generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove unused parameters from internal functions

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2016-02-13 22:33:56 -05:00 committed by Rich Salz
parent 5de75fb4fb
commit a773b52a61
45 changed files with 216 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Configure
View File

@ -94,11 +94,11 @@ my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
# TODO(openssl-team): fix problems and investigate if (at least) the # TODO(openssl-team): fix problems and investigate if (at least) the
# following warnings can also be enabled: # following warnings can also be enabled:
# -Wswitch-enum # -Wswitch-enum
# -Wunused-macros
# -Wcast-align # -Wcast-align
# -Wunreachable-code # -Wunreachable-code
# -Wlanguage-extension-token # -Wlanguage-extension-token -- no, we use asm()
# -Wextended-offsetof # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = "" my $clang_devteam_warn = ""
. " -Qunused-arguments" . " -Qunused-arguments"
. " -Wextra" . " -Wextra"

17
apps/apps.c
View File

@ -674,8 +674,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
return rv; return rv;
} }
X509 *load_cert(const char *file, int format, X509 *load_cert(const char *file, int format, const char *cert_descrip)
const char *pass, ENGINE *e, const char *cert_descrip)
{ {
X509 *x = NULL; X509 *x = NULL;
BIO *cert; BIO *cert;
@ -904,7 +903,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
} }
static int load_certs_crls(const char *file, int format, static int load_certs_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc, const char *pass, const char *desc,
STACK_OF(X509) **pcerts, STACK_OF(X509) **pcerts,
STACK_OF(X509_CRL) **pcrls) STACK_OF(X509_CRL) **pcrls)
{ {
@ -1002,18 +1001,18 @@ void* app_malloc(int sz, const char *what)
* Initialize or extend, if *certs != NULL, a certificate stack. * Initialize or extend, if *certs != NULL, a certificate stack.
*/ */
int load_certs(const char *file, STACK_OF(X509) **certs, int format, int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *desc) const char *pass, const char *desc)
{ {
return load_certs_crls(file, format, pass, e, desc, certs, NULL); return load_certs_crls(file, format, pass, desc, certs, NULL);
} }
/* /*
* Initialize or extend, if *crls != NULL, a certificate stack. * Initialize or extend, if *crls != NULL, a certificate stack.
*/ */
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, ENGINE *e, const char *desc) const char *pass, const char *desc)
{ {
return load_certs_crls(file, format, pass, e, desc, NULL, crls); return load_certs_crls(file, format, pass, desc, NULL, crls);
} }
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
@ -1300,7 +1299,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */ /* Try to load an engine in a shareable library */
static ENGINE *try_load_engine(const char *engine, int debug) static ENGINE *try_load_engine(const char *engine)
{ {
ENGINE *e = ENGINE_by_id("dynamic"); ENGINE *e = ENGINE_by_id("dynamic");
if (e) { if (e) {
@ -1324,7 +1323,7 @@ ENGINE *setup_engine(const char *engine, int debug)
return NULL; return NULL;
} }
if ((e = ENGINE_by_id(engine)) == NULL if ((e = ENGINE_by_id(engine)) == NULL
&& (e = try_load_engine(engine, debug)) == NULL) { && (e = try_load_engine(engine)) == NULL) {
BIO_printf(bio_err, "invalid engine \"%s\"\n", engine); BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return NULL; return NULL;

7
apps/apps.h
View File

@ -475,8 +475,7 @@ int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf); int add_oid_section(CONF *conf);
X509 *load_cert(const char *file, int format, X509 *load_cert(const char *file, int format, const char *cert_descrip);
const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format); X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl); int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
@ -484,9 +483,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format, int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, ENGINE *e, const char *cert_descrip); const char *pass, const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath, X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath); int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,

14
apps/ca.c
View File

@ -153,8 +153,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
int multirdn, int email_dn, char *startdate, int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, char *enddate, long days, int batch, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt, CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy, unsigned long nameopt, int default_op, int ext_copy);
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst, X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
@ -607,7 +606,7 @@ end_of_options:
lookup_fail(section, ENV_CERTIFICATE); lookup_fail(section, ENV_CERTIFICATE);
goto end; goto end;
} }
x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate"); x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
if (x509 == NULL) if (x509 == NULL)
goto end; goto end;
@ -964,7 +963,7 @@ end_of_options:
db, serial, subj, chtype, multirdn, email_dn, db, serial, subj, chtype, multirdn, email_dn,
startdate, enddate, days, batch, extensions, startdate, enddate, days, batch, extensions,
conf, verbose, certopt, nameopt, default_op, conf, verbose, certopt, nameopt, default_op,
ext_copy, e); ext_copy);
if (j < 0) if (j < 0)
goto end; goto end;
if (j > 0) { if (j > 0) {
@ -1265,7 +1264,7 @@ end_of_options:
goto end; goto end;
} else { } else {
X509 *revcert; X509 *revcert;
revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile); revcert = load_cert(infile, FORMAT_PEM, infile);
if (revcert == NULL) if (revcert == NULL)
goto end; goto end;
if (dorevoke == 2) if (dorevoke == 2)
@ -1391,15 +1390,14 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
int multirdn, int email_dn, char *startdate, int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, char *enddate, long days, int batch, char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy, unsigned long nameopt, int default_op, int ext_copy)
ENGINE *e)
{ {
X509 *req = NULL; X509 *req = NULL;
X509_REQ *rreq = NULL; X509_REQ *rreq = NULL;
EVP_PKEY *pktmp = NULL; EVP_PKEY *pktmp = NULL;
int ok = -1, i; int ok = -1, i;
if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL) if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
goto end; goto end;
if (verbose) if (verbose)
X509_print(bio_err, req); X509_print(bio_err, req);

13
apps/cms.c
View File

@ -550,7 +550,7 @@ int cms_main(int argc, char **argv)
if (operation == SMIME_ENCRYPT) { if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end; goto end;
cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e, cert = load_cert(opt_arg(), FORMAT_PEM,
"recipient certificate file"); "recipient certificate file");
if (cert == NULL) if (cert == NULL)
goto end; goto end;
@ -725,7 +725,7 @@ int cms_main(int argc, char **argv)
if ((encerts = sk_X509_new_null()) == NULL) if ((encerts = sk_X509_new_null()) == NULL)
goto end; goto end;
while (*argv) { while (*argv) {
if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e, if ((cert = load_cert(*argv, FORMAT_PEM,
"recipient certificate file")) == NULL) "recipient certificate file")) == NULL)
goto end; goto end;
sk_X509_push(encerts, cert); sk_X509_push(encerts, cert);
@ -735,7 +735,7 @@ int cms_main(int argc, char **argv)
} }
if (certfile) { if (certfile) {
if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) { "certificate file")) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -743,7 +743,7 @@ int cms_main(int argc, char **argv)
} }
if (recipfile && (operation == SMIME_DECRYPT)) { if (recipfile && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e, if ((recip = load_cert(recipfile, FORMAT_PEM,
"recipient certificate file")) == NULL) { "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -751,7 +751,7 @@ int cms_main(int argc, char **argv)
} }
if (operation == SMIME_SIGN_RECEIPT) { if (operation == SMIME_SIGN_RECEIPT) {
if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e, if ((signer = load_cert(signerfile, FORMAT_PEM,
"receipt signer certificate file")) == NULL) { "receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -968,8 +968,7 @@ int cms_main(int argc, char **argv)
signerfile = sk_OPENSSL_STRING_value(sksigners, i); signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, NULL, signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
e, "signer certificate");
if (!signer) if (!signer)
goto end; goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); key = load_key(keyfile, keyform, 0, passin, e, "signing key file");

