail(cfg.section, ENV_POLICY); goto err; } - if (ca_config.verbose) - BIO_printf(bio_err, "policy is %s\n", ca_config.policy); + if (cfg.verbose) + BIO_printf(bio_err, "policy is %s\n", cfg.policy); - if ((serialfile = NCONF_get_string(conf, ca_config.section, + if ((serialfile = NCONF_get_string(conf, cfg.section, ENV_SERIAL)) == NULL) { - lookup_fail(ca_config.section, ENV_SERIAL); + lookup_fail(cfg.section, ENV_SERIAL); goto err; } if (extconf == NULL) { @@ -1100,59 +1100,59 @@ ca_main(int argc, char **argv) * no '-extfile' option, so we look for extensions in * the main configuration file */ - if (ca_config.extensions == NULL) { - ca_config.extensions = NCONF_get_string(conf, - ca_config.section, ENV_EXTENSIONS); - if (ca_config.extensions == NULL) + if (cfg.extensions == NULL) { + cfg.extensions = NCONF_get_string(conf, + cfg.section, ENV_EXTENSIONS); + if (cfg.extensions == NULL) ERR_clear_error(); } - if (ca_config.extensions != NULL) { + if (cfg.extensions != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, - ca_config.extensions, NULL)) { + cfg.extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", - ca_config.extensions); + cfg.extensions); ret = 1; goto err; } } } - if (ca_config.startdate == NULL) { - ca_config.startdate = NCONF_get_string(conf, - ca_config.section, ENV_DEFAULT_STARTDATE); - if (ca_config.startdate == NULL) + if (cfg.startdate == NULL) { + cfg.startdate = NCONF_get_string(conf, + cfg.section, ENV_DEFAULT_STARTDATE); + if (cfg.startdate == NULL) ERR_clear_error(); } - if (ca_config.startdate == NULL) - ca_config.startdate = "today"; + if (cfg.startdate == NULL) + cfg.startdate = "today"; - if (ca_config.enddate == NULL) { - ca_config.enddate = NCONF_get_string(conf, - ca_config.section, ENV_DEFAULT_ENDDATE); - if (ca_config.enddate == NULL) + if (cfg.enddate == NULL) { + cfg.enddate = NCONF_get_string(conf, + cfg.section, ENV_DEFAULT_ENDDATE); + if (cfg.enddate == NULL) ERR_clear_error(); } - if (ca_config.days == 0 && ca_config.enddate == NULL) { - if (!NCONF_get_number(conf, ca_config.section, - ENV_DEFAULT_DAYS, &ca_config.days)) - ca_config.days = 0; + if (cfg.days == 0 && cfg.enddate == NULL) { + if (!NCONF_get_number(conf, cfg.section, + ENV_DEFAULT_DAYS, &cfg.days)) + cfg.days = 0; } - if (ca_config.enddate == NULL && ca_config.days == 0) { + if (cfg.enddate == NULL && cfg.days == 0) { BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); goto err; } - if ((serial = load_serial(serialfile, ca_config.create_serial, + if ((serial = load_serial(serialfile, cfg.create_serial, NULL)) == NULL) { BIO_printf(bio_err, "error while loading serial number\n"); goto err; } - if (ca_config.verbose) { + if (cfg.verbose) { if (BN_is_zero(serial)) BIO_printf(bio_err, "next serial number is 00\n"); @@ -1164,25 +1164,25 @@ ca_main(int argc, char **argv) free(f); } } - if ((attribs = NCONF_get_section(conf, ca_config.policy)) == + if ((attribs = NCONF_get_section(conf, cfg.policy)) == NULL) { BIO_printf(bio_err, "unable to find 'section' for %s\n", - ca_config.policy); + cfg.policy); goto err; } if ((cert_sk = sk_X509_new_null()) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } - if (ca_config.spkac_file != NULL) { + if (cfg.spkac_file != NULL) { total++; - j = certify_spkac(&x, ca_config.spkac_file, pkey, x509, - dgst, ca_config.sigopts, attribs, db, serial, - ca_config.subj, ca_config.chtype, - ca_config.multirdn, ca_config.email_dn, - ca_config.startdate, ca_config.enddate, - ca_config.days, ca_config.extensions, conf, - ca_config.verbose, certopt, nameopt, default_op, + j = certify_spkac(&x, cfg.spkac_file, pkey, x509, + dgst, cfg.sigopts, attribs, db, serial, + cfg.subj, cfg.chtype, + cfg.multirdn, cfg.email_dn, + cfg.startdate, cfg.enddate, + cfg.days, cfg.extensions, conf, + cfg.verbose, certopt, nameopt, default_op, ext_copy); if (j < 0) goto err; @@ -1196,21 +1196,21 @@ ca_main(int argc, char **argv) "Memory allocation failure\n"); goto err; } - if (ca_config.outfile != NULL) { + if (cfg.outfile != NULL) { output_der = 1; - ca_config.batch = 1; + cfg.batch = 1; } } } - if (ca_config.ss_cert_file != NULL) { + if (cfg.ss_cert_file != NULL) { total++; - j = certify_cert(&x, ca_config.ss_cert_file, pkey, x509, - dgst, ca_config.sigopts, attribs, db, serial, - ca_config.subj, ca_config.chtype, - ca_config.multirdn, ca_config.email_dn, - ca_config.startdate, ca_config.enddate, - ca_config.days, ca_config.batch, - ca_config.extensions, conf, ca_config.verbose, + j = certify_cert(&x, cfg.ss_cert_file, pkey, x509, + dgst, cfg.sigopts, attribs, db, serial, + cfg.subj, cfg.chtype, + cfg.multirdn, cfg.email_dn, + cfg.startdate, cfg.enddate, + cfg.days, cfg.batch, + cfg.extensions, conf, cfg.verbose, certopt, nameopt, default_op, ext_copy); if (j < 0) goto err; @@ -1226,17 +1226,17 @@ ca_main(int argc, char **argv) } } } - if (ca_config.infile != NULL) { + if (cfg.infile != NULL) { total++; - j = certify(&x, ca_config.infile, pkey, x509p, dgst, - ca_config.sigopts, attribs, db, serial, - ca_config.subj, ca_config.chtype, - ca_config.multirdn, ca_config.email_dn, - ca_config.startdate, ca_config.enddate, - ca_config.days, ca_config.batch, - ca_config.extensions, conf, ca_config.verbose, + j = certify(&x, cfg.infile, pkey, x509p, dgst, + cfg.sigopts, attribs, db, serial, + cfg.subj, cfg.chtype, + cfg.multirdn, cfg.email_dn, + cfg.startdate, cfg.enddate, + cfg.days, cfg.batch, + cfg.extensions, conf, cfg.verbose, certopt, nameopt, default_op, ext_copy, - ca_config.selfsign); + cfg.selfsign); if (j < 0) goto err; if (j > 0) { @@ -1251,17 +1251,17 @@ ca_main(int argc, char **argv) } } } - for (i = 0; i < ca_config.infiles_num; i++) { + for (i = 0; i < cfg.infiles_num; i++) { total++; - j = certify(&x, ca_config.infiles[i], pkey, x509p, dgst, - ca_config.sigopts, attribs, db, serial, - ca_config.subj, ca_config.chtype, - ca_config.multirdn, ca_config.email_dn, - ca_config.startdate, ca_config.enddate, - ca_config.days, ca_config.batch, - ca_config.extensions, conf, ca_config.verbose, + j = certify(&x, cfg.infiles[i], pkey, x509p, dgst, + cfg.sigopts, attribs, db, serial, + cfg.subj, cfg.chtype, + cfg.multirdn, cfg.email_dn, + cfg.startdate, cfg.enddate, + cfg.days, cfg.batch, + cfg.extensions, conf, cfg.verbose, certopt, nameopt, default_op, ext_copy, - ca_config.selfsign); + cfg.selfsign); if (j < 0) goto err; if (j > 0) { @@ -1282,7 +1282,7 @@ ca_main(int argc, char **argv) */ if (sk_X509_num(cert_sk) > 0) { - if (!ca_config.batch) { + if (!cfg.batch) { char answer[10]; BIO_printf(bio_err, @@ -1313,7 +1313,7 @@ ca_main(int argc, char **argv) if (!save_index(dbfile, "new", db)) goto err; } - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "writing new certificates\n"); for (i = 0; i < sk_X509_num(cert_sk); i++) { ASN1_INTEGER *serialNumber; @@ -1334,7 +1334,7 @@ ca_main(int argc, char **argv) serialstr = strdup("00"); if (serialstr != NULL) { k = snprintf(pempath, sizeof(pempath), - "%s/%s.pem", ca_config.outdir, serialstr); + "%s/%s.pem", cfg.outdir, serialstr); free(serialstr); if (k < 0 || k >= sizeof(pempath)) { BIO_printf(bio_err, @@ -1346,7 +1346,7 @@ ca_main(int argc, char **argv) "memory allocation failed\n"); goto err; } - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "writing %s\n", pempath); if (BIO_write_filename(Cout, pempath) <= 0) { @@ -1354,10 +1354,10 @@ ca_main(int argc, char **argv) goto err; } if (!write_new_certificate(Cout, x, 0, - ca_config.notext)) + cfg.notext)) goto err; if (!write_new_certificate(Sout, x, output_der, - ca_config.notext)) + cfg.notext)) goto err; } @@ -1373,29 +1373,29 @@ ca_main(int argc, char **argv) } } /*****************************************************************/ - if (ca_config.gencrl) { + if (cfg.gencrl) { int crl_v2 = 0; - if (ca_config.crl_ext == NULL) { - ca_config.crl_ext = NCONF_get_string(conf, - ca_config.section, ENV_CRLEXT); - if (ca_config.crl_ext == NULL) + if (cfg.crl_ext == NULL) { + cfg.crl_ext = NCONF_get_string(conf, + cfg.section, ENV_CRLEXT); + if (cfg.crl_ext == NULL) ERR_clear_error(); } - if (ca_config.crl_ext != NULL) { + if (cfg.crl_ext != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); - if (!X509V3_EXT_add_nconf(conf, &ctx, ca_config.crl_ext, + if (!X509V3_EXT_add_nconf(conf, &ctx, cfg.crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", - ca_config.crl_ext); + cfg.crl_ext); ret = 1; goto err; } } - if ((crlnumberfile = NCONF_get_string(conf, ca_config.section, + if ((crlnumberfile = NCONF_get_string(conf, cfg.section, ENV_CRLNUMBER)) != NULL) if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) { @@ -1403,23 +1403,23 @@ ca_main(int argc, char **argv) "error while loading CRL number\n"); goto err; } - if (!ca_config.crldays && !ca_config.crlhours && - !ca_config.crlsec) { - if (!NCONF_get_number(conf, ca_config.section, - ENV_DEFAULT_CRL_DAYS, &ca_config.crldays)) - ca_config.crldays = 0; - if (!NCONF_get_number(conf, ca_config.section, - ENV_DEFAULT_CRL_HOURS, &ca_config.crlhours)) - ca_config.crlhours = 0; + if (!cfg.crldays && !cfg.crlhours && + !cfg.crlsec) { + if (!NCONF_get_number(conf, cfg.section, + ENV_DEFAULT_CRL_DAYS, &cfg.crldays)) + cfg.crldays = 0; + if (!NCONF_get_number(conf, cfg.section, + ENV_DEFAULT_CRL_HOURS, &cfg.crlhours)) + cfg.crlhours = 0; ERR_clear_error(); } - if ((ca_config.crldays == 0) && (ca_config.crlhours == 0) && - (ca_config.crlsec == 0)) { + if ((cfg.crldays == 0) && (cfg.crlhours == 0) && + (cfg.crlsec == 0)) { BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n"); goto err; } - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "making CRL\n"); if ((crl = X509_CRL_new()) == NULL) goto err; @@ -1430,8 +1430,8 @@ ca_main(int argc, char **argv) goto err; if (!X509_CRL_set_lastUpdate(crl, tmptm)) goto err; - if (X509_time_adj_ex(tmptm, ca_config.crldays, - ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) == + if (X509_time_adj_ex(tmptm, cfg.crldays, + cfg.crlhours * 60 * 60 + cfg.crlsec, NULL) == NULL) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); goto err; @@ -1475,19 +1475,19 @@ ca_main(int argc, char **argv) X509_CRL_sort(crl); /* we now have a CRL */ - if (ca_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "signing CRL\n"); /* Add any extensions asked for */ - if (ca_config.crl_ext != NULL || crlnumberfile != NULL) { + if (cfg.crl_ext != NULL || crlnumberfile != NULL) { X509V3_CTX crlctx; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); - if (ca_config.crl_ext != NULL) + if (cfg.crl_ext != NULL) if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, - ca_config.crl_ext, crl)) + cfg.crl_ext, crl)) goto err; if (crlnumberfile != NULL) { tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL); @@ -1504,7 +1504,7 @@ ca_main(int argc, char **argv) goto err; } } - if (ca_config.crl_ext != NULL || crl_v2) { + if (cfg.crl_ext != NULL || crl_v2) { if (!X509_CRL_set_version(crl, 1)) goto err; /* version 2 CRL */ } @@ -1517,7 +1517,7 @@ ca_main(int argc, char **argv) crlnumber = NULL; if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, - ca_config.sigopts)) + cfg.sigopts)) goto err; if (!PEM_write_bio_X509_CRL(Sout, crl)) @@ -1529,18 +1529,18 @@ ca_main(int argc, char **argv) } /*****************************************************************/ - if (ca_config.dorevoke) { - if (ca_config.infile == NULL) { + if (cfg.dorevoke) { + if (cfg.infile == NULL) { BIO_printf(bio_err, "no input files\n"); goto err; } else { X509 *revcert; - revcert = load_cert(bio_err, ca_config.infile, - FORMAT_PEM, NULL, ca_config.infile); + revcert = load_cert(bio_err, cfg.infile, + FORMAT_PEM, NULL, cfg.infile); if (revcert == NULL) goto err; - j = do_revoke(revcert, db, ca_config.rev_type, - ca_config.rev_arg); + j = do_revoke(revcert, db, cfg.rev_type, + cfg.rev_arg); if (j <= 0) goto err; X509_free(revcert); @@ -1570,11 +1570,11 @@ ca_main(int argc, char **argv) if (ret) ERR_print_errors(bio_err); if (free_key) - free(ca_config.key); + free(cfg.key); BN_free(serial); BN_free(crlnumber); free_index(db); - sk_OPENSSL_STRING_free(ca_config.sigopts); + sk_OPENSSL_STRING_free(cfg.sigopts); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); @@ -1778,7 +1778,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (obj == NULL) goto err; - if (ca_config.msie_hack) { + if (cfg.msie_hack) { /* assume all type should be strings */ nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); if (nid == NID_undef) @@ -1940,7 +1940,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } } - if (ca_config.preserve) { + if (cfg.preserve) { X509_NAME_free(subject); /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ subject = X509_NAME_dup(name); diff --git a/usr.bin/openssl/certhash.c b/usr.bin/openssl/certhash.c index 785f1216ad9..5ee29b8d010 100644 --- a/usr.bin/openssl/certhash.c +++ b/usr.bin/openssl/certhash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ /* * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> * @@ -36,20 +36,20 @@ static struct { int dryrun; int verbose; -} certhash_config; +} cfg; static const struct option certhash_options[] = { { .name = "n", .desc = "Perform a dry-run - do not make any changes", .type = OPTION_FLAG, - .opt.flag = &certhash_config.dryrun, + .opt.flag = &cfg.dryrun, }, { .name = "v", .desc = "Verbose", .type = OPTION_FLAG, - .opt.flag = &certhash_config.verbose, + .opt.flag = &cfg.verbose, }, { NULL }, }; @@ -569,7 +569,7 @@ certhash_directory(const char *path) goto err; } - if (certhash_config.verbose) + if (cfg.verbose) fprintf(stdout, "scanning directory %s\n", path); /* Create lists of existing hash links, certs and CRLs. */ @@ -594,11 +594,11 @@ certhash_directory(const char *path) if (link->exists == 0 || (link->reference != NULL && link->changed == 0)) continue; - if (certhash_config.verbose) + if (cfg.verbose) fprintf(stdout, "%s link %s -> %s\n", - (certhash_config.dryrun ? "would remove" : + (cfg.dryrun ? "would remove" : "removing"), link->filename, link->target); - if (certhash_config.dryrun) + if (cfg.dryrun) continue; if (unlink(link->filename) == -1) { fprintf(stderr, "failed to remove link %s\n", @@ -611,12 +611,12 @@ certhash_directory(const char *path) for (link = links; link != NULL; link = link->next) { if (link->exists == 1 && link->changed == 0) continue; - if (certhash_config.verbose) + if (cfg.verbose) fprintf(stdout, "%s link %s -> %s\n", - (certhash_config.dryrun ? "would create" : + (cfg.dryrun ? "would create" : "creating"), link->filename, link->reference->filename); - if (certhash_config.dryrun) + if (cfg.dryrun) continue; if (symlink(link->reference->filename, link->filename) == -1) { fprintf(stderr, "failed to create link %s -> %s\n", @@ -658,7 +658,7 @@ certhash_main(int argc, char **argv) exit(1); } - memset(&certhash_config, 0, sizeof(certhash_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, certhash_options, NULL, &argsused) != 0) { certhash_usage(); diff --git a/usr.bin/openssl/ciphers.c b/usr.bin/openssl/ciphers.c index 73d9e63b6fd..247929bb9e0 100644 --- a/usr.bin/openssl/ciphers.c +++ b/usr.bin/openssl/ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ciphers.c,v 1.17 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: ciphers.c,v 1.18 2023/03/06 14:32:05 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -29,65 +29,65 @@ static struct { int use_supported; int verbose; int version; -} ciphers_config; +} cfg; static const struct option ciphers_options[] = { { .name = "h", .type = OPTION_FLAG, - .opt.flag = &ciphers_config.usage, + .opt.flag = &cfg.usage, }, { .name = "?", .type = OPTION_FLAG, - .opt.flag = &ciphers_config.usage, + .opt.flag = &cfg.usage, }, { .name = "s", .desc = "Only list ciphers that are supported by the TLS method", .type = OPTION_FLAG, - .opt.flag = &ciphers_config.use_supported, + .opt.flag = &cfg.use_supported, }, { .name = "tls1", .desc = "Use TLS protocol version 1", .type = OPTION_VALUE, - .opt.value = &ciphers_config.version, + .opt.value = &cfg.version, .value = TLS1_VERSION, }, { .name = "tls1_1", .desc = "Use TLS protocol version 1.1", .type = OPTION_VALUE, - .opt.value = &ciphers_config.version, + .opt.value = &cfg.version, .value = TLS1_1_VERSION, }, { .name = "tls1_2", .desc = "Use TLS protocol version 1.2", .type = OPTION_VALUE, - .opt.value = &ciphers_config.version, + .opt.value = &cfg.version, .value = TLS1_2_VERSION, }, { .name = "tls1_3", .desc = "Use TLS protocol version 1.3", .type = OPTION_VALUE, - .opt.value = &ciphers_config.version, + .opt.value = &cfg.version, .value = TLS1_3_VERSION, }, { .name = "v", .desc = "Provide cipher listing", .type = OPTION_VALUE, - .opt.value = &ciphers_config.verbose, + .opt.value = &cfg.verbose, .value = 1, }, { .name = "V", .desc = "Provide cipher listing with cipher suite values", .type = OPTION_VALUE, - .opt.value = &ciphers_config.verbose, + .opt.value = &cfg.verbose, .value = 2, }, { NULL }, @@ -119,7 +119,7 @@ ciphers_main(int argc, char **argv) exit(1); } - memset(&ciphers_config, 0, sizeof(ciphers_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, ciphers_options, &cipherlist, NULL) != 0) { @@ -127,7 +127,7 @@ ciphers_main(int argc, char **argv) return (1); } - if (ciphers_config.usage) { + if (cfg.usage) { ciphers_usage(); return (1); } @@ -135,12 +135,12 @@ ciphers_main(int argc, char **argv) if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) goto err; - if (ciphers_config.version != 0) { + if (cfg.version != 0) { if (!SSL_CTX_set_min_proto_version(ssl_ctx, - ciphers_config.version)) + cfg.version)) goto err; if (!SSL_CTX_set_max_proto_version(ssl_ctx, - ciphers_config.version)) + cfg.version)) goto err; } @@ -152,7 +152,7 @@ ciphers_main(int argc, char **argv) if ((ssl = SSL_new(ssl_ctx)) == NULL) goto err; - if (ciphers_config.use_supported) { + if (cfg.use_supported) { if ((supported_ciphers = SSL_get1_supported_ciphers(ssl)) == NULL) goto err; @@ -164,12 +164,12 @@ ciphers_main(int argc, char **argv) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { cipher = sk_SSL_CIPHER_value(ciphers, i); - if (ciphers_config.verbose == 0) { + if (cfg.verbose == 0) { fprintf(stdout, "%s%s", (i ? ":" : ""), SSL_CIPHER_get_name(cipher)); continue; } - if (ciphers_config.verbose > 1) { + if (cfg.verbose > 1) { value = SSL_CIPHER_get_value(cipher); fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "", ((value >> 8) & 0xff), (value & 0xff)); @@ -182,7 +182,7 @@ ciphers_main(int argc, char **argv) fprintf(stdout, "%s", desc); free(desc); } - if (ciphers_config.verbose == 0) + if (cfg.verbose == 0) fprintf(stdout, "\n"); goto done; diff --git a/usr.bin/openssl/cms.c b/usr.bin/openssl/cms.c index b88fd55b3cf..0ddf26e5a7f 100644 --- a/usr.bin/openssl/cms.c +++ b/usr.bin/openssl/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.32 2023/03/05 13:08:22 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -149,7 +149,7 @@ static struct { char *to; int verify_retcode; X509_VERIFY_PARAM *vpm; -} cms_config; +} cfg; static const EVP_CIPHER * get_cipher_by_name(char *name) @@ -198,8 +198,8 @@ cms_opt_cipher(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) - if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) + if ((cfg.cipher = get_cipher_by_name(name)) == NULL) + if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) return (1); *argsused = 1; @@ -209,9 +209,9 @@ cms_opt_cipher(int argc, char **argv, int *argsused) static int cms_opt_econtent_type(char *arg) { - ASN1_OBJECT_free(cms_config.econtent_type); + ASN1_OBJECT_free(cfg.econtent_type); - if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { + if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { BIO_printf(bio_err, "Invalid OID %s\n", arg); return (1); } @@ -221,33 +221,33 @@ cms_opt_econtent_type(char *arg) static int cms_opt_inkey(char *arg) { - if (cms_config.keyfile == NULL) { - cms_config.keyfile = arg; + if (cfg.keyfile == NULL) { + cfg.keyfile = arg; return (0); } - if (cms_config.signerfile == NULL) { + if (cfg.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); return (1); } - if (cms_config.sksigners == NULL) - cms_config.sksigners = sk_OPENSSL_STRING_new_null(); - if (cms_config.sksigners == NULL) + if (cfg.sksigners == NULL) + cfg.sksigners = sk_OPENSSL_STRING_new_null(); + if (cfg.sksigners == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) return (1); - cms_config.signerfile = NULL; + cfg.signerfile = NULL; - if (cms_config.skkeys == NULL) - cms_config.skkeys = sk_OPENSSL_STRING_new_null(); - if (cms_config.skkeys == NULL) + if (cfg.skkeys == NULL) + cfg.skkeys = sk_OPENSSL_STRING_new_null(); + if (cfg.skkeys == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) + if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) return (1); - cms_config.keyfile = arg; + cfg.keyfile = arg; return (0); } @@ -256,14 +256,14 @@ cms_opt_keyopt(char *arg) { int keyidx = -1; - if (cms_config.operation == SMIME_ENCRYPT) { - if (cms_config.encerts != NULL) - keyidx += sk_X509_num(cms_config.encerts); + if (cfg.operation == SMIME_ENCRYPT) { + if (cfg.encerts != NULL) + keyidx += sk_X509_num(cfg.encerts); } else { - if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) + if (cfg.keyfile != NULL || cfg.signerfile != NULL) keyidx++; - if (cms_config.skkeys != NULL) - keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); + if (cfg.skkeys != NULL) + keyidx += sk_OPENSSL_STRING_num(cfg.skkeys); } if (keyidx < 0) { @@ -271,8 +271,8 @@ cms_opt_keyopt(char *arg) return (1); } - if (cms_config.key_param == NULL || - cms_config.key_param->idx != keyidx) { + if (cfg.key_param == NULL || + cfg.key_param->idx != keyidx) { struct cms_key_param *nparam; if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) @@ -285,15 +285,15 @@ cms_opt_keyopt(char *arg) } nparam->next = NULL; - if (cms_config.key_first == NULL) - cms_config.key_first = nparam; + if (cfg.key_first == NULL) + cfg.key_first = nparam; else - cms_config.key_param->next = nparam; + cfg.key_param->next = nparam; - cms_config.key_param = nparam; + cfg.key_param = nparam; } - if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) + if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg)) return (1); return (0); @@ -302,7 +302,7 @@ cms_opt_keyopt(char *arg) static int cms_opt_md(char *arg) { - if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { + if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) { BIO_printf(bio_err, "Unknown digest %s\n", arg); return (1); } @@ -312,38 +312,38 @@ cms_opt_md(char *arg) static int cms_opt_print(void) { - cms_config.noout = 1; - cms_config.print = 1; + cfg.noout = 1; + cfg.print = 1; return (0); } static int cms_opt_pwri_pass(char *arg) { - cms_config.pwri_pass = (unsigned char *)arg; + cfg.pwri_pass = (unsigned char *)arg; return (0); } static int cms_opt_recip(char *arg) { - if (cms_config.operation == SMIME_ENCRYPT) { - if (cms_config.encerts == NULL) { - if ((cms_config.encerts = sk_X509_new_null()) == NULL) + if (cfg.operation == SMIME_ENCRYPT) { + if (cfg.encerts == NULL) { + if ((cfg.encerts = sk_X509_new_null()) == NULL) return (1); } - cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, + cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, "recipient certificate file"); - if (cms_config.cert == NULL) + if (cfg.cert == NULL) return (1); - if (!sk_X509_push(cms_config.encerts, cms_config.cert)) + if (!sk_X509_push(cfg.encerts, cfg.cert)) return (1); - cms_config.cert = NULL; + cfg.cert = NULL; } else { - cms_config.recipfile = arg; + cfg.recipfile = arg; } return (0); } @@ -351,11 +351,11 @@ cms_opt_recip(char *arg) static int cms_opt_receipt_request_from(char *arg) { - if (cms_config.rr_from == NULL) - cms_config.rr_from = sk_OPENSSL_STRING_new_null(); - if (cms_config.rr_from == NULL) + if (cfg.rr_from == NULL) + cfg.rr_from = sk_OPENSSL_STRING_new_null(); + if (cfg.rr_from == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) + if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg)) return (1); return (0); @@ -364,11 +364,11 @@ cms_opt_receipt_request_from(char *arg) static int cms_opt_receipt_request_to(char *arg) { - if (cms_config.rr_to == NULL) - cms_config.rr_to = sk_OPENSSL_STRING_new_null(); - if (cms_config.rr_to == NULL) + if (cfg.rr_to == NULL) + cfg.rr_to = sk_OPENSSL_STRING_new_null(); + if (cfg.rr_to == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) + if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg)) return (1); return (0); @@ -379,13 +379,13 @@ cms_opt_secretkey(char *arg) { long ltmp; - free(cms_config.secret_key); + free(cfg.secret_key); - if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL) { + if ((cfg.secret_key = string_to_hex(arg, <mp)) == NULL) { BIO_printf(bio_err, "Invalid key %s\n", arg); return (1); } - cms_config.secret_keylen = (size_t)ltmp; + cfg.secret_keylen = (size_t)ltmp; return (0); } @@ -394,44 +394,44 @@ cms_opt_secretkeyid(char *arg) { long ltmp; - free(cms_config.secret_keyid); + free(cfg.secret_keyid); - if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL) { + if ((cfg.secret_keyid = string_to_hex(arg, <mp)) == NULL) { BIO_printf(bio_err, "Invalid id %s\n", arg); return (1); } - cms_config.secret_keyidlen = (size_t)ltmp; + cfg.secret_keyidlen = (size_t)ltmp; return (0); } static int cms_opt_signer(char *arg) { - if (cms_config.signerfile == NULL) { - cms_config.signerfile = arg; + if (cfg.signerfile == NULL) { + cfg.signerfile = arg; return (0); } - if (cms_config.sksigners == NULL) - cms_config.sksigners = sk_OPENSSL_STRING_new_null(); - if (cms_config.sksigners == NULL) + if (cfg.sksigners == NULL) + cfg.sksigners = sk_OPENSSL_STRING_new_null(); + if (cfg.sksigners == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) return (1); - if (cms_config.keyfile == NULL) - cms_config.keyfile = cms_config.signerfile; + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; - if (cms_config.skkeys == NULL) - cms_config.skkeys = sk_OPENSSL_STRING_new_null(); - if (cms_config.skkeys == NULL) + if (cfg.skkeys == NULL) + cfg.skkeys = sk_OPENSSL_STRING_new_null(); + if (cfg.skkeys == NULL) return (1); - if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) + if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) return (1); - cms_config.keyfile = NULL; + cfg.keyfile = NULL; - cms_config.signerfile = arg; + cfg.signerfile = arg; return (0); } @@ -441,7 +441,7 @@ cms_opt_verify_param(int argc, char **argv, int *argsused) int oargc = argc; int badarg = 0; - if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) + if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) return (1); if (badarg) return (1); @@ -454,8 +454,8 @@ cms_opt_verify_param(int argc, char **argv, int *argsused) static int cms_opt_verify_receipt(char *arg) { - cms_config.operation = SMIME_VERIFY_RECEIPT; - cms_config.rctfile = arg; + cfg.operation = SMIME_VERIFY_RECEIPT; + cfg.rctfile = arg; return (0); } @@ -539,20 +539,20 @@ static const struct option cms_options[] = { .argname = "file", .desc = "Certificate Authority file", .type = OPTION_ARG, - .opt.arg = &cms_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Certificate Authority path", .type = OPTION_ARG, - .opt.arg = &cms_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "binary", .desc = "Do not translate message to text", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_BINARY, }, { @@ -560,27 +560,27 @@ static const struct option cms_options[] = { .argname = "file", .desc = "Other certificates file", .type = OPTION_ARG, - .opt.arg = &cms_config.certfile, + .opt.arg = &cfg.certfile, }, { .name = "certsout", .argname = "file", .desc = "Certificate output file", .type = OPTION_ARG, - .opt.arg = &cms_config.certsoutfile, + .opt.arg = &cfg.certsoutfile, }, { .name = "cmsout", .desc = "Output CMS structure", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_CMSOUT, }, { .name = "compress", .desc = "Create CMS CompressedData type", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_COMPRESS, }, { @@ -588,55 +588,55 @@ static const struct option cms_options[] = { .argname = "file", .desc = "Supply or override content for detached signature", .type = OPTION_ARG, - .opt.arg = &cms_config.contfile, + .opt.arg = &cfg.contfile, }, { .name = "crlfeol", .desc = "Use CRLF as EOL termination instead of CR only", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_CRLFEOL, }, { .name = "data_create", .desc = "Create CMS Data type", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DATA_CREATE, }, { .name = "data_out", .desc = "Output content from the input CMS Data type", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DATAOUT, }, { .name = "debug_decrypt", .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_DEBUG_DECRYPT, }, { .name = "decrypt", .desc = "Decrypt encrypted message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DECRYPT, }, { .name = "digest_create", .desc = "Create CMS DigestedData type", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DIGEST_CREATE, }, { .name = "digest_verify", .desc = "Verify CMS DigestedData type and output the content", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DIGEST_VERIFY, }, { @@ -650,21 +650,21 @@ static const struct option cms_options[] = { .name = "encrypt", .desc = "Encrypt message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_ENCRYPT, }, { .name = "EncryptedData_decrypt", .desc = "Decrypt CMS EncryptedData", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_ENCRYPTED_DECRYPT, }, { .name = "EncryptedData_encrypt", .desc = "Encrypt content using supplied symmetric key and algorithm", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_ENCRYPTED_ENCRYPT, }, { @@ -672,20 +672,20 @@ static const struct option cms_options[] = { .argname = "addr", .desc = "From address", .type = OPTION_ARG, - .opt.arg = &cms_config.from, + .opt.arg = &cfg.from, }, { .name = "in", .argname = "file", .desc = "Input file", .type = OPTION_ARG, - .opt.arg = &cms_config.infile, + .opt.arg = &cfg.infile, }, { .name = "indef", .desc = "Same as -stream", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_STREAM, }, { @@ -693,7 +693,7 @@ static const struct option cms_options[] = { .argname = "fmt", .desc = "Input format (DER, PEM or SMIME (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &cms_config.informat, + .opt.value = &cfg.informat, }, { .name = "inkey", @@ -707,13 +707,13 @@ static const struct option cms_options[] = { .argname = "fmt", .desc = "Input key format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &cms_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "keyid", .desc = "Use subject key identifier", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_USE_KEYID, }, { @@ -734,90 +734,90 @@ static const struct option cms_options[] = { .name = "no_attr_verify", .desc = "Do not verify the signer's attribute of a signature", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NO_ATTR_VERIFY, }, { .name = "no_content_verify", .desc = "Do not verify the content of a signed message", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NO_CONTENT_VERIFY, }, { .name = "no_signer_cert_verify", .desc = "Do not verify the signer's certificate", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NO_SIGNER_CERT_VERIFY, }, { .name = "noattr", .desc = "Do not include any signed attributes", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOATTR, }, { .name = "nocerts", .desc = "Do not include signer's certificate when signing", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOCERTS, }, { .name = "nodetach", .desc = "Use opaque signing", .type = OPTION_VALUE_AND, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = ~CMS_DETACHED, }, { .name = "noindef", .desc = "Disable CMS streaming", .type = OPTION_VALUE_AND, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = ~CMS_STREAM, }, { .name = "nointern", .desc = "Do not search certificates in message for signer", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOINTERN, }, { .name = "nooldmime", .desc = "Output old S/MIME content type", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOOLDMIMETYPE, }, { .name = "noout", .desc = "Do not output the parsed CMS structure", .type = OPTION_FLAG, - .opt.flag = &cms_config.noout, + .opt.flag = &cfg.noout, }, { .name = "nosigs", .desc = "Do not verify message signature", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOSIGS, }, { .name = "nosmimecap", .desc = "Omit the SMIMECapabilities attribute", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NOSMIMECAP, }, { .name = "noverify", .desc = "Do not verify signer's certificate", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_NO_SIGNER_CERT_VERIFY, }, { @@ -825,21 +825,21 @@ static const struct option cms_options[] = { .argname = "file", .desc = "Output file", .type = OPTION_ARG, - .opt.arg = &cms_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "fmt", .desc = "Output format (DER, PEM or SMIME (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &cms_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "src", .desc = "Private key password source", .type = OPTION_ARG, - .opt.arg = &cms_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "print", @@ -859,20 +859,20 @@ static const struct option cms_options[] = { .argname = "fmt", .desc = "Receipt file format (DER, PEM or SMIME (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &cms_config.rctformat, + .opt.value = &cfg.rctformat, }, { .name = "receipt_request_all", .desc = "Indicate requests should be provided by all recipients", .type = OPTION_VALUE, - .opt.value = &cms_config.rr_allorfirst, + .opt.value = &cfg.rr_allorfirst, .value = 0, }, { .name = "receipt_request_first", .desc = "Indicate requests should be provided by first tier recipient", .type = OPTION_VALUE, - .opt.value = &cms_config.rr_allorfirst, + .opt.value = &cfg.rr_allorfirst, .value = 1, }, { @@ -886,7 +886,7 @@ static const struct option cms_options[] = { .name = "receipt_request_print", .desc = "Print out the contents of any signed receipt requests", .type = OPTION_FLAG, - .opt.flag = &cms_config.rr_print, + .opt.flag = &cfg.rr_print, }, { .name = "receipt_request_to", @@ -906,7 +906,7 @@ static const struct option cms_options[] = { .name = "resign", .desc = "Resign a signed message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_RESIGN, }, { @@ -927,14 +927,14 @@ static const struct option cms_options[] = { .name = "sign", .desc = "Sign message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_SIGN, }, { .name = "sign_receipt", .desc = "Generate a signed receipt for the message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_SIGN_RECEIPT, }, { @@ -948,7 +948,7 @@ static const struct option cms_options[] = { .name = "stream", .desc = "Enable CMS streaming", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_STREAM, }, { @@ -956,13 +956,13 @@ static const struct option cms_options[] = { .argname = "s", .desc = "Subject", .type = OPTION_ARG, - .opt.arg = &cms_config.subject, + .opt.arg = &cfg.subject, }, { .name = "text", .desc = "Include or delete text MIME headers", .type = OPTION_VALUE_OR, - .opt.value = &cms_config.flags, + .opt.value = &cfg.flags, .value = CMS_TEXT, }, { @@ -970,20 +970,20 @@ static const struct option cms_options[] = { .argname = "addr", .desc = "To address", .type = OPTION_ARG, - .opt.arg = &cms_config.to, + .opt.arg = &cfg.to, }, { .name = "uncompress", .desc = "Uncompress CMS CompressedData type", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_UNCOMPRESS, }, { .name = "verify", .desc = "Verify signed message", .type = OPTION_VALUE, - .opt.value = &cms_config.operation, + .opt.value = &cfg.operation, .value = SMIME_VERIFY, }, { @@ -997,7 +997,7 @@ static const struct option cms_options[] = { .name = "verify_retcode", .desc = "Set verification error code to exit code", .type = OPTION_FLAG, - .opt.flag = &cms_config.verify_retcode, + .opt.flag = &cfg.verify_retcode, }, { .name = "check_ss_sig", @@ -1170,84 +1170,84 @@ cms_main(int argc, char **argv) exit(1); } - memset(&cms_config, 0, sizeof(cms_config)); - cms_config.flags = CMS_DETACHED; - cms_config.rr_allorfirst = -1; - cms_config.informat = FORMAT_SMIME; - cms_config.outformat = FORMAT_SMIME; - cms_config.rctformat = FORMAT_SMIME; - cms_config.keyform = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.flags = CMS_DETACHED; + cfg.rr_allorfirst = -1; + cfg.informat = FORMAT_SMIME; + cfg.outformat = FORMAT_SMIME; + cfg.rctformat = FORMAT_SMIME; + cfg.keyform = FORMAT_PEM; if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { goto argerr; } args = argv + argsused; ret = 1; - if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && - cms_config.rr_to == NULL) { + if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) && + cfg.rr_to == NULL) { BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto argerr; } - if (!(cms_config.operation & SMIME_SIGNERS) && - (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { + if (!(cfg.operation & SMIME_SIGNERS) && + (cfg.rr_to != NULL || cfg.rr_from != NULL)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto argerr; } - if (!(cms_config.operation & SMIME_SIGNERS) && - (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { + if (!(cfg.operation & SMIME_SIGNERS) && + (cfg.skkeys != NULL || cfg.sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; } - if (cms_config.operation & SMIME_SIGNERS) { - if (cms_config.keyfile != NULL && - cms_config.signerfile == NULL) { + if (cfg.operation & SMIME_SIGNERS) { + if (cfg.keyfile != NULL && + cfg.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; } /* Check to see if any final signer needs to be appended */ - if (cms_config.signerfile != NULL) { - if (cms_config.sksigners == NULL && - (cms_config.sksigners = + if (cfg.signerfile != NULL) { + if (cfg.sksigners == NULL && + (cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - if (!sk_OPENSSL_STRING_push(cms_config.sksigners, - cms_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, + cfg.signerfile)) goto end; - if (cms_config.skkeys == NULL && - (cms_config.skkeys = + if (cfg.skkeys == NULL && + (cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - if (cms_config.keyfile == NULL) - cms_config.keyfile = cms_config.signerfile; - if (!sk_OPENSSL_STRING_push(cms_config.skkeys, - cms_config.keyfile)) + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; + if (!sk_OPENSSL_STRING_push(cfg.skkeys, + cfg.keyfile)) goto end; } - if (cms_config.sksigners == NULL) { + if (cfg.sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; } - cms_config.signerfile = NULL; - cms_config.keyfile = NULL; - } else if (cms_config.operation == SMIME_DECRYPT) { - if (cms_config.recipfile == NULL && - cms_config.keyfile == NULL && - cms_config.secret_key == NULL && - cms_config.pwri_pass == NULL) { + cfg.signerfile = NULL; + cfg.keyfile = NULL; + } else if (cfg.operation == SMIME_DECRYPT) { + if (cfg.recipfile == NULL && + cfg.keyfile == NULL && + cfg.secret_key == NULL && + cfg.pwri_pass == NULL) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; } - } else if (cms_config.operation == SMIME_ENCRYPT) { - if (*args == NULL && cms_config.secret_key == NULL && - cms_config.pwri_pass == NULL && - cms_config.encerts == NULL) { + } else if (cfg.operation == SMIME_ENCRYPT) { + if (*args == NULL && cfg.secret_key == NULL && + cfg.pwri_pass == NULL && + cfg.encerts == NULL) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } - } else if (!cms_config.operation) { + } else if (!cfg.operation) { badarg = 1; } @@ -1257,103 +1257,103 @@ cms_main(int argc, char **argv) goto end; } - if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ret = 2; - if (!(cms_config.operation & SMIME_SIGNERS)) - cms_config.flags &= ~CMS_DETACHED; + if (!(cfg.operation & SMIME_SIGNERS)) + cfg.flags &= ~CMS_DETACHED; - if (cms_config.operation & SMIME_OP) { - if (cms_config.outformat == FORMAT_ASN1) + if (cfg.operation & SMIME_OP) { + if (cfg.outformat == FORMAT_ASN1) outmode = "wb"; } else { - if (cms_config.flags & CMS_BINARY) + if (cfg.flags & CMS_BINARY) outmode = "wb"; } - if (cms_config.operation & SMIME_IP) { - if (cms_config.informat == FORMAT_ASN1) + if (cfg.operation & SMIME_IP) { + if (cfg.informat == FORMAT_ASN1) inmode = "rb"; } else { - if (cms_config.flags & CMS_BINARY) + if (cfg.flags & CMS_BINARY) inmode = "rb"; } - if (cms_config.operation == SMIME_ENCRYPT) { - if (cms_config.cipher == NULL) { + if (cfg.operation == SMIME_ENCRYPT) { + if (cfg.cipher == NULL) { #ifndef OPENSSL_NO_DES - cms_config.cipher = EVP_des_ede3_cbc(); + cfg.cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif } - if (cms_config.secret_key != NULL && - cms_config.secret_keyid == NULL) { + if (cfg.secret_key != NULL && + cfg.secret_keyid == NULL) { BIO_printf(bio_err, "No secret key id\n"); goto end; } - if (*args != NULL && cms_config.encerts == NULL) - if ((cms_config.encerts = sk_X509_new_null()) == NULL) + if (*args != NULL && cfg.encerts == NULL) + if ((cfg.encerts = sk_X509_new_null()) == NULL) goto end; while (*args) { - if ((cms_config.cert = load_cert(bio_err, *args, + if ((cfg.cert = load_cert(bio_err, *args, FORMAT_PEM, NULL, "recipient certificate file")) == NULL) goto end; - if (!sk_X509_push(cms_config.encerts, cms_config.cert)) + if (!sk_X509_push(cfg.encerts, cfg.cert)) goto end; - cms_config.cert = NULL; + cfg.cert = NULL; args++; } } - if (cms_config.certfile != NULL) { - if ((other = load_certs(bio_err, cms_config.certfile, + if (cfg.certfile != NULL) { + if ((other = load_certs(bio_err, cfg.certfile, FORMAT_PEM, NULL, "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (cms_config.recipfile != NULL && - (cms_config.operation == SMIME_DECRYPT)) { - if ((recip = load_cert(bio_err, cms_config.recipfile, + if (cfg.recipfile != NULL && + (cfg.operation == SMIME_DECRYPT)) { + if ((recip = load_cert(bio_err, cfg.recipfile, FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (cms_config.operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(bio_err, cms_config.signerfile, + if (cfg.operation == SMIME_SIGN_RECEIPT) { + if ((signer = load_cert(bio_err, cfg.signerfile, FORMAT_PEM, NULL, "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (cms_config.operation == SMIME_DECRYPT) { - if (cms_config.keyfile == NULL) - cms_config.keyfile = cms_config.recipfile; - } else if ((cms_config.operation == SMIME_SIGN) || - (cms_config.operation == SMIME_SIGN_RECEIPT)) { - if (cms_config.keyfile == NULL) - cms_config.keyfile = cms_config.signerfile; + if (cfg.operation == SMIME_DECRYPT) { + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.recipfile; + } else if ((cfg.operation == SMIME_SIGN) || + (cfg.operation == SMIME_SIGN_RECEIPT)) { + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; } else { - cms_config.keyfile = NULL; + cfg.keyfile = NULL; } - if (cms_config.keyfile != NULL) { - key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, + if (cfg.keyfile != NULL) { + key = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin, "signing key file"); if (key == NULL) goto end; } - if (cms_config.infile != NULL) { - if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { + if (cfg.infile != NULL) { + if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) { BIO_printf(bio_err, - "Can't open input file %s\n", cms_config.infile); + "Can't open input file %s\n", cfg.infile); goto end; } } else { @@ -1361,12 +1361,12 @@ cms_main(int argc, char **argv) goto end; } - if (cms_config.operation & SMIME_IP) { - if (cms_config.informat == FORMAT_SMIME) + if (cfg.operation & SMIME_IP) { + if (cfg.informat == FORMAT_SMIME) cms = SMIME_read_CMS(in, &indata); - else if (cms_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); - else if (cms_config.informat == FORMAT_ASN1) + else if (cfg.informat == FORMAT_ASN1) cms = d2i_CMS_bio(in, NULL); else { BIO_printf(bio_err, "Bad input format for CMS file\n"); @@ -1377,24 +1377,24 @@ cms_main(int argc, char **argv) BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (cms_config.contfile != NULL) { + if (cfg.contfile != NULL) { BIO_free(indata); - if ((indata = BIO_new_file(cms_config.contfile, + if ((indata = BIO_new_file(cfg.contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", - cms_config.contfile); + cfg.contfile); goto end; } } - if (cms_config.certsoutfile != NULL) { + if (cfg.certsoutfile != NULL) { STACK_OF(X509) *allcerts; if ((allcerts = CMS_get1_certs(cms)) == NULL) goto end; - if (!save_certs(cms_config.certsoutfile, allcerts)) { + if (!save_certs(cfg.certsoutfile, allcerts)) { BIO_printf(bio_err, "Error writing certs to %s\n", - cms_config.certsoutfile); + cfg.certsoutfile); sk_X509_pop_free(allcerts, X509_free); ret = 5; goto end; @@ -1402,19 +1402,19 @@ cms_main(int argc, char **argv) sk_X509_pop_free(allcerts, X509_free); } } - if (cms_config.rctfile != NULL) { - char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? + if (cfg.rctfile != NULL) { + char *rctmode = (cfg.rctformat == FORMAT_ASN1) ? "rb" : "r"; - if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { + if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) { BIO_printf(bio_err, - "Can't open receipt file %s\n", cms_config.rctfile); + "Can't open receipt file %s\n", cfg.rctfile); goto end; } - if (cms_config.rctformat == FORMAT_SMIME) + if (cfg.rctformat == FORMAT_SMIME) rcms = SMIME_read_CMS(rctin, NULL); - else if (cms_config.rctformat == FORMAT_PEM) + else if (cfg.rctformat == FORMAT_PEM) rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); - else if (cms_config.rctformat == FORMAT_ASN1) + else if (cfg.rctformat == FORMAT_ASN1) rcms = d2i_CMS_bio(rctin, NULL); else { BIO_printf(bio_err, "Bad input format for receipt\n"); @@ -1426,10 +1426,10 @@ cms_main(int argc, char **argv) goto end; } } - if (cms_config.outfile != NULL) { - if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { + if (cfg.outfile != NULL) { + if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) { BIO_printf(bio_err, - "Can't open output file %s\n", cms_config.outfile); + "Can't open output file %s\n", cfg.outfile); goto end; } } else { @@ -1437,42 +1437,42 @@ cms_main(int argc, char **argv) goto end; } - if ((cms_config.operation == SMIME_VERIFY) || - (cms_config.operation == SMIME_VERIFY_RECEIPT)) { - if ((store = setup_verify(bio_err, cms_config.CAfile, - cms_config.CApath)) == NULL) + if ((cfg.operation == SMIME_VERIFY) || + (cfg.operation == SMIME_VERIFY_RECEIPT)) { + if ((store = setup_verify(bio_err, cfg.CAfile, + cfg.CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); - if (cms_config.vpm != NULL) { - if (!X509_STORE_set1_param(store, cms_config.vpm)) + if (cfg.vpm != NULL) { + if (!X509_STORE_set1_param(store, cfg.vpm)) goto end; } } ret = 3; - if (cms_config.operation == SMIME_DATA_CREATE) { - cms = CMS_data_create(in, cms_config.flags); - } else if (cms_config.operation == SMIME_DIGEST_CREATE) { - cms = CMS_digest_create(in, cms_config.sign_md, - cms_config.flags); - } else if (cms_config.operation == SMIME_COMPRESS) { - cms = CMS_compress(in, -1, cms_config.flags); - } else if (cms_config.operation == SMIME_ENCRYPT) { + if (cfg.operation == SMIME_DATA_CREATE) { + cms = CMS_data_create(in, cfg.flags); + } else if (cfg.operation == SMIME_DIGEST_CREATE) { + cms = CMS_digest_create(in, cfg.sign_md, + cfg.flags); + } else if (cfg.operation == SMIME_COMPRESS) { + cms = CMS_compress(in, -1, cfg.flags); + } else if (cfg.operation == SMIME_ENCRYPT) { int i; - cms_config.flags |= CMS_PARTIAL; - cms = CMS_encrypt(NULL, in, cms_config.cipher, - cms_config.flags); + cfg.flags |= CMS_PARTIAL; + cms = CMS_encrypt(NULL, in, cfg.cipher, + cfg.flags); if (cms == NULL) goto end; - for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { + for (i = 0; i < sk_X509_num(cfg.encerts); i++) { CMS_RecipientInfo *ri; struct cms_key_param *kparam; - int tflags = cms_config.flags; + int tflags = cfg.flags; X509 *x; - if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) + if ((x = sk_X509_value(cfg.encerts, i)) == NULL) goto end; - for (kparam = cms_config.key_first; kparam != NULL; + for (kparam = cfg.key_first; kparam != NULL; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; @@ -1492,18 +1492,18 @@ cms_main(int argc, char **argv) } } - if (cms_config.secret_key != NULL) { + if (cfg.secret_key != NULL) { if (CMS_add0_recipient_key(cms, NID_undef, - cms_config.secret_key, cms_config.secret_keylen, - cms_config.secret_keyid, cms_config.secret_keyidlen, + cfg.secret_key, cfg.secret_keylen, + cfg.secret_keyid, cfg.secret_keyidlen, NULL, NULL, NULL) == NULL) goto end; /* NULL these because call absorbs them */ - cms_config.secret_key = NULL; - cms_config.secret_keyid = NULL; + cfg.secret_key = NULL; + cfg.secret_keyid = NULL; } - if (cms_config.pwri_pass != NULL) { - pwri_tmp = strdup(cms_config.pwri_pass); + if (cfg.pwri_pass != NULL) { + pwri_tmp = strdup(cfg.pwri_pass); if (pwri_tmp == NULL) goto end; if (CMS_add0_recipient_password(cms, -1, NID_undef, @@ -1511,16 +1511,16 @@ cms_main(int argc, char **argv) goto end; pwri_tmp = NULL; } - if (!(cms_config.flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, cms_config.flags)) + if (!