The branch master has been updated via d6073e27ebdbab63bf0add13fa0f66dcaa6e39e8 (commit) via cc69629626ce0dab934704e1d9e806e0823c87d0 (commit) via e7917e38bee4a0dcaa9b9968b6a4e48959dd4a3d (commit) via cfd451d47f4df63278f83612b9a5280d1801c5f6 (commit) via 54463e4f332ab1fd669411db2f37f9cb70651e89 (commit) from 2e5ead831b1a92d78113b00978f8b3323268469f (commit)
- Log ----------------------------------------------------------------- commit d6073e27ebdbab63bf0add13fa0f66dcaa6e39e8 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Sun Aug 7 12:04:26 2016 +0200 Small nits and cleanups using util/openssl-format-source on s_derver, s_client, ca.c, speed.c only... Fix/merge some #ifndef Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit cc69629626ce0dab934704e1d9e806e0823c87d0 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Thu Aug 4 23:52:22 2016 +0200 Constify char* input parameters in apps code Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit e7917e38bee4a0dcaa9b9968b6a4e48959dd4a3d Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Fri Aug 5 00:19:36 2016 +0200 Simplify and add help about OPT_PVK* options Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit cfd451d47f4df63278f83612b9a5280d1801c5f6 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Thu Aug 4 00:23:39 2016 +0200 Improve error message Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 54463e4f332ab1fd669411db2f37f9cb70651e89 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Wed Aug 3 22:49:25 2016 +0200 Relocalise some globals variables Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 17 +++--- apps/apps.h | 13 +++-- apps/asn1pars.c | 4 +- apps/ca.c | 89 ++++++++++++++-------------- apps/cms.c | 3 +- apps/crl.c | 2 +- apps/dsa.c | 32 ++++------ apps/ocsp.c | 5 +- apps/pkcs12.c | 4 +- apps/pkeyutl.c | 4 +- apps/req.c | 12 ++-- apps/rsa.c | 31 ++++------ apps/s_client.c | 64 +++++++++----------- apps/s_server.c | 168 ++++++++++++++++++++++------------------------------- apps/s_time.c | 3 - apps/smime.c | 4 +- apps/speed.c | 39 +++++++------ apps/ts.c | 89 ++++++++++++++-------------- apps/verify.c | 6 +- apps/x509.c | 18 +++--- test/ssltest_old.c | 2 +- 21 files changed, 286 insertions(+), 323 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 10ab626..40b31a5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -320,9 +320,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) return res; } -static char *app_get_pass(char *arg, int keepbio); +static char *app_get_pass(const char *arg, int keepbio); -int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2) +int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) { int same; if (!arg2 || !arg1 || strcmp(arg1, arg2)) @@ -344,7 +344,7 @@ int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2) return 1; } -static char *app_get_pass(char *arg, int keepbio) +static char *app_get_pass(const char *arg, int keepbio) { char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; @@ -1185,7 +1185,7 @@ void print_array(BIO *out, const char* title, int len, const unsigned char* d) BIO_printf(out, "\n};\n"); } -X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) +X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath) { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; @@ -1318,7 +1318,7 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 -BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) +BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1363,7 +1363,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) return (ret); } -int save_serial(char *serialfile, char *suffix, BIGNUM *serial, +int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, ASN1_INTEGER **retai) { char buf[1][BSIZE]; @@ -1413,7 +1413,8 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, return (ret); } -int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) +int rotate_serial(const char *serialfile, const char *new_suffix, + const char *old_suffix) { char buf[2][BSIZE]; int i, j; @@ -1483,7 +1484,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) return ret; } -CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) +CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) { CA_DB *retdb = NULL; TXT_DB *tmpdb = NULL; diff --git a/apps/apps.h b/apps/apps.h index 9658d5c..326e026 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -400,7 +400,7 @@ int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); -int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); +int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); X509 *load_cert(const char *file, int format, const char *cert_descrip); X509_CRL *load_crl(const char *infile, int format); @@ -412,7 +412,7 @@ int load_certs(const char *file, STACK_OF(X509) **certs, int format, const char *pass, const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, const char *pass, const char *cert_descrip); -X509_STORE *setup_verify(char *CAfile, char *CApath, +X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath); __owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath, int noCAfile, @@ -468,12 +468,13 @@ typedef struct ca_db_st { } CA_DB; void* app_malloc(int sz, const char *what); -BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); -int save_serial(char *serialfile, char *suffix, BIGNUM *serial, +BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai); +int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, ASN1_INTEGER **retai); -int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); +int rotate_serial(const char *serialfile, const char *new_suffix, + const char *old_suffix); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); -CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); +CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db); int rotate_index(const char *dbfile, const char *new_suffix, diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 64a2d85..1ac261c 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -52,7 +52,7 @@ OPTIONS asn1parse_options[] = { {NULL} }; -static int do_generate(char *genstr, char *genconf, BUF_MEM *buf); +static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf); int asn1parse_main(int