8
apps/dgst.c
View File

@ -73,7 +73,7 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name, const char *sig_name, const char *md_name,
const char *file, BIO *bmd); const char *file);
typedef enum OPTION_choice { typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -403,7 +403,7 @@ int dgst_main(int argc, char **argv)
if (argc == 0) { if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE); BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, NULL, NULL, "stdin", bmd); siglen, NULL, NULL, "stdin");
} else { } else {
const char *md_name = NULL, *sig_name = NULL; const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) { if (!out_bin) {
@ -426,7 +426,7 @@ int dgst_main(int argc, char **argv)
continue; continue;
} else } else
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, sig_name, md_name, argv[i], bmd); siglen, sig_name, md_name, argv[i]);
if (r) if (r)
ret = r; ret = r;
(void)BIO_reset(bmd); (void)BIO_reset(bmd);
@ -448,7 +448,7 @@ int dgst_main(int argc, char **argv)
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name, const char *sig_name, const char *md_name,
const char *file, BIO *bmd) const char *file)
{ {
size_t len; size_t len;
int i; int i;

29
apps/ocsp.c
View File

@ -115,8 +115,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(const char *port); static BIO *init_responder(const char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
const char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path, const char *path,
@ -406,8 +405,7 @@ int ocsp_main(int argc, char **argv)
path = opt_arg(); path = opt_arg();
break; break;
case OPT_ISSUER: case OPT_ISSUER:
issuer = load_cert(opt_arg(), FORMAT_PEM, issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
NULL, NULL, "issuer certificate");
if (issuer == NULL) if (issuer == NULL)
goto end; goto end;
if (issuers == NULL) { if (issuers == NULL) {
@ -418,8 +416,7 @@ int ocsp_main(int argc, char **argv)
break; break;
case OPT_CERT: case OPT_CERT:
X509_free(cert); X509_free(cert);
cert = load_cert(opt_arg(), FORMAT_PEM, cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
NULL, NULL, "certificate");
if (cert == NULL) if (cert == NULL)
goto end; goto end;
if (cert_id_md == NULL) if (cert_id_md == NULL)
@ -526,16 +523,14 @@ int ocsp_main(int argc, char **argv)
if (rsignfile) { if (rsignfile) {
if (!rkeyfile) if (!rkeyfile)
rkeyfile = rsignfile; rkeyfile = rsignfile;
rsigner = load_cert(rsignfile, FORMAT_PEM, rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
NULL, NULL, "responder certificate");
if (!rsigner) { if (!rsigner) {
BIO_printf(bio_err, "Error loading responder certificate\n"); BIO_printf(bio_err, "Error loading responder certificate\n");
goto end; goto end;
} }
rca_cert = load_cert(rca_filename, FORMAT_PEM, rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate");
NULL, NULL, "CA certificate");
if (rcertfile) { if (rcertfile) {
if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL, if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
"responder other certificates")) "responder other certificates"))
goto end; goto end;
} }
@ -550,7 +545,7 @@ int ocsp_main(int argc, char **argv)
redo_accept: redo_accept:
if (acbio) { if (acbio) {
if (!do_responder(&req, &cbio, acbio, port)) if (!do_responder(&req, &cbio, acbio))
goto end; goto end;
if (!req) { if (!req) {
resp = resp =
@ -572,14 +567,13 @@ int ocsp_main(int argc, char **argv)
if (signfile) { if (signfile) {
if (!keyfile) if (!keyfile)
keyfile = signfile; keyfile = signfile;
signer = load_cert(signfile, FORMAT_PEM, signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
NULL, NULL, "signer certificate");
if (!signer) { if (!signer) {
BIO_printf(bio_err, "Error loading signer certificate\n"); BIO_printf(bio_err, "Error loading signer certificate\n");
goto end; goto end;
} }
if (sign_certfile) { if (sign_certfile) {
if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL, if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
"signer certificates")) "signer certificates"))
goto end; goto end;
} }
@ -702,7 +696,7 @@ int ocsp_main(int argc, char **argv)
if (vpmtouched) if (vpmtouched)
X509_STORE_set1_param(store, vpm); X509_STORE_set1_param(store, vpm);
if (verify_certfile) { if (verify_certfile) {
if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL, if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
"validator certificate")) "validator certificate"))
goto end; goto end;
} }
@ -1078,8 +1072,7 @@ static int urldecode(char *p)
return (int)(out - save); return (int)(out - save);
} }
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
const char *port)
{ {
int len; int len;
OCSP_REQUEST *req = NULL; OCSP_REQUEST *req = NULL;

4
apps/pkcs12.c
View File

@ -397,7 +397,7 @@ int pkcs12_main(int argc, char **argv)
/* Load in all certs in input file */ /* Load in all certs in input file */
if (!(options & NOCERTS)) { if (!(options & NOCERTS)) {
if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e, if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
"certificates")) "certificates"))
goto export_end; goto export_end;
@ -426,7 +426,7 @@ int pkcs12_main(int argc, char **argv)
/* Add any more certificates asked for */ /* Add any more certificates asked for */
if (certfile) { if (certfile) {
if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e, if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
"certificates from certfile")) "certificates from certfile"))
goto export_end; goto export_end;
} }

2
apps/pkeyutl.c
View File

@ -390,7 +390,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
break; break;
case KEY_CERT: case KEY_CERT:
x = load_cert(keyfile, keyform, NULL, e, "Certificate"); x = load_cert(keyfile, keyform, "Certificate");
if (x) { if (x) {
pkey = X509_get_pubkey(x); pkey = X509_get_pubkey(x);
X509_free(x); X509_free(x);

2
apps/rsautl.c
View File

@ -231,7 +231,7 @@ int rsautl_main(int argc, char **argv)
break; break;
case KEY_CERT: case KEY_CERT:
x = load_cert(keyfile, keyformat, NULL, e, "Certificate"); x = load_cert(keyfile, keyformat, "Certificate");
if (x) { if (x) {
pkey = X509_get_pubkey(x); pkey = X509_get_pubkey(x);
X509_free(x); X509_free(x);

6
apps/s_apps.h
View File

@ -149,11 +149,11 @@ typedef fd_mask fd_set;
#define PORT "4433" #define PORT "4433"
#define PROTOCOL "tcp" #define PROTOCOL "tcp"
typedef int (*do_server_cb)(int s, int stype, unsigned char *context);
int do_server(int *accept_sock, const char *host, const char *port, int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int family, int type,
int (*cb) (const char *hostname, int s, int stype, do_server_cb cb,
unsigned char *context), unsigned char *context, unsigned char *context, int naccept);
int naccept);
#ifdef HEADER_X509_H #ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx); int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif #endif

4
apps/s_cb.c
View File

@ -972,7 +972,7 @@ int load_excert(SSL_EXCERT **pexc)
return 0; return 0;
} }
exc->cert = load_cert(exc->certfile, exc->certform, exc->cert = load_cert(exc->certfile, exc->certform,
NULL, NULL, "Server Certificate"); "Server Certificate");
if (!exc->cert) if (!exc->cert)
return 0; return 0;
if (exc->keyfile) { if (exc->keyfile) {
@ -986,7 +986,7 @@ int load_excert(SSL_EXCERT **pexc)
return 0; return 0;
if (exc->chainfile) { if (exc->chainfile) {
if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
NULL, "Server Chain")) "Server Chain"))
return 0; return 0;
} }
} }

5
apps/s_client.c
View File

@ -1432,8 +1432,7 @@ int s_client_main(int argc, char **argv)
} }
if (cert_file) { if (cert_file) {
cert = load_cert(cert_file, cert_format, cert = load_cert(cert_file, cert_format, "client certificate file");
NULL, e, "client certificate file");
if (cert == NULL) { if (cert == NULL) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -1441,7 +1440,7 @@ int s_client_main(int argc, char **argv)
} }
if (chain_file) { if (chain_file) {
if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e, if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
"client certificate chain")) "client certificate chain"))
goto end; goto end;
} }