(cfg.flags & CMS_STREAM)) { + if (!CMS_final(cms, in, NULL, cfg.flags)) goto end; } - } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { - cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, - cms_config.secret_key, cms_config.secret_keylen, - cms_config.flags); + } else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) { + cms = CMS_EncryptedData_encrypt(in, cfg.cipher, + cfg.secret_key, cfg.secret_keylen, + cfg.flags); - } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { + } else if (cfg.operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; @@ -1531,36 +1531,36 @@ cms_main(int argc, char **argv) if (si == NULL) goto end; srcms = CMS_sign_receipt(si, signer, key, other, - cms_config.flags); + cfg.flags); if (srcms == NULL) goto end; CMS_ContentInfo_free(cms); cms = srcms; - } else if (cms_config.operation & SMIME_SIGNERS) { + } else if (cfg.operation & SMIME_SIGNERS) { int i; /* * If detached data content we enable streaming if S/MIME * output format. */ - if (cms_config.operation == SMIME_SIGN) { + if (cfg.operation == SMIME_SIGN) { - if (cms_config.flags & CMS_DETACHED) { - if (cms_config.outformat == FORMAT_SMIME) - cms_config.flags |= CMS_STREAM; + if (cfg.flags & CMS_DETACHED) { + if (cfg.outformat == FORMAT_SMIME) + cfg.flags |= CMS_STREAM; } - cms_config.flags |= CMS_PARTIAL; - cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); + cfg.flags |= CMS_PARTIAL; + cms = CMS_sign(NULL, NULL, other, in, cfg.flags); if (cms == NULL) goto end; - if (cms_config.econtent_type != NULL) + if (cfg.econtent_type != NULL) if (!CMS_set1_eContentType(cms, - cms_config.econtent_type)) + cfg.econtent_type)) goto end; - if (cms_config.rr_to != NULL) { - rr = make_receipt_request(cms_config.rr_to, - cms_config.rr_allorfirst, - cms_config.rr_from); + if (cfg.rr_to != NULL) { + rr = make_receipt_request(cfg.rr_to, + cfg.rr_allorfirst, + cfg.rr_from); if (rr == NULL) { BIO_puts(bio_err, "Signed Receipt Request Creation Error\n"); @@ -1568,28 +1568,28 @@ cms_main(int argc, char **argv) } } } else { - cms_config.flags |= CMS_REUSE_DIGEST; + cfg.flags |= CMS_REUSE_DIGEST; } - for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) { CMS_SignerInfo *si; struct cms_key_param *kparam; - int tflags = cms_config.flags; + int tflags = cfg.flags; - cms_config.signerfile = sk_OPENSSL_STRING_value( - cms_config.sksigners, i); - cms_config.keyfile = sk_OPENSSL_STRING_value( - cms_config.skkeys, i); + cfg.signerfile = sk_OPENSSL_STRING_value( + cfg.sksigners, i); + cfg.keyfile = sk_OPENSSL_STRING_value( + cfg.skkeys, i); - signer = load_cert(bio_err, cms_config.signerfile, + signer = load_cert(bio_err, cfg.signerfile, FORMAT_PEM, NULL, "signer certificate"); if (signer == NULL) goto end; - key = load_key(bio_err, cms_config.keyfile, - cms_config.keyform, 0, passin, "signing key file"); + key = load_key(bio_err, cfg.keyfile, + cfg.keyform, 0, passin, "signing key file"); if (key == NULL) goto end; - for (kparam = cms_config.key_first; kparam != NULL; + for (kparam = cfg.key_first; kparam != NULL; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; @@ -1597,7 +1597,7 @@ cms_main(int argc, char **argv) } } si = CMS_add1_signer(cms, signer, key, - cms_config.sign_md, tflags); + cfg.sign_md, tflags); if (si == NULL) goto end; if (kparam != NULL) { @@ -1616,9 +1616,9 @@ cms_main(int argc, char **argv) key = NULL; } /* If not streaming or resigning finalize structure */ - if ((cms_config.operation == SMIME_SIGN) && - !(cms_config.flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, cms_config.flags)) + if ((cfg.operation == SMIME_SIGN) && + !(cfg.flags & CMS_STREAM)) { + if (!CMS_final(cms, in, NULL, cfg.flags)) goto end; } } @@ -1627,15 +1627,15 @@ cms_main(int argc, char **argv) goto end; } ret = 4; - if (cms_config.operation == SMIME_DECRYPT) { - if (cms_config.flags & CMS_DEBUG_DECRYPT) + if (cfg.operation == SMIME_DECRYPT) { + if (cfg.flags & CMS_DEBUG_DECRYPT) CMS_decrypt(cms, NULL, NULL, NULL, NULL, - cms_config.flags); + cfg.flags); - if (cms_config.secret_key != NULL) { - if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, - cms_config.secret_keylen, cms_config.secret_keyid, - cms_config.secret_keyidlen)) { + if (cfg.secret_key != NULL) { + if (!CMS_decrypt_set1_key(cms, cfg.secret_key, + cfg.secret_keylen, cfg.secret_keyid, + cfg.secret_keyidlen)) { BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); goto end; @@ -1648,95 +1648,95 @@ cms_main(int argc, char **argv) goto end; } } - if (cms_config.pwri_pass != NULL) { + if (cfg.pwri_pass != NULL) { if (!CMS_decrypt_set1_password(cms, - cms_config.pwri_pass, -1)) { + cfg.pwri_pass, -1)) { BIO_puts(bio_err, "Error decrypting CMS using password\n"); goto end; } } if (!CMS_decrypt(cms, NULL, NULL, indata, out, - cms_config.flags)) { + cfg.flags)) { BIO_printf(bio_err, "Error decrypting CMS structure\n"); goto end; } - } else if (cms_config.operation == SMIME_DATAOUT) { - if (!CMS_data(cms, out, cms_config.flags)) + } else if (cfg.operation == SMIME_DATAOUT) { + if (!CMS_data(cms, out, cfg.flags)) goto end; - } else if (cms_config.operation == SMIME_UNCOMPRESS) { - if (!CMS_uncompress(cms, indata, out, cms_config.flags)) + } else if (cfg.operation == SMIME_UNCOMPRESS) { + if (!CMS_uncompress(cms, indata, out, cfg.flags)) goto end; - } else if (cms_config.operation == SMIME_DIGEST_VERIFY) { - if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) + } else if (cfg.operation == SMIME_DIGEST_VERIFY) { + if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) BIO_printf(bio_err, "Verification successful\n"); else { BIO_printf(bio_err, "Verification failure\n"); goto end; } - } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { - if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, - cms_config.secret_keylen, indata, out, cms_config.flags)) + } else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) { + if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key, + cfg.secret_keylen, indata, out, cfg.flags)) goto end; - } else if (cms_config.operation == SMIME_VERIFY) { + } else if (cfg.operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, - cms_config.flags) > 0) { + cfg.flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); } else { BIO_printf(bio_err, "Verification failure\n"); - if (cms_config.verify_retcode) + if (cfg.verify_retcode) ret = verify_err + 32; goto end; } - if (cms_config.signerfile != NULL) { + if (cfg.signerfile != NULL) { STACK_OF(X509) *signers; if ((signers = CMS_get0_signers(cms)) == NULL) goto end; - if (!save_certs(cms_config.signerfile, signers)) { + if (!save_certs(cfg.signerfile, signers)) { BIO_printf(bio_err, "Error writing signers to %s\n", - cms_config.signerfile); + cfg.signerfile); sk_X509_free(signers); ret = 5; goto end; } sk_X509_free(signers); } - if (cms_config.rr_print) + if (cfg.rr_print) receipt_request_print(bio_err, cms); - } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { + } else if (cfg.operation == SMIME_VERIFY_RECEIPT) { if (CMS_verify_receipt(rcms, cms, other, store, - cms_config.flags) > 0) { + cfg.flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } } else { - if (cms_config.noout) { - if (cms_config.print && + if (cfg.noout) { + if (cfg.print && !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) goto end; - } else if (cms_config.outformat == FORMAT_SMIME) { - if (cms_config.to != NULL) - BIO_printf(out, "To: %s\n", cms_config.to); - if (cms_config.from != NULL) - BIO_printf(out, "From: %s\n", cms_config.from); - if (cms_config.subject != NULL) + } else if (cfg.outformat == FORMAT_SMIME) { + if (cfg.to != NULL) + BIO_printf(out, "To: %s\n", cfg.to); + if (cfg.from != NULL) + BIO_printf(out, "From: %s\n", cfg.from); + if (cfg.subject != NULL) BIO_printf(out, "Subject: %s\n", - cms_config.subject); - if (cms_config.operation == SMIME_RESIGN) + cfg.subject); + if (cfg.operation == SMIME_RESIGN) ret = SMIME_write_CMS(out, cms, indata, - cms_config.flags); + cfg.flags); else ret = SMIME_write_CMS(out, cms, in, - cms_config.flags); - } else if (cms_config.outformat == FORMAT_PEM) { + cfg.flags); + } else if (cfg.outformat == FORMAT_PEM) { ret = PEM_write_bio_CMS_stream(out, cms, in, - cms_config.flags); - } else if (cms_config.outformat == FORMAT_ASN1) { - ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); + cfg.flags); + } else if (cfg.outformat == FORMAT_ASN1) { + ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags); } else { BIO_printf(bio_err, "Bad output format for CMS file\n"); goto end; @@ -1752,27 +1752,27 @@ cms_main(int argc, char **argv) if (ret) ERR_print_errors(bio_err); - sk_X509_pop_free(cms_config.encerts, X509_free); + sk_X509_pop_free(cfg.encerts, X509_free); sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(cms_config.vpm); - sk_OPENSSL_STRING_free(cms_config.sksigners); - sk_OPENSSL_STRING_free(cms_config.skkeys); - free(cms_config.secret_key); - free(cms_config.secret_keyid); + X509_VERIFY_PARAM_free(cfg.vpm); + sk_OPENSSL_STRING_free(cfg.sksigners); + sk_OPENSSL_STRING_free(cfg.skkeys); + free(cfg.secret_key); + free(cfg.secret_keyid); free(pwri_tmp); - ASN1_OBJECT_free(cms_config.econtent_type); + ASN1_OBJECT_free(cfg.econtent_type); CMS_ReceiptRequest_free(rr); - sk_OPENSSL_STRING_free(cms_config.rr_to); - sk_OPENSSL_STRING_free(cms_config.rr_from); - for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { + sk_OPENSSL_STRING_free(cfg.rr_to); + sk_OPENSSL_STRING_free(cfg.rr_from); + for (cfg.key_param = cfg.key_first; cfg.key_param;) { struct cms_key_param *tparam; - sk_OPENSSL_STRING_free(cms_config.key_param->param); - tparam = cms_config.key_param->next; - free(cms_config.key_param); - cms_config.key_param = tparam; + sk_OPENSSL_STRING_free(cfg.key_param->param); + tparam = cfg.key_param->next; + free(cfg.key_param); + cfg.key_param = tparam; } X509_STORE_free(store); - X509_free(cms_config.cert); + X509_free(cfg.cert); X509_free(recip); X509_free(signer); EVP_PKEY_free(key); diff --git a/usr.bin/openssl/crl.c b/usr.bin/openssl/crl.c index 6b7bc5b72e7..e64038dfda1 100644 --- a/usr.bin/openssl/crl.c +++ b/usr.bin/openssl/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: crl.c,v 1.17 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,7 +86,7 @@ static struct { int outformat; int text; int verify; -} crl_config; +} cfg; static const struct option crl_options[] = { { @@ -94,109 +94,109 @@ static const struct option crl_options[] = { .argname = "file", .desc = "Verify the CRL using certificates in the given file", .type = OPTION_ARG, - .opt.arg = &crl_config.cafile, + .opt.arg = &cfg.cafile, }, { .name = "CApath", .argname = "path", .desc = "Verify the CRL using certificates in the given path", .type = OPTION_ARG, - .opt.arg = &crl_config.capath, + .opt.arg = &cfg.capath, }, { .name = "crlnumber", .desc = "Print the CRL number", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.crlnumber, + .opt.flag = &cfg.crlnumber, }, { .name = "fingerprint", .desc = "Print the CRL fingerprint", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.fingerprint, + .opt.flag = &cfg.fingerprint, }, { .name = "hash", .desc = "Print the hash of the issuer name", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.hash, + .opt.flag = &cfg.hash, }, { .name = "hash_old", .desc = "Print an old-style (MD5) hash of the issuer name", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.hash_old, + .opt.flag = &cfg.hash_old, }, { .name = "in", .argname = "file", .desc = "Input file to read from (stdin if unspecified)", .type = OPTION_ARG, - .opt.arg = &crl_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &crl_config.informat, + .opt.value = &cfg.informat, }, { .name = "issuer", .desc = "Print the issuer name", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.issuer, + .opt.flag = &cfg.issuer, }, { .name = "lastupdate", .desc = "Print the lastUpdate field", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.lastupdate, + .opt.flag = &cfg.lastupdate, }, { .name = "nameopt", .argname = "options", .desc = "Specify certificate name options", .type = OPTION_ARG, - .opt.arg = &crl_config.nameopt, + .opt.arg = &cfg.nameopt, }, { .name = "nextupdate", .desc = "Print the nextUpdate field", .type = OPTION_FLAG_ORD, - .opt.flag = &crl_config.nextupdate, + .opt.flag = &cfg.nextupdate, }, { .name = "noout", .desc = "Do not output the encoded version of the CRL", .type = OPTION_FLAG, - .opt.flag = &crl_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file to write to (stdout if unspecified)", .type = OPTION_ARG, - .opt.arg = &crl_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &crl_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print out the CRL in text form", .type = OPTION_FLAG, - .opt.flag = &crl_config.text, + .opt.flag = &cfg.text, }, { .name = "verify", .desc = "Verify the signature on the CRL", .type = OPTION_FLAG, - .opt.flag = &crl_config.verify, + .opt.flag = &cfg.verify, }, {NULL}, }; @@ -243,23 +243,23 @@ crl_main(int argc, char **argv) digest = EVP_sha256(); - memset(&crl_config, 0, sizeof(crl_config)); - crl_config.informat = FORMAT_PEM; - crl_config.outformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, crl_options, &digest_name, NULL) != 0) { crl_usage(); goto end; } - if (crl_config.cafile != NULL || crl_config.capath != NULL) - crl_config.verify = 1; + if (cfg.cafile != NULL || cfg.capath != NULL) + cfg.verify = 1; - if (crl_config.nameopt != NULL) { - if (set_name_ex(&nmflag, crl_config.nameopt) != 1) { + if (cfg.nameopt != NULL) { + if (set_name_ex(&nmflag, cfg.nameopt) != 1) { fprintf(stderr, "Invalid -nameopt argument '%s'\n", - crl_config.nameopt); + cfg.nameopt); goto end; } } @@ -273,18 +273,18 @@ crl_main(int argc, char **argv) } } - x = load_crl(crl_config.infile, crl_config.informat); + x = load_crl(cfg.infile, cfg.informat); if (x == NULL) goto end; - if (crl_config.verify) { + if (cfg.verify) { store = X509_STORE_new(); if (store == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; - if (!X509_LOOKUP_load_file(lookup, crl_config.cafile, + if (!X509_LOOKUP_load_file(lookup, cfg.cafile, X509_FILETYPE_PEM)) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); @@ -292,7 +292,7 @@ crl_main(int argc, char **argv) lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; - if (!X509_LOOKUP_add_dir(lookup, crl_config.capath, + if (!X509_LOOKUP_add_dir(lookup, cfg.capath, X509_FILETYPE_PEM)) X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); @@ -335,11 +335,11 @@ crl_main(int argc, char **argv) /* Print requested information the order that the flags were given. */ for (i = 1; i <= argc; i++) { - if (crl_config.issuer == i) { + if (cfg.issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } - if (crl_config.crlnumber == i) { + if (cfg.crlnumber == i) { ASN1_INTEGER *crlnum; crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL); @@ -351,23 +351,23 @@ crl_main(int argc, char **argv) BIO_puts(bio_out, "<NONE>"); BIO_printf(bio_out, "\n"); } - if (crl_config.hash == i) { + if (cfg.hash == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } #ifndef OPENSSL_NO_MD5 - if (crl_config.hash_old == i) { + if (cfg.hash_old == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash_old(X509_CRL_get_issuer(x))); } #endif - if (crl_config.lastupdate == i) { + if (cfg.lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); BIO_printf(bio_out, "\n"); } - if (crl_config.nextupdate == i) { + if (cfg.nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, @@ -376,7 +376,7 @@ crl_main(int argc, char **argv) BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); } - if (crl_config.fingerprint == i) { + if (cfg.fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; @@ -399,25 +399,25 @@ crl_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (crl_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, crl_config.outfile) <= 0) { - perror(crl_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (crl_config.text) + if (cfg.text) X509_CRL_print(out, x); - if (crl_config.noout) { + if (cfg.noout) { ret = 0; goto end; } - if (crl_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = (int) i2d_X509_CRL_bio(out, x); - else if (crl_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_X509_CRL(out, x); else { BIO_printf(bio_err, diff --git a/usr.bin/openssl/crl2p7.c b/usr.bin/openssl/crl2p7.c index 0b0eae2a991..dfbc896a214 100644 --- a/usr.bin/openssl/crl2p7.c +++ b/usr.bin/openssl/crl2p7.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,18 +83,18 @@ static struct { int nocrl; char *outfile; int outformat; -} crl2p7_config; +} cfg; static int crl2p7_opt_certfile(char *arg) { - if (crl2p7_config.certflst == NULL) - crl2p7_config.certflst = sk_OPENSSL_STRING_new_null(); - if (crl2p7_config.certflst == NULL) { + if (cfg.certflst == NULL) + cfg.certflst = sk_OPENSSL_STRING_new_null(); + if (cfg.certflst == NULL) { fprintf(stderr, "out of memory\n"); return (1); } - if (!sk_OPENSSL_STRING_push(crl2p7_config.certflst, arg)) { + if (!sk_OPENSSL_STRING_push(cfg.certflst, arg)) { fprintf(stderr, "out of memory\n"); return (1); } @@ -115,34 +115,34 @@ static const struct option crl2p7_options[] = { .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &crl2p7_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &crl2p7_config.informat, + .opt.value = &cfg.informat, }, { .name = "nocrl", .desc = "Do not read CRL from input or include CRL in output", .type = OPTION_FLAG, - .opt.flag = &crl2p7_config.nocrl, + .opt.flag = &cfg.nocrl, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &crl2p7_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &crl2p7_config.outformat, + .opt.value = &cfg.outformat, }, { NULL }, }; @@ -174,10 +174,10 @@ crl2pkcs7_main(int argc, char **argv) exit(1); } - memset(&crl2p7_config, 0, sizeof(crl2p7_config)); + memset(&cfg, 0, sizeof(cfg)); - crl2p7_config.informat = FORMAT_PEM; - crl2p7_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) { crl2p7_usage(); @@ -190,19 +190,19 @@ crl2pkcs7_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (!crl2p7_config.nocrl) { - if (crl2p7_config.infile == NULL) + if (!cfg.nocrl) { + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, crl2p7_config.infile) <= 0) { - perror(crl2p7_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (crl2p7_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) crl = d2i_X509_CRL_bio(in, NULL); - else if (crl2p7_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); else { BIO_printf(bio_err, @@ -236,9 +236,9 @@ crl2pkcs7_main(int argc, char **argv) goto end; p7s->cert = cert_stack; - if (crl2p7_config.certflst) { - for (i = 0; i < sk_OPENSSL_STRING_num(crl2p7_config.certflst); i++) { - certfile = sk_OPENSSL_STRING_value(crl2p7_config.certflst, i); + if (cfg.certflst) { + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.certflst); i++) { + certfile = sk_OPENSSL_STRING_value(cfg.certflst, i); if (add_certs_from_file(cert_stack, certfile) < 0) { BIO_printf(bio_err, "error loading certificates\n"); @@ -248,20 +248,20 @@ crl2pkcs7_main(int argc, char **argv) } } - sk_OPENSSL_STRING_free(crl2p7_config.certflst); + sk_OPENSSL_STRING_free(cfg.certflst); - if (crl2p7_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, crl2p7_config.outfile) <= 0) { - perror(crl2p7_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (crl2p7_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = i2d_PKCS7_bio(out, p7); - else if (crl2p7_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_PKCS7(out, p7); else { BIO_printf(bio_err, diff --git a/usr.bin/openssl/dgst.c b/usr.bin/openssl/dgst.c index d29bc6f98cf..39799664813 100644 --- a/usr.bin/openssl/dgst.c +++ b/usr.bin/openssl/dgst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -96,7 +96,7 @@ static struct { char *sigfile; STACK_OF(OPENSSL_STRING) *sigopts; int want_pub; -} dgst_config; +} cfg; static int dgst_opt_macopt(char *arg) @@ -104,11 +104,11 @@ dgst_opt_macopt(char *arg) if (arg == NULL) return (1); - if (dgst_config.macopts == NULL && - (dgst_config.macopts = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.macopts == NULL && + (cfg.macopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); - if (!sk_OPENSSL_STRING_push(dgst_config.macopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.macopts, arg)) return (1); return (0); @@ -122,10 +122,10 @@ dgst_opt_md(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((dgst_config.m = EVP_get_digestbyname(name)) == NULL) + if ((cfg.m = EVP_get_digestbyname(name)) == NULL) return (1); - dgst_config.md = dgst_config.m; + cfg.md = cfg.m; *argsused = 1; return (0); @@ -137,8 +137,8 @@ dgst_opt_prverify(char *arg) if (arg == NULL) return (1); - dgst_config.keyfile = arg; - dgst_config.do_verify = 1; + cfg.keyfile = arg; + cfg.do_verify = 1; return (0); } @@ -148,11 +148,11 @@ dgst_opt_sigopt(char *arg) if (arg == NULL) return (1); - if (dgst_config.sigopts == NULL && - (dgst_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.sigopts == NULL && + (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); - if (!sk_OPENSSL_STRING_push(dgst_config.sigopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) return (1); return (0); @@ -164,9 +164,9 @@ dgst_opt_verify(char *arg) if (arg == NULL) return (1); - dgst_config.keyfile = arg; - dgst_config.want_pub = 1; - dgst_config.do_verify = 1; + cfg.keyfile = arg; + cfg.want_pub = 1; + cfg.do_verify = 1; return (0); } @@ -175,27 +175,27 @@ static const struct option dgst_options[] = { .name = "binary", .desc = "Output the digest or signature in binary form", .type = OPTION_VALUE, - .opt.value = &dgst_config.out_bin, + .opt.value = &cfg.out_bin, .value = 1, }, { .name = "c", .desc = "Print the digest in two-digit groups separated by colons", .type = OPTION_VALUE, - .opt.value = &dgst_config.separator, + .opt.value = &cfg.separator, .value = 1, }, { .name = "d", .desc = "Print BIO debugging information", .type = OPTION_FLAG, - .opt.flag = &dgst_config.debug, + .opt.flag = &cfg.debug, }, { .name = "hex", .desc = "Output as hex dump", .type = OPTION_VALUE, - .opt.value = &dgst_config.out_bin, + .opt.value = &cfg.out_bin, .value = 0, }, { @@ -203,21 +203,21 @@ static const struct option dgst_options[] = { .argname = "key", .desc = "Create hashed MAC with key", .type = OPTION_ARG, - .opt.arg = &dgst_config.hmac_key, + .opt.arg = &cfg.hmac_key, }, { .name = "keyform", .argname = "format", .desc = "Key file format (PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &dgst_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "mac", .argname = "algorithm", .desc = "Create MAC (not necessarily HMAC)", .type = OPTION_ARG, - .opt.arg = &dgst_config.mac_name, + .opt.arg = &cfg.mac_name, }, { .name = "macopt", @@ -231,14 +231,14 @@ static const struct option dgst_options[] = { .argname = "file", .desc = "Output to file rather than stdout", .type = OPTION_ARG, - .opt.arg = &dgst_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "arg", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &dgst_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "prverify", @@ -251,7 +251,7 @@ static const struct option dgst_options[] = { .name = "r", .desc = "Output the digest in coreutils format", .type = OPTION_VALUE, - .opt.value = &dgst_config.separator, + .opt.value = &cfg.separator, .value = 2, }, { @@ -259,14 +259,14 @@ static const struct option dgst_options[] = { .argname = "file", .desc = "Sign digest using private key in file", .type = OPTION_ARG, - .opt.arg = &dgst_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "signature", .argname = "file", .desc = "Signature to verify", .type = OPTION_ARG, - .opt.arg = &dgst_config.sigfile, + .opt.arg = &cfg.sigfile, }, { .name = "sigopt", @@ -348,24 +348,24 @@ dgst_main(int argc, char **argv) goto end; } - memset(&dgst_config, 0, sizeof(dgst_config)); - dgst_config.keyform = FORMAT_PEM; - dgst_config.out_bin = -1; + memset(&cfg, 0, sizeof(cfg)); + cfg.keyform = FORMAT_PEM; + cfg.out_bin = -1; /* first check the program name */ program_name(argv[0], pname, sizeof pname); - dgst_config.md = EVP_get_digestbyname(pname); + cfg.md = EVP_get_digestbyname(pname); if (options_parse(argc, argv, dgst_options, NULL, - &dgst_config.argsused) != 0) { + &cfg.argsused) != 0) { dgst_usage(); goto end; } - argc -= dgst_config.argsused; - argv += dgst_config.argsused; + argc -= cfg.argsused; + argv += cfg.argsused; - if (dgst_config.do_verify && !dgst_config.sigfile) { + if (cfg.do_verify && !cfg.sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; @@ -378,50 +378,50 @@ dgst_main(int argc, char **argv) goto end; } - if (dgst_config.debug) { + if (cfg.debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ BIO_set_callback_arg(in, (char *) bio_err); } - if (!app_passwd(bio_err, dgst_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (dgst_config.out_bin == -1) { - if (dgst_config.keyfile) - dgst_config.out_bin = 1; + if (cfg.out_bin == -1) { + if (cfg.keyfile) + cfg.out_bin = 1; else - dgst_config.out_bin = 0; + cfg.out_bin = 0; } - if (dgst_config.outfile) { - if (dgst_config.out_bin) - out = BIO_new_file(dgst_config.outfile, "wb"); + if (cfg.outfile) { + if (cfg.out_bin) + out = BIO_new_file(cfg.outfile, "wb"); else - out = BIO_new_file(dgst_config.outfile, "w"); + out = BIO_new_file(cfg.outfile, "w"); } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } if (!out) { BIO_printf(bio_err, "Error opening output file %s\n", - dgst_config.outfile ? dgst_config.outfile : "(stdout)"); + cfg.outfile ? cfg.outfile : "(stdout)"); ERR_print_errors(bio_err); goto end; } - if ((!!dgst_config.mac_name + !!dgst_config.keyfile + - !!dgst_config.hmac_key) > 1) { + if ((!!cfg.mac_name + !!cfg.keyfile + + !!cfg.hmac_key) > 1) { BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } - if (dgst_config.keyfile) { - if (dgst_config.want_pub) - sigkey = load_pubkey(bio_err, dgst_config.keyfile, - dgst_config.keyform, 0, NULL, "key file"); + if (cfg.keyfile) { + if (cfg.want_pub) + sigkey = load_pubkey(bio_err, cfg.keyfile, + cfg.keyform, 0, NULL, "key file"); else - sigkey = load_key(bio_err, dgst_config.keyfile, - dgst_config.keyform, 0, passin, "key file"); + sigkey = load_key(bio_err, cfg.keyfile, + cfg.keyform, 0, passin, "key file"); if (!sigkey) { /* * load_[pub]key() has already printed an appropriate @@ -430,17 +430,17 @@ dgst_main(int argc, char **argv) goto end; } } - if (dgst_config.mac_name) { + if (cfg.mac_name) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; - if (!init_gen_str(bio_err, &mac_ctx, dgst_config.mac_name, 0)) + if (!init_gen_str(bio_err, &mac_ctx, cfg.mac_name, 0)) goto mac_end; - if (dgst_config.macopts) { + if (cfg.macopts) { char *macopt; for (i = 0; i < sk_OPENSSL_STRING_num( - dgst_config.macopts); i++) { + cfg.macopts); i++) { macopt = sk_OPENSSL_STRING_value( - dgst_config.macopts, i); + cfg.macopts, i); if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { BIO_printf(bio_err, "MAC parameter error \"%s\"\n", @@ -461,9 +461,9 @@ dgst_main(int argc, char **argv) if (r == 0) goto end; } - if (dgst_config.hmac_key) { + if (cfg.hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - (unsigned char *) dgst_config.hmac_key, -1); + (unsigned char *) cfg.hmac_key, -1); if (!sigkey) goto end; } @@ -476,23 +476,23 @@ dgst_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dgst_config.do_verify) - r = EVP_DigestVerifyInit(mctx, &pctx, dgst_config.md, + if (cfg.do_verify) + r = EVP_DigestVerifyInit(mctx, &pctx, cfg.md, NULL, sigkey); else - r = EVP_DigestSignInit(mctx, &pctx, dgst_config.md, + r = EVP_DigestSignInit(mctx, &pctx, cfg.md, NULL, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); ERR_print_errors(bio_err); goto end; } - if (dgst_config.sigopts) { + if (cfg.sigopts) { char *sigopt; for (i = 0; i < sk_OPENSSL_STRING_num( - dgst_config.sigopts); i++) { + cfg.sigopts); i++) { sigopt = sk_OPENSSL_STRING_value( - dgst_config.sigopts, i); + cfg.sigopts, i); if (pkey_ctrl_string(pctx, sigopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", @@ -505,16 +505,16 @@ dgst_main(int argc, char **argv) } /* we use md as a filter, reading from 'in' */ else { - if (dgst_config.md == NULL) - dgst_config.md = EVP_sha256(); - if (!BIO_set_md(bmd, dgst_config.md)) { + if (cfg.md == NULL) + cfg.md = EVP_sha256(); + if (!BIO_set_md(bmd, cfg.md)) { BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); goto end; } } - if (dgst_config.sigfile && sigkey) { + if (cfg.sigfile && sigkey) { BIO *sigbio; siglen = EVP_PKEY_size(sigkey); sigbuf = malloc(siglen); @@ -523,10 +523,10 @@ dgst_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - sigbio = BIO_new_file(dgst_config.sigfile, "rb"); + sigbio = BIO_new_file(cfg.sigfile, "rb"); if (!sigbio) { BIO_printf(bio_err, "Error opening signature file %s\n", - dgst_config.sigfile); + cfg.sigfile); ERR_print_errors(bio_err); goto end; } @@ -534,26 +534,26 @@ dgst_main(int argc, char **argv) BIO_free(sigbio); if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s\n", - dgst_config.sigfile); + cfg.sigfile); ERR_print_errors(bio_err); goto end; } } inp = BIO_push(bmd, in); - if (dgst_config.md == NULL) { + if (cfg.md == NULL) { EVP_MD_CTX *tctx; BIO_get_md_ctx(bmd, &tctx); - dgst_config.md = EVP_MD_CTX_md(tctx); + cfg.md = EVP_MD_CTX_md(tctx); } if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); - err = do_fp(out, buf, inp, dgst_config.separator, - dgst_config.out_bin, sigkey, sigbuf, siglen, NULL, NULL, + err = do_fp(out, buf, inp, cfg.separator, + cfg.out_bin, sigkey, sigbuf, siglen, NULL, NULL, "stdin", bmd); } else { const char *md_name = NULL, *sig_name = NULL; - if (!dgst_config.out_bin) { + if (!cfg.out_bin) { if (sigkey) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); @@ -561,7 +561,7 @@ dgst_main(int argc, char **argv) EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } - md_name = EVP_MD_name(dgst_config.md); + md_name = EVP_MD_name(cfg.md); } err = 0; for (i = 0; i < argc; i++) { @@ -571,8 +571,8 @@ dgst_main(int argc, char **argv) err++; continue; } else { - r = do_fp(out, buf, inp, dgst_config.separator, - dgst_config.out_bin, sigkey, sigbuf, siglen, + r = do_fp(out, buf, inp, cfg.separator, + cfg.out_bin, sigkey, sigbuf, siglen, sig_name, md_name, argv[i], bmd); } if (r) @@ -587,8 +587,8 @@ dgst_main(int argc, char **argv) free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); - sk_OPENSSL_STRING_free(dgst_config.sigopts); - sk_OPENSSL_STRING_free(dgst_config.macopts); + sk_OPENSSL_STRING_free(cfg.sigopts); + sk_OPENSSL_STRING_free(cfg.macopts); free(sigbuf); BIO_free(bmd); diff --git a/usr.bin/openssl/dh.c b/usr.bin/openssl/dh.c index 200233c0f26..a4c02235f21 100644 --- a/usr.bin/openssl/dh.c +++ b/usr.bin/openssl/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: dh.c,v 1.15 2023/03/06 14:32:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,60 +83,60 @@ static struct { char *outfile; int outformat; int text; -} dh_config; +} cfg; static const struct option dh_options[] = { { .name = "C", .desc = "Convert DH parameters into C code", .type = OPTION_FLAG, - .opt.flag = &dh_config.C, + .opt.flag = &cfg.C, }, { .name = "check", .desc = "Check the DH parameters", .type = OPTION_FLAG, - .opt.flag = &dh_config.check, + .opt.flag = &cfg.check, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &dh_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dh_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "No output", .type = OPTION_FLAG, - .opt.flag = &dh_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &dh_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dh_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print a text form of the DH parameters", .type = OPTION_FLAG, - .opt.flag = &dh_config.text, + .opt.flag = &cfg.text, }, { NULL }, }; @@ -163,10 +163,10 @@ dh_main(int argc, char **argv) exit(1); } - memset(&dh_config, 0, sizeof(dh_config)); + memset(&cfg, 0, sizeof(cfg)); - dh_config.informat = FORMAT_PEM; - dh_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, dh_options, NULL, NULL) != 0) { dh_usage(); @@ -179,26 +179,26 @@ dh_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dh_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, dh_config.infile) <= 0) { - perror(dh_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (dh_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, dh_config.outfile) <= 0) { - perror(dh_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (dh_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) dh = d2i_DHparams_bio(in, NULL); - else if (dh_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified\n"); @@ -209,10 +209,10 @@ dh_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dh_config.text) { + if (cfg.text) { DHparams_print(out, dh); } - if (dh_config.check) { + if (cfg.check) { if (!DH_check(dh, &i)) { ERR_print_errors(bio_err); goto end; @@ -228,7 +228,7 @@ dh_main(int argc, char **argv) if (i == 0) printf("DH parameters appear to be ok.\n"); } - if (dh_config.C) { + if (cfg.C) { unsigned char *data; int len, l, bits; @@ -271,10 +271,10 @@ dh_main(int argc, char **argv) printf("\treturn(dh);\n\t}\n"); free(data); } - if (!dh_config.noout) { - if (dh_config.outformat == FORMAT_ASN1) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); - else if (dh_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_DHparams(out, dh); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); diff --git a/usr.bin/openssl/dhparam.c b/usr.bin/openssl/dhparam.c index 8a487cb918e..0542464d7bb 100644 --- a/usr.bin/openssl/dhparam.c +++ b/usr.bin/openssl/dhparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: dhparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,7 +142,7 @@ static struct { char *outfile; int outformat; int text; -} dhparam_config; +} cfg; static const struct option dhparam_options[] = { { @@ -150,73 +150,73 @@ static const struct option dhparam_options[] = { .desc = "Generate DH parameters with a generator value of 2 " "(default)", .type = OPTION_VALUE, - .opt.value = &dhparam_config.g, + .opt.value = &cfg.g, .value = 2, }, { .name = "5", .desc = "Generate DH parameters with a generator value of 5", .type = OPTION_VALUE, - .opt.value = &dhparam_config.g, + .opt.value = &cfg.g, .value = 5, }, { .name = "C", .desc = "Convert DH parameters into C code", .type = OPTION_FLAG, - .opt.flag = &dhparam_config.C, + .opt.flag = &cfg.C, }, { .name = "check", .desc = "Check the DH parameters", .type = OPTION_FLAG, - .opt.flag = &dhparam_config.check, + .opt.flag = &cfg.check, }, { .name = "dsaparam", .desc = "Read or generate DSA parameters and convert to DH", .type = OPTION_FLAG, - .opt.flag = &dhparam_config.dsaparam, + .opt.flag = &cfg.dsaparam, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &dhparam_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dhparam_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "Do not output encoded version of DH parameters", .type = OPTION_FLAG, - .opt.flag = &dhparam_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &dhparam_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dhparam_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print DH parameters in plain text", .type = OPTION_FLAG, - .opt.flag = &dhparam_config.text, + .opt.flag = &cfg.text, }, { NULL }, }; @@ -249,10 +249,10 @@ dhparam_main(int argc, char **argv) exit(1); } - memset(&dhparam_config, 0, sizeof(dhparam_config)); + memset(&cfg, 0, sizeof(cfg)); - dhparam_config.informat = FORMAT_PEM; - dhparam_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { dhparam_usage(); @@ -267,18 +267,18 @@ dhparam_main(int argc, char **argv) } } - if (dhparam_config.g && !num) + if (cfg.g && !num) num = DEFBITS; - if (dhparam_config.dsaparam) { - if (dhparam_config.g) { + if (cfg.dsaparam) { + if (cfg.g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } } else { /* DH parameters */ - if (num && !dhparam_config.g) - dhparam_config.g = 2; + if (num && !cfg.g) + cfg.g = 2; } if (num) { @@ -289,7 +289,7 @@ dhparam_main(int argc, char **argv) } BN_GENCB_set(cb, dh_cb, bio_err); - if (dhparam_config.dsaparam) { + if (cfg.dsaparam) { DSA *dsa = DSA_new(); BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); @@ -307,9 +307,9 @@ dhparam_main(int argc, char **argv) } } else { dh = DH_new(); - BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); + BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, cfg.g); BIO_printf(bio_err, "This is going to take a long time\n"); - if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, cb)) { + if (!dh || !DH_generate_parameters_ex(dh, num, cfg.g, cb)) { ERR_print_errors(bio_err); goto end; } @@ -321,24 +321,24 @@ dhparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dhparam_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, dhparam_config.infile) <= 0) { - perror(dhparam_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (dhparam_config.informat != FORMAT_ASN1 && - dhparam_config.informat != FORMAT_PEM) { + if (cfg.informat != FORMAT_ASN1 && + cfg.informat != FORMAT_PEM) { BIO_printf(bio_err, "bad input format specified\n"); goto end; } - if (dhparam_config.dsaparam) { + if (cfg.dsaparam) { DSA *dsa; - if (dhparam_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) dsa = d2i_DSAparams_bio(in, NULL); else /* informat == FORMAT_PEM */ dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); @@ -356,7 +356,7 @@ dhparam_main(int argc, char **argv) } } else { - if (dhparam_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) dh = d2i_DHparams_bio(in, NULL); else /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); @@ -376,20 +376,20 @@ dhparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dhparam_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, dhparam_config.outfile) <= 0) { - perror(dhparam_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (dhparam_config.text) { + if (cfg.text) { DHparams_print(out, dh); } - if (dhparam_config.check) { + if (cfg.check) { if (!DH_check(dh, &i)) { ERR_print_errors(bio_err); goto end; @@ -405,7 +405,7 @@ dhparam_main(int argc, char **argv) if (i == 0) printf("DH parameters appear to be ok.\n"); } - if (dhparam_config.C) { + if (cfg.C) { unsigned char *data; int len, l, bits; @@ -454,10 +454,10 @@ dhparam_main(int argc, char **argv) printf("\treturn(dh);\n\t}\n"); free(data); } - if (!dhparam_config.noout) { - if (dhparam_config.outformat == FORMAT_ASN1) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); - else if (dhparam_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_DHparams(out, dh); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); diff --git a/usr.bin/openssl/dsa.c b/usr.bin/openssl/dsa.c index 0a3772dff78..f1de78cf4db 100644 --- a/usr.bin/openssl/dsa.c +++ b/usr.bin/openssl/dsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: dsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -87,7 +87,7 @@ static struct { int pubout; int pvk_encr; int text; -} dsa_config; +} cfg; static int dsa_opt_enc(int argc, char **argv, int *argsused) @@ -97,7 +97,7 @@ dsa_opt_enc(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((dsa_config.enc = EVP_get_cipherbyname(name)) != NULL) { + if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) { *argsused = 1; return (0); } @@ -111,7 +111,7 @@ static const struct option dsa_options[] = { .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &dsa_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", @@ -119,87 +119,87 @@ static const struct option dsa_options[] = { .desc = "Input format (PEM (default) or any other supported" " format)", .type = OPTION_ARG_FORMAT, - .opt.value = &dsa_config.informat, + .opt.value = &cfg.informat, }, { .name = "modulus", .desc = "Print the DSA public value", .type = OPTION_FLAG, - .opt.flag = &dsa_config.modulus, + .opt.flag = &cfg.modulus, }, { .name = "noout", .desc = "No output", .type = OPTION_FLAG, - .opt.flag = &dsa_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &dsa_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)", .type = OPTION_ARG_FORMAT, - .opt.value = &dsa_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "source", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &dsa_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "source", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &dsa_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "pubin", .desc = "Read a public key from the input file instead of" " private key", .type = OPTION_FLAG, - .opt.flag = &dsa_config.pubin, + .opt.flag = &cfg.pubin, }, { .name = "pubout", .desc = "Output a public key instead of private key", .type = OPTION_FLAG, - .opt.flag = &dsa_config.pubout, + .opt.flag = &cfg.pubout, }, { .name = "pvk-none", .desc = "PVK encryption level", .type = OPTION_VALUE, .value = 0, - .opt.value = &dsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "pvk-strong", .desc = "PVK encryption level (default)", .type = OPTION_VALUE, .value = 2, - .opt.value = &dsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "pvk-weak", .desc = "PVK encryption level", .type = OPTION_VALUE, .value = 1, - .opt.value = &dsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "text", .desc = "Print the key in text form", .type = OPTION_FLAG, - .opt.flag = &dsa_config.text, + .opt.flag = &cfg.text, }, { .name = NULL, @@ -241,18 +241,18 @@ dsa_main(int argc, char **argv) exit(1); } - memset(&dsa_config, 0, sizeof(dsa_config)); + memset(&cfg, 0, sizeof(cfg)); - dsa_config.pvk_encr = 2; - dsa_config.informat = FORMAT_PEM; - dsa_config.outformat = FORMAT_PEM; + cfg.pvk_encr = 2; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { dsa_usage(); goto end; } - if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, + if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; @@ -264,11 +264,11 @@ dsa_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dsa_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, dsa_config.infile) <= 0) { - perror(dsa_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } @@ -278,12 +278,12 @@ dsa_main(int argc, char **argv) { EVP_PKEY *pkey; - if (dsa_config.pubin) - pkey = load_pubkey(bio_err, dsa_config.infile, - dsa_config.informat, 1, passin, "Public Key"); + if (cfg.pubin) + pkey = load_pubkey(bio_err, cfg.infile, + cfg.informat, 1, passin, "Public Key"); else - pkey = load_key(bio_err, dsa_config.infile, - dsa_config.informat, 1, passin, "Private Key"); + pkey = load_key(bio_err, cfg.infile, + cfg.informat, 1, passin, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); @@ -295,51 +295,51 @@ dsa_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dsa_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, dsa_config.outfile) <= 0) { - perror(dsa_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (dsa_config.text) { + if (cfg.text) { if (!DSA_print(out, dsa, 0)) { - perror(dsa_config.outfile); + perror(cfg.outfile); ERR_print_errors(bio_err); goto end; } } - if (dsa_config.modulus) { + if (cfg.modulus) { fprintf(stdout, "Public Key="); BN_print(out, DSA_get0_pub_key(dsa)); fprintf(stdout, "\n"); } - if (dsa_config.noout) + if (cfg.noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); - if (dsa_config.outformat == FORMAT_ASN1) { - if (dsa_config.pubin || dsa_config.pubout) + if (cfg.outformat == FORMAT_ASN1) { + if (cfg.pubin || cfg.pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); - } else if (dsa_config.outformat == FORMAT_PEM) { - if (dsa_config.pubin || dsa_config.pubout) + } else if (cfg.outformat == FORMAT_PEM) { + if (cfg.pubin || cfg.pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else - i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc, + i = PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) - } else if (dsa_config.outformat == FORMAT_MSBLOB || - dsa_config.outformat == FORMAT_PVK) { + } else if (cfg.outformat == FORMAT_MSBLOB || + cfg.outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); - if (dsa_config.outformat == FORMAT_PVK) - i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0, + if (cfg.outformat == FORMAT_PVK) + i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0, passout); - else if (dsa_config.pubin || dsa_config.pubout) + else if (cfg.pubin || cfg.pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); diff --git a/usr.bin/openssl/dsaparam.c b/usr.bin/openssl/dsaparam.c index 892ae72ba1b..bc9ccd14d80 100644 --- a/usr.bin/openssl/dsaparam.c +++ b/usr.bin/openssl/dsaparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: dsaparam.c,v 1.15 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -88,60 +88,60 @@ static struct { char *outfile; int outformat; int text; -} dsaparam_config; +} cfg; static const struct option dsaparam_options[] = { { .name = "C", .desc = "Convert DSA parameters into C code", .type = OPTION_FLAG, - .opt.flag = &dsaparam_config.C, + .opt.flag = &cfg.C, }, { .name = "genkey", .desc = "Generate a DSA key", .type = OPTION_FLAG, - .opt.flag = &dsaparam_config.genkey, + .opt.flag = &cfg.genkey, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &dsaparam_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dsaparam_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "No output", .type = OPTION_FLAG, - .opt.flag = &dsaparam_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &dsaparam_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &dsaparam_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print as text", .type = OPTION_FLAG, - .opt.flag = &dsaparam_config.text, + .opt.flag = &cfg.text, }, { NULL }, }; @@ -174,10 +174,10 @@ dsaparam_main(int argc, char **argv) exit(1); } - memset(&dsaparam_config, 0, sizeof(dsaparam_config)); + memset(&cfg, 0, sizeof(cfg)); - dsaparam_config.informat = FORMAT_PEM; - dsaparam_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, dsaparam_options, &strbits, NULL) != 0) { dsaparam_usage(); @@ -199,19 +199,19 @@ dsaparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dsaparam_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, dsaparam_config.infile) <= 0) { - perror(dsaparam_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (dsaparam_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, dsaparam_config.outfile) <= 0) { - perror(dsaparam_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } @@ -237,9 +237,9 @@ dsaparam_main(int argc, char **argv) BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } - } else if (dsaparam_config.informat == FORMAT_ASN1) + } else if (cfg.informat == FORMAT_ASN1) dsa = d2i_DSAparams_bio(in, NULL); - else if (dsaparam_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified\n"); @@ -250,10 +250,10 @@ dsaparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (dsaparam_config.text) { + if (cfg.text) { DSAparams_print(out, dsa); } - if (dsaparam_config.C) { + if (cfg.C) { unsigned char *data; int l, len, bits_p; @@ -307,10 +307,10 @@ dsaparam_main(int argc, char **argv) printf("\tDSA_set0_pqg(dsa, p, q, g);\n"); printf("\treturn(dsa);\n\t}\n"); } - if (!dsaparam_config.noout) { - if (dsaparam_config.outformat == FORMAT_ASN1) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); - else if (dsaparam_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_DSAparams(out, dsa); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); @@ -322,7 +322,7 @@ dsaparam_main(int argc, char **argv) goto end; } } - if (dsaparam_config.genkey) { + if (cfg.genkey) { DSA *dsakey; if ((dsakey = DSAparams_dup(dsa)) == NULL) @@ -332,9 +332,9 @@ dsaparam_main(int argc, char **argv) DSA_free(dsakey); goto end; } - if (dsaparam_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = i2d_DSAPrivateKey_bio(out, dsakey); - else if (dsaparam_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); diff --git a/usr.bin/openssl/ec.c b/usr.bin/openssl/ec.c index 3dace88d6fc..c6af1263d46 100644 --- a/usr.bin/openssl/ec.c +++ b/usr.bin/openssl/ec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: ec.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -88,7 +88,7 @@ static struct { int pubin; int pubout; int text; -} ec_config; +} cfg; static int ec_opt_enc(int argc, char **argv, int *argsused) @@ -98,7 +98,7 @@ ec_opt_enc(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((ec_config.enc = EVP_get_cipherbyname(name)) != NULL) { + if ((cfg.enc = EVP_get_cipherbyname(name)) != NULL) { *argsused = 1; return (0); } @@ -110,17 +110,17 @@ static int ec_opt_form(char *arg) { if (strcmp(arg, "compressed") == 0) - ec_config.form = POINT_CONVERSION_COMPRESSED; + cfg.form = POINT_CONVERSION_COMPRESSED; else if (strcmp(arg, "uncompressed") == 0) - ec_config.form = POINT_CONVERSION_UNCOMPRESSED; + cfg.form = POINT_CONVERSION_UNCOMPRESSED; else if (strcmp(arg, "hybrid") == 0) - ec_config.form = POINT_CONVERSION_HYBRID; + cfg.form = POINT_CONVERSION_HYBRID; else { fprintf(stderr, "Invalid point conversion: %s\n", arg); return (1); } - ec_config.new_form = 1; + cfg.new_form = 1; return (0); } @@ -128,15 +128,15 @@ static int ec_opt_named(char *arg) { if (strcmp(arg, "named_curve") == 0) - ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; + cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; else if (strcmp(arg, "explicit") == 0) - ec_config.asn1_flag = 0; + cfg.asn1_flag = 0; else { fprintf(stderr, "Invalid curve type: %s\n", arg); return (1); } - ec_config.new_asn1_flag = 1; + cfg.new_asn1_flag = 1; return (0); } @@ -154,34 +154,34 @@ static const struct option ec_options[] = { .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &ec_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &ec_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "No output", .type = OPTION_FLAG, - .opt.flag = &ec_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &ec_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &ec_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "param_enc", @@ -195,39 +195,39 @@ static const struct option ec_options[] = { .name = "param_out", .desc = "Print the elliptic curve parameters", .type = OPTION_FLAG, - .opt.flag = &ec_config.param_out, + .opt.flag = &cfg.param_out, }, { .name = "passin", .argname = "source", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &ec_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "source", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &ec_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "pubin", .desc = "Read public key instead of private key from input", .type = OPTION_FLAG, - .opt.flag = &ec_config.pubin, + .opt.flag = &cfg.pubin, }, { .name = "pubout", .desc = "Output public key instead of private key in output", .type = OPTION_FLAG, - .opt.flag = &ec_config.pubout, + .opt.flag = &cfg.pubout, }, { .name = "text", .desc = "Print the public/private key components and parameters", .type = OPTION_FLAG, - .opt.flag = &ec_config.text, + .opt.flag = &cfg.text, }, { .name = NULL, @@ -272,19 +272,19 @@ ec_main(int argc, char **argv) exit(1); } - memset(&ec_config, 0, sizeof(ec_config)); + memset(&cfg, 0, sizeof(cfg)); - ec_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; - ec_config.form = POINT_CONVERSION_UNCOMPRESSED; - ec_config.informat = FORMAT_PEM; - ec_config.outformat = FORMAT_PEM; + cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; + cfg.form = POINT_CONVERSION_UNCOMPRESSED; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, ec_options, NULL, NULL) != 0) { ec_usage(); goto end; } - if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout, + if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; @@ -295,23 +295,23 @@ ec_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (ec_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, ec_config.infile) <= 0) { - perror(ec_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } BIO_printf(bio_err, "read EC key\n"); - if (ec_config.informat == FORMAT_ASN1) { - if (ec_config.pubin) + if (cfg.informat == FORMAT_ASN1) { + if (cfg.pubin) eckey = d2i_EC_PUBKEY_bio(in, NULL); else eckey = d2i_ECPrivateKey_bio(in, NULL); - } else if (ec_config.informat == FORMAT_PEM) { - if (ec_config.pubin) + } else if (cfg.informat == FORMAT_PEM) { + if (cfg.pubin) eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL); else @@ -326,49 +326,49 @@ ec_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (ec_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, ec_config.outfile) <= 0) { - perror(ec_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } group = EC_KEY_get0_group(eckey); - if (ec_config.new_form) - EC_KEY_set_conv_form(eckey, ec_config.form); + if (cfg.new_form) + EC_KEY_set_conv_form(eckey, cfg.form); - if (ec_config.new_asn1_flag) - EC_KEY_set_asn1_flag(eckey, ec_config.asn1_flag); + if (cfg.new_asn1_flag) + EC_KEY_set_asn1_flag(eckey, cfg.asn1_flag); - if (ec_config.text) + if (cfg.text) if (!EC_KEY_print(out, eckey, 0)) { - perror(ec_config.outfile); + perror(cfg.outfile); ERR_print_errors(bio_err); goto end; } - if (ec_config.noout) { + if (cfg.noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing EC key\n"); - if (ec_config.outformat == FORMAT_ASN1) { - if (ec_config.param_out) + if (cfg.outformat == FORMAT_ASN1) { + if (cfg.param_out) i = i2d_ECPKParameters_bio(out, group); - else if (ec_config.pubin || ec_config.pubout) + else if (cfg.pubin || cfg.pubout) i = i2d_EC_PUBKEY_bio(out, eckey); else i = i2d_ECPrivateKey_bio(out, eckey); - } else if (ec_config.outformat == FORMAT_PEM) { - if (ec_config.param_out) + } else if (cfg.outformat == FORMAT_PEM) { + if (cfg.param_out) i = PEM_write_bio_ECPKParameters(out, group); - else if (ec_config.pubin || ec_config.pubout) + else if (cfg.pubin || cfg.pubout) i = PEM_write_bio_EC_PUBKEY(out, eckey); else i = PEM_write_bio_ECPrivateKey(out, eckey, - ec_config.enc, NULL, 0, NULL, passout); + cfg.enc, NULL, 0, NULL, passout); } else { BIO_printf(bio_err, "bad output format specified for " "outfile\n"); diff --git a/usr.bin/openssl/ecparam.c b/usr.bin/openssl/ecparam.c index 52ccc491fc5..933cd3eb693 100644 --- a/usr.bin/openssl/ecparam.c +++ b/usr.bin/openssl/ecparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */ +/* $OpenBSD: ecparam.