[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Aug 17 16:12:04 UTC 2016
The branch master has been updated
via d6073e27ebdbab63bf0add13fa0f66dcaa6e39e8 (commit)
via cc69629626ce0dab934704e1d9e806e0823c87d0 (commit)
via e7917e38bee4a0dcaa9b9968b6a4e48959dd4a3d (commit)
via cfd451d47f4df63278f83612b9a5280d1801c5f6 (commit)
via 54463e4f332ab1fd669411db2f37f9cb70651e89 (commit)
from 2e5ead831b1a92d78113b00978f8b3323268469f (commit)
- Log -----------------------------------------------------------------
commit d6073e27ebdbab63bf0add13fa0f66dcaa6e39e8
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Sun Aug 7 12:04:26 2016 +0200
Small nits and cleanups
using util/openssl-format-source on s_derver, s_client, ca.c, speed.c only...
Fix/merge some #ifndef
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit cc69629626ce0dab934704e1d9e806e0823c87d0
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Aug 4 23:52:22 2016 +0200
Constify char* input parameters in apps code
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit e7917e38bee4a0dcaa9b9968b6a4e48959dd4a3d
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Fri Aug 5 00:19:36 2016 +0200
Simplify and add help about OPT_PVK* options
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit cfd451d47f4df63278f83612b9a5280d1801c5f6
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Aug 4 00:23:39 2016 +0200
Improve error message
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 54463e4f332ab1fd669411db2f37f9cb70651e89
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Wed Aug 3 22:49:25 2016 +0200
Relocalise some globals variables
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 17 +++---
apps/apps.h | 13 +++--
apps/asn1pars.c | 4 +-
apps/ca.c | 89 ++++++++++++++--------------
apps/cms.c | 3 +-
apps/crl.c | 2 +-
apps/dsa.c | 32 ++++------
apps/ocsp.c | 5 +-
apps/pkcs12.c | 4 +-
apps/pkeyutl.c | 4 +-
apps/req.c | 12 ++--
apps/rsa.c | 31 ++++------
apps/s_client.c | 64 +++++++++-----------
apps/s_server.c | 168 ++++++++++++++++++++++-------------------------------
apps/s_time.c | 3 -
apps/smime.c | 4 +-
apps/speed.c | 39 +++++++------
apps/ts.c | 89 ++++++++++++++--------------
apps/verify.c | 6 +-
apps/x509.c | 18 +++---
test/ssltest_old.c | 2 +-
21 files changed, 286 insertions(+), 323 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 10ab626..40b31a5 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -320,9 +320,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
return res;
}
-static char *app_get_pass(char *arg, int keepbio);
+static char *app_get_pass(const char *arg, int keepbio);
-int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
{
int same;
if (!arg2 || !arg1 || strcmp(arg1, arg2))
@@ -344,7 +344,7 @@ int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
return 1;
}
-static char *app_get_pass(char *arg, int keepbio)
+static char *app_get_pass(const char *arg, int keepbio)
{
char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
@@ -1185,7 +1185,7 @@ void print_array(BIO *out, const char* title, int len, const unsigned char* d)
BIO_printf(out, "\n};\n");
}
-X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
{
X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
@@ -1318,7 +1318,7 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
@@ -1363,7 +1363,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
return (ret);
}
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai)
{
char buf[1][BSIZE];
@@ -1413,7 +1413,8 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
return (ret);
}
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+int rotate_serial(const char *serialfile, const char *new_suffix,
+ const char *old_suffix)
{
char buf[2][BSIZE];
int i, j;
@@ -1483,7 +1484,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
return ret;
}
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
{
CA_DB *retdb = NULL;
TXT_DB *tmpdb = NULL;
diff --git a/apps/apps.h b/apps/apps.h
index 9658d5c..326e026 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -400,7 +400,7 @@ int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509 *load_cert(const char *file, int format, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
@@ -412,7 +412,7 @@ int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *cert_descrip);
-X509_STORE *setup_verify(char *CAfile, char *CApath,
+X509_STORE *setup_verify(const char *CAfile, const char *CApath,
int noCAfile, int noCApath);
__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath, int noCAfile,
@@ -468,12 +468,13 @@ typedef struct ca_db_st {
} CA_DB;
void* app_malloc(int sz, const char *what);
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+int rotate_serial(const char *serialfile, const char *new_suffix,
+ const char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
+CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix,
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 64a2d85..1ac261c 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -52,7 +52,7 @@ OPTIONS asn1parse_options[] = {
{NULL}
};
-static int do_generate(char *genstr, char *genconf, BUF_MEM *buf);
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
int asn1parse_main(int argc, char **argv)
{
@@ -283,7 +283,7 @@ int asn1parse_main(int argc, char **argv)
return (ret);
}
-static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
diff --git a/apps/ca.c b/apps/ca.c
index 4bf7b52..a20ba44 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -90,39 +90,40 @@
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *conf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect, CONF *conf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect, CONF *conf,
int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der,