31
apps/s_server.c
View File

@ -191,12 +191,9 @@ typedef unsigned int u_int;
#endif #endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure); static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(const char *hostname, int s, int stype, static int sv_body(int s, int stype, unsigned char *context);
unsigned char *context); static int www_body(int s, int stype, unsigned char *context);
static int www_body(const char *hostname, int s, int stype, static int rev_body(int s, int stype, unsigned char *context);
unsigned char *context);
static int rev_body(const char *hostname, int s, int stype,
unsigned char *context);
static void close_accept_socket(void); static void close_accept_socket(void);
static int init_ssl_connection(SSL *s); static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx); static void print_stats(BIO *bp, SSL_CTX *ctx);
@ -1027,8 +1024,7 @@ int s_server_main(int argc, char *argv[])
#ifdef AF_UNIX #ifdef AF_UNIX
int unlink_unix_path = 0; int unlink_unix_path = 0;
#endif #endif
int (*server_cb) (const char *hostname, int s, int stype, do_server_cb server_cb;
unsigned char *context);
int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
int no_dhe = 0; int no_dhe = 0;
@ -1557,14 +1553,14 @@ int s_server_main(int argc, char *argv[])
} }
s_cert = load_cert(s_cert_file, s_cert_format, s_cert = load_cert(s_cert_file, s_cert_format,
NULL, e, "server certificate file"); "server certificate file");
if (!s_cert) { if (!s_cert) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (s_chain_file) { if (s_chain_file) {
if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e, if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
"server certificate chain")) "server certificate chain"))
goto end; goto end;
} }
@ -1578,7 +1574,7 @@ int s_server_main(int argc, char *argv[])
} }
s_cert2 = load_cert(s_cert_file2, s_cert_format, s_cert2 = load_cert(s_cert_file2, s_cert_format,
NULL, e, "second server certificate file"); "second server certificate file");
if (!s_cert2) { if (!s_cert2) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@ -1636,14 +1632,14 @@ int s_server_main(int argc, char *argv[])
} }
s_dcert = load_cert(s_dcert_file, s_dcert_format, s_dcert = load_cert(s_dcert_file, s_dcert_format,
NULL, e, "second server certificate file"); "second server certificate file");
if (!s_dcert) { if (!s_dcert) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
if (s_dchain_file) { if (s_dchain_file) {
if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e, if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
"second server certificate chain")) "second server certificate chain"))
goto end; goto end;
} }
@ -2054,8 +2050,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx)); SSL_CTX_sess_get_cache_size(ssl_ctx));
} }
static int sv_body(const char *hostname, int s, int stype, static int sv_body(int s, int stype, unsigned char *context)
unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
fd_set readfds; fd_set readfds;
@ -2644,8 +2639,7 @@ static DH *load_dh_param(const char *dhfile)
} }
#endif #endif
static int www_body(const char *hostname, int s, int stype, static int www_body(int s, int stype, unsigned char *context)
unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
int ret = 1; int ret = 1;
@ -3032,8 +3026,7 @@ static int www_body(const char *hostname, int s, int stype,
return (ret); return (ret);
} }
static int rev_body(const char *hostname, int s, int stype, static int rev_body(int s, int stype, unsigned char *context)
unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
int i; int i;

52
apps/s_socket.c
View File

@ -221,10 +221,8 @@ int init_client(int *sock, const char *host, const char *port,
* 0 on failure, something other on success. * 0 on failure, something other on success.
*/ */
int do_server(int *accept_sock, const char *host, const char *port, int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int family, int type, do_server_cb cb,
int (*cb) (const char *hostname, int s, int stype, unsigned char *context, int naccept)
unsigned char *context), unsigned char *context,
int naccept)
{ {
int asock = 0; int asock = 0;
int sock; int sock;
@ -258,50 +256,26 @@ int do_server(int *accept_sock, const char *host, const char *port,
} }
BIO_ADDRINFO_free(res); BIO_ADDRINFO_free(res);
res = NULL;
if (accept_sock != NULL) { if (accept_sock != NULL)
*accept_sock = asock; *accept_sock = asock;
}
for (;;) { for (;;) {
BIO_ADDR *accepted_addr = NULL;
char *name = NULL;
if (type == SOCK_STREAM) { if (type == SOCK_STREAM) {
if ((accepted_addr = BIO_ADDR_new()) == NULL) { do {
BIO_closesocket(asock); sock = BIO_accept_ex(asock, NULL, 0);
return 0; } while (sock < 0 && BIO_sock_should_retry(ret));
}
redoit:
sock = BIO_accept_ex(asock, accepted_addr, 0);
if (sock < 0) { if (sock < 0) {
if (BIO_sock_should_retry(ret)) { ERR_print_errors(bio_err);
goto redoit; SHUTDOWN(asock);
} else { break;
ERR_print_errors(bio_err);
BIO_ADDR_free(accepted_addr);
SHUTDOWN(asock);
break;
}
} }
i = (*cb)(sock, type, context);
SHUTDOWN2(sock);
} else { } else {
sock = asock; i = (*cb)(asock, type, context);
} }
/* accepted_addr is NULL if we're dealing with SOCK_DGRAM
* this means that for SOCK_DGRAM, name will be NULL
*/
if (accepted_addr != NULL) {
#ifdef AF_UNIX
if (family == AF_UNIX)
name = BIO_ADDR_path_string(accepted_addr);
else
#endif
name = BIO_ADDR_hostname_string(accepted_addr, 0);
}
i = (*cb) (name, sock, type, context);
OPENSSL_free(name);
BIO_ADDR_free(accepted_addr);
if (type == SOCK_STREAM)
SHUTDOWN2(sock);
if (naccept != -1) if (naccept != -1)
naccept--; naccept--;
if (i < 0 || naccept == 0) { if (i < 0 || naccept == 0) {

12
apps/smime.c
View File

@ -458,7 +458,7 @@ int smime_main(int argc, char **argv)
goto end; goto end;
while (*argv) { while (*argv) {
cert = load_cert(*argv, FORMAT_PEM, cert = load_cert(*argv, FORMAT_PEM,
NULL, e, "recipient certificate file"); "recipient certificate file");
if (cert == NULL) if (cert == NULL)
goto end; goto end;
sk_X509_push(encerts, cert); sk_X509_push(encerts, cert);
@ -468,7 +468,7 @@ int smime_main(int argc, char **argv)
} }
if (certfile) { if (certfile) {
if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) { "certificate file")) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -476,8 +476,8 @@ int smime_main(int argc, char **argv)
} }
if (recipfile && (operation == SMIME_DECRYPT)) { if (recipfile && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, if ((recip = load_cert(recipfile, FORMAT_PEM,
e, "recipient certificate file")) == NULL) { "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
@ -572,8 +572,8 @@ int smime_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i); signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, NULL, signer = load_cert(signerfile, FORMAT_PEM,
e, "signer certificate"); "signer certificate");
if (!signer) if (!signer)
goto end; goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); key = load_key(keyfile, keyform, 0, passin, e, "signing key file");

