diff options
45 files changed, 216 insertions, 407 deletions
@@ -94,11 +94,11 @@ my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG" # TODO(openssl-team): fix problems and investigate if (at least) the # following warnings can also be enabled: # -Wswitch-enum -# -Wunused-macros # -Wcast-align # -Wunreachable-code -# -Wlanguage-extension-token -# -Wextended-offsetof +# -Wlanguage-extension-token -- no, we use asm() +# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc +# -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" . " -Qunused-arguments" . " -Wextra" diff --git a/apps/apps.c b/apps/apps.c index d4a4d23269..34fd3914cd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -674,8 +674,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) return rv; } -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip) +X509 *load_cert(const char *file, int format, const char *cert_descrip) { X509 *x = NULL; BIO *cert; @@ -904,7 +903,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, } static int load_certs_crls(const char *file, int format, - const char *pass, ENGINE *e, const char *desc, + const char *pass, const char *desc, STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls) { @@ -1002,18 +1001,18 @@ void* app_malloc(int sz, const char *what) * Initialize or extend, if *certs != NULL, a certificate stack. */ int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *desc) + const char *pass, const char *desc) { - return load_certs_crls(file, format, pass, e, desc, certs, NULL); + return load_certs_crls(file, format, pass, desc, certs, NULL); } /* * Initialize or extend, if *crls != NULL, a certificate stack. */ int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *desc) + const char *pass, const char *desc) { - return load_certs_crls(file, format, pass, e, desc, NULL, crls); + return load_certs_crls(file, format, pass, desc, NULL, crls); } #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) @@ -1300,7 +1299,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) #ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ -static ENGINE *try_load_engine(const char *engine, int debug) +static ENGINE *try_load_engine(const char *engine) { ENGINE *e = ENGINE_by_id("dynamic"); if (e) { @@ -1324,7 +1323,7 @@ ENGINE *setup_engine(const char *engine, int debug) return NULL; } if ((e = ENGINE_by_id(engine)) == NULL - && (e = try_load_engine(engine, debug)) == NULL) { + && (e = try_load_engine(engine)) == NULL) { BIO_printf(bio_err, "invalid engine \"%s\"\n", engine); ERR_print_errors(bio_err); return NULL; diff --git a/apps/apps.h b/apps/apps.h index 9e66056058..617c1f7e9b 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -475,8 +475,7 @@ int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip); +X509 *load_cert(const char *file, int format, const char *cert_descrip); X509_CRL *load_crl(const char *infile, int format); int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl); EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, @@ -484,9 +483,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath); int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, @@ -153,8 +153,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, - ENGINE *e); + unsigned long nameopt, int default_op, int ext_copy); static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, @@ -607,7 +606,7 @@ end_of_options: lookup_fail(section, ENV_CERTIFICATE); goto end; } - x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate"); + x509 = load_cert(certfile, FORMAT_PEM, "CA certificate"); if (x509 == NULL) goto end; @@ -964,7 +963,7 @@ end_of_options: db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, certopt, nameopt, default_op, - ext_copy, e); + ext_copy); if (j < 0) goto end; if (j > 0) { @@ -1265,7 +1264,7 @@ end_of_options: goto end; } else { X509 *revcert; - revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile); + revcert = load_cert(infile, FORMAT_PEM, infile); if (revcert == NULL) goto end; if (dorevoke == 2) @@ -1391,15 +1390,14 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, - ENGINE *e) + unsigned long nameopt, int default_op, int ext_copy) { X509 *req = NULL; X509_REQ *rreq = NULL; EVP_PKEY *pktmp = NULL; int ok = -1, i; - if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL) + if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL) goto end; if (verbose) X509_print(bio_err, req); diff --git a/apps/cms.c b/apps/cms.c index e732757b2a..1f0e19208e 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -550,7 +550,7 @@ int cms_main(int argc, char **argv) if (operation == SMIME_ENCRYPT) { if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) goto end; - cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e, + cert = load_cert(opt_arg(), FORMAT_PEM, "recipient certificate file"); if (cert == NULL) goto end; @@ -725,7 +725,7 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e, + if ((cert = load_cert(*argv, FORMAT_PEM, "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); @@ -735,7 +735,7 @@ int cms_main(int argc, char **argv) } if (certfile) { - if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, "certificate file")) { ERR_print_errors(bio_err); goto end; @@ -743,7 +743,7 @@ int cms_main(int argc, char **argv) } if (recipfile && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e, + if ((recip = load_cert(recipfile, FORMAT_PEM, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -751,7 +751,7 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e, + if ((signer = load_cert(signerfile, FORMAT_PEM, "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -968,8 +968,7 @@ int cms_main(int argc, char **argv) signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_PEM, NULL, - e, "signer certificate"); + signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); if (!signer) goto end; key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); diff --git a/apps/dgst.c b/apps/dgst.c index cab848516b..bebaaf53d3 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -73,7 +73,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd); + const char *file); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -403,7 +403,7 @@ int dgst_main(int argc, char **argv) if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, - siglen, NULL, NULL, "stdin", bmd); + siglen, NULL, NULL, "stdin"); } else { const char *md_name = NULL, *sig_name = NULL; if (!out_bin) { @@ -426,7 +426,7 @@ int dgst_main(int argc, char **argv) continue; } else r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, - siglen, sig_name, md_name, argv[i], bmd); + siglen, sig_name, md_name, argv[i]); if (r) ret = r; (void)BIO_reset(bmd); @@ -448,7 +448,7 @@ int dgst_main(int argc, char **argv) int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd) + const char *file) { size_t len; int i; diff --git a/apps/ocsp.c b/apps/ocsp.c index e26afe1f94..dc2a11f26e 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -115,8 +115,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(const char *port); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port); +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, @@ -406,8 +405,7 @@ int ocsp_main(int argc, char **argv) path = opt_arg(); break; case OPT_ISSUER: - issuer = load_cert(opt_arg(), FORMAT_PEM, - NULL, NULL, "issuer certificate"); + issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate"); if (issuer == NULL) goto end; if (issuers == NULL) { @@ -418,8 +416,7 @@ int ocsp_main(int argc, char **argv) break; case OPT_CERT: X509_free(cert); - cert = load_cert(opt_arg(), FORMAT_PEM, - NULL, NULL, "certificate"); + cert = load_cert(opt_arg(), FORMAT_PEM, "certificate"); if (cert == NULL) goto end; if (cert_id_md == NULL) @@ -526,16 +523,14 @@ int ocsp_main(int argc, char **argv) if (rsignfile) { if (!rkeyfile) rkeyfile = rsignfile; - rsigner = load_cert(rsignfile, FORMAT_PEM, - NULL, NULL, "responder certificate"); + rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate"); if (!rsigner) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; } - rca_cert = load_cert(rca_filename, FORMAT_PEM, - NULL, NULL, "CA certificate"); + rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate"); if (rcertfile) { - if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL, + if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, "responder other certificates")) goto end; } @@ -550,7 +545,7 @@ int ocsp_main(int argc, char **argv) redo_accept: if (acbio) { - if (!do_responder(&req, &cbio, acbio, port)) + if (!do_responder(&req, &cbio, acbio)) goto end; if (!req) { resp = @@ -572,14 +567,13 @@ int ocsp_main(int argc, char **argv) if (signfile) { if (!keyfile) keyfile = signfile; - signer = load_cert(signfile, FORMAT_PEM, - NULL, NULL, "signer certificate"); + signer = load_cert(signfile, FORMAT_PEM, "signer certificate"); if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; } if (sign_certfile) { - if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL, + if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, "signer certificates")) goto end; } @@ -702,7 +696,7 @@ int ocsp_main(int argc, char **argv) if (vpmtouched) X509_STORE_set1_param(store, vpm); if (verify_certfile) { - if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL, + if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, "validator certificate")) goto end; } @@ -1078,8 +1072,7 @@ static int urldecode(char *p) return (int)(out - save); } -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port) +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) { int len; OCSP_REQUEST *req = NULL; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e8df4998f7..b4aabb2b86 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -397,7 +397,7 @@ int pkcs12_main(int argc, char **argv) /* Load in all certs in input file */ if (!(options & NOCERTS)) { - if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e, + if (!load_certs(infile, &certs, FORMAT_PEM, NULL, "certificates")) goto export_end; @@ -426,7 +426,7 @@ int pkcs12_main(int argc, char **argv) /* Add any more certificates asked for */ if (certfile) { - if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e, + if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, "certificates from certfile")) goto export_end; } diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 8e1177738e..91ef8d73b4 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -390,7 +390,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, break; case KEY_CERT: - x = load_cert(keyfile, keyform, NULL, e, "Certificate"); + x = load_cert(keyfile, keyform, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/rsautl.c