- int notext);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- char *subj, unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days,
- int batch, int verbose, X509_REQ *req, char *ext_sect,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
CONF *conf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
@@ -159,7 +160,7 @@ OPTIONS ca_options[] = {
{"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
{"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
{"create_serial", OPT_CREATE_SERIAL, '-',
- "If reading serial fails, create a new random serial"},
+ "If reading serial fails, create a new random serial"},
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
@@ -235,12 +236,12 @@ int ca_main(int argc, char **argv)
const EVP_MD *dgst = NULL;
char *configfile = default_config_file, *section = NULL;
char *md = NULL, *policy = NULL, *keyfile = NULL;
- char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
- char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
- char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
+ char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL;
+ const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+ const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
- char *serialfile = NULL, *startdate = NULL, *subj = NULL;
- char *prog, *enddate = NULL;
+ const char *serialfile = NULL, *subj = NULL;
+ char *prog, *startdate = NULL, *enddate = NULL;
char *dbfile = NULL, *f, *randfile = NULL;
char buf[3][BSIZE];
char *const *pp;
@@ -497,7 +498,7 @@ end_of_options:
/* report status of cert with serial number given on command line */
if (ser_status) {
dbfile = lookup_conf(conf, section, ENV_DATABASE);
- if (dbfile == NULL)
+ if (dbfile == NULL)
goto end;
db = load_index(dbfile, &db_attr);
@@ -1245,12 +1246,13 @@ static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
return entry;
}
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate,
+ long days, int batch, const char *ext_sect, CONF *lconf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
@@ -1312,12 +1314,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
return (ok);
}
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, int batch, const char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
@@ -1367,9 +1369,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
- char *subj, unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days,
- int batch, int verbose, X509_REQ *req, char *ext_sect,
+ const char *subj, unsigned long chtype, int multirdn,
+ int email_dn, const char *startdate, const char *enddate, long days,
+ int batch, int verbose, X509_REQ *req, const char *ext_sect,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
@@ -1880,13 +1882,13 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der,
PEM_write_bio_X509(bp, x);
}
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype,
- int multirdn, int email_dn, char *startdate,
- char *enddate, long days, char *ext_sect,
+ BIGNUM *serial, const char *subj, unsigned long chtype,
+ int multirdn, int email_dn, const char *startdate,
+ const char *enddate, long days, const char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
@@ -2268,7 +2270,8 @@ static const char *crl_reasons[] = {
char *make_revocation_str(int rev_type, char *rev_arg)
{
- char *other = NULL, *str;
+ char *str;
+ const char *other = NULL;
const char *reason = NULL;
ASN1_OBJECT *otmp;
ASN1_UTCTIME *revtm = NULL;
@@ -2415,8 +2418,10 @@ int make_revoked(X509_REVOKED *rev, const char *str)
static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
{
- char buf[25], *pbuf, *p;
+ char buf[25], *pbuf;
+ const char *p;
int j;
+
j = i2a_ASN1_OBJECT(bio_err, obj);
pbuf = buf;
for (j = 22 - j; j > 0; j--)
@@ -2436,7 +2441,7 @@ static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
else
BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
- p = (char *)str->data;
+ p = (const char *)str->data;
for (j = str->length; j > 0; j--) {
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bio_err, "%c", *p);
diff --git a/apps/cms.c b/apps/cms.c
index b5ae970..52186d2 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -199,7 +199,8 @@ int cms_main(int argc, char **argv)
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
- char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL;
+ const char *CAfile = NULL, *CApath = NULL;
+ char *certsoutfile = NULL;
int noCAfile = 0, noCApath = 0;
char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
diff --git a/apps/crl.c b/apps/crl.c
index 0e8093c..3dbbc0c 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -72,7 +72,7 @@ int crl_main(int argc, char **argv)
unsigned long nmflag = 0;
char nmflag_set = 0;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
- char *CAfile = NULL, *CApath = NULL, *prog;
+ const char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
diff --git a/apps/dsa.c b/apps/dsa.c
index 6ac9a40..6aef502 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -27,9 +27,10 @@ NON_EMPTY_TRANSLATION_UNIT
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
- OPT_ENGINE, OPT_PVK_STRONG, OPT_PVK_WEAK,
- OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
+ OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
+ /* Do not change the order here; see case statements below */
+ OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+ OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
@@ -48,9 +49,9 @@ OPTIONS dsa_options[] = {
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_RC4
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
+ {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+ {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+ {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
@@ -111,22 +112,13 @@ int dsa_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