8
apps/speed.c
View File

@ -1781,7 +1781,7 @@ int speed_main(int argc, char **argv)
/* DSA_generate_key(dsa_key[j]); */ /* DSA_generate_key(dsa_key[j]); */
/* DSA_sign_setup(dsa_key[j],NULL); */ /* DSA_sign_setup(dsa_key[j],NULL); */
st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]); st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) { if (st == 0) {
BIO_printf(bio_err, BIO_printf(bio_err,
"DSA sign failure. No DSA sign will be done.\n"); "DSA sign failure. No DSA sign will be done.\n");
@ -1792,7 +1792,7 @@ int speed_main(int argc, char **argv)
dsa_c[j][0], dsa_bits[j], DSA_SECONDS); dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][0]); count++) { for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]); st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) { if (st == 0) {
BIO_printf(bio_err, "DSA sign failure\n"); BIO_printf(bio_err, "DSA sign failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@ -1809,7 +1809,7 @@ int speed_main(int argc, char **argv)
rsa_count = count; rsa_count = count;
} }
st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]); st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) { if (st <= 0) {
BIO_printf(bio_err, BIO_printf(bio_err,
"DSA verify failure. No DSA verify will be done.\n"); "DSA verify failure. No DSA verify will be done.\n");
@ -1820,7 +1820,7 @@ int speed_main(int argc, char **argv)
dsa_c[j][1], dsa_bits[j], DSA_SECONDS); dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][1]); count++) { for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]); st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) { if (st <= 0) {
BIO_printf(bio_err, "DSA verify failure\n"); BIO_printf(bio_err, "DSA verify failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);

27
apps/verify.c
View File

@ -68,7 +68,7 @@
static int cb(int ok, X509_STORE_CTX *ctx); static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0; static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice { typedef enum OPTION_choice {
@ -108,7 +108,6 @@ OPTIONS verify_options[] = {
int verify_main(int argc, char **argv) int verify_main(int argc, char **argv)
{ {
ENGINE *e = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL; STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL; X509_STORE *store = NULL;
@ -167,7 +166,7 @@ int verify_main(int argc, char **argv)
break; break;
case OPT_UNTRUSTED: case OPT_UNTRUSTED:
/* Zero or more times */ /* Zero or more times */
if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, e, if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
"untrusted certificates")) "untrusted certificates"))
goto end; goto end;
break; break;
@ -175,26 +174,28 @@ int verify_main(int argc, char **argv)
/* Zero or more times */ /* Zero or more times */
noCAfile = 1; noCAfile = 1;
noCApath = 1; noCApath = 1;
if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, e, if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
"trusted certificates")) "trusted certificates"))
goto end; goto end;
break; break;
case OPT_CRLFILE: case OPT_CRLFILE:
/* Zero or more times */ /* Zero or more times */
if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, e, if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
"other CRLs")) "other CRLs"))
goto end; goto end;
break; break;
case OPT_CRL_DOWNLOAD: case OPT_CRL_DOWNLOAD:
crl_download = 1; crl_download = 1;
break; break;
case OPT_ENGINE:
if (setup_engine(opt_arg(), 0) == NULL) {
/* Failure message already displayed */
goto end;
}
break;
case OPT_SHOW_CHAIN: case OPT_SHOW_CHAIN:
show_chain = 1; show_chain = 1;
break; break;
case OPT_ENGINE:
/* Specify *before* -trusted/-untrusted/-CRLfile */
e = setup_engine(opt_arg(), 0);
break;
case OPT_VERBOSE: case OPT_VERBOSE:
v_verbose = 1; v_verbose = 1;
break; break;
@ -223,11 +224,11 @@ int verify_main(int argc, char **argv)
ret = 0; ret = 0;
if (argc < 1) { if (argc < 1) {
if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1) if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
ret = -1; ret = -1;
} else { } else {
for (i = 0; i < argc; i++) for (i = 0; i < argc; i++)
if (check(store, argv[i], untrusted, trusted, crls, e, if (check(store, argv[i], untrusted, trusted, crls,
show_chain) != 1) show_chain) != 1)
ret = -1; ret = -1;
} }
@ -243,7 +244,7 @@ int verify_main(int argc, char **argv)
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain) STACK_OF(X509_CRL) *crls, int show_chain)
{ {
X509 *x = NULL; X509 *x = NULL;
int i = 0, ret = 0; int i = 0, ret = 0;
@ -251,7 +252,7 @@ static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain = NULL;
int num_untrusted; int num_untrusted;
x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); x = load_cert(file, FORMAT_PEM, "certificate file");
if (x == NULL) if (x == NULL)
goto end; goto end;

4
apps/x509.c
View File

@ -612,12 +612,12 @@ int x509_main(int argc, char **argv)
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
} else } else
x = load_cert(infile, informat, NULL, e, "Certificate"); x = load_cert(infile, informat, "Certificate");
if (x == NULL) if (x == NULL)
goto end; goto end;
if (CA_flag) { if (CA_flag) {
xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate"); xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL) if (xca == NULL)
goto end; goto end;
} }

20
crypto/asn1/tasn_prn.c
View File

@ -402,8 +402,7 @@ static int asn1_print_fsname(BIO *out, int indent,
return 1; return 1;
} }
static int asn1_print_boolean_ctx(BIO *out, int boolval, static int asn1_print_boolean(BIO *out, int boolval)
const ASN1_PCTX *pctx)
{ {
const char *str; const char *str;
switch (boolval) { switch (boolval) {
@ -427,8 +426,7 @@ static int asn1_print_boolean_ctx(BIO *out, int boolval,
} }
static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, static int asn1_print_integer(BIO *out, ASN1_INTEGER *str)
const ASN1_PCTX *pctx)
{ {
char *s; char *s;
int ret = 1; int ret = 1;
@ -439,8 +437,7 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
return ret; return ret;
} }
static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
const ASN1_PCTX *pctx)
{ {
char objbuf[80]; char objbuf[80];
const char *ln; const char *ln;
@ -453,8 +450,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
return 1; return 1;
} }
static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, static int asn1_print_obstring(BIO *out, ASN1_STRING *str, int indent)
const ASN1_PCTX *pctx)
{ {
if (str->type == V_ASN1_BIT_STRING) { if (str->type == V_ASN1_BIT_STRING) {
if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
@ -523,13 +519,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
int boolval = *(int *)fld; int boolval = *(int *)fld;
if (boolval == -1) if (boolval == -1)
boolval = it->size; boolval = it->size;
ret = asn1_print_boolean_ctx(out, boolval, pctx); ret = asn1_print_boolean(out, boolval);
} }
break; break;
case V_ASN1_INTEGER: case V_ASN1_INTEGER:
case V_ASN1_ENUMERATED: case V_ASN1_ENUMERATED:
ret = asn1_print_integer_ctx(out, str, pctx); ret = asn1_print_integer(out, str);
break; break;
case V_ASN1_UTCTIME: case V_ASN1_UTCTIME:
@ -541,12 +537,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
break; break;
case V_ASN1_OBJECT: case V_ASN1_OBJECT:
ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
break; break;
case V_ASN1_OCTET_STRING: case V_ASN1_OCTET_STRING:
case V_ASN1_BIT_STRING: case V_ASN1_BIT_STRING:
ret = asn1_print_obstring_ctx(out, str, indent, pctx); ret = asn1_print_obstring(out, str, indent);
needlf = 0; needlf = 0;
break; break;

6
crypto/cms/cms_smime.c
View File

@ -271,8 +271,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store, X509_STORE *store,
STACK_OF(X509) *certs, STACK_OF(X509) *certs,
STACK_OF(X509_CRL) *crls, STACK_OF(X509_CRL) *crls)
unsigned int flags)
{ {
X509_STORE_CTX ctx; X509_STORE_CTX ctx;
X509 *signer; X509 *signer;
@ -353,8 +352,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
crls = CMS_get1_crls(cms); crls = CMS_get1_crls(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i); si = sk_CMS_SignerInfo_value(sinfos, i);
if (!cms_signerinfo_verify_cert(si, store, if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
cms_certs, crls, flags))
goto err; goto err;
} }
} }