argc, char **argv) { @@ -283,7 +283,7 @@ int asn1parse_main(int argc, char **argv) return (ret); } -static int do_generate(char *genstr, char *genconf, BUF_MEM *buf) +static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; diff --git a/apps/ca.c b/apps/ca.c index 4bf7b52..a20ba44 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -90,39 +90,40 @@ #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ static char *lookup_conf(const CONF *conf, const char *group, const char *tag); -static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, + +static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, char *enddate, - long days, int batch, char *ext_sect, CONF *conf, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, + long days, int batch, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); -static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, +static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, int batch, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, +static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, - char *enddate, long days, char *ext_sect, CONF *conf, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static void write_new_certificate(BIO *bp, X509 *x, int output_der, - int notext); +static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - char *subj, unsigned long chtype, int multirdn, - int email_dn, char *startdate, char *enddate, long days, - int batch, int verbose, X509_REQ *req, char *ext_sect, + const char *subj, unsigned long chtype, int multirdn, + int email_dn, const char *startdate, const char *enddate, long days, + int batch, int verbose, X509_REQ *req, const char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); @@ -159,7 +160,7 @@ OPTIONS ca_options[] = { {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"}, {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, {"create_serial", OPT_CREATE_SERIAL, '-', - "If reading serial fails, create a new random serial"}, + "If reading serial fails, create a new random serial"}, {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', "Enable support for multivalued RDNs"}, {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, @@ -235,12 +236,12 @@ int ca_main(int argc, char **argv) const EVP_MD *dgst = NULL; char *configfile = default_config_file, *section = NULL; char *md = NULL, *policy = NULL, *keyfile = NULL; - char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; - char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; - char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL; + char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL; + const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; + const char *extensions = NULL, *extfile = NULL, *passinarg = NULL; char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL; - char *serialfile = NULL, *startdate = NULL, *subj = NULL; - char *prog, *enddate = NULL; + const char *serialfile = NULL, *subj = NULL; + char *prog, *startdate = NULL, *enddate = NULL; char *dbfile = NULL, *f, *randfile = NULL; char buf[3][BSIZE]; char *const *pp; @@ -497,7 +498,7 @@ end_of_options: /* report status of cert with serial number given on command line */ if (ser_status) { dbfile = lookup_conf(conf, section, ENV_DATABASE); - if (dbfile == NULL) + if (dbfile == NULL) goto end; db = load_index(dbfile, &db_attr); @@ -1245,12 +1246,13 @@ static char *lookup_conf(const CONF *conf, const char *section, const char *tag) return entry; } -static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, +static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, char *enddate, - long days, int batch, char *ext_sect, CONF *lconf, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, + long days, int batch, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { @@ -1312,12 +1314,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, return (ok); } -static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, +static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, - char *enddate, long days, int batch, char *ext_sect, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, int batch, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -1367,9 +1369,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - char *subj, unsigned long chtype, int multirdn, - int email_dn, char *startdate, char *enddate, long days, - int batch, int verbose, X509_REQ *req, char *ext_sect, + const char *subj, unsigned long chtype, int multirdn, + int email_dn, const char *startdate, const char *enddate, long days, + int batch, int verbose, X509_REQ *req, const char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { @@ -1880,13 +1882,13 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, PEM_write_bio_X509(bp, x); } -static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, +static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, unsigned long chtype, - int multirdn, int email_dn, char *startdate, - char *enddate, long days, char *ext_sect, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2268,7 +2270,8 @@ static const char *crl_reasons[] = { char *make_revocation_str(int rev_type, char *rev_arg) { - char *other = NULL, *str; + char *str; + const char *other = NULL; const char *reason = NULL; ASN1_OBJECT *otmp; ASN1_UTCTIME *revtm = NULL; @@ -2415,8 +2418,10 @@ int make_revoked(X509_REVOKED *rev, const char *str) static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str) { - char buf[25], *pbuf, *p; + char buf[25], *pbuf; + const char *p; int j; + j = i2a_ASN1_OBJECT(bio_err, obj); pbuf = buf; for (j = 22 - j; j > 0; j--) @@ -2436,7 +2441,7 @@ static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str) else BIO_printf(bio_err, "ASN.1 %2d:'", str->type); - p = (char *)str->data; + p = (const char *)str->data; for (j = str->length; j > 0; j--) { if ((*p >= ' ') && (*p <= '~')) BIO_printf(bio_err, "%c", *p); diff --git a/apps/cms.c b/apps/cms.c index b5ae970..52186d2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -199,7 +199,8 @@ int cms_main(int argc, char **argv) X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL; + const char *CAfile = NULL, *CApath = NULL; + char *certsoutfile = NULL; int noCAfile = 0, noCApath = 0; char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL; char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = diff --git a/apps/crl.c b/apps/crl.c index 0e8093c..3dbbc0c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -72,7 +72,7 @@ int crl_main(int argc, char **argv) unsigned long nmflag = 0; char nmflag_set = 0; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; - char *CAfile = NULL, *CApath = NULL, *prog; + const char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; diff --git a/apps/dsa.c b/apps/dsa.c index 6ac9a40..6aef502 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -27,9 +27,10 @@ NON_EMPTY_TRANSLATION_UNIT typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_PVK_STRONG, OPT_PVK_WEAK, - OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN, + OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, + /* Do not change the order here; see case statements below */ + OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, + OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN, OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT } OPTION_CHOICE; @@ -48,9 +49,9 @@ OPTIONS dsa_options[] = { {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, # ifndef OPENSSL_NO_RC4 - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, + {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, + {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, + {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, # endif # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, @@ -111,22 +112,13 @@ int dsa_main(int argc, char **argv) case OPT_PASSOUT: passoutarg = opt_arg(); break; + case OPT_PVK_STRONG: /* pvk_encr:= 2 */ + case OPT_PVK_WEAK: /* pvk_encr:= 1 */ + case OPT_PVK_NONE: /* pvk_encr:= 0 */ #ifndef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - pvk_encr = 2; - break; - case OPT_PVK_WEAK: - pvk_encr = 1; - break; - case OPT_PVK_NONE: - pvk_encr = 0; - break; -#else - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: - break; + pvk_encr = (o - OPT_PVK_NONE); #endif + break; case OPT_NOOUT: noout = 1; break; diff --git a/apps/ocsp.c b/apps/ocsp.c index 5bd1aca..cfc06a9 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -194,7 +194,8 @@ int ocsp_main(int argc, char **argv) X509 *signer = NULL, *rsigner = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; - char *CAfile = NULL, *CApath = NULL, *header, *value; + const char *CAfile = NULL, *CApath = NULL; + char *header, *value; char *host = NULL, *port = NULL, *path = "/", *outfile = NULL; char *rca_filename = NULL, *reqin = NULL, *respin = NULL; char *reqout = NULL, *respout = NULL, *ridx_filename = NULL; @@ -809,7 +810,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, long maxage) { OCSP_CERTID *id; - char *name; + const char *name; int i, status, reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 9ef3591..1fcd713 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -131,8 +131,8 @@ int pkcs12_main(int argc, char **argv) int noprompt = 0; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL; - char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL; - char *prog; + char *cpass = NULL, *mpass = NULL; + const char *CApath = NULL, *CAfile = NULL, *prog; int noCApath = 0, noCAfile = 0; ENGINE *e = NULL; BIO *in = NULL, *out = NULL; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 0dc3897..02e28e2 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -28,7 +28,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, unsigned char *out, size_t *poutlen, - unsigned char *in, size_t inlen); + const unsigned char *in, size_t inlen); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -459,7 +459,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, unsigned char *out, size_t *poutlen, - unsigned char *in, size_t inlen) + const unsigned char *in, size_t inlen) { int rv = 0; switch (pkey_op) { diff --git a/apps/req.c b/apps/req.c index e459a71..112553b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -46,11 +46,11 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn, int attribs, unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, +static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype, int multirdn); static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, + STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, int attribs, unsigned long chtype); static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, STACK_OF(CONF_VALUE) *attr, int attribs, @@ -888,7 +888,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, +static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; @@ -905,8 +905,8 @@ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, } static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, + STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, int attribs, unsigned long chtype) { int i; diff --git a/apps/rsa.c b/apps/rsa.c index 203e6b9..f67387e 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -29,8 +29,10 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN, - OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, OPT_PVK_STRONG, OPT_PVK_WEAK, - OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER + OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, + /* Do not change the order here; see case statements below */ + OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, + OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER } OPTION_CHOICE; OPTIONS rsa_options[] = { @@ -51,9 +53,9 @@ OPTIONS rsa_options[] = { {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, + {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, + {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, + {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, # endif # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -124,22 +126,13 @@ int rsa_main(int argc, char **argv) case OPT_RSAPUBKEY_OUT: pubout = 2; break; + case OPT_PVK_STRONG: /* pvk_encr:= 2 */ + case OPT_PVK_WEAK: /* pvk_encr:= 1 */ + case OPT_PVK_NONE: /* pvk_encr:= 0 */ # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) - case OPT_PVK_STRONG: - pvk_encr = 