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -107,21 +107,21 @@ static struct { char *outfile; int outformat; int text; -} ecparam_config; +} cfg; static int ecparam_opt_form(char *arg) { if (strcmp(arg, "compressed") == 0) - ecparam_config.form = POINT_CONVERSION_COMPRESSED; + cfg.form = POINT_CONVERSION_COMPRESSED; else if (strcmp(arg, "uncompressed") == 0) - ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; + cfg.form = POINT_CONVERSION_UNCOMPRESSED; else if (strcmp(arg, "hybrid") == 0) - ecparam_config.form = POINT_CONVERSION_HYBRID; + cfg.form = POINT_CONVERSION_HYBRID; else return (1); - ecparam_config.new_form = 1; + cfg.new_form = 1; return (0); } @@ -129,13 +129,13 @@ static int ecparam_opt_enctype(char *arg) { if (strcmp(arg, "explicit") == 0) - ecparam_config.asn1_flag = 0; + cfg.asn1_flag = 0; else if (strcmp(arg, "named_curve") == 0) - ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; + cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; else return (1); - ecparam_config.new_asn1_flag = 1; + cfg.new_asn1_flag = 1; return (0); } @@ -144,13 +144,13 @@ static const struct option ecparam_options[] = { .name = "C", .desc = "Convert the EC parameters into C code", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.C, + .opt.flag = &cfg.C, }, { .name = "check", .desc = "Validate the elliptic curve parameters", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.check, + .opt.flag = &cfg.check, }, { .name = "conv_form", @@ -165,61 +165,61 @@ static const struct option ecparam_options[] = { .desc = "Generate an EC private key using the specified " "parameters", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.genkey, + .opt.flag = &cfg.genkey, }, { .name = "in", .argname = "file", .desc = "Input file to read parameters from (default stdin)", .type = OPTION_ARG, - .opt.arg = &ecparam_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &ecparam_config.informat, + .opt.value = &cfg.informat, }, { .name = "list_curves", .desc = "Print list of all currently implemented EC " "parameter names", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.list_curves, + .opt.flag = &cfg.list_curves, }, { .name = "name", .argname = "curve", .desc = "Use the EC parameters with the specified name", .type = OPTION_ARG, - .opt.arg = &ecparam_config.curve_name, + .opt.arg = &cfg.curve_name, }, { .name = "no_seed", .desc = "Do not output seed with explicit parameter encoding", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.no_seed, + .opt.flag = &cfg.no_seed, }, { .name = "noout", .desc = "Do not output encoded version of EC parameters", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file to write parameters to (default stdout)", .type = OPTION_ARG, - .opt.arg = &ecparam_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &ecparam_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "param_enc", @@ -233,7 +233,7 @@ static const struct option ecparam_options[] = { .name = "text", .desc = "Print out the EC parameters in human readable form", .type = OPTION_FLAG, - .opt.flag = &ecparam_config.text, + .opt.flag = &cfg.text, }, {NULL}, }; @@ -264,11 +264,11 @@ ecparam_main(int argc, char **argv) exit(1); } - memset(&ecparam_config, 0, sizeof(ecparam_config)); - ecparam_config.asn1_flag = OPENSSL_EC_NAMED_CURVE; - ecparam_config.form = POINT_CONVERSION_UNCOMPRESSED; - ecparam_config.informat = FORMAT_PEM; - ecparam_config.outformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.asn1_flag = OPENSSL_EC_NAMED_CURVE; + cfg.form = POINT_CONVERSION_UNCOMPRESSED; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, ecparam_options, NULL, NULL) != 0) { ecparam_usage(); @@ -281,24 +281,24 @@ ecparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (ecparam_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, ecparam_config.infile) <= 0) { - perror(ecparam_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (ecparam_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, ecparam_config.outfile) <= 0) { - perror(ecparam_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (ecparam_config.list_curves) { + if (cfg.list_curves) { EC_builtin_curve *curves = NULL; size_t crv_len = 0; size_t n = 0; @@ -331,7 +331,7 @@ ecparam_main(int argc, char **argv) ret = 0; goto end; } - if (ecparam_config.curve_name != NULL) { + if (cfg.curve_name != NULL) { int nid; /* @@ -339,36 +339,36 @@ ecparam_main(int argc, char **argv) * secp256r1 (which are the same as the curves prime192v1 and * prime256v1 defined in X9.62) */ - if (!strcmp(ecparam_config.curve_name, "secp192r1")) { + if (!strcmp(cfg.curve_name, "secp192r1")) { BIO_printf(bio_err, "using curve name prime192v1 " "instead of secp192r1\n"); nid = NID_X9_62_prime192v1; - } else if (!strcmp(ecparam_config.curve_name, "secp256r1")) { + } else if (!strcmp(cfg.curve_name, "secp256r1")) { BIO_printf(bio_err, "using curve name prime256v1 " "instead of secp256r1\n"); nid = NID_X9_62_prime256v1; } else - nid = OBJ_sn2nid(ecparam_config.curve_name); + nid = OBJ_sn2nid(cfg.curve_name); if (nid == 0) - nid = EC_curve_nist2nid(ecparam_config.curve_name); + nid = EC_curve_nist2nid(cfg.curve_name); if (nid == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", - ecparam_config.curve_name); + cfg.curve_name); goto end; } group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", - ecparam_config.curve_name); + cfg.curve_name); goto end; } - EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); - EC_GROUP_set_point_conversion_form(group, ecparam_config.form); - } else if (ecparam_config.informat == FORMAT_ASN1) { + EC_GROUP_set_asn1_flag(group, cfg.asn1_flag); + EC_GROUP_set_point_conversion_form(group, cfg.form); + } else if (cfg.informat == FORMAT_ASN1) { group = d2i_ECPKParameters_bio(in, NULL); - } else if (ecparam_config.informat == FORMAT_PEM) { + } else if (cfg.informat == FORMAT_PEM) { group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); } else { BIO_printf(bio_err, "bad input format specified\n"); @@ -381,20 +381,20 @@ ecparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (ecparam_config.new_form) - EC_GROUP_set_point_conversion_form(group, ecparam_config.form); + if (cfg.new_form) + EC_GROUP_set_point_conversion_form(group, cfg.form); - if (ecparam_config.new_asn1_flag) - EC_GROUP_set_asn1_flag(group, ecparam_config.asn1_flag); + if (cfg.new_asn1_flag) + EC_GROUP_set_asn1_flag(group, cfg.asn1_flag); - if (ecparam_config.no_seed) + if (cfg.no_seed) EC_GROUP_set_seed(group, NULL, 0); - if (ecparam_config.text) { + if (cfg.text) { if (!ECPKParameters_print(out, group, 0)) goto end; } - if (ecparam_config.check) { + if (cfg.check) { BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); @@ -403,7 +403,7 @@ ecparam_main(int argc, char **argv) BIO_printf(bio_err, "ok\n"); } - if (ecparam_config.C) { + if (cfg.C) { size_t buf_len = 0, tmp_len = 0; const EC_POINT *point; int is_prime, len = 0; @@ -516,10 +516,10 @@ ecparam_main(int argc, char **argv) BIO_printf(out, "\t\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n"); } - if (!ecparam_config.noout) { - if (ecparam_config.outformat == FORMAT_ASN1) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); - else if (ecparam_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_ECPKParameters(out, group); else { BIO_printf(bio_err, "bad output format specified for" @@ -533,7 +533,7 @@ ecparam_main(int argc, char **argv) goto end; } } - if (ecparam_config.genkey) { + if (cfg.genkey) { EC_KEY *eckey = EC_KEY_new(); if (eckey == NULL) @@ -548,9 +548,9 @@ ecparam_main(int argc, char **argv) EC_KEY_free(eckey); goto end; } - if (ecparam_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = i2d_ECPrivateKey_bio(out, eckey); - else if (ecparam_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, NULL, 0, NULL, NULL); else { diff --git a/usr.bin/openssl/enc.c b/usr.bin/openssl/enc.c index 6be0a30decd..b80a177cd8a 100644 --- a/usr.bin/openssl/enc.c +++ b/usr.bin/openssl/enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc.c,v 1.26 2023/03/04 21:58:54 tb Exp $ */ +/* $OpenBSD: enc.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,7 +100,7 @@ static struct { int pbkdf2; int printkey; int verbose; -} enc_config; +} cfg; static int enc_opt_cipher(int argc, char **argv, int *argsused) @@ -111,12 +111,12 @@ enc_opt_cipher(int argc, char **argv, int *argsused) return (1); if (strcmp(name, "none") == 0) { - enc_config.cipher = NULL; + cfg.cipher = NULL; *argsused = 1; return (0); } - if ((enc_config.cipher = EVP_get_cipherbyname(name)) != NULL) { + if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { *argsused = 1; return (0); } @@ -129,44 +129,44 @@ static const struct option enc_options[] = { .name = "A", .desc = "Process base64 data on one line (requires -a)", .type = OPTION_FLAG, - .opt.flag = &enc_config.olb64, + .opt.flag = &cfg.olb64, }, { .name = "a", .desc = "Perform base64 encoding/decoding (alias -base64)", .type = OPTION_FLAG, - .opt.flag = &enc_config.base64, + .opt.flag = &cfg.base64, }, { .name = "base64", .type = OPTION_FLAG, - .opt.flag = &enc_config.base64, + .opt.flag = &cfg.base64, }, { .name = "bufsize", .argname = "size", .desc = "Specify the buffer size to use for I/O", .type = OPTION_ARG, - .opt.arg = &enc_config.bufsize, + .opt.arg = &cfg.bufsize, }, { .name = "d", .desc = "Decrypt the input data", .type = OPTION_VALUE, - .opt.value = &enc_config.enc, + .opt.value = &cfg.enc, .value = 0, }, { .name = "debug", .desc = "Print debugging information", .type = OPTION_FLAG, - .opt.flag = &enc_config.debug, + .opt.flag = &cfg.debug, }, { .name = "e", .desc = "Encrypt the input data (default)", .type = OPTION_VALUE, - .opt.value = &enc_config.enc, + .opt.value = &cfg.enc, .value = 1, }, { @@ -174,45 +174,45 @@ static const struct option enc_options[] = { .argname = "file", .desc = "Input file to read from (default stdin)", .type = OPTION_ARG, - .opt.arg = &enc_config.inf, + .opt.arg = &cfg.inf, }, { .name = "iter", .argname = "iterations", .desc = "Specify iteration count and force use of PBKDF2", .type = OPTION_ARG_INT, - .opt.value = &enc_config.iter, + .opt.value = &cfg.iter, }, { .name = "iv", .argname = "IV", .desc = "IV to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hiv, + .opt.arg = &cfg.hiv, }, { .name = "K", .argname = "key", .desc = "Key to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hkey, + .opt.arg = &cfg.hkey, }, { .name = "k", /* Superseded by -pass. */ .type = OPTION_ARG, - .opt.arg = &enc_config.keystr, + .opt.arg = &cfg.keystr, }, { .name = "kfile", /* Superseded by -pass. */ .type = OPTION_ARG, - .opt.arg = &enc_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "md", .argname = "digest", .desc = "Digest to use to create a key from the passphrase", .type = OPTION_ARG, - .opt.arg = &enc_config.md, + .opt.arg = &cfg.md, }, { .name = "none", @@ -224,12 +224,12 @@ static const struct option enc_options[] = { .name = "nopad", .desc = "Disable standard block padding", .type = OPTION_FLAG, - .opt.flag = &enc_config.nopad, + .opt.flag = &cfg.nopad, }, { .name = "nosalt", .type = OPTION_VALUE, - .opt.value = &enc_config.nosalt, + .opt.value = &cfg.nosalt, .value = 1, }, { @@ -237,21 +237,21 @@ static const struct option enc_options[] = { .argname = "file", .desc = "Output file to write to (default stdout)", .type = OPTION_ARG, - .opt.arg = &enc_config.outf, + .opt.arg = &cfg.outf, }, { .name = "P", .desc = "Print out the salt, key and IV used, then exit\n" " (no encryption or decryption is performed)", .type = OPTION_VALUE, - .opt.value = &enc_config.printkey, + .opt.value = &cfg.printkey, .value = 2, }, { .name = "p", .desc = "Print out the salt, key and IV used", .type = OPTION_VALUE, - .opt.value = &enc_config.printkey, + .opt.value = &cfg.printkey, .value = 1, }, { @@ -259,40 +259,40 @@ static const struct option enc_options[] = { .argname = "source", .desc = "Password source", .type = OPTION_ARG, - .opt.arg = &enc_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "pbkdf2", .desc = "Use the pbkdf2 key derivation function", .type = OPTION_FLAG, - .opt.flag = &enc_config.pbkdf2, + .opt.flag = &cfg.pbkdf2, }, { .name = "S", .argname = "salt", .desc = "Salt to use, specified as a hexadecimal string", .type = OPTION_ARG, - .opt.arg = &enc_config.hsalt, + .opt.arg = &cfg.hsalt, }, { .name = "salt", .desc = "Use a salt in the key derivation routines (default)", .type = OPTION_VALUE, - .opt.value = &enc_config.nosalt, + .opt.value = &cfg.nosalt, .value = 0, }, { .name = "v", .desc = "Verbose", .type = OPTION_FLAG, - .opt.flag = &enc_config.verbose, + .opt.flag = &cfg.verbose, }, #ifdef ZLIB { .name = "z", .desc = "Perform zlib compression/decompression", .type = OPTION_FLAG, - .opt.flag = &enc_config.do_zlib, + .opt.flag = &cfg.do_zlib, }, #endif { @@ -365,27 +365,27 @@ enc_main(int argc, char **argv) exit(1); } - memset(&enc_config, 0, sizeof(enc_config)); - enc_config.enc = 1; + memset(&cfg, 0, sizeof(cfg)); + cfg.enc = 1; /* first check the program name */ program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) - enc_config.base64 = 1; + cfg.base64 = 1; #ifdef ZLIB if (strcmp(pname, "zlib") == 0) - enc_config.do_zlib = 1; + cfg.do_zlib = 1; #endif - enc_config.cipher = EVP_get_cipherbyname(pname); + cfg.cipher = EVP_get_cipherbyname(pname); #ifdef ZLIB - if (!enc_config.do_zlib && !enc_config.base64 && - enc_config.cipher == NULL && strcmp(pname, "enc") != 0) + if (!cfg.do_zlib && !cfg.base64 && + cfg.cipher == NULL && strcmp(pname, "enc") != 0) #else - if (!enc_config.base64 && enc_config.cipher == NULL && + if (!cfg.base64 && cfg.cipher == NULL && strcmp(pname, "enc") != 0) #endif { @@ -398,20 +398,20 @@ enc_main(int argc, char **argv) goto end; } - if (enc_config.keyfile != NULL) { + if (cfg.keyfile != NULL) { static char buf[128]; FILE *infile; - infile = fopen(enc_config.keyfile, "r"); + infile = fopen(cfg.keyfile, "r"); if (infile == NULL) { BIO_printf(bio_err, "unable to read key from '%s'\n", - enc_config.keyfile); + cfg.keyfile); goto end; } buf[0] = '\0'; if (!fgets(buf, sizeof buf, infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", - enc_config.keyfile); + cfg.keyfile); fclose(infile); goto end; } @@ -425,34 +425,34 @@ enc_main(int argc, char **argv) BIO_printf(bio_err, "zero length password\n"); goto end; } - enc_config.keystr = buf; + cfg.keystr = buf; } - if (enc_config.cipher != NULL && - (EVP_CIPHER_flags(enc_config.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + if (cfg.cipher != NULL && + (EVP_CIPHER_flags(cfg.cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { BIO_printf(bio_err, "enc does not support AEAD ciphers\n"); goto end; } - if (enc_config.cipher != NULL && - EVP_CIPHER_mode(enc_config.cipher) == EVP_CIPH_XTS_MODE) { + if (cfg.cipher != NULL && + EVP_CIPHER_mode(cfg.cipher) == EVP_CIPH_XTS_MODE) { BIO_printf(bio_err, "enc does not support XTS mode\n"); goto end; } - if (enc_config.md != NULL && - (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { + if (cfg.md != NULL && + (dgst = EVP_get_digestbyname(cfg.md)) == NULL) { BIO_printf(bio_err, "%s is an unsupported message digest type\n", - enc_config.md); + cfg.md); goto end; } if (dgst == NULL) { dgst = EVP_sha256(); } - if (enc_config.bufsize != NULL) { - char *p = enc_config.bufsize; + if (cfg.bufsize != NULL) { + char *p = cfg.bufsize; unsigned long n; /* XXX - provide an OPTION_ARG_DISKUNIT. */ @@ -471,11 +471,11 @@ enc_main(int argc, char **argv) goto end; } /* It must be large enough for a base64 encoded line. */ - if (enc_config.base64 && n < 80) + if (cfg.base64 && n < 80) n = 80; bsize = (int)n; - if (enc_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "bufsize=%d\n", bsize); } strbuf = malloc(SIZE); @@ -490,41 +490,41 @@ enc_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback); BIO_set_callback_arg(in, (char *) bio_err); BIO_set_callback_arg(out, (char *) bio_err); } - if (enc_config.inf == NULL) { - if (enc_config.bufsize != NULL) + if (cfg.inf == NULL) { + if (cfg.bufsize != NULL) setvbuf(stdin, (char *) NULL, _IONBF, 0); BIO_set_fp(in, stdin, BIO_NOCLOSE); } else { - if (BIO_read_filename(in, enc_config.inf) <= 0) { - perror(enc_config.inf); + if (BIO_read_filename(in, cfg.inf) <= 0) { + perror(cfg.inf); goto end; } } - if (!enc_config.keystr && enc_config.passarg) { - if (!app_passwd(bio_err, enc_config.passarg, NULL, + if (!cfg.keystr && cfg.passarg) { + if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - enc_config.keystr = pass; + cfg.keystr = pass; } - if (enc_config.keystr == NULL && enc_config.cipher != NULL && - enc_config.hkey == NULL) { + if (cfg.keystr == NULL && cfg.cipher != NULL && + cfg.hkey == NULL) { for (;;) { char buf[200]; int retval; retval = snprintf(buf, sizeof buf, "enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)), - enc_config.enc ? "encryption" : "decryption"); + OBJ_nid2ln(EVP_CIPHER_nid(cfg.cipher)), + cfg.enc ? "encryption" : "decryption"); if ((size_t)retval >= sizeof buf) { BIO_printf(bio_err, "Password prompt too long\n"); @@ -532,13 +532,13 @@ enc_main(int argc, char **argv) } strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, buf, - enc_config.enc); + cfg.enc); if (i == 0) { if (strbuf[0] == '\0') { ret = 1; goto end; } - enc_config.keystr = strbuf; + cfg.keystr = strbuf; break; } if (i < 0) { @@ -547,13 +547,13 @@ enc_main(int argc, char **argv) } } } - if (enc_config.outf == NULL) { + if (cfg.outf == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); - if (enc_config.bufsize != NULL) + if (cfg.bufsize != NULL) setvbuf(stdout, (char *)NULL, _IONBF, 0); } else { - if (BIO_write_filename(out, enc_config.outf) <= 0) { - perror(enc_config.outf); + if (BIO_write_filename(out, cfg.outf) <= 0) { + perror(cfg.outf); goto end; } } @@ -572,38 +572,38 @@ enc_main(int argc, char **argv) } #endif - if (enc_config.base64) { + if (cfg.base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(b64, BIO_debug_callback); BIO_set_callback_arg(b64, (char *) bio_err); } - if (enc_config.olb64) + if (cfg.olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - if (enc_config.enc) + if (cfg.enc) wbio = BIO_push(b64, wbio); else rbio = BIO_push(b64, rbio); } - if (enc_config.cipher != NULL) { + if (cfg.cipher != NULL) { /* * Note that keystr is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ - if (enc_config.keystr != NULL) { + if (cfg.keystr != NULL) { /* * Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; - if (enc_config.nosalt) + if (cfg.nosalt) sptr = NULL; else { - if (enc_config.enc) { - if (enc_config.hsalt) { - if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { + if (cfg.enc) { + if (cfg.hsalt) { + if (!set_hex(cfg.hsalt, salt, sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; @@ -615,7 +615,7 @@ enc_main(int argc, char **argv) * If -P option then don't bother * writing */ - if ((enc_config.printkey != 2) + if ((cfg.printkey != 2) && (BIO_write(wbio, magic, sizeof magic - 1) != sizeof magic - 1 || BIO_write(wbio, @@ -636,23 +636,23 @@ enc_main(int argc, char **argv) } sptr = salt; } - if (enc_config.pbkdf2 == 1 || enc_config.iter > 0) { + if (cfg.pbkdf2 == 1 || cfg.iter > 0) { /* * derive key and default iv * concatenated into a temporary buffer */ unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int iklen = EVP_CIPHER_key_length(enc_config.cipher); - int ivlen = EVP_CIPHER_iv_length(enc_config.cipher); + int iklen = EVP_CIPHER_key_length(cfg.cipher); + int ivlen = EVP_CIPHER_iv_length(cfg.cipher); /* not needed if HASH_UPDATE() is fixed : */ int islen = (sptr != NULL ? sizeof(salt) : 0); - if (enc_config.iter == 0) - enc_config.iter = 10000; + if (cfg.iter == 0) + cfg.iter = 10000; - if (!PKCS5_PBKDF2_HMAC(enc_config.keystr, - strlen(enc_config.keystr), sptr, islen, - enc_config.iter, dgst, iklen+ivlen, tmpkeyiv)) { + if (!PKCS5_PBKDF2_HMAC(cfg.keystr, + strlen(cfg.keystr), sptr, islen, + cfg.iter, dgst, iklen+ivlen, tmpkeyiv)) { BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); goto end; } @@ -661,9 +661,9 @@ enc_main(int argc, char **argv) memcpy(iv, tmpkeyiv + iklen, ivlen); explicit_bzero(tmpkeyiv, sizeof tmpkeyiv); } else { - EVP_BytesToKey(enc_config.cipher, dgst, sptr, - (unsigned char *)enc_config.keystr, - strlen(enc_config.keystr), 1, key, iv); + EVP_BytesToKey(cfg.cipher, dgst, sptr, + (unsigned char *)cfg.keystr, + strlen(cfg.keystr), 1, key, iv); } /* @@ -671,19 +671,19 @@ enc_main(int argc, char **argv) * the command line bug picked up by Larry J. Hughes * Jr. <hughes@indiana.edu> */ - if (enc_config.keystr == strbuf) - explicit_bzero(enc_config.keystr, SIZE); + if (cfg.keystr == strbuf) + explicit_bzero(cfg.keystr, SIZE); else - explicit_bzero(enc_config.keystr, - strlen(enc_config.keystr)); + explicit_bzero(cfg.keystr, + strlen(cfg.keystr)); } - if (enc_config.hiv != NULL && - !set_hex(enc_config.hiv, iv, sizeof iv)) { + if (cfg.hiv != NULL && + !set_hex(cfg.hiv, iv, sizeof iv)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } - if (enc_config.hiv == NULL && enc_config.keystr == NULL && - EVP_CIPHER_iv_length(enc_config.cipher) != 0) { + if (cfg.hiv == NULL && cfg.keystr == NULL && + EVP_CIPHER_iv_length(cfg.cipher) != 0) { /* * No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, @@ -692,8 +692,8 @@ enc_main(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if (enc_config.hkey != NULL && - !set_hex(enc_config.hkey, key, sizeof key)) { + if (cfg.hkey != NULL && + !set_hex(cfg.hkey, key, sizeof key)) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -707,51 +707,51 @@ enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, - NULL, enc_config.enc)) { + if (!EVP_CipherInit_ex(ctx, cfg.cipher, NULL, NULL, + NULL, cfg.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(enc_config.cipher)); + EVP_CIPHER_name(cfg.cipher)); ERR_print_errors(bio_err); goto end; } - if (enc_config.nopad) + if (cfg.nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, - enc_config.enc)) { + cfg.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(enc_config.cipher)); + EVP_CIPHER_name(cfg.cipher)); ERR_print_errors(bio_err); goto end; } - if (enc_config.debug) { + if (cfg.debug) { BIO_set_callback(benc, BIO_debug_callback); BIO_set_callback_arg(benc, (char *) bio_err); } - if (enc_config.printkey) { + if (cfg.printkey) { int key_len, iv_len; - if (!enc_config.nosalt) { + if (!cfg.nosalt) { printf("salt="); for (i = 0; i < (int) sizeof(salt); i++) printf("%02X", salt[i]); printf("\n"); } - key_len = EVP_CIPHER_key_length(enc_config.cipher); + key_len = EVP_CIPHER_key_length(cfg.cipher); if (key_len > 0) { printf("key="); for (i = 0; i < key_len; i++) printf("%02X", key[i]); printf("\n"); } - iv_len = EVP_CIPHER_iv_length(enc_config.cipher); + iv_len = EVP_CIPHER_iv_length(cfg.cipher); if (iv_len > 0) { printf("iv ="); for (i = 0; i < iv_len; i++) printf("%02X", iv[i]); printf("\n"); } - if (enc_config.printkey == 2) { + if (cfg.printkey == 2) { ret = 0; goto end; } @@ -775,7 +775,7 @@ enc_main(int argc, char **argv) goto end; } ret = 0; - if (enc_config.verbose) { + if (cfg.verbose) { BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); } diff --git a/usr.bin/openssl/errstr.c b/usr.bin/openssl/errstr.c index 64f0141ba06..cb7cf1d5a34 100644 --- a/usr.bin/openssl/errstr.c +++ b/usr.bin/openssl/errstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: errstr.c,v 1.9 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: errstr.c,v 1.10 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,14 +70,14 @@ static struct { int stats; -} errstr_config; +} cfg; static const struct option errstr_options[] = { { .name = "stats", .desc = "Print debugging statistics for the hash table", .type = OPTION_FLAG, - .opt.flag = &errstr_config.stats, + .opt.flag = &cfg.stats, }, { NULL }, }; @@ -103,14 +103,14 @@ errstr_main(int argc, char **argv) exit(1); } - memset(&errstr_config, 0, sizeof(errstr_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) { errstr_usage(); return (1); } - if (errstr_config.stats) { + if (cfg.stats) { BIO *out; if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) { diff --git a/usr.bin/openssl/gendh.c b/usr.bin/openssl/gendh.c index b4e4f29111b..b9dde3c7735 100644 --- a/usr.bin/openssl/gendh.c +++ b/usr.bin/openssl/gendh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: gendh.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -89,7 +89,7 @@ static int dh_cb(int p, int n, BN_GENCB *cb); static struct { int g; char *outfile; -} gendh_config; +} cfg; static const struct option gendh_options[] = { { @@ -98,21 +98,21 @@ static const struct option gendh_options[] = { "(default)", .type = OPTION_VALUE, .value = 2, - .opt.value = &gendh_config.g, + .opt.value = &cfg.g, }, { .name = "5", .desc = "Generate DH parameters with a generator value of 5", .type = OPTION_VALUE, .value = 5, - .opt.value = &gendh_config.g, + .opt.value = &cfg.g, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &gendh_config.outfile, + .opt.arg = &cfg.outfile, }, { NULL }, }; @@ -146,9 +146,9 @@ gendh_main(int argc, char **argv) BN_GENCB_set(cb, dh_cb, bio_err); - memset(&gendh_config, 0, sizeof(gendh_config)); + memset(&cfg, 0, sizeof(cfg)); - gendh_config.g = 2; + cfg.g = 2; if (options_parse(argc, argv, gendh_options, &strbits, NULL) != 0) { gendh_usage(); @@ -169,21 +169,21 @@ gendh_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (gendh_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, gendh_config.outfile) <= 0) { - perror(gendh_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime," - " generator %d\n", numbits, gendh_config.g); + " generator %d\n", numbits, cfg.g); BIO_printf(bio_err, "This is going to take a long time\n"); if (((dh = DH_new()) == NULL) || - !DH_generate_parameters_ex(dh, numbits, gendh_config.g, cb)) + !DH_generate_parameters_ex(dh, numbits, cfg.g, cb)) goto end; if (!PEM_write_bio_DHparams(out, dh)) diff --git a/usr.bin/openssl/gendsa.c b/usr.bin/openssl/gendsa.c index fa83ea2c67a..00635c45519 100644 --- a/usr.bin/openssl/gendsa.c +++ b/usr.bin/openssl/gendsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: gendsa.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -78,7 +78,7 @@ static struct { const EVP_CIPHER *enc; char *outfile; char *passargout; -} gendsa_config; +} cfg; static const EVP_CIPHER *get_cipher_by_name(char *name) { @@ -122,7 +122,7 @@ set_enc(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL) + if ((cfg.enc = get_cipher_by_name(name)) == NULL) return (1); *argsused = 1; @@ -197,14 +197,14 @@ static const struct option gendsa_options[] = { .argname = "file", .desc = "Output the key to 'file'", .type = OPTION_ARG, - .opt.arg = &gendsa_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passout", .argname = "src", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &gendsa_config.passargout, + .opt.arg = &cfg.passargout, }, { NULL }, }; @@ -234,7 +234,7 @@ gendsa_main(int argc, char **argv) exit(1); } - memset(&gendsa_config, 0, sizeof(gendsa_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) { gendsa_usage(); @@ -245,7 +245,7 @@ gendsa_main(int argc, char **argv) gendsa_usage(); goto end; } - if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL, + if (!app_passwd(bio_err, NULL, cfg.passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; @@ -266,11 +266,11 @@ gendsa_main(int argc, char **argv) if (out == NULL) goto end; - if (gendsa_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, gendsa_config.outfile) <= 0) { - perror(gendsa_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } @@ -280,7 +280,7 @@ gendsa_main(int argc, char **argv) if (!DSA_generate_key(dsa)) goto end; - if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0, + if (!PEM_write_bio_DSAPrivateKey(out, dsa, cfg.enc, NULL, 0, NULL, passout)) goto end; ret = 0; diff --git a/usr.bin/openssl/genpkey.c b/usr.bin/openssl/genpkey.c index ce266f404c8..e2445c14333 100644 --- a/usr.bin/openssl/genpkey.c +++ b/usr.bin/openssl/genpkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genpkey.c,v 1.15 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: genpkey.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -76,13 +76,13 @@ static struct { int outformat; char *passarg; int text; -} genpkey_config; +} cfg; static int genpkey_opt_algorithm(char *arg) { - if (!init_gen_str(bio_err, genpkey_config.ctx, arg, - genpkey_config.do_param)) + if (!init_gen_str(bio_err, cfg.ctx, arg, + cfg.do_param)) return (1); return (0); @@ -96,16 +96,16 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if (genpkey_config.do_param == 1) + if (cfg.do_param == 1) return (1); if (strcmp(name, "none") == 0) { - genpkey_config.cipher = NULL; + cfg.cipher = NULL; *argsused = 1; return (0); } - if ((genpkey_config.cipher = EVP_get_cipherbyname(name)) != NULL) { + if ((cfg.cipher = EVP_get_cipherbyname(name)) != NULL) { *argsused = 1; return (0); } @@ -116,9 +116,9 @@ genpkey_opt_cipher(int argc, char **argv, int *argsused) static int genpkey_opt_paramfile(char *arg) { - if (genpkey_config.do_param == 1) + if (cfg.do_param == 1) return (1); - if (!init_keygen_file(bio_err, genpkey_config.ctx, arg)) + if (!init_keygen_file(bio_err, cfg.ctx, arg)) return (1); return (0); @@ -127,12 +127,12 @@ genpkey_opt_paramfile(char *arg) static int genpkey_opt_pkeyopt(char *arg) { - if (*genpkey_config.ctx == NULL) { + if (*cfg.ctx == NULL) { BIO_puts(bio_err, "No keytype specified\n"); return (1); } - if (pkey_ctrl_string(*genpkey_config.ctx, arg) <= 0) { + if (pkey_ctrl_string(*cfg.ctx, arg) <= 0) { BIO_puts(bio_err, "parameter setting error\n"); ERR_print_errors(bio_err); return (1); @@ -153,21 +153,21 @@ static const struct option genpkey_options[] = { .name = "genparam", .desc = "Generate a set of parameters instead of a private key", .type = OPTION_FLAG, - .opt.flag = &genpkey_config.do_param, + .opt.flag = &cfg.do_param, }, { .name = "out", .argname = "file", .desc = "Output file to write to (default stdout)", .type = OPTION_ARG, - .opt.arg = &genpkey_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &genpkey_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "paramfile", @@ -182,7 +182,7 @@ static const struct option genpkey_options[] = { .argname = "arg", .desc = "Output file password source", .type = OPTION_ARG, - .opt.arg = &genpkey_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "pkeyopt", @@ -195,7 +195,7 @@ static const struct option genpkey_options[] = { .name = "text", .desc = "Print the private/public key in human readable form", .type = OPTION_FLAG, - .opt.flag = &genpkey_config.text, + .opt.flag = &cfg.text, }, { .name = NULL, @@ -229,9 +229,9 @@ genpkey_main(int argc, char **argv) exit(1); } - memset(&genpkey_config, 0, sizeof(genpkey_config)); - genpkey_config.ctx = &ctx; - genpkey_config.outformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.ctx = &ctx; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, genpkey_options, NULL, NULL) != 0) { genpkey_usage(); @@ -243,15 +243,15 @@ genpkey_main(int argc, char **argv) goto end; } - if (!app_passwd(bio_err, genpkey_config.passarg, NULL, &pass, NULL)) { + if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { BIO_puts(bio_err, "Error getting password\n"); goto end; } - if (genpkey_config.outfile != NULL) { - if ((out = BIO_new_file(genpkey_config.outfile, "wb")) == + if (cfg.outfile != NULL) { + if ((out = BIO_new_file(cfg.outfile, "wb")) == NULL) { BIO_printf(bio_err, "Can't open output file %s\n", - genpkey_config.outfile); + cfg.outfile); goto end; } } else { @@ -261,7 +261,7 @@ genpkey_main(int argc, char **argv) EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(ctx, bio_err); - if (genpkey_config.do_param) { + if (cfg.do_param) { if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { BIO_puts(bio_err, "Error generating parameters\n"); ERR_print_errors(bio_err); @@ -275,12 +275,12 @@ genpkey_main(int argc, char **argv) } } - if (genpkey_config.do_param) + if (cfg.do_param) rv = PEM_write_bio_Parameters(out, pkey); - else if (genpkey_config.outformat == FORMAT_PEM) - rv = PEM_write_bio_PrivateKey(out, pkey, genpkey_config.cipher, + else if (cfg.outformat == FORMAT_PEM) + rv = PEM_write_bio_PrivateKey(out, pkey, cfg.cipher, NULL, 0, NULL, pass); - else if (genpkey_config.outformat == FORMAT_ASN1) + else if (cfg.outformat == FORMAT_ASN1) rv = i2d_PrivateKey_bio(out, pkey); else { BIO_printf(bio_err, "Bad format specified for key\n"); @@ -291,8 +291,8 @@ genpkey_main(int argc, char **argv) BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); } - if (genpkey_config.text) { - if (genpkey_config.do_param) + if (cfg.text) { + if (cfg.do_param) rv = EVP_PKEY_print_params(out, pkey, 0, NULL); else rv = EVP_PKEY_print_private(out, pkey, 0, NULL); diff --git a/usr.bin/openssl/genrsa.c b/usr.bin/openssl/genrsa.c index e1628a682e8..0b5323fa5ff 100644 --- a/usr.bin/openssl/genrsa.c +++ b/usr.bin/openssl/genrsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -90,7 +90,7 @@ static struct { unsigned long f4; char *outfile; char *passargout; -} genrsa_config; +} cfg; static int set_public_exponent(int argc, char **argv, int *argsused) @@ -98,9 +98,9 @@ set_public_exponent(int argc, char **argv, int *argsused) char *option = argv[0]; if (strcmp(option, "-3") == 0) - genrsa_config.f4 = 3; + cfg.f4 = 3; else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) - genrsa_config.f4 = RSA_F4; + cfg.f4 = RSA_F4; else return (1); @@ -150,7 +150,7 @@ set_enc(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL) + if ((cfg.enc = get_cipher_by_name(name)) == NULL) return (1); *argsused = 1; @@ -243,14 +243,14 @@ static const struct option genrsa_options[] = { .argname = "file", .desc = "Output the key to 'file'", .type = OPTION_ARG, - .opt.arg = &genrsa_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passout", .argname = "arg", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &genrsa_config.passargout, + .opt.arg = &cfg.passargout, }, { NULL }, }; @@ -300,8 +300,8 @@ genrsa_main(int argc, char **argv) goto err; } - memset(&genrsa_config, 0, sizeof(genrsa_config)); - genrsa_config.f4 = RSA_F4; + memset(&cfg, 0, sizeof(cfg)); + cfg.f4 = RSA_F4; if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { genrsa_usage(); @@ -314,17 +314,17 @@ genrsa_main(int argc, char **argv) goto err; } - if (!app_passwd(bio_err, NULL, genrsa_config.passargout, NULL, + if (!app_passwd(bio_err, NULL, cfg.passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } - if (genrsa_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, genrsa_config.outfile) <= 0) { - perror(genrsa_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto err; } } @@ -335,7 +335,7 @@ genrsa_main(int argc, char **argv) if (!rsa) goto err; - if (!BN_set_word(bn, genrsa_config.f4) || + if (!BN_set_word(bn, cfg.f4) || !RSA_generate_key_ex(rsa, num, bn, cb)) goto err; @@ -348,8 +348,8 @@ genrsa_main(int argc, char **argv) { PW_CB_DATA cb_data; cb_data.password = passout; - cb_data.prompt_info = genrsa_config.outfile; - if (!PEM_write_bio_RSAPrivateKey(out, rsa, genrsa_config.enc, + cb_data.prompt_info = cfg.outfile; + if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc, NULL, 0, password_callback, &cb_data)) goto err; } diff --git a/usr.bin/openssl/nseq.c b/usr.bin/openssl/nseq.c index 7be116e67bf..fb0dda5dca8 100644 --- a/usr.bin/openssl/nseq.c +++ b/usr.bin/openssl/nseq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: nseq.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,7 +68,7 @@ static struct { char *infile; char *outfile; int toseq; -} nseq_config; +} cfg; static const struct option nseq_options[] = { { @@ -76,20 +76,20 @@ static const struct option nseq_options[] = { .argname = "file", .desc = "Input file to read from (default stdin)", .type = OPTION_ARG, - .opt.arg = &nseq_config.infile, + .opt.arg = &cfg.infile, }, { .name = "out", .argname = "file", .desc = "Output file to write to (default stdout)", .type = OPTION_ARG, - .opt.arg = &nseq_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "toseq", .desc = "Convert certificates to Netscape certificate sequence", .type = OPTION_FLAG, - .opt.flag = &nseq_config.toseq, + .opt.flag = &cfg.toseq, }, { NULL }, }; @@ -114,39 +114,39 @@ nseq_main(int argc, char **argv) exit(1); } - memset(&nseq_config, 0, sizeof(nseq_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) { nseq_usage(); return (1); } - if (nseq_config.infile) { - if (!(in = BIO_new_file(nseq_config.infile, "r"))) { + if (cfg.infile) { + if (!(in = BIO_new_file(cfg.infile, "r"))) { BIO_printf(bio_err, - "Can't open input file %s\n", nseq_config.infile); + "Can't open input file %s\n", cfg.infile); goto end; } } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (nseq_config.outfile) { - if (!(out = BIO_new_file(nseq_config.outfile, "w"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "w"))) { BIO_printf(bio_err, - "Can't open output file %s\n", nseq_config.outfile); + "Can't open output file %s\n", cfg.outfile); goto end; } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (nseq_config.toseq) { + if (cfg.toseq) { seq = NETSCAPE_CERT_SEQUENCE_new(); seq->certs = sk_X509_new_null(); while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) sk_X509_push(seq->certs, x509); if (!sk_X509_num(seq->certs)) { - BIO_printf(bio_err, "Error reading certs file %s\n", nseq_config.infile); + BIO_printf(bio_err, "Error reading certs file %s\n", cfg.infile); ERR_print_errors(bio_err); goto end; } @@ -155,7 +155,7 @@ nseq_main(int argc, char **argv) goto end; } if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) { - BIO_printf(bio_err, "Error reading sequence file %s\n", nseq_config.infile); + BIO_printf(bio_err, "Error reading sequence file %s\n", cfg.infile); ERR_print_errors(bio_err); goto end; } diff --git a/usr.bin/openssl/ocsp.c b/usr.bin/openssl/ocsp.c index 026bd49b0a5..cc942a459c6 100644 --- a/usr.bin/openssl/ocsp.c +++ b/usr.bin/openssl/ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: ocsp.c,v 1.23 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -143,27 +143,27 @@ static struct { int use_ssl; char *verify_certfile; unsigned long verify_flags; -} ocsp_config; +} cfg; static int ocsp_opt_cert(char *arg) { - X509_free(ocsp_config.cert); - ocsp_config.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, + X509_free(cfg.cert); + cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL, "certificate"); - if (ocsp_config.cert == NULL) { - ocsp_config.no_usage = 1; + if (cfg.cert == NULL) { + cfg.no_usage = 1; return (1); } - if (ocsp_config.cert_id_md == NULL) - ocsp_config.cert_id_md = EVP_sha1(); - if (!add_ocsp_cert(&ocsp_config.req, ocsp_config.cert, - ocsp_config.cert_id_md, ocsp_config.issuer, ocsp_config.ids)) { - ocsp_config.no_usage = 1; + if (cfg.cert_id_md == NULL) + cfg.cert_id_md = EVP_sha1(); + if (!add_ocsp_cert(&cfg.req, cfg.cert, + cfg.cert_id_md, cfg.issuer, cfg.ids)) { + cfg.no_usage = 1; return (1); } - if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { - ocsp_config.no_usage = 1; + if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) { + cfg.no_usage = 1; return (1); } return (0); @@ -177,7 +177,7 @@ ocsp_opt_cert_id_md(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((ocsp_config.cert_id_md = EVP_get_digestbyname(name)) == NULL) + if ((cfg.cert_id_md = EVP_get_digestbyname(name)) == NULL) return (1); *argsused = 1; @@ -190,8 +190,8 @@ ocsp_opt_header(int argc, char **argv, int *argsused) if (argc < 3 || argv[1] == NULL || argv[2] == NULL) return (1); - if (!X509V3_add_value(argv[1], argv[2], &ocsp_config.headers)) { - ocsp_config.no_usage = 1; + if (!X509V3_add_value(argv[1], argv[2], &cfg.headers)) { + cfg.no_usage = 1; return (1); } @@ -202,21 +202,21 @@ ocsp_opt_header(int argc, char **argv, int *argsused) static int ocsp_opt_host(char *arg) { - if (ocsp_config.use_ssl != -1) + if (cfg.use_ssl != -1) return (1); - ocsp_config.host = arg; + cfg.host = arg; return (0); } static int ocsp_opt_issuer(char *arg) { - X509_free(ocsp_config.issuer); - ocsp_config.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, + X509_free(cfg.issuer); + cfg.issuer = load_cert(bio_err, arg, FORMAT_PEM, NULL, "issuer certificate"); - if (ocsp_config.issuer == NULL) { - ocsp_config.no_usage = 1; + if (cfg.issuer == NULL) { + cfg.no_usage = 1; return (1); } return (0); @@ -227,7 +227,7 @@ ocsp_opt_ndays(char *arg) { const char *errstr = NULL; - ocsp_config.ndays = strtonum(arg, 0, INT_MAX, &errstr); + cfg.ndays = strtonum(arg, 0, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal update period %s: %s\n", arg, errstr); @@ -241,17 +241,17 @@ ocsp_opt_nmin(char *arg) { const char *errstr = NULL; - ocsp_config.nmin = strtonum(arg, 0, INT_MAX, &errstr); + cfg.nmin = strtonum(arg, 0, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal update period %s: %s\n", arg, errstr); return (1); } - if (ocsp_config.ndays != -1) + if (cfg.ndays != -1) return (1); - ocsp_config.ndays = 0; + cfg.ndays = 0; return (0); } @@ -260,7 +260,7 @@ ocsp_opt_nrequest(char *arg) { const char *errstr = NULL; - ocsp_config.accept_count = strtonum(arg, 0, INT_MAX, &errstr); + cfg.accept_count = strtonum(arg, 0, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal accept count %s: %s\n", arg, errstr); @@ -272,25 +272,25 @@ ocsp_opt_nrequest(char *arg) static int ocsp_opt_port(char *arg) { - if (ocsp_config.use_ssl != -1) + if (cfg.use_ssl != -1) return (1); - ocsp_config.port = arg; + cfg.port = arg; return (0); } static int ocsp_opt_serial(char *arg) { - if (ocsp_config.cert_id_md == NULL) - ocsp_config.cert_id_md = EVP_sha1(); - if (!add_ocsp_serial(&ocsp_config.req, arg, ocsp_config.cert_id_md, - ocsp_config.issuer, ocsp_config.ids)) { - ocsp_config.no_usage = 1; + if (cfg.cert_id_md == NULL) + cfg.cert_id_md = EVP_sha1(); + if (!add_ocsp_serial(&cfg.req, arg, cfg.cert_id_md, + cfg.issuer, cfg.ids)) { + cfg.no_usage = 1; return (1); } - if (!sk_OPENSSL_STRING_push(ocsp_config.reqnames, arg)) { - ocsp_config.no_usage = 1; + if (!sk_OPENSSL_STRING_push(cfg.reqnames, arg)) { + cfg.no_usage = 1; return (1); } return (0); @@ -301,7 +301,7 @@ ocsp_opt_status_age(char *arg) { const char *errstr = NULL; - ocsp_config.maxage = strtonum(arg, 0, LONG_MAX, &errstr); + cfg.maxage = strtonum(arg, 0, LONG_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal validity age %s: %s\n", arg, errstr); @@ -313,8 +313,8 @@ ocsp_opt_status_age(char *arg) static int ocsp_opt_text(void) { - ocsp_config.req_text = 1; - ocsp_config.resp_text = 1; + cfg.req_text = 1; + cfg.resp_text = 1; return (0); } @@ -323,7 +323,7 @@ ocsp_opt_timeout(char *arg) { const char *errstr = NULL; - ocsp_config.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); + cfg.req_timeout = strtonum(arg, 0, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal timeout value %s: %s\n", arg, errstr); @@ -335,10 +335,10 @@ ocsp_opt_timeout(char *arg) static int ocsp_opt_url(char *arg) { - if (ocsp_config.host == NULL && ocsp_config.port == NULL && - ocsp_config.path == NULL) { - if (!OCSP_parse_url(arg, &ocsp_config.host, &ocsp_config.port, - &ocsp_config.path, &ocsp_config.use_ssl)) { + if (cfg.host == NULL && cfg.port == NULL && + cfg.path == NULL) { + if (!OCSP_parse_url(arg, &cfg.host, &cfg.port, + &cfg.path, &cfg.use_ssl)) { BIO_printf(bio_err, "Error parsing URL\n"); return (1); } @@ -349,8 +349,8 @@ ocsp_opt_url(char *arg) static int ocsp_opt_vafile(char *arg) { - ocsp_config.verify_certfile = arg; - ocsp_config.verify_flags |= OCSP_TRUSTOTHER; + cfg.verify_certfile = arg; + cfg.verify_flags |= OCSP_TRUSTOTHER; return (0); } @@ -359,7 +359,7 @@ ocsp_opt_validity_period(char *arg) { const char *errstr = NULL; - ocsp_config.nsec = strtonum(arg, 0, LONG_MAX, &errstr); + cfg.nsec = strtonum(arg, 0, LONG_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "Illegal validity period %s: %s\n", arg, errstr); @@ -374,21 +374,21 @@ static const struct option ocsp_options[] = { .argname = "file", .desc = "CA certificate corresponding to the revocation information", .type = OPTION_ARG, - .opt.arg = &ocsp_config.rca_filename, + .opt.arg = &cfg.rca_filename, }, { .name = "CAfile", .argname = "file", .desc = "Trusted certificates file", .type = OPTION_ARG, - .opt.arg = &ocsp_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "directory", .desc = "Trusted certificates directory", .type = OPTION_ARG, - .opt.arg = &ocsp_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "cert", @@ -415,14 +415,14 @@ static const struct option ocsp_options[] = { .name = "ignore_err", .desc = "Ignore the invalid response", .type = OPTION_FLAG, - .opt.flag = &ocsp_config.ignore_err, + .opt.flag = &cfg.ignore_err, }, { .name = "index", .argname = "indexfile", .desc = "Certificate status index file", .type = OPTION_ARG, - .opt.arg = &ocsp_config.ridx_filename, + .opt.arg = &cfg.ridx_filename, }, { .name = "issuer", @@ -449,70 +449,70 @@ static const struct option ocsp_options[] = { .name = "no_cert_checks", .desc = "Don't do additional checks on signing certificate", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOCHECKS, }, { .name = "no_cert_verify", .desc = "Don't check signing certificate", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOVERIFY, }, { .name = "no_certs", .desc = "Don't include any certificates in signed request", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.sign_flags, + .opt.ulvalue = &cfg.sign_flags, .ulvalue = OCSP_NOCERTS, }, { .name = "no_chain", .desc = "Don't use certificates in the response", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOCHAIN, }, { .name = "no_explicit", .desc = "Don't check the explicit trust for OCSP signing", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOEXPLICIT, }, { .name = "no_intern", .desc = "Don't search certificates contained in response for signer", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOINTERN, }, { .name = "no_nonce", .desc = "Don't add OCSP nonce to request", .type = OPTION_VALUE, - .opt.value = &ocsp_config.add_nonce, + .opt.value = &cfg.add_nonce, .value = 0, }, { .name = "no_signature_verify", .desc = "Don't check signature on response", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_NOSIGS, }, { .name = "nonce", .desc = "Add OCSP nonce to request", .type = OPTION_VALUE, - .opt.value = &ocsp_config.add_nonce, + .opt.value = &cfg.add_nonce, .value = 2, }, { .name = "noverify", .desc = "Don't verify response at all", .type = OPTION_FLAG, - .opt.flag = &ocsp_config.noverify, + .opt.flag = &cfg.noverify, }, { .name = "nrequest", @@ -526,14 +526,14 @@ static const struct option ocsp_options[] = { .argname = "file", .desc = "Output filename", .type = OPTION_ARG, - .opt.arg = &ocsp_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "path", .argname = "path", .desc = "Path to use in OCSP request", .type = OPTION_ARG, - .opt.arg = &ocsp_config.path, + .opt.arg = &cfg.path, }, { .name = "port", @@ -546,76 +546,76 @@ static const struct option ocsp_options[] = { .name = "req_text", .desc = "Print text form of request", .type = OPTION_FLAG, - .opt.flag = &ocsp_config.req_text, + .opt.flag = &cfg.req_text, }, { .name = "reqin", .argname = "file", .desc = "Read DER encoded OCSP request from \"file\"", .type = OPTION_ARG, - .opt.arg = &ocsp_config.reqin, + .opt.arg = &cfg.reqin, }, { .name = "reqout", .argname = "file", .desc = "Write DER encoded OCSP request to \"file\"", .type = OPTION_ARG, - .opt.arg = &ocsp_config.reqout, + .opt.arg = &cfg.reqout, }, { .name = "resp_key_id", .desc = "Identify response by signing certificate key ID", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.rflags, + .opt.ulvalue = &cfg.rflags, .ulvalue = OCSP_RESPID_KEY, }, { .name = "resp_no_certs", .desc = "Don't include any certificates in response", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.rflags, + .opt.ulvalue = &cfg.rflags, .ulvalue = OCSP_NOCERTS, }, { .name = "resp_text", .desc = "Print text form of response", .type = OPTION_FLAG, - .opt.flag = &ocsp_config.resp_text, + .opt.flag = &cfg.resp_text, }, { .name = "respin", .argname = "file", .desc = "Read DER encoded OCSP response from \"file\"", .type = OPTION_ARG, - .opt.arg = &ocsp_config.respin, + .opt.arg = &cfg.respin, }, { .name = "respout", .argname = "file", .desc = "Write DER encoded OCSP response to \"file\"", .type = OPTION_ARG, - .opt.arg = &ocsp_config.respout, + .opt.arg = &cfg.respout, }, { .name = "rkey", .argname = "file", .desc = "Responder key to sign responses with", .type = OPTION_ARG, - .opt.arg = &ocsp_config.rkeyfile, + .opt.arg = &cfg.rkeyfile, }, { .name = "rother", .argname = "file", .desc = "Other certificates to include in response", .type = OPTION_ARG, - .opt.arg = &ocsp_config.rcertfile, + .opt.arg = &cfg.rcertfile, }, { .name = "rsigner", .argname = "file", .desc = "Responder certificate to sign responses with", .type = OPTION_ARG, - .opt.arg = &ocsp_config.rsignfile, + .opt.arg = &cfg.rsignfile, }, { .name = "serial", @@ -629,21 +629,21 @@ static const struct option ocsp_options[] = { .argname = "file", .desc = "Additional certificates to include in signed request", .type = OPTION_ARG, - .opt.arg = &ocsp_config.sign_certfile, + .opt.arg = &cfg.sign_certfile, }, { .name = "signer", .argname = "file", .desc = "Certificate to sign OCSP request with", .type = OPTION_ARG, - .opt.arg = &ocsp_config.signfile, + .opt.arg = &cfg.signfile, }, { .name = "signkey", .argname = "file", .desc = "Private key to sign OCSP request with", .type = OPTION_ARG, - .opt.arg = &ocsp_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "status_age", @@ -669,7 +669,7 @@ static const struct option ocsp_options[] = { .name = "trust_other", .desc = "Don't verify additional certificates", .type = OPTION_UL_VALUE_OR, - .opt.ulvalue = &ocsp_config.verify_flags, + .opt.ulvalue = &cfg.verify_flags, .ulvalue = OCSP_TRUSTOTHER, }, { @@ -698,7 +698,7 @@ static const struct option ocsp_options[] = { .argname = "file", .desc = "Additional certificates to search for signer", .type = OPTION_ARG, - .opt.arg = &ocsp_config.verify_certfile, + .opt.arg = &cfg.verify_certfile, }, { .name = NULL, @@ -755,37 +755,37 @@ ocsp_main(int argc, char **argv) exit(1); } - memset(&ocsp_config, 0, sizeof(ocsp_config)); - ocsp_config.accept_count = -1; - ocsp_config.add_nonce = 1; - if ((ocsp_config.ids = sk_OCSP_CERTID_new_null()) == NULL) + memset(&cfg, 0, sizeof(cfg)); + cfg.accept_count = -1; + cfg.add_nonce = 1; + if ((cfg.ids = sk_OCSP_CERTID_new_null()) == NULL) goto end; - ocsp_config.maxage = -1; - ocsp_config.ndays = -1; - ocsp_config.nsec = MAX_VALIDITY_PERIOD; - ocsp_config.req_timeout = -1; - if ((ocsp_config.