[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Wed Apr 29 15:28:24 UTC 2015


The branch master has been updated
       via  ecf3a1fb181c08540342cceb6549e0408b32d135 (commit)
      from  bea6cd3e1c551b48007eedbb0cb0f3a8aa473138 (commit)


- Log -----------------------------------------------------------------
commit ecf3a1fb181c08540342cceb6549e0408b32d135
Author: Rich Salz <rsalz at openssl.org>
Date:   Wed Apr 29 11:27:08 2015 -0400

    Remove needless bio_err argument
    
    Many functions had a BIO* parameter, and it was always called
    with bio_err.  Remove the param and just use bio_err.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.c     | 20 ++++++++--------
 apps/apps.h     |  2 +-
 apps/asn1pars.c | 12 +++++-----
 apps/ca.c       | 30 ++++++++++++------------
 apps/cms.c      | 38 +++++++++++++++---------------
 apps/pkcs12.c   | 12 +++++-----
 apps/s_apps.h   |  4 ++--
 apps/s_cb.c     | 71 +++++++++++++++++++++++++++++----------------------------
 apps/s_client.c |  4 ++--
 apps/s_server.c |  8 +++----
 apps/smime.c    |  2 +-
 apps/srp.c      | 54 +++++++++++++++++++++----------------------
 apps/verify.c   | 16 ++++++-------
 13 files changed, 136 insertions(+), 137 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 66e3796..a4eecae 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2006,34 +2006,34 @@ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
     return rv;
 }
 
-static void nodes_print(BIO *out, const char *name,
-                        STACK_OF(X509_POLICY_NODE) *nodes)
+static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
 {
     X509_POLICY_NODE *node;
     int i;
-    BIO_printf(out, "%s Policies:", name);
+
+    BIO_printf(bio_err, "%s Policies:", name);
     if (nodes) {
-        BIO_puts(out, "\n");
+        BIO_puts(bio_err, "\n");
         for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
             node = sk_X509_POLICY_NODE_value(nodes, i);
-            X509_POLICY_NODE_print(out, node, 2);
+            X509_POLICY_NODE_print(bio_err, node, 2);
         }
     } else
-        BIO_puts(out, " <empty>\n");
+        BIO_puts(bio_err, " <empty>\n");
 }
 
-void policies_print(BIO *out, X509_STORE_CTX *ctx)
+void policies_print(X509_STORE_CTX *ctx)
 {
     X509_POLICY_TREE *tree;
     int explicit_policy;
     tree = X509_STORE_CTX_get0_policy_tree(ctx);
     explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
 
-    BIO_printf(out, "Require explicit Policy: %s\n",
+    BIO_printf(bio_err, "Require explicit Policy: %s\n",
                explicit_policy ? "True" : "False");
 
-    nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
-    nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+    nodes_print("Authority", X509_policy_tree_get0_policies(tree));
+    nodes_print("User", X509_policy_tree_get0_user_policies(tree));
 }
 
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
diff --git a/apps/apps.h b/apps/apps.h
index 5d1b98f..db67957 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -489,7 +489,7 @@ int parse_yesno(const char *str, int def);
 X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc,
                 int *badarg, X509_VERIFY_PARAM **pm);
-void policies_print(BIO *out, X509_STORE_CTX *ctx);
+void policies_print(X509_STORE_CTX *ctx);
 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 int init_gen_str(EVP_PKEY_CTX **pctx,
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index e96491a..6214625 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -100,7 +100,7 @@ OPTIONS asn1parse_options[] = {
     {NULL}
 };
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
+static int do_generate(char *genstr, char *genconf, BUF_MEM *buf);
 
 int asn1parse_main(int argc, char **argv)
 {
@@ -215,7 +215,7 @@ int asn1parse_main(int argc, char **argv)
             goto end;           /* Pre-allocate :-) */
 
         if (genstr || genconf) {
-            num = do_generate(bio_err, genstr, genconf, buf);
+            num = do_generate(genstr, genconf, buf);
             if (num < 0) {
                 ERR_print_errors(bio_err);
                 goto end;
@@ -335,7 +335,7 @@ int asn1parse_main(int argc, char **argv)
     return (ret);
 }
 