8
crypto/conf/conf_mod.c
View File

@ -113,8 +113,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
static CONF_MODULE *module_find(char *name); static CONF_MODULE *module_find(char *name);
static int module_init(CONF_MODULE *pmod, char *name, char *value, static int module_init(CONF_MODULE *pmod, char *name, char *value,
const CONF *cnf); const CONF *cnf);
static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value);
unsigned long flags);
/* Main function: load modules from a CONF structure */ /* Main function: load modules from a CONF structure */
@ -204,7 +203,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
/* Module not found: try to load DSO */ /* Module not found: try to load DSO */
if (!md && !(flags & CONF_MFLAGS_NO_DSO)) if (!md && !(flags & CONF_MFLAGS_NO_DSO))
md = module_load_dso(cnf, name, value, flags); md = module_load_dso(cnf, name, value);
if (!md) { if (!md) {
if (!(flags & CONF_MFLAGS_SILENT)) { if (!(flags & CONF_MFLAGS_SILENT)) {
@ -230,8 +229,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
} }
/* Load a module from a DSO */ /* Load a module from a DSO */
static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value)
unsigned long flags)
{ {
DSO *dso = NULL; DSO *dso = NULL;
conf_init_func *ifunc; conf_init_func *ifunc;

57
crypto/dh/dh_ameth.c
View File

@ -297,15 +297,6 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
return 0; return 0;
} }
static void update_buflen(const BIGNUM *b, size_t *pbuflen)
{
size_t i;
if (!b)
return;
if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
*pbuflen = i;
}
static int dh_param_decode(EVP_PKEY *pkey, static int dh_param_decode(EVP_PKEY *pkey,
const unsigned char **pder, int derlen) const unsigned char **pder, int derlen)
{ {
@ -324,15 +315,10 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
return i2d_dhp(pkey, pkey->pkey.dh, pder); return i2d_dhp(pkey, pkey->pkey.dh, pder);
} }
static int do_dh_print(BIO *bp, const DH *x, int indent, static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
ASN1_PCTX *ctx, int ptype)
{ {
unsigned char *m = NULL;
int reason = ERR_R_BUF_LIB; int reason = ERR_R_BUF_LIB;
size_t buf_len = 0;
const char *ktype = NULL; const char *ktype = NULL;
BIGNUM *priv_key, *pub_key; BIGNUM *priv_key, *pub_key;
if (ptype == 2) if (ptype == 2)
@ -345,20 +331,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
else else
pub_key = NULL; pub_key = NULL;
update_buflen(x->p, &buf_len); if (priv_key == NULL && pub_key == NULL) {
if (buf_len == 0) {
reason = ERR_R_PASSED_NULL_PARAMETER; reason = ERR_R_PASSED_NULL_PARAMETER;
goto err; goto err;
} }
update_buflen(x->g, &buf_len);
update_buflen(x->q, &buf_len);
update_buflen(x->j, &buf_len);
update_buflen(x->counter, &buf_len);
update_buflen(pub_key, &buf_len);
update_buflen(priv_key, &buf_len);
if (ptype == 2) if (ptype == 2)
ktype = "DH Private-Key"; ktype = "DH Private-Key";
else if (ptype == 1) else if (ptype == 1)
@ -366,29 +343,23 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
else else
ktype = "DH Parameters"; ktype = "DH Parameters";
m = OPENSSL_malloc(buf_len + 10);
if (m == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
BIO_indent(bp, indent, 128); BIO_indent(bp, indent, 128);
if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
goto err; goto err;
indent += 4; indent += 4;
if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
goto err; goto err;
if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
goto err; goto err;
if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
goto err; goto err;
if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
goto err; goto err;
if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
goto err; goto err;
if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
goto err; goto err;
if (x->seed) { if (x->seed) {
int i; int i;
@ -407,7 +378,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
if (BIO_write(bp, "\n", 1) <= 0) if (BIO_write(bp, "\n", 1) <= 0)
return (0); return (0);
} }
if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
goto err; goto err;
if (x->length != 0) { if (x->length != 0) {
BIO_indent(bp, indent, 128); BIO_indent(bp, indent, 128);
@ -416,12 +387,10 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
goto err; goto err;
} }
OPENSSL_free(m);
return 1; return 1;
err: err:
DHerr(DH_F_DO_DH_PRINT, reason); DHerr(DH_F_DO_DH_PRINT, reason);
OPENSSL_free(m);
return 0; return 0;
} }
@ -537,24 +506,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx) ASN1_PCTX *ctx)
{ {
return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); return do_dh_print(bp, pkey->pkey.dh, indent, 0);
} }
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx) ASN1_PCTX *ctx)
{ {
return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); return do_dh_print(bp, pkey->pkey.dh, indent, 1);
} }
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx) ASN1_PCTX *ctx)
{ {
return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); return do_dh_print(bp, pkey->pkey.dh, indent, 2);
} }
int DHparams_print(BIO *bp, const DH *x) int DHparams_print(BIO *bp, const DH *x)
{ {
return do_dh_print(bp, x, 4, NULL, 0); return do_dh_print(bp, x, 4, 0);
} }
#ifndef OPENSSL_NO_CMS #ifndef OPENSSL_NO_CMS

50
crypto/dsa/dsa_ameth.c
View File

@ -372,22 +372,10 @@ static void int_dsa_free(EVP_PKEY *pkey)
DSA_free(pkey->pkey.dsa); DSA_free(pkey->pkey.dsa);
} }
static void update_buflen(const BIGNUM *b, size_t *pbuflen)
{
size_t i;
if (!b)
return;
if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
*pbuflen = i;
}
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
{ {
unsigned char *m = NULL;
int ret = 0; int ret = 0;
size_t buf_len = 0;
const char *ktype = NULL; const char *ktype = NULL;
const BIGNUM *priv_key, *pub_key; const BIGNUM *priv_key, *pub_key;
if (ptype == 2) if (ptype == 2)
@ -407,18 +395,6 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
else else
ktype = "DSA-Parameters"; ktype = "DSA-Parameters";
update_buflen(x->p, &buf_len);
update_buflen(x->q, &buf_len);
update_buflen(x->g, &buf_len);
update_buflen(priv_key, &buf_len);
update_buflen(pub_key, &buf_len);
m = OPENSSL_malloc(buf_len + 10);
if (m == NULL) {
DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (priv_key) { if (priv_key) {
if (!BIO_indent(bp, off, 128)) if (!BIO_indent(bp, off, 128))
goto err; goto err;
@ -427,19 +403,18 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
goto err; goto err;
} }
if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
goto err; goto err;
ret = 1; ret = 1;
err: err:
OPENSSL_free(m);
return (ret); return (ret);
} }
@ -502,6 +477,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
{ {
DSA_SIG *dsa_sig; DSA_SIG *dsa_sig;
const unsigned char *p; const unsigned char *p;
if (!sig) { if (!sig) {
if (BIO_puts(bp, "\n") <= 0) if (BIO_puts(bp, "\n") <= 0)
return 0; return 0;
@ -512,26 +488,16 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) { if (dsa_sig) {
int rv = 0; int rv = 0;
size_t buf_len = 0;
unsigned char *m = NULL;
update_buflen(dsa_sig->r, &buf_len);
update_buflen(dsa_sig->s, &buf_len);
m = OPENSSL_malloc(buf_len + 10);
if (m == NULL) {
DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (BIO_write(bp, "\n", 1) != 1) if (BIO_write(bp, "\n", 1) != 1)
goto err; goto err;
if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, NULL, indent))
goto err; goto err;
if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, NULL, indent))
goto err; goto err;
rv = 1; rv = 1;
err: err:
OPENSSL_free(m);
DSA_SIG_free(dsa_sig); DSA_SIG_free(dsa_sig);
return rv; return rv;
} }