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) + cfg.maxage = -1; + cfg.ndays = -1; + cfg.nsec = MAX_VALIDITY_PERIOD; + cfg.req_timeout = -1; + if ((cfg.reqnames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - ocsp_config.use_ssl = -1; + cfg.use_ssl = -1; if (options_parse(argc, argv, ocsp_options, NULL, NULL) != 0) { - if (ocsp_config.no_usage) + if (cfg.no_usage) goto end; else badarg = 1; } /* Have we anything to do? */ - if (!ocsp_config.req && !ocsp_config.reqin && !ocsp_config.respin && - !(ocsp_config.port && ocsp_config.ridx_filename)) + if (!cfg.req && !cfg.reqin && !cfg.respin && + !(cfg.port && cfg.ridx_filename)) badarg = 1; if (badarg) { ocsp_usage(); goto end; } - if (ocsp_config.outfile) - out = BIO_new_file(ocsp_config.outfile, "w"); + if (cfg.outfile) + out = BIO_new_file(cfg.outfile, "w"); else out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ -793,47 +793,47 @@ ocsp_main(int argc, char **argv) BIO_printf(bio_err, "Error opening output file\n"); goto end; } - if (!ocsp_config.req && (ocsp_config.add_nonce != 2)) - ocsp_config.add_nonce = 0; + if (!cfg.req && (cfg.add_nonce != 2)) + cfg.add_nonce = 0; - if (!ocsp_config.req && ocsp_config.reqin) { - derbio = BIO_new_file(ocsp_config.reqin, "rb"); + if (!cfg.req && cfg.reqin) { + derbio = BIO_new_file(cfg.reqin, "rb"); if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP request file\n"); goto end; } - ocsp_config.req = d2i_OCSP_REQUEST_bio(derbio, NULL); + cfg.req = d2i_OCSP_REQUEST_bio(derbio, NULL); BIO_free(derbio); - if (!ocsp_config.req) { + if (!cfg.req) { BIO_printf(bio_err, "Error reading OCSP request\n"); goto end; } } - if (!ocsp_config.req && ocsp_config.port) { - acbio = init_responder(ocsp_config.port); + if (!cfg.req && cfg.port) { + acbio = init_responder(cfg.port); if (!acbio) goto end; } - if (ocsp_config.rsignfile && !rdb) { - if (!ocsp_config.rkeyfile) - ocsp_config.rkeyfile = ocsp_config.rsignfile; - rsigner = load_cert(bio_err, ocsp_config.rsignfile, FORMAT_PEM, + if (cfg.rsignfile && !rdb) { + if (!cfg.rkeyfile) + cfg.rkeyfile = cfg.rsignfile; + rsigner = load_cert(bio_err, cfg.rsignfile, FORMAT_PEM, NULL, "responder certificate"); if (!rsigner) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; } - rca_cert = load_cert(bio_err, ocsp_config.rca_filename, + rca_cert = load_cert(bio_err, cfg.rca_filename, FORMAT_PEM, NULL, "CA certificate"); - if (ocsp_config.rcertfile) { - rother = load_certs(bio_err, ocsp_config.rcertfile, + if (cfg.rcertfile) { + rother = load_certs(bio_err, cfg.rcertfile, FORMAT_PEM, NULL, "responder other certificates"); if (!rother) goto end; } - rkey = load_key(bio_err, ocsp_config.rkeyfile, FORMAT_PEM, 0, + rkey = load_key(bio_err, cfg.rkeyfile, FORMAT_PEM, 0, NULL, "responder private key"); if (!rkey) goto end; @@ -844,95 +844,95 @@ ocsp_main(int argc, char **argv) redo_accept: if (acbio) { - if (!do_responder(&ocsp_config.req, &cbio, acbio, - ocsp_config.port)) + if (!do_responder(&cfg.req, &cbio, acbio, + cfg.port)) goto end; - if (!ocsp_config.req) { + if (!cfg.req) { resp = OCSP_response_create( OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); send_ocsp_response(cbio, resp); goto done_resp; } } - if (!ocsp_config.req && - (ocsp_config.signfile || ocsp_config.reqout || ocsp_config.host || - ocsp_config.add_nonce || ocsp_config.ridx_filename)) { + if (!cfg.req && + (cfg.signfile || cfg.reqout || cfg.host || + cfg.add_nonce || cfg.ridx_filename)) { BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); goto end; } - if (ocsp_config.req && ocsp_config.add_nonce) - OCSP_request_add1_nonce(ocsp_config.req, NULL, -1); + if (cfg.req && cfg.add_nonce) + OCSP_request_add1_nonce(cfg.req, NULL, -1); - if (ocsp_config.signfile) { - if (!ocsp_config.keyfile) - ocsp_config.keyfile = ocsp_config.signfile; - signer = load_cert(bio_err, ocsp_config.signfile, FORMAT_PEM, + if (cfg.signfile) { + if (!cfg.keyfile) + cfg.keyfile = cfg.signfile; + signer = load_cert(bio_err, cfg.signfile, FORMAT_PEM, NULL, "signer certificate"); if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; } - if (ocsp_config.sign_certfile) { + if (cfg.sign_certfile) { sign_other = load_certs(bio_err, - ocsp_config.sign_certfile, FORMAT_PEM, NULL, + cfg.sign_certfile, FORMAT_PEM, NULL, "signer certificates"); if (!sign_other) goto end; } - key = load_key(bio_err, ocsp_config.keyfile, FORMAT_PEM, 0, + key = load_key(bio_err, cfg.keyfile, FORMAT_PEM, 0, NULL, "signer private key"); if (!key) goto end; - if (!OCSP_request_sign(ocsp_config.req, signer, key, NULL, - sign_other, ocsp_config.sign_flags)) { + if (!OCSP_request_sign(cfg.req, signer, key, NULL, + sign_other, cfg.sign_flags)) { BIO_printf(bio_err, "Error signing OCSP request\n"); goto end; } } - if (ocsp_config.req_text && ocsp_config.req) - OCSP_REQUEST_print(out, ocsp_config.req, 0); + if (cfg.req_text && cfg.req) + OCSP_REQUEST_print(out, cfg.req, 0); - if (ocsp_config.reqout) { - derbio = BIO_new_file(ocsp_config.reqout, "wb"); + if (cfg.reqout) { + derbio = BIO_new_file(cfg.reqout, "wb"); if (!derbio) { BIO_printf(bio_err, "Error opening file %s\n", - ocsp_config.reqout); + cfg.reqout); goto end; } - i2d_OCSP_REQUEST_bio(derbio, ocsp_config.req); + i2d_OCSP_REQUEST_bio(derbio, cfg.req); BIO_free(derbio); } - if (ocsp_config.ridx_filename && (!rkey || !rsigner || !rca_cert)) { + if (cfg.ridx_filename && (!rkey || !rsigner || !rca_cert)) { BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); goto end; } - if (ocsp_config.ridx_filename && !rdb) { - rdb = load_index(ocsp_config.ridx_filename, NULL); + if (cfg.ridx_filename && !rdb) { + rdb = load_index(cfg.ridx_filename, NULL); if (!rdb) goto end; if (!index_index(rdb)) goto end; } if (rdb) { - i = make_ocsp_response(&resp, ocsp_config.req, rdb, rca_cert, - rsigner, rkey, rother, ocsp_config.rflags, - ocsp_config.nmin, ocsp_config.ndays); + i = make_ocsp_response(&resp, cfg.req, rdb, rca_cert, + rsigner, rkey, rother, cfg.rflags, + cfg.nmin, cfg.ndays); if (cbio) send_ocsp_response(cbio, resp); - } else if (ocsp_config.host) { - resp = process_responder(bio_err, ocsp_config.req, - ocsp_config.host, - ocsp_config.path ? ocsp_config.path : "/", - ocsp_config.port, ocsp_config.use_ssl, ocsp_config.headers, - ocsp_config.req_timeout); + } else if (cfg.host) { + resp = process_responder(bio_err, cfg.req, + cfg.host, + cfg.path ? cfg.path : "/", + cfg.port, cfg.use_ssl, cfg.headers, + cfg.req_timeout); if (!resp) goto end; - } else if (ocsp_config.respin) { - derbio = BIO_new_file(ocsp_config.respin, "rb"); + } else if (cfg.respin) { + derbio = BIO_new_file(cfg.respin, "rb"); if (!derbio) { BIO_printf(bio_err, "Error Opening OCSP response file\n"); @@ -951,11 +951,11 @@ ocsp_main(int argc, char **argv) done_resp: - if (ocsp_config.respout) { - derbio = BIO_new_file(ocsp_config.respout, "wb"); + if (cfg.respout) { + derbio = BIO_new_file(cfg.respout, "wb"); if (!derbio) { BIO_printf(bio_err, "Error opening file %s\n", - ocsp_config.respout); + cfg.respout); goto end; } i2d_OCSP_RESPONSE_bio(derbio, resp); @@ -966,24 +966,24 @@ ocsp_main(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { BIO_printf(bio_err, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); - if (ocsp_config.ignore_err) + if (cfg.ignore_err) goto redo_accept; ret = 1; goto end; } - if (ocsp_config.resp_text) + if (cfg.resp_text) OCSP_RESPONSE_print(out, resp, 0); /* If running as responder don't verify our own response */ if (cbio) { - if (ocsp_config.accept_count > 0) - ocsp_config.accept_count--; + if (cfg.accept_count > 0) + cfg.accept_count--; /* Redo if more connections needed */ - if (ocsp_config.accept_count) { + if (cfg.accept_count) { BIO_free_all(cbio); cbio = NULL; - OCSP_REQUEST_free(ocsp_config.req); - ocsp_config.req = NULL; + OCSP_REQUEST_free(cfg.req); + cfg.req = NULL; OCSP_RESPONSE_free(resp); resp = NULL; goto redo_accept; @@ -991,12 +991,12 @@ ocsp_main(int argc, char **argv) goto end; } if (!store) - store = setup_verify(bio_err, ocsp_config.CAfile, - ocsp_config.CApath); + store = setup_verify(bio_err, cfg.CAfile, + cfg.CApath); if (!store) goto end; - if (ocsp_config.verify_certfile) { - verify_other = load_certs(bio_err, ocsp_config.verify_certfile, + if (cfg.verify_certfile) { + verify_other = load_certs(bio_err, cfg.verify_certfile, FORMAT_PEM, NULL, "validator certificate"); if (!verify_other) goto end; @@ -1007,9 +1007,9 @@ ocsp_main(int argc, char **argv) BIO_printf(bio_err, "Error parsing response\n"); goto end; } - if (!ocsp_config.noverify) { - if (ocsp_config.req && - ((i = OCSP_check_nonce(ocsp_config.req, bs)) <= 0)) { + if (!cfg.noverify) { + if (cfg.req && + ((i = OCSP_check_nonce(cfg.req, bs)) <= 0)) { if (i == -1) { BIO_printf(bio_err, "WARNING: no nonce in response\n"); @@ -1019,7 +1019,7 @@ ocsp_main(int argc, char **argv) } } i = OCSP_basic_verify(bs, verify_other, store, - ocsp_config.verify_flags); + cfg.verify_flags); if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); @@ -1030,8 +1030,8 @@ ocsp_main(int argc, char **argv) BIO_printf(bio_err, "Response verify OK\n"); } } - if (!print_ocsp_summary(out, bs, ocsp_config.req, ocsp_config.reqnames, - ocsp_config.ids, ocsp_config.nsec, ocsp_config.maxage)) + if (!print_ocsp_summary(out, bs, cfg.req, cfg.reqnames, + cfg.ids, cfg.nsec, cfg.maxage)) goto end; ret = 0; @@ -1042,27 +1042,27 @@ ocsp_main(int argc, char **argv) X509_STORE_free(store); EVP_PKEY_free(key); EVP_PKEY_free(rkey); - X509_free(ocsp_config.issuer); - X509_free(ocsp_config.cert); + X509_free(cfg.issuer); + X509_free(cfg.cert); X509_free(rsigner); X509_free(rca_cert); free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); BIO_free(out); - OCSP_REQUEST_free(ocsp_config.req); + OCSP_REQUEST_free(cfg.req); OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); - sk_OPENSSL_STRING_free(ocsp_config.reqnames); - sk_OCSP_CERTID_free(ocsp_config.ids); + sk_OPENSSL_STRING_free(cfg.reqnames); + sk_OCSP_CERTID_free(cfg.ids); sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); - sk_CONF_VALUE_pop_free(ocsp_config.headers, X509V3_conf_free); + sk_CONF_VALUE_pop_free(cfg.headers, X509V3_conf_free); - if (ocsp_config.use_ssl != -1) { - free(ocsp_config.host); - free(ocsp_config.port); - free(ocsp_config.path); + if (cfg.use_ssl != -1) { + free(cfg.host); + free(cfg.port); + free(cfg.path); } return (ret); } diff --git a/usr.bin/openssl/passwd.c b/usr.bin/openssl/passwd.c index f05751f1652..a8dfa27db1e 100644 --- a/usr.bin/openssl/passwd.c +++ b/usr.bin/openssl/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: passwd.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ #if defined OPENSSL_NO_MD5 #define NO_MD5CRYPT_1 @@ -51,7 +51,7 @@ static struct { int use1; int useapr1; int usecrypt; -} passwd_config; +} cfg; static const struct option passwd_options[] = { #ifndef NO_MD5CRYPT_1 @@ -59,13 +59,13 @@ static const struct option passwd_options[] = { .name = "1", .desc = "Use MD5 based BSD password algorithm 1", .type = OPTION_FLAG, - .opt.flag = &passwd_config.use1, + .opt.flag = &cfg.use1, }, { .name = "apr1", .desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", .type = OPTION_FLAG, - .opt.flag = &passwd_config.useapr1, + .opt.flag = &cfg.useapr1, }, #endif #ifndef OPENSSL_NO_DES @@ -73,7 +73,7 @@ static const struct option passwd_options[] = { .name = "crypt", .desc = "Use crypt algorithm (default)", .type = OPTION_FLAG, - .opt.flag = &passwd_config.usecrypt, + .opt.flag = &cfg.usecrypt, }, #endif { @@ -81,44 +81,44 @@ static const struct option passwd_options[] = { .argname = "file", .desc = "Read passwords from specified file", .type = OPTION_ARG, - .opt.arg = &passwd_config.infile, + .opt.arg = &cfg.infile, }, { .name = "noverify", .desc = "Do not verify password", .type = OPTION_FLAG, - .opt.flag = &passwd_config.noverify, + .opt.flag = &cfg.noverify, }, { .name = "quiet", .desc = "Do not output warnings", .type = OPTION_FLAG, - .opt.flag = &passwd_config.quiet, + .opt.flag = &cfg.quiet, }, { .name = "reverse", .desc = "Reverse table columns (requires -table)", .type = OPTION_FLAG, - .opt.flag = &passwd_config.reverse, + .opt.flag = &cfg.reverse, }, { .name = "salt", .argname = "string", .desc = "Use specified salt", .type = OPTION_ARG, - .opt.arg = &passwd_config.salt, + .opt.arg = &cfg.salt, }, { .name = "stdin", .desc = "Read passwords from stdin", .type = OPTION_FLAG, - .opt.flag = &passwd_config.in_stdin, + .opt.flag = &cfg.in_stdin, }, { .name = "table", .desc = "Output cleartext and hashed passwords (tab separated)", .type = OPTION_FLAG, - .opt.flag = &passwd_config.table, + .opt.flag = &cfg.table, }, { NULL }, }; @@ -150,7 +150,7 @@ passwd_main(int argc, char **argv) exit(1); } - memset(&passwd_config, 0, sizeof(passwd_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { passwd_usage(); @@ -159,23 +159,23 @@ passwd_main(int argc, char **argv) if (argsused < argc) passwds = &argv[argsused]; - if (passwd_config.salt != NULL) + if (cfg.salt != NULL) passed_salt = 1; - if (!passwd_config.usecrypt && !passwd_config.use1 && - !passwd_config.useapr1) - passwd_config.usecrypt = 1; /* use default */ - if (passwd_config.usecrypt + passwd_config.use1 + - passwd_config.useapr1 > 1) + if (!cfg.usecrypt && !cfg.use1 && + !cfg.useapr1) + cfg.usecrypt = 1; /* use default */ + if (cfg.usecrypt + cfg.use1 + + cfg.useapr1 > 1) badopt = 1; /* conflicting options */ /* Reject unsupported algorithms */ #ifdef OPENSSL_NO_DES - if (passwd_config.usecrypt) + if (cfg.usecrypt) badopt = 1; #endif #ifdef NO_MD5CRYPT_1 - if (passwd_config.use1 || passwd_config.useapr1) + if (cfg.use1 || cfg.useapr1) badopt = 1; #endif @@ -188,21 +188,21 @@ passwd_main(int argc, char **argv) goto err; BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - if (passwd_config.infile != NULL || passwd_config.in_stdin) { + if (cfg.infile != NULL || cfg.in_stdin) { if ((in = BIO_new(BIO_s_file())) == NULL) goto err; - if (passwd_config.infile != NULL) { - assert(passwd_config.in_stdin == 0); - if (BIO_read_filename(in, passwd_config.infile) <= 0) + if (cfg.infile != NULL) { + assert(cfg.in_stdin == 0); + if (BIO_read_filename(in, cfg.infile) <= 0) goto err; } else { - assert(passwd_config.in_stdin); + assert(cfg.in_stdin); BIO_set_fp(in, stdin, BIO_NOCLOSE); } } - if (passwd_config.usecrypt) + if (cfg.usecrypt) pw_maxlen = 8; - else if (passwd_config.use1 || passwd_config.useapr1) + else if (cfg.use1 || cfg.useapr1) pw_maxlen = 256;/* arbitrary limit, should be enough for most * passwords */ @@ -223,7 +223,7 @@ passwd_main(int argc, char **argv) if (in == NULL) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", - !(passed_salt || passwd_config.noverify)) != 0) + !(passed_salt || cfg.noverify)) != 0) goto err; passwds[0] = passwd_malloc; } @@ -233,11 +233,11 @@ passwd_main(int argc, char **argv) do { /* loop over list of passwords */ passwd = *passwds++; - if (!do_passwd(passed_salt, &passwd_config.salt, - &salt_malloc, passwd, out, passwd_config.quiet, - passwd_config.table, passwd_config.reverse, - pw_maxlen, passwd_config.usecrypt, - passwd_config.use1, passwd_config.useapr1)) + if (!do_passwd(passed_salt, &cfg.salt, + &salt_malloc, passwd, out, cfg.quiet, + cfg.table, cfg.reverse, + pw_maxlen, cfg.usecrypt, + cfg.use1, cfg.useapr1)) goto err; } while (*passwds != NULL); } else { @@ -258,12 +258,12 @@ passwd_main(int argc, char **argv) while ((r > 0) && (!strchr(trash, '\n'))); } - if (!do_passwd(passed_salt, &passwd_config.salt, + if (!do_passwd(passed_salt, &cfg.salt, &salt_malloc, passwd, out, - passwd_config.quiet, passwd_config.table, - passwd_config.reverse, pw_maxlen, - passwd_config.usecrypt, passwd_config.use1, - passwd_config.useapr1)) + cfg.quiet, cfg.table, + cfg.reverse, pw_maxlen, + cfg.usecrypt, cfg.use1, + cfg.useapr1)) goto err; } done = (r <= 0); diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c index 6e671e92750..aedae640e30 100644 --- a/usr.bin/openssl/pkcs12.c +++ b/usr.bin/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -118,16 +118,16 @@ static struct { char *passargin; char *passargout; int twopass; -} pkcs12_config; +} cfg; static int pkcs12_opt_canames(char *arg) { - if (pkcs12_config.canames == NULL && - (pkcs12_config.canames = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.canames == NULL && + (cfg.canames = sk_OPENSSL_STRING_new_null()) == NULL) return (1); - if (!sk_OPENSSL_STRING_push(pkcs12_config.canames, arg)) + if (!sk_OPENSSL_STRING_push(cfg.canames, arg)) return (1); return (0); @@ -136,20 +136,20 @@ pkcs12_opt_canames(char *arg) static int pkcs12_opt_cert_pbe(char *arg) { - return (!set_pbe(bio_err, &pkcs12_config.cert_pbe, arg)); + return (!set_pbe(bio_err, &cfg.cert_pbe, arg)); } static int pkcs12_opt_key_pbe(char *arg) { - return (!set_pbe(bio_err, &pkcs12_config.key_pbe, arg)); + return (!set_pbe(bio_err, &cfg.key_pbe, arg)); } static int pkcs12_opt_passarg(char *arg) { - pkcs12_config.passarg = arg; - pkcs12_config.noprompt = 1; + cfg.passarg = arg; + cfg.noprompt = 1; return (0); } @@ -196,8 +196,8 @@ pkcs12_opt_enc(int argc, char **argv, int *argsused) return (1); if (strcmp(name, "nodes") == 0) - pkcs12_config.enc = NULL; - else if ((pkcs12_config.enc = get_cipher_by_name(name)) == NULL) + cfg.enc = NULL; + else if ((cfg.enc = get_cipher_by_name(name)) == NULL) return (1); *argsused = 1; @@ -269,7 +269,7 @@ static const struct option pkcs12_options[] = { .name = "cacerts", .desc = "Only output CA certificates", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = CACERTS, }, { @@ -277,7 +277,7 @@ static const struct option pkcs12_options[] = { .argname = "file", .desc = "PEM format file of CA certificates", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "caname", @@ -291,14 +291,14 @@ static const struct option pkcs12_options[] = { .argname = "directory", .desc = "PEM format directory of CA certificates", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "certfile", .argname = "file", .desc = "Add all certs in file", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.certfile, + .opt.arg = &cfg.certfile, }, { .name = "certpbe", @@ -311,13 +311,13 @@ static const struct option pkcs12_options[] = { .name = "chain", .desc = "Add certificate chain", .type = OPTION_FLAG, - .opt.flag = &pkcs12_config.chain, + .opt.flag = &cfg.chain, }, { .name = "clcerts", .desc = "Only output client certificates", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = CLCERTS, }, { @@ -325,33 +325,33 @@ static const struct option pkcs12_options[] = { .argname = "name", .desc = "Microsoft CSP name", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.csp_name, + .opt.arg = &cfg.csp_name, }, { .name = "descert", .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.cert_pbe, + .opt.value = &cfg.cert_pbe, .value = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, }, { .name = "export", .desc = "Output PKCS#12 file", .type = OPTION_FLAG, - .opt.flag = &pkcs12_config.export_cert, + .opt.flag = &cfg.export_cert, }, { .name = "in", .argname = "file", .desc = "Input filename", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.infile, + .opt.arg = &cfg.infile, }, { .name = "info", .desc = "Give info about PKCS#12 structure", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = INFO, }, { @@ -359,13 +359,13 @@ static const struct option pkcs12_options[] = { .argname = "file", .desc = "Private key if not infile", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.keyname, + .opt.arg = &cfg.keyname, }, { .name = "keyex", .desc = "Set MS key exchange type", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.keytype, + .opt.value = &cfg.keytype, .value = KEY_EX, }, { @@ -379,27 +379,27 @@ static const struct option pkcs12_options[] = { .name = "keysig", .desc = "Set MS key signature type", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.keytype, + .opt.value = &cfg.keytype, .value = KEY_SIG, }, { .name = "LMK", .desc = "Add local machine keyset attribute to private key", .type = OPTION_FLAG, - .opt.flag = &pkcs12_config.add_lmk, + .opt.flag = &cfg.add_lmk, }, { .name = "macalg", .argname = "alg", .desc = "Digest algorithm used in MAC (default SHA1)", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.macalg, + .opt.arg = &cfg.macalg, }, { .name = "maciter", .desc = "Use MAC iteration", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.maciter, + .opt.value = &cfg.maciter, .value = PKCS12_DEFAULT_ITER, }, { @@ -407,13 +407,13 @@ static const struct option pkcs12_options[] = { .argname = "name", .desc = "Use name as friendly name", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.name, + .opt.arg = &cfg.name, }, { .name = "nocerts", .desc = "Don't output certificates", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = NOCERTS, }, { @@ -426,42 +426,42 @@ static const struct option pkcs12_options[] = { .name = "noiter", .desc = "Don't use encryption iteration", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.iter, + .opt.value = &cfg.iter, .value = 1, }, { .name = "nokeys", .desc = "Don't output private keys", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = NOKEYS, }, { .name = "nomac", .desc = "Don't generate MAC", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.maciter, + .opt.value = &cfg.maciter, .value = -1, }, { .name = "nomaciter", .desc = "Don't use MAC iteration", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.maciter, + .opt.value = &cfg.maciter, .value = 1, }, { .name = "nomacver", .desc = "Don't verify MAC", .type = OPTION_VALUE, - .opt.value = &pkcs12_config.macver, + .opt.value = &cfg.macver, .value = 0, }, { .name = "noout", .desc = "Don't output anything, just verify", .type = OPTION_VALUE_OR, - .opt.value = &pkcs12_config.options, + .opt.value = &cfg.options, .value = (NOKEYS | NOCERTS), }, { @@ -469,21 +469,21 @@ static const struct option pkcs12_options[] = { .argname = "file", .desc = "Output filename", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "arg", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "arg", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkcs12_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "password", @@ -496,7 +496,7 @@ static const struct option pkcs12_options[] = { .name = "twopass", .desc = "Separate MAC, encryption passwords", .type = OPTION_FLAG, - .opt.flag = &pkcs12_config.twopass, + .opt.flag = &cfg.twopass, }, { NULL }, }; @@ -541,73 +541,73 @@ pkcs12_main(int argc, char **argv) exit(1); } - memset(&pkcs12_config, 0, sizeof(pkcs12_config)); - pkcs12_config.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - pkcs12_config.enc = EVP_des_ede3_cbc(); - pkcs12_config.iter = PKCS12_DEFAULT_ITER; - pkcs12_config.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - pkcs12_config.maciter = PKCS12_DEFAULT_ITER; - pkcs12_config.macver = 1; + memset(&cfg, 0, sizeof(cfg)); + cfg.cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + cfg.enc = EVP_des_ede3_cbc(); + cfg.iter = PKCS12_DEFAULT_ITER; + cfg.key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + cfg.maciter = PKCS12_DEFAULT_ITER; + cfg.macver = 1; if (options_parse(argc, argv, pkcs12_options, NULL, NULL) != 0) { pkcs12_usage(); goto end; } - if (pkcs12_config.passarg != NULL) { - if (pkcs12_config.export_cert) - pkcs12_config.passargout = pkcs12_config.passarg; + if (cfg.passarg != NULL) { + if (cfg.export_cert) + cfg.passargout = cfg.passarg; else - pkcs12_config.passargin = pkcs12_config.passarg; + cfg.passargin = cfg.passarg; } - if (!app_passwd(bio_err, pkcs12_config.passargin, - pkcs12_config.passargout, &passin, &passout)) { + if (!app_passwd(bio_err, cfg.passargin, + cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } if (cpass == NULL) { - if (pkcs12_config.export_cert) + if (cfg.export_cert) cpass = passout; else cpass = passin; } if (cpass != NULL) { mpass = cpass; - pkcs12_config.noprompt = 1; + cfg.noprompt = 1; } else { cpass = pass; mpass = macpass; } - if (pkcs12_config.infile == NULL) + if (cfg.infile == NULL) in = BIO_new_fp(stdin, BIO_NOCLOSE); else - in = BIO_new_file(pkcs12_config.infile, "rb"); + in = BIO_new_file(cfg.infile, "rb"); if (in == NULL) { BIO_printf(bio_err, "Error opening input file %s\n", - pkcs12_config.infile ? pkcs12_config.infile : "<stdin>"); - perror(pkcs12_config.infile); + cfg.infile ? cfg.infile : "<stdin>"); + perror(cfg.infile); goto end; } - if (pkcs12_config.outfile == NULL) { + if (cfg.outfile == NULL) { out = BIO_new_fp(stdout, BIO_NOCLOSE); } else - out = BIO_new_file(pkcs12_config.outfile, "wb"); + out = BIO_new_file(cfg.outfile, "wb"); if (out == NULL) { BIO_printf(bio_err, "Error opening output file %s\n", - pkcs12_config.outfile ? pkcs12_config.outfile : "<stdout>"); - perror(pkcs12_config.outfile); + cfg.outfile ? cfg.outfile : "<stdout>"); + perror(cfg.outfile); goto end; } - if (pkcs12_config.twopass) { + if (cfg.twopass) { if (EVP_read_pw_string(macpass, sizeof macpass, - "Enter MAC Password:", pkcs12_config.export_cert)) { + "Enter MAC Password:", cfg.export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } } - if (pkcs12_config.export_cert) { + if (cfg.export_cert) { EVP_PKEY *key = NULL; X509 *ucert = NULL, *x = NULL; STACK_OF(X509) *certs = NULL; @@ -615,25 +615,25 @@ pkcs12_main(int argc, char **argv) unsigned char *catmp = NULL; int i; - if ((pkcs12_config.options & (NOCERTS | NOKEYS)) == + if ((cfg.options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { BIO_printf(bio_err, "Nothing to do!\n"); goto export_end; } - if (pkcs12_config.options & NOCERTS) - pkcs12_config.chain = 0; + if (cfg.options & NOCERTS) + cfg.chain = 0; - if (!(pkcs12_config.options & NOKEYS)) { - key = load_key(bio_err, pkcs12_config.keyname ? - pkcs12_config.keyname : pkcs12_config.infile, + if (!(cfg.options & NOKEYS)) { + key = load_key(bio_err, cfg.keyname ? + cfg.keyname : cfg.infile, FORMAT_PEM, 1, passin, "private key"); if (!key) goto export_end; } /* Load in all certs in input file */ - if (!(pkcs12_config.options & NOCERTS)) { - certs = load_certs(bio_err, pkcs12_config.infile, + if (!(cfg.options & NOCERTS)) { + certs = load_certs(bio_err, cfg.infile, FORMAT_PEM, NULL, "certificates"); if (certs == NULL) goto export_end; @@ -661,10 +661,10 @@ pkcs12_main(int argc, char **argv) } /* Add any more certificates asked for */ - if (pkcs12_config.certfile != NULL) { + if (cfg.certfile != NULL) { STACK_OF(X509) *morecerts = NULL; if ((morecerts = load_certs(bio_err, - pkcs12_config.certfile, FORMAT_PEM, NULL, + cfg.certfile, FORMAT_PEM, NULL, "certificates from certfile")) == NULL) goto export_end; while (sk_X509_num(morecerts) > 0) @@ -674,7 +674,7 @@ pkcs12_main(int argc, char **argv) /* If chaining get chain from user cert */ - if (pkcs12_config.chain) { + if (cfg.chain) { int vret; STACK_OF(X509) *chain2; X509_STORE *store = X509_STORE_new(); @@ -684,7 +684,7 @@ pkcs12_main(int argc, char **argv) goto export_end; } if (!X509_STORE_load_locations(store, - pkcs12_config.CAfile, pkcs12_config.CApath)) + cfg.CAfile, cfg.CApath)) X509_STORE_set_default_paths(store); vret = get_cert_chain(ucert, store, &chain2); @@ -711,51 +711,51 @@ pkcs12_main(int argc, char **argv) } /* Add any CA names */ - for (i = 0; i < sk_OPENSSL_STRING_num(pkcs12_config.canames); + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.canames); i++) { catmp = (unsigned char *) sk_OPENSSL_STRING_value( - pkcs12_config.canames, i); + cfg.canames, i); X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } - if (pkcs12_config.csp_name != NULL && key != NULL) + if (cfg.csp_name != NULL && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, - (unsigned char *) pkcs12_config.csp_name, -1); + (unsigned char *) cfg.csp_name, -1); - if (pkcs12_config.add_lmk && key != NULL) + if (cfg.add_lmk && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); - if (!pkcs12_config.noprompt && + if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } - if (!pkcs12_config.twopass) + if (!cfg.twopass) strlcpy(macpass, pass, sizeof macpass); - p12 = PKCS12_create(cpass, pkcs12_config.name, key, ucert, - certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, - pkcs12_config.iter, -1, pkcs12_config.keytype); + p12 = PKCS12_create(cpass, cfg.name, key, ucert, + certs, cfg.key_pbe, cfg.cert_pbe, + cfg.iter, -1, cfg.keytype); if (p12 == NULL) { ERR_print_errors(bio_err); goto export_end; } - if (pkcs12_config.macalg != NULL) { - macmd = EVP_get_digestbyname(pkcs12_config.macalg); + if (cfg.macalg != NULL) { + macmd = EVP_get_digestbyname(cfg.macalg); if (macmd == NULL) { BIO_printf(bio_err, "Unknown digest algorithm %s\n", - pkcs12_config.macalg); + cfg.macalg); } } - if (pkcs12_config.maciter != -1) + if (cfg.maciter != -1) PKCS12_set_mac(p12, mpass, -1, NULL, 0, - pkcs12_config.maciter, macmd); + cfg.maciter, macmd); i2d_PKCS12_bio(out, p12); @@ -773,27 +773,27 @@ pkcs12_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (!pkcs12_config.noprompt && EVP_read_pw_string(pass, sizeof pass, + if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } - if (!pkcs12_config.twopass) + if (!cfg.twopass) strlcpy(macpass, pass, sizeof macpass); - if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { + if ((cfg.options & INFO) != 0 && PKCS12_mac_present(p12)) { const ASN1_INTEGER *iter; PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); BIO_printf(bio_err, "MAC Iteration %ld\n", iter != NULL ? ASN1_INTEGER_get(iter) : 1); } - if (pkcs12_config.macver) { + if (cfg.macver) { /* If we enter empty password try no password first */ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { /* If mac and crypto pass the same set it to NULL too */ - if (!pkcs12_config.twopass) + if (!cfg.twopass) cpass = NULL; } else if (!PKCS12_verify_mac(p12, mpass, -1)) { BIO_printf(bio_err, @@ -803,7 +803,7 @@ pkcs12_main(int argc, char **argv) } BIO_printf(bio_err, "MAC verified OK\n"); } - if (!dump_certs_keys_p12(out, p12, cpass, -1, pkcs12_config.options, + if (!dump_certs_keys_p12(out, p12, cpass, -1, cfg.options, passout)) { BIO_printf(bio_err, "Error outputting keys and certificates\n"); ERR_print_errors(bio_err); @@ -814,7 +814,7 @@ pkcs12_main(int argc, char **argv) PKCS12_free(p12); BIO_free(in); BIO_free_all(out); - sk_OPENSSL_STRING_free(pkcs12_config.canames); + sk_OPENSSL_STRING_free(cfg.canames); free(passin); free(passout); @@ -907,7 +907,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) return 0; print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); - PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, + PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; @@ -938,7 +938,7 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, } print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); PKCS8_PRIV_KEY_INFO_free(p8); - PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, + PEM_write_bio_PrivateKey(out, pkey, cfg.enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; diff --git a/usr.bin/openssl/pkcs7.c b/usr.bin/openssl/pkcs7.c index b0acf3fd98d..4e66855a8d2 100644 --- a/usr.bin/openssl/pkcs7.c +++ b/usr.bin/openssl/pkcs7.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7.c,v 1.13 2023/02/08 07:59:24 tb Exp $ */ +/* $OpenBSD: pkcs7.c,v 1.14 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,7 +79,7 @@ static struct { int p7_print; int print_certs; int text; -} pkcs7_config; +} cfg; static const struct option pkcs7_options[] = { { @@ -87,52 +87,52 @@ static const struct option pkcs7_options[] = { .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &pkcs7_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkcs7_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "Do not output encoded version of PKCS#7 structure", .type = OPTION_FLAG, - .opt.flag = &pkcs7_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &pkcs7_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkcs7_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "print", .desc = "Output ASN.1 representation of PKCS#7 structure", .type = OPTION_FLAG, - .opt.flag = &pkcs7_config.p7_print, + .opt.flag = &cfg.p7_print, }, { .name = "print_certs", .desc = "Print out any certificates or CRLs contained in file", .type = OPTION_FLAG, - .opt.flag = &pkcs7_config.print_certs, + .opt.flag = &cfg.print_certs, }, { .name = "text", .desc = "Print out full certificate details", .type = OPTION_FLAG, - .opt.flag = &pkcs7_config.text, + .opt.flag = &cfg.text, }, { NULL }, }; @@ -159,10 +159,10 @@ pkcs7_main(int argc, char **argv) exit(1); } - memset(&pkcs7_config, 0, sizeof(pkcs7_config)); + memset(&cfg, 0, sizeof(cfg)); - pkcs7_config.informat = FORMAT_PEM; - pkcs7_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { pkcs7_usage(); @@ -175,18 +175,18 @@ pkcs7_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (pkcs7_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, pkcs7_config.infile) <= 0) { - perror(pkcs7_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (pkcs7_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); - else if (pkcs7_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); @@ -197,19 +197,19 @@ pkcs7_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (pkcs7_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) { - perror(pkcs7_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (pkcs7_config.p7_print) + if (cfg.p7_print) PKCS7_print_ctx(out, p7, 0, NULL); - if (pkcs7_config.print_certs) { + if (cfg.print_certs) { STACK_OF(X509) * certs = NULL; STACK_OF(X509_CRL) * crls = NULL; @@ -236,12 +236,12 @@ pkcs7_main(int argc, char **argv) for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); - if (pkcs7_config.text) + if (cfg.text) X509_print(out, x); else dump_cert_text(out, x); - if (!pkcs7_config.noout) + if (!cfg.noout) PEM_write_bio_X509(out, x); BIO_puts(out, "\n"); } @@ -254,7 +254,7 @@ pkcs7_main(int argc, char **argv) X509_CRL_print(out, crl); - if (!pkcs7_config.noout) + if (!cfg.noout) PEM_write_bio_X509_CRL(out, crl); BIO_puts(out, "\n"); } @@ -262,10 +262,10 @@ pkcs7_main(int argc, char **argv) ret = 0; goto end; } - if (!pkcs7_config.noout) { - if (pkcs7_config.outformat == FORMAT_ASN1) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_PKCS7_bio(out, p7); - else if (pkcs7_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_PKCS7(out, p7); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); diff --git a/usr.bin/openssl/pkcs8.c b/usr.bin/openssl/pkcs8.c index ea122300063..d78202e03f7 100644 --- a/usr.bin/openssl/pkcs8.c +++ b/usr.bin/openssl/pkcs8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: pkcs8.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -79,12 +79,12 @@ static struct { char *passargout; int pbe_nid; int topk8; -} pkcs8_config; +} cfg; static int pkcs8_opt_v1(char *arg) { - if ((pkcs8_config.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { + if ((cfg.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); return (1); } @@ -95,7 +95,7 @@ pkcs8_opt_v1(char *arg) static int pkcs8_opt_v2(char *arg) { - if ((pkcs8_config.cipher = EVP_get_cipherbyname(arg)) == NULL) { + if ((cfg.cipher = EVP_get_cipherbyname(arg)) == NULL) { fprintf(stderr, "Unknown cipher '%s'\n", arg); return (1); } @@ -109,62 +109,62 @@ static const struct option pkcs8_options[] = { .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &pkcs8_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "der | pem", .desc = "Input format (default PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &pkcs8_config.informat, + .opt.value = &cfg.informat, }, { .name = "nocrypt", .desc = "Use or expect unencrypted private key", .type = OPTION_FLAG, - .opt.flag = &pkcs8_config.nocrypt, + .opt.flag = &cfg.nocrypt, }, { .name = "noiter", .desc = "Use 1 as iteration count", .type = OPTION_VALUE, .value = 1, - .opt.value = &pkcs8_config.iter, + .opt.value = &cfg.iter, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &pkcs8_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "der | pem", .desc = "Output format (default PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &pkcs8_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "source", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkcs8_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "source", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkcs8_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "topk8", .desc = "Read traditional format key and write PKCS#8 format" " key", .type = OPTION_FLAG, - .opt.flag = &pkcs8_config.topk8, + .opt.flag = &cfg.topk8, }, { .name = "v1", @@ -208,48 +208,48 @@ pkcs8_main(int argc, char **argv) exit(1); } - memset(&pkcs8_config, 0, sizeof(pkcs8_config)); + memset(&cfg, 0, sizeof(cfg)); - pkcs8_config.iter = PKCS12_DEFAULT_ITER; - pkcs8_config.informat = FORMAT_PEM; - pkcs8_config.outformat = FORMAT_PEM; - pkcs8_config.pbe_nid = -1; + cfg.iter = PKCS12_DEFAULT_ITER; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; + cfg.pbe_nid = -1; if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { pkcs8_usage(); return (1); } - if (!app_passwd(bio_err, pkcs8_config.passargin, - pkcs8_config.passargout, &passin, &passout)) { + if (!app_passwd(bio_err, cfg.passargin, + cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if ((pkcs8_config.pbe_nid == -1) && !pkcs8_config.cipher) - pkcs8_config.pbe_nid = NID_pbeWithMD5AndDES_CBC; + if ((cfg.pbe_nid == -1) && !cfg.cipher) + cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC; - if (pkcs8_config.infile) { - if (!(in = BIO_new_file(pkcs8_config.infile, "rb"))) { + if (cfg.infile) { + if (!(in = BIO_new_file(cfg.infile, "rb"))) { BIO_printf(bio_err, "Can't open input file '%s'\n", - pkcs8_config.infile); + cfg.infile); goto end; } } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (pkcs8_config.outfile) { - if (!(out = BIO_new_file(pkcs8_config.outfile, "wb"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "wb"))) { BIO_printf(bio_err, "Can't open output file '%s'\n", - pkcs8_config.outfile); + cfg.outfile); goto end; } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (pkcs8_config.topk8) { - pkey = load_key(bio_err, pkcs8_config.infile, - pkcs8_config.informat, 1, passin, "key"); + if (cfg.topk8) { + pkey = load_key(bio_err, cfg.infile, + cfg.informat, 1, passin, "key"); if (!pkey) goto end; if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { @@ -257,10 +257,10 @@ pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (pkcs8_config.nocrypt) { - if (pkcs8_config.outformat == FORMAT_PEM) + if (cfg.nocrypt) { + if (cfg.outformat == FORMAT_PEM) PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - else if (pkcs8_config.outformat == FORMAT_ASN1) + else if (cfg.outformat == FORMAT_ASN1) i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); else { BIO_printf(bio_err, @@ -276,16 +276,16 @@ pkcs8_main(int argc, char **argv) "Enter Encryption Password:", 1)) goto end; } - if (!(p8 = PKCS8_encrypt(pkcs8_config.pbe_nid, - pkcs8_config.cipher, p8pass, strlen(p8pass), - NULL, 0, pkcs8_config.iter, p8inf))) { + if (!(p8 = PKCS8_encrypt(cfg.pbe_nid, + cfg.cipher, p8pass, strlen(p8pass), + NULL, 0, cfg.iter, p8inf))) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); goto end; } - if (pkcs8_config.outformat == FORMAT_PEM) + if (cfg.outformat == FORMAT_PEM) PEM_write_bio_PKCS8(out, p8); - else if (pkcs8_config.outformat == FORMAT_ASN1) + else if (cfg.outformat == FORMAT_ASN1) i2d_PKCS8_bio(out, p8); else { BIO_printf(bio_err, @@ -297,20 +297,20 @@ pkcs8_main(int argc, char **argv) ret = 0; goto end; } - if (pkcs8_config.nocrypt) { - if (pkcs8_config.informat == FORMAT_PEM) + if (cfg.nocrypt) { + if (cfg.informat == FORMAT_PEM) p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL); - else if (pkcs8_config.informat == FORMAT_ASN1) + else if (cfg.informat == FORMAT_ASN1) p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } } else { - if (pkcs8_config.informat == FORMAT_PEM) + if (cfg.informat == FORMAT_PEM) p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); - else if (pkcs8_config.informat == FORMAT_ASN1) + else if (cfg.informat == FORMAT_ASN1) p8 = d2i_PKCS8_bio(in, NULL); else { BIO_printf(bio_err, "Bad format specified for key\n"); @@ -342,10 +342,10 @@ pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (pkcs8_config.outformat == FORMAT_PEM) + if (cfg.outformat == FORMAT_PEM) PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); - else if (pkcs8_config.outformat == FORMAT_ASN1) + else if (cfg.outformat == FORMAT_ASN1) i2d_PrivateKey_bio(out, pkey); else { BIO_printf(bio_err, "Bad format specified for key\n"); diff --git a/usr.bin/openssl/pkey.c b/usr.bin/openssl/pkey.c index 2d9b69f5c34..cb558f5ac86 100644 --- a/usr.bin/openssl/pkey.c +++ b/usr.bin/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: pkey.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -80,7 +80,7 @@ static struct { int pubout; int pubtext; int text; -} pkey_config; +} cfg; static int pkey_opt_cipher(int argc, char **argv, int *argsused) @@ -90,7 +90,7 @@ pkey_opt_cipher(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) { + if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) { BIO_printf(bio_err, "Unknown cipher %s\n", name); return (1); } @@ -104,87 +104,87 @@ static const struct option pkey_options[] = { .name = "check", .desc = "Check validity of key", .type = OPTION_FLAG, - .opt.flag = &pkey_config.check, + .opt.flag = &cfg.check, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &pkey_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkey_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "Do not print encoded version of the key", .type = OPTION_FLAG, - .opt.flag = &pkey_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &pkey_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkey_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "src", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkey_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "src", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &pkey_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "pubcheck", .desc = "Check validity of public key", .type = OPTION_FLAG, - .opt.flag = &pkey_config.pubcheck, + .opt.flag = &cfg.pubcheck, }, { .name = "pubin", .desc = "Expect a public key (default private key)", .type = OPTION_VALUE, .value = 1, - .opt.value = &pkey_config.pubin, + .opt.value = &cfg.pubin, }, { .name = "pubout", .desc = "Output a public key (default private key)", .type = OPTION_VALUE, .value = 1, - .opt.value = &pkey_config.pubout, + .opt.value = &cfg.pubout, }, { .name = "text", .desc = "Print the public/private key in plain text", .type = OPTION_FLAG, - .opt.flag = &pkey_config.text, + .opt.flag = &cfg.text, }, { .name = "text_pub", .desc = "Print out only public key in plain text", .type = OPTION_FLAG, - .opt.flag = &pkey_config.pubtext, + .opt.flag = &cfg.pubtext, }, { .name = NULL, @@ -226,61 +226,61 @@ pkey_main(int argc, char **argv) exit(1); } - memset(&pkey_config, 0, sizeof(pkey_config)); - pkey_config.informat = FORMAT_PEM; - pkey_config.outformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) { pkey_usage(); goto end; } - if (pkey_config.pubtext) - pkey_config.text = 1; - if (pkey_config.pubin) - pkey_config.pubout = pkey_config.pubtext = 1; + if (cfg.pubtext) + cfg.text = 1; + if (cfg.pubin) + cfg.pubout = cfg.pubtext = 1; - if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout, + if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if (pkey_config.outfile) { - if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "wb"))) { BIO_printf(bio_err, - "Can't open output file %s\n", pkey_config.outfile); + "Can't open output file %s\n", cfg.outfile); goto end; } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (pkey_config.pubin) - pkey = load_pubkey(bio_err, pkey_config.infile, - pkey_config.informat, 1, passin, "Public Key"); + if (cfg.pubin) + pkey = load_pubkey(bio_err, cfg.infile, + cfg.informat, 1, passin, "Public Key"); else - pkey = load_key(bio_err, pkey_config.infile, - pkey_config.informat, 1, passin, "key"); + pkey = load_key(bio_err, cfg.infile, + cfg.informat, 1, passin, "key"); if (!pkey) goto end; - if (pkey_config.check) { + if (cfg.check) { if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) goto end; - } else if (pkey_config.pubcheck) { + } else if (cfg.pubcheck) { if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) goto end; } - if (!pkey_config.noout) { - if (pkey_config.outformat == FORMAT_PEM) { - if (pkey_config.pubout) + if (!cfg.noout) { + if (cfg.outformat == FORMAT_PEM) { + if (cfg.pubout) PEM_write_bio_PUBKEY(out, pkey); else PEM_write_bio_PrivateKey(out, pkey, - pkey_config.cipher, NULL, 0, NULL, passout); - } else if (pkey_config.outformat == FORMAT_ASN1) { - if (pkey_config.pubout) + cfg.cipher, NULL, 0, NULL, passout); + } else if (cfg.outformat == FORMAT_ASN1) { + if (cfg.pubout) i2d_PUBKEY_bio(out, pkey); else i2d_PrivateKey_bio(out, pkey); @@ -290,8 +290,8 @@ pkey_main(int argc, char **argv) } } - if (pkey_config.text) { - if (pkey_config.pubtext) + if (cfg.text) { + if (cfg.pubtext) EVP_PKEY_print_public(out, pkey, 0, NULL); else EVP_PKEY_print_private(out, pkey, 0, NULL); diff --git a/usr.bin/openssl/pkeyparam.c b/usr.bin/openssl/pkeyparam.c index 57b5ad80421..946195640e7 100644 --- a/usr.bin/openssl/pkeyparam.c +++ b/usr.bin/openssl/pkeyparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkeyparam.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: pkeyparam.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -71,40 +71,40 @@ static struct { int noout; char *outfile; int text; -} pkeyparam_config; +} cfg; static const struct option pkeyparam_options[] = { { .name = "check", .desc = "Check validity of key parameters", .type = OPTION_FLAG, - .opt.flag = &pkeyparam_config.check, + .opt.flag = &cfg.check, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &pkeyparam_config.infile, + .opt.arg = &cfg.infile, }, { .name = "noout", .desc = "Do not print encoded version of the parameters", .type = OPTION_FLAG, - .opt.flag = &pkeyparam_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &pkeyparam_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "text", .desc = "Print out the parameters in plain text", .type = OPTION_FLAG, - .opt.flag = &pkeyparam_config.text, + .opt.flag = &cfg.text, }, { NULL }, }; @@ -130,26 +130,26 @@ pkeyparam_main(int argc, char **argv) exit(1); } - memset(&pkeyparam_config, 0, sizeof(pkeyparam_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, pkeyparam_options, NULL, NULL) != 0) { pkeyparam_usage(); return (1); } - if (pkeyparam_config.infile) { - if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) { + if (cfg.infile) { + if (!(in = BIO_new_file(cfg.infile, "r"))) { BIO_printf(bio_err, "Can't open input file %s\n", - pkeyparam_config.infile); + cfg.infile); goto end; } } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (pkeyparam_config.outfile) { - if (!(out = BIO_new_file(pkeyparam_config.outfile, "w"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "w"))) { BIO_printf(bio_err, "Can't open output file %s\n", - pkeyparam_config.outfile); + cfg.outfile); goto end; } } else { @@ -163,15 +163,15 @@ pkeyparam_main(int argc, char **argv) goto end; } - if (pkeyparam_config.check) { + if (cfg.check) { if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) goto end; } - if (!pkeyparam_config.noout) + if (!cfg.noout) PEM_write_bio_Parameters(out, pkey); - if (pkeyparam_config.text) + if (cfg.text) EVP_PKEY_print_params(out, pkey, 0, NULL); ret = 0; diff --git a/usr.bin/openssl/pkeyutl.c b/usr.bin/openssl/pkeyutl.c index 8c0fd28b296..efd0896c02c 100644 --- a/usr.bin/openssl/pkeyutl.c +++ b/usr.bin/openssl/pkeyutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkeyutl.c,v 1.18 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: pkeyutl.