+ case OPT_PVK_STRONG: /* pvk_encr:= 2 */
+ case OPT_PVK_WEAK: /* pvk_encr:= 1 */
+ case OPT_PVK_NONE: /* pvk_encr:= 0 */
#ifndef OPENSSL_NO_RC4
- case OPT_PVK_STRONG:
- pvk_encr = 2;
- break;
- case OPT_PVK_WEAK:
- pvk_encr = 1;
- break;
- case OPT_PVK_NONE:
- pvk_encr = 0;
- break;
-#else
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
- break;
+ pvk_encr = (o - OPT_PVK_NONE);
#endif
+ break;
case OPT_NOOUT:
noout = 1;
break;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 5bd1aca..cfc06a9 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -194,7 +194,8 @@ int ocsp_main(int argc, char **argv)
X509 *signer = NULL, *rsigner = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
- char *CAfile = NULL, *CApath = NULL, *header, *value;
+ const char *CAfile = NULL, *CApath = NULL;
+ char *header, *value;
char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
@@ -809,7 +810,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
long maxage)
{
OCSP_CERTID *id;
- char *name;
+ const char *name;
int i, status, reason;
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 9ef3591..1fcd713 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -131,8 +131,8 @@ int pkcs12_main(int argc, char **argv)
int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL;
- char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL;
- char *prog;
+ char *cpass = NULL, *mpass = NULL;
+ const char *CApath = NULL, *CAfile = NULL, *prog;
int noCApath = 0, noCAfile = 0;
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 0dc3897..02e28e2 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -28,7 +28,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
- unsigned char *in, size_t inlen);
+ const unsigned char *in, size_t inlen);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -459,7 +459,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
- unsigned char *in, size_t inlen)
+ const unsigned char *in, size_t inlen)
{
int rv = 0;
switch (pkey_op) {
diff --git a/apps/req.c b/apps/req.c
index e459a71..112553b 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -46,11 +46,11 @@
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
int attribs, unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
int multirdn);
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype);
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs,
@@ -888,7 +888,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype,
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
int multirdn)
{
X509_NAME *n;
@@ -905,8 +905,8 @@ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype,
}
static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
int attribs, unsigned long chtype)
{
int i;
diff --git a/apps/rsa.c b/apps/rsa.c
index 203e6b9..f67387e 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -29,8 +29,10 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
- OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, OPT_PVK_STRONG, OPT_PVK_WEAK,
- OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
+ OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
+ /* Do not change the order here; see case statements below */
+ OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+ OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
} OPTION_CHOICE;
OPTIONS rsa_options[] = {
@@ -51,9 +53,9 @@ OPTIONS rsa_options[] = {
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
+ {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+ {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+ {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@@ -124,22 +126,13 @@ int rsa_main(int argc, char **argv)
case OPT_RSAPUBKEY_OUT:
pubout = 2;
break;
+ case OPT_PVK_STRONG: /* pvk_encr:= 2 */
+ case OPT_PVK_WEAK: /* pvk_encr:= 1 */
+ case OPT_PVK_NONE: /* pvk_encr:= 0 */
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
- case OPT_PVK_STRONG:
- pvk_encr = 2;
- break;
- case OPT_PVK_WEAK:
- pvk_encr = 1;
- break;
- case OPT_PVK_NONE:
- pvk_encr = 0;
- break;
-# else
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
- break;
+ pvk_encr = (o - OPT_PVK_NONE);
# endif
+ break;
case OPT_NOOUT:
noout = 1;
break;
diff --git a/apps/s_client.c b/apps/s_client.c
index 46fa87b..c721dfd 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -84,19 +84,12 @@ typedef unsigned int u_int;
#define S_CLIENT_IRC_READ_TIMEOUT 8
static char *prog;
-static int c_nbio = 0;
-static int c_tlsextdebug = 0;
-static int c_status_req = 0;
static int c_debug = 0;
-static int c_msg = 0;
static int c_showcerts = 0;
static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
static BIO *bio_c_out = NULL;
-static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
-static int c_ign_eof = 0;
-static int c_brief = 0;
static void print_stuff(BIO *berr, SSL *con, int full);
#ifndef OPENSSL_NO_OCSP
@@ -139,7 +132,6 @@ static void do_ssl_shutdown(SSL *ssl)
} while (ret < 0);
}
-
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
static char *psk_identity = "Client_identity";
@@ -399,7 +391,7 @@ static ossl_ssize_t hexdecode(const char **inptr, void *result)
{
unsigned char **out = (unsigned char **)result;
const char *in = *inptr;
- unsigned char *ret = app_malloc(strlen(in)/2, "hexdecode");
+ unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode");
unsigned char *cp = ret;
uint8_t byte;
int nibble = 0;
@@ -549,7 +541,8 @@ typedef enum OPTION_choice {
OPT_SSL3, OPT_SSL_CONFIG,
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
- OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
+ OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH,
+ OPT_VERIFYCAPATH,
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME,
@@ -792,7 +785,8 @@ int s_client_main(int argc, char **argv)
STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL;