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
+static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
 {
     CONF *cnf = NULL;
     int len;
@@ -350,7 +350,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
         if (!genstr)
             genstr = NCONF_get_string(cnf, "default", "asn1");
         if (!genstr) {
-            BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
+            BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
             goto err;
         }
     }
@@ -380,10 +380,10 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
  conferr:
 
     if (errline > 0)
-        BIO_printf(bio, "Error on line %ld of config file '%s'\n",
+        BIO_printf(bio_err, "Error on line %ld of config file '%s'\n",
                    errline, genconf);
     else
-        BIO_printf(bio, "Error loading config file '%s'\n", genconf);
+        BIO_printf(bio_err, "Error loading config file '%s'\n", genconf);
 
  err:
     NCONF_free(cnf);
diff --git a/apps/ca.c b/apps/ca.c
index ac720db..ba666ee 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -187,7 +187,7 @@ static int do_updatedb(CA_DB *db);
 static int check_time_format(const char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, const char *str);
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str);
 
 static CONF *conf = NULL;
 static CONF *extconf = NULL;
@@ -1604,7 +1604,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         }
 
         if (default_op)
-            old_entry_print(bio_err, obj, str);
+            old_entry_print(obj, str);
     }
 
     /* Ok, now we check the 'policy' stuff. */
@@ -2632,42 +2632,42 @@ int make_revoked(X509_REVOKED *rev, const char *str)
     return ret;
 }
 
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str)
 {
     char buf[25], *pbuf, *p;
     int j;
-    j = i2a_ASN1_OBJECT(bp, obj);
+    j = i2a_ASN1_OBJECT(bio_err, obj);
     pbuf = buf;
     for (j = 22 - j; j > 0; j--)
         *(pbuf++) = ' ';
     *(pbuf++) = ':';
     *(pbuf++) = '\0';
-    BIO_puts(bp, buf);
+    BIO_puts(bio_err, buf);
 
     if (str->type == V_ASN1_PRINTABLESTRING)
-        BIO_printf(bp, "PRINTABLE:'");
+        BIO_printf(bio_err, "PRINTABLE:'");
     else if (str->type == V_ASN1_T61STRING)
-        BIO_printf(bp, "T61STRING:'");
+        BIO_printf(bio_err, "T61STRING:'");
     else if (str->type == V_ASN1_IA5STRING)
-        BIO_printf(bp, "IA5STRING:'");
+        BIO_printf(bio_err, "IA5STRING:'");
     else if (str->type == V_ASN1_UNIVERSALSTRING)
-        BIO_printf(bp, "UNIVERSALSTRING:'");
+        BIO_printf(bio_err, "UNIVERSALSTRING:'");
     else
-        BIO_printf(bp, "ASN.1 %2d:'", str->type);
+        BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
 
     p = (char *)str->data;
     for (j = str->length; j > 0; j--) {
         if ((*p >= ' ') && (*p <= '~'))
-            BIO_printf(bp, "%c", *p);
+            BIO_printf(bio_err, "%c", *p);
         else if (*p & 0x80)
-            BIO_printf(bp, "\\0x%02X", *p);
+            BIO_printf(bio_err, "\\0x%02X", *p);
         else if ((unsigned char)*p == 0xf7)
-            BIO_printf(bp, "^?");
+            BIO_printf(bio_err, "^?");
         else
-            BIO_printf(bp, "^%c", *p + '@');
+            BIO_printf(bio_err, "^%c", *p + '@');
         p++;
     }
-    BIO_printf(bp, "'\n");
+    BIO_printf(bio_err, "'\n");
     return 1;
 }
 
diff --git a/apps/cms.c b/apps/cms.c
index e3e8656..16dbc0c 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -68,7 +68,7 @@
 
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static void receipt_request_print(CMS_ContentInfo *cms);
 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
                                                 *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
                                                 *rr_from);
@@ -1075,7 +1075,7 @@ int cms_main(int argc, char **argv)
             sk_X509_free(signers);
         }
         if (rr_print)
-            receipt_request_print(bio_err, cms);
+            receipt_request_print(cms);
 
     } else if (operation == SMIME_VERIFY_RECEIPT) {
         if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
@@ -1190,31 +1190,31 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx)
         && ((error != X509_V_OK) || (ok != 2)))
         return ok;
 
