[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 18 09:46:23 UTC 2016
The branch master has been updated
via 15b083e44e122b8448002a8579e860f0be622e19 (commit)
via fba13663980f35b013b63372b1d24429e4d1e024 (commit)
via bde136c89f87b66d49e9d03e3b34c68b6b1d1e26 (commit)
from d2dfd4820bf03b958bc9c3adafe0d3f112e54b2a (commit)
- Log -----------------------------------------------------------------
commit 15b083e44e122b8448002a8579e860f0be622e19
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue May 10 23:39:25 2016 +0200
Fix ts app help message
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit fba13663980f35b013b63372b1d24429e4d1e024
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue May 10 23:39:05 2016 +0200
Locally declare some variables
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit bde136c89f87b66d49e9d03e3b34c68b6b1d1e26
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Fri Mar 18 19:02:17 2016 +0100
Few cleanups in s_client, s_server apps.
Discard useless static engine_id
Add a const qualifier
Fix some spelling
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 3 ++-
apps/ca.c | 5 ++---
apps/s_client.c | 47 +++++++++++++++++++++--------------------------
apps/s_server.c | 18 ++++++------------
apps/ts.c | 4 ++--
5 files changed, 33 insertions(+), 44 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index cca42ac..b41acce 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1413,7 +1413,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
- char buf[5][BSIZE];
+ char buf[2][BSIZE];
int i, j;
i = strlen(serialfile) + strlen(old_suffix);
@@ -1782,6 +1782,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
BIO *mem;
int len, ret;
unsigned char tbuf[1024];
+
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
return -1;
diff --git a/apps/ca.c b/apps/ca.c
index 49e7f52..e8a0713 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -133,9 +133,7 @@ char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, const char *str);
static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf = NULL;
static CONF *extconf = NULL;
-static char *section = NULL;
static int preserve = 0;
static int msie_hack = 0;
@@ -220,6 +218,7 @@ OPTIONS ca_options[] = {
int ca_main(int argc, char **argv)
{
+ CONF *conf = NULL;
ENGINE *e = NULL;
BIGNUM *crlnumber = NULL, *serial = NULL;
EVP_PKEY *pkey = NULL;
@@ -233,7 +232,7 @@ int ca_main(int argc, char **argv)
STACK_OF(X509) *cert_sk = NULL;
X509_CRL *crl = NULL;
const EVP_MD *dgst = NULL;
- char *configfile = default_config_file;
+ char *configfile = default_config_file, *section = NULL;
char *md = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
diff --git a/apps/s_client.c b/apps/s_client.c
index f12c378..d8678c3 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -89,9 +89,6 @@ extern int verify_return_error;
extern int verify_quiet;
static char *prog;
-static int async = 0;
-static unsigned int split_send_fragment = 0;
-static unsigned int max_pipelines = 0;
static int c_nbio = 0;
static int c_tlsextdebug = 0;
static int c_status_req = 0;
@@ -242,7 +239,7 @@ typedef struct srp_arg_st {
int msg; /* copy from c_msg */
int debug; /* copy from c_debug */
int amp; /* allow more groups */
- int strength /* minimal size for N */ ;
+ int strength; /* minimal size for N */
} SRP_ARG;
# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
@@ -276,7 +273,7 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
* The callback is only called for a non default group.
*
* An application does not need the call back at all if
- * only the stanard groups are used. In real life situations,
+ * only the standard groups are used. In real life situations,
* client and server already share well known groups,
* thus there is no need to verify them.