STACK_OF(X509_CRL) *crls = NULL;
const SSL_METHOD *meth = TLS_client_method();
- char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL;
+ const char *CApath = NULL, *CAfile = NULL;
+ char *cbuf = NULL, *sbuf = NULL;
char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
@@ -856,6 +850,9 @@ int s_client_main(int argc, char **argv)
unsigned int max_pipelines = 0;
enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
int count4or6 = 0;
+ int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
+ int c_tlsextdebug = 0, c_status_req = 0;
+ BIO *bio_c_msg = NULL;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
@@ -869,9 +866,7 @@ int s_client_main(int argc, char **argv)
prog = opt_progname(argv[0]);
c_quiet = 0;
- c_ign_eof = 0;
c_debug = 0;
- c_msg = 0;
c_showcerts = 0;
c_nbio = 0;
vpm = X509_VERIFY_PARAM_new();
@@ -893,14 +888,14 @@ int s_client_main(int argc, char **argv)
/* Check for intermixing flags. */
if (connect_type == use_unix && IS_INET_FLAG(o)) {
BIO_printf(bio_err,
- "%s: Intermixed protocol flags (unix and internet domains)\n",
- prog);
+ "%s: Intermixed protocol flags (unix and internet domains)\n",
+ prog);
goto end;
}
if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
BIO_printf(bio_err,
- "%s: Intermixed protocol flags (internet and unix domains)\n",
- prog);
+ "%s: Intermixed protocol flags (internet and unix domains)\n",
+ prog);
goto end;
}
@@ -911,8 +906,8 @@ int s_client_main(int argc, char **argv)
if (IS_NO_PROT_FLAG(o))
no_prot_opt++;
if (prot_opt == 1 && no_prot_opt) {
- BIO_printf(bio_err, "Cannot supply both a protocol flag and "
- "\"-no_<prot>\"\n");
+ BIO_printf(bio_err,
+ "Cannot supply both a protocol flag and '-no_<prot>'\n");
goto end;
}
@@ -1340,8 +1335,8 @@ int s_client_main(int argc, char **argv)
if (tmp_port != port)
OPENSSL_free(tmp_port);
if (!res) {
- BIO_printf(bio_err, "%s: -proxy argument malformed or ambiguous\n",
- prog);
+ BIO_printf(bio_err,
+ "%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
} else {
@@ -1480,8 +1475,8 @@ int s_client_main(int argc, char **argv)
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
ssl_config);
- ERR_print_errors(bio_err);
- goto end;
+ ERR_print_errors(bio_err);
+ goto end;
}
}
@@ -1534,8 +1529,7 @@ int s_client_main(int argc, char **argv)
#ifndef OPENSSL_NO_PSK
if (psk_key != NULL) {
if (c_debug)
- BIO_printf(bio_c_out,
- "PSK key given, setting client callback\n");
+ BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
#endif
@@ -1567,7 +1561,7 @@ int s_client_main(int argc, char **argv)
}
/* Returns 0 on success! */
if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) {
- BIO_printf(bio_err, "Error setting ALPN\n");
+ BIO_printf(bio_err, "Error setting ALPN\n");
goto end;
}
OPENSSL_free(alpn);
@@ -1579,8 +1573,8 @@ int s_client_main(int argc, char **argv)
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err,
- "Warning: Unable to add custom extension %u, skipping\n",
- serverinfo_types[i]);
+ "Warning: Unable to add custom extension %u, skipping\n",
+ serverinfo_types[i]);
}
}
@@ -1648,7 +1642,8 @@ int s_client_main(int argc, char **argv)
if (dane_tlsa_domain != NULL) {
if (SSL_CTX_dane_enable(ctx) <= 0) {
BIO_printf(bio_err,
- "%s: Error enabling DANE TLSA authentication.\n", prog);
+ "%s: Error enabling DANE TLSA authentication.\n",
+ prog);
ERR_print_errors(bio_err);
goto end;
}
@@ -1713,8 +1708,7 @@ int s_client_main(int argc, char **argv)
}
re_start:
- if (init_client(&s, host, port, socket_family, socket_type) == 0)
- {
+ if (init_client(&s, host, port, socket_family, socket_type) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
BIO_closesocket(s);
goto end;
@@ -2578,7 +2572,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
#endif
BIO_printf(bio,
- "---\nSSL handshake has read %"PRIu64" bytes and written %"PRIu64" bytes\n",
+ "---\nSSL handshake has read %" PRIu64
+ " bytes and written %" PRIu64 " bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
}
@@ -2655,8 +2650,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
#endif
SSL_SESSION_print(bio, SSL_get_session(s));
- if ((SSL_get_session(s) != NULL) &&
- (keymatexportlabel != NULL)) {
+ if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) {
BIO_printf(bio, "Keying material exporter:\n");
BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
@@ -2707,4 +2701,4 @@ static int ocsp_resp_cb(SSL *s, void *arg)
}
# endif
-#endif /* OPENSSL_NO_SOCK */
+#endif /* OPENSSL_NO_SOCK */
diff --git a/apps/s_server.c b/apps/s_server.c
index f4ec72d..742cb83 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -43,10 +43,14 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <openssl/async.h>
-#include <openssl/ssl.h>
+#if defined(_WIN32)
+/* Included before async.h to avoid some warnings */
+# include <windows.h>
+#endif
#include <openssl/e_os2.h>
+#include <openssl/async.h>
+#include <openssl/ssl.h>
#ifndef OPENSSL_NO_SOCK
@@ -101,26 +105,14 @@ static void free_sessions(void);
static DH *load_dh_param(const char *dhfile);
#endif
-static void s_server_init(void);
-
/* static int load_CA(SSL_CTX *ctx, char *file);*/
-#undef BUFSIZZ
-#define BUFSIZZ 16*1024
-static int bufsize = BUFSIZZ;
+static const int bufsize = 16 * 1024;
static int accept_socket = -1;
#define TEST_CERT "server.pem"
#define TEST_CERT2 "server2.pem"
-
-static int s_server_verify = SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file = TEST_CERT, *s_key_file =
- NULL, *s_chain_file = NULL;
-
-static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
-static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
static int s_nbio = 0;
static int s_nbio_test = 0;
static int s_crlf = 0;
@@ -132,8 +124,6 @@ static BIO *bio_s_out = NULL;
static BIO *bio_s_msg = NULL;