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -82,7 +82,7 @@ static struct { int pkey_op; int rev; char *sigfile; -} pkeyutl_config; +} cfg; static void pkeyutl_usage(void); @@ -101,48 +101,48 @@ static const struct option pkeyutl_options[] = { .name = "asn1parse", .desc = "ASN.1 parse the output data", .type = OPTION_FLAG, - .opt.flag = &pkeyutl_config.asn1parse, + .opt.flag = &cfg.asn1parse, }, { .name = "certin", .desc = "Input is a certificate containing a public key", .type = OPTION_VALUE, .value = KEY_CERT, - .opt.value = &pkeyutl_config.key_type, + .opt.value = &cfg.key_type, }, { .name = "decrypt", .desc = "Decrypt the input data using a private key", .type = OPTION_VALUE, .value = EVP_PKEY_OP_DECRYPT, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, { .name = "derive", .desc = "Derive a shared secret using the peer key", .type = OPTION_VALUE, .value = EVP_PKEY_OP_DERIVE, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, { .name = "encrypt", .desc = "Encrypt the input data using a public key", .type = OPTION_VALUE, .value = EVP_PKEY_OP_ENCRYPT, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, { .name = "hexdump", .desc = "Hex dump the output data", .type = OPTION_FLAG, - .opt.flag = &pkeyutl_config.hexdump, + .opt.flag = &cfg.hexdump, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &pkeyutl_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inkey", @@ -156,28 +156,28 @@ static const struct option pkeyutl_options[] = { .argname = "fmt", .desc = "Input key format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkeyutl_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &pkeyutl_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "arg", .desc = "Key password source", .type = OPTION_ARG, - .opt.arg = &pkeyutl_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "peerform", .argname = "fmt", .desc = "Input key format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &pkeyutl_config.peerform, + .opt.value = &cfg.peerform, }, { .name = "peerkey", @@ -198,41 +198,41 @@ static const struct option pkeyutl_options[] = { .desc = "Input is a public key", .type = OPTION_VALUE, .value = KEY_PUBKEY, - .opt.value = &pkeyutl_config.key_type, + .opt.value = &cfg.key_type, }, { .name = "rev", .desc = "Reverse the input data", .type = OPTION_FLAG, - .opt.flag = &pkeyutl_config.rev, + .opt.flag = &cfg.rev, }, { .name = "sigfile", .argname = "file", .desc = "Signature file (verify operation only)", .type = OPTION_ARG, - .opt.arg = &pkeyutl_config.sigfile, + .opt.arg = &cfg.sigfile, }, { .name = "sign", .desc = "Sign the input data using private key", .type = OPTION_VALUE, .value = EVP_PKEY_OP_SIGN, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, { .name = "verify", .desc = "Verify the input data using public key", .type = OPTION_VALUE, .value = EVP_PKEY_OP_VERIFY, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, { .name = "verifyrecover", .desc = "Verify with public key, recover original data", .type = OPTION_VALUE, .value = EVP_PKEY_OP_VERIFYRECOVER, - .opt.value = &pkeyutl_config.pkey_op, + .opt.value = &cfg.pkey_op, }, {NULL}, @@ -268,36 +268,36 @@ pkeyutl_main(int argc, char **argv) exit(1); } - memset(&pkeyutl_config, 0, sizeof(pkeyutl_config)); - pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN; - pkeyutl_config.key_type = KEY_PRIVKEY; - pkeyutl_config.keyform = FORMAT_PEM; - pkeyutl_config.peerform = FORMAT_PEM; - pkeyutl_config.keysize = -1; + memset(&cfg, 0, sizeof(cfg)); + cfg.pkey_op = EVP_PKEY_OP_SIGN; + cfg.key_type = KEY_PRIVKEY; + cfg.keyform = FORMAT_PEM; + cfg.peerform = FORMAT_PEM; + cfg.keysize = -1; if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) { pkeyutl_usage(); goto end; } - if (!pkeyutl_config.ctx) { + if (!cfg.ctx) { pkeyutl_usage(); goto end; } - if (pkeyutl_config.sigfile && - (pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) { + if (cfg.sigfile && + (cfg.pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_puts(bio_err, "Signature file specified for non verify\n"); goto end; } - if (!pkeyutl_config.sigfile && - (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) { + if (!cfg.sigfile && + (cfg.pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_puts(bio_err, "No signature file specified for verify\n"); goto end; } - if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) { - if (pkeyutl_config.infile) { - if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) { + if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) { + if (cfg.infile) { + if (!(in = BIO_new_file(cfg.infile, "rb"))) { BIO_puts(bio_err, "Error Opening Input File\n"); ERR_print_errors(bio_err); @@ -306,8 +306,8 @@ pkeyutl_main(int argc, char **argv) } else in = BIO_new_fp(stdin, BIO_NOCLOSE); } - if (pkeyutl_config.outfile) { - if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "wb"))) { BIO_printf(bio_err, "Error Creating Output File\n"); ERR_print_errors(bio_err); goto end; @@ -316,14 +316,14 @@ pkeyutl_main(int argc, char **argv) out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (pkeyutl_config.sigfile) { - BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb"); + if (cfg.sigfile) { + BIO *sigbio = BIO_new_file(cfg.sigfile, "rb"); if (!sigbio) { BIO_printf(bio_err, "Can't open signature file %s\n", - pkeyutl_config.sigfile); + cfg.sigfile); goto end; } - siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio); + siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio); BIO_free(sigbio); if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature data\n"); @@ -332,12 +332,12 @@ pkeyutl_main(int argc, char **argv) } if (in) { /* Read the input data */ - buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in); + buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in); if (buf_inlen <= 0) { BIO_printf(bio_err, "Error reading input Data\n"); exit(1); } - if (pkeyutl_config.rev) { + if (cfg.rev) { size_t i; unsigned char ctmp; size_t l = (size_t) buf_inlen; @@ -348,8 +348,8 @@ pkeyutl_main(int argc, char **argv) } } } - if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) { - rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen, + if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) { + rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen, buf_in, (size_t) buf_inlen); if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); @@ -359,15 +359,15 @@ pkeyutl_main(int argc, char **argv) if (rv >= 0) goto end; } else { - rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL, + rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL, (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen); if (rv > 0) { buf_out = malloc(buf_outlen); if (!buf_out) rv = -1; else - rv = do_keyop(pkeyutl_config.ctx, - pkeyutl_config.pkey_op, + rv = do_keyop(cfg.ctx, + cfg.pkey_op, buf_out, (size_t *) & buf_outlen, buf_in, (size_t) buf_inlen); } @@ -379,16 +379,16 @@ pkeyutl_main(int argc, char **argv) goto end; } ret = 0; - if (pkeyutl_config.asn1parse) { + if (cfg.asn1parse) { if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) ERR_print_errors(bio_err); - } else if (pkeyutl_config.hexdump) + } else if (cfg.hexdump) BIO_dump(out, (char *) buf_out, buf_outlen); else BIO_write(out, buf_out, buf_outlen); end: - EVP_PKEY_CTX_free(pkeyutl_config.ctx); + EVP_PKEY_CTX_free(cfg.ctx); BIO_free(in); BIO_free_all(out); free(buf_in); @@ -406,32 +406,32 @@ init_ctx(char *keyfile) int rv = -1; X509 *x; - if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN) - || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT) - || (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE)) - && (pkeyutl_config.key_type != KEY_PRIVKEY)) { + if (((cfg.pkey_op == EVP_PKEY_OP_SIGN) + || (cfg.pkey_op == EVP_PKEY_OP_DECRYPT) + || (cfg.pkey_op == EVP_PKEY_OP_DERIVE)) + && (cfg.key_type != KEY_PRIVKEY)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } - if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin, + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - switch (pkeyutl_config.key_type) { + switch (cfg.key_type) { case KEY_PRIVKEY: - pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0, + pkey = load_key(bio_err, keyfile, cfg.keyform, 0, passin, "Private Key"); break; case KEY_PUBKEY: - pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0, + pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0, NULL, "Public Key"); break; case KEY_CERT: - x = load_cert(bio_err, keyfile, pkeyutl_config.keyform, + x = load_cert(bio_err, keyfile, cfg.keyform, NULL, "Certificate"); if (x) { pkey = X509_get_pubkey(x); @@ -440,53 +440,53 @@ init_ctx(char *keyfile) break; } - pkeyutl_config.keysize = EVP_PKEY_size(pkey); + cfg.keysize = EVP_PKEY_size(pkey); if (!pkey) goto end; - pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL); + cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_free(pkey); - if (!pkeyutl_config.ctx) + if (!cfg.ctx) goto end; - switch (pkeyutl_config.pkey_op) { + switch (cfg.pkey_op) { case EVP_PKEY_OP_SIGN: - rv = EVP_PKEY_sign_init(pkeyutl_config.ctx); + rv = EVP_PKEY_sign_init(cfg.ctx); break; case EVP_PKEY_OP_VERIFY: - rv = EVP_PKEY_verify_init(pkeyutl_config.ctx); + rv = EVP_PKEY_verify_init(cfg.ctx); break; case EVP_PKEY_OP_VERIFYRECOVER: - rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx); + rv = EVP_PKEY_verify_recover_init(cfg.ctx); break; case EVP_PKEY_OP_ENCRYPT: - rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx); + rv = EVP_PKEY_encrypt_init(cfg.ctx); break; case EVP_PKEY_OP_DECRYPT: - rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx); + rv = EVP_PKEY_decrypt_init(cfg.ctx); break; case EVP_PKEY_OP_DERIVE: - rv = EVP_PKEY_derive_init(pkeyutl_config.ctx); + rv = EVP_PKEY_derive_init(cfg.ctx); break; } if (rv <= 0) { - EVP_PKEY_CTX_free(pkeyutl_config.ctx); - pkeyutl_config.ctx = NULL; + EVP_PKEY_CTX_free(cfg.ctx); + cfg.ctx = NULL; } end: free(passin); - if (!pkeyutl_config.ctx) { + if (!cfg.ctx) { BIO_puts(bio_err, "Error initializing context\n"); ERR_print_errors(bio_err); return (1); @@ -501,11 +501,11 @@ setup_peer(char *file) EVP_PKEY *peer = NULL; int ret; - if (!pkeyutl_config.ctx) { + if (!cfg.ctx) { BIO_puts(bio_err, "-peerkey command before -inkey\n"); return (1); } - peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL, + peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL, "Peer Key"); if (!peer) { @@ -513,7 +513,7 @@ setup_peer(char *file) ERR_print_errors(bio_err); return (1); } - ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer); + ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer); EVP_PKEY_free(peer); if (ret <= 0) { @@ -527,10 +527,10 @@ setup_peer(char *file) static int pkeyutl_pkeyopt(char *pkeyopt) { - if (!pkeyutl_config.ctx) { + if (!cfg.ctx) { BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); return (1); - } else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) { + } else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) { BIO_puts(bio_err, "parameter setting error\n"); ERR_print_errors(bio_err); return (1); diff --git a/usr.bin/openssl/prime.c b/usr.bin/openssl/prime.c index 64b1953e338..d704d882fcb 100644 --- a/usr.bin/openssl/prime.c +++ b/usr.bin/openssl/prime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: prime.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: prime.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved. * @@ -62,7 +62,7 @@ static struct { int generate; int hex; int safe; -} prime_config; +} cfg; static const struct option prime_options[] = { { @@ -70,32 +70,32 @@ static const struct option prime_options[] = { .argname = "n", .desc = "Number of bits in the generated prime number", .type = OPTION_ARG_INT, - .opt.value = &prime_config.bits, + .opt.value = &cfg.bits, }, { .name = "checks", .argname = "n", .desc = "Miller-Rabin probabilistic primality test iterations", .type = OPTION_ARG_INT, - .opt.value = &prime_config.checks, + .opt.value = &cfg.checks, }, { .name = "generate", .desc = "Generate a pseudo-random prime number", .type = OPTION_FLAG, - .opt.flag = &prime_config.generate, + .opt.flag = &cfg.generate, }, { .name = "hex", .desc = "Hexadecimal prime numbers", .type = OPTION_FLAG, - .opt.flag = &prime_config.hex, + .opt.flag = &cfg.hex, }, { .name = "safe", .desc = "Generate only \"safe\" prime numbers", .type = OPTION_FLAG, - .opt.flag = &prime_config.safe, + .opt.flag = &cfg.safe, }, {NULL}, }; @@ -123,17 +123,17 @@ prime_main(int argc, char **argv) exit(1); } - memset(&prime_config, 0, sizeof(prime_config)); + memset(&cfg, 0, sizeof(cfg)); /* Default iterations for Miller-Rabin probabilistic primality test. */ - prime_config.checks = 20; + cfg.checks = 20; if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) { prime_usage(); return (1); } - if (prime == NULL && prime_config.generate == 0) { + if (prime == NULL && cfg.generate == 0) { BIO_printf(bio_err, "No prime specified.\n"); prime_usage(); return (1); @@ -145,8 +145,8 @@ prime_main(int argc, char **argv) } BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); - if (prime_config.generate != 0) { - if (prime_config.bits == 0) { + if (cfg.generate != 0) { + if (cfg.bits == 0) { BIO_printf(bio_err, "Specify the number of bits.\n"); goto end; } @@ -155,12 +155,12 @@ prime_main(int argc, char **argv) BIO_printf(bio_err, "Out of memory.\n"); goto end; } - if (!BN_generate_prime_ex(bn, prime_config.bits, - prime_config.safe, NULL, NULL, NULL)) { + if (!BN_generate_prime_ex(bn, cfg.bits, + cfg.safe, NULL, NULL, NULL)) { BIO_printf(bio_err, "Prime generation error.\n"); goto end; } - s = prime_config.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); + s = cfg.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); if (s == NULL) { BIO_printf(bio_err, "Out of memory.\n"); goto end; @@ -168,7 +168,7 @@ prime_main(int argc, char **argv) BIO_printf(bio_out, "%s\n", s); free(s); } else { - if (prime_config.hex) { + if (cfg.hex) { if (!BN_hex2bn(&bn, prime)) { BIO_printf(bio_err, "%s is an invalid hex " "value.\n", prime); @@ -182,7 +182,7 @@ prime_main(int argc, char **argv) } } - is_prime = BN_is_prime_ex(bn, prime_config.checks, NULL, NULL); + is_prime = BN_is_prime_ex(bn, cfg.checks, NULL, NULL); if (is_prime < 0) { BIO_printf(bio_err, "BN_is_prime_ex failed.\n"); goto end; diff --git a/usr.bin/openssl/rand.c b/usr.bin/openssl/rand.c index 6ae6a8d8ee3..a0f3b446640 100644 --- a/usr.bin/openssl/rand.c +++ b/usr.bin/openssl/rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand.c,v 1.16 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: rand.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -66,27 +66,27 @@ static struct { int base64; int hex; char *outfile; -} rand_config; +} cfg; static const struct option rand_options[] = { { .name = "base64", .desc = "Perform base64 encoding on output", .type = OPTION_FLAG, - .opt.flag = &rand_config.base64, + .opt.flag = &cfg.base64, }, { .name = "hex", .desc = "Hexadecimal output", .type = OPTION_FLAG, - .opt.flag = &rand_config.hex, + .opt.flag = &cfg.hex, }, { .name = "out", .argname = "file", .desc = "Write to the given file instead of standard output", .type = OPTION_ARG, - .opt.arg = &rand_config.outfile, + .opt.arg = &cfg.outfile, }, {NULL}, }; @@ -114,7 +114,7 @@ rand_main(int argc, char **argv) exit(1); } - memset(&rand_config, 0, sizeof(rand_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) { rand_usage(); @@ -128,7 +128,7 @@ rand_main(int argc, char **argv) } else badopt = 1; - if (rand_config.hex && rand_config.base64) + if (cfg.hex && cfg.base64) badopt = 1; if (badopt) { @@ -139,13 +139,13 @@ rand_main(int argc, char **argv) out = BIO_new(BIO_s_file()); if (out == NULL) goto err; - if (rand_config.outfile != NULL) - r = BIO_write_filename(out, rand_config.outfile); + if (cfg.outfile != NULL) + r = BIO_write_filename(out, cfg.outfile); else r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); if (r <= 0) goto err; - if (rand_config.base64) { + if (cfg.base64) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) goto err; @@ -160,7 +160,7 @@ rand_main(int argc, char **argv) if (chunk > (int) sizeof(buf)) chunk = sizeof(buf); arc4random_buf(buf, chunk); - if (rand_config.hex) { + if (cfg.hex) { for (i = 0; i < chunk; i++) BIO_printf(out, "%02x", buf[i]); } else @@ -168,7 +168,7 @@ rand_main(int argc, char **argv) num -= chunk; } - if (rand_config.hex) + if (cfg.hex) BIO_puts(out, "\n"); (void) BIO_flush(out); diff --git a/usr.bin/openssl/req.c b/usr.bin/openssl/req.c index 797cbfa7182..0994d0b288e 100644 --- a/usr.bin/openssl/req.c +++ b/usr.bin/openssl/req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: req.c,v 1.26 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -168,26 +168,26 @@ static struct { int verbose; int verify; int x509; -} req_config; +} cfg; static int req_opt_addext(char *arg) { int i; - if (req_config.addexts == NULL) { - req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( + if (cfg.addexts == NULL) { + cfg.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( (LHASH_HASH_FN_TYPE)ext_name_hash, (LHASH_COMP_FN_TYPE)ext_name_cmp); - req_config.addext_bio = BIO_new(BIO_s_mem()); - if (req_config.addexts == NULL || - req_config.addext_bio == NULL) + cfg.addext_bio = BIO_new(BIO_s_mem()); + if (cfg.addexts == NULL || + cfg.addext_bio == NULL) return (1); } - i = duplicated(req_config.addexts, arg); + i = duplicated(cfg.addexts, arg); if (i == 1) return (1); - if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0) + if (i < 0 || BIO_printf(cfg.addext_bio, "%s\n", arg) < 0) return (1); return (0); @@ -198,11 +198,11 @@ req_opt_days(char *arg) { const char *errstr; - req_config.days = strtonum(arg, 1, INT_MAX, &errstr); + cfg.days = strtonum(arg, 1, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "bad -days %s, using 0: %s\n", arg, errstr); - req_config.days = 30; + cfg.days = 30; } return (0); } @@ -215,7 +215,7 @@ req_opt_digest(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((req_config.digest = EVP_get_digestbyname(name)) == NULL) + if ((cfg.digest = EVP_get_digestbyname(name)) == NULL) return (1); *argsused = 1; @@ -225,15 +225,15 @@ req_opt_digest(int argc, char **argv, int *argsused) static int req_opt_newkey(char *arg) { - req_config.keyalg = arg; - req_config.newreq = 1; + cfg.keyalg = arg; + cfg.newreq = 1; return (0); } static int req_opt_nameopt(char *arg) { - if (!set_name_ex(&req_config.nmflag, arg)) + if (!set_name_ex(&cfg.nmflag, arg)) return (1); return (0); } @@ -241,11 +241,11 @@ req_opt_nameopt(char *arg) static int req_opt_pkeyopt(char *arg) { - if (req_config.pkeyopts == NULL) - req_config.pkeyopts = sk_OPENSSL_STRING_new_null(); - if (req_config.pkeyopts == NULL) + if (cfg.pkeyopts == NULL) + cfg.pkeyopts = sk_OPENSSL_STRING_new_null(); + if (cfg.pkeyopts == NULL) return (1); - if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.pkeyopts, arg)) return (1); return (0); } @@ -253,7 +253,7 @@ req_opt_pkeyopt(char *arg) static int req_opt_reqopt(char *arg) { - if (!set_cert_ex(&req_config.reqflag, arg)) + if (!set_cert_ex(&cfg.reqflag, arg)) return (1); return (0); } @@ -261,8 +261,8 @@ req_opt_reqopt(char *arg) static int req_opt_set_serial(char *arg) { - req_config.serial = s2i_ASN1_INTEGER(NULL, arg); - if (req_config.serial == NULL) + cfg.serial = s2i_ASN1_INTEGER(NULL, arg); + if (cfg.serial == NULL) return (1); return (0); } @@ -270,11 +270,11 @@ req_opt_set_serial(char *arg) static int req_opt_sigopt(char *arg) { - if (req_config.sigopts == NULL) - req_config.sigopts = sk_OPENSSL_STRING_new_null(); - if (req_config.sigopts == NULL) + if (cfg.sigopts == NULL) + cfg.sigopts = sk_OPENSSL_STRING_new_null(); + if (cfg.sigopts == NULL) return (1); - if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) return (1); return (0); } @@ -282,7 +282,7 @@ req_opt_sigopt(char *arg) static int req_opt_utf8(void) { - req_config.chtype = MBSTRING_UTF8; + cfg.chtype = MBSTRING_UTF8; return (0); } @@ -298,14 +298,14 @@ static const struct option req_options[] = { .name = "batch", .desc = "Operate in batch mode", .type = OPTION_FLAG, - .opt.flag = &req_config.batch, + .opt.flag = &cfg.batch, }, { .name = "config", .argname = "file", .desc = "Configuration file to use as request template", .type = OPTION_ARG, - .opt.arg = &req_config.template, + .opt.arg = &cfg.template, }, { .name = "days", @@ -319,54 +319,54 @@ static const struct option req_options[] = { .argname = "section", .desc = "Config section to use for certificate extensions", .type = OPTION_ARG, - .opt.arg = &req_config.extensions, + .opt.arg = &cfg.extensions, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &req_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &req_config.informat, + .opt.value = &cfg.informat, }, { .name = "key", .argname = "file", .desc = "Private key file", .type = OPTION_ARG, - .opt.arg = &req_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "keyform", .argname = "format", .desc = "Private key format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &req_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "keyout", .argname = "file", .desc = "Private key output file", .type = OPTION_ARG, - .opt.arg = &req_config.keyout, + .opt.arg = &cfg.keyout, }, { .name = "modulus", .desc = "Print RSA modulus", .type = OPTION_FLAG, - .opt.flag = &req_config.modulus, + .opt.flag = &cfg.modulus, }, { .name = "multivalue-rdn", .desc = "Enable support for multivalued RDNs", .type = OPTION_FLAG, - .opt.flag = &req_config.multirdn, + .opt.flag = &cfg.multirdn, }, { .name = "nameopt", @@ -379,13 +379,13 @@ static const struct option req_options[] = { .name = "new", .desc = "New request", .type = OPTION_FLAG, - .opt.flag = &req_config.newreq, + .opt.flag = &cfg.newreq, }, { .name = "newhdr", .desc = "Include 'NEW' in header lines", .type = OPTION_FLAG, - .opt.flag = &req_config.newhdr, + .opt.flag = &cfg.newhdr, }, { .name = "newkey", @@ -398,41 +398,41 @@ static const struct option req_options[] = { .name = "nodes", .desc = "Do not encrypt output private key", .type = OPTION_FLAG, - .opt.flag = &req_config.nodes, + .opt.flag = &cfg.nodes, }, { .name = "noout", .desc = "Do not output request", .type = OPTION_FLAG, - .opt.flag = &req_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &req_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &req_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "source", .desc = "Private key input password source", .type = OPTION_ARG, - .opt.arg = &req_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "source", .desc = "Private key output password source", .type = OPTION_ARG, - .opt.arg = &req_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "pkeyopt", @@ -445,14 +445,14 @@ static const struct option req_options[] = { .name = "pubkey", .desc = "Output the public key", .type = OPTION_FLAG, - .opt.flag = &req_config.pubkey, + .opt.flag = &cfg.pubkey, }, { .name = "reqexts", .argname = "section", .desc = "Config section to use for request extensions", .type = OPTION_ARG, - .opt.arg = &req_config.req_exts, + .opt.arg = &cfg.req_exts, }, { .name = "reqopt", @@ -480,19 +480,19 @@ static const struct option req_options[] = { .argname = "name", .desc = "Set or modify the request subject", .type = OPTION_ARG, - .opt.arg = &req_config.subj, + .opt.arg = &cfg.subj, }, { .name = "subject", .desc = "Output the subject of the request", .type = OPTION_FLAG, - .opt.flag = &req_config.subject, + .opt.flag = &cfg.subject, }, { .name = "text", .desc = "Print request in text form", .type = OPTION_FLAG, - .opt.flag = &req_config.text, + .opt.flag = &cfg.text, }, { .name = "utf8", @@ -504,19 +504,19 @@ static const struct option req_options[] = { .name = "verbose", .desc = "Verbose", .type = OPTION_FLAG, - .opt.flag = &req_config.verbose, + .opt.flag = &cfg.verbose, }, { .name = "verify", .desc = "Verify signature on request", .type = OPTION_FLAG, - .opt.flag = &req_config.verify, + .opt.flag = &cfg.verify, }, { .name = "x509", .desc = "Output an X.509 structure instead of a certificate request", .type = OPTION_FLAG, - .opt.flag = &req_config.x509, + .opt.flag = &cfg.x509, }, { .name = NULL, @@ -568,15 +568,15 @@ req_main(int argc, char **argv) exit(1); } - memset(&req_config, 0, sizeof(req_config)); + memset(&cfg, 0, sizeof(cfg)); - req_config.chtype = MBSTRING_ASC; - req_config.days = 30; - req_config.digest = EVP_sha256(); - req_config.newkey = -1; - req_config.informat = FORMAT_PEM; - req_config.keyform = FORMAT_PEM; - req_config.outformat = FORMAT_PEM; + cfg.chtype = MBSTRING_ASC; + cfg.days = 30; + cfg.digest = EVP_sha256(); + cfg.newkey = -1; + cfg.informat = FORMAT_PEM; + cfg.keyform = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { req_usage(); @@ -586,19 +586,19 @@ req_main(int argc, char **argv) req_conf = NULL; cipher = EVP_aes_256_cbc(); - if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) { + if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if (req_config.template != NULL) { + if (cfg.template != NULL) { long errline = -1; - if (req_config.verbose) - BIO_printf(bio_err, "Using configuration from %s\n", req_config.template); + if (cfg.verbose) + BIO_printf(bio_err, "Using configuration from %s\n", cfg.template); if ((req_conf = NCONF_new(NULL)) == NULL) goto end; - if(!NCONF_load(req_conf, req_config.template, &errline)) { - BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template); + if(!NCONF_load(req_conf, cfg.template, &errline)) { + BIO_printf(bio_err, "error on line %ld of %s\n", errline, cfg.template); goto end; } } else { @@ -606,21 +606,21 @@ req_main(int argc, char **argv) if (req_conf == NULL) { BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); - if (req_config.newreq) + if (cfg.newreq) goto end; - } else if (req_config.verbose) + } else if (cfg.verbose) BIO_printf(bio_err, "Using configuration from %s\n", default_config_file); } - if (req_config.addext_bio != NULL) { + if (cfg.addext_bio != NULL) { long errline = -1; - if (req_config.verbose) + if (cfg.verbose) BIO_printf(bio_err, "Using additional configuration from command line\n"); if ((addext_conf = NCONF_new(NULL)) == NULL) goto end; - if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) { + if (!NCONF_load_bio(addext_conf, cfg.addext_bio, &errline)) { BIO_printf(bio_err, "req: Error on line %ld of config input\n", errline); @@ -658,22 +658,22 @@ req_main(int argc, char **argv) ERR_clear_error(); if (p != NULL) { if ((md_alg = EVP_get_digestbyname(p)) != NULL) - req_config.digest = md_alg; + cfg.digest = md_alg; } } - if (!req_config.extensions) { - req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); - if (!req_config.extensions) + if (!cfg.extensions) { + cfg.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + if (!cfg.extensions) ERR_clear_error(); } - if (req_config.extensions) { + if (cfg.extensions) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, req_conf); - if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) { + if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.extensions, NULL)) { BIO_printf(bio_err, - "Error Loading extension section %s\n", req_config.extensions); + "Error Loading extension section %s\n", cfg.extensions); goto end; } } @@ -706,27 +706,27 @@ req_main(int argc, char **argv) BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); goto end; } - if (req_config.chtype != MBSTRING_UTF8) { + if (cfg.chtype != MBSTRING_UTF8) { p = NCONF_get_string(req_conf, SECTION, UTF8_IN); if (!p) ERR_clear_error(); else if (!strcmp(p, "yes")) - req_config.chtype = MBSTRING_UTF8; + cfg.chtype = MBSTRING_UTF8; } - if (!req_config.req_exts) { - req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); - if (!req_config.req_exts) + if (!cfg.req_exts) { + cfg.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + if (!cfg.req_exts) ERR_clear_error(); } - if (req_config.req_exts) { + if (cfg.req_exts) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, req_conf); - if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) { + if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", - req_config.req_exts); + cfg.req_exts); goto end; } } @@ -735,8 +735,8 @@ req_main(int argc, char **argv) if ((in == NULL) || (out == NULL)) goto end; - if (req_config.keyfile != NULL) { - pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin, + if (cfg.keyfile != NULL) { + pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin, "Private Key"); if (!pkey) { /* @@ -746,31 +746,31 @@ req_main(int argc, char **argv) goto end; } } - if (req_config.newreq && (pkey == NULL)) { - if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) { - req_config.newkey = DEFAULT_KEY_LENGTH; + if (cfg.newreq && (pkey == NULL)) { + if (!NCONF_get_number(req_conf, SECTION, BITS, &cfg.newkey)) { + cfg.newkey = DEFAULT_KEY_LENGTH; } - if (req_config.keyalg) { - genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey, + if (cfg.keyalg) { + genctx = set_keygen_ctx(bio_err, cfg.keyalg, &pkey_type, &cfg.newkey, &keyalgstr); if (!genctx) goto end; } - if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { + if (cfg.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { BIO_printf(bio_err, "private key length is too short,\n"); - BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey); + BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, cfg.newkey); goto end; } if (!genctx) { - genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey, + genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &cfg.newkey, &keyalgstr); if (!genctx) goto end; } - if (req_config.pkeyopts) { + if (cfg.pkeyopts) { char *genopt; - for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) { - genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i); + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.pkeyopts); i++) { + genopt = sk_OPENSSL_STRING_value(cfg.pkeyopts, i); if (pkey_ctrl_string(genctx, genopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", @@ -781,7 +781,7 @@ req_main(int argc, char **argv) } } BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - req_config.newkey, keyalgstr); + cfg.newkey, keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); @@ -793,18 +793,18 @@ req_main(int argc, char **argv) EVP_PKEY_CTX_free(genctx); genctx = NULL; - if (req_config.keyout == NULL) { - req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); - if (req_config.keyout == NULL) + if (cfg.keyout == NULL) { + cfg.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); + if (cfg.keyout == NULL) ERR_clear_error(); } - if (req_config.keyout == NULL) { + if (cfg.keyout == NULL) { BIO_printf(bio_err, "writing new private key to stdout\n"); BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout); - if (BIO_write_filename(out, req_config.keyout) <= 0) { - perror(req_config.keyout); + BIO_printf(bio_err, "writing new private key to '%s'\n", cfg.keyout); + if (BIO_write_filename(out, cfg.keyout) <= 0) { + perror(cfg.keyout); goto end; } } @@ -818,7 +818,7 @@ req_main(int argc, char **argv) } if ((p != NULL) && (strcmp(p, "no") == 0)) cipher = NULL; - if (req_config.nodes) + if (cfg.nodes) cipher = NULL; i = 0; @@ -835,19 +835,19 @@ req_main(int argc, char **argv) } BIO_printf(bio_err, "-----\n"); } - if (!req_config.newreq) { - if (req_config.infile == NULL) + if (!cfg.newreq) { + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, req_config.infile) <= 0) { - perror(req_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); goto end; } } - if (req_config.informat == FORMAT_ASN1) + if (cfg.informat == FORMAT_ASN1) req = d2i_X509_REQ_bio(in, NULL); - else if (req_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified for X509 request\n"); @@ -858,7 +858,7 @@ req_main(int argc, char **argv) goto end; } } - if (req_config.newreq || req_config.x509) { + if (cfg.newreq || cfg.x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; @@ -868,14 +868,14 @@ req_main(int argc, char **argv) if (req == NULL) { goto end; } - i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); - req_config.subj = NULL; /* done processing '-subj' option */ + i = make_REQ(req, pkey, cfg.subj, cfg.multirdn, !cfg.x509, cfg.chtype); + cfg.subj = NULL; /* done processing '-subj' option */ if (!i) { BIO_printf(bio_err, "problems making Certificate Request\n"); goto end; } } - if (req_config.x509) { + if (cfg.x509) { EVP_PKEY *tmppkey; X509V3_CTX ext_ctx; @@ -883,11 +883,11 @@ req_main(int argc, char **argv) goto end; /* Set version to V3 */ - if ((req_config.extensions != NULL || addext_conf != NULL) && + if ((cfg.extensions != NULL || addext_conf != NULL) && !X509_set_version(x509ss, 2)) goto end; - if (req_config.serial) { - if (!X509_set_serialNumber(x509ss, req_config.serial)) + if (cfg.serial) { + if (!X509_set_serialNumber(x509ss, cfg.serial)) goto end; } else { if (!rand_serial(NULL, @@ -899,7 +899,7 @@ req_main(int argc, char **argv) goto end; if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) goto end; - if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL)) + if (!X509_time_adj_ex(X509_get_notAfter(x509ss), cfg.days, 0, NULL)) goto end; if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; @@ -914,11 +914,11 @@ req_main(int argc, char **argv) X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf, - &ext_ctx, req_config.extensions, x509ss)) { + if (cfg.extensions && !X509V3_EXT_add_nconf(req_conf, + &ext_ctx, cfg.extensions, x509ss)) { BIO_printf(bio_err, "Error Loading extension section %s\n", - req_config.extensions); + cfg.extensions); goto end; } if (addext_conf != NULL && @@ -928,7 +928,7 @@ req_main(int argc, char **argv) "Error Loading command line extensions\n"); goto end; } - i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts); + i = do_X509_sign(bio_err, x509ss, pkey, cfg.digest, cfg.sigopts); if (!i) { ERR_print_errors(bio_err); goto end; @@ -942,11 +942,11 @@ req_main(int argc, char **argv) X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, - &ext_ctx, req_config.req_exts, req)) { + if (cfg.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, + &ext_ctx, cfg.req_exts, req)) { BIO_printf(bio_err, "Error Loading extension section %s\n", - req_config.req_exts); + cfg.req_exts); goto end; } if (addext_conf != NULL && @@ -956,33 +956,33 @@ req_main(int argc, char **argv) "Error Loading command line extensions\n"); goto end; } - i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts); + i = do_X509_REQ_sign(bio_err, req, pkey, cfg.digest, cfg.sigopts); if (!i) { ERR_print_errors(bio_err); goto end; } } } - if (req_config.subj && req_config.x509) { + if (cfg.subj && cfg.x509) { BIO_printf(bio_err, "Cannot modify certificate subject\n"); goto end; } - if (req_config.subj && !req_config.x509) { - if (req_config.verbose) { + if (cfg.subj && !cfg.x509) { + if (cfg.verbose) { BIO_printf(bio_err, "Modifying Request's Subject\n"); - print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag); + print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), cfg.nmflag); } - if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) { + if (build_subject(req, cfg.subj, cfg.chtype, cfg.multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex = 1; goto end; } - if (req_config.verbose) { - print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag); + if (cfg.verbose) { + print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), cfg.nmflag); } } - if (req_config.verify && !req_config.x509) { + if (cfg.verify && !cfg.x509) { EVP_PKEY *pubkey = pkey; if (pubkey == NULL) @@ -998,24 +998,24 @@ req_main(int argc, char **argv) } else /* if (i > 0) */ BIO_printf(bio_err, "verify OK\n"); } - if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) { + if (cfg.noout && !cfg.text && !cfg.modulus && !cfg.subject && !cfg.pubkey) { ex = 0; goto end; } - if (req_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0)) - i = (int) BIO_append_filename(out, req_config.outfile); + if ((cfg.keyout != NULL) && (strcmp(cfg.outfile, cfg.keyout) == 0)) + i = (int) BIO_append_filename(out, cfg.outfile); else - i = (int) BIO_write_filename(out, req_config.outfile); + i = (int) BIO_write_filename(out, cfg.outfile); if (!i) { - perror(req_config.outfile); + perror(cfg.outfile); goto end; } } - if (req_config.pubkey) { + if (cfg.pubkey) { EVP_PKEY *tpubkey; if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { @@ -1025,22 +1025,22 @@ req_main(int argc, char **argv) } PEM_write_bio_PUBKEY(out, tpubkey); } - if (req_config.text) { - if (req_config.x509) - X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag); + if (cfg.text) { + if (cfg.x509) + X509_print_ex(out, x509ss, cfg.nmflag, cfg.reqflag); else - X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag); + X509_REQ_print_ex(out, req, cfg.nmflag, cfg.reqflag); } - if (req_config.subject) { - if (req_config.x509) - print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag); + if (cfg.subject) { + if (cfg.x509) + print_name(out, "subject=", X509_get_subject_name(x509ss), cfg.nmflag); else - print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag); + print_name(out, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag); } - if (req_config.modulus) { + if (cfg.modulus) { EVP_PKEY *tpubkey; - if (req_config.x509) + if (cfg.x509) tpubkey = X509_get0_pubkey(x509ss); else tpubkey = X509_REQ_get0_pubkey(req); @@ -1059,11 +1059,11 @@ req_main(int argc, char **argv) fprintf(stdout, "Wrong Algorithm type"); fprintf(stdout, "\n"); } - if (!req_config.noout && !req_config.x509) { - if (req_config.outformat == FORMAT_ASN1) + if (!cfg.noout && !cfg.x509) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_X509_REQ_bio(out, req); - else if (req_config.outformat == FORMAT_PEM) { - if (req_config.newhdr) + else if (cfg.outformat == FORMAT_PEM) { + if (cfg.newhdr) i = PEM_write_bio_X509_REQ_NEW(out, req); else i = PEM_write_bio_X509_REQ(out, req); @@ -1076,10 +1076,10 @@ req_main(int argc, char **argv) goto end; } } - if (!req_config.noout && req_config.x509 && (x509ss != NULL)) { - if (req_config.outformat == FORMAT_ASN1) + if (!cfg.noout && cfg.x509 && (x509ss != NULL)) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x509ss); - else if (req_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_X509(out, x509ss); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); @@ -1098,25 +1098,25 @@ req_main(int argc, char **argv) if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); NCONF_free(addext_conf); - BIO_free(req_config.addext_bio); + BIO_free(cfg.addext_bio); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); if (genctx) EVP_PKEY_CTX_free(genctx); - if (req_config.pkeyopts) - sk_OPENSSL_STRING_free(req_config.pkeyopts); - if (req_config.sigopts) - sk_OPENSSL_STRING_free(req_config.sigopts); - lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); - lh_OPENSSL_STRING_free(req_config.addexts); + if (cfg.pkeyopts) + sk_OPENSSL_STRING_free(cfg.pkeyopts); + if (cfg.sigopts) + sk_OPENSSL_STRING_free(cfg.sigopts); + lh_OPENSSL_STRING_doall(cfg.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); + lh_OPENSSL_STRING_free(cfg.addexts); free(keyalgstr); X509_REQ_free(req); X509_free(x509ss); - ASN1_INTEGER_free(req_config.serial); - if (req_config.passargin && passin) + ASN1_INTEGER_free(cfg.serial); + if (cfg.passargin && passin) free(passin); - if (req_config.passargout && passout) + if (cfg.passargout && passout) free(passout); OBJ_cleanup(); @@ -1222,7 +1222,7 @@ prompt_info(X509_REQ * req, X509_NAME *subj; subj = X509_REQ_get_subject_name(req); - if (!req_config.batch) { + if (!cfg.batch) { BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); BIO_printf(bio_err, "into your certificate request.\n"); BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); @@ -1316,7 +1316,7 @@ prompt_info(X509_REQ * req, } if (attribs) { if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && - (!req_config.batch)) { + (!cfg.batch)) { BIO_printf(bio_err, "\nPlease enter the following 'extra' attributes\n"); BIO_printf(bio_err, @@ -1452,7 +1452,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value, int i, ret = 0; char buf[1024]; start: - if (!req_config.batch) + if (!cfg.batch) BIO_printf(bio_err, "%s [%s]:", text, def); (void) BIO_flush(bio_err); if (value != NULL) { @@ -1461,7 +1461,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value, BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; - if (!req_config.batch) { + if (!cfg.batch) { if (!fgets(buf, sizeof buf, stdin)) return 0; } else { @@ -1505,7 +1505,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def, static char buf[1024]; start: - if (!req_config.batch) + if (!cfg.batch) BIO_printf(bio_err, "%s [%s]:", text, def); (void) BIO_flush(bio_err); if (value != NULL) { @@ -1514,7 +1514,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def, BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; - if (!req_config.batch) { + if (!cfg.batch) { if (!fgets(buf, sizeof buf, stdin)) return 0; } else { diff --git a/usr.bin/openssl/rsa.c b/usr.bin/openssl/rsa.c index bdd263ce7c8..953daaacf71 100644 --- a/usr.bin/openssl/rsa.c +++ b/usr.bin/openssl/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: rsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -89,7 +89,7 @@ static struct { int pubout; int pvk_encr; int text; -} rsa_config; +} cfg; static int rsa_opt_cipher(int argc, char **argv, int *argsused) @@ -99,7 +99,7 @@ rsa_opt_cipher(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) { + if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) { fprintf(stderr, "Invalid cipher '%s'\n", name); return (1); } @@ -113,111 +113,111 @@ static const struct option rsa_options[] = { .name = "check", .desc = "Check consistency of RSA private key", .type = OPTION_FLAG, - .opt.flag = &rsa_config.check, + .opt.flag = &cfg.check, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &rsa_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER, NET or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &rsa_config.informat, + .opt.value = &cfg.informat, }, { .name = "modulus", .desc = "Print the RSA key modulus", .type = OPTION_FLAG, - .opt.flag = &rsa_config.modulus, + .opt.flag = &cfg.modulus, }, { .name = "noout", .desc = "Do not print encoded version of the key", .type = OPTION_FLAG, - .opt.flag = &rsa_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &rsa_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER, NET or PEM (default PEM))", .type = OPTION_ARG_FORMAT, - .opt.value = &rsa_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "src", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &rsa_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "passout", .argname = "src", .desc = "Output file passphrase source", .type = OPTION_ARG, - .opt.arg = &rsa_config.passargout, + .opt.arg = &cfg.passargout, }, { .name = "pubin", .desc = "Expect a public key (default private key)", .type = OPTION_VALUE, .value = 1, - .opt.value = &rsa_config.pubin, + .opt.value = &cfg.pubin, }, { .name = "pubout", .desc = "Output a public key (default private key)", .type = OPTION_VALUE, .value = 1, - .opt.value = &rsa_config.pubout, + .opt.value = &cfg.pubout, }, { .name = "pvk-none", .type = OPTION_VALUE, .value = 0, - .opt.value = &rsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "pvk-strong", .type = OPTION_VALUE, .value = 2, - .opt.value = &rsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "pvk-weak", .type = OPTION_VALUE, .value = 1, - .opt.value = &rsa_config.pvk_encr, + .opt.value = &cfg.pvk_encr, }, { .name = "RSAPublicKey_in", .type = OPTION_VALUE, .value = 2, - .opt.value = &rsa_config.pubin, + .opt.value = &cfg.pubin, }, { .name = "RSAPublicKey_out", .type = OPTION_VALUE, .value = 2, - .opt.value = &rsa_config.pubout, + .opt.value = &cfg.pubout, }, { .name = "text", .desc = "Print in plain text in addition to encoded", .type = OPTION_FLAG, - .opt.flag = &rsa_config.text, + .opt.flag = &cfg.text, }, { .name = NULL, @@ -260,22 +260,22 @@ rsa_main(int argc, char **argv) exit(1); } - memset(&rsa_config, 0, sizeof(rsa_config)); - rsa_config.pvk_encr = 2; - rsa_config.informat = FORMAT_PEM; - rsa_config.outformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.pvk_encr = 2; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { rsa_usage(); goto end; } - if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, + if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if (rsa_config.check && rsa_config.pubin) { + if (cfg.check && cfg.pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } @@ -284,21 +284,21 @@ rsa_main(int argc, char **argv) { EVP_PKEY *pkey; - if (rsa_config.pubin) { + if (cfg.pubin) { int tmpformat = -1; - if (rsa_config.pubin == 2) { - if (rsa_config.informat == FORMAT_PEM) + if (cfg.pubin == 2) { + if (cfg.informat == FORMAT_PEM) tmpformat = FORMAT_PEMRSA; - else if (rsa_config.informat == FORMAT_ASN1) + else if (cfg.informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; } else - tmpformat = rsa_config.informat; + tmpformat = cfg.informat; - pkey = load_pubkey(bio_err, rsa_config.infile, + pkey = load_pubkey(bio_err, cfg.infile, tmpformat, 1, passin, "Public Key"); } else - pkey = load_key(bio_err, rsa_config.infile, - rsa_config.informat, 1, passin, "Private Key"); + pkey = load_key(bio_err, cfg.infile, + cfg.informat, 1, passin, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); @@ -309,27 +309,27 @@ rsa_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (rsa_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, rsa_config.outfile) <= 0) { - perror(rsa_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } - if (rsa_config.text) + if (cfg.text) if (!RSA_print(out, rsa, 0)) { - perror(rsa_config.outfile); + perror(cfg.outfile); ERR_print_errors(bio_err); goto end; } - if (rsa_config.modulus) { + if (cfg.modulus) { BIO_printf(out, "Modulus="); BN_print(out, RSA_get0_n(rsa)); BIO_printf(out, "\n"); } - if (rsa_config.check) { + if (cfg.check) { int r = RSA_check_key(rsa); if (r == 1) @@ -353,38 +353,38 @@ rsa_main(int argc, char **argv) goto end; } } - if (rsa_config.noout) { + if (cfg.noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing RSA key\n"); - if (rsa_config.outformat == FORMAT_ASN1) { - if (rsa_config.pubout || rsa_config.pubin) { - if (rsa_config.pubout == 2) + if (cfg.outformat == FORMAT_ASN1) { + if (cfg.pubout || cfg.pubin) { + if (cfg.pubout == 2) i = i2d_RSAPublicKey_bio(out, rsa); else i = i2d_RSA_PUBKEY_bio(out, rsa); } else i = i2d_RSAPrivateKey_bio(out, rsa); - } else if (rsa_config.outformat == FORMAT_PEM) { - if (rsa_config.pubout || rsa_config.pubin) { - if (rsa_config.pubout == 2) + } else if (cfg.outformat == FORMAT_PEM) { + if (cfg.pubout || cfg.pubin) { + if (cfg.pubout == 2) i = PEM_write_bio_RSAPublicKey(out, rsa); else i = PEM_write_bio_RSA_PUBKEY(out, rsa); } else i = PEM_write_bio_RSAPrivateKey(out, rsa, - rsa_config.enc, NULL, 0, NULL, passout); + cfg.enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) - } else if (rsa_config.outformat == FORMAT_MSBLOB || - rsa_config.outformat == FORMAT_PVK) { + } else if (cfg.outformat == FORMAT_MSBLOB || + cfg.outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pk, rsa); - if (rsa_config.outformat == FORMAT_PVK) - i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0, + if (cfg.outformat == FORMAT_PVK) + i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0, passout); - else if (rsa_config.pubin || rsa_config.pubout) + else if (cfg.pubin || cfg.pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); diff --git a/usr.bin/openssl/rsautl.c b/usr.bin/openssl/rsautl.c index 2916b2d9a07..9327223123e 100644 --- a/usr.bin/openssl/rsautl.c +++ b/usr.bin/openssl/rsautl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsautl.c,v 1.20 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -87,131 +87,131 @@ static struct { char *passargin; int rev; int rsa_mode; -} rsautl_config; +} cfg; static const struct option rsautl_options[] = { { .name = "asn1parse", .desc = "ASN.1 parse the output data", .type = OPTION_FLAG, - .opt.flag = &rsautl_config.asn1parse, + .opt.flag = &cfg.asn1parse, }, { .name = "certin", .desc = "Input is a certificate containing an RSA public key", .type = OPTION_VALUE, .value = KEY_CERT, - .opt.value = &rsautl_config.key_type, + .opt.value = &cfg.key_type, }, { .name = "decrypt", .desc = "Decrypt the input data using RSA private key", .type = OPTION_VALUE, .value = RSA_DECRYPT, - .opt.value = &rsautl_config.rsa_mode, + .opt.value = &cfg.rsa_mode, }, { .name = "encrypt", .desc = "Encrypt the input data using RSA public key", .type = OPTION_VALUE, .value = RSA_ENCRYPT, - .opt.value = &rsautl_config.rsa_mode, + .opt.value = &cfg.rsa_mode, }, { .name = "hexdump", .desc = "Hex dump the output data", .type = OPTION_FLAG, - .opt.flag = &rsautl_config.hexdump, + .opt.flag = &cfg.hexdump, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &rsautl_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inkey", .argname = "file", .desc = "Input key file", .type = OPTION_ARG, - .opt.arg = &rsautl_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "keyform", .argname = "fmt", .desc = "Input key format (DER, TXT or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &rsautl_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "oaep", .desc = "Use PKCS#1 OAEP padding", .type = OPTION_VALUE, .value = RSA_PKCS1_OAEP_PADDING, - .opt.value = &rsautl_config.pad, + .opt.value = &cfg.pad, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &rsautl_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "arg", .desc = "Key password source", .type = OPTION_ARG, - .opt.arg = &rsautl_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "pkcs", .desc = "Use PKCS#1 v1.5 padding (default)", .type = OPTION_VALUE, .value = RSA_PKCS1_PADDING, - .opt.value = &rsautl_config.pad, + .opt.value = &cfg.pad, }, { .name = "pubin", .desc = "Input is an RSA public key", .type = OPTION_VALUE, .value = KEY_PUBKEY, - .opt.value = &rsautl_config.key_type, + .opt.value = &cfg.key_type, }, { .name = "raw", .desc = "Use no padding", .type = OPTION_VALUE, .value = RSA_NO_PADDING, - .opt.value = &rsautl_config.pad, + .opt.value = &cfg.pad, }, { .name = "rev", .desc = "Reverse the input data", .type = OPTION_FLAG, - .opt.flag = &rsautl_config.rev, + .opt.flag = &cfg.rev, }, { .name = "sign", .desc = "Sign the input data using RSA private key", .type = OPTION_VALUE, .value = RSA_SIGN, - .opt.value = &rsautl_config.rsa_mode, + .opt.value = &cfg.rsa_mode, }, { .name = "verify", .desc = "Verify the input data using RSA public key", .type = OPTION_VALUE, .value = RSA_VERIFY, - .opt.value = &rsautl_config.rsa_mode, + .opt.value = &cfg.rsa_mode, }, { .name = "x931", .desc = "Use ANSI X9.31 padding", .type = OPTION_VALUE, .value = RSA_X931_PADDING, - .opt.value = &rsautl_config.pad, + .opt.value = &cfg.pad, }, {NULL}, @@ -249,44 +249,44 @@ rsautl_main(int argc, char **argv) exit(1); } - memset(&rsautl_config, 0, sizeof(rsautl_config)); - rsautl_config.keyform = FORMAT_PEM; - rsautl_config.key_type = KEY_PRIVKEY; - rsautl_config.pad = RSA_PKCS1_PADDING; - rsautl_config.rsa_mode = RSA_VERIFY; + memset(&cfg, 0, sizeof(cfg)); + cfg.keyform = FORMAT_PEM; + cfg.key_type = KEY_PRIVKEY; + cfg.pad = RSA_PKCS1_PADDING; + cfg.rsa_mode = RSA_VERIFY; if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) { rsautl_usage(); return (1); } - if (rsautl_config.rsa_mode == RSA_SIGN || - rsautl_config.rsa_mode == RSA_DECRYPT) + if (cfg.rsa_mode == RSA_SIGN || + cfg.rsa_mode == RSA_DECRYPT) need_priv = 1; - if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) { + if (need_priv && cfg.key_type != KEY_PRIVKEY) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } - if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - switch (rsautl_config.key_type) { + switch (cfg.key_type) { case KEY_PRIVKEY: - pkey = load_key(bio_err, rsautl_config.keyfile, - rsautl_config.keyform, 0, passin, "Private Key"); + pkey = load_key(bio_err, cfg.keyfile, + cfg.keyform, 0, passin, "Private Key"); break; case KEY_PUBKEY: - pkey = load_pubkey(bio_err, rsautl_config.keyfile, - rsautl_config.keyform, 0, NULL, "Public Key"); + pkey = load_pubkey(bio_err, cfg.keyfile, + cfg.keyform, 0, NULL, "Public Key"); break; case KEY_CERT: - x = load_cert(bio_err, rsautl_config.keyfile, - rsautl_config.keyform, NULL, "Certificate"); + x = load_cert(bio_err, cfg.keyfile, + cfg.keyform, NULL, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); @@ -305,8 +305,8 @@ rsautl_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (rsautl_config.infile) { - if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) { + if (cfg.infile) { + if (!