2; - break; - case OPT_PVK_WEAK: - pvk_encr = 1; - break; - case OPT_PVK_NONE: - pvk_encr = 0; - break; -# else - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: - break; + pvk_encr = (o - OPT_PVK_NONE); # endif + break; case OPT_NOOUT: noout = 1; break; diff --git a/apps/s_client.c b/apps/s_client.c index 46fa87b..c721dfd 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -84,19 +84,12 @@ typedef unsigned int u_int; #define S_CLIENT_IRC_READ_TIMEOUT 8 static char *prog; -static int c_nbio = 0; -static int c_tlsextdebug = 0; -static int c_status_req = 0; static int c_debug = 0; -static int c_msg = 0; static int c_showcerts = 0; static char *keymatexportlabel = NULL; static int keymatexportlen = 20; static BIO *bio_c_out = NULL; -static BIO *bio_c_msg = NULL; static int c_quiet = 0; -static int c_ign_eof = 0; -static int c_brief = 0; static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_OCSP @@ -139,7 +132,6 @@ static void do_ssl_shutdown(SSL *ssl) } while (ret < 0); } - #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity = "Client_identity"; @@ -399,7 +391,7 @@ static ossl_ssize_t hexdecode(const char **inptr, void *result) { unsigned char **out = (unsigned char **)result; const char *in = *inptr; - unsigned char *ret = app_malloc(strlen(in)/2, "hexdecode"); + unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode"); unsigned char *cp = ret; uint8_t byte; int nibble = 0; @@ -549,7 +541,8 @@ typedef enum OPTION_choice { OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, + OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, + OPT_VERIFYCAPATH, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, @@ -792,7 +785,8 @@ int s_client_main(int argc, char **argv) STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL; STACK_OF(X509_CRL) *crls = NULL; const SSL_METHOD *meth = TLS_client_method(); - char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL; + const char *CApath = NULL, *CAfile = NULL; + char *cbuf = NULL, *sbuf = NULL; char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; char *chCApath = NULL, *chCAfile = NULL, *host = NULL; @@ -856,6 +850,9 @@ int s_client_main(int argc, char **argv) unsigned int max_pipelines = 0; enum { use_inet, use_unix, use_unknown } connect_type = use_unknown; int count4or6 = 0; + int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0; + int c_tlsextdebug = 0, c_status_req = 0; + BIO *bio_c_msg = NULL; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -869,9 +866,7 @@ int s_client_main(int argc, char **argv) prog = opt_progname(argv[0]); c_quiet = 0; - c_ign_eof = 0; c_debug = 0; - c_msg = 0; c_showcerts = 0; c_nbio = 0; vpm = X509_VERIFY_PARAM_new(); @@ -893,14 +888,14 @@ int s_client_main(int argc, char **argv) /* Check for intermixing flags. */ if (connect_type == use_unix && IS_INET_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (unix and internet domains)\n", - prog); + "%s: Intermixed protocol flags (unix and internet domains)\n", + prog); goto end; } if (connect_type == use_inet && IS_UNIX_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (internet and unix domains)\n", - prog); + "%s: Intermixed protocol flags (internet and unix domains)\n", + prog); goto end; } @@ -911,8 +906,8 @@ int s_client_main(int argc, char **argv) if (IS_NO_PROT_FLAG(o)) no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, "Cannot supply both a protocol flag and " - "\"-no_<prot>\"\n"); + BIO_printf(bio_err, + "Cannot supply both a protocol flag and '-no_<prot>'\n"); goto end; } @@ -1340,8 +1335,8 @@ int s_client_main(int argc, char **argv) if (tmp_port != port) OPENSSL_free(tmp_port); if (!res) { - BIO_printf(bio_err, "%s: -proxy argument malformed or ambiguous\n", - prog); + BIO_printf(bio_err, + "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } } else { @@ -1480,8 +1475,8 @@ int s_client_main(int argc, char **argv) if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", ssl_config); - ERR_print_errors(bio_err); - goto end; + ERR_print_errors(bio_err); + goto end; } } @@ -1534,8 +1529,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { if (c_debug) - BIO_printf(bio_c_out, - "PSK key given, setting client callback\n"); + BIO_printf(bio_c_out, "PSK key given, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif @@ -1567,7 +1561,7 @@ int s_client_main(int argc, char **argv) } /* Returns 0 on success! */ if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) { - BIO_printf(bio_err, "Error setting ALPN\n"); + BIO_printf(bio_err, "Error setting ALPN\n"); goto end; } OPENSSL_free(alpn); @@ -1579,8 +1573,8 @@ int s_client_main(int argc, char **argv) NULL, NULL, NULL, serverinfo_cli_parse_cb, NULL)) { BIO_printf(bio_err, - "Warning: Unable to add custom extension %u, skipping\n", - serverinfo_types[i]); + "Warning: Unable to add custom extension %u, skipping\n", + serverinfo_types[i]); } } @@ -1648,7 +1642,8 @@ int s_client_main(int argc, char **argv) if (dane_tlsa_domain != NULL) { if (SSL_CTX_dane_enable(ctx) <= 0) { BIO_printf(bio_err, - "%s: Error enabling DANE TLSA authentication.\n", prog); + "%s: Error enabling DANE TLSA authentication.\n", + prog); ERR_print_errors(bio_err); goto end; } @@ -1713,8 +1708,7 @@ int s_client_main(int argc, char **argv) } re_start: - if (init_client(&s, host, port, socket_family, socket_type) == 0) - { + if (init_client(&s, host, port, socket_family, socket_type) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); BIO_closesocket(s); goto end; @@ -2578,7 +2572,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif BIO_printf(bio, - "---\nSSL handshake has read %"PRIu64" bytes and written %"PRIu64" bytes\n", + "---\nSSL handshake has read %" PRIu64 + " bytes and written %" PRIu64 " bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); } @@ -2655,8 +2650,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif SSL_SESSION_print(bio, SSL_get_session(s)); - if ((SSL_get_session(s) != NULL) && - (keymatexportlabel != NULL)) { + if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); @@ -2707,4 +2701,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) } # endif -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_server.c