* Furthermore, in case that a server actually proposes a group that
@@ -549,8 +546,14 @@ typedef enum OPTION_choice {
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
- OPT_PSK_IDENTITY, OPT_PSK, OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH,
- OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_SSL_CONFIG,
+#ifndef OPENSSL_NO_PSK
+ OPT_PSK_IDENTITY, OPT_PSK,
+#endif
+#ifndef OPENSSL_NO_SRP
+ OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+ OPT_SRP_MOREGROUPS,
+#endif
+ OPT_SSL3, OPT_SSL_CONFIG,
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
@@ -711,7 +714,7 @@ OPTIONS s_client_options[] = {
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
#endif
#ifndef OPENSSL_NO_SRP
- {"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"},
+ {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
{"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
{"srp_lateuser", OPT_SRP_LATEUSER, '-',
"SRP username into second ClientHello message"},
@@ -733,7 +736,7 @@ OPTIONS s_client_options[] = {
{"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
{"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
#endif
- {NULL}
+ {NULL, OPT_EOF, 0x00, NULL}
};
typedef enum PROTOCOL_choice {
@@ -749,7 +752,7 @@ typedef enum PROTOCOL_choice {
PROTO_IRC
} PROTOCOL_CHOICE;
-static OPT_PAIR services[] = {
+static const OPT_PAIR services[] = {
{"smtp", PROTO_SMTP},
{"pop3", PROTO_POP3},
{"imap", PROTO_IMAP},
@@ -758,7 +761,7 @@ static OPT_PAIR services[] = {
{"xmpp-server", PROTO_XMPP_SERVER},
{"telnet", PROTO_TELNET},
{"irc", PROTO_IRC},
- {NULL}
+ {NULL, 0}
};
int s_client_main(int argc, char **argv)
@@ -835,6 +838,9 @@ int s_client_main(int argc, char **argv)
int ct_validation = 0;
#endif
int min_version = 0, max_version = 0;
+ int async = 0;
+ unsigned int split_send_fragment = 0;
+ unsigned int max_pipelines = 0;
FD_ZERO(&readfds);
FD_ZERO(&writefds);
@@ -1034,7 +1040,6 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Error getting client auth engine\n");
goto opthelp;
}
- break;
#endif
break;
case OPT_RAND:
@@ -1098,10 +1103,6 @@ int s_client_main(int argc, char **argv)
goto end;
}
break;
-#else
- case OPT_PSK_IDENTITY:
- case OPT_PSK:
- break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPUSER:
@@ -1131,13 +1132,6 @@ int s_client_main(int argc, char **argv)
if (min_version < TLS1_VERSION)
min_version = TLS1_VERSION;
break;
-#else
- case OPT_SRPUSER:
- case OPT_SRPPASS:
- case OPT_SRP_STRENGTH:
- case OPT_SRP_LATEUSER:
- case OPT_SRP_MOREGROUPS:
- break;
#endif
case OPT_SSL_CONFIG:
ssl_config = opt_arg();
@@ -1700,9 +1694,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
} else if (dane_tlsa_rrset != NULL) {
- BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
- "-dane_tlsa_domain option.\n", prog);
- goto end;
+ BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
+ "-dane_tlsa_domain option.\n", prog);
+ goto end;
}
re_start:
@@ -2572,6 +2566,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
+
pktmp = X509_get0_pubkey(peer);
BIO_printf(bio, "Server public key is %d bit\n",
EVP_PKEY_bits(pktmp));
diff --git a/apps/s_server.c b/apps/s_server.c
index 3e1e1ae..dd12475 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -146,9 +146,6 @@ static int async = 0;
static unsigned int split_send_fragment = 0;
static unsigned int max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id = NULL;
-#endif
static const char *session_id_prefix = NULL;
#ifndef OPENSSL_NO_DTLS
@@ -305,9 +302,6 @@ static void s_server_init(void)
async = 0;
split_send_fragment = 0;
max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id = NULL;
-#endif
}
static int local_argc = 0;
@@ -919,12 +913,12 @@ OPTIONS s_server_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {NULL}
+ {NULL, OPT_EOF, 0, NULL}
};
int s_server_main(int argc, char *argv[])
{
- ENGINE *e = NULL;
+ ENGINE *engine = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
const SSL_METHOD *meth = TLS_server_method();
@@ -1396,7 +1390,7 @@ int s_server_main(int argc, char *argv[])
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
- e = setup_engine(opt_arg(), 1);
+ engine = setup_engine(opt_arg(), 1);
break;
case OPT_RAND:
inrand = opt_arg();
@@ -1502,7 +1496,7 @@ int s_server_main(int argc, char *argv[])
goto end;
if (nocert == 0) {
- s_key = load_key(s_key_file, s_key_format, 0, pass, e,
+ s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
"server certificate private key file");
if (!s_key) {
ERR_print_errors(bio_err);
@@ -1523,7 +1517,7 @@ int s_server_main(int argc, char *argv[])
}
if (tlsextcbp.servername) {
- s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
+ s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
"second server certificate private key file");
if (!s_key2) {
ERR_print_errors(bio_err);
@@ -1582,7 +1576,7 @@ int s_server_main(int argc, char *argv[])
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, e, "second certificate private key file");
+ 0, dpass, engine, "second certificate private key file");
if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
diff --git a/apps/ts.c b/apps/ts.c
index e2b0635..ec83aac 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -138,9 +138,9 @@ static char* opt_helplist[] = {
" [-chain certs_file.pem] [-tspolicy oid]",
" [-in file] [-token_in] [-out file] [-token_out]",
# ifndef OPENSSL_NO_ENGINE
- " [-text]",
-# else
" [-text] [-engine id]",
+# else
+ " [-text]",
# endif
" or",
"ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
More information about the openssl-commits
mailing list