12
crypto/dsa/dsa_pmeth.c
View File

@ -120,7 +120,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs, size_t *siglen, const unsigned char *tbs,
size_t tbslen) size_t tbslen)
{ {
int ret, type; int ret;
unsigned int sltmp; unsigned int sltmp;
DSA_PKEY_CTX *dctx = ctx->data; DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa; DSA *dsa = ctx->pkey->pkey.dsa;
@ -128,14 +128,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
if (dctx->md) { if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md)) if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0; return 0;
type = EVP_MD_type(dctx->md);
} else { } else {
if (tbslen != SHA_DIGEST_LENGTH) if (tbslen != SHA_DIGEST_LENGTH)
return 0; return 0;
type = NID_sha1;
} }
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
if (ret <= 0) if (ret <= 0)
return ret; return ret;
@ -147,21 +145,19 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen, const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen) const unsigned char *tbs, size_t tbslen)
{ {
int ret, type; int ret;
DSA_PKEY_CTX *dctx = ctx->data; DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa; DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md) { if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md)) if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0; return 0;
type = EVP_MD_type(dctx->md);
} else { } else {
if (tbslen != SHA_DIGEST_LENGTH) if (tbslen != SHA_DIGEST_LENGTH)
return 0; return 0;
type = NID_sha1;
} }
ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
return ret; return ret;
} }

2
crypto/ec/ecdh_ossl.c
View File

@ -118,7 +118,7 @@ int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
group = EC_KEY_get0_group(ecdh); group = EC_KEY_get0_group(ecdh);
if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
if (!EC_GROUP_get_cofactor(group, x, ctx) || if (!EC_GROUP_get_cofactor(group, x, NULL) ||
!BN_mul(x, x, priv_key, ctx)) { !BN_mul(x, x, priv_key, ctx)) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
goto err; goto err;

39
crypto/ec/eck_prn.c
View File

@ -142,8 +142,6 @@ static int print_bin(BIO *fp, const char *str, const unsigned char *num,
int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
{ {
unsigned char *buffer = NULL;
size_t buf_len = 0, i;
int ret = 0, reason = ERR_R_BIO_LIB; int ret = 0, reason = ERR_R_BIO_LIB;
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
const EC_POINT *point = NULL; const EC_POINT *point = NULL;
@ -236,27 +234,9 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err; goto err;
} }
buf_len = (size_t)BN_num_bytes(p);
if (buf_len < (i = (size_t)BN_num_bytes(a)))
buf_len = i;
if (buf_len < (i = (size_t)BN_num_bytes(b)))
buf_len = i;
if (buf_len < (i = (size_t)BN_num_bytes(gen)))
buf_len = i;
if (buf_len < (i = (size_t)BN_num_bytes(order)))
buf_len = i;
if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
buf_len = i;
if ((seed = EC_GROUP_get0_seed(x)) != NULL) if ((seed = EC_GROUP_get0_seed(x)) != NULL)
seed_len = EC_GROUP_get_seed_len(x); seed_len = EC_GROUP_get_seed_len(x);
buf_len += 10;
if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
if (!BIO_indent(bp, off, 128)) if (!BIO_indent(bp, off, 128))
goto err; goto err;
@ -279,36 +259,36 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err; goto err;
/* print the polynomial */ /* print the polynomial */
if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer, if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
off)) off))
goto err; goto err;
} else { } else {
if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off)) if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
goto err; goto err;
} }
if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off)) if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, NULL, off))
goto err; goto err;
if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off)) if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off))
goto err; goto err;
if (form == POINT_CONVERSION_COMPRESSED) { if (form == POINT_CONVERSION_COMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
buffer, off)) NULL, off))
goto err; goto err;
} else if (form == POINT_CONVERSION_UNCOMPRESSED) { } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
buffer, off)) NULL, off))
goto err; goto err;
} else { /* form == POINT_CONVERSION_HYBRID */ } else { /* form == POINT_CONVERSION_HYBRID */
if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
buffer, off)) NULL, off))
goto err; goto err;
} }
if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
buffer, off)) NULL, off))
goto err; goto err;
if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
buffer, off)) NULL, off))
goto err; goto err;
if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
goto err; goto err;
@ -322,7 +302,6 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
BN_free(b); BN_free(b);
BN_free(gen); BN_free(gen);
BN_CTX_free(ctx); BN_CTX_free(ctx);
OPENSSL_free(buffer);
return (ret); return (ret);
} }

7
crypto/mem.c
View File

@ -136,8 +136,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
ret = malloc(num); ret = malloc(num);
} }
#else #else
(void)file; osslargused(file); osslargused(line);
(void)line;
ret = malloc(num); ret = malloc(num);
#endif #endif
@ -188,8 +187,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
return ret; return ret;
} }
#else #else
(void)file; osslargused(file); osslargused(line);
(void)line;
#endif #endif
return realloc(str, num); return realloc(str, num);
@ -215,7 +213,6 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
} }
ret = CRYPTO_malloc(num, file, line); ret = CRYPTO_malloc(num, file, line);
if (ret) if (ret)
memcpy(ret, str, old_len); memcpy(ret, str, old_len);
CRYPTO_clear_free(str, old_len, file, line); CRYPTO_clear_free(str, old_len, file, line);

10
crypto/mem_sec.c
View File

@ -307,7 +307,7 @@ static void sh_add_to_list(char **list, char *ptr)
*list = ptr; *list = ptr;
} }
static void sh_remove_from_list(char *ptr, char *list) static void sh_remove_from_list(char *ptr)
{ {
SH_LIST *temp, *temp2; SH_LIST *temp, *temp2;
@ -484,7 +484,7 @@ static char *sh_malloc(size_t size)
/* remove from bigger list */ /* remove from bigger list */
OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
sh_clearbit(temp, slist, sh.bittable); sh_clearbit(temp, slist, sh.bittable);
sh_remove_from_list(temp, sh.freelist[slist]); sh_remove_from_list(temp);
OPENSSL_assert(temp != sh.freelist[slist]); OPENSSL_assert(temp != sh.freelist[slist]);
/* done with bigger list */ /* done with bigger list */
@ -510,7 +510,7 @@ static char *sh_malloc(size_t size)
chunk = sh.freelist[list]; chunk = sh.freelist[list];
OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
sh_setbit(chunk, list, sh.bitmalloc); sh_setbit(chunk, list, sh.bitmalloc);
sh_remove_from_list(chunk, sh.freelist[list]); sh_remove_from_list(chunk);
OPENSSL_assert(WITHIN_ARENA(chunk)); OPENSSL_assert(WITHIN_ARENA(chunk));
@ -539,10 +539,10 @@ static void sh_free(char *ptr)
OPENSSL_assert(ptr != NULL); OPENSSL_assert(ptr != NULL);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(ptr, list, sh.bittable); sh_clearbit(ptr, list, sh.bittable);
sh_remove_from_list(ptr, sh.freelist[list]); sh_remove_from_list(ptr);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(buddy, list, sh.bittable); sh_clearbit(buddy, list, sh.bittable);
sh_remove_from_list(buddy, sh.freelist[list]); sh_remove_from_list(buddy);
list--; list--;

6
crypto/ocsp/ocsp_prn.c
View File

@ -76,9 +76,9 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING); i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING); i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
i2a_ASN1_INTEGER(bp, &a->serialNumber); i2a_ASN1_INTEGER(bp, &a->serialNumber);
BIO_printf(bp, "\n"); BIO_printf(bp, "\n");
@ -227,7 +227,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break; break;
case V_OCSP_RESPID_KEY: case V_OCSP_RESPID_KEY:
i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); i2a_ASN1_STRING(bp, rid->value.byKey, 0);
break; break;
} }