b/apps/s_server.c index f4ec72d..742cb83 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -43,10 +43,14 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <openssl/async.h> -#include <openssl/ssl.h> +#if defined(_WIN32) +/* Included before async.h to avoid some warnings */ +# include <windows.h> +#endif #include <openssl/e_os2.h> +#include <openssl/async.h> +#include <openssl/ssl.h> #ifndef OPENSSL_NO_SOCK @@ -101,26 +105,14 @@ static void free_sessions(void); static DH *load_dh_param(const char *dhfile); #endif -static void s_server_init(void); - /* static int load_CA(SSL_CTX *ctx, char *file);*/ -#undef BUFSIZZ -#define BUFSIZZ 16*1024 -static int bufsize = BUFSIZZ; +static const int bufsize = 16 * 1024; static int accept_socket = -1; #define TEST_CERT "server.pem" #define TEST_CERT2 "server2.pem" - -static int s_server_verify = SSL_VERIFY_NONE; -static int s_server_session_id_context = 1; /* anything will do */ -static const char *s_cert_file = TEST_CERT, *s_key_file = - NULL, *s_chain_file = NULL; - -static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; -static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; static int s_nbio = 0; static int s_nbio_test = 0; static int s_crlf = 0; @@ -132,8 +124,6 @@ static BIO *bio_s_out = NULL; static BIO *bio_s_msg = NULL; static int s_debug = 0; static int s_tlsextdebug = 0; -static int s_tlsextstatus = 0; -static int no_resume_ephemeral = 0; static int s_msg = 0; static int s_quiet = 0; static int s_ign_eof = 0; @@ -143,8 +133,6 @@ static char *keymatexportlabel = NULL; static int keymatexportlen = 20; static int async = 0; -static unsigned int split_send_fragment = 0; -static unsigned int max_pipelines = 0; static const char *session_id_prefix = NULL; @@ -155,8 +143,6 @@ static long socket_mtu; #endif static int dtlslisten = 0; -static const char *s_serverinfo_file = NULL; - #ifndef OPENSSL_NO_PSK static char *psk_identity = "Client_identity"; char *psk_key = NULL; /* by default PSK is not used */ @@ -260,7 +246,7 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) p->login, p->user->info); ret = SSL_ERROR_NONE; -err: + err: SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; @@ -269,33 +255,6 @@ err: #endif -static void s_server_init(void) -{ - accept_socket = -1; - s_server_verify = SSL_VERIFY_NONE; - s_dcert_file = NULL; - s_dkey_file = NULL; - s_dchain_file = NULL; - s_cert_file = TEST_CERT; - s_key_file = NULL; - s_chain_file = NULL; - s_cert_file2 = TEST_CERT2; - s_key_file2 = NULL; - ctx2 = NULL; - s_nbio = 0; - s_nbio_test = 0; - ctx = NULL; - www = 0; - bio_s_out = NULL; - s_debug = 0; - s_msg = 0; - s_quiet = 0; - s_brief = 0; - async = 0; - split_send_fragment = 0; - max_pipelines = 0; -} - static int local_argc = 0; static char **local_argv; @@ -321,8 +280,8 @@ static const BIO_METHOD *BIO_f_ebcdic_filter() { if (methods_ebcdic == NULL) { methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, - "EBCDIC/ASCII filter"); - if ( methods_ebcdic == NULL + "EBCDIC/ASCII filter"); + if (methods_ebcdic == NULL || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts) @@ -810,7 +769,7 @@ OPTIONS s_server_options[] = { {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, {"ext_cache", OPT_EXT_CACHE, '-', "Disable internal cache, setup and use external cache"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default" }, + {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', "Close connection on verification error"}, {"verify_quiet", OPT_VERIFY_QUIET, '-', @@ -837,12 +796,12 @@ OPTIONS s_server_options[] = { "Print output from SSL/TLS security framework"}, {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', "Print more output from SSL/TLS security framework"}, - {"brief", OPT_BRIEF, '-', \ + {"brief", OPT_BRIEF, '-', "Restrict output to brief summary of connection parameters"}, {"rev", OPT_REV, '-', "act as a simple test server which just sends back with the received text reversed"}, {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, - {"ssl_config", OPT_SSL_CONFIG, 's', \ + {"ssl_config", OPT_SSL_CONFIG, 's', "Configure SSL_CTX using the configuration 'val'"}, {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n', "Size used to split data for encrypt pipelines"}, @@ -923,22 +882,17 @@ int s_server_main(int argc, char *argv[]) STACK_OF(X509_CRL) *crls = NULL; X509 *s_cert = NULL, *s_dcert = NULL; X509_VERIFY_PARAM *vpm = NULL; - char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; -#ifndef OPENSSL_NO_DH - char *dhfile = NULL; -#endif + const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; char *dpassarg = NULL, *dpass = NULL, *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *crl_file = NULL, *prog; -#ifndef OPENSSL_NO_PSK - char *p; -#endif #ifdef AF_UNIX int unlink_unix_path = 0; #endif do_server_cb server_cb; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; #ifndef OPENSSL_NO_DH + char *dhfile = NULL; int no_dhe = 0; #endif int nocert = 0, ret = 1; @@ -966,22 +920,42 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ static char *psk_identity_hint = NULL; + char *p; #endif #ifndef OPENSSL_NO_SRP char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; - + int s_server_verify = SSL_VERIFY_NONE; + int s_server_session_id_context = 1; /* anything will do */ + const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; + const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; + char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; + int s_tlsextstatus = 0, no_resume_ephemeral = 0; + unsigned int split_send_fragment = 0, max_pipelines = 0; + const char *s_serverinfo_file = NULL; + + /* Init of few remaining global variables */ local_argc = argc; local_argv = argv; - s_server_init(); + ctx = ctx2 = NULL; + s_nbio = s_nbio_test = 0; + www = 0; + bio_s_out = NULL; + s_debug = 0; + s_msg = 0; + s_quiet = 0; + s_brief = 0; + async = 0; + cctx = SSL_CONF_CTX_new(); vpm = X509_VERIFY_PARAM_new(); if (cctx == NULL || vpm == NULL) goto end; - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); + SSL_CONF_CTX_set_flags(cctx, + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { @@ -992,8 +966,8 @@ int s_server_main(int