static int s_debug = 0;
static int s_tlsextdebug = 0;
-static int s_tlsextstatus = 0;
-static int no_resume_ephemeral = 0;
static int s_msg = 0;
static int s_quiet = 0;
static int s_ign_eof = 0;
@@ -143,8 +133,6 @@ static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
static int async = 0;
-static unsigned int split_send_fragment = 0;
-static unsigned int max_pipelines = 0;
static const char *session_id_prefix = NULL;
@@ -155,8 +143,6 @@ static long socket_mtu;
#endif
static int dtlslisten = 0;
-static const char *s_serverinfo_file = NULL;
-
#ifndef OPENSSL_NO_PSK
static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
@@ -260,7 +246,7 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
p->login, p->user->info);
ret = SSL_ERROR_NONE;
-err:
+ err:
SRP_user_pwd_free(p->user);
p->user = NULL;
p->login = NULL;
@@ -269,33 +255,6 @@ err:
#endif
-static void s_server_init(void)
-{
- accept_socket = -1;
- s_server_verify = SSL_VERIFY_NONE;
- s_dcert_file = NULL;
- s_dkey_file = NULL;
- s_dchain_file = NULL;
- s_cert_file = TEST_CERT;
- s_key_file = NULL;
- s_chain_file = NULL;
- s_cert_file2 = TEST_CERT2;
- s_key_file2 = NULL;
- ctx2 = NULL;
- s_nbio = 0;
- s_nbio_test = 0;
- ctx = NULL;
- www = 0;
- bio_s_out = NULL;
- s_debug = 0;
- s_msg = 0;
- s_quiet = 0;
- s_brief = 0;
- async = 0;
- split_send_fragment = 0;
- max_pipelines = 0;
-}
-
static int local_argc = 0;
static char **local_argv;
@@ -321,8 +280,8 @@ static const BIO_METHOD *BIO_f_ebcdic_filter()
{
if (methods_ebcdic == NULL) {
methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter");
- if ( methods_ebcdic == NULL
+ "EBCDIC/ASCII filter");
+ if (methods_ebcdic == NULL
|| !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
|| !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
|| !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
@@ -810,7 +769,7 @@ OPTIONS s_server_options[] = {
{"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
{"ext_cache", OPT_EXT_CACHE, '-',
"Disable internal cache, setup and use external cache"},
- {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default" },
+ {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
{"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
"Close connection on verification error"},
{"verify_quiet", OPT_VERIFY_QUIET, '-',
@@ -837,12 +796,12 @@ OPTIONS s_server_options[] = {
"Print output from SSL/TLS security framework"},
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
"Print more output from SSL/TLS security framework"},
- {"brief", OPT_BRIEF, '-', \
+ {"brief", OPT_BRIEF, '-',
"Restrict output to brief summary of connection parameters"},
{"rev", OPT_REV, '-',
"act as a simple test server which just sends back with the received text reversed"},
{"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
- {"ssl_config", OPT_SSL_CONFIG, 's', \
+ {"ssl_config", OPT_SSL_CONFIG, 's',
"Configure SSL_CTX using the configuration 'val'"},
{"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n',
"Size used to split data for encrypt pipelines"},
@@ -923,22 +882,17 @@ int s_server_main(int argc, char *argv[])
STACK_OF(X509_CRL) *crls = NULL;
X509 *s_cert = NULL, *s_dcert = NULL;
X509_VERIFY_PARAM *vpm = NULL;
- char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
-#ifndef OPENSSL_NO_DH
- char *dhfile = NULL;
-#endif
+ const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
char *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *crl_file = NULL, *prog;
-#ifndef OPENSSL_NO_PSK
- char *p;
-#endif
#ifdef AF_UNIX
int unlink_unix_path = 0;
#endif
do_server_cb server_cb;
int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
#ifndef OPENSSL_NO_DH
+ char *dhfile = NULL;
int no_dhe = 0;
#endif
int nocert = 0, ret = 1;
@@ -966,22 +920,42 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
static char *psk_identity_hint = NULL;
+ char *p;
#endif
#ifndef OPENSSL_NO_SRP
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
-
+ int s_server_verify = SSL_VERIFY_NONE;
+ int s_server_session_id_context = 1; /* anything will do */
+ const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL;
+ const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+ char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
+ int s_tlsextstatus = 0, no_resume_ephemeral = 0;
+ unsigned int split_send_fragment = 0, max_pipelines = 0;
+ const char *s_serverinfo_file = NULL;
+
+ /* Init of few remaining global variables */
local_argc = argc;
local_argv = argv;
- s_server_init();
+ ctx = ctx2 = NULL;
+ s_nbio = s_nbio_test = 0;
+ www = 0;
+ bio_s_out = NULL;
+ s_debug = 0;
+ s_msg = 0;
+ s_quiet = 0;
+ s_brief = 0;
+ async = 0;
+
cctx = SSL_CONF_CTX_new();
vpm = X509_VERIFY_PARAM_new();
if (cctx == NULL || vpm == NULL)
goto end;
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
+ SSL_CONF_CTX_set_flags(cctx,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
prog = opt_init(argc, argv, s_server_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -992,8 +966,8 @@ int s_server_main(int argc, char *argv[])
if (IS_NO_PROT_FLAG(o))
no_prot_opt++;
if (prot_opt == 1 && no_prot_opt) {
- BIO_printf(bio_err, "Cannot supply both a protocol flag and "
- "\"-no_<prot>\"\n");
+ BIO_printf(bio_err,
+ "Cannot supply both a protocol flag and '-no_<prot>'\n");
goto end;
}
switch (o) {
@@ -1640,8 +1614,8 @@ int s_server_main(int argc, char *argv[])
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
ssl_config);
- ERR_print_errors(bio_err);
- goto end;
+ ERR_print_errors(bio_err);
+ goto end;
}
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
@@ -1686,7 +1660,6 @@ int s_server_main(int argc, char *argv[])
if (read_buf_len > 0) {
SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
}
-
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL) {