30
crypto/ocsp/ocsp_vfy.c
View File

@ -62,19 +62,17 @@
#include <string.h> #include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
STACK_OF(X509) *certs, X509_STORE *st, STACK_OF(X509) *certs, unsigned long flags);
unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
OCSP_CERTID **ret); OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
STACK_OF(OCSP_SINGLERESP) *sresp); STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags); static int ocsp_check_delegated(X509 *x);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs, X509_NAME *nm, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags); unsigned long flags);
/* Verify a basic response message */ /* Verify a basic response message */
@ -85,8 +83,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain = NULL;
STACK_OF(X509) *untrusted = NULL; STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx; X509_STORE_CTX ctx;
int i, ret = 0; int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
if (!ret) { if (!ret) {
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
@ -146,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
* At this point we have a valid certificate chain need to verify it * At this point we have a valid certificate chain need to verify it
* against the OCSP issuer criteria. * against the OCSP issuer criteria.
*/ */
ret = ocsp_check_issuer(bs, chain, flags); ret = ocsp_check_issuer(bs, chain);
/* If fatal error or valid match then finish */ /* If fatal error or valid match then finish */
if (ret != 0) if (ret != 0)
@ -175,8 +173,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
} }
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
STACK_OF(X509) *certs, X509_STORE *st, STACK_OF(X509) *certs, unsigned long flags)
unsigned long flags)
{ {
X509 *signer; X509 *signer;
OCSP_RESPID *rid = &bs->tbsResponseData.responderId; OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
@ -221,8 +218,7 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
return NULL; return NULL;
} }
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
unsigned long flags)
{ {
STACK_OF(OCSP_SINGLERESP) *sresp; STACK_OF(OCSP_SINGLERESP) *sresp;
X509 *signer, *sca; X509 *signer, *sca;
@ -251,7 +247,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
return i; return i;
if (i) { if (i) {
/* We have a match, if extensions OK then success */ /* We have a match, if extensions OK then success */
if (ocsp_check_delegated(signer, flags)) if (ocsp_check_delegated(signer))
return 1; return 1;
return 0; return 0;
} }
@ -350,7 +346,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
} }
static int ocsp_check_delegated(X509 *x, int flags) static int ocsp_check_delegated(X509 *x)
{ {
if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
@ -384,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
return 0; return 0;
} }
nm = gen->d.directoryName; nm = gen->d.directoryName;
ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
if (ret <= 0) { if (ret <= 0) {
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
@ -431,7 +427,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs, X509_NAME *nm, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags) unsigned long flags)
{ {
X509 *signer; X509 *signer;
if (!(flags & OCSP_NOINTERN)) { if (!(flags & OCSP_NOINTERN)) {

16
crypto/pem/pvkfmt.c
View File

@ -120,9 +120,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
/* Salt length for PVK files */ /* Salt length for PVK files */
# define PVK_SALTLEN 0x10 # define PVK_SALTLEN 0x10
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub); unsigned int bitlen, int ispub);
static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub); unsigned int bitlen, int ispub);
static int do_blob_header(const unsigned char **in, unsigned int length, static int do_blob_header(const unsigned char **in, unsigned int length,
@ -235,9 +235,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
return NULL; return NULL;
} }
if (isdss) if (isdss)
return b2i_dss(&p, length, bitlen, ispub); return b2i_dss(&p, bitlen, ispub);
else else
return b2i_rsa(&p, length, bitlen, ispub); return b2i_rsa(&p, bitlen, ispub);
} }
static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
@ -268,16 +268,16 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
} }
if (isdss) if (isdss)
ret = b2i_dss(&p, length, bitlen, ispub); ret = b2i_dss(&p, bitlen, ispub);
else else
ret = b2i_rsa(&p, length, bitlen, ispub); ret = b2i_rsa(&p, bitlen, ispub);
err: err:
OPENSSL_free(buf); OPENSSL_free(buf);
return ret; return ret;
} }
static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub) unsigned int bitlen, int ispub)
{ {
const unsigned char *p = *in; const unsigned char *p = *in;
@ -327,7 +327,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
return NULL; return NULL;
} }
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub) unsigned int bitlen, int ispub)
{ {
const unsigned char *p = *in; const unsigned char *p = *in;

52
crypto/rsa/rsa_ameth.c
View File

@ -181,40 +181,11 @@ static void int_rsa_free(EVP_PKEY *pkey)
RSA_free(pkey->pkey.rsa); RSA_free(pkey->pkey.rsa);
} }
static void update_buflen(const BIGNUM *b, size_t *pbuflen)
{
size_t i;
if (!b)
return;
if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
*pbuflen = i;
}
static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
{ {
char *str; char *str;
const char *s; const char *s;
unsigned char *m = NULL;
int ret = 0, mod_len = 0; int ret = 0, mod_len = 0;
size_t buf_len = 0;
update_buflen(x->n, &buf_len);
update_buflen(x->e, &buf_len);
if (priv) {
update_buflen(x->d, &buf_len);
update_buflen(x->p, &buf_len);
update_buflen(x->q, &buf_len);
update_buflen(x->dmp1, &buf_len);
update_buflen(x->dmq1, &buf_len);
update_buflen(x->iqmp, &buf_len);
}
m = OPENSSL_malloc(buf_len + 10);
if (m == NULL) {
RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (x->n != NULL) if (x->n != NULL)
mod_len = BN_num_bits(x->n); mod_len = BN_num_bits(x->n);
@ -223,39 +194,36 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
goto err; goto err;
if (priv && x->d) { if (priv && x->d) {
if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
<= 0)
goto err; goto err;
str = "modulus:"; str = "modulus:";
s = "publicExponent:"; s = "publicExponent:";
} else { } else {
if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
<= 0)
goto err; goto err;
str = "Modulus:"; str = "Modulus:";
s = "Exponent:"; s = "Exponent:";
} }
if (!ASN1_bn_print(bp, str, x->n, m, off)) if (!ASN1_bn_print(bp, str, x->n, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, s, x->e, m, off)) if (!ASN1_bn_print(bp, s, x->e, NULL, off))
goto err; goto err;
if (priv) { if (priv) {
if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
goto err; goto err;
if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
goto err; goto err;
} }
ret = 1; ret = 1;
err: err:
OPENSSL_free(m);
return (ret); return (ret);
} }

2
crypto/rsa/rsa_pmeth.c
View File

@ -174,7 +174,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
unsigned int sltmp; unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING) if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1; return -1;
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, ret = RSA_sign_ASN1_OCTET_STRING(0,
tbs, tbslen, sig, &sltmp, rsa); tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0) if (ret <= 0)

6
crypto/x509v3/v3_utl.c
View File

@ -636,7 +636,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
/* Skip pattern prefix to match "wildcard" subject */ /* Skip pattern prefix to match "wildcard" subject */
static void skip_prefix(const unsigned char **p, size_t *plen, static void skip_prefix(const unsigned char **p, size_t *plen,
const unsigned char *subject, size_t subject_len, size_t subject_len,
unsigned int flags) unsigned int flags)
{ {
const unsigned char *pattern = *p; const unsigned char *pattern = *p;
@ -671,7 +671,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len, const unsigned char *subject, size_t subject_len,
unsigned int flags) unsigned int flags)
{ {
skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len) if (pattern_len != subject_len)
return 0; return 0;
while (pattern_len) { while (pattern_len) {
@ -700,7 +700,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len, const unsigned char *subject, size_t subject_len,
unsigned int flags) unsigned int flags)
{ {
skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len) if (pattern_len != subject_len)
return 0; return 0;
return !memcmp(pattern, subject, pattern_len); return !memcmp(pattern, subject, pattern_len);