(in = BIO_new_file(cfg.infile, "rb"))) { BIO_printf(bio_err, "Error Reading Input File\n"); ERR_print_errors(bio_err); goto end; @@ -314,8 +314,8 @@ rsautl_main(int argc, char **argv) } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (rsautl_config.outfile) { - if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) { + if (cfg.outfile) { + if (!(out = BIO_new_file(cfg.outfile, "wb"))) { BIO_printf(bio_err, "Error Reading Output File\n"); ERR_print_errors(bio_err); goto end; @@ -343,7 +343,7 @@ rsautl_main(int argc, char **argv) BIO_printf(bio_err, "Error reading input Data\n"); exit(1); } - if (rsautl_config.rev) { + if (cfg.rev) { int i; unsigned char ctmp; for (i = 0; i < rsa_inlen / 2; i++) { @@ -353,25 +353,25 @@ rsautl_main(int argc, char **argv) } } - switch (rsautl_config.rsa_mode) { + switch (cfg.rsa_mode) { case RSA_VERIFY: rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, - rsa, rsautl_config.pad); + rsa, cfg.pad); break; case RSA_SIGN: rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, - rsa, rsautl_config.pad); + rsa, cfg.pad); break; case RSA_ENCRYPT: rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, - rsa, rsautl_config.pad); + rsa, cfg.pad); break; case RSA_DECRYPT: rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, - rsa, rsautl_config.pad); + rsa, cfg.pad); break; } @@ -381,11 +381,11 @@ rsautl_main(int argc, char **argv) goto end; } ret = 0; - if (rsautl_config.asn1parse) { + if (cfg.asn1parse) { if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { ERR_print_errors(bio_err); } - } else if (rsautl_config.hexdump) + } else if (cfg.hexdump) BIO_dump(out, (char *) rsa_out, rsa_outlen); else BIO_write(out, rsa_out, rsa_outlen); diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index 41f65023258..82a8128243c 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: s_client.c,v 1.60 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -246,16 +246,16 @@ static struct { int verify; X509_VERIFY_PARAM *vpm; char *xmpphost; -} s_client_config; +} cfg; static int s_client_opt_keymatexportlen(char *arg) { - s_client_config.keymatexportlen = strtonum(arg, 1, INT_MAX, - &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + cfg.keymatexportlen = strtonum(arg, 1, INT_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -265,11 +265,11 @@ s_client_opt_keymatexportlen(char *arg) static int s_client_opt_mtu(char *arg) { - s_client_config.socket_mtu = strtonum(arg, 0, LONG_MAX, - &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + cfg.socket_mtu = strtonum(arg, 0, LONG_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -282,7 +282,7 @@ s_client_opt_port(char *arg) if (*arg == '\0') return (1); - s_client_config.port = arg; + cfg.port = arg; return (0); } @@ -290,8 +290,8 @@ s_client_opt_port(char *arg) static int s_client_opt_protocol_version_dtls(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -300,10 +300,10 @@ s_client_opt_protocol_version_dtls(void) static int s_client_opt_protocol_version_dtls1(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.min_version = DTLS1_VERSION; - s_client_config.max_version = DTLS1_VERSION; - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.min_version = DTLS1_VERSION; + cfg.max_version = DTLS1_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -312,10 +312,10 @@ s_client_opt_protocol_version_dtls1(void) static int s_client_opt_protocol_version_dtls1_2(void) { - s_client_config.meth = DTLS_client_method(); - s_client_config.min_version = DTLS1_2_VERSION; - s_client_config.max_version = DTLS1_2_VERSION; - s_client_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_client_method(); + cfg.min_version = DTLS1_2_VERSION; + cfg.max_version = DTLS1_2_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -323,40 +323,40 @@ s_client_opt_protocol_version_dtls1_2(void) static int s_client_opt_protocol_version_tls1(void) { - s_client_config.min_version = TLS1_VERSION; - s_client_config.max_version = TLS1_VERSION; + cfg.min_version = TLS1_VERSION; + cfg.max_version = TLS1_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_1(void) { - s_client_config.min_version = TLS1_1_VERSION; - s_client_config.max_version = TLS1_1_VERSION; + cfg.min_version = TLS1_1_VERSION; + cfg.max_version = TLS1_1_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_2(void) { - s_client_config.min_version = TLS1_2_VERSION; - s_client_config.max_version = TLS1_2_VERSION; + cfg.min_version = TLS1_2_VERSION; + cfg.max_version = TLS1_2_VERSION; return (0); } static int s_client_opt_protocol_version_tls1_3(void) { - s_client_config.min_version = TLS1_3_VERSION; - s_client_config.max_version = TLS1_3_VERSION; + cfg.min_version = TLS1_3_VERSION; + cfg.max_version = TLS1_3_VERSION; return (0); } static int s_client_opt_quiet(void) { - s_client_config.quiet = 1; - s_client_config.ign_eof = 1; + cfg.quiet = 1; + cfg.ign_eof = 1; return (0); } @@ -364,17 +364,17 @@ static int s_client_opt_starttls(char *arg) { if (strcmp(arg, "smtp") == 0) - s_client_config.starttls_proto = PROTO_SMTP; + cfg.starttls_proto = PROTO_SMTP; else if (strcmp(arg, "lmtp") == 0) - s_client_config.starttls_proto = PROTO_LMTP; + cfg.starttls_proto = PROTO_LMTP; else if (strcmp(arg, "pop3") == 0) - s_client_config.starttls_proto = PROTO_POP3; + cfg.starttls_proto = PROTO_POP3; else if (strcmp(arg, "imap") == 0) - s_client_config.starttls_proto = PROTO_IMAP; + cfg.starttls_proto = PROTO_IMAP; else if (strcmp(arg, "ftp") == 0) - s_client_config.starttls_proto = PROTO_FTP; + cfg.starttls_proto = PROTO_FTP; else if (strcmp(arg, "xmpp") == 0) - s_client_config.starttls_proto = PROTO_XMPP; + cfg.starttls_proto = PROTO_XMPP; else return (1); return (0); @@ -383,12 +383,12 @@ s_client_opt_starttls(char *arg) static int s_client_opt_verify(char *arg) { - s_client_config.verify = SSL_VERIFY_PEER; + cfg.verify = SSL_VERIFY_PEER; - verify_depth = strtonum(arg, 0, INT_MAX, &s_client_config.errstr); - if (s_client_config.errstr != NULL) { + verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_client_config.errstr); + arg, cfg.errstr); return (1); } BIO_printf(bio_err, "verify depth is %d\n", verify_depth); @@ -403,7 +403,7 @@ s_client_opt_verify_param(int argc, char **argv, int *argsused) int badarg = 0; if (!args_verify(&pargs, &pargc, &badarg, bio_err, - &s_client_config.vpm)) { + &cfg.vpm)) { BIO_printf(bio_err, "unknown option %s\n", *argv); return (1); } @@ -419,14 +419,14 @@ static const struct option s_client_options[] = { .name = "4", .desc = "Use IPv4 only", .type = OPTION_VALUE, - .opt.value = &s_client_config.af, + .opt.value = &cfg.af, .value = AF_INET, }, { .name = "6", .desc = "Use IPv6 only", .type = OPTION_VALUE, - .opt.value = &s_client_config.af, + .opt.value = &cfg.af, .value = AF_INET6, }, { @@ -435,67 +435,67 @@ static const struct option s_client_options[] = { .desc = "Set the advertised protocols for ALPN" " (comma-separated list)", .type = OPTION_ARG, - .opt.arg = &s_client_config.alpn_in, + .opt.arg = &cfg.alpn_in, }, { .name = "bugs", .desc = "Enable various workarounds for buggy implementations", .type = OPTION_FLAG, - .opt.flag = &s_client_config.bugs, + .opt.flag = &cfg.bugs, }, { .name = "CAfile", .argname = "file", .desc = "PEM format file of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_client_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "directory", .desc = "PEM format directory of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_client_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "cert", .argname = "file", .desc = "Certificate file to use, PEM format assumed", .type = OPTION_ARG, - .opt.arg = &s_client_config.cert_file, + .opt.arg = &cfg.cert_file, }, { .name = "certform", .argname = "fmt", .desc = "Certificate format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_client_config.cert_format, + .opt.value = &cfg.cert_format, }, { .name = "cipher", .argname = "cipherlist", .desc = "Preferred cipher to use (see 'openssl ciphers')", .type = OPTION_ARG, - .opt.arg = &s_client_config.cipher, + .opt.arg = &cfg.cipher, }, { .name = "connect", .argname = "host:port", .desc = "Who to connect to (default is localhost:4433)", .type = OPTION_ARG, - .opt.arg = &s_client_config.connect, + .opt.arg = &cfg.connect, }, { .name = "crlf", .desc = "Convert LF from terminal into CRLF", .type = OPTION_FLAG, - .opt.flag = &s_client_config.crlf, + .opt.flag = &cfg.crlf, }, { .name = "debug", .desc = "Print extensive debugging information", .type = OPTION_FLAG, - .opt.flag = &s_client_config.debug, + .opt.flag = &cfg.debug, }, #ifndef OPENSSL_NO_DTLS { @@ -526,20 +526,20 @@ static const struct option s_client_options[] = { .argname = "list", .desc = "Specify EC groups (colon-separated list)", .type = OPTION_ARG, - .opt.arg = &s_client_config.groups_in, + .opt.arg = &cfg.groups_in, }, { .name = "host", .argname = "host", .desc = "Use -connect instead", .type = OPTION_ARG, - .opt.arg = &s_client_config.host, + .opt.arg = &cfg.host, }, { .name = "ign_eof", .desc = "Ignore input EOF (default when -quiet)", .type = OPTION_VALUE, - .opt.value = &s_client_config.ign_eof, + .opt.value = &cfg.ign_eof, .value = 1, }, { @@ -547,21 +547,21 @@ static const struct option s_client_options[] = { .argname = "file", .desc = "Private key file to use, if not, -cert file is used", .type = OPTION_ARG, - .opt.arg = &s_client_config.key_file, + .opt.arg = &cfg.key_file, }, { .name = "keyform", .argname = "fmt", .desc = "Key format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_client_config.key_format, + .opt.value = &cfg.key_format, }, { .name = "keymatexport", .argname = "label", .desc = "Export keying material using label", .type = OPTION_ARG, - .opt.arg = &s_client_config.keymatexportlabel, + .opt.arg = &cfg.keymatexportlabel, }, { .name = "keymatexportlen", @@ -578,14 +578,14 @@ static const struct option s_client_options[] = { .name = "legacy_server_connect", .desc = "Allow initial connection to servers that don't support RI", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_LEGACY_SERVER_CONNECT, }, { .name = "msg", .desc = "Show all protocol messages with hex dump", .type = OPTION_FLAG, - .opt.flag = &s_client_config.msg, + .opt.flag = &cfg.msg, }, #ifndef OPENSSL_NO_DTLS { @@ -600,115 +600,115 @@ static const struct option s_client_options[] = { .name = "nbio", .desc = "Turn on non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_client_config.nbio, + .opt.flag = &cfg.nbio, }, { .name = "nbio_test", .desc = "Test non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_client_config.nbio_test, + .opt.flag = &cfg.nbio_test, }, { .name = "nextprotoneg", .argname = "protocols", .type = OPTION_ARG, - .opt.arg = &s_client_config.npn_in, /* Ignored. */ + .opt.arg = &cfg.npn_in, /* Ignored. */ }, { .name = "no_comp", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_COMPRESSION, }, { .name = "no_ign_eof", .desc = "Don't ignore input EOF", .type = OPTION_VALUE, - .opt.value = &s_client_config.ign_eof, + .opt.value = &cfg.ign_eof, .value = 0, }, { .name = "no_legacy_server_connect", .desc = "Disallow initial connection to servers that don't support RI", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.clr, + .opt.value = &cfg.clr, .value = SSL_OP_LEGACY_SERVER_CONNECT, }, { .name = "no_servername", .desc = "Do not send a Server Name Indication (SNI) extension", .type = OPTION_FLAG, - .opt.value = &s_client_config.no_servername, + .opt.value = &cfg.no_servername, }, { .name = "no_ssl2", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv2, }, { .name = "no_ssl3", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv3, }, { .name = "no_ticket", .desc = "Disable use of RFC4507 session ticket support", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TICKET, }, { .name = "no_tls1", .desc = "Disable the use of TLSv1", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1, }, { .name = "no_tls1_1", .desc = "Disable the use of TLSv1.1", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_1, }, { .name = "no_tls1_2", .desc = "Disable the use of TLSv1.2", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_2, }, { .name = "no_tls1_3", .desc = "Disable the use of TLSv1.3", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_3, }, { .name = "noservername", .type = OPTION_FLAG, - .opt.value = &s_client_config.no_servername, + .opt.value = &cfg.no_servername, }, { .name = "pass", .argname = "arg", .desc = "Private key file pass phrase source", .type = OPTION_ARG, - .opt.arg = &s_client_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "pause", .desc = "Pause 1 second between each read and write call", .type = OPTION_FLAG, - .opt.flag = &s_client_config.pause, + .opt.flag = &cfg.pause, }, { .name = "peekaboo", .type = OPTION_FLAG, - .opt.flag = &s_client_config.peekaboo, + .opt.flag = &cfg.peekaboo, }, { .name = "port", @@ -721,14 +721,14 @@ static const struct option s_client_options[] = { .name = "prexit", .desc = "Print session information when the program exits", .type = OPTION_FLAG, - .opt.flag = &s_client_config.prexit, + .opt.flag = &cfg.prexit, }, { .name = "proxy", .argname = "host:port", .desc = "Connect to http proxy", .type = OPTION_ARG, - .opt.arg = &s_client_config.proxy, + .opt.arg = &cfg.proxy, }, { .name = "quiet", @@ -740,7 +740,7 @@ static const struct option s_client_options[] = { .name = "reconnect", .desc = "Drop and re-make the connection with the same Session-ID", .type = OPTION_VALUE, - .opt.value = &s_client_config.reconnect, + .opt.value = &cfg.reconnect, .value = 5, }, { @@ -748,13 +748,13 @@ static const struct option s_client_options[] = { .argname = "name", .desc = "Set TLS extension servername in ClientHello (SNI)", .type = OPTION_ARG, - .opt.arg = &s_client_config.servername, + .opt.arg = &cfg.servername, }, { .name = "serverpref", .desc = "Use server's cipher preferences", .type = OPTION_VALUE_OR, - .opt.value = &s_client_config.off, + .opt.value = &cfg.off, .value = SSL_OP_CIPHER_SERVER_PREFERENCE, }, { @@ -762,20 +762,20 @@ static const struct option s_client_options[] = { .argname = "file", .desc = "File to read TLS session from", .type = OPTION_ARG, - .opt.arg = &s_client_config.sess_in, + .opt.arg = &cfg.sess_in, }, { .name = "sess_out", .argname = "file", .desc = "File to write TLS session to", .type = OPTION_ARG, - .opt.arg = &s_client_config.sess_out, + .opt.arg = &cfg.sess_out, }, { .name = "showcerts", .desc = "Show all server certificates in the chain", .type = OPTION_FLAG, - .opt.flag = &s_client_config.showcerts, + .opt.flag = &cfg.showcerts, }, { .name = "starttls", @@ -789,20 +789,20 @@ static const struct option s_client_options[] = { .name = "state", .desc = "Print the TLS session states", .type = OPTION_FLAG, - .opt.flag = &s_client_config.state, + .opt.flag = &cfg.state, }, { .name = "status", .desc = "Send a certificate status request to the server (OCSP)", .type = OPTION_FLAG, - .opt.flag = &s_client_config.status_req, + .opt.flag = &cfg.status_req, }, #ifndef OPENSSL_NO_DTLS { .name = "timeout", .desc = "Enable send/receive timeout on DTLS connections", .type = OPTION_FLAG, - .opt.flag = &s_client_config.enable_timeouts, + .opt.flag = &cfg.enable_timeouts, }, #endif { @@ -833,7 +833,7 @@ static const struct option s_client_options[] = { .name = "tlsextdebug", .desc = "Hex dump of all TLS extensions received", .type = OPTION_FLAG, - .opt.flag = &s_client_config.tlsextdebug, + .opt.flag = &cfg.tlsextdebug, }, #ifndef OPENSSL_NO_SRTP { @@ -841,7 +841,7 @@ static const struct option s_client_options[] = { .argname = "profiles", .desc = "Offer SRTP key management with a colon-separated profiles", .type = OPTION_ARG, - .opt.arg = &s_client_config.srtp_profiles, + .opt.arg = &cfg.srtp_profiles, }, #endif { @@ -862,7 +862,7 @@ static const struct option s_client_options[] = { .argname = "host", .desc = "Connect to this virtual host on the xmpp server", .type = OPTION_ARG, - .opt.arg = &s_client_config.xmpphost, + .opt.arg = &cfg.xmpphost, }, { .name = NULL, @@ -928,17 +928,17 @@ s_client_main(int argc, char **argv) exit(1); } - memset(&s_client_config, 0, sizeof(s_client_config)); - s_client_config.af = AF_UNSPEC; - s_client_config.cert_format = FORMAT_PEM; - s_client_config.host = SSL_HOST_NAME; - s_client_config.key_format = FORMAT_PEM; - s_client_config.keymatexportlen = 20; - s_client_config.meth = TLS_client_method(); - s_client_config.port = PORT_STR; - s_client_config.socket_type = SOCK_STREAM; - s_client_config.starttls_proto = PROTO_OFF; - s_client_config.verify = SSL_VERIFY_NONE; + memset(&cfg, 0, sizeof(cfg)); + cfg.af = AF_UNSPEC; + cfg.cert_format = FORMAT_PEM; + cfg.host = SSL_HOST_NAME; + cfg.key_format = FORMAT_PEM; + cfg.keymatexportlen = 20; + cfg.meth = TLS_client_method(); + cfg.port = PORT_STR; + cfg.socket_type = SOCK_STREAM; + cfg.starttls_proto = PROTO_OFF; + cfg.verify = SSL_VERIFY_NONE; if (((cbuf = malloc(BUFSIZZ)) == NULL) || ((sbuf = malloc(BUFSIZZ)) == NULL) || @@ -953,45 +953,45 @@ s_client_main(int argc, char **argv) badop = 1; goto bad; } - if (s_client_config.proxy != NULL) { - if (!extract_host_port(s_client_config.proxy, - &s_client_config.host, NULL, &s_client_config.port)) + if (cfg.proxy != NULL) { + if (!extract_host_port(cfg.proxy, + &cfg.host, NULL, &cfg.port)) goto bad; - if (s_client_config.connect == NULL) - s_client_config.connect = SSL_HOST_NAME; - } else if (s_client_config.connect != NULL) { - if (!extract_host_port(s_client_config.connect, - &s_client_config.host, NULL, &s_client_config.port)) + if (cfg.connect == NULL) + cfg.connect = SSL_HOST_NAME; + } else if (cfg.connect != NULL) { + if (!extract_host_port(cfg.connect, + &cfg.host, NULL, &cfg.port)) goto bad; } if (badop) { bad: - if (s_client_config.errstr == NULL) + if (cfg.errstr == NULL) sc_usage(); goto end; } - if (!app_passwd(bio_err, s_client_config.passarg, NULL, &pass, NULL)) { + if (!app_passwd(bio_err, cfg.passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (s_client_config.key_file == NULL) - s_client_config.key_file = s_client_config.cert_file; + if (cfg.key_file == NULL) + cfg.key_file = cfg.cert_file; - if (s_client_config.key_file) { + if (cfg.key_file) { - key = load_key(bio_err, s_client_config.key_file, - s_client_config.key_format, 0, pass, + key = load_key(bio_err, cfg.key_file, + cfg.key_format, 0, pass, "client certificate private key file"); if (!key) { ERR_print_errors(bio_err); goto end; } } - if (s_client_config.cert_file) { - cert = load_cert(bio_err, s_client_config.cert_file, - s_client_config.cert_format, + if (cfg.cert_file) { + cert = load_cert(bio_err, cfg.cert_file, + cfg.cert_format, NULL, "client certificate file"); if (!cert) { @@ -999,8 +999,8 @@ s_client_main(int argc, char **argv) goto end; } } - if (s_client_config.quiet && !s_client_config.debug && - !s_client_config.msg) { + if (cfg.quiet && !cfg.debug && + !cfg.msg) { if ((bio_c_out = BIO_new(BIO_s_null())) == NULL) goto end; } else { @@ -1008,7 +1008,7 @@ s_client_main(int argc, char **argv) goto end; } - ctx = SSL_CTX_new(s_client_config.meth); + ctx = SSL_CTX_new(cfg.meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; @@ -1016,31 +1016,31 @@ s_client_main(int argc, char **argv) SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - if (s_client_config.vpm) - SSL_CTX_set1_param(ctx, s_client_config.vpm); + if (cfg.vpm) + SSL_CTX_set1_param(ctx, cfg.vpm); - if (!SSL_CTX_set_min_proto_version(ctx, s_client_config.min_version)) + if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version)) goto end; - if (!SSL_CTX_set_max_proto_version(ctx, s_client_config.max_version)) + if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version)) goto end; #ifndef OPENSSL_NO_SRTP - if (s_client_config.srtp_profiles != NULL) - SSL_CTX_set_tlsext_use_srtp(ctx, s_client_config.srtp_profiles); + if (cfg.srtp_profiles != NULL) + SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles); #endif - if (s_client_config.bugs) - SSL_CTX_set_options(ctx, SSL_OP_ALL | s_client_config.off); + if (cfg.bugs) + SSL_CTX_set_options(ctx, SSL_OP_ALL | cfg.off); else - SSL_CTX_set_options(ctx, s_client_config.off); + SSL_CTX_set_options(ctx, cfg.off); - if (s_client_config.clr) - SSL_CTX_clear_options(ctx, s_client_config.clr); + if (cfg.clr) + SSL_CTX_clear_options(ctx, cfg.clr); - if (s_client_config.alpn_in) { + if (cfg.alpn_in) { unsigned short alpn_len; unsigned char *alpn; - alpn = next_protos_parse(&alpn_len, s_client_config.alpn_in); + alpn = next_protos_parse(&alpn_len, cfg.alpn_in); if (alpn == NULL) { BIO_printf(bio_err, "Error parsing -alpn argument\n"); goto end; @@ -1048,42 +1048,42 @@ s_client_main(int argc, char **argv) SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len); free(alpn); } - if (s_client_config.groups_in != NULL) { - if (SSL_CTX_set1_groups_list(ctx, s_client_config.groups_in) != 1) { + if (cfg.groups_in != NULL) { + if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) { BIO_printf(bio_err, "Failed to set groups '%s'\n", - s_client_config.groups_in); + cfg.groups_in); goto end; } } - if (s_client_config.state) + if (cfg.state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); - if (s_client_config.cipher != NULL) - if (!SSL_CTX_set_cipher_list(ctx, s_client_config.cipher)) { + if (cfg.cipher != NULL) + if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } - SSL_CTX_set_verify(ctx, s_client_config.verify, verify_callback); + SSL_CTX_set_verify(ctx, cfg.verify, verify_callback); if (!set_cert_key_stuff(ctx, cert, key)) goto end; - if ((s_client_config.CAfile || s_client_config.CApath) - && !SSL_CTX_load_verify_locations(ctx, s_client_config.CAfile, - s_client_config.CApath)) + if ((cfg.CAfile || cfg.CApath) + && !SSL_CTX_load_verify_locations(ctx, cfg.CAfile, + cfg.CApath)) ERR_print_errors(bio_err); if (!SSL_CTX_set_default_verify_paths(ctx)) ERR_print_errors(bio_err); con = SSL_new(ctx); - if (s_client_config.sess_in) { + if (cfg.sess_in) { SSL_SESSION *sess; - BIO *stmp = BIO_new_file(s_client_config.sess_in, "r"); + BIO *stmp = BIO_new_file(cfg.sess_in, "r"); if (!stmp) { BIO_printf(bio_err, "Can't open session file %s\n", - s_client_config.sess_in); + cfg.sess_in); ERR_print_errors(bio_err); goto end; } @@ -1091,7 +1091,7 @@ s_client_main(int argc, char **argv) BIO_free(stmp); if (!sess) { BIO_printf(bio_err, "Can't open session file %s\n", - s_client_config.sess_in); + cfg.sess_in); ERR_print_errors(bio_err); goto end; } @@ -1100,15 +1100,15 @@ s_client_main(int argc, char **argv) } /* Attempt to opportunistically use the host name for SNI. */ - servername = s_client_config.servername; + servername = cfg.servername; if (servername == NULL) - servername = s_client_config.host; + servername = cfg.host; - if (!s_client_config.no_servername && servername != NULL && + if (!cfg.no_servername && servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { long ssl_err = ERR_peek_error(); - if (s_client_config.servername != NULL || + if (cfg.servername != NULL || ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { BIO_printf(bio_err, @@ -1119,7 +1119,7 @@ s_client_main(int argc, char **argv) servername = NULL; ERR_clear_error(); } - if (!s_client_config.no_servername && servername != NULL) { + if (!cfg.no_servername && servername != NULL) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); @@ -1127,22 +1127,22 @@ s_client_main(int argc, char **argv) re_start: - if (init_client(&s, s_client_config.host, s_client_config.port, - s_client_config.socket_type, s_client_config.af) == 0) { + if (init_client(&s, cfg.host, cfg.port, + cfg.socket_type, cfg.af) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", errno); goto end; } BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s); - if (s_client_config.nbio) { - if (!s_client_config.quiet) + if (cfg.nbio) { + if (!cfg.quiet) BIO_printf(bio_c_out, "turning on non blocking io\n"); if (!BIO_socket_nbio(s, 1)) { ERR_print_errors(bio_err); goto end; } } - if (s_client_config.pause & 0x01) + if (cfg.pause & 0x01) SSL_set_debug(con, 1); if (SSL_is_dtls(con)) { @@ -1157,7 +1157,7 @@ s_client_main(int argc, char **argv) } (void) BIO_ctrl_set_connected(sbio, 1, &peer); - if (s_client_config.enable_timeouts) { + if (cfg.enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, @@ -1168,35 +1168,35 @@ s_client_main(int argc, char **argv) BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } - if (s_client_config.socket_mtu > 28) { + if (cfg.socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, s_client_config.socket_mtu - 28); + SSL_set_mtu(con, cfg.socket_mtu - 28); } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); } else sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (s_client_config.nbio_test) { + if (cfg.nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); sbio = BIO_push(test, sbio); } - if (s_client_config.debug) { + if (cfg.debug) { SSL_set_debug(con, 1); BIO_set_callback(sbio, bio_dump_callback); BIO_set_callback_arg(sbio, (char *) bio_c_out); } - if (s_client_config.msg) { + if (cfg.msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_out); } - if (s_client_config.tlsextdebug) { + if (cfg.tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } - if (s_client_config.status_req) { + if (cfg.status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); @@ -1225,8 +1225,8 @@ s_client_main(int argc, char **argv) * push a buffering BIO into the chain that is removed again later on * to not disturb the rest of the s_client operation. */ - if (s_client_config.starttls_proto == PROTO_SMTP || - s_client_config.starttls_proto == PROTO_LMTP) { + if (cfg.starttls_proto == PROTO_SMTP || + cfg.starttls_proto == PROTO_LMTP) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); @@ -1237,7 +1237,7 @@ s_client_main(int argc, char **argv) while (mbuf_len > 3 && mbuf[3] == '-'); /* STARTTLS command requires EHLO... */ BIO_printf(fbio, "%cHLO openssl.client.net\r\n", - s_client_config.starttls_proto == PROTO_SMTP ? 'E' : 'L'); + cfg.starttls_proto == PROTO_SMTP ? 'E' : 'L'); (void) BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ do { @@ -1255,7 +1255,7 @@ s_client_main(int argc, char **argv) " try anyway...\n"); BIO_printf(sbio, "STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_POP3) { + } else if (cfg.starttls_proto == PROTO_POP3) { mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); if (mbuf_len == -1) { BIO_printf(bio_err, "BIO_read failed\n"); @@ -1263,7 +1263,7 @@ s_client_main(int argc, char **argv) } BIO_printf(sbio, "STLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_IMAP) { + } else if (cfg.starttls_proto == PROTO_IMAP) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); @@ -1287,7 +1287,7 @@ s_client_main(int argc, char **argv) " try anyway...\n"); BIO_printf(sbio, ". STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_FTP) { + } else if (cfg.starttls_proto == PROTO_FTP) { BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ @@ -1300,13 +1300,13 @@ s_client_main(int argc, char **argv) BIO_free(fbio); BIO_printf(sbio, "AUTH TLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); - } else if (s_client_config.starttls_proto == PROTO_XMPP) { + } else if (cfg.starttls_proto == PROTO_XMPP) { int seen = 0; BIO_printf(sbio, "<stream:stream " "xmlns:stream='http://etherx.jabber.org/streams' " "xmlns='jabber:client' to='%s' version='1.0'>", - s_client_config.xmpphost ? - s_client_config.xmpphost : s_client_config.host); + cfg.xmpphost ? + cfg.xmpphost : cfg.host); seen = BIO_read(sbio, mbuf, BUFSIZZ); if (seen <= 0) @@ -1329,9 +1329,9 @@ s_client_main(int argc, char **argv) if (!strstr(sbuf, "<proceed")) goto shut; mbuf[0] = 0; - } else if (s_client_config.proxy != NULL) { + } else if (cfg.proxy != NULL) { BIO_printf(sbio, "CONNECT %s HTTP/1.0\r\n\r\n", - s_client_config.connect); + cfg.connect); mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); if (mbuf_len == -1) { BIO_printf(bio_err, "BIO_read failed\n"); @@ -1353,9 +1353,9 @@ s_client_main(int argc, char **argv) tty_on = 1; if (in_init) { in_init = 0; - if (s_client_config.sess_out) { + if (cfg.sess_out) { BIO *stmp = BIO_new_file( - s_client_config.sess_out, "w"); + cfg.sess_out, "w"); if (stmp) { PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); @@ -1363,19 +1363,19 @@ s_client_main(int argc, char **argv) } else BIO_printf(bio_err, "Error writing session file %s\n", - s_client_config.sess_out); + cfg.sess_out); } print_stuff(bio_c_out, con, full_log); if (full_log > 0) full_log--; - if (s_client_config.starttls_proto) { + if (cfg.starttls_proto) { BIO_write(bio_err, mbuf, mbuf_len); /* We don't need to know any more */ - s_client_config.starttls_proto = PROTO_OFF; + cfg.starttls_proto = PROTO_OFF; } - if (s_client_config.reconnect) { - s_client_config.reconnect--; + if (cfg.reconnect) { + cfg.reconnect--; BIO_printf(bio_c_out, "drop connection and then reconnect\n"); SSL_shutdown(con); @@ -1516,7 +1516,7 @@ s_client_main(int argc, char **argv) } } #endif - if (s_client_config.peekaboo) { + if (cfg.peekaboo) { k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ ); pending = SSL_pending(con); if (SSL_get_error(con, p) == SSL_ERROR_NONE) { @@ -1535,7 +1535,7 @@ s_client_main(int argc, char **argv) goto end; sbuf_off = 0; sbuf_len = k; - if (s_client_config.peekaboo) { + if (cfg.peekaboo) { if (p != pending) { ret = -1; BIO_printf(bio_err, @@ -1594,7 +1594,7 @@ s_client_main(int argc, char **argv) BIO_printf(bio_err, "poll error"); goto shut; } - if (s_client_config.crlf) { + if (cfg.crlf) { int j, lf_num; i = read(fileno(stdin), cbuf, BUFSIZZ / 2); @@ -1615,13 +1615,13 @@ s_client_main(int argc, char **argv) } else i = read(fileno(stdin), cbuf, BUFSIZZ); - if ((!s_client_config.ign_eof) && + if ((!cfg.ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err, "DONE\n"); ret = 0; goto shut; } - if ((!s_client_config.ign_eof) && (cbuf[0] == 'R')) { + if ((!cfg.ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; @@ -1644,7 +1644,7 @@ s_client_main(int argc, char **argv) close(SSL_get_fd(con)); end: if (con != NULL) { - if (s_client_config.prexit != 0) + if (cfg.prexit != 0) print_stuff(bio_c_out, con, 1); SSL_free(con); } @@ -1652,7 +1652,7 @@ s_client_main(int argc, char **argv) X509_free(cert); EVP_PKEY_free(key); free(pass); - X509_VERIFY_PARAM_free(s_client_config.vpm); + X509_VERIFY_PARAM_free(cfg.vpm); freezero(cbuf, BUFSIZZ); freezero(sbuf, BUFSIZZ); freezero(pbuf, BUFSIZZ); @@ -1692,7 +1692,7 @@ print_stuff(BIO *bio, SSL *s, int full) X509_NAME_oneline(X509_get_issuer_name( sk_X509_value(sk, i)), buf, sizeof buf); BIO_printf(bio, " i:%s\n", buf); - if (s_client_config.showcerts) + if (cfg.showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); } @@ -1701,7 +1701,7 @@ print_stuff(BIO *bio, SSL *s, int full) peer = SSL_get_peer_certificate(s); if (peer != NULL) { BIO_printf(bio, "Server certificate\n"); - if (!(s_client_config.showcerts && got_a_chain)) { + if (!(cfg.showcerts && got_a_chain)) { /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio, peer); } @@ -1820,23 +1820,23 @@ print_stuff(BIO *bio, SSL *s, int full) #endif SSL_SESSION_print(bio, SSL_get_session(s)); - if (s_client_config.keymatexportlabel != NULL) { + if (cfg.keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", - s_client_config.keymatexportlabel); + cfg.keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", - s_client_config.keymatexportlen); - exportedkeymat = malloc(s_client_config.keymatexportlen); + cfg.keymatexportlen); + exportedkeymat = malloc(cfg.keymatexportlen); if (exportedkeymat != NULL) { if (!SSL_export_keying_material(s, exportedkeymat, - s_client_config.keymatexportlen, - s_client_config.keymatexportlabel, - strlen(s_client_config.keymatexportlabel), + cfg.keymatexportlen, + cfg.keymatexportlabel, + strlen(cfg.keymatexportlabel), NULL, 0, 0)) { BIO_printf(bio, " Error\n"); } else { BIO_printf(bio, " Keying material: "); - for (i = 0; i < s_client_config.keymatexportlen; i++) + for (i = 0; i < cfg.keymatexportlen; i++) BIO_printf(bio, "%02X", exportedkeymat[i]); BIO_printf(bio, "\n"); diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index adf98451ec2..a7f6146c4c3 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -294,23 +294,23 @@ static struct { int tlsextstatus; X509_VERIFY_PARAM *vpm; int www; -} s_server_config; +} cfg; static int s_server_opt_context(char *arg) { - s_server_config.context = (unsigned char *) arg; + cfg.context = (unsigned char *) arg; return (0); } static int s_server_opt_keymatexportlen(char *arg) { - s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX, - &s_server_config.errstr); - if (s_server_config.errstr != NULL) { + cfg.keymatexportlen = strtonum(arg, 1, INT_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_server_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -320,11 +320,11 @@ s_server_opt_keymatexportlen(char *arg) static int s_server_opt_mtu(char *arg) { - s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX, - &s_server_config.errstr); - if (s_server_config.errstr != NULL) { + cfg.socket_mtu = strtonum(arg, 0, LONG_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_server_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -335,8 +335,8 @@ s_server_opt_mtu(char *arg) static int s_server_opt_protocol_version_dtls(void) { - s_server_config.meth = DTLS_server_method(); - s_server_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_server_method(); + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -345,10 +345,10 @@ s_server_opt_protocol_version_dtls(void) static int s_server_opt_protocol_version_dtls1(void) { - s_server_config.meth = DTLS_server_method(); - s_server_config.min_version = DTLS1_VERSION; - s_server_config.max_version = DTLS1_VERSION; - s_server_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_server_method(); + cfg.min_version = DTLS1_VERSION; + cfg.max_version = DTLS1_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -357,10 +357,10 @@ s_server_opt_protocol_version_dtls1(void) static int s_server_opt_protocol_version_dtls1_2(void) { - s_server_config.meth = DTLS_server_method(); - s_server_config.min_version = DTLS1_2_VERSION; - s_server_config.max_version = DTLS1_2_VERSION; - s_server_config.socket_type = SOCK_DGRAM; + cfg.meth = DTLS_server_method(); + cfg.min_version = DTLS1_2_VERSION; + cfg.max_version = DTLS1_2_VERSION; + cfg.socket_type = SOCK_DGRAM; return (0); } #endif @@ -368,47 +368,47 @@ s_server_opt_protocol_version_dtls1_2(void) static int s_server_opt_protocol_version_tls1(void) { - s_server_config.min_version = TLS1_VERSION; - s_server_config.max_version = TLS1_VERSION; + cfg.min_version = TLS1_VERSION; + cfg.max_version = TLS1_VERSION; return (0); } static int s_server_opt_protocol_version_tls1_1(void) { - s_server_config.min_version = TLS1_1_VERSION; - s_server_config.max_version = TLS1_1_VERSION; + cfg.min_version = TLS1_1_VERSION; + cfg.max_version = TLS1_1_VERSION; return (0); } static int s_server_opt_protocol_version_tls1_2(void) { - s_server_config.min_version = TLS1_2_VERSION; - s_server_config.max_version = TLS1_2_VERSION; + cfg.min_version = TLS1_2_VERSION; + cfg.max_version = TLS1_2_VERSION; return (0); } static int s_server_opt_protocol_version_tls1_3(void) { - s_server_config.min_version = TLS1_3_VERSION; - s_server_config.max_version = TLS1_3_VERSION; + cfg.min_version = TLS1_3_VERSION; + cfg.max_version = TLS1_3_VERSION; return (0); } static int s_server_opt_nbio_test(void) { - s_server_config.nbio = 1; - s_server_config.nbio_test = 1; + cfg.nbio = 1; + cfg.nbio_test = 1; return (0); } static int s_server_opt_port(char *arg) { - if (!extract_port(arg, &s_server_config.port)) + if (!extract_port(arg, &cfg.port)) return (1); return (0); } @@ -416,12 +416,12 @@ s_server_opt_port(char *arg) static int s_server_opt_status_timeout(char *arg) { - s_server_config.tlsextstatus = 1; - s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, - &s_server_config.errstr); - if (s_server_config.errstr != NULL) { + cfg.tlsextstatus = 1; + cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, + &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_server_config.errstr); + arg, cfg.errstr); return (1); } return (0); @@ -430,10 +430,10 @@ s_server_opt_status_timeout(char *arg) static int s_server_opt_status_url(char *arg) { - s_server_config.tlsextstatus = 1; - if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host, - &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path, - &s_server_config.tlscstatp.use_ssl)) { + cfg.tlsextstatus = 1; + if (!OCSP_parse_url(arg, &cfg.tlscstatp.host, + &cfg.tlscstatp.port, &cfg.tlscstatp.path, + &cfg.tlscstatp.use_ssl)) { BIO_printf(bio_err, "Error parsing URL\n"); return (1); } @@ -443,20 +443,20 @@ s_server_opt_status_url(char *arg) static int s_server_opt_status_verbose(void) { - s_server_config.tlsextstatus = 1; - s_server_config.tlscstatp.verbose = 1; + cfg.tlsextstatus = 1; + cfg.tlscstatp.verbose = 1; return (0); } static int s_server_opt_verify(char *arg) { - s_server_config.server_verify = SSL_VERIFY_PEER | + cfg.server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; - verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); - if (s_server_config.errstr != NULL) { + verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_server_config.errstr); + arg, cfg.errstr); return (1); } BIO_printf(bio_err, "verify depth is %d\n", verify_depth); @@ -466,12 +466,12 @@ s_server_opt_verify(char *arg) static int s_server_opt_verify_fail(char *arg) { - s_server_config.server_verify = SSL_VERIFY_PEER | + cfg.server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; - verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); - if (s_server_config.errstr != NULL) { + verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr); + if (cfg.errstr != NULL) { BIO_printf(bio_err, "invalid argument %s: %s\n", - arg, s_server_config.errstr); + arg, cfg.errstr); return (1); } BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", @@ -487,7 +487,7 @@ s_server_opt_verify_param(int argc, char **argv, int *argsused) int badarg = 0; if (!args_verify(&pargs, &pargc, &badarg, bio_err, - &s_server_config.vpm)) { + &cfg.vpm)) { BIO_printf(bio_err, "unknown option %s\n", *argv); return (1); } @@ -520,27 +520,27 @@ static const struct option s_server_options[] = { .desc = "Set the advertised protocols for the ALPN extension" " (comma-separated list)", .type = OPTION_ARG, - .opt.arg = &s_server_config.alpn_in, + .opt.arg = &cfg.alpn_in, }, { .name = "bugs", .desc = "Turn on SSL bug compatibility", .type = OPTION_FLAG, - .opt.flag = &s_server_config.bugs, + .opt.flag = &cfg.bugs, }, { .name = "CAfile", .argname = "file", .desc = "PEM format file of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_server_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "directory", .desc = "PEM format directory of CA certificates", .type = OPTION_ARG, - .opt.arg = &s_server_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "cert", @@ -548,7 +548,7 @@ static const struct option s_server_options[] = { .desc = "Certificate file to use\n" "(default is " TEST_CERT ")", .type = OPTION_ARG, - .opt.arg = &s_server_config.cert_file, + .opt.arg = &cfg.cert_file, }, { .name = "cert2", @@ -556,20 +556,20 @@ static const struct option s_server_options[] = { .desc = "Certificate file to use for servername\n" "(default is " TEST_CERT2 ")", .type = OPTION_ARG, - .opt.arg = &s_server_config.cert_file2, + .opt.arg = &cfg.cert_file2, }, { .name = "certform", .argname = "fmt", .desc = "Certificate format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_server_config.cert_format, + .opt.value = &cfg.cert_format, }, #ifndef OPENSSL_NO_DTLS { .name = "chain", .type = OPTION_FLAG, - .opt.flag = &s_server_config.cert_chain, + .opt.flag = &cfg.cert_chain, }, #endif { @@ -577,7 +577,7 @@ static const struct option s_server_options[] = { .argname = "list", .desc = "List of ciphers to enable (see `openssl ciphers`)", .type = OPTION_ARG, - .opt.arg = &s_server_config.cipher, + .opt.arg = &cfg.cipher, }, { .name = "context", @@ -590,55 +590,55 @@ static const struct option s_server_options[] = { .name = "crlf", .desc = "Convert LF from terminal into CRLF", .type = OPTION_FLAG, - .opt.flag = &s_server_config.crlf, + .opt.flag = &cfg.crlf, }, { .name = "dcert", .argname = "file", .desc = "Second certificate file to use (usually for DSA)", .type = OPTION_ARG, - .opt.arg = &s_server_config.dcert_file, + .opt.arg = &cfg.dcert_file, }, { .name = "dcertform", .argname = "fmt", .desc = "Second certificate format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_server_config.dcert_format, + .opt.value = &cfg.dcert_format, }, { .name = "debug", .desc = "Print more output", .type = OPTION_FLAG, - .opt.flag = &s_server_config.debug, + .opt.flag = &cfg.debug, }, { .name = "dhparam", .argname = "file", .desc = "DH parameter file to use, in cert file if not specified", .type = OPTION_ARG, - .opt.arg = &s_server_config.dhfile, + .opt.arg = &cfg.dhfile, }, { .name = "dkey", .argname = "file", .desc = "Second private key file to use (usually for DSA)", .type = OPTION_ARG, - .opt.arg = &s_server_config.dkey_file, + .opt.arg = &cfg.dkey_file, }, { .name = "dkeyform", .argname = "fmt", .desc = "Second key format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_server_config.dkey_format, + .opt.value = &cfg.dkey_format, }, { .name = "dpass", .argname = "arg", .desc = "Second private key file pass phrase source", .type = OPTION_ARG, - .opt.arg = &s_server_config.dpassarg, + .opt.arg = &cfg.dpassarg, }, #ifndef OPENSSL_NO_DTLS { @@ -669,13 +669,13 @@ static const struct option s_server_options[] = { .argname = "list", .desc = "Specify EC groups (colon-separated list)", .type = OPTION_ARG, - .opt.arg = &s_server_config.groups_in, + .opt.arg = &cfg.groups_in, }, { .name = "HTTP", .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", .type = OPTION_VALUE, - .opt.value = &s_server_config.www, + .opt.value = &cfg.www, .value = 3, }, { @@ -683,7 +683,7 @@ static const struct option s_server_options[] = { .argname = "arg", .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", .type = OPTION_ARG, - .opt.arg = &s_server_config.session_id_prefix, + .opt.arg = &cfg.session_id_prefix, }, { .name = "key", @@ -691,7 +691,7 @@ static const struct option s_server_options[] = { .desc = "Private Key file to use, in cert file if\n" "not specified (default is " TEST_CERT ")", .type = OPTION_ARG, - .opt.arg = &s_server_config.key_file, + .opt.arg = &cfg.key_file, }, { .name = "key2", @@ -699,21 +699,21 @@ static const struct option s_server_options[] = { .desc = "Private Key file to use for servername, in cert file if\n" "not specified (default is " TEST_CERT2 ")", .type = OPTION_ARG, - .opt.arg = &s_server_config.key_file2, + .opt.arg = &cfg.key_file2, }, { .name = "keyform", .argname = "fmt", .desc = "Key format (PEM or DER) PEM default", .type = OPTION_ARG_FORMAT, - .opt.value = &s_server_config.key_format, + .opt.value = &cfg.key_format, }, { .name = "keymatexport", .argname = "label", .desc = "Export keying material using label", .type = OPTION_ARG, - .opt.arg = &s_server_config.keymatexportlabel, + .opt.arg = &cfg.keymatexportlabel, }, { .name = "keymatexportlen", @@ -730,7 +730,7 @@ static const struct option s_server_options[] = { .name = "msg", .desc = "Show protocol messages", .type = OPTION_FLAG, - .opt.flag = &s_server_config.msg, + .opt.flag = &cfg.msg, }, #ifndef OPENSSL_NO_DTLS { @@ -746,19 +746,19 @@ static const struct option s_server_options[] = { .argname = "num", .desc = "Terminate after num connections", .type = OPTION_ARG_INT, - .opt.value = &s_server_config.naccept + .opt.value = &cfg.naccept }, { .name = "named_curve", .argname = "arg", .type = OPTION_ARG, - .opt.arg = &s_server_config.named_curve, + .opt.arg = &cfg.named_curve, }, { .name = "nbio", .desc = "Run with non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_server_config.nbio, + .opt.flag = &cfg.nbio, }, { .name = "nbio_test", @@ -770,78 +770,78 @@ static const struct option s_server_options[] = { .name = "nextprotoneg", .argname = "arg", .type = OPTION_ARG, - .opt.arg = &s_server_config.npn_in, /* Ignored. */ + .opt.arg = &cfg.npn_in, /* Ignored. */ }, { .name = "no_cache", .desc = "Disable session cache", .type = OPTION_FLAG, - .opt.flag = &s_server_config.no_cache, + .opt.flag = &cfg.no_cache, }, { .name = "no_comp", .desc = "Disable SSL/TLS compression", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_COMPRESSION, }, { .name = "no_dhe", .desc = "Disable ephemeral DH", .type = OPTION_FLAG, - .opt.flag = &s_server_config.no_dhe, + .opt.flag = &cfg.no_dhe, }, { .name = "no_ecdhe", .desc = "Disable ephemeral ECDH", .type = OPTION_FLAG, - .opt.flag = &s_server_config.no_ecdhe, + .opt.flag = &cfg.no_ecdhe, }, { .name = "no_ticket", .desc = "Disable use of RFC4507bis session tickets", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TICKET, }, { .name = "no_ssl2", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv2, }, { .name = "no_ssl3", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_SSLv3, }, { .name = "no_tls1", .desc = "Just disable TLSv1", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1, }, { .name = "no_tls1_1", .desc = "Just disable TLSv1.1", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_1, }, { .name = "no_tls1_2", .desc = "Just disable TLSv1.2", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_2, }, { .name = "no_tls1_3", .desc = "Just disable TLSv1.3", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_NO_TLSv1_3, }, { @@ -852,14 +852,14 @@ static const struct option s_server_options[] = { .name = "nocert", .desc = "Don't use any certificates (Anon-DH)", .type = OPTION_FLAG, - .opt.flag = &s_server_config.nocert, + .opt.flag = &cfg.nocert, }, { .name = "pass", .argname = "arg", .desc = "Private key file pass phrase source", .type = OPTION_ARG, - .opt.arg = &s_server_config.passarg, + .opt.arg = &cfg.passarg, }, { .name = "port", @@ -871,40 +871,40 @@ static const struct option s_server_options[] = { .name = "quiet", .desc = "Inhibit printing of session and certificate information", .type = OPTION_FLAG, - .opt.flag = &s_server_config.quiet, + .opt.flag = &cfg.quiet, }, { .name = "servername", .argname = "name", .desc = "Servername for HostName TLS extension", .type = OPTION_ARG, - .opt.arg = &s_server_config.tlsextcbp.servername, + .opt.arg = &cfg.tlsextcbp.servername, }, { .name = "servername_fatal", .desc = "On mismatch send fatal alert (default warning alert)", .type = OPTION_VALUE, - .opt.value = &s_server_config.tlsextcbp.extension_error, + .opt.value = &cfg.tlsextcbp.extension_error, .value = SSL_TLSEXT_ERR_ALERT_FATAL, }, { .name = "serverpref", .desc = "Use server's cipher preferences", .type = OPTION_VALUE_OR, - .opt.value = &s_server_config.off, + .opt.value = &cfg.off, .value = SSL_OP_CIPHER_SERVER_PREFERENCE, }, { .name = "state", .desc = "Print the SSL states", .type = OPTION_FLAG, - .opt.flag = &s_server_config.state, + .opt.flag = &cfg.state, }, { .name = "status", .desc = "Respond to certificate status requests", .type = OPTION_FLAG, - .opt.flag = &s_server_config.tlsextstatus, + .opt.flag = &cfg.tlsextstatus, }, { .name = "status_timeout", @@ -931,7 +931,7 @@ static const struct option s_server_options[] = { .name = "timeout", .desc = "Enable timeouts", .type = OPTION_FLAG, - .opt.flag = &s_server_config.enable_timeouts, + .opt.flag = &cfg.enable_timeouts, }, #endif { @@ -962,7 +962,7 @@ static const struct option s_server_options[] = { .name = "tlsextdebug", .desc = "Hex dump of all TLS extensions received", .type = OPTION_FLAG, - .opt.flag = &s_server_config.tlsextdebug, + .opt.flag = &cfg.tlsextdebug, }, #ifndef OPENSSL_NO_SRTP { @@ -970,7 +970,7 @@ static const struct option s_server_options[] = { .argname = "profiles", .desc = "Offer SRTP key management with a colon-separated profile list", .type = OPTION_ARG, - .opt.arg = &s_server_config.srtp_profiles, + .opt.arg = &cfg.srtp_profiles, }, #endif { @@ -997,14 +997,14 @@ static const struct option s_server_options[] = { .name = "WWW", .