/* Returns 0 on success! */
@@ -1861,8 +1834,7 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_PSK
if (psk_key != NULL) {
if (s_debug)
- BIO_printf(bio_s_out,
- "PSK key given, setting server callback\n");
+ BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
@@ -1875,8 +1847,8 @@ int s_server_main(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
if (!SSL_CTX_set_session_id_context(ctx,
- (void *)&s_server_session_id_context,
- sizeof s_server_session_id_context)) {
+ (void *)&s_server_session_id_context,
+ sizeof s_server_session_id_context)) {
BIO_printf(bio_err, "error setting session id context\n");
ERR_print_errors(bio_err);
goto end;
@@ -2053,8 +2025,8 @@ static int sv_body(int s, int stype, unsigned char *context)
}
if (context
- && !SSL_set_session_id_context(con,
- context, strlen((char *)context))) {
+ && !SSL_set_session_id_context(con,
+ context, strlen((char *)context))) {
BIO_printf(bio_err, "Error setting session id context\n");
ret = -1;
goto err;
@@ -2280,12 +2252,10 @@ static int sv_body(int s, int stype, unsigned char *context)
for (;;) {
/* should do a select for the write */
#ifdef RENEG
- {
- static count = 0;
- if (++count == 100) {
- count = 0;
- SSL_renegotiate(con);
- }
+ static count = 0;
+ if (++count == 100) {
+ count = 0;
+ SSL_renegotiate(con);
}
#endif
k = SSL_write(con, &(buf[l]), (unsigned int)i);
@@ -2494,10 +2464,11 @@ static int init_ssl_connection(SSL *con)
retry = BIO_sock_should_retry(i);
#ifdef CERT_CB_TEST_RETRY
{
- while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+ while (i <= 0
+ && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
&& SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
BIO_printf(bio_err,
- "LOOKUP from certificate callback during accept\n");
+ "LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
if (i <= 0)
retry = BIO_sock_should_retry(i);
@@ -2506,7 +2477,8 @@ static int init_ssl_connection(SSL *con)
#endif
#ifndef OPENSSL_NO_SRP
- while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ while (i <= 0
+ && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
srp_callback_parm.login);
SRP_user_pwd_free(srp_callback_parm.user);
@@ -2613,7 +2585,7 @@ static int init_ssl_connection(SSL *con)
OPENSSL_free(exportedkeymat);
}
- (void)BIO_flush(bio_s_out);
+ (void)BIO_flush(bio_s_out);
return (1);
}
@@ -2674,8 +2646,9 @@ static int www_body(int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (context && !SSL_set_session_id_context(con, context,
- strlen((char *)context)))
+ if (context
+ && !SSL_set_session_id_context(con, context,
+ strlen((char *)context)))
goto err;
sbio = BIO_new_socket(s, BIO_NOCLOSE);
@@ -2772,7 +2745,8 @@ static int www_body(int s, int stype, unsigned char *context)
openssl_fdset(s, &readfds);
i = select(width, (void *)&readfds, NULL, NULL, NULL);
if (i <= 0 || !FD_ISSET(s, &readfds)) {
- BIO_printf(bio_s_out, "Error waiting for client response\n");
+ BIO_printf(bio_s_out,
+ "Error waiting for client response\n");
ERR_print_errors(bio_err);
goto err;
}
@@ -2971,16 +2945,15 @@ static int www_body(int s, int stype, unsigned char *context)
for (j = 0; j < i;) {
#ifdef RENEG
- {
- static count = 0;
- if (++count == 13) {
- SSL_renegotiate(con);
- }
+ static count = 0;
+ if (++count == 13) {
+ SSL_renegotiate(con);
}
#endif
k = BIO_write(io, &(buf[j]), i - j);
if (k <= 0) {
- if (!BIO_should_retry(io) && !SSL_waiting_for_async(con))
+ if (!BIO_should_retry(io)
+ && !SSL_waiting_for_async(con))
goto write_error;
else {
BIO_printf(bio_s_out, "rwrite W BLOCK\n");
@@ -3041,8 +3014,9 @@ static int rev_body(int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (context
- && !SSL_set_session_id_context(con, context, strlen((char *)context))) {
+ if (context
+ && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
ERR_print_errors(bio_err);
goto err;
}
@@ -3310,4 +3284,4 @@ static void free_sessions(void)
first = NULL;
}
-#endif /* OPENSSL_NO_SOCK */
+#endif /* OPENSSL_NO_SOCK */
diff --git a/apps/s_time.c b/apps/s_time.c
index de25319..263502c 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -38,9 +38,6 @@
* #define TEST_CERT "client.pem"
*/
-#undef BUFSIZZ
-#define BUFSIZZ 1024*10
-
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
diff --git a/apps/smime.c b/apps/smime.c
index dd065bb..b98c583 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -120,8 +120,8 @@ int smime_main(int argc, char **argv)
X509_VERIFY_PARAM *vpm = NULL;
const EVP_CIPHER *cipher = NULL;
const EVP_MD *sign_md = NULL;
- char *CAfile = NULL, *CApath = NULL, *inrand = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog;
+ const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *inrand = NULL;
char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
NULL;
char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
diff --git a/apps/speed.c b/apps/speed.c
index ce01a6f..0097ebd 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -347,7 +347,7 @@ static double Time_F(int s)
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
-static int found(const char *name, const OPT_PAIR * pairs, int *result)
+static int found(const char *name, const OPT_PAIR *pairs, int *result)
{
for (; pairs->name; pairs++)
if (strcmp(name, pairs->name) == 0) {
@@ -372,7 +372,7 @@ OPTIONS speed_options[] = {
"Time decryption instead of encryption (only EVP)"},
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-',
- "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
+ "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
@@ -380,7 +380,8 @@ OPTIONS speed_options[] = {
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
#ifndef OPENSSL_NO_ASYNC
- {"async_jobs", OPT_ASYNCJOBS, 'p', "Enable async mode and start pnum jobs"},
+ {"async_jobs", OPT_ASYNCJOBS, 'p',