6
doc/apps/verify.pod
View File

@ -97,8 +97,6 @@ because it doesn't add any security.
The B<file> should contain one or more CRLs in PEM format. The B<file> should contain one or more CRLs in PEM format.
This option can be specified more than once to include CRLs from multiple This option can be specified more than once to include CRLs from multiple
B<files>. B<files>.
If you want to enable an B<engine> via the B<-engine> option, that option has
to be specified before this one.
=item B<-crl_download> =item B<-crl_download>
@ -206,8 +204,6 @@ to constuct a certificate chain from the subject certificate to a trust-anchor.
The B<file> should contain one or more certificates in PEM format. The B<file> should contain one or more certificates in PEM format.
This option can be specified more than once to include untrusted certiificates This option can be specified more than once to include untrusted certiificates
from multiple B<files>. from multiple B<files>.
If you want to enable an B<engine> via the B<-engine> option, that option has
to be specified before this one.
=item B<-trusted file> =item B<-trusted file>
@ -222,8 +218,6 @@ from multiple B<files>.
This option implies the B<-no-CAfile> and B<-no-CApath> options. This option implies the B<-no-CAfile> and B<-no-CApath> options.
This option cannot be used in combination with either of the B<-CAfile> or This option cannot be used in combination with either of the B<-CAfile> or
B<-CApath> options. B<-CApath> options.
If you want to enable an B<engine> via the B<-engine> option, that option has
to be specified before this one.
=item B<-use_deltas> =item B<-use_deltas>

2
e_os.h
View File

@ -93,6 +93,8 @@ extern "C" {
# define REF_PRINT_COUNT(a, b) # define REF_PRINT_COUNT(a, b)
# endif # endif
# define osslargused(x) (void)x
# ifndef DEVRANDOM # ifndef DEVRANDOM
/* /*
* set this to a comma-separated list of 'random' device files to try out. My * set this to a comma-separated list of 'random' device files to try out. My

4
include/openssl/ec.h
View File

@ -252,7 +252,7 @@ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
/** Gets the order of a EC_GROUP /** Gets the order of a EC_GROUP
* \param group EC_GROUP object * \param group EC_GROUP object
* \param order BIGNUM to which the order is copied * \param order BIGNUM to which the order is copied
* \param ctx BN_CTX object (optional) * \param ctx unused
* \return 1 on success and 0 if an error occurred * \return 1 on success and 0 if an error occurred
*/ */
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
@ -274,7 +274,7 @@ int EC_GROUP_order_bits(const EC_GROUP *group);
/** Gets the cofactor of a EC_GROUP /** Gets the cofactor of a EC_GROUP
* \param group EC_GROUP object * \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied * \param cofactor BIGNUM to which the cofactor is copied
* \param ctx BN_CTX object (optional) * \param ctx unused
* \return 1 on success and 0 if an error occurred * \return 1 on success and 0 if an error occurred
*/ */
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,

3
ssl/d1_lib.c
View File

@ -890,8 +890,7 @@ end:
static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
{ {
unsigned char *p = (unsigned char *)s->init_buf->data; dtls1_set_message_header(s, htype, len, 0, len);
dtls1_set_message_header(s, p, htype, len, 0, len);
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
s->init_off = 0; s->init_off = 0;
/* Buffer the message to handle re-xmits */ /* Buffer the message to handle re-xmits */

6
ssl/record/rec_layer_d1.c
View File

@ -231,7 +231,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
} }
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek); int len);
/* copy buffered record into SSL structure */ /* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item) static int dtls1_copy_record(SSL *s, pitem *item)
@ -424,7 +424,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* /*
* check whether there's a handshake message (client hello?) waiting * check whether there's a handshake message (client hello?) waiting
*/ */
if ((ret = have_handshake_fragment(s, type, buf, len, peek))) if ((ret = have_handshake_fragment(s, type, buf, len)))
return ret; return ret;
/* /*
@ -986,7 +986,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* is started. * is started.
*/ */
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek) int len)
{ {
if ((type == SSL3_RT_HANDSHAKE) if ((type == SSL3_RT_HANDSHAKE)

3
ssl/record/record_locl.h
View File

@ -198,8 +198,7 @@ __owur int ssl3_do_compress(SSL *ssl);
__owur int ssl3_do_uncompress(SSL *ssl); __owur int ssl3_do_uncompress(SSL *ssl);
void ssl3_cbc_copy_mac(unsigned char *out, void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size); const SSL3_RECORD *rec, unsigned md_size);
__owur int ssl3_cbc_remove_padding(const SSL *s, __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size); unsigned block_size, unsigned mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s, __owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec, SSL3_RECORD *rec,

5
ssl/record/ssl3_record.c
View File

@ -631,7 +631,7 @@ int ssl3_enc(SSL *s, int send)
if (EVP_MD_CTX_md(s->read_hash) != NULL) if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash); mac_size = EVP_MD_CTX_size(s->read_hash);
if ((bs != 1) && !send) if ((bs != 1) && !send)
return ssl3_cbc_remove_padding(s, rec, bs, mac_size); return ssl3_cbc_remove_padding(rec, bs, mac_size);
} }
return (1); return (1);
} }
@ -1018,8 +1018,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
* 1: if the padding was valid * 1: if the padding was valid
* -1: otherwise. * -1: otherwise.
*/ */
int ssl3_cbc_remove_padding(const SSL *s, int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size) unsigned block_size, unsigned mac_size)
{ {
unsigned padding_length, good; unsigned padding_length, good;

5
ssl/ssl_locl.h
View File

@ -1919,7 +1919,7 @@ __owur int ssl_choose_client_version(SSL *s, int version);
__owur long tls1_default_timeout(void); __owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type); __owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s, void dtls1_set_message_header(SSL *s,
unsigned char *p, unsigned char mt, unsigned char mt,
unsigned long len, unsigned long len,
unsigned long frag_off, unsigned long frag_off,
unsigned long frag_len); unsigned long frag_len);
@ -1928,8 +1928,7 @@ __owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len
__owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs); __owur int dtls1_buffer_message(SSL *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, __owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
unsigned long frag_off, int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs); __owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s); int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s); void dtls1_clear_record_buffer(SSL *s);

13
ssl/statem/statem_dtls.c
View File

@ -1078,7 +1078,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
if (dtls1_retransmit_message(s, (unsigned short) if (dtls1_retransmit_message(s, (unsigned short)
dtls1_get_queue_priority dtls1_get_queue_priority
(frag->msg_header.seq, (frag->msg_header.seq,
frag->msg_header.is_ccs), 0, frag->msg_header.is_ccs),
&found) <= 0 && found) { &found) <= 0 && found) {
fprintf(stderr, "dtls1_retransmit_message() failed\n"); fprintf(stderr, "dtls1_retransmit_message() failed\n");
return -1; return -1;
@ -1152,8 +1152,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
} }
int int
dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
int *found)
{ {
int ret; int ret;
/* XDTLS: for now assuming that read/writes are blocking */ /* XDTLS: for now assuming that read/writes are blocking */
@ -1242,10 +1241,10 @@ void dtls1_clear_record_buffer(SSL *s)
} }
} }
void dtls1_set_message_header(SSL *s, unsigned char *p, void dtls1_set_message_header(SSL *s,
unsigned char mt, unsigned long len, unsigned char mt, unsigned long len,
unsigned long frag_off, unsigned long frag_off,
unsigned long frag_len) unsigned long frag_len)
{ {
if (frag_off == 0) { if (frag_off == 0) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

2
ssl/statem/statem_srvr.c
View File

@ -948,7 +948,7 @@ int dtls_construct_hello_verify_request(SSL *s)
len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
s->d1->cookie, s->d1->cookie_len); s->d1->cookie, s->d1->cookie_len);
dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
len); len);
len += DTLS1_HM_HEADER_LENGTH; len += DTLS1_HM_HEADER_LENGTH;