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", .type = OPTION_VALUE, - .opt.value = &s_server_config.www, + .opt.value = &cfg.www, .value = 2, }, { .name = "www", .desc = "Respond to a 'GET /' with a status page", .type = OPTION_VALUE, - .opt.value = &s_server_config.www, + .opt.value = &cfg.www, .value = 1, }, { @@ -1020,24 +1020,24 @@ static void s_server_init(void) { accept_socket = -1; - s_server_config.cipher = NULL; - s_server_config.server_verify = SSL_VERIFY_NONE; - s_server_config.dcert_file = NULL; - s_server_config.dkey_file = NULL; - s_server_config.cert_file = TEST_CERT; - s_server_config.key_file = NULL; - s_server_config.cert_file2 = TEST_CERT2; - s_server_config.key_file2 = NULL; + cfg.cipher = NULL; + cfg.server_verify = SSL_VERIFY_NONE; + cfg.dcert_file = NULL; + cfg.dkey_file = NULL; + cfg.cert_file = TEST_CERT; + cfg.key_file = NULL; + cfg.cert_file2 = TEST_CERT2; + cfg.key_file2 = NULL; ctx2 = NULL; - s_server_config.nbio = 0; - s_server_config.nbio_test = 0; + cfg.nbio = 0; + cfg.nbio_test = 0; ctx = NULL; - s_server_config.www = 0; + cfg.www = 0; bio_s_out = NULL; - s_server_config.debug = 0; - s_server_config.msg = 0; - s_server_config.quiet = 0; + cfg.debug = 0; + cfg.msg = 0; + cfg.quiet = 0; } static void @@ -1086,21 +1086,21 @@ s_server_main(int argc, char *argv[]) exit(1); } - memset(&s_server_config, 0, sizeof(s_server_config)); - s_server_config.keymatexportlen = 20; - s_server_config.meth = TLS_server_method(); - s_server_config.naccept = -1; - s_server_config.port = PORT; - s_server_config.cert_file = TEST_CERT; - s_server_config.cert_file2 = TEST_CERT2; - s_server_config.cert_format = FORMAT_PEM; - s_server_config.dcert_format = FORMAT_PEM; - s_server_config.dkey_format = FORMAT_PEM; - s_server_config.key_format = FORMAT_PEM; - s_server_config.server_verify = SSL_VERIFY_NONE; - s_server_config.socket_type = SOCK_STREAM; - s_server_config.tlscstatp.timeout = -1; - s_server_config.tlsextcbp.extension_error = + memset(&cfg, 0, sizeof(cfg)); + cfg.keymatexportlen = 20; + cfg.meth = TLS_server_method(); + cfg.naccept = -1; + cfg.port = PORT; + cfg.cert_file = TEST_CERT; + cfg.cert_file2 = TEST_CERT2; + cfg.cert_format = FORMAT_PEM; + cfg.dcert_format = FORMAT_PEM; + cfg.dkey_format = FORMAT_PEM; + cfg.key_format = FORMAT_PEM; + cfg.server_verify = SSL_VERIFY_NONE; + cfg.socket_type = SOCK_STREAM; + cfg.tlscstatp.timeout = -1; + cfg.tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_WARNING; local_argc = argc; @@ -1111,47 +1111,47 @@ s_server_main(int argc, char *argv[]) verify_depth = 0; if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { - if (s_server_config.errstr == NULL) + if (cfg.errstr == NULL) sv_usage(); goto end; } - if (!app_passwd(bio_err, s_server_config.passarg, - s_server_config.dpassarg, &pass, &dpass)) { + if (!app_passwd(bio_err, cfg.passarg, + cfg.dpassarg, &pass, &dpass)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (s_server_config.key_file == NULL) - s_server_config.key_file = s_server_config.cert_file; - if (s_server_config.key_file2 == NULL) - s_server_config.key_file2 = s_server_config.cert_file2; - - if (s_server_config.nocert == 0) { - s_key = load_key(bio_err, s_server_config.key_file, - s_server_config.key_format, 0, pass, + if (cfg.key_file == NULL) + cfg.key_file = cfg.cert_file; + if (cfg.key_file2 == NULL) + cfg.key_file2 = cfg.cert_file2; + + if (cfg.nocert == 0) { + s_key = load_key(bio_err, cfg.key_file, + cfg.key_format, 0, pass, "server certificate private key file"); if (!s_key) { ERR_print_errors(bio_err); goto end; } - s_cert = load_cert(bio_err, s_server_config.cert_file, - s_server_config.cert_format, + s_cert = load_cert(bio_err, cfg.cert_file, + cfg.cert_format, NULL, "server certificate file"); if (!s_cert) { ERR_print_errors(bio_err); goto end; } - if (s_server_config.tlsextcbp.servername) { - s_key2 = load_key(bio_err, s_server_config.key_file2, - s_server_config.key_format, 0, pass, + if (cfg.tlsextcbp.servername) { + s_key2 = load_key(bio_err, cfg.key_file2, + cfg.key_format, 0, pass, "second server certificate private key file"); if (!s_key2) { ERR_print_errors(bio_err); goto end; } - s_cert2 = load_cert(bio_err, s_server_config.cert_file2, - s_server_config.cert_format, + s_cert2 = load_cert(bio_err, cfg.cert_file2, + cfg.cert_format, NULL, "second server certificate file"); if (!s_cert2) { @@ -1161,29 +1161,29 @@ s_server_main(int argc, char *argv[]) } } alpn_ctx.data = NULL; - if (s_server_config.alpn_in) { + if (cfg.alpn_in) { unsigned short len; alpn_ctx.data = next_protos_parse(&len, - s_server_config.alpn_in); + cfg.alpn_in); if (alpn_ctx.data == NULL) goto end; alpn_ctx.len = len; } - if (s_server_config.dcert_file) { + if (cfg.dcert_file) { - if (s_server_config.dkey_file == NULL) - s_server_config.dkey_file = s_server_config.dcert_file; + if (cfg.dkey_file == NULL) + cfg.dkey_file = cfg.dcert_file; - s_dkey = load_key(bio_err, s_server_config.dkey_file, - s_server_config.dkey_format, + s_dkey = load_key(bio_err, cfg.dkey_file, + cfg.dkey_format, 0, dpass, "second certificate private key file"); if (!s_dkey) { ERR_print_errors(bio_err); goto end; } - s_dcert = load_cert(bio_err, s_server_config.dcert_file, - s_server_config.dcert_format, + s_dcert = load_cert(bio_err, cfg.dcert_file, + cfg.dcert_format, NULL, "second server certificate file"); if (!s_dcert) { @@ -1192,23 +1192,23 @@ s_server_main(int argc, char *argv[]) } } if (bio_s_out == NULL) { - if (s_server_config.quiet && !s_server_config.debug && - !s_server_config.msg) { + if (cfg.quiet && !cfg.debug && + !cfg.msg) { bio_s_out = BIO_new(BIO_s_null()); } else { if (bio_s_out == NULL) bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); } } - if (s_server_config.nocert) { - s_server_config.cert_file = NULL; - s_server_config.key_file = NULL; - s_server_config.dcert_file = NULL; - s_server_config.dkey_file = NULL; - s_server_config.cert_file2 = NULL; - s_server_config.key_file2 = NULL; + if (cfg.nocert) { + cfg.cert_file = NULL; + cfg.key_file = NULL; + cfg.dcert_file = NULL; + cfg.dkey_file = NULL; + cfg.cert_file2 = NULL; + cfg.key_file2 = NULL; } - ctx = SSL_CTX_new(s_server_config.meth); + ctx = SSL_CTX_new(cfg.meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; @@ -1216,16 +1216,16 @@ s_server_main(int argc, char *argv[]) SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version)) + if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version)) goto end; - if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version)) + if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version)) goto end; - if (s_server_config.session_id_prefix) { - if (strlen(s_server_config.session_id_prefix) >= 32) + if (cfg.session_id_prefix) { + if (strlen(cfg.session_id_prefix) >= 32) BIO_printf(bio_err, "warning: id_prefix is too long, only one new session will be possible\n"); - else if (strlen(s_server_config.session_id_prefix) >= 16) + else if (strlen(cfg.session_id_prefix) >= 16) BIO_printf(bio_err, "warning: id_prefix is too long if you use SSLv2\n"); if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { @@ -1234,58 +1234,58 @@ s_server_main(int argc, char *argv[]) goto end; } BIO_printf(bio_err, "id_prefix '%s' set.\n", - s_server_config.session_id_prefix); + cfg.session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx, 1); - if (s_server_config.bugs) + if (cfg.bugs) SSL_CTX_set_options(ctx, SSL_OP_ALL); - SSL_CTX_set_options(ctx, s_server_config.off); + SSL_CTX_set_options(ctx, cfg.off); - if (s_server_config.state) + if (cfg.state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); - if (s_server_config.no_cache) + if (cfg.no_cache) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); else SSL_CTX_sess_set_cache_size(ctx, 128); #ifndef OPENSSL_NO_SRTP - if (s_server_config.srtp_profiles != NULL) - SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); + if (cfg.srtp_profiles != NULL) + SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles); #endif - if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, - s_server_config.CApath)) || + if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile, + cfg.CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ } - if (s_server_config.vpm) - SSL_CTX_set1_param(ctx, s_server_config.vpm); + if (cfg.vpm) + SSL_CTX_set1_param(ctx, cfg.vpm); if (s_cert2) { - ctx2 = SSL_CTX_new(s_server_config.meth); + ctx2 = SSL_CTX_new(cfg.meth); if (ctx2 == NULL) { ERR_print_errors(bio_err); goto end; } if (!SSL_CTX_set_min_proto_version(ctx2, - s_server_config.min_version)) + cfg.min_version)) goto end; if (!SSL_CTX_set_max_proto_version(ctx2, - s_server_config.max_version)) + cfg.max_version)) goto end; SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); } if (ctx2) { BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); - if (s_server_config.session_id_prefix) { - if (strlen(s_server_config.session_id_prefix) >= 32) + if (cfg.session_id_prefix) { + if (strlen(cfg.session_id_prefix) >= 32) BIO_printf(bio_err, "warning: id_prefix is too long, only one new session will be possible\n"); - else if (strlen(s_server_config.session_id_prefix) >= 16) + else if (strlen(cfg.session_id_prefix) >= 16) BIO_printf(bio_err, "warning: id_prefix is too long if you use SSLv2\n"); if (!SSL_CTX_set_generate_session_id(ctx2, @@ -1296,48 +1296,48 @@ s_server_main(int argc, char *argv[]) goto end; } BIO_printf(bio_err, "id_prefix '%s' set.\n", - s_server_config.session_id_prefix); + cfg.session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx2, 1); - if (s_server_config.bugs) + if (cfg.bugs) SSL_CTX_set_options(ctx2, SSL_OP_ALL); - SSL_CTX_set_options(ctx2, s_server_config.off); + SSL_CTX_set_options(ctx2, cfg.off); - if (s_server_config.state) + if (cfg.state) SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); - if (s_server_config.no_cache) + if (cfg.no_cache) SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); else SSL_CTX_sess_set_cache_size(ctx2, 128); if ((!SSL_CTX_load_verify_locations(ctx2, - s_server_config.CAfile, s_server_config.CApath)) || + cfg.CAfile, cfg.CApath)) || (!SSL_CTX_set_default_verify_paths(ctx2))) { ERR_print_errors(bio_err); } - if (s_server_config.vpm) - SSL_CTX_set1_param(ctx2, s_server_config.vpm); + if (cfg.vpm) + SSL_CTX_set1_param(ctx2, cfg.vpm); } if (alpn_ctx.data) SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); - if (s_server_config.groups_in != NULL) { - if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) { + if (cfg.groups_in != NULL) { + if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) { BIO_printf(bio_err, "Failed to set groups '%s'\n", - s_server_config.groups_in); + cfg.groups_in); goto end; } } #ifndef OPENSSL_NO_DH - if (!s_server_config.no_dhe) { + if (!cfg.no_dhe) { DH *dh = NULL; - if (s_server_config.dhfile) - dh = load_dh_param(s_server_config.dhfile); - else if (s_server_config.cert_file) - dh = load_dh_param(s_server_config.cert_file); + if (cfg.dhfile) + dh = load_dh_param(cfg.dhfile); + else if (cfg.cert_file) + dh = load_dh_param(cfg.cert_file); if (dh != NULL) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); @@ -1356,12 +1356,12 @@ s_server_main(int argc, char *argv[]) } if (ctx2) { - if (!s_server_config.dhfile) { + if (!cfg.dhfile) { DH *dh2 = NULL; - if (s_server_config.cert_file2 != NULL) + if (cfg.cert_file2 != NULL) dh2 = load_dh_param( - s_server_config.cert_file2); + cfg.cert_file2); if (dh2 != NULL) { BIO_printf(bio_s_out, "Setting temp DH parameters\n"); @@ -1385,18 +1385,18 @@ s_server_main(int argc, char *argv[]) } #endif - if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) { + if (!cfg.no_ecdhe && cfg.named_curve != NULL) { EC_KEY *ecdh = NULL; int nid; - if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) { + if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", - s_server_config.named_curve); + cfg.named_curve); goto end; } if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", - s_server_config.named_curve); + cfg.named_curve); goto end; } BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); @@ -1417,20 +1417,20 @@ s_server_main(int argc, char *argv[]) goto end; } - if (s_server_config.cipher != NULL) { - if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) { + if (cfg.cipher != NULL) { + if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, - s_server_config.cipher)) { + cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } } - SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); + SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, sizeof s_server_session_id_context); @@ -1440,38 +1440,38 @@ s_server_main(int argc, char *argv[]) SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); if (ctx2) { - SSL_CTX_set_verify(ctx2, s_server_config.server_verify, + SSL_CTX_set_verify(ctx2, cfg.server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, sizeof s_server_session_id_context); - s_server_config.tlsextcbp.biodebug = bio_s_out; + cfg.tlsextcbp.biodebug = bio_s_out; SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx2, - &s_server_config.tlsextcbp); + &cfg.tlsextcbp); SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, - &s_server_config.tlsextcbp); + &cfg.tlsextcbp); } - if (s_server_config.CAfile != NULL) { + if (cfg.CAfile != NULL) { SSL_CTX_set_client_CA_list(ctx, - SSL_load_client_CA_file(s_server_config.CAfile)); + SSL_load_client_CA_file(cfg.CAfile)); if (ctx2) SSL_CTX_set_client_CA_list(ctx2, - SSL_load_client_CA_file(s_server_config.CAfile)); + SSL_load_client_CA_file(cfg.CAfile)); } BIO_printf(bio_s_out, "ACCEPT\n"); (void) BIO_flush(bio_s_out); - if (s_server_config.www) - do_server(s_server_config.port, s_server_config.socket_type, - &accept_socket, www_body, s_server_config.context, - s_server_config.naccept); + if (cfg.www) + do_server(cfg.port, cfg.socket_type, + &accept_socket, www_body, cfg.context, + cfg.naccept); else - do_server(s_server_config.port, s_server_config.socket_type, - &accept_socket, sv_body, s_server_config.context, - s_server_config.naccept); + do_server(cfg.port, cfg.socket_type, + &accept_socket, sv_body, cfg.context, + cfg.naccept); print_stats(bio_s_out, ctx); ret = 0; end: @@ -1482,10 +1482,10 @@ s_server_main(int argc, char *argv[]) EVP_PKEY_free(s_dkey); free(pass); free(dpass); - X509_VERIFY_PARAM_free(s_server_config.vpm); - free(s_server_config.tlscstatp.host); - free(s_server_config.tlscstatp.port); - free(s_server_config.tlscstatp.path); + X509_VERIFY_PARAM_free(cfg.vpm); + free(cfg.tlscstatp.host); + free(cfg.tlscstatp.port); + free(cfg.tlscstatp.path); SSL_CTX_free(ctx2); X509_free(s_cert2); EVP_PKEY_free(s_key2); @@ -1543,8 +1543,8 @@ sv_body(int s, unsigned char *context) BIO_printf(bio_err, "out of memory\n"); goto err; } - if (s_server_config.nbio) { - if (!s_server_config.quiet) + if (cfg.nbio) { + if (!cfg.quiet) BIO_printf(bio_err, "turning on non blocking io\n"); if (!BIO_socket_nbio(s, 1)) ERR_print_errors(bio_err); @@ -1552,15 +1552,15 @@ sv_body(int s, unsigned char *context) if (con == NULL) { con = SSL_new(ctx); - if (s_server_config.tlsextdebug) { + if (cfg.tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (s_server_config.tlsextstatus) { + if (cfg.tlsextstatus) { SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); - s_server_config.tlscstatp.err = bio_err; + cfg.tlscstatp.err = bio_err; SSL_CTX_set_tlsext_status_arg(ctx, - &s_server_config.tlscstatp); + &cfg.tlscstatp); } if (context) SSL_set_session_id_context(con, context, @@ -1571,7 +1571,7 @@ sv_body(int s, unsigned char *context) if (SSL_is_dtls(con)) { sbio = BIO_new_dgram(s, BIO_NOCLOSE); - if (s_server_config.enable_timeouts) { + if (cfg.enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, @@ -1582,9 +1582,9 @@ sv_body(int s, unsigned char *context) BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } - if (s_server_config.socket_mtu > 28) { + if (cfg.socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, s_server_config.socket_mtu - 28); + SSL_set_mtu(con, cfg.socket_mtu - 28); } else /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); @@ -1594,7 +1594,7 @@ sv_body(int s, unsigned char *context) } else sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (s_server_config.nbio_test) { + if (cfg.nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); @@ -1605,16 +1605,16 @@ sv_body(int s, unsigned char *context) SSL_set_accept_state(con); /* SSL_set_fd(con,s); */ - if (s_server_config.debug) { + if (cfg.debug) { SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); } - if (s_server_config.msg) { + if (cfg.msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_s_out); } - if (s_server_config.tlsextdebug) { + if (cfg.tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } @@ -1660,7 +1660,7 @@ sv_body(int s, unsigned char *context) } } if (read_from_terminal) { - if (s_server_config.crlf) { + if (cfg.crlf) { int j, lf_num; i = read(fileno(stdin), buf, bufsize / 2); @@ -1680,7 +1680,7 @@ sv_body(int s, unsigned char *context) assert(lf_num == 0); } else i = read(fileno(stdin), buf, bufsize); - if (!s_server_config.quiet) { + if (!cfg.quiet) { if ((i <= 0) || (buf[0] == 'Q')) { BIO_printf(bio_s_out, "DONE\n"); shutdown(s, SHUT_RD); @@ -1910,23 +1910,23 @@ init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "Reused session-id\n"); BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); - if (s_server_config.keymatexportlabel != NULL) { + if (cfg.keymatexportlabel != NULL) { BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", - s_server_config.keymatexportlabel); + cfg.keymatexportlabel); BIO_printf(bio_s_out, " Length: %i bytes\n", - s_server_config.keymatexportlen); - exportedkeymat = malloc(s_server_config.keymatexportlen); + cfg.keymatexportlen); + exportedkeymat = malloc(cfg.keymatexportlen); if (exportedkeymat != NULL) { if (!SSL_export_keying_material(con, exportedkeymat, - s_server_config.keymatexportlen, - s_server_config.keymatexportlabel, - strlen(s_server_config.keymatexportlabel), + cfg.keymatexportlen, + cfg.keymatexportlabel, + strlen(cfg.keymatexportlabel), NULL, 0, 0)) { BIO_printf(bio_s_out, " Error\n"); } else { BIO_printf(bio_s_out, " Keying material: "); - for (i = 0; i < s_server_config.keymatexportlen; i++) + for (i = 0; i < cfg.keymatexportlen; i++) BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); BIO_printf(bio_s_out, "\n"); @@ -1971,8 +1971,8 @@ www_body(int s, unsigned char *context) if ((io == NULL) || (ssl_bio == NULL)) goto err; - if (s_server_config.nbio) { - if (!s_server_config.quiet) + if (cfg.nbio) { + if (!cfg.quiet) BIO_printf(bio_err, "turning on non blocking io\n"); if (!BIO_socket_nbio(s, 1)) ERR_print_errors(bio_err); @@ -1984,7 +1984,7 @@ www_body(int s, unsigned char *context) if ((con = SSL_new(ctx)) == NULL) goto err; - if (s_server_config.tlsextdebug) { + if (cfg.tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } @@ -1993,7 +1993,7 @@ www_body(int s, unsigned char *context) strlen((char *) context)); sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (s_server_config.nbio_test) { + if (cfg.nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); @@ -2006,12 +2006,12 @@ www_body(int s, unsigned char *context) BIO_set_ssl(ssl_bio, con, BIO_CLOSE); BIO_push(io, ssl_bio); - if (s_server_config.debug) { + if (cfg.debug) { SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); } - if (s_server_config.msg) { + if (cfg.msg) { SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_s_out); } @@ -2019,11 +2019,11 @@ www_body(int s, unsigned char *context) i = BIO_gets(io, buf, bufsize - 1); if (i < 0) { /* error */ if (!BIO_should_retry(io)) { - if (!s_server_config.quiet) + if (!cfg.quiet) ERR_print_errors(bio_err); goto err; } else { - if (s_server_config.debug) { + if (cfg.debug) { BIO_printf(bio_s_out, "read R BLOCK\n"); sleep(1); } @@ -2034,9 +2034,9 @@ www_body(int s, unsigned char *context) goto end; } /* else we have data */ - if (((s_server_config.www == 1) && + if (((cfg.www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((s_server_config.www == 2) && + ((cfg.www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; @@ -2117,8 +2117,8 @@ www_body(int s, unsigned char *context) "no client certificate available\n"); BIO_puts(io, "</BODY></HTML>\r\n\r\n"); break; - } else if ((s_server_config.www == 2 || - s_server_config.www == 3) && + } else if ((cfg.www == 2 || + cfg.www == 3) && (strncmp("GET /", buf, 5) == 0)) { BIO *file; char *p, *e; @@ -2183,10 +2183,10 @@ www_body(int s, unsigned char *context) ERR_print_errors(io); break; } - if (!s_server_config.quiet) + if (!cfg.quiet) BIO_printf(bio_err, "FILE:%s\n", p); - if (s_server_config.www == 2) { + if (cfg.www == 2) { i = strlen(p); if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || @@ -2276,9 +2276,9 @@ generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) * 1 session ID (ie. the prefix!) so all future session * negotiations will fail due to conflicts. */ - memcpy(id, s_server_config.session_id_prefix, - (strlen(s_server_config.session_id_prefix) < *id_len) ? - strlen(s_server_config.session_id_prefix) : *id_len); + memcpy(id, cfg.session_id_prefix, + (strlen(cfg.session_id_prefix) < *id_len) ? + strlen(cfg.session_id_prefix) : *id_len); } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS)); @@ -2449,7 +2449,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, { tlsextalpnctx *alpn_ctx = arg; - if (!s_server_config.quiet) { + if (!cfg.quiet) { /* We can assume that in is syntactically valid. */ unsigned i; @@ -2468,7 +2468,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) return (SSL_TLSEXT_ERR_NOACK); - if (!s_server_config.quiet) { + if (!cfg.quiet) { BIO_printf(bio_s_out, "ALPN protocols selected: "); BIO_write(bio_s_out, *out, *outlen); BIO_write(bio_s_out, "\n", 1); diff --git a/usr.bin/openssl/s_time.c b/usr.bin/openssl/s_time.c index d6f012fd41b..7eed6d486ed 100644 --- a/usr.bin/openssl/s_time.c +++ b/usr.bin/openssl/s_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_time.c,v 1.37 2023/03/05 13:12:53 tb Exp $ */ +/* $OpenBSD: s_time.c,v 1.38 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -113,42 +113,42 @@ static struct { int verify; int verify_depth; char *www_path; -} s_time_config; +} cfg; static const struct option s_time_options[] = { { .name = "bugs", .desc = "Enable workarounds for known SSL/TLS bugs", .type = OPTION_FLAG, - .opt.flag = &s_time_config.bugs, + .opt.flag = &cfg.bugs, }, { .name = "CAfile", .argname = "file", .desc = "File containing trusted certificates in PEM format", .type = OPTION_ARG, - .opt.arg = &s_time_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Directory containing trusted certificates", .type = OPTION_ARG, - .opt.arg = &s_time_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "cert", .argname = "file", .desc = "Client certificate to use, if one is requested", .type = OPTION_ARG, - .opt.arg = &s_time_config.certfile, + .opt.arg = &cfg.certfile, }, { .name = "cipher", .argname = "list", .desc = "List of cipher suites to send to the server", .type = OPTION_ARG, - .opt.arg = &s_time_config.cipher, + .opt.arg = &cfg.cipher, }, { .name = "connect", @@ -156,39 +156,39 @@ static const struct option s_time_options[] = { .desc = "Host and port to connect to (default " SSL_CONNECT_NAME ")", .type = OPTION_ARG, - .opt.arg = &s_time_config.host, + .opt.arg = &cfg.host, }, { .name = "key", .argname = "file", .desc = "Client private key to use, if one is required", .type = OPTION_ARG, - .opt.arg = &s_time_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "nbio", .desc = "Use non-blocking I/O", .type = OPTION_FLAG, - .opt.flag = &s_time_config.nbio, + .opt.flag = &cfg.nbio, }, { .name = "new", .desc = "Use a new session ID for each connection", .type = OPTION_VALUE, - .opt.value = &s_time_config.perform, + .opt.value = &cfg.perform, .value = 1, }, { .name = "no_shutdown", .desc = "Shut down the connection without notifying the server", .type = OPTION_FLAG, - .opt.flag = &s_time_config.no_shutdown, + .opt.flag = &cfg.no_shutdown, }, { .name = "reuse", .desc = "Reuse the same session ID for each connection", .type = OPTION_VALUE, - .opt.value = &s_time_config.perform, + .opt.value = &cfg.perform, .value = 2, }, { @@ -196,21 +196,21 @@ static const struct option s_time_options[] = { .argname = "seconds", .desc = "Duration to perform timing tests for (default 30)", .type = OPTION_ARG_TIME, - .opt.tvalue = &s_time_config.maxtime, + .opt.tvalue = &cfg.maxtime, }, { .name = "verify", .argname = "depth", .desc = "Enable peer certificate verification with given depth", .type = OPTION_ARG_INT, - .opt.value = &s_time_config.verify_depth, + .opt.value = &cfg.verify_depth, }, { .name = "www", .argname = "page", .desc = "Page to GET from the server (default none)", .type = OPTION_ARG, - .opt.arg = &s_time_config.www_path, + .opt.arg = &cfg.www_path, }, { NULL }, }; @@ -245,27 +245,27 @@ s_time_main(int argc, char **argv) verify_depth = 0; - memset(&s_time_config, 0, sizeof(s_time_config)); + memset(&cfg, 0, sizeof(cfg)); - s_time_config.host = SSL_CONNECT_NAME; - s_time_config.maxtime = SECONDS; - s_time_config.perform = 3; - s_time_config.verify = SSL_VERIFY_NONE; - s_time_config.verify_depth = -1; + cfg.host = SSL_CONNECT_NAME; + cfg.maxtime = SECONDS; + cfg.perform = 3; + cfg.verify = SSL_VERIFY_NONE; + cfg.verify_depth = -1; if (options_parse(argc, argv, s_time_options, NULL, NULL) != 0) { s_time_usage(); goto end; } - if (s_time_config.verify_depth >= 0) { - s_time_config.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; - verify_depth = s_time_config.verify_depth; + if (cfg.verify_depth >= 0) { + cfg.verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; + verify_depth = cfg.verify_depth; BIO_printf(bio_err, "verify depth is %d\n", verify_depth); } - if (s_time_config.www_path != NULL && - strlen(s_time_config.www_path) > MYBUFSIZ - 100) { + if (cfg.www_path != NULL && + strlen(cfg.www_path) > MYBUFSIZ - 100) { BIO_printf(bio_err, "-www option too long\n"); goto end; } @@ -275,25 +275,25 @@ s_time_main(int argc, char **argv) SSL_CTX_set_quiet_shutdown(tm_ctx, 1); - if (s_time_config.bugs) + if (cfg.bugs) SSL_CTX_set_options(tm_ctx, SSL_OP_ALL); - if (s_time_config.cipher != NULL) { - if (!SSL_CTX_set_cipher_list(tm_ctx, s_time_config.cipher)) { + if (cfg.cipher != NULL) { + if (!SSL_CTX_set_cipher_list(tm_ctx, cfg.cipher)) { BIO_printf(bio_err, "error setting cipher list\n"); ERR_print_errors(bio_err); goto end; } } - SSL_CTX_set_verify(tm_ctx, s_time_config.verify, NULL); + SSL_CTX_set_verify(tm_ctx, cfg.verify, NULL); - if (!set_cert_stuff(tm_ctx, s_time_config.certfile, - s_time_config.keyfile)) + if (!set_cert_stuff(tm_ctx, cfg.certfile, + cfg.keyfile)) goto end; - if ((!SSL_CTX_load_verify_locations(tm_ctx, s_time_config.CAfile, - s_time_config.CApath)) || + if ((!SSL_CTX_load_verify_locations(tm_ctx, cfg.CAfile, + cfg.CApath)) || (!SSL_CTX_set_default_verify_paths(tm_ctx))) { /* * BIO_printf(bio_err,"error setting default verify @@ -304,9 +304,9 @@ s_time_main(int argc, char **argv) } /* Loop and time how long it takes to make connections */ - if (s_time_config.perform & 1) { + if (cfg.perform & 1) { printf("Collecting connection statistics for %lld seconds\n", - (long long)s_time_config.maxtime); + (long long)cfg.maxtime); if (benchmark(0)) goto end; } @@ -314,7 +314,7 @@ s_time_main(int argc, char **argv) * Now loop and time connections using the same session id over and * over */ - if (s_time_config.perform & 2) { + if (cfg.perform & 2) { printf("\n\nNow timing with session id reuse.\n"); if (benchmark(1)) goto end; @@ -348,7 +348,7 @@ run_test(SSL *scon) if ((conn = BIO_new(BIO_s_connect())) == NULL) return 0; - BIO_set_conn_hostname(conn, s_time_config.host); + BIO_set_conn_hostname(conn, cfg.host); SSL_set_connect_state(scon); SSL_set_bio(scon, conn, conn); for (;;) { @@ -372,9 +372,9 @@ run_test(SSL *scon) ERR_print_errors(bio_err); return 0; } - if (s_time_config.www_path != NULL) { + if (cfg.www_path != NULL) { retval = snprintf(buf, sizeof buf, - "GET %s HTTP/1.0\r\n\r\n", s_time_config.www_path); + "GET %s HTTP/1.0\r\n\r\n", cfg.www_path); if (retval < 0 || retval >= sizeof buf) { fprintf(stderr, "URL too long\n"); return 0; @@ -384,7 +384,7 @@ run_test(SSL *scon) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; } - if (s_time_config.no_shutdown) + if (cfg.no_shutdown) SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); else @@ -436,7 +436,7 @@ benchmark(int reuse_session) app_timer_user(TM_RESET); for (;;) { elapsed = app_timer_real(TM_GET); - if (elapsed > s_time_config.maxtime) + if (elapsed > cfg.maxtime) break; if (scon == NULL) { if ((scon = SSL_new(tm_ctx)) == NULL) diff --git a/usr.bin/openssl/sess_id.c b/usr.bin/openssl/sess_id.c index 4533cf15caa..c46da542447 100644 --- a/usr.bin/openssl/sess_id.c +++ b/usr.bin/openssl/sess_id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: sess_id.c,v 1.12 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -78,62 +78,62 @@ static struct { char *outfile; int outformat; int text; -} sess_id_config; +} cfg; static const struct option sess_id_options[] = { { .name = "cert", .desc = "Output certificate if present in session", .type = OPTION_FLAG, - .opt.flag = &sess_id_config.cert, + .opt.flag = &cfg.cert, }, { .name = "context", .argname = "id", .desc = "Set the session ID context for output", .type = OPTION_ARG, - .opt.arg = &sess_id_config.context, + .opt.arg = &cfg.context, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &sess_id_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "format", .desc = "Input format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &sess_id_config.informat, + .opt.value = &cfg.informat, }, { .name = "noout", .desc = "Do not output the encoded session info", .type = OPTION_FLAG, - .opt.flag = &sess_id_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &sess_id_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "format", .desc = "Output format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &sess_id_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "text", .desc = "Print various public or private key components in" " plain text", .type = OPTION_FLAG, - .opt.flag = &sess_id_config.text, + .opt.flag = &cfg.text, }, { NULL } }; @@ -163,62 +163,62 @@ sess_id_main(int argc, char **argv) exit(1); } - memset(&sess_id_config, 0, sizeof(sess_id_config)); + memset(&cfg, 0, sizeof(cfg)); - sess_id_config.informat = FORMAT_PEM; - sess_id_config.outformat = FORMAT_PEM; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) { sess_id_usage(); return (1); } - x = load_sess_id(sess_id_config.infile, sess_id_config.informat); + x = load_sess_id(cfg.infile, cfg.informat); if (x == NULL) { goto end; } peer = SSL_SESSION_get0_peer(x); - if (sess_id_config.context) { - size_t ctx_len = strlen(sess_id_config.context); + if (cfg.context) { + size_t ctx_len = strlen(cfg.context); if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err, "Context too long\n"); goto end; } SSL_SESSION_set1_id_context(x, - (unsigned char *)sess_id_config.context, ctx_len); + (unsigned char *)cfg.context, ctx_len); } - if (!sess_id_config.noout || sess_id_config.text) { + if (!cfg.noout || cfg.text) { out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } - if (sess_id_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, sess_id_config.outfile) + if (BIO_write_filename(out, cfg.outfile) <= 0) { - perror(sess_id_config.outfile); + perror(cfg.outfile); goto end; } } } - if (sess_id_config.text) { + if (cfg.text) { SSL_SESSION_print(out, x); - if (sess_id_config.cert) { + if (cfg.cert) { if (peer == NULL) BIO_puts(out, "No certificate present\n"); else X509_print(out, peer); } } - if (!sess_id_config.noout && !sess_id_config.cert) { - if (sess_id_config.outformat == FORMAT_ASN1) + if (!cfg.noout && !cfg.cert) { + if (cfg.outformat == FORMAT_ASN1) i = i2d_SSL_SESSION_bio(out, x); - else if (sess_id_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_SSL_SESSION(out, x); else { BIO_printf(bio_err, @@ -229,11 +229,11 @@ sess_id_main(int argc, char **argv) BIO_printf(bio_err, "unable to write SSL_SESSION\n"); goto end; } - } else if (!sess_id_config.noout && (peer != NULL)) { + } else if (!cfg.noout && (peer != NULL)) { /* just print the certificate */ - if (sess_id_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = (int) i2d_X509_bio(out, peer); - else if (sess_id_config.outformat == FORMAT_PEM) + else if (cfg.outformat == FORMAT_PEM) i = PEM_write_bio_X509(out, peer); else { BIO_printf(bio_err, diff --git a/usr.bin/openssl/smime.c b/usr.bin/openssl/smime.c index 37375c16007..e54c8d0b846 100644 --- a/usr.bin/openssl/smime.c +++ b/usr.bin/openssl/smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -107,7 +107,7 @@ static struct { char *subject; char *to; X509_VERIFY_PARAM *vpm; -} smime_config; +} cfg; static const EVP_CIPHER * get_cipher_by_name(char *name) @@ -156,8 +156,8 @@ smime_opt_cipher(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((smime_config.cipher = get_cipher_by_name(name)) == NULL) - if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL) + if ((cfg.cipher = get_cipher_by_name(name)) == NULL) + if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) return (1); *argsused = 1; @@ -167,41 +167,41 @@ smime_opt_cipher(int argc, char **argv, int *argsused) static int smime_opt_inkey(char *arg) { - if (smime_config.keyfile == NULL) { - smime_config.keyfile = arg; + if (cfg.keyfile == NULL) { + cfg.keyfile = arg; return (0); } - if (smime_config.signerfile == NULL) { + if (cfg.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); return (1); } - if (smime_config.sksigners == NULL) { - if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.sksigners == NULL) { + if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) return (1); } - if (!sk_OPENSSL_STRING_push(smime_config.sksigners, - smime_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, + cfg.signerfile)) return (1); - smime_config.signerfile = NULL; + cfg.signerfile = NULL; - if (smime_config.skkeys == NULL) { - if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.skkeys == NULL) { + if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) return (1); } - if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) + if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) return (1); - smime_config.keyfile = arg; + cfg.keyfile = arg; return (0); } static int smime_opt_md(char *arg) { - if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { + if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) { BIO_printf(bio_err, "Unknown digest %s\n", arg); return (1); } @@ -211,32 +211,32 @@ smime_opt_md(char *arg) static int smime_opt_signer(char *arg) { - if (smime_config.signerfile == NULL) { - smime_config.signerfile = arg; + if (cfg.signerfile == NULL) { + cfg.signerfile = arg; return (0); } - if (smime_config.sksigners == NULL) { - if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.sksigners == NULL) { + if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) return (1); } - if (!sk_OPENSSL_STRING_push(smime_config.sksigners, - smime_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, + cfg.signerfile)) return (1); - if (smime_config.keyfile == NULL) - smime_config.keyfile = smime_config.signerfile; + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; - if (smime_config.skkeys == NULL) { - if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.skkeys == NULL) { + if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) return (1); } - if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) + if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) return (1); - smime_config.keyfile = NULL; + cfg.keyfile = NULL; - smime_config.signerfile = arg; + cfg.signerfile = arg; return (0); } @@ -246,7 +246,7 @@ smime_opt_verify_param(int argc, char **argv, int *argsused) int oargc = argc; int badarg = 0; - if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm)) + if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) return (1); if (badarg) return (1); @@ -336,20 +336,20 @@ static const struct option smime_options[] = { .argname = "file", .desc = "Certificate Authority file", .type = OPTION_ARG, - .opt.arg = &smime_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Certificate Authority path", .type = OPTION_ARG, - .opt.arg = &smime_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "binary", .desc = "Do not translate message to text", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_BINARY, }, { @@ -357,34 +357,34 @@ static const struct option smime_options[] = { .argname = "file", .desc = "Other certificates file", .type = OPTION_ARG, - .opt.arg = &smime_config.certfile, + .opt.arg = &cfg.certfile, }, { .name = "content", .argname = "file", .desc = "Supply or override content for detached signature", .type = OPTION_ARG, - .opt.arg = &smime_config.contfile, + .opt.arg = &cfg.contfile, }, { .name = "crlfeol", .desc = "Use CRLF as EOL termination instead of CR only", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_CRLFEOL, }, { .name = "decrypt", .desc = "Decrypt encrypted message", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_DECRYPT, }, { .name = "encrypt", .desc = "Encrypt message", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_ENCRYPT, }, { @@ -392,20 +392,20 @@ static const struct option smime_options[] = { .argname = "addr", .desc = "From address", .type = OPTION_ARG, - .opt.arg = &smime_config.from, + .opt.arg = &cfg.from, }, { .name = "in", .argname = "file", .desc = "Input file", .type = OPTION_ARG, - .opt.arg = &smime_config.infile, + .opt.arg = &cfg.infile, }, { .name = "indef", .desc = "Same as -stream", .type = OPTION_VALUE, - .opt.value = &smime_config.indef, + .opt.value = &cfg.indef, .value = 1, }, { @@ -413,7 +413,7 @@ static const struct option smime_options[] = { .argname = "fmt", .desc = "Input format (DER, PEM or SMIME (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &smime_config.informat, + .opt.value = &cfg.informat, }, { .name = "inkey", @@ -427,7 +427,7 @@ static const struct option smime_options[] = { .argname = "fmt", .desc = "Input key format (DER or PEM (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &smime_config.keyform, + .opt.value = &cfg.keyform, }, { .name = "md", @@ -440,70 +440,70 @@ static const struct option smime_options[] = { .name = "noattr", .desc = "Do not include any signed attributes", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOATTR, }, { .name = "nocerts", .desc = "Do not include signer's certificate when signing", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOCERTS, }, { .name = "nochain", .desc = "Do not chain verification of signer's certificates", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOCHAIN, }, { .name = "nodetach", .desc = "Use opaque signing", .type = OPTION_VALUE_AND, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = ~PKCS7_DETACHED, }, { .name = "noindef", .desc = "Disable streaming I/O", .type = OPTION_VALUE, - .opt.value = &smime_config.indef, + .opt.value = &cfg.indef, .value = 0, }, { .name = "nointern", .desc = "Do not search certificates in message for signer", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOINTERN, }, { .name = "nooldmime", .desc = "Output old S/MIME content type", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOOLDMIMETYPE, }, { .name = "nosigs", .desc = "Do not verify message signature", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOSIGS, }, { .name = "nosmimecap", .desc = "Omit the SMIMECapabilities attribute", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOSMIMECAP, }, { .name = "noverify", .desc = "Do not verify signer's certificate", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_NOVERIFY, }, { @@ -511,27 +511,27 @@ static const struct option smime_options[] = { .argname = "file", .desc = "Output file", .type = OPTION_ARG, - .opt.arg = &smime_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "fmt", .desc = "Output format (DER, PEM or SMIME (default))", .type = OPTION_ARG_FORMAT, - .opt.value = &smime_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "src", .desc = "Private key password source", .type = OPTION_ARG, - .opt.arg = &smime_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "pk7out", .desc = "Output PKCS#7 structure", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_PK7OUT, }, { @@ -539,20 +539,20 @@ static const struct option smime_options[] = { .argname = "file", .desc = "Recipient certificate file for decryption", .type = OPTION_ARG, - .opt.arg = &smime_config.recipfile, + .opt.arg = &cfg.recipfile, }, { .name = "resign", .desc = "Resign a signed message", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_RESIGN, }, { .name = "sign", .desc = "Sign message", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_SIGN, }, { @@ -566,7 +566,7 @@ static const struct option smime_options[] = { .name = "stream", .desc = "Enable streaming I/O", .type = OPTION_VALUE, - .opt.value = &smime_config.indef, + .opt.value = &cfg.indef, .value = 1, }, { @@ -574,13 +574,13 @@ static const struct option smime_options[] = { .argname = "s", .desc = "Subject", .type = OPTION_ARG, - .opt.arg = &smime_config.subject, + .opt.arg = &cfg.subject, }, { .name = "text", .desc = "Include or delete text MIME headers", .type = OPTION_VALUE_OR, - .opt.value = &smime_config.flags, + .opt.value = &cfg.flags, .value = PKCS7_TEXT, }, { @@ -588,13 +588,13 @@ static const struct option smime_options[] = { .argname = "addr", .desc = "To address", .type = OPTION_ARG, - .opt.arg = &smime_config.to, + .opt.arg = &cfg.to, }, { .name = "verify", .desc = "Verify signed message", .type = OPTION_VALUE, - .opt.value = &smime_config.operation, + .opt.value = &cfg.operation, .value = SMIME_VERIFY, }, { @@ -727,70 +727,70 @@ smime_main(int argc, char **argv) exit(1); } - memset(&smime_config, 0, sizeof(smime_config)); - smime_config.flags = PKCS7_DETACHED; - smime_config.informat = FORMAT_SMIME; - smime_config.outformat = FORMAT_SMIME; - smime_config.keyform = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.flags = PKCS7_DETACHED; + cfg.informat = FORMAT_SMIME; + cfg.outformat = FORMAT_SMIME; + cfg.keyform = FORMAT_PEM; if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { goto argerr; } args = argv + argsused; ret = 1; - if (!(smime_config.operation & SMIME_SIGNERS) && - (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { + if (!(cfg.operation & SMIME_SIGNERS) && + (cfg.skkeys != NULL || cfg.sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; } - if (smime_config.operation & SMIME_SIGNERS) { + if (cfg.operation & SMIME_SIGNERS) { /* Check to see if any final signer needs to be appended */ - if (smime_config.keyfile != NULL && - smime_config.signerfile == NULL) { + if (cfg.keyfile != NULL && + cfg.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; } - if (smime_config.signerfile != NULL) { - if (smime_config.sksigners == NULL) { - if ((smime_config.sksigners = + if (cfg.signerfile != NULL) { + if (cfg.sksigners == NULL) { + if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; } - if (!sk_OPENSSL_STRING_push(smime_config.sksigners, - smime_config.signerfile)) + if (!sk_OPENSSL_STRING_push(cfg.sksigners, + cfg.signerfile)) goto end; - if (smime_config.skkeys == NULL) { - if ((smime_config.skkeys = + if (cfg.skkeys == NULL) { + if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; } - if (smime_config.keyfile == NULL) - smime_config.keyfile = smime_config.signerfile; - if (!sk_OPENSSL_STRING_push(smime_config.skkeys, - smime_config.keyfile)) + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; + if (!sk_OPENSSL_STRING_push(cfg.skkeys, + cfg.keyfile)) goto end; } - if (smime_config.sksigners == NULL) { + if (cfg.sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; } - smime_config.signerfile = NULL; - smime_config.keyfile = NULL; - } else if (smime_config.operation == SMIME_DECRYPT) { - if (smime_config.recipfile == NULL && - smime_config.keyfile == NULL) { + cfg.signerfile = NULL; + cfg.keyfile = NULL; + } else if (cfg.operation == SMIME_DECRYPT) { + if (cfg.recipfile == NULL && + cfg.keyfile == NULL) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; } - } else if (smime_config.operation == SMIME_ENCRYPT) { + } else if (cfg.operation == SMIME_ENCRYPT) { if (*args == NULL) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } - } else if (!smime_config.operation) { + } else if (!cfg.operation) { badarg = 1; } @@ -800,35 +800,35 @@ smime_main(int argc, char **argv) goto end; } - if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ret = 2; - if (!(smime_config.operation & SMIME_SIGNERS)) - smime_config.flags &= ~PKCS7_DETACHED; + if (!(cfg.operation & SMIME_SIGNERS)) + cfg.flags &= ~PKCS7_DETACHED; - if (smime_config.operation & SMIME_OP) { - if (smime_config.outformat == FORMAT_ASN1) + if (cfg.operation & SMIME_OP) { + if (cfg.outformat == FORMAT_ASN1) outmode = "wb"; } else { - if (smime_config.flags & PKCS7_BINARY) + if (cfg.flags & PKCS7_BINARY) outmode = "wb"; } - if (smime_config.operation & SMIME_IP) { - if (smime_config.informat == FORMAT_ASN1) + if (cfg.operation & SMIME_IP) { + if (cfg.informat == FORMAT_ASN1) inmode = "rb"; } else { - if (smime_config.flags & PKCS7_BINARY) + if (cfg.flags & PKCS7_BINARY) inmode = "rb"; } - if (smime_config.operation == SMIME_ENCRYPT) { - if (smime_config.cipher == NULL) { + if (cfg.operation == SMIME_ENCRYPT) { + if (cfg.cipher == NULL) { #ifndef OPENSSL_NO_RC2 - smime_config.cipher = EVP_rc2_40_cbc(); + cfg.cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; @@ -847,41 +847,41 @@ smime_main(int argc, char **argv) args++; } } - if (smime_config.certfile != NULL) { - if ((other = load_certs(bio_err, smime_config.certfile, + if (cfg.certfile != NULL) { + if ((other = load_certs(bio_err, cfg.certfile, FORMAT_PEM, NULL, "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (smime_config.recipfile != NULL && - (smime_config.operation == SMIME_DECRYPT)) { - if ((recip = load_cert(bio_err, smime_config.recipfile, + if (cfg.recipfile != NULL && + (cfg.operation == SMIME_DECRYPT)) { + if ((recip = load_cert(bio_err, cfg.recipfile, FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (smime_config.operation == SMIME_DECRYPT) { - if (smime_config.keyfile == NULL) - smime_config.keyfile = smime_config.recipfile; - } else if (smime_config.operation == SMIME_SIGN) { - if (smime_config.keyfile == NULL) - smime_config.keyfile = smime_config.signerfile; + if (cfg.operation == SMIME_DECRYPT) { + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.recipfile; + } else if (cfg.operation == SMIME_SIGN) { + if (cfg.keyfile == NULL) + cfg.keyfile = cfg.signerfile; } else { - smime_config.keyfile = NULL; + cfg.keyfile = NULL; } - if (smime_config.keyfile != NULL) { - key = load_key(bio_err, smime_config.keyfile, - smime_config.keyform, 0, passin, "signing key file"); + if (cfg.keyfile != NULL) { + key = load_key(bio_err, cfg.keyfile, + cfg.keyform, 0, passin, "signing key file"); if (key == NULL) goto end; } - if (smime_config.infile != NULL) { - if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) { + if (cfg.infile != NULL) { + if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) { BIO_printf(bio_err, - "Can't open input file %s\n", smime_config.infile); + "Can't open input file %s\n", cfg.infile); goto end; } } else { @@ -889,12 +889,12 @@ smime_main(int argc, char **argv) goto end; } - if (smime_config.operation & SMIME_IP) { - if (smime_config.informat == FORMAT_SMIME) + if (cfg.operation & SMIME_IP) { + if (cfg.informat == FORMAT_SMIME) p7 = SMIME_read_PKCS7(in, &indata); - else if (smime_config.informat == FORMAT_PEM) + else if (cfg.informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if (smime_config.informat == FORMAT_ASN1) + else if (cfg.informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); else { BIO_printf(bio_err, @@ -906,22 +906,22 @@ smime_main(int argc, char **argv) BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (smime_config.contfile != NULL) { + if (cfg.contfile != NULL) { BIO_free(indata); - if ((indata = BIO_new_file(smime_config.contfile, + if ((indata = BIO_new_file(cfg.contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", - smime_config.contfile); + cfg.contfile); goto end; } } } - if (smime_config.outfile != NULL) { - if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { + if (cfg.outfile != NULL) { + if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) { BIO_printf(bio_err, "Can't open output file %s\n", - smime_config.outfile); + cfg.outfile); goto end; } } else { @@ -929,60 +929,60 @@ smime_main(int argc, char **argv) goto end; } - if (smime_config.operation == SMIME_VERIFY) { - if ((store = setup_verify(bio_err, smime_config.CAfile, - smime_config.CApath)) == NULL) + if (cfg.operation == SMIME_VERIFY) { + if ((store = setup_verify(bio_err, cfg.CAfile, + cfg.CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, smime_cb); - if (smime_config.vpm != NULL) { - if (!X509_STORE_set1_param(store, smime_config.vpm)) + if (cfg.vpm != NULL) { + if (!X509_STORE_set1_param(store, cfg.vpm)) goto end; } } ret = 3; - if (smime_config.operation == SMIME_ENCRYPT) { - if (smime_config.indef) - smime_config.flags |= PKCS7_STREAM; - p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, - smime_config.flags); - } else if (smime_config.operation & SMIME_SIGNERS) { + if (cfg.operation == SMIME_ENCRYPT) { + if (cfg.indef) + cfg.flags |= PKCS7_STREAM; + p7 = PKCS7_encrypt(encerts, in, cfg.cipher, + cfg.flags); + } else if (cfg.operation & SMIME_SIGNERS) { int i; /* * If detached data content we only enable streaming if * S/MIME output format. */ - if (smime_config.operation == SMIME_SIGN) { - if (smime_config.flags & PKCS7_DETACHED) { - if (smime_config.outformat == FORMAT_SMIME) - smime_config.flags |= PKCS7_STREAM; - } else if (smime_config.indef) { - smime_config.flags |= PKCS7_STREAM; + if (cfg.operation == SMIME_SIGN) { + if (cfg.flags & PKCS7_DETACHED) { + if (cfg.outformat == FORMAT_SMIME) + cfg.flags |= PKCS7_STREAM; + } else if (cfg.indef) { + cfg.flags |= PKCS7_STREAM; } - smime_config.flags |= PKCS7_PARTIAL; + cfg.flags |= PKCS7_PARTIAL; p7 = PKCS7_sign(NULL, NULL, other, in, - smime_config.flags); + cfg.flags); if (p7 == NULL) goto end; } else { - smime_config.flags |= PKCS7_REUSE_DIGEST; + cfg.flags |= PKCS7_REUSE_DIGEST; } - for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { - smime_config.signerfile = - sk_OPENSSL_STRING_value(smime_config.sksigners, i); - smime_config.keyfile = - sk_OPENSSL_STRING_value(smime_config.skkeys, i); - signer = load_cert(bio_err, smime_config.signerfile, + for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) { + cfg.signerfile = + sk_OPENSSL_STRING_value(cfg.sksigners, i); + cfg.keyfile = + sk_OPENSSL_STRING_value(cfg.skkeys, i); + signer = load_cert(bio_err, cfg.signerfile, FORMAT_PEM, NULL, "signer certificate"); if (signer == NULL) goto end; - key = load_key(bio_err, smime_config.keyfile, - smime_config.keyform, 0, passin, + key = load_key(bio_err, cfg.keyfile, + cfg.keyform, 0, passin, "signing key file"); if (key == NULL) goto end; if (PKCS7_sign_add_signer(p7, signer, key, - smime_config.sign_md, smime_config.flags) == NULL) + cfg.sign_md, cfg.flags) == NULL) goto end; X509_free(signer); signer = NULL; @@ -990,9 +990,9 @@ smime_main(int argc, char **argv) key = NULL; } /* If not streaming or resigning finalize structure */ - if ((smime_config.operation == SMIME_SIGN) && - !(smime_config.flags & PKCS7_STREAM)) { - if (!PKCS7_final(p7, in, smime_config.flags)) + if ((cfg.operation == SMIME_SIGN) && + !