+ "Enable async mode and start pnum jobs"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@@ -430,8 +431,6 @@ static OPT_PAIR doit_choices[] = {
#endif
#ifndef OPENSSL_NO_MD5
{"md5", D_MD5},
-#endif
-#ifndef OPENSSL_NO_MD5
{"hmac", D_HMAC},
#endif
{"sha1", D_SHA1},
@@ -555,6 +554,7 @@ static OPT_PAIR ecdsa_choices[] = {
{"ecdsab571", R_EC_B571},
{NULL}
};
+
static OPT_PAIR ecdh_choices[] = {
{"ecdhp160", R_EC_P160},
{"ecdhp192", R_EC_P192},
@@ -1067,8 +1067,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
}
-#endif /* ndef OPENSSL_NO_EC */
-
+#endif /* OPENSSL_NO_EC */
static int run_benchmark(int async_jobs,
int (*loop_function)(void *), loopargs_t *loopargs)
@@ -1359,7 +1358,7 @@ int speed_main(int argc, char **argv)
int ecdsa_doit[EC_NUM] = { 0 };
int ecdh_doit[EC_NUM] = { 0 };
-#endif /* ndef OPENSSL_NO_EC */
+#endif /* ndef OPENSSL_NO_EC */
prog = opt_init(argc, argv, speed_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -1431,6 +1430,12 @@ int speed_main(int argc, char **argv)
break;
case OPT_MB:
multiblock = 1;
+#ifdef OPENSSL_NO_MULTIBLOCK
+ BIO_printf(bio_err,
+ "%s: -mb specified but multi-block support is disabled\n",
+ prog);
+ goto end;
+#endif
break;
}
}
@@ -1565,8 +1570,10 @@ int speed_main(int argc, char **argv)
for (i = 0; i < ALGOR_NUM; i++)
if (i != D_EVP)
doit[i] = 1;
+#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
rsa_doit[i] = 1;
+#endif
#ifndef OPENSSL_NO_DSA
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
@@ -1895,11 +1902,9 @@ int speed_main(int argc, char **argv)
print_result(D_MD5, testnum, count, d);
}
}
-#endif
-#ifndef OPENSSL_NO_MD5
if (doit[D_HMAC]) {
- char hmac_key[] = "This is a key...";
+ static const char hmac_key[] = "This is a key...";
int len = strlen(hmac_key);
for (i = 0; i < loopargs_len; i++) {
@@ -2366,7 +2371,7 @@ int speed_main(int argc, char **argv)
rsa_doit[testnum] = 0;
}
}
-#endif
+#endif /* OPENSSL_NO_RSA */
for (i = 0; i < loopargs_len; i++)
RAND_bytes(loopargs[i].buf, 36);
@@ -2437,7 +2442,7 @@ int speed_main(int argc, char **argv)
dsa_doit[testnum] = 0;
}
}
-#endif
+#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_EC
if (RAND_status() != 1) {
@@ -2619,7 +2624,7 @@ int speed_main(int argc, char **argv)
ecdh_doit[testnum] = 0;
}
}
-#endif
+#endif /* OPENSSL_NO_EC */
#ifndef NO_FORK
show_res:
#endif
@@ -2991,11 +2996,7 @@ static int do_multi(int multi)
1 / (1 / ecdsa_results[k][1] + 1 / d);
else
ecdsa_results[k][1] = d;
- }
-# endif
-
-# ifndef OPENSSL_NO_EC
- else if (strncmp(buf, "+F5:", 4) == 0) {
+ } else if (strncmp(buf, "+F5:", 4) == 0) {
int k;
double d;
diff --git a/apps/ts.c b/apps/ts.c
index 3cedb67..924108f 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -38,41 +38,41 @@ static ASN1_OBJECT *txt2obj(const char *oid);
static CONF *load_config_file(const char *configfile);
/* Query related functions. */
-static int query_command(const char *data, char *digest,
+static int query_command(const char *data, const char *digest,
const EVP_MD *md, const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text);
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert);
-static int create_digest(BIO *input, char *digest,
+static int create_digest(BIO *input, const char *digest,
const EVP_MD *md, unsigned char **md_value);
static ASN1_INTEGER *create_nonce(int bits);
/* Reply related functions. */
-static int reply_command(CONF *conf, char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- const EVP_MD *md, char *signer, char *chain,
- const char *policy, char *in, int token_in,
- char *out, int token_out, int text);
+static int reply_command(CONF *conf, const char *section, const char *engine,
+ const char *queryfile, const char *passin, const char *inkey,
+ const EVP_MD *md, const char *signer, const char *chain,
+ const char *policy, const char *in, int token_in,
+ const char *out, int token_out, int text);
static TS_RESP *read_PKCS7(BIO *in_bio);
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
- char *queryfile, char *passin,
- char *inkey, const EVP_MD *md, char *signer,
- char *chain, const char *policy);
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+ const char *queryfile, const char *passin,
+ const char *inkey, const EVP_MD *md, const char *signer,
+ const char *chain, const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
/* Verify related functions. */
-static int verify_command(char *data, char *digest, char *queryfile,
- char *in, int token_in,
- char *CApath, char *CAfile, char *untrusted,
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+ const char *in, int token_in,
+ const char *CApath, const char *CAfile, const char *untrusted,
X509_VERIFY_PARAM *vpm);
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
- char *queryfile,
- char *CApath, char *CAfile,
- char *untrusted,
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+ const char *queryfile,
+ const char *CApath, const char *CAfile,
+ const char *untrusted,
X509_VERIFY_PARAM *vpm);
-static X509_STORE *create_cert_store(char *CApath, char *CAfile,
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
X509_VERIFY_PARAM *vpm);
static int verify_cb(int ok, X509_STORE_CTX *ctx);
@@ -153,9 +153,11 @@ static char* opt_helplist[] = {
int ts_main(int argc, char **argv)
{
CONF *conf = NULL;
- char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp;
- char *configfile = default_config_file;
- char *section = NULL, *password = NULL;
+ const char *CAfile = NULL, *untrusted = NULL, *prog;
+ const char *configfile = default_config_file, *engine = NULL;
+ const char *section = NULL;
+ char **helpp;
+ char *password = NULL;
char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
@@ -377,7 +379,7 @@ static CONF *load_config_file(const char *configfile)
/*
* Query-related method definitions.