argc, char *argv[]) if (IS_NO_PROT_FLAG(o)) no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, "Cannot supply both a protocol flag and " - "\"-no_<prot>\"\n"); + BIO_printf(bio_err, + "Cannot supply both a protocol flag and '-no_<prot>'\n"); goto end; } switch (o) { @@ -1640,8 +1614,8 @@ int s_server_main(int argc, char *argv[]) if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", ssl_config); - ERR_print_errors(bio_err); - goto end; + ERR_print_errors(bio_err); + goto end; } } if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) @@ -1686,7 +1660,6 @@ int s_server_main(int argc, char *argv[]) if (read_buf_len > 0) { SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); } - #ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) { /* Returns 0 on success! */ @@ -1861,8 +1834,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { if (s_debug) - BIO_printf(bio_s_out, - "PSK key given, setting server callback\n"); + BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); } @@ -1875,8 +1847,8 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx, - (void *)&s_server_session_id_context, - sizeof s_server_session_id_context)) { + (void *)&s_server_session_id_context, + sizeof s_server_session_id_context)) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -2053,8 +2025,8 @@ static int sv_body(int s, int stype, unsigned char *context) } if (context - && !SSL_set_session_id_context(con, - context, strlen((char *)context))) { + && !SSL_set_session_id_context(con, + context, strlen((char *)context))) { BIO_printf(bio_err, "Error setting session id context\n"); ret = -1; goto err; @@ -2280,12 +2252,10 @@ static int sv_body(int s, int stype, unsigned char *context) for (;;) { /* should do a select for the write */ #ifdef RENEG - { - static count = 0; - if (++count == 100) { - count = 0; - SSL_renegotiate(con); - } + static count = 0; + if (++count == 100) { + count = 0; + SSL_renegotiate(con); } #endif k = SSL_write(con, &(buf[l]), (unsigned int)i); @@ -2494,10 +2464,11 @@ static int init_ssl_connection(SSL *con) retry = BIO_sock_should_retry(i); #ifdef CERT_CB_TEST_RETRY { - while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { BIO_printf(bio_err, - "LOOKUP from certificate callback during accept\n"); + "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); if (i <= 0) retry = BIO_sock_should_retry(i); @@ -2506,7 +2477,8 @@ static int init_ssl_connection(SSL *con) #endif #ifndef OPENSSL_NO_SRP - while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); SRP_user_pwd_free(srp_callback_parm.user); @@ -2613,7 +2585,7 @@ static int init_ssl_connection(SSL *con) OPENSSL_free(exportedkeymat); } - (void)BIO_flush(bio_s_out); + (void)BIO_flush(bio_s_out); return (1); } @@ -2674,8 +2646,9 @@ static int www_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context && !SSL_set_session_id_context(con, context, - strlen((char *)context))) + if (context + && !SSL_set_session_id_context(con, context, + strlen((char *)context))) goto err; sbio = BIO_new_socket(s, BIO_NOCLOSE); @@ -2772,7 +2745,8 @@ static int www_body(int s, int stype, unsigned char *context) openssl_fdset(s, &readfds); i = select(width, (void *)&readfds, NULL, NULL, NULL); if (i <= 0 || !FD_ISSET(s, &readfds)) { - BIO_printf(bio_s_out, "Error waiting for client response\n"); + BIO_printf(bio_s_out, + "Error waiting for client response\n"); ERR_print_errors(bio_err); goto err; } @@ -2971,16 +2945,15 @@ static int www_body(int s, int stype, unsigned char *context) for (j = 0; j < i;) { #ifdef RENEG - { - static count = 0; - if (++count == 13) { - SSL_renegotiate(con); - } + static count = 0; + if (++count == 13) { + SSL_renegotiate(con); } #endif k = BIO_write(io, &(buf[j]), i - j); if (k <= 0) { - if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) + if (!BIO_should_retry(io) + && !SSL_waiting_for_async(con)) goto write_error; else { BIO_printf(bio_s_out, "rwrite W BLOCK\n"); @@ -3041,8 +3014,9 @@ static int rev_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context - && !SSL_set_session_id_context(con, context, strlen((char *)context))) { + if (context + && !SSL_set_session_id_context(con, context, + strlen((char *)context))) { ERR_print_errors(bio_err); goto err; } @@ -3310,4 +3284,4 @@ static void free_sessions(void) first = NULL; } -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_time.c b/apps/s_time.c index de25319..263502c 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -38,9 +38,6 @@ * #define TEST_CERT "client.pem" */ -#undef BUFSIZZ -#define BUFSIZZ 1024*10 - #undef min #undef max #define min(a,b) (((a) < (b)) ? (a) : (b)) diff --git a/apps/smime.c b/apps/smime.c index dd065bb..b98c583 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -120,8 +120,8 @@ int smime_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; const EVP_CIPHER *cipher = NULL; const EVP_MD *sign_md = NULL; - char *CAfile = NULL, *CApath = NULL, *inrand = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog; + const char *CAfile = NULL, *CApath = NULL, *prog = NULL; + char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *inrand = NULL; char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL; char *passinarg = NULL, *passin = NULL, *to = NULL, *from = diff --git a/apps/speed.c b/apps/speed.c index ce01a6f..0097ebd 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -347,7 +347,7 @@ static double Time_F(int s) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -static int found(const char *name, const OPT_PAIR * pairs, int *result) +static int found(const char *name, const OPT_PAIR *pairs, int *result) { for (; pairs->name; pairs++) if (strcmp(name, pairs->name) == 0) { @@ -372,7 +372,7 @@ OPTIONS speed_options[] = { "Time decryption instead of encryption (only EVP)"}, {"mr", OPT_MR, '-', "Produce machine readable output"}, {"mb", OPT_MB, '-', - "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, + "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, {"elapsed", OPT_ELAPSED, '-', "Measure time in real time instead of CPU user time"}, @@ -380,7 +380,8 @@ OPTIONS speed_options[] = { {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif #ifndef