(cfg.flags & PKCS7_STREAM)) { + if (!PKCS7_final(p7, in, cfg.flags)) goto end; } } @@ -1002,58 +1002,58 @@ smime_main(int argc, char **argv) } ret = 4; - if (smime_config.operation == SMIME_DECRYPT) { - if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { + if (cfg.operation == SMIME_DECRYPT) { + if (!PKCS7_decrypt(p7, key, recip, out, cfg.flags)) { BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); goto end; } - } else if (smime_config.operation == SMIME_VERIFY) { + } else if (cfg.operation == SMIME_VERIFY) { STACK_OF(X509) *signers; if (PKCS7_verify(p7, other, store, indata, out, - smime_config.flags)) { + cfg.flags)) { BIO_printf(bio_err, "Verification successful\n"); } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } if ((signers = PKCS7_get0_signers(p7, other, - smime_config.flags)) == NULL) + cfg.flags)) == NULL) goto end; - if (!save_certs(smime_config.signerfile, signers)) { + if (!save_certs(cfg.signerfile, signers)) { BIO_printf(bio_err, "Error writing signers to %s\n", - smime_config.signerfile); + cfg.signerfile); sk_X509_free(signers); ret = 5; goto end; } sk_X509_free(signers); - } else if (smime_config.operation == SMIME_PK7OUT) { + } else if (cfg.operation == SMIME_PK7OUT) { PEM_write_bio_PKCS7(out, p7); } else { - if (smime_config.to != NULL) - BIO_printf(out, "To: %s\n", smime_config.to); - if (smime_config.from != NULL) - BIO_printf(out, "From: %s\n", smime_config.from); - if (smime_config.subject != NULL) - BIO_printf(out, "Subject: %s\n", smime_config.subject); - if (smime_config.outformat == FORMAT_SMIME) { - if (smime_config.operation == SMIME_RESIGN) { + if (cfg.to != NULL) + BIO_printf(out, "To: %s\n", cfg.to); + if (cfg.from != NULL) + BIO_printf(out, "From: %s\n", cfg.from); + if (cfg.subject != NULL) + BIO_printf(out, "Subject: %s\n", cfg.subject); + if (cfg.outformat == FORMAT_SMIME) { + if (cfg.operation == SMIME_RESIGN) { if (!SMIME_write_PKCS7(out, p7, indata, - smime_config.flags)) + cfg.flags)) goto end; } else { if (!SMIME_write_PKCS7(out, p7, in, - smime_config.flags)) + cfg.flags)) goto end; } - } else if (smime_config.outformat == FORMAT_PEM) { + } else if (cfg.outformat == FORMAT_PEM) { if (!PEM_write_bio_PKCS7_stream(out, p7, in, - smime_config.flags)) + cfg.flags)) goto end; - } else if (smime_config.outformat == FORMAT_ASN1) { + } else if (cfg.outformat == FORMAT_ASN1) { if (!i2d_PKCS7_bio_stream(out, p7, in, - smime_config.flags)) + cfg.flags)) goto end; } else { BIO_printf(bio_err, @@ -1069,9 +1069,9 @@ smime_main(int argc, char **argv) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(smime_config.vpm); - sk_OPENSSL_STRING_free(smime_config.sksigners); - sk_OPENSSL_STRING_free(smime_config.skkeys); + X509_VERIFY_PARAM_free(cfg.vpm); + sk_OPENSSL_STRING_free(cfg.sksigners); + sk_OPENSSL_STRING_free(cfg.skkeys); X509_STORE_free(store); X509_free(cert); X509_free(recip); diff --git a/usr.bin/openssl/spkac.c b/usr.bin/openssl/spkac.c index 3a45d5d4bca..12d530e3cfe 100644 --- a/usr.bin/openssl/spkac.c +++ b/usr.bin/openssl/spkac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: spkac.c,v 1.13 2023/03/06 14:32:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. Based on an original idea by Massimiliano Pala * (madwolf@openca.org). @@ -84,7 +84,7 @@ static struct { char *spkac; char *spksect; int verify; -} spkac_config; +} cfg; static const struct option spkac_options[] = { { @@ -92,54 +92,54 @@ static const struct option spkac_options[] = { .argname = "string", .desc = "Specify challenge string if SPKAC is generated", .type = OPTION_ARG, - .opt.arg = &spkac_config.challenge, + .opt.arg = &cfg.challenge, }, { .name = "in", .argname = "file", .desc = "Input file (default stdin)", .type = OPTION_ARG, - .opt.arg = &spkac_config.infile, + .opt.arg = &cfg.infile, }, { .name = "key", .argname = "file", .desc = "Create SPKAC using private key file", .type = OPTION_ARG, - .opt.arg = &spkac_config.keyfile, + .opt.arg = &cfg.keyfile, }, { .name = "noout", .desc = "Do not print text version of SPKAC", .type = OPTION_FLAG, - .opt.flag = &spkac_config.noout, + .opt.flag = &cfg.noout, }, { .name = "out", .argname = "file", .desc = "Output file (default stdout)", .type = OPTION_ARG, - .opt.arg = &spkac_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "passin", .argname = "src", .desc = "Input file passphrase source", .type = OPTION_ARG, - .opt.arg = &spkac_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "pubkey", .desc = "Output public key of an SPKAC (not used if creating)", .type = OPTION_FLAG, - .opt.flag = &spkac_config.pubkey, + .opt.flag = &cfg.pubkey, }, { .name = "spkac", .argname = "name", .desc = "SPKAC name (default \"SPKAC\")", .type = OPTION_ARG, - .opt.arg = &spkac_config.spkac, + .opt.arg = &cfg.spkac, }, { .name = "spksect", @@ -147,13 +147,13 @@ static const struct option spkac_options[] = { .desc = "Name of the section containing SPKAC (default" " \"default\")", .type = OPTION_ARG, - .opt.arg = &spkac_config.spksect, + .opt.arg = &cfg.spksect, }, { .name = "verify", .desc = "Verify digital signature on supplied SPKAC", .type = OPTION_FLAG, - .opt.flag = &spkac_config.verify, + .opt.flag = &cfg.verify, }, { NULL } }; @@ -186,32 +186,32 @@ spkac_main(int argc, char **argv) exit(1); } - memset(&spkac_config, 0, sizeof(spkac_config)); - spkac_config.spkac = "SPKAC"; - spkac_config.spksect = "default"; + memset(&cfg, 0, sizeof(cfg)); + cfg.spkac = "SPKAC"; + cfg.spksect = "default"; if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { spkac_usage(); return (1); } - if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (spkac_config.keyfile) { + if (cfg.keyfile) { pkey = load_key(bio_err, - strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile + strcmp(cfg.keyfile, "-") ? cfg.keyfile : NULL, FORMAT_PEM, 1, passin, "private key"); if (!pkey) { goto end; } spki = NETSCAPE_SPKI_new(); - if (spkac_config.challenge) + if (cfg.challenge) ASN1_STRING_set(spki->spkac->challenge, - spkac_config.challenge, - (int) strlen(spkac_config.challenge)); + cfg.challenge, + (int) strlen(cfg.challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); @@ -221,8 +221,8 @@ spkac_main(int argc, char **argv) goto end; } - if (spkac_config.outfile) - out = BIO_new_file(spkac_config.outfile, "w"); + if (cfg.outfile) + out = BIO_new_file(cfg.outfile, "w"); else out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ -236,8 +236,8 @@ spkac_main(int argc, char **argv) free(spkstr); goto end; } - if (spkac_config.infile) - in = BIO_new_file(spkac_config.infile, "r"); + if (cfg.infile) + in = BIO_new_file(cfg.infile, "r"); else in = BIO_new_fp(stdin, BIO_NOCLOSE); @@ -254,12 +254,12 @@ spkac_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - spkstr = NCONF_get_string(conf, spkac_config.spksect, - spkac_config.spkac); + spkstr = NCONF_get_string(conf, cfg.spksect, + cfg.spkac); if (!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", - spkac_config.spkac); + cfg.spkac); ERR_print_errors(bio_err); goto end; } @@ -270,8 +270,8 @@ spkac_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (spkac_config.outfile) - out = BIO_new_file(spkac_config.outfile, "w"); + if (cfg.outfile) + out = BIO_new_file(cfg.outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } @@ -281,10 +281,10 @@ spkac_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (!spkac_config.noout) + if (!cfg.noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); - if (spkac_config.verify) { + if (cfg.verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if (i > 0) BIO_printf(bio_err, "Signature OK\n"); @@ -294,7 +294,7 @@ spkac_main(int argc, char **argv) goto end; } } - if (spkac_config.pubkey) + if (cfg.pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c index 05387de1305..84008183e77 100644 --- a/usr.bin/openssl/ts.c +++ b/usr.bin/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -138,7 +138,7 @@ static struct { int token_in; int token_out; char *untrusted; -} ts_config; +} cfg; static int ts_opt_md(int argc, char **argv, int *argsused) @@ -148,7 +148,7 @@ ts_opt_md(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((ts_config.md = EVP_get_digestbyname(name)) == NULL) + if ((cfg.md = EVP_get_digestbyname(name)) == NULL) return (1); *argsused = 1; @@ -158,27 +158,27 @@ ts_opt_md(int argc, char **argv, int *argsused) static int ts_opt_query(void) { - if (ts_config.mode != CMD_NONE) + if (cfg.mode != CMD_NONE) return (1); - ts_config.mode = CMD_QUERY; + cfg.mode = CMD_QUERY; return (0); } static int ts_opt_reply(void) { - if (ts_config.mode != CMD_NONE) + if (cfg.mode != CMD_NONE) return (1); - ts_config.mode = CMD_REPLY; + cfg.mode = CMD_REPLY; return (0); } static int ts_opt_verify(void) { - if (ts_config.mode != CMD_NONE) + if (cfg.mode != CMD_NONE) return (1); - ts_config.mode = CMD_VERIFY; + cfg.mode = CMD_VERIFY; return (0); } @@ -188,89 +188,89 @@ static const struct option ts_options[] = { .argname = "file", .desc = "Certificate Authority file", .type = OPTION_ARG, - .opt.arg = &ts_config.ca_file, + .opt.arg = &cfg.ca_file, }, { .name = "CApath", .argname = "path", .desc = "Certificate Authority path", .type = OPTION_ARG, - .opt.arg = &ts_config.ca_path, + .opt.arg = &cfg.ca_path, }, { .name = "cert", .desc = "Include signing certificate in the response", .type = OPTION_FLAG, - .opt.flag = &ts_config.cert, + .opt.flag = &cfg.cert, }, { .name = "chain", .argname = "file", .desc = "PEM certificates that will be included in the response", .type = OPTION_ARG, - .opt.arg = &ts_config.chain, + .opt.arg = &cfg.chain, }, { .name = "config", .argname = "file", .desc = "Specify an alternative configuration file", .type = OPTION_ARG, - .opt.arg = &ts_config.configfile, + .opt.arg = &cfg.configfile, }, { .name = "data", .argname = "file", .desc = "Data file for which the time stamp request needs to be created", .type = OPTION_ARG, - .opt.arg = &ts_config.data, + .opt.arg = &cfg.data, }, { .name = "digest", .argname = "arg", .desc = "Specify the message imprint explicitly without the data file", .type = OPTION_ARG, - .opt.arg = &ts_config.digest, + .opt.arg = &cfg.digest, }, { .name = "in", .argname = "file", .desc = "Input file", .type = OPTION_ARG, - .opt.arg = &ts_config.in, + .opt.arg = &cfg.in, }, { .name = "inkey", .argname = "file", .desc = "Input key file", .type = OPTION_ARG, - .opt.arg = &ts_config.inkey, + .opt.arg = &cfg.inkey, }, { .name = "no_nonce", .desc = "Specify no nonce in the request", .type = OPTION_FLAG, - .opt.flag = &ts_config.no_nonce, + .opt.flag = &cfg.no_nonce, }, { .name = "out", .argname = "file", .desc = "Output file", .type = OPTION_ARG, - .opt.arg = &ts_config.out, + .opt.arg = &cfg.out, }, { .name = "passin", .argname = "src", .desc = "Private key password source", .type = OPTION_ARG, - .opt.arg = &ts_config.passin, + .opt.arg = &cfg.passin, }, { .name = "policy", .argname = "object_id", .desc = "Policy for the TSA to use when creating the time stamp token", .type = OPTION_ARG, - .opt.arg = &ts_config.policy, + .opt.arg = &cfg.policy, }, { .name = "query", @@ -283,7 +283,7 @@ static const struct option ts_options[] = { .argname = "file", .desc = "File containing a DER-encoded time stamp request", .type = OPTION_ARG, - .opt.arg = &ts_config.queryfile, + .opt.arg = &cfg.queryfile, }, { .name = "reply", @@ -296,39 +296,39 @@ static const struct option ts_options[] = { .argname = "arg", .desc = "TSA section containing the settings for response generation", .type = OPTION_ARG, - .opt.arg = &ts_config.section, + .opt.arg = &cfg.section, }, { .name = "signer", .argname = "file", .desc = "Signer certificate file", .type = OPTION_ARG, - .opt.arg = &ts_config.signer, + .opt.arg = &cfg.signer, }, { .name = "text", .desc = "Output in human-readable text format", .type = OPTION_FLAG, - .opt.flag = &ts_config.text, + .opt.flag = &cfg.text, }, { .name = "token_in", .desc = "Input is a DER-encoded time stamp token", .type = OPTION_FLAG, - .opt.flag = &ts_config.token_in, + .opt.flag = &cfg.token_in, }, { .name = "token_out", .desc = "Output is a DER-encoded time stamp token", .type = OPTION_FLAG, - .opt.flag = &ts_config.token_out, + .opt.flag = &cfg.token_out, }, { .name = "untrusted", .argname = "file", .desc = "File containing untrusted certificates", .type = OPTION_ARG, - .opt.arg = &ts_config.untrusted, + .opt.arg = &cfg.untrusted, }, { .name = "verify", @@ -382,15 +382,15 @@ ts_main(int argc, char **argv) exit(1); } - memset(&ts_config, 0, sizeof(ts_config)); - ts_config.mode = CMD_NONE; + memset(&cfg, 0, sizeof(cfg)); + cfg.mode = CMD_NONE; if (options_parse(argc, argv, ts_options, NULL, NULL) != 0) goto usage; /* Get the password if required. */ - if (ts_config.mode == CMD_REPLY && ts_config.passin != NULL && - !app_passwd(bio_err, ts_config.passin, NULL, &password, NULL)) { + if (cfg.mode == CMD_REPLY && cfg.passin != NULL && + !app_passwd(bio_err, cfg.passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto cleanup; } @@ -398,7 +398,7 @@ ts_main(int argc, char **argv) * Check consistency of parameters and execute the appropriate * function. */ - switch (ts_config.mode) { + switch (cfg.mode) { case CMD_NONE: goto usage; case CMD_QUERY: @@ -406,50 +406,50 @@ ts_main(int argc, char **argv) * Data file and message imprint cannot be specified at the * same time. */ - ret = ts_config.data != NULL && ts_config.digest != NULL; + ret = cfg.data != NULL && cfg.digest != NULL; if (ret) goto usage; /* Load the config file for possible policy OIDs. */ - conf = load_config_file(ts_config.configfile); - ret = !query_command(ts_config.data, ts_config.digest, - ts_config.md, ts_config.policy, ts_config.no_nonce, - ts_config.cert, ts_config.in, ts_config.out, - ts_config.text); + conf = load_config_file(cfg.configfile); + ret = !query_command(cfg.data, cfg.digest, + cfg.md, cfg.policy, cfg.no_nonce, + cfg.cert, cfg.in, cfg.out, + cfg.text); break; case CMD_REPLY: - conf = load_config_file(ts_config.configfile); - if (ts_config.in == NULL) { - ret = !(ts_config.queryfile != NULL && conf != NULL && - !ts_config.token_in); + conf = load_config_file(cfg.configfile); + if (cfg.in == NULL) { + ret = !(cfg.queryfile != NULL && conf != NULL && + !cfg.token_in); if (ret) goto usage; } else { /* 'in' and 'queryfile' are exclusive. */ - ret = !(ts_config.queryfile == NULL); + ret = !(cfg.queryfile == NULL); if (ret) goto usage; } - ret = !reply_command(conf, ts_config.section, - ts_config.queryfile, password, ts_config.inkey, - ts_config.signer, ts_config.chain, ts_config.policy, - ts_config.in, ts_config.token_in, ts_config.out, - ts_config.token_out, ts_config.text); + ret = !reply_command(conf, cfg.section, + cfg.queryfile, password, cfg.inkey, + cfg.signer, cfg.chain, cfg.policy, + cfg.in, cfg.token_in, cfg.out, + cfg.token_out, cfg.text); break; case CMD_VERIFY: - ret = !(((ts_config.queryfile != NULL && ts_config.data == NULL && - ts_config.digest == NULL) || - (ts_config.queryfile == NULL && ts_config.data != NULL && - ts_config.digest == NULL) || - (ts_config.queryfile == NULL && ts_config.data == NULL && - ts_config.digest != NULL)) && - ts_config.in != NULL); + ret = !(((cfg.queryfile != NULL && cfg.data == NULL && + cfg.digest == NULL) || + (cfg.queryfile == NULL && cfg.data != NULL && + cfg.digest == NULL) || + (cfg.queryfile == NULL && cfg.data == NULL && + cfg.digest != NULL)) && + cfg.in != NULL); if (ret) goto usage; - ret = !verify_command(ts_config.data, ts_config.digest, - ts_config.queryfile, ts_config.in, ts_config.token_in, - ts_config.ca_path, ts_config.ca_file, ts_config.untrusted); + ret = !verify_command(cfg.data, cfg.digest, + cfg.queryfile, cfg.in, cfg.token_in, + cfg.ca_path, cfg.ca_file, cfg.untrusted); } goto cleanup; diff --git a/usr.bin/openssl/verify.c b/usr.bin/openssl/verify.c index b42dd2f2433..b4126239911 100644 --- a/usr.bin/openssl/verify.c +++ b/usr.bin/openssl/verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: verify.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -81,7 +81,7 @@ static struct { char *untfile; int verbose; X509_VERIFY_PARAM *vpm; -} verify_config; +} cfg; static int verify_opt_args(int argc, char **argv, int *argsused) @@ -89,7 +89,7 @@ verify_opt_args(int argc, char **argv, int *argsused) int oargc = argc; int badarg = 0; - if (!args_verify(&argv, &argc, &badarg, bio_err, &verify_config.vpm)) + if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) return (1); if (badarg) return (1); @@ -105,41 +105,41 @@ static const struct option verify_options[] = { .argname = "file", .desc = "Certificate Authority file", .type = OPTION_ARG, - .opt.arg = &verify_config.CAfile, + .opt.arg = &cfg.CAfile, }, { .name = "CApath", .argname = "path", .desc = "Certificate Authority path", .type = OPTION_ARG, - .opt.arg = &verify_config.CApath, + .opt.arg = &cfg.CApath, }, { .name = "CRLfile", .argname = "file", .desc = "Certificate Revocation List file", .type = OPTION_ARG, - .opt.arg = &verify_config.crlfile, + .opt.arg = &cfg.crlfile, }, { .name = "trusted", .argname = "file", .desc = "Trusted certificates file", .type = OPTION_ARG, - .opt.arg = &verify_config.trustfile, + .opt.arg = &cfg.trustfile, }, { .name = "untrusted", .argname = "file", .desc = "Untrusted certificates file", .type = OPTION_ARG, - .opt.arg = &verify_config.untfile, + .opt.arg = &cfg.untfile, }, { .name = "verbose", .desc = "Verbose", .type = OPTION_FLAG, - .opt.flag = &verify_config.verbose, + .opt.flag = &cfg.verbose, }, { .name = NULL, @@ -273,7 +273,7 @@ verify_main(int argc, char **argv) exit(1); } - memset(&verify_config, 0, sizeof(verify_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, verify_options, NULL, &argsused) != 0) { verify_usage(); @@ -288,17 +288,17 @@ verify_main(int argc, char **argv) goto end; X509_STORE_set_verify_cb(cert_ctx, cb); - if (verify_config.vpm) - X509_STORE_set1_param(cert_ctx, verify_config.vpm); + if (cfg.vpm) + X509_STORE_set1_param(cert_ctx, cfg.vpm); lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); if (lookup == NULL) abort(); /* XXX */ - if (verify_config.CAfile) { - if (!X509_LOOKUP_load_file(lookup, verify_config.CAfile, + if (cfg.CAfile) { + if (!X509_LOOKUP_load_file(lookup, cfg.CAfile, X509_FILETYPE_PEM)) { BIO_printf(bio_err, "Error loading file %s\n", - verify_config.CAfile); + cfg.CAfile); ERR_print_errors(bio_err); goto end; } @@ -308,11 +308,11 @@ verify_main(int argc, char **argv) lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) abort(); /* XXX */ - if (verify_config.CApath) { - if (!X509_LOOKUP_add_dir(lookup, verify_config.CApath, + if (cfg.CApath) { + if (!X509_LOOKUP_add_dir(lookup, cfg.CApath, X509_FILETYPE_PEM)) { BIO_printf(bio_err, "Error loading directory %s\n", - verify_config.CApath); + cfg.CApath); ERR_print_errors(bio_err); goto end; } @@ -321,20 +321,20 @@ verify_main(int argc, char **argv) ERR_clear_error(); - if (verify_config.untfile) { - untrusted = load_certs(bio_err, verify_config.untfile, + if (cfg.untfile) { + untrusted = load_certs(bio_err, cfg.untfile, FORMAT_PEM, NULL, "untrusted certificates"); if (!untrusted) goto end; } - if (verify_config.trustfile) { - trusted = load_certs(bio_err, verify_config.trustfile, + if (cfg.trustfile) { + trusted = load_certs(bio_err, cfg.trustfile, FORMAT_PEM, NULL, "trusted certificates"); if (!trusted) goto end; } - if (verify_config.crlfile) { - crls = load_crls(bio_err, verify_config.crlfile, FORMAT_PEM, + if (cfg.crlfile) { + crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM, NULL, "other CRLs"); if (!crls) goto end; @@ -352,8 +352,8 @@ verify_main(int argc, char **argv) } end: - if (verify_config.vpm) - X509_VERIFY_PARAM_free(verify_config.vpm); + if (cfg.vpm) + X509_VERIFY_PARAM_free(cfg.vpm); if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); @@ -454,7 +454,7 @@ cb(int ok, X509_STORE_CTX *ctx) } if (cert_error == X509_V_OK && ok == 2) policies_print(NULL, ctx); - if (!verify_config.verbose) + if (!cfg.verbose) ERR_clear_error(); return (ok); } diff --git a/usr.bin/openssl/version.c b/usr.bin/openssl/version.c index 038774ad0c8..6ff1860eadb 100644 --- a/usr.bin/openssl/version.c +++ b/usr.bin/openssl/version.c @@ -1,4 +1,4 @@ -/* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: version.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,17 +142,17 @@ static struct { int options; int platform; int version; -} version_config; +} cfg; static int version_all_opts(void) { - version_config.cflags = 1; - version_config.date = 1; - version_config.dir= 1; - version_config.options = 1; - version_config.platform = 1; - version_config.version = 1; + cfg.cflags = 1; + cfg.date = 1; + cfg.dir= 1; + cfg.options = 1; + cfg.platform = 1; + cfg.version = 1; return (0); } @@ -168,37 +168,37 @@ static const struct option version_options[] = { .name = "b", .desc = "Date the current version of OpenSSL was built", .type = OPTION_FLAG, - .opt.flag = &version_config.date, + .opt.flag = &cfg.date, }, { .name = "d", .desc = "OPENSSLDIR value", .type = OPTION_FLAG, - .opt.flag = &version_config.dir, + .opt.flag = &cfg.dir, }, { .name = "f", .desc = "Compilation flags", .type = OPTION_FLAG, - .opt.flag = &version_config.cflags, + .opt.flag = &cfg.cflags, }, { .name = "o", .desc = "Option information", .type = OPTION_FLAG, - .opt.flag = &version_config.options, + .opt.flag = &cfg.options, }, { .name = "p", .desc = "Platform settings", .type = OPTION_FLAG, - .opt.flag = &version_config.platform, + .opt.flag = &cfg.platform, }, { .name = "v", .desc = "Current OpenSSL version", .type = OPTION_FLAG, - .opt.flag = &version_config.version, + .opt.flag = &cfg.version, }, {NULL}, }; @@ -218,7 +218,7 @@ version_main(int argc, char **argv) exit(1); } - memset(&version_config, 0, sizeof(version_config)); + memset(&cfg, 0, sizeof(cfg)); if (options_parse(argc, argv, version_options, NULL, NULL) != 0) { version_usage(); @@ -226,9 +226,9 @@ version_main(int argc, char **argv) } if (argc == 1) - version_config.version = 1; + cfg.version = 1; - if (version_config.version) { + if (cfg.version) { if (SSLeay() == SSLEAY_VERSION_NUMBER) { printf("%s\n", SSLeay_version(SSLEAY_VERSION)); } else { @@ -237,11 +237,11 @@ version_main(int argc, char **argv) SSLeay_version(SSLEAY_VERSION)); } } - if (version_config.date) + if (cfg.date) printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON)); - if (version_config.platform) + if (cfg.platform) printf("%s\n", SSLeay_version(SSLEAY_PLATFORM)); - if (version_config.options) { + if (cfg.options) { printf("options: "); printf("%s ", BN_options()); #ifndef OPENSSL_NO_RC4 @@ -258,9 +258,9 @@ version_main(int argc, char **argv) #endif printf("\n"); } - if (version_config.cflags) + if (cfg.cflags) printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); - if (version_config.dir) + if (cfg.dir) printf("%s\n", SSLeay_version(SSLEAY_DIR)); return (0); diff --git a/usr.bin/openssl/x509.c b/usr.bin/openssl/x509.c index e1c69c6798d..66cad3ab2cd 100644 --- a/usr.bin/openssl/x509.c +++ b/usr.bin/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */ +/* $OpenBSD: x509.c,v 1.31 2023/03/06 14:32:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,58 +152,58 @@ static struct { STACK_OF(ASN1_OBJECT) *trust; int trustout; int x509req; -} x509_config; +} cfg; static int x509_opt_addreject(char *arg) { - if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { + if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { BIO_printf(bio_err, "Invalid reject object value %s\n", arg); return (1); } - if (x509_config.reject == NULL && - (x509_config.reject = sk_ASN1_OBJECT_new_null()) == NULL) + if (cfg.reject == NULL && + (cfg.reject = sk_ASN1_OBJECT_new_null()) == NULL) return (1); - if (!sk_ASN1_OBJECT_push(x509_config.reject, x509_config.objtmp)) + if (!sk_ASN1_OBJECT_push(cfg.reject, cfg.objtmp)) return (1); - x509_config.trustout = 1; + cfg.trustout = 1; return (0); } static int x509_opt_addtrust(char *arg) { - if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { + if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { BIO_printf(bio_err, "Invalid trust object value %s\n", arg); return (1); } - if (x509_config.trust == NULL && - (x509_config.trust = sk_ASN1_OBJECT_new_null()) == NULL) + if (cfg.trust == NULL && + (cfg.trust = sk_ASN1_OBJECT_new_null()) == NULL) return (1); - if (!sk_ASN1_OBJECT_push(x509_config.trust, x509_config.objtmp)) + if (!sk_ASN1_OBJECT_push(cfg.trust, cfg.objtmp)) return (1); - x509_config.trustout = 1; + cfg.trustout = 1; return (0); } static int x509_opt_ca(char *arg) { - x509_config.CAfile = arg; - x509_config.CA_flag = ++x509_config.num; + cfg.CAfile = arg; + cfg.CA_flag = ++cfg.num; return (0); } static int x509_opt_certopt(char *arg) { - if (!set_cert_ex(&x509_config.certflag, arg)) + if (!set_cert_ex(&cfg.certflag, arg)) return (1); return (0); @@ -214,20 +214,20 @@ x509_opt_checkend(char *arg) { const char *errstr; - x509_config.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); + cfg.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "checkend unusable: %s\n", errstr); return (1); } - x509_config.checkend = 1; + cfg.checkend = 1; return (0); } static int x509_opt_dates(void) { - x509_config.startdate = ++x509_config.num; - x509_config.enddate = ++x509_config.num; + cfg.startdate = ++cfg.num; + cfg.enddate = ++cfg.num; return (0); } @@ -236,7 +236,7 @@ x509_opt_days(char *arg) { const char *errstr; - x509_config.days = strtonum(arg, 1, INT_MAX, &errstr); + cfg.days = strtonum(arg, 1, INT_MAX, &errstr); if (errstr != NULL) { BIO_printf(bio_err, "bad number of days: %s\n", errstr); return (1); @@ -252,11 +252,11 @@ x509_opt_digest(int argc, char **argv, int *argsused) if (*name++ != '-') return (1); - if ((x509_config.md_alg = EVP_get_digestbyname(name)) != NULL) { - x509_config.digest = x509_config.md_alg; + if ((cfg.md_alg = EVP_get_digestbyname(name)) != NULL) { + cfg.digest = cfg.md_alg; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); - x509_config.badops = 1; + cfg.badops = 1; return (1); } @@ -267,7 +267,7 @@ x509_opt_digest(int argc, char **argv, int *argsused) static int x509_opt_nameopt(char *arg) { - if (!set_name_ex(&x509_config.nmflag, arg)) + if (!set_name_ex(&cfg.nmflag, arg)) return (1); return (0); @@ -276,8 +276,8 @@ x509_opt_nameopt(char *arg) static int x509_opt_set_serial(char *arg) { - ASN1_INTEGER_free(x509_config.sno); - if ((x509_config.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) + ASN1_INTEGER_free(cfg.sno); + if ((cfg.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) return (1); return (0); @@ -286,27 +286,27 @@ x509_opt_set_serial(char *arg) static int x509_opt_setalias(char *arg) { - x509_config.alias = arg; - x509_config.trustout = 1; + cfg.alias = arg; + cfg.trustout = 1; return (0); } static int x509_opt_signkey(char *arg) { - x509_config.keyfile = arg; - x509_config.sign_flag = ++x509_config.num; + cfg.keyfile = arg; + cfg.sign_flag = ++cfg.num; return (0); } static int x509_opt_sigopt(char *arg) { - if (x509_config.sigopts == NULL && - (x509_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) + if (cfg.sigopts == NULL && + (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) return (1); - if (!sk_OPENSSL_STRING_push(x509_config.sigopts, arg)) + if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) return (1); return (0); @@ -317,8 +317,8 @@ static const struct option x509_options[] = { .name = "C", .desc = "Convert the certificate into C code", .type = OPTION_ORDER, - .opt.order = &x509_config.C, - .order = &x509_config.num, + .opt.order = &cfg.C, + .order = &cfg.num, }, { .name = "addreject", @@ -338,8 +338,8 @@ static const struct option x509_options[] = { .name = "alias", .desc = "Output certificate alias", .type = OPTION_ORDER, - .opt.order = &x509_config.aliasout, - .order = &x509_config.num, + .opt.order = &cfg.aliasout, + .order = &cfg.num, }, { .name = "CA", @@ -352,15 +352,15 @@ static const struct option x509_options[] = { .name = "CAcreateserial", .desc = "Create serial number file if it does not exist", .type = OPTION_ORDER, - .opt.order = &x509_config.CA_createserial, - .order = &x509_config.num, + .opt.order = &cfg.CA_createserial, + .order = &cfg.num, }, { .name = "CAform", .argname = "fmt", .desc = "CA format - default PEM", .type = OPTION_ARG_FORMAT, - .opt.value = &x509_config.CAformat, + .opt.value = &cfg.CAformat, }, { .name = "CAkey", @@ -368,21 +368,21 @@ static const struct option x509_options[] = { .desc = "CA key in PEM format unless -CAkeyform is specified\n" "if omitted, the key is assumed to be in the CA file", .type = OPTION_ARG, - .opt.arg = &x509_config.CAkeyfile, + .opt.arg = &cfg.CAkeyfile, }, { .name = "CAkeyform", .argname = "fmt", .desc = "CA key format - default PEM", .type = OPTION_ARG_FORMAT, - .opt.value = &x509_config.CAkeyformat, + .opt.value = &cfg.CAkeyformat, }, { .name = "CAserial", .argname = "file", .desc = "Serial file", .type = OPTION_ARG, - .opt.arg = &x509_config.CAserial, + .opt.arg = &cfg.CAserial, }, { .name = "certopt", @@ -403,21 +403,21 @@ static const struct option x509_options[] = { .name = "clrext", .desc = "Clear all extensions", .type = OPTION_FLAG, - .opt.flag = &x509_config.clrext, + .opt.flag = &cfg.clrext, }, { .name = "clrreject", .desc = "Clear all rejected purposes", .type = OPTION_ORDER, - .opt.order = &x509_config.clrreject, - .order = &x509_config.num, + .opt.order = &cfg.clrreject, + .order = &cfg.num, }, { .name = "clrtrust", .desc = "Clear all trusted purposes", .type = OPTION_ORDER, - .opt.order = &x509_config.clrtrust, - .order = &x509_config.num, + .opt.order = &cfg.clrtrust, + .order = &cfg.num, }, { .name = "dates", @@ -436,79 +436,79 @@ static const struct option x509_options[] = { .name = "email", .desc = "Print email address(es)", .type = OPTION_ORDER, - .opt.order = &x509_config.email, - .order = &x509_config.num, + .opt.order = &cfg.email, + .order = &cfg.num, }, { .name = "enddate", .desc = "Print notAfter field", .type = OPTION_ORDER, - .opt.order = &x509_config.enddate, - .order = &x509_config.num, + .opt.order = &cfg.enddate, + .order = &cfg.num, }, { .name = "extensions", .argname = "section", .desc = "Section from config file with X509V3 extensions to add", .type = OPTION_ARG, - .opt.arg = &x509_config.extsect, + .opt.arg = &cfg.extsect, }, { .name = "extfile", .argname = "file", .desc = "Configuration file with X509V3 extensions to add", .type = OPTION_ARG, - .opt.arg = &x509_config.extfile, + .opt.arg = &cfg.extfile, }, { .name = "fingerprint", .desc = "Print the certificate fingerprint", .type = OPTION_ORDER, - .opt.order = &x509_config.fingerprint, - .order = &x509_config.num, + .opt.order = &cfg.fingerprint, + .order = &cfg.num, }, { .name = "hash", .desc = "Synonym for -subject_hash", .type = OPTION_ORDER, - .opt.order = &x509_config.subject_hash, - .order = &x509_config.num, + .opt.order = &cfg.subject_hash, + .order = &cfg.num, }, { .name = "in", .argname = "file", .desc = "Input file - default stdin", .type = OPTION_ARG, - .opt.arg = &x509_config.infile, + .opt.arg = &cfg.infile, }, { .name = "inform", .argname = "fmt", .desc = "Input format - default PEM (one of DER, NET or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &x509_config.informat, + .opt.value = &cfg.informat, }, { .name = "issuer", .desc = "Print issuer name", .type = OPTION_ORDER, - .opt.order = &x509_config.issuer, - .order = &x509_config.num, + .opt.order = &cfg.issuer, + .order = &cfg.num, }, { .name = "issuer_hash", .desc = "Print issuer hash value", .type = OPTION_ORDER, - .opt.order = &x509_config.issuer_hash, - .order = &x509_config.num, + .opt.order = &cfg.issuer_hash, + .order = &cfg.num, }, #ifndef OPENSSL_NO_MD5 { .name = "issuer_hash_old", .desc = "Print old-style (MD5) issuer hash value", .type = OPTION_ORDER, - .opt.order = &x509_config.issuer_hash_old, - .order = &x509_config.num, + .opt.order = &cfg.issuer_hash_old, + .order = &cfg.num, }, #endif { @@ -516,14 +516,14 @@ static const struct option x509_options[] = { .argname = "fmt", .desc = "Private key format - default PEM", .type = OPTION_ARG_FORMAT, - .opt.value = &x509_config.keyformat, + .opt.value = &cfg.keyformat, }, { .name = "modulus", .desc = "Print the RSA key modulus", .type = OPTION_ORDER, - .opt.order = &x509_config.modulus, - .order = &x509_config.num, + .opt.order = &cfg.modulus, + .order = &cfg.num, }, { .name = "nameopt", @@ -536,77 +536,77 @@ static const struct option x509_options[] = { .name = "next_serial", .desc = "Print the next serial number", .type = OPTION_ORDER, - .opt.order = &x509_config.next_serial, - .order = &x509_config.num, + .opt.order = &cfg.next_serial, + .order = &cfg.num, }, { .name = "noout", .desc = "No certificate output", .type = OPTION_ORDER, - .opt.order = &x509_config.noout, - .order = &x509_config.num, + .opt.order = &cfg.noout, + .order = &cfg.num, }, { .name = "ocsp_uri", .desc = "Print OCSP Responder URL(s)", .type = OPTION_ORDER, - .opt.order = &x509_config.ocsp_uri, - .order = &x509_config.num, + .opt.order = &cfg.ocsp_uri, + .order = &cfg.num, }, { .name = "ocspid", .desc = "Print OCSP hash values for the subject name and public key", .type = OPTION_ORDER, - .opt.order = &x509_config.ocspid, - .order = &x509_config.num, + .opt.order = &cfg.ocspid, + .order = &cfg.num, }, { .name = "out", .argname = "file", .desc = "Output file - default stdout", .type = OPTION_ARG, - .opt.arg = &x509_config.outfile, + .opt.arg = &cfg.outfile, }, { .name = "outform", .argname = "fmt", .desc = "Output format - default PEM (one of DER, NET or PEM)", .type = OPTION_ARG_FORMAT, - .opt.value = &x509_config.outformat, + .opt.value = &cfg.outformat, }, { .name = "passin", .argname = "src", .desc = "Private key password source", .type = OPTION_ARG, - .opt.arg = &x509_config.passargin, + .opt.arg = &cfg.passargin, }, { .name = "pubkey", .desc = "Output the public key", .type = OPTION_ORDER, - .opt.order = &x509_config.pubkey, - .order = &x509_config.num, + .opt.order = &cfg.pubkey, + .order = &cfg.num, }, { .name = "purpose", .desc = "Print out certificate purposes", .type = OPTION_ORDER, - .opt.order = &x509_config.pprint, - .order = &x509_config.num, + .opt.order = &cfg.pprint, + .order = &cfg.num, }, { .name = "req", .desc = "Input is a certificate request, sign and output", .type = OPTION_FLAG, - .opt.flag = &x509_config.reqfile, + .opt.flag = &cfg.reqfile, }, { .name = "serial", .desc = "Print serial number value", .type = OPTION_ORDER, - .opt.order = &x509_config.serial, - .order = &x509_config.num, + .opt.order = &cfg.serial, + .order = &cfg.num, }, { .name = "set_serial", @@ -640,51 +640,51 @@ static const struct option x509_options[] = { .name = "startdate", .desc = "Print notBefore field", .type = OPTION_ORDER, - .opt.order = &x509_config.startdate, - .order = &x509_config.num, + .opt.order = &cfg.startdate, + .order = &cfg.num, }, { .name = "subject", .desc = "Print subject name", .type = OPTION_ORDER, - .opt.order = &x509_config.subject, - .order = &x509_config.num, + .opt.order = &cfg.subject, + .order = &cfg.num, }, { .name = "subject_hash", .desc = "Print subject hash value", .type = OPTION_ORDER, - .opt.order = &x509_config.subject_hash, - .order = &x509_config.num, + .opt.order = &cfg.subject_hash, + .order = &cfg.num, }, #ifndef OPENSSL_NO_MD5 { .name = "subject_hash_old", .desc = "Print old-style (MD5) subject hash value", .type = OPTION_ORDER, - .opt.order = &x509_config.subject_hash_old, - .order = &x509_config.num, + .opt.order = &cfg.subject_hash_old, + .order = &cfg.num, }, #endif { .name = "text", .desc = "Print the certificate in text form", .type = OPTION_ORDER, - .opt.order = &x509_config.text, - .order = &x509_config.num, + .opt.order = &cfg.text, + .order = &cfg.num, }, { .name = "trustout", .desc = "Output a trusted certificate", .type = OPTION_FLAG, - .opt.flag = &x509_config.trustout, + .opt.flag = &cfg.trustout, }, { .name = "x509toreq", .desc = "Output a certification request object", .type = OPTION_ORDER, - .opt.order = &x509_config.x509req, - .order = &x509_config.num, + .opt.order = &cfg.x509req, + .order = &cfg.num, }, { .name = NULL, @@ -740,13 +740,13 @@ x509_main(int argc, char **argv) exit(1); } - memset(&x509_config, 0, sizeof(x509_config)); - x509_config.days = DEF_DAYS; - x509_config.informat = FORMAT_PEM; - x509_config.outformat = FORMAT_PEM; - x509_config.keyformat = FORMAT_PEM; - x509_config.CAformat = FORMAT_PEM; - x509_config.CAkeyformat = FORMAT_PEM; + memset(&cfg, 0, sizeof(cfg)); + cfg.days = DEF_DAYS; + cfg.informat = FORMAT_PEM; + cfg.outformat = FORMAT_PEM; + cfg.keyformat = FORMAT_PEM; + cfg.CAformat = FORMAT_PEM; + cfg.CAkeyformat = FORMAT_PEM; STDout = BIO_new_fp(stdout, BIO_NOCLOSE); @@ -758,13 +758,13 @@ x509_main(int argc, char **argv) if (options_parse(argc, argv, x509_options, NULL, NULL) != 0) goto bad; - if (x509_config.badops) { + if (cfg.badops) { bad: x509_usage(); goto end; } - if (!app_passwd(bio_err, x509_config.passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } @@ -772,53 +772,53 @@ x509_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && - (x509_config.CAformat == FORMAT_PEM)) { - x509_config.CAkeyfile = x509_config.CAfile; - } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { + if ((cfg.CAkeyfile == NULL) && (cfg.CA_flag) && + (cfg.CAformat == FORMAT_PEM)) { + cfg.CAkeyfile = cfg.CAfile; + } else if ((cfg.CA_flag) && (cfg.CAkeyfile == NULL)) { BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n"); goto end; } - if (x509_config.extfile != NULL) { + if (cfg.extfile != NULL) { long errorline = -1; X509V3_CTX ctx2; extconf = NCONF_new(NULL); - if (!NCONF_load(extconf, x509_config.extfile, &errorline)) { + if (!NCONF_load(extconf, cfg.extfile, &errorline)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file '%s'\n", - x509_config.extfile); + cfg.extfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n", - errorline, x509_config.extfile); + errorline, cfg.extfile); goto end; } - if (x509_config.extsect == NULL) { - x509_config.extsect = NCONF_get_string(extconf, + if (cfg.extsect == NULL) { + cfg.extsect = NCONF_get_string(extconf, "default", "extensions"); - if (x509_config.extsect == NULL) { + if (cfg.extsect == NULL) { ERR_clear_error(); - x509_config.extsect = "default"; + cfg.extsect = "default"; } } X509V3_set_ctx_test(&ctx2); X509V3_set_nconf(&ctx2, extconf); - if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, + if (!X509V3_EXT_add_nconf(extconf, &ctx2, cfg.extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", - x509_config.extsect); + cfg.extsect); ERR_print_errors(bio_err); goto end; } } - if (x509_config.reqfile) { + if (cfg.reqfile) { EVP_PKEY *pkey; BIO *in; - if (!x509_config.sign_flag && !x509_config.CA_flag) { + if (!cfg.sign_flag && !cfg.CA_flag) { BIO_printf(bio_err, "We need a private key to sign with\n"); goto end; @@ -828,11 +828,11 @@ x509_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (x509_config.infile == NULL) + if (cfg.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); else { - if (BIO_read_filename(in, x509_config.infile) <= 0) { - perror(x509_config.infile); + if (BIO_read_filename(in, cfg.infile) <= 0) { + perror(cfg.infile); BIO_free(in); goto end; } @@ -862,21 +862,21 @@ x509_main(int argc, char **argv) BIO_printf(bio_err, "Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), - x509_config.nmflag); + cfg.nmflag); if ((x = X509_new()) == NULL) goto end; - if (x509_config.sno == NULL) { - x509_config.sno = ASN1_INTEGER_new(); - if (x509_config.sno == NULL || - !rand_serial(NULL, x509_config.sno)) + if (cfg.sno == NULL) { + cfg.sno = ASN1_INTEGER_new(); + if (cfg.sno == NULL || + !rand_serial(NULL, cfg.sno)) goto end; - if (!X509_set_serialNumber(x, x509_config.sno)) + if (!X509_set_serialNumber(x, cfg.sno)) goto end; - ASN1_INTEGER_free(x509_config.sno); - x509_config.sno = NULL; - } else if (!X509_set_serialNumber(x, x509_config.sno)) + ASN1_INTEGER_free(cfg.sno); + cfg.sno = NULL; + } else if (!X509_set_serialNumber(x, cfg.sno)) goto end; if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) @@ -886,7 +886,7 @@ x509_main(int argc, char **argv) if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto end; - if (X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, + if (X509_time_adj_ex(X509_get_notAfter(x), cfg.days, 0, NULL) == NULL) goto end; @@ -897,19 +897,19 @@ x509_main(int argc, char **argv) goto end; } } else { - x = load_cert(bio_err, x509_config.infile, x509_config.informat, + x = load_cert(bio_err, cfg.infile, cfg.informat, NULL, "Certificate"); } if (x == NULL) goto end; - if (x509_config.CA_flag) { - xca = load_cert(bio_err, x509_config.CAfile, - x509_config.CAformat, NULL, "CA Certificate"); + if (cfg.CA_flag) { + xca = load_cert(bio_err, cfg.CAfile, + cfg.CAformat, NULL, "CA Certificate"); if (xca == NULL) goto end; } - if (!x509_config.noout || x509_config.text || x509_config.next_serial) { + if (!cfg.noout || cfg.text || cfg.next_serial) { OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); out = BIO_new(BIO_s_file()); @@ -917,57 +917,57 @@ x509_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (x509_config.outfile == NULL) { + if (cfg.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, x509_config.outfile) <= 0) { - perror(x509_config.outfile); + if (BIO_write_filename(out, cfg.outfile) <= 0) { + perror(cfg.outfile); goto end; } } } - if (x509_config.alias != NULL) { - if (!X509_alias_set1(x, (unsigned char *)x509_config.alias, -1)) + if (cfg.alias != NULL) { + if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1)) goto end; } - if (x509_config.clrtrust) + if (cfg.clrtrust) X509_trust_clear(x); - if (x509_config.clrreject) + if (cfg.clrreject) X509_reject_clear(x); - if (x509_config.trust != NULL) { - for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { - x509_config.objtmp = sk_ASN1_OBJECT_value( - x509_config.trust, i); - if (!X509_add1_trust_object(x, x509_config.objtmp)) + if (cfg.trust != NULL) { + for (i = 0; i < sk_ASN1_OBJECT_num(cfg.trust); i++) { + cfg.objtmp = sk_ASN1_OBJECT_value( + cfg.trust, i); + if (!X509_add1_trust_object(x, cfg.objtmp)) goto end; } } - if (x509_config.reject != NULL) { - for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { - x509_config.objtmp = sk_ASN1_OBJECT_value( - x509_config.reject, i); - if (!X509_add1_reject_object(x, x509_config.objtmp)) + if (cfg.reject != NULL) { + for (i = 0; i < sk_ASN1_OBJECT_num(cfg.reject); i++) { + cfg.objtmp = sk_ASN1_OBJECT_value( + cfg.reject, i); + if (!X509_add1_reject_object(x, cfg.objtmp)) goto end; } } - if (x509_config.num) { - for (i = 1; i <= x509_config.num; i++) { - if (x509_config.issuer == i) { + if (cfg.num) { + for (i = 1; i <= cfg.num; i++) { + if (cfg.issuer == i) { print_name(STDout, "issuer= ", X509_get_issuer_name(x), - x509_config.nmflag); - } else if (x509_config.subject == i) { + cfg.nmflag); + } else if (cfg.subject == i) { print_name(STDout, "subject= ", X509_get_subject_name(x), - x509_config.nmflag); - } else if (x509_config.serial == i) { + cfg.nmflag); + } else if (cfg.serial == i) { BIO_printf(STDout, "serial="); i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x)); BIO_printf(STDout, "\n"); - } else if (x509_config.next_serial == i) { + } else if (cfg.next_serial == i) { BIGNUM *bnser; ASN1_INTEGER *ser; ser = X509_get_serialNumber(x); @@ -989,11 +989,11 @@ x509_main(int argc, char **argv) i2a_ASN1_INTEGER(out, ser); ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); - } else if ((x509_config.email == i) || - (x509_config.ocsp_uri == i)) { + } else if ((cfg.email == i) || + (cfg.ocsp_uri == i)) { int j; STACK_OF(OPENSSL_STRING) *emlst; - if (x509_config.email == i) + if (cfg.email == i) emlst = X509_get1_email(x); else emlst = X509_get1_ocsp(x); @@ -1001,7 +1001,7 @@ x509_main(int argc, char **argv) BIO_printf(STDout, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); - } else if (x509_config.aliasout == i) { + } else if (cfg.aliasout == i) { unsigned char *albuf; int buflen; albuf = X509_alias_get0(x, &buflen); @@ -1010,27 +1010,27 @@ x509_main(int argc, char **argv) buflen, albuf); else BIO_puts(STDout, "<No Alias>\n"); - } else if (x509_config.subject_hash == i) { + } else if (cfg.subject_hash == i) { BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x)); } #ifndef OPENSSL_NO_MD5 - else if (x509_config.subject_hash_old == i) { + else if (cfg.subject_hash_old == i) { BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x)); } #endif - else if (x509_config.issuer_hash == i) { + else if (cfg.issuer_hash == i) { BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x)); } #ifndef OPENSSL_NO_MD5 - else if (x509_config.issuer_hash_old == i) { + else if (cfg.issuer_hash_old == i) { BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x)); } #endif - else if (x509_config.pprint == i) { + else if (cfg.pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf(STDout, "Certificate purposes:\n"); @@ -1038,7 +1038,7 @@ x509_main(int argc, char **argv) ptmp = X509_PURPOSE_get0(j); purpose_print(STDout, x, ptmp); } - } else if (x509_config.modulus == i) { + } else if (cfg.modulus == i) { EVP_PKEY *pkey; pkey = X509_get0_pubkey(x); @@ -1066,7 +1066,7 @@ x509_main(int argc, char **argv) BIO_printf(STDout, "Wrong Algorithm type"); BIO_printf(STDout, "\n"); - } else if (x509_config.pubkey == i) { + } else if (cfg.pubkey == i) { EVP_PKEY *pkey; pkey = X509_get0_pubkey(x); @@ -1077,7 +1077,7 @@ x509_main(int argc, char **argv) goto end; } PEM_write_bio_PUBKEY(STDout, pkey); - } else if (x509_config.C == i) { + } else if (cfg.C == i) { unsigned char *d; char *m; int y, z; @@ -1156,11 +1156,11 @@ x509_main(int argc, char **argv) BIO_printf(STDout, "};\n"); free(m); - } else if (x509_config.text == i) { - if(!X509_print_ex(STDout, x, x509_config.nmflag, - x509_config.certflag)) + } else if (cfg.text == i) { + if(!X509_print_ex(STDout, x, cfg.nmflag, + cfg.certflag)) goto end; - } else if (x509_config.startdate == i) { + } else if (cfg.startdate == i) { ASN1_TIME *nB = X509_get_notBefore(x); BIO_puts(STDout, "notBefore="); if (ASN1_time_parse(nB->data, nB->length, NULL, @@ -1170,7 +1170,7 @@ x509_main(int argc, char **argv) else ASN1_TIME_print(STDout, nB); BIO_puts(STDout, "\n"); - } else if (x509_config.enddate == i) { + } else if (cfg.enddate == i) { ASN1_TIME *nA = X509_get_notAfter(x); BIO_puts(STDout, "notAfter="); if (ASN1_time_parse(nA->data, nA->length, NULL, @@ -1180,11 +1180,11 @@ x509_main(int argc, char **argv) else ASN1_TIME_print(STDout, nA); BIO_puts(STDout, "\n"); - } else if (x509_config.fingerprint == i) { + } else if (cfg.fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; - const EVP_MD *fdig = x509_config.digest; + const EVP_MD *fdig = cfg.digest; if (fdig == NULL) fdig = EVP_sha256(); @@ -1201,52 +1201,52 @@ x509_main(int argc, char **argv) } /* should be in the library */ - } else if ((x509_config.sign_flag == i) && - (x509_config.x509req == 0)) { + } else if ((cfg.sign_flag == i) && + (cfg.x509req == 0)) { BIO_printf(bio_err, "Getting Private key\n"); if (Upkey == NULL) { Upkey = load_key(bio_err, - x509_config.keyfile, - x509_config.keyformat, 0, passin, + cfg.keyfile, + cfg.keyformat, 0, passin, "Private key"); if (Upkey == NULL) goto end; } - if (!sign(x, Upkey, x509_config.days, - x509_config.clrext, x509_config.digest, - extconf, x509_config.extsect)) + if (!sign(x, Upkey, cfg.days, + cfg.clrext, cfg.digest, + extconf, cfg.extsect)) goto end; - } else if (x509_config.CA_flag == i) { + } else if (cfg.CA_flag == i) { BIO_printf(bio_err, "Getting CA Private Key\n"); - if (x509_config.CAkeyfile != NULL) { + if (cfg.CAkeyfile != NULL) { CApkey = load_key(bio_err, - x509_config.CAkeyfile, - x509_config.CAkeyformat, 0, passin, + cfg.CAkeyfile, + cfg.CAkeyformat, 0, passin, "CA Private Key"); if (CApkey == NULL) goto end; } - if (!x509_certify(ctx, x509_config.CAfile, - x509_config.digest, x, xca, CApkey, - x509_config.sigopts, x509_config.CAserial, - x509_config.CA_createserial, - x509_config.days, x509_config.clrext, - extconf, x509_config.extsect, - x509_config.sno)) + if (!x509_certify(ctx, cfg.CAfile, + cfg.digest, x, xca, CApkey, + cfg.sigopts, cfg.CAserial, + cfg.CA_createserial, + cfg.days, cfg.clrext, + extconf, cfg.extsect, + cfg.sno)) goto end; - } else if (x509_config.x509req == i) { + } else if (cfg.x509req == i) { EVP_PKEY *pk; BIO_printf(bio_err, "Getting request Private Key\n"); - if (x509_config.keyfile == NULL) { + if (cfg.keyfile == NULL) { BIO_printf(bio_err, "no request key file specified\n"); goto end; } else { pk = load_key(bio_err, - x509_config.keyfile, - x509_config.keyformat, 0, passin, + cfg.keyfile, + cfg.keyformat, 0, passin, "request key"); if (pk == NULL) goto end; @@ -1255,27 +1255,27 @@ x509_main(int argc, char **argv) BIO_printf(bio_err, "Generating certificate request\n"); - rq = X509_to_X509_REQ(x, pk, x509_config.digest); + rq = X509_to_X509_REQ(x, pk, cfg.digest); EVP_PKEY_free(pk); if (rq == NULL) { ERR_print_errors(bio_err); goto end; } - if (!x509_config.noout) { + if (!cfg.noout) { if (!X509_REQ_print(out, rq)) goto end; if (!PEM_write_bio_X509_REQ(out, rq)) goto end; } - x509_config.noout = 1; - } else if (x509_config.ocspid == i) { + cfg.noout = 1; + } else if (cfg.ocspid == i) { if (!X509_ocspid_print(out, x)) goto end; } } } - if (x509_config.checkend) { - time_t tcheck = time(NULL) + x509_config.checkoffset; + if (cfg.checkend) { + time_t tcheck = time(NULL) + cfg.checkoffset; int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck); if (timecheck == 0) { BIO_printf(out, "Certificate expiry time is invalid\n"); @@ -1289,14 +1289,14 @@ x509_main(int argc, char **argv) } goto end; } - if (x509_config.noout) { + if (cfg.noout) { ret = 0; goto end; } - if (x509_config.outformat == FORMAT_ASN1) + if (cfg.outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); - else if (x509_config.outformat == FORMAT_PEM) { - if (x509_config.trustout) + else if (cfg.outformat == FORMAT_PEM) { + if (cfg.trustout) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); @@ -1323,11 +1323,11 @@ x509_main(int argc, char **argv) X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); - sk_OPENSSL_STRING_free(x509_config.sigopts); + sk_OPENSSL_STRING_free(cfg.sigopts); X509_REQ_free(rq); - ASN1_INTEGER_free(x509_config.sno); - sk_ASN1_OBJECT_pop_free(x509_config.trust, ASN1_OBJECT_free); - sk_ASN1_OBJECT_pop_free(x509_config.reject, ASN1_OBJECT_free); + ASN1_INTEGER_free(cfg.sno); + sk_ASN1_OBJECT_pop_free(cfg.trust, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(cfg.reject, ASN1_OBJECT_free); free(passin); return (ret); @@ -1412,7 +1412,7 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, */ X509_STORE_CTX_set_cert(xsc, x); X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); - if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) + if (!cfg.reqfile && X509_verify_cert(xsc) <= 0) goto end; if (!X509_check_private_key(xca, pkey)) { |