b/apps/rsautl.c index 08e4d5635e..728352cbd4 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -231,7 +231,7 @@ int rsautl_main(int argc, char **argv) break; case KEY_CERT: - x = load_cert(keyfile, keyformat, NULL, e, "Certificate"); + x = load_cert(keyfile, keyformat, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/s_apps.h b/apps/s_apps.h index 435741547a..c000aa13d2 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -149,11 +149,11 @@ typedef fd_mask fd_set; #define PORT "4433" #define PROTOCOL "tcp" +typedef int (*do_server_cb)(int s, int stype, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, - int (*cb) (const char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); + do_server_cb cb, + unsigned char *context, int naccept); #ifdef HEADER_X509_H int verify_callback(int ok, X509_STORE_CTX *ctx); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index a463dac4ff..b74d682506 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -972,7 +972,7 @@ int load_excert(SSL_EXCERT **pexc) return 0; } exc->cert = load_cert(exc->certfile, exc->certform, - NULL, NULL, "Server Certificate"); + "Server Certificate"); if (!exc->cert) return 0; if (exc->keyfile) { @@ -986,7 +986,7 @@ int load_excert(SSL_EXCERT **pexc) return 0; if (exc->chainfile) { if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, - NULL, "Server Chain")) + "Server Chain")) return 0; } } diff --git a/apps/s_client.c b/apps/s_client.c index b533780e28..9889cb0355 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1432,8 +1432,7 @@ int s_client_main(int argc, char **argv) } if (cert_file) { - cert = load_cert(cert_file, cert_format, - NULL, e, "client certificate file"); + cert = load_cert(cert_file, cert_format, "client certificate file"); if (cert == NULL) { ERR_print_errors(bio_err); goto end; @@ -1441,7 +1440,7 @@ int s_client_main(int argc, char **argv) } if (chain_file) { - if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e, + if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, "client certificate chain")) goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index 3c5b4222ef..074c7634c7 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -191,12 +191,9 @@ typedef unsigned int u_int; #endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context); -static int www_body(const char *hostname, int s, int stype, - unsigned char *context); -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context); +static int sv_body(int s, int stype, unsigned char *context); +static int www_body(int s, int stype, unsigned char *context); +static int rev_body(int s, int stype, unsigned char *context); static void close_accept_socket(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp, SSL_CTX *ctx); @@ -1027,8 +1024,7 @@ int s_server_main(int argc, char *argv[]) #ifdef AF_UNIX int unlink_unix_path = 0; #endif - int (*server_cb) (const char *hostname, int s, int stype, - unsigned char *context); + do_server_cb server_cb; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; #ifndef OPENSSL_NO_DH int no_dhe = 0; @@ -1557,14 +1553,14 @@ int s_server_main(int argc, char *argv[]) } s_cert = load_cert(s_cert_file, s_cert_format, - NULL, e, "server certificate file"); + "server certificate file"); if (!s_cert) { ERR_print_errors(bio_err); goto end; } if (s_chain_file) { - if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e, + if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, "server certificate chain")) goto end; } @@ -1578,7 +1574,7 @@ int s_server_main(int argc, char *argv[]) } s_cert2 = load_cert(s_cert_file2, s_cert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_cert2) { ERR_print_errors(bio_err); @@ -1636,14 +1632,14 @@ int s_server_main(int argc, char *argv[]) } s_dcert = load_cert(s_dcert_file, s_dcert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_dcert) { ERR_print_errors(bio_err); goto end; } if (s_dchain_file) { - if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e, + if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, "second server certificate chain")) goto end; } @@ -2054,8 +2050,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context) +static int sv_body(int s, int stype, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2644,8 +2639,7 @@ static DH *load_dh_param(const char *dhfile) } #endif -static int www_body(const char *hostname, int s, int stype, - unsigned char *context) +static int www_body(int s, int stype, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -3032,8 +3026,7 @@ static int www_body(const char *hostname, int s, int stype, return (ret); } -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context) +static int rev_body(int s, int stype, unsigned char *context) { char *buf = NULL; int i; diff --git a/apps/s_socket.c b/apps/s_socket.c index 6d781f481d..5d66ab993a 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -221,10 +221,8 @@ int init_client(int *sock, const char *host, const char *port, * 0 on failure, something other on success. */ int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, - int (*cb) (const char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) + int family, int type, do_server_cb cb, + unsigned char *context, int naccept) { int asock = 0; int sock; @@ -258,50 +256,26 @@ int do_server(int *accept_sock, const char *host, const char *port, } |