OPENSSL_NO_ASYNC - {"async_jobs", OPT_ASYNCJOBS, 'p', "Enable async mode and start pnum jobs"}, + {"async_jobs", OPT_ASYNCJOBS, 'p', + "Enable async mode and start pnum jobs"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -430,8 +431,6 @@ static OPT_PAIR doit_choices[] = { #endif #ifndef OPENSSL_NO_MD5 {"md5", D_MD5}, -#endif -#ifndef OPENSSL_NO_MD5 {"hmac", D_HMAC}, #endif {"sha1", D_SHA1}, @@ -555,6 +554,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab571", R_EC_B571}, {NULL} }; + static OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, @@ -1067,8 +1067,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); } -#endif /* ndef OPENSSL_NO_EC */ - +#endif /* OPENSSL_NO_EC */ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs) @@ -1359,7 +1358,7 @@ int speed_main(int argc, char **argv) int ecdsa_doit[EC_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; -#endif /* ndef OPENSSL_NO_EC */ +#endif /* ndef OPENSSL_NO_EC */ prog = opt_init(argc, argv, speed_options); while ((o = opt_next()) != OPT_EOF) { @@ -1431,6 +1430,12 @@ int speed_main(int argc, char **argv) break; case OPT_MB: multiblock = 1; +#ifdef OPENSSL_NO_MULTIBLOCK + BIO_printf(bio_err, + "%s: -mb specified but multi-block support is disabled\n", + prog); + goto end; +#endif break; } } @@ -1565,8 +1570,10 @@ int speed_main(int argc, char **argv) for (i = 0; i < ALGOR_NUM; i++) if (i != D_EVP) doit[i] = 1; +#ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) rsa_doit[i] = 1; +#endif #ifndef OPENSSL_NO_DSA for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 1; @@ -1895,11 +1902,9 @@ int speed_main(int argc, char **argv) print_result(D_MD5, testnum, count, d); } } -#endif -#ifndef OPENSSL_NO_MD5 if (doit[D_HMAC]) { - char hmac_key[] = "This is a key..."; + static const char hmac_key[] = "This is a key..."; int len = strlen(hmac_key); for (i = 0; i < loopargs_len; i++) { @@ -2366,7 +2371,7 @@ int speed_main(int argc, char **argv) rsa_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_RSA */ for (i = 0; i < loopargs_len; i++) RAND_bytes(loopargs[i].buf, 36); @@ -2437,7 +2442,7 @@ int speed_main(int argc, char **argv) dsa_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC if (RAND_status() != 1) { @@ -2619,7 +2624,7 @@ int speed_main(int argc, char **argv) ecdh_doit[testnum] = 0; } } -#endif +#endif /* OPENSSL_NO_EC */ #ifndef NO_FORK show_res: #endif @@ -2991,11 +2996,7 @@ static int do_multi(int multi) 1 / (1 / ecdsa_results[k][1] + 1 / d); else ecdsa_results[k][1] = d; - } -# endif - -# ifndef OPENSSL_NO_EC - else if (strncmp(buf, "+F5:", 4) == 0) { + } else if (strncmp(buf, "+F5:", 4) == 0) { int k; double d; diff --git a/apps/ts.c b/apps/ts.c index 3cedb67..924108f 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -38,41 +38,41 @@ static ASN1_OBJECT *txt2obj(const char *oid); static CONF *load_config_file(const char *configfile); /* Query related functions. */ -static int query_command(const char *data, char *digest, +static int query_command(const char *data, const char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert, const char *in, const char *out, int text); -static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, +static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert); -static int create_digest(BIO *input, char *digest, +static int create_digest(BIO *input, const char *digest, const EVP_MD *md, unsigned char **md_value); static ASN1_INTEGER *create_nonce(int bits); /* Reply related functions. */ -static int reply_command(CONF *conf, char *section, char *engine, - char *queryfile, char *passin, char *inkey, - const EVP_MD *md, char *signer, char *chain, - const char *policy, char *in, int token_in, - char *out, int token_out, int text); +static int reply_command(CONF *conf, const char *section, const char *engine, + const char *queryfile, const char *passin, const char *inkey, + const EVP_MD *md, const char *signer, const char *chain, + const char *policy, const char *in, int token_in, + const char *out, int token_out, int text); static TS_RESP *read_PKCS7(BIO *in_bio); -static TS_RESP *create_response(CONF *conf, const char *section, char *engine, - char *queryfile, char *passin, - char *inkey, const EVP_MD *md, char *signer, - char *chain, const char *policy); +static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, + const char *queryfile, const char *passin, + const char *inkey, const EVP_MD *md, const char *signer, + const char *chain, const char *policy); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); /* Verify related functions. */ -static int verify_command(char *data, char *digest, char *queryfile, - char *in, int token_in, - char *CApath, char *CAfile, char *untrusted, +static int verify_command(const char *data, const char *digest, const char *queryfile, + const char *in, int token_in, + const char *CApath, const char *CAfile, const char *untrusted, X509_VERIFY_PARAM *vpm); -static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, - char *queryfile, - char *CApath, char *CAfile, - char *untrusted, +static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, + const char *queryfile, + const char *CApath, const char *CAfile, + const char *untrusted, X509_VERIFY_PARAM *vpm); -static X509_STORE *create_cert_store(char *CApath, char *CAfile, +static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, X509_VERIFY_PARAM *vpm); static int verify_cb(int ok, X509_STORE_CTX *ctx); @@ -153,9 +153,11 @@ static char* opt_helplist[] = { int ts_main(int argc, char **argv) { CONF *conf = NULL; - char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp; - char *configfile = default_config_file; - char *section = NULL, *password = NULL; + const char *CAfile = NULL, *untrusted = NULL, *prog; + const char *configfile = default_config_file, *engine = NULL; + const char *section = NULL; + char **helpp; + char *password = NULL; char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; @@ -377,7 +379,7 @@ static CONF *load_config_file(const char *configfile) /* * Query-related method definitions. */ -static int query_command(const char *data, char *digest, const EVP_MD *md, +static int query_command(const