-    /* Should be bio_err? */
-    policies_print(bio_out, ctx);
+    policies_print(ctx);
 
     return ok;
 
 }
 
-static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
 {
     STACK_OF(GENERAL_NAME) *gens;
     GENERAL_NAME *gen;
     int i, j;
+
     for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
         gens = sk_GENERAL_NAMES_value(gns, i);
         for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
             gen = sk_GENERAL_NAME_value(gens, j);
-            BIO_puts(out, "    ");
-            GENERAL_NAME_print(out, gen);
-            BIO_puts(out, "\n");
+            BIO_puts(bio_err, "    ");
+            GENERAL_NAME_print(bio_err, gen);
+            BIO_puts(bio_err, "\n");
         }
     }
     return;
 }
 
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+static void receipt_request_print(CMS_ContentInfo *cms)
 {
     STACK_OF(CMS_SignerInfo) *sis;
     CMS_SignerInfo *si;
@@ -1238,22 +1238,22 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
             int idlen;
             CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
                                            &rlist, &rto);
-            BIO_puts(out, "  Signed Content ID:\n");
+            BIO_puts(bio_err, "  Signed Content ID:\n");
             idlen = ASN1_STRING_length(scid);
             id = (char *)ASN1_STRING_data(scid);
-            BIO_dump_indent(out, id, idlen, 4);
-            BIO_puts(out, "  Receipts From");
+            BIO_dump_indent(bio_err, id, idlen, 4);
+            BIO_puts(bio_err, "  Receipts From");
             if (rlist) {
-                BIO_puts(out, " List:\n");
-                gnames_stack_print(out, rlist);
+                BIO_puts(bio_err, " List:\n");
+                gnames_stack_print(rlist);
             } else if (allorfirst == 1)
-                BIO_puts(out, ": First Tier\n");
+                BIO_puts(bio_err, ": First Tier\n");
             else if (allorfirst == 0)
-                BIO_puts(out, ": All\n");
+                BIO_puts(bio_err, ": All\n");
             else
-                BIO_printf(out, " Unknown (%d)\n", allorfirst);
-            BIO_puts(out, "  Receipts To:\n");
-            gnames_stack_print(out, rto);
+                BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
+            BIO_puts(bio_err, "  Receipts To:\n");
+            gnames_stack_print(rto);
         }
         if (rr)
             CMS_ReceiptRequest_free(rr);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 5cdd71b..ec7a1d9 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -86,7 +86,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
                   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
+static int alg_print(X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
 static int set_pbe(int *ppbe, const char *str);
 
@@ -587,7 +587,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
         } else if (bagnid == NID_pkcs7_encrypted) {
             if (options & INFO) {
                 BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
+                alg_print(p7->d.encrypted->enc_data->algorithm);
             }
             bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
         } else
@@ -649,7 +649,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
     case NID_pkcs8ShroudedKeyBag:
         if (options & INFO) {
             BIO_printf(bio_err, "Shrouded Keybag: ");
-            alg_print(bio_err, bag->value.shkeybag->algor);
+            alg_print(bag->value.shkeybag->algor);
         }
         if (options & NOKEYS)
             return 1;
@@ -737,11 +737,11 @@ int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
     return i;
 }
 
-int alg_print(BIO *x, X509_ALGOR *alg)
+static int alg_print(X509_ALGOR *alg)
 {
     PBEPARAM *pbe;
-    const unsigned char *p;
-    p = alg->parameter->value.sequence->data;
+    const unsigned char *p = alg->parameter->value.sequence->data;
+
     pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
     if (!pbe)
         return 1;
diff --git a/apps/s_apps.h b/apps/s_apps.h
index db8d039..cf3026d 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -204,7 +204,7 @@ void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
 void ssl_excert_free(SSL_EXCERT *exc);
 int args_excert(int option, SSL_EXCERT **pexc);
 int load_excert(SSL_EXCERT **pexc);
-void print_ssl_summary(BIO *bio, SSL *s);
+void print_ssl_summary(SSL *s);
 #ifdef HEADER_SSL_H
 int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
                SSL_CTX *ctx, int no_ecdhe, int no_jpake);
@@ -214,5 +214,5 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
                     const char *vfyCAfile, const char *chCApath,
                     const char *chCAfile, STACK_OF(X509_CRL) *crls,
                     int crl_download);
-void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose);
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
 #endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index ddd65a9..76aeadb 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -186,11 +186,11 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
         break;
     case X509_V_ERR_NO_EXPLICIT_POLICY:
         if (!verify_quiet)
-            policies_print(bio_err, ctx);
+            policies_print(ctx);
         break;
     }
     if (err == X509_V_OK && ok == 2 && !verify_quiet)
-        policies_print(bio_err, ctx);
+        policies_print(ctx);
     if (ok && !verify_quiet)
         BIO_printf(bio_err, "verify return:%d\n", ok);
     return (ok);
@@ -1104,19 +1104,20 @@ struct chain_flags chain_flags_list[] = {
     {0, NULL}
 };
 
-static void print_chain_flags(BIO *out, SSL *s, int flags)
+static void print_chain_flags(SSL *s, int flags)
 {
     struct chain_flags *ctmp = chain_flags_list;
+
     while (ctmp->name) {
-        BIO_printf(out, "\t%s: %s\n", ctmp->name,
+        BIO_printf(bio_err, "\t%s: %s\n", ctmp->name,
                    flags & ctmp->flag ? "OK" : "NOT OK");
         ctmp++;
     }
-    BIO_printf(out, "\tSuite B: ");
+    BIO_printf(bio_err, "\tSuite B: ");
     if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
-        BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+        BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
     else
-        BIO_printf(out, "not tested\n");
+        BIO_printf(bio_err, "not tested\n");
 }
 
 /*
@@ -1157,7 +1158,7 @@ static int set_cert_cb(SSL *ssl, void *arg)
         X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
                            XN_FLAG_ONELINE);
         BIO_puts(bio_err, "\n");
-        print_chain_flags(bio_err, ssl, rv);
+        print_chain_flags(ssl, rv);
         if (rv & CERT_PKEY_VALID) {
             if (!SSL_use_certificate(ssl, exc->cert)
                     || !SSL_use_PrivateKey(ssl, exc->key)) {
@@ -1334,7 +1335,7 @@ int args_excert(int opt, SSL_EXCERT **pexc)
     return 0;
 }
 
-static void print_raw_cipherlist(BIO *bio, SSL *s)
+static void print_raw_cipherlist(SSL *s)
 {
     const unsigned char *rlist;
     static const unsigned char scsv_id[] = { 0, 0, 0xFF };
@@ -1343,59 +1344,58 @@ static void print_raw_cipherlist(BIO *bio, SSL *s)
         return;
     num = SSL_get0_raw_cipherlist(s, NULL);
     rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
-    BIO_puts(bio, "Client cipher list: ");
+    BIO_puts(bio_err, "Client cipher list: ");
     for (i = 0; i < rlistlen; i += num, rlist += num) {
         const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
         if (i)
-            BIO_puts(bio, ":");
+            BIO_puts(bio_err, ":");
         if (c)
-            BIO_puts(bio, SSL_CIPHER_get_name(c));
+            BIO_puts(bio_err, SSL_CIPHER_get_name(c));
         else if (!memcmp(rlist, scsv_id - num + 3, num))
-            BIO_puts(bio, "SCSV");
+            BIO_puts(bio_err, "SCSV");
         else {
             size_t j;
-            BIO_puts(bio, "0x");
+            BIO_puts(bio_err, "0x");
             for (j = 0; j < num; j++)
-                BIO_printf(bio, "%02X", rlist[j]);
+                BIO_printf(bio_err, "%02X", rlist[j]);
         }
     }
-    BIO_puts(bio, "\n");
+    BIO_puts(bio_err, "\n");
 }
 
-void print_ssl_summary(BIO *bio, SSL *s)
+void print_ssl_summary(SSL *s)
 {
     const SSL_CIPHER *c;
     X509 *peer;
-    /*
-     * const char *pnam = SSL_is_server(s) ? "client" : "server";
-     */
-    BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
-    print_raw_cipherlist(bio, s);
+    /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */
+
+    BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
+    print_raw_cipherlist(s);
     c = SSL_get_current_cipher(s);
-    BIO_printf(bio, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
-    do_print_sigalgs(bio, s, 0);
+    BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
+    do_print_sigalgs(bio_err, s, 0);
     peer = SSL_get_peer_certificate(s);
     if (peer) {
         int nid;
-        BIO_puts(bio, "Peer certificate: ");
-        X509_NAME_print_ex(bio, X509_get_subject_name(peer),
+        BIO_puts(bio_err, "Peer certificate: ");
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
                            0, XN_FLAG_ONELINE);
-        BIO_puts(bio, "\n");
+        BIO_puts(bio_err, "\n");
         if (SSL_get_peer_signature_nid(s, &nid))
-            BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
+            BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
     } else
-        BIO_puts(bio, "No peer certificate\n");
+        BIO_puts(bio_err, "No peer certificate\n");
     if (peer)
         X509_free(peer);
 #ifndef OPENSSL_NO_EC
-    ssl_print_point_formats(bio, s);
+    ssl_print_point_formats(bio_err, s);
     if (SSL_is_server(s))
-        ssl_print_curves(bio, s, 1);
+        ssl_print_curves(bio_err, s, 1);
     else
-        ssl_print_tmp_key(bio, s);
+        ssl_print_tmp_key(bio_err, s);
 #else
     if (!SSL_is_server(s))
-        ssl_print_tmp_key(bio, s);
+        ssl_print_tmp_key(bio_err, s);
 #endif
 }
 
@@ -1681,10 +1681,11 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx,
     return rv;
 }
 
-void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose)
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
 {
     static security_debug_ex sdb;
-    sdb.out = out;
+
+    sdb.out = bio_err;
     sdb.verbose = verbose;
     sdb.old_cb = SSL_CTX_get_security_callback(ctx);
     SSL_CTX_set_security_callback(ctx, security_callback_debug);
diff --git a/apps/s_client.c b/apps/s_client.c
index 9181c75..9d0d6f0 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1181,7 +1181,7 @@ int s_client_main(int argc, char **argv)
     }
 
     if (sdebug)
-        ssl_ctx_security_debug(ctx, bio_err, sdebug);
+        ssl_ctx_security_debug(ctx, sdebug);
 
     if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
         BIO_printf(bio_err, "Error setting verify params\n");
@@ -1663,7 +1663,7 @@ int s_client_main(int argc, char **argv)
                 }
                 if (c_brief) {
                     BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
-                    print_ssl_summary(bio_err, con);
+                    print_ssl_summary(con);
                 }
 
                 print_stuff(bio_c_out, con, full_log);
diff --git a/apps/s_server.c b/apps/s_server.c
index fb6fd3d..701f52d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1617,7 +1617,7 @@ int s_server_main(int argc, char *argv[])
 
     ctx = SSL_CTX_new(meth);
     if (sdebug)
-        ssl_ctx_security_debug(ctx, bio_err, sdebug);
+        ssl_ctx_security_debug(ctx, sdebug);
     if (ctx == NULL) {
         ERR_print_errors(bio_err);
         goto end;
@@ -1690,7 +1690,7 @@ int s_server_main(int argc, char *argv[])
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
         if (sdebug)
-            ssl_ctx_security_debug(ctx, bio_err, sdebug);
+            ssl_ctx_security_debug(ctx, sdebug);
 
         if (session_id_prefix) {
             if (strlen(session_id_prefix) >= 32)
@@ -2487,7 +2487,7 @@ static int init_ssl_connection(SSL *con)
     }
 
     if (s_brief)
-        print_ssl_summary(bio_err, con);
+        print_ssl_summary(con);
 
     PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
 
@@ -3036,7 +3036,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
         }
     }
     BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
-    print_ssl_summary(bio_err, con);
+    print_ssl_summary(con);
 
     for (;;) {
         i = BIO_gets(io, buf, bufsize - 1);
diff --git a/apps/smime.c b/apps/smime.c
index 0c683f5..21e9daa 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -697,7 +697,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx)
         && ((error != X509_V_OK) || (ok != 2)))
         return ok;
 
-    policies_print(bio_err, ctx);
+    policies_print(ctx);
 
     return ok;
 
diff --git a/apps/srp.c b/apps/srp.c
index 0acbb8a..adc6a6f 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -102,38 +102,38 @@ static int get_index(CA_DB *db, char *id, char type)
     return -1;
 }
 
-static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
+static void print_entry(CA_DB *db, int indx, int verbose, char *s)
 {
     if (indx >= 0 && verbose) {
         int j;
         char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
-        BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
+        BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
         for (j = 0; j < DB_NUMBER; j++) {
             BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
         }
     }
 }
 
-static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
+static void print_index(CA_DB *db, int indexindex, int verbose)
 {
-    print_entry(db, bio, indexindex, verbose, "g N entry");
+    print_entry(db, indexindex, verbose, "g N entry");
 }
 
-static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
+static void print_user(CA_DB *db, int userindex, int verbose)
 {
     if (verbose > 0) {
         char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 
         if (pp[DB_srptype][0] != 'I') {
-            print_entry(db, bio, userindex, verbose, "User entry");
-            print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
+            print_entry(db, userindex, verbose, "User entry");
+            print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
                         "g N entry");
         }
 
     }
 }
 
-static int update_index(CA_DB *db, BIO *bio, char **row)
+static int update_index(CA_DB *db, char **row)
 {
     char **irow;
     int i;
@@ -150,8 +150,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
     irow[DB_NUMBER] = NULL;
 
     if (!TXT_DB_insert(db->db, irow)) {
-        BIO_printf(bio, "failed to update srpvfile\n");
-        BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
+        BIO_printf(bio_err, "failed to update srpvfile\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
         OPENSSL_free(irow);
         return 0;
     }
@@ -165,7 +165,7 @@ static void lookup_fail(const char *name, const char *tag)
 
 static char *srp_verify_user(const char *user, const char *srp_verifier,
                              char *srp_usersalt, const char *g, const char *N,
-                             const char *passin, BIO *bio, int verbose)
+                             const char *passin, int verbose)
 {
     char password[1024];
     PW_CB_DATA cb_tmp;
@@ -177,17 +177,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 
     if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
         if (verbose)
-            BIO_printf(bio,
+            BIO_printf(bio_err,
                        "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                        user, srp_verifier, srp_usersalt, g, N);
-        BIO_printf(bio, "Pass %s\n", password);
+        BIO_printf(bio_err, "Pass %s\n", password);
 
         OPENSSL_assert(srp_usersalt != NULL);
         if (!
             (gNid =
              SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
                                  g))) {
-            BIO_printf(bio, "Internal error validating SRP verifier\n");
+            BIO_printf(bio_err, "Internal error validating SRP verifier\n");
         } else {
             if (strcmp(verifier, srp_verifier))
                 gNid = NULL;
@@ -199,7 +199,7 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 
 static char *srp_create_user(char *user, char **srp_verifier,
                              char **srp_usersalt, char *g, char *N,
-                             char *passout, BIO *bio, int verbose)
+                             char *passout, int verbose)
 {
     char password[1024];
     PW_CB_DATA cb_tmp;
@@ -210,17 +210,17 @@ static char *srp_create_user(char *user, char **srp_verifier,
 
     if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
         if (verbose)
-            BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+            BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                        user, g, N);
         if (!
             (gNid =
              SRP_create_verifier(user, password, &salt, srp_verifier, N,
                                  g))) {
-            BIO_printf(bio, "Internal error creating SRP verifier\n");
+            BIO_printf(bio_err, "Internal error creating SRP verifier\n");
         } else
             *srp_usersalt = salt;
         if (verbose > 1)
-            BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,
+            BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,
                        salt, *srp_verifier);
 
     }
@@ -453,7 +453,7 @@ int srp_main(int argc, char **argv)
             if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
                 gNindex = i;
 
-            print_index(db, bio_err, i, verbose > 1);
+            print_index(db, i, verbose > 1);
         }
     }
 
@@ -462,7 +462,7 @@ int srp_main(int argc, char **argv)
 
     if (gNindex >= 0) {
         gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
-        print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
+        print_entry(db, gNindex, verbose > 1, "Default g and N");
     } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
         BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
         goto end;
@@ -484,7 +484,7 @@ int srp_main(int argc, char **argv)
             if (verbose > 1)
                 BIO_printf(bio_err, "Processing user \"%s\"\n", user);
         if ((userindex = get_index(db, user, 'U')) >= 0) {
-            print_user(db, bio_err, userindex, (verbose > 0)
+            print_user(db, userindex, (verbose > 0)
                        || mode == OPT_LIST);
         }
 
@@ -493,7 +493,7 @@ int srp_main(int argc, char **argv)
                 BIO_printf(bio_err, "List all users\n");
 
                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
-                    print_user(db, bio_err, i, 1);
+                    print_user(db, i, 1);
                 }
             } else if (userindex < 0) {
                 BIO_printf(bio_err,
@@ -521,7 +521,7 @@ int srp_main(int argc, char **argv)
                                      &(row[DB_srpsalt]),
                                      gNrow ? gNrow[DB_srpsalt] : gN,
                                      gNrow ? gNrow[DB_srpverifier] : NULL,
-                                     passout, bio_err, verbose))) {
+                                     passout, verbose))) {
                     BIO_printf(bio_err,
                                "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
                                user);
@@ -540,7 +540,7 @@ int srp_main(int argc, char **argv)
                                                                        =
                                                                        BUF_strdup
                                                                        (userinfo))))
-                    || !update_index(db, bio_err, row)) {
+                    || !update_index(db, row)) {
                     if (row[DB_srpid])
                         OPENSSL_free(row[DB_srpid]);
                     if (row[DB_srpgN])
@@ -593,7 +593,7 @@ int srp_main(int argc, char **argv)
                             (user, row[DB_srpverifier], row[DB_srpsalt],
                              irow ? irow[DB_srpsalt] : row[DB_srpgN],
                              irow ? irow[DB_srpverifier] : NULL, passin,
-                             bio_err, verbose)) {
+                             verbose)) {
                             BIO_printf(bio_err,
                                        "Invalid password for user \"%s\", operation abandoned.\n",
                                        user);
@@ -611,7 +611,7 @@ int srp_main(int argc, char **argv)
                                          &(row[DB_srpsalt]),
                                          gNrow ? gNrow[DB_srpsalt] : NULL,
                                          gNrow ? gNrow[DB_srpverifier] : NULL,
-                                         passout, bio_err, verbose))) {
+                                         passout, verbose))) {
                         BIO_printf(bio_err,
                                    "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
                                    user);
@@ -664,7 +664,7 @@ int srp_main(int argc, char **argv)
 
             if (pp[DB_srptype][0] == 'v') {
                 pp[DB_srptype][0] = 'V';
-                print_user(db, bio_err, i, verbose);
+                print_user(db, i, verbose);
             }
         }
 
diff --git a/apps/verify.c b/apps/verify.c
index 35085e7..1faca96 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -296,26 +296,25 @@ static int cb(int ok, X509_STORE_CTX *ctx)
 
     if (!ok) {
         if (current_cert) {
-            X509_NAME_print_ex_fp(stdout,
-                                  X509_get_subject_name(current_cert),
-                                  0, XN_FLAG_ONELINE);
-            printf("\n");
+            X509_NAME_print_ex(bio_err,
+                            X509_get_subject_name(current_cert),
+                            0, XN_FLAG_ONELINE);
+            BIO_printf(bio_err, "\n");
         }
-        printf("%serror %d at %d depth lookup:%s\n",
+        BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n",
                X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
                cert_error,
                X509_STORE_CTX_get_error_depth(ctx),
                X509_verify_cert_error_string(cert_error));
         switch (cert_error) {
         case X509_V_ERR_NO_EXPLICIT_POLICY:
-            policies_print(bio_err, ctx);
+            policies_print(ctx);
         case X509_V_ERR_CERT_HAS_EXPIRED:
 
             /*
              * since we are just checking the certificates, it is ok if they
              * are self signed. But we should still warn the user.
              */
-
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             /* Continue after extension errors too */
         case X509_V_ERR_INVALID_CA:
@@ -326,14 +325,13 @@ static int cb(int ok, X509_STORE_CTX *ctx)
         case X509_V_ERR_CRL_NOT_YET_VALID:
         case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
             ok = 1;
-
         }
 
         return ok;
 
     }
     if (cert_error == X509_V_OK && ok == 2)
-        policies_print(bio_out, ctx);
+        policies_print(ctx);
     if (!v_verbose)
         ERR_clear_error();
     return (ok);


More information about the openssl-commits mailing list