*/
-static int query_command(const char *data, char *digest, const EVP_MD *md,
+static int query_command(const char *data, const char *digest, const EVP_MD *md,
const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text)
{
@@ -424,7 +426,7 @@ static int query_command(const char *data, char *digest, const EVP_MD *md,
return ret;
}
-static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert)
{
int ret = 0;
@@ -488,7 +490,7 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
return ts_req;
}
-static int create_digest(BIO *input, char *digest, const EVP_MD *md,
+static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
unsigned char **md_value)
{
int md_value_len;
@@ -566,11 +568,11 @@ static ASN1_INTEGER *create_nonce(int bits)
* Reply-related method definitions.
*/
-static int reply_command(CONF *conf, char *section, char *engine,
- char *queryfile, char *passin, char *inkey,
- const EVP_MD *md, char *signer, char *chain,
- const char *policy, char *in, int token_in,
- char *out, int token_out, int text)
+static int reply_command(CONF *conf, const char *section, const char *engine,
+ const char *queryfile, const char *passin, const char *inkey,
+ const EVP_MD *md, const char *signer, const char *chain,
+ const char *policy, const char *in, int token_in,
+ const char *out, int token_out, int text)
{
int ret = 0;
TS_RESP *response = NULL;
@@ -674,10 +676,10 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
return resp;
}
-static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
- char *queryfile, char *passin,
- char *inkey, const EVP_MD *md, char *signer,
- char *chain, const char *policy)
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+ const char *queryfile, const char *passin,
+ const char *inkey, const EVP_MD *md, const char *signer,
+ const char *chain, const char *policy)
{
int ret = 0;
TS_RESP *response = NULL;
@@ -825,9 +827,9 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
* Verify-related method definitions.
*/
-static int verify_command(char *data, char *digest, char *queryfile,
- char *in, int token_in,
- char *CApath, char *CAfile, char *untrusted,
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+ const char *in, int token_in,
+ const char *CApath, const char *CAfile, const char *untrusted,
X509_VERIFY_PARAM *vpm)
{
BIO *in_bio = NULL;
@@ -871,10 +873,10 @@ static int verify_command(char *data, char *digest, char *queryfile,
return ret;
}
-static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
- char *queryfile,
- char *CApath, char *CAfile,
- char *untrusted,
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+ const char *queryfile,
+ const char *CApath, const char *CAfile,
+ const char *untrusted,
X509_VERIFY_PARAM *vpm)
{
TS_VERIFY_CTX *ctx = NULL;
@@ -935,7 +937,8 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
return ctx;
}
-static X509_STORE *create_cert_store(char *CApath, char *CAfile, X509_VERIFY_PARAM *vpm)
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+ X509_VERIFY_PARAM *vpm)
{
X509_STORE *cert_ctx = NULL;
X509_LOOKUP *lookup = NULL;
diff --git a/apps/verify.c b/apps/verify.c
index 40e19d4..47a8c86 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -18,7 +18,7 @@
#include <openssl/pem.h>
static int cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file,
+static int check(X509_STORE *ctx, const char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0;
@@ -64,7 +64,7 @@ int verify_main(int argc, char **argv)
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
- char *prog, *CApath = NULL, *CAfile = NULL;
+ const char *prog, *CApath = NULL, *CAfile = NULL;
int noCApath = 0, noCAfile = 0;
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
OPTION_CHOICE o;
@@ -194,7 +194,7 @@ int verify_main(int argc, char **argv)
return (ret < 0 ? 2 : ret);
}
-static int check(X509_STORE *ctx, char *file,
+static int check(X509_STORE *ctx, const char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, int show_chain)
{
diff --git a/apps/x509.c b/apps/x509.c
index 6f72f82..ca9a09f 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -33,12 +33,12 @@
static int callb(int ok, X509_STORE_CTX *ctx);
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
- const EVP_MD *digest, CONF *conf, char *section);
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+ const EVP_MD *digest, CONF *conf, const char *section);
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey,
- STACK_OF(OPENSSL_STRING) *sigopts, char *serial,
+ STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile,
int create, int days, int clrext, CONF *conf,
- char *section, ASN1_INTEGER *sno, int reqfile);
+ const char *section, ASN1_INTEGER *sno, int reqfile);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
typedef enum OPTION_choice {
@@ -893,7 +893,7 @@ int x509_main(int argc, char **argv)
return (ret);
}
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
+static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile,
int create)
{
char *buf = NULL, *p;
@@ -934,11 +934,11 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
return bs;
}
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey,
STACK_OF(OPENSSL_STRING) *sigopts,
- char *serialfile, int create,
- int days, int clrext, CONF *conf, char *section,
+ const char *serialfile, int create,
+ int days, int clrext, CONF *conf, const char *section,
ASN1_INTEGER *sno, int reqfile)
{
int ret = 0;
@@ -1051,7 +1051,7 @@ static int callb(int ok, X509_STORE_CTX *ctx)
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
- const EVP_MD *digest, CONF *conf, char *section)
+ const EVP_MD *digest, CONF *conf, const char *section)
{
if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 8863465..6a5cd70 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -954,7 +954,7 @@ static int set_protocol_version(const char *version, SSL *ssl, int setting)
int main(int argc, char *argv[])
{
- char *CApath = NULL, *CAfile = NULL;
+ const char *CApath = NULL, *CAfile = NULL;
int badop = 0;
enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
int force = 0;
More information about the openssl-commits
mailing list