char *data, const char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert, const char *in, const char *out, int text) { @@ -424,7 +426,7 @@ static int query_command(const char *data, char *digest, const EVP_MD *md, return ret; } -static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, +static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert) { int ret = 0; @@ -488,7 +490,7 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, return ts_req; } -static int create_digest(BIO *input, char *digest, const EVP_MD *md, +static int create_digest(BIO *input, const char *digest, const EVP_MD *md, unsigned char **md_value) { int md_value_len; @@ -566,11 +568,11 @@ static ASN1_INTEGER *create_nonce(int bits) * Reply-related method definitions. */ -static int reply_command(CONF *conf, char *section, char *engine, - char *queryfile, char *passin, char *inkey, - const EVP_MD *md, char *signer, char *chain, - const char *policy, char *in, int token_in, - char *out, int token_out, int text) +static int reply_command(CONF *conf, const char *section, const char *engine, + const char *queryfile, const char *passin, const char *inkey, + const EVP_MD *md, const char *signer, const char *chain, + const char *policy, const char *in, int token_in, + const char *out, int token_out, int text) { int ret = 0; TS_RESP *response = NULL; @@ -674,10 +676,10 @@ static TS_RESP *read_PKCS7(BIO *in_bio) return resp; } -static TS_RESP *create_response(CONF *conf, const char *section, char *engine, - char *queryfile, char *passin, - char *inkey, const EVP_MD *md, char *signer, - char *chain, const char *policy) +static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, + const char *queryfile, const char *passin, + const char *inkey, const EVP_MD *md, const char *signer, + const char *chain, const char *policy) { int ret = 0; TS_RESP *response = NULL; @@ -825,9 +827,9 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) * Verify-related method definitions. */ -static int verify_command(char *data, char *digest, char *queryfile, - char *in, int token_in, - char *CApath, char *CAfile, char *untrusted, +static int verify_command(const char *data, const char *digest, const char *queryfile, + const char *in, int token_in, + const char *CApath, const char *CAfile, const char *untrusted, X509_VERIFY_PARAM *vpm) { BIO *in_bio = NULL; @@ -871,10 +873,10 @@ static int verify_command(char *data, char *digest, char *queryfile, return ret; } -static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, - char *queryfile, - char *CApath, char *CAfile, - char *untrusted, +static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, + const char *queryfile, + const char *CApath, const char *CAfile, + const char *untrusted, X509_VERIFY_PARAM *vpm) { TS_VERIFY_CTX *ctx = NULL; @@ -935,7 +937,8 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, return ctx; } -static X509_STORE *create_cert_store(char *CApath, char *CAfile, X509_VERIFY_PARAM *vpm) +static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, + X509_VERIFY_PARAM *vpm) { X509_STORE *cert_ctx = NULL; X509_LOOKUP *lookup = NULL; diff --git a/apps/verify.c b/apps/verify.c index 40e19d4..47a8c86 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -18,7 +18,7 @@ #include <openssl/pem.h> static int cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx, char *file, +static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls, int show_chain); static int v_verbose = 0, vflags = 0; @@ -64,7 +64,7 @@ int verify_main(int argc, char **argv) STACK_OF(X509_CRL) *crls = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; - char *prog, *CApath = NULL, *CAfile = NULL; + const char *prog, *CApath = NULL, *CAfile = NULL; int noCApath = 0, noCAfile = 0; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; OPTION_CHOICE o; @@ -194,7 +194,7 @@ int verify_main(int argc, char **argv) return (ret < 0 ? 2 : ret); } -static int check(X509_STORE *ctx, char *file, +static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls, int show_chain) { diff --git a/apps/x509.c b/apps/x509.c index 6f72f82..ca9a09f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -33,12 +33,12 @@ static int callb(int ok, X509_STORE_CTX *ctx); static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - const EVP_MD *digest, CONF *conf, char *section); -static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, + const EVP_MD *digest, CONF *conf, const char *section); +static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *sigopts, char *serial, + STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile, int create, int days, int clrext, CONF *conf, - char *section, ASN1_INTEGER *sno, int reqfile); + const char *section, ASN1_INTEGER *sno, int reqfile); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); typedef enum OPTION_choice { @@ -893,7 +893,7 @@ int x509_main(int argc, char **argv) return (ret); } -static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, +static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile, int create) { char *buf = NULL, *p; @@ -934,11 +934,11 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, return bs; } -static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, +static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, - char *serialfile, int create, - int days, int clrext, CONF *conf, char *section, + const char *serialfile, int create, + int days, int clrext, CONF *conf, const char *section, ASN1_INTEGER *sno, int reqfile) { int ret = 0; @@ -1051,7 +1051,7 @@ static int callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - const EVP_MD *digest, CONF *conf, char *section) + const EVP_MD *digest, CONF *conf, const char *section) { if (!X509_set_issuer_name(x, X509_get_subject_name(x))) diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 8863465..6a5cd70 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -954,7 +954,7 @@ static int set_protocol_version(const char *version, SSL *ssl, int setting) int main(int argc, char *argv[]) { - char *CApath = NULL, *CAfile = NULL; + const char *CApath = NULL, *CAfile = NULL; int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits