diff options
author | Rich Salz <rsalz@akamai.com> | 2014-07-15 11:14:45 -0400 |
---|---|---|
committer | Rich Salz <rsalz@akamai.com> | 2014-07-15 11:14:45 -0400 |
commit | b7dc7898f0dac60ced6201b17c027265606276af (patch) | |
tree | b02f92b7742dc4a254f0a379951cd21aae8bd44d | |
parent | 3486804ae982d420d44ec039a9d4467cfd924b26 (diff) | |
download | openssl-new-b7dc7898f0dac60ced6201b17c027265606276af.tar.gz |
Require non-null BIO for print_policies
Add some help text to common verifh options.
Re-order cleanup calls to be invert of startup calls
(apps_startup/shutdown)
Avoid some needless dup_bio_out calls
-rw-r--r-- | apps/apps.c | 8 | ||||
-rw-r--r-- | apps/apps.h | 6 | ||||
-rw-r--r-- | apps/cms.c | 3 | ||||
-rw-r--r-- | apps/openssl.c | 37 | ||||
-rw-r--r-- | apps/passwd.c | 10 | ||||
-rw-r--r-- | apps/smime.c | 2 | ||||
-rw-r--r-- | apps/verify.c | 4 | ||||
-rw-r--r-- | apps/x509.c | 98 |
8 files changed, 73 insertions, 95 deletions
diff --git a/apps/apps.c b/apps/apps.c index 4aab043aa7..5b65f4c6f3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2145,12 +2145,6 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) { X509_POLICY_TREE *tree; int explicit_policy; - int free_out = 0; - if (out == NULL) - { - out = dup_bio_out(); - free_out = 1; - } tree = X509_STORE_CTX_get0_policy_tree(ctx); explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); @@ -2159,8 +2153,6 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); - if (free_out) - BIO_free(out); } #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) diff --git a/apps/apps.h b/apps/apps.h index ae920b5f71..12a1ec194c 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -188,8 +188,8 @@ extern void unbuffer(FILE* fp); { "verify_ip", OPT_V_VERIFY_IP, 's' }, \ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \ - { "crl_check", OPT_V_CRL_CHECK, '-' }, \ - { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-' }, \ + { "crl_check", OPT_V_CRL_CHECK, '-', "Check the cert has not been revoked" }, \ + { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \ { "policy_check", OPT_V_POLICY_CHECK, '-' }, \ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \ { "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \ @@ -199,7 +199,7 @@ extern void unbuffer(FILE* fp); { "use_deltas", OPT_V_USE_DELTAS, '-' }, \ { "policy_print", OPT_V_POLICY_PRINT, '-' }, \ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \ - { "trusted_first", OPT_V_TRUSTED_FIRST, '-' }, \ + { "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \ { "suiteB_128", OPT_V_SUITEB_128, '-' }, \ { "suiteB_192", OPT_V_SUITEB_192, '-' }, \ diff --git a/apps/cms.c b/apps/cms.c index e13a596b5a..1d5d51efb0 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1276,7 +1276,8 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx) && ((error != X509_V_OK) || (ok != 2))) return ok; - policies_print(NULL, ctx); + /* Should be bio_err? */ + policies_print(bio_out, ctx); return ok; diff --git a/apps/openssl.c b/apps/openssl.c index 33d10e4285..43f2e59ae0 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -161,29 +161,28 @@ static void apps_startup() ERR_load_crypto_strings(); ERR_load_SSL_strings(); OpenSSL_add_all_algorithms(); + setup_ui_method(); #ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); #endif - setup_ui_method(); } static void apps_shutdown() { - CONF_modules_unload(1); - destroy_ui_method(); - OBJ_cleanup(); - EVP_cleanup(); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif + destroy_ui_method(); + CONF_modules_unload(1); +#ifndef OPENSSL_NO_COMP + COMP_zlib_cleanup(); +#endif + OBJ_cleanup(); + EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); RAND_cleanup(); ERR_free_strings(); - -#ifndef OPENSSL_NO_COMP - COMP_zlib_cleanup(); -#endif } static char *make_config_name() @@ -535,7 +534,6 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) FUNCTION f,*fp; int i,ret=1,nl; int tp; - BIO* out=NULL; if ((argc <= 0) || (argv[0] == NULL)) { ret=0; goto end; } @@ -562,15 +560,12 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) } else if ((strncmp(argv[0],"no-",3)) == 0) { - out = dup_bio_out(); f.name=argv[0]+3; ret = (lh_FUNCTION_retrieve(prog,&f) != NULL); if (!ret) - BIO_printf(out, "%s\n", argv[0]); + BIO_printf(bio_out, "%s\n", argv[0]); else - BIO_printf(out, "%s\n", argv[0]+3); - BIO_free_all(out); - out = NULL; + BIO_printf(bio_out, "%s\n", argv[0]+3); goto end; } else if ((strcmp(argv[0],"quit") == 0) || @@ -600,26 +595,23 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) list_type = FUNC_TYPE_PKEY; else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) list_type = FUNC_TYPE_CIPHER_ALG; - out = dup_bio_out(); if (!load_config(bio_err, NULL)) goto end; if (list_type == FUNC_TYPE_PKEY) - list_pkey(out); + list_pkey(bio_out); if (list_type == FUNC_TYPE_MD_ALG) - list_md(out); + list_md(bio_out); if (list_type == FUNC_TYPE_CIPHER_ALG) - list_cipher(out); + list_cipher(bio_out); else { for (fp=functions; fp->name != NULL; fp++) if (fp->type == list_type) - BIO_printf(out, "%s\n", + BIO_printf(bio_out, "%s\n", fp->name); } - BIO_free_all(out); - out = NULL; ret=0; goto end; } @@ -668,7 +660,6 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) ret=0; } end: - if (out) BIO_free(out); return(ret); } diff --git a/apps/passwd.c b/apps/passwd.c index c6f786fe07..ac8cefc038 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -75,13 +75,11 @@ int passwd_main(int argc, char **argv) char *salt_malloc=NULL, *passwd_malloc=NULL; size_t passwd_malloc_size=0; int pw_source_defined=0; - BIO *in=NULL, *out=NULL; + BIO *in=NULL; int passed_salt=0, quiet=0, table=0, reverse=0; int usecrypt=0, use1=0, useapr1=0; size_t pw_maxlen=256; - out = dup_bio_out(); - enum options o; char* prog; @@ -202,7 +200,7 @@ bad: do /* loop over list of passwords */ { passwd = *passwds++; - if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; } @@ -231,7 +229,7 @@ bad: while ((r > 0) && (!strchr(trash, '\n'))); } - if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; } @@ -249,8 +247,6 @@ err: OPENSSL_free(passwd_malloc); if (in) BIO_free(in); - if (out) - BIO_free_all(out); return(ret); } diff --git a/apps/smime.c b/apps/smime.c index 256a86f1d4..1faf69a393 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -739,7 +739,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx) && ((error != X509_V_OK) || (ok != 2))) return ok; - policies_print(NULL, ctx); + policies_print(bio_err, ctx); return ok; diff --git a/apps/verify.c b/apps/verify.c index 99d81dfeee..d3ece89b7b 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -347,7 +347,7 @@ static int cb(int ok, X509_STORE_CTX *ctx) switch(cert_error) { case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(NULL, ctx); + policies_print(bio_err, ctx); case X509_V_ERR_CERT_HAS_EXPIRED: /* since we are just checking the certificates, it is @@ -372,7 +372,7 @@ static int cb(int ok, X509_STORE_CTX *ctx) } if (cert_error == X509_V_OK && ok == 2) - policies_print(NULL, ctx); + policies_print(bio_out, ctx); if (!v_verbose) ERR_clear_error(); return(ok); diff --git a/apps/x509.c b/apps/x509.c index 05b3ec6291..95048aac17 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -197,7 +197,7 @@ OPTIONS x509_options[] = { int x509_main(int argc, char **argv) { - BIO *out=NULL, *STDout=NULL; + BIO *out=NULL; STACK_OF(ASN1_OBJECT) *trust=NULL, *reject=NULL; #ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; @@ -237,7 +237,6 @@ int x509_main(int argc, char **argv) if (ctx == NULL) goto end; X509_STORE_set_verify_cb(ctx,callb); - STDout=dup_bio_out(); prog = opt_init(argc, argv, x509_options); while ((o = opt_next()) != OPT_EOF) { @@ -679,20 +678,20 @@ err: { if (issuer == i) { - print_name(STDout, "issuer= ", + print_name(bio_out, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { - print_name(STDout, "subject= ", + print_name(bio_out, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i) { - BIO_printf(STDout,"serial="); - i2a_ASN1_INTEGER(STDout, + BIO_printf(bio_out,"serial="); + i2a_ASN1_INTEGER(bio_out, X509_get_serialNumber(x)); - BIO_printf(STDout,"\n"); + BIO_printf(bio_out,"\n"); } else if (next_serial == i) { @@ -721,7 +720,7 @@ err: else emlst = X509_get1_ocsp(x); for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) - BIO_printf(STDout, "%s\n", + BIO_printf(bio_out, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } @@ -729,38 +728,38 @@ err: { unsigned char *alstr; alstr = X509_alias_get0(x, NULL); - if (alstr) BIO_printf(STDout,"%s\n", alstr); - else BIO_puts(STDout,"<No Alias>\n"); + if (alstr) BIO_printf(bio_out,"%s\n", alstr); + else BIO_puts(bio_out,"<No Alias>\n"); } else if (subject_hash == i) { - BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); + BIO_printf(bio_out,"%08lx\n",X509_subject_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (subject_hash_old == i) { - BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x)); + BIO_printf(bio_out,"%08lx\n",X509_subject_name_hash_old(x)); } #endif else if (issuer_hash == i) { - BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + BIO_printf(bio_out,"%08lx\n",X509_issuer_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (issuer_hash_old == i) { - BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x)); + BIO_printf(bio_out,"%08lx\n",X509_issuer_name_hash_old(x)); } #endif else if (pprint == i) { X509_PURPOSE *ptmp; int j; - BIO_printf(STDout, "Certificate purposes:\n"); + BIO_printf(bio_out, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count(); j++) { ptmp = X509_PURPOSE_get0(j); - purpose_print(STDout, x, ptmp); + purpose_print(bio_out, x, ptmp); } } else @@ -775,19 +774,19 @@ err: ERR_print_errors(bio_err); goto end; } - BIO_printf(STDout,"Modulus="); + BIO_printf(bio_out,"Modulus="); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) - BN_print(STDout,pkey->pkey.rsa->n); + BN_print(bio_out,pkey->pkey.rsa->n); else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) - BN_print(STDout,pkey->pkey.dsa->pub_key); + BN_print(bio_out,pkey->pkey.dsa->pub_key); else #endif - BIO_printf(STDout,"Wrong Algorithm type"); - BIO_printf(STDout,"\n"); + BIO_printf(bio_out,"Wrong Algorithm type"); + BIO_printf(bio_out,"\n"); EVP_PKEY_free(pkey); } else @@ -802,7 +801,7 @@ err: ERR_print_errors(bio_err); goto end; } - PEM_write_bio_PUBKEY(STDout, pkey); + PEM_write_bio_PUBKEY(bio_out, pkey); EVP_PKEY_free(pkey); } else @@ -814,68 +813,68 @@ err: X509_NAME_oneline(X509_get_subject_name(x), buf,sizeof buf); - BIO_printf(STDout,"/* subject:%s */\n",buf); + BIO_printf(bio_out,"/* subject:%s */\n",buf); m=X509_NAME_oneline( X509_get_issuer_name(x),buf, sizeof buf); - BIO_printf(STDout,"/* issuer :%s */\n",buf); + BIO_printf(bio_out,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); m=OPENSSL_malloc(z); d=(unsigned char *)m; z=i2d_X509_NAME(X509_get_subject_name(x),&d); - BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); + BIO_printf(bio_out,"unsigned char XXX_subject_name[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - BIO_printf(STDout,"0x%02X,",d[y]); - if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); + BIO_printf(bio_out,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) BIO_printf(bio_out,"\n"); } - if (y%16 != 0) BIO_printf(STDout,"\n"); - BIO_printf(STDout,"};\n"); + if (y%16 != 0) BIO_printf(bio_out,"\n"); + BIO_printf(bio_out,"};\n"); z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d); - BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z); + BIO_printf(bio_out,"unsigned char XXX_public_key[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - BIO_printf(STDout,"0x%02X,",d[y]); + BIO_printf(bio_out,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) - BIO_printf(STDout,"\n"); + BIO_printf(bio_out,"\n"); } - if (y%16 != 0) BIO_printf(STDout,"\n"); - BIO_printf(STDout,"};\n"); + if (y%16 != 0) BIO_printf(bio_out,"\n"); + BIO_printf(bio_out,"};\n"); z=i2d_X509(x,&d); - BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z); + BIO_printf(bio_out,"unsigned char XXX_certificate[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - BIO_printf(STDout,"0x%02X,",d[y]); + BIO_printf(bio_out,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) - BIO_printf(STDout,"\n"); + BIO_printf(bio_out,"\n"); } - if (y%16 != 0) BIO_printf(STDout,"\n"); - BIO_printf(STDout,"};\n"); + if (y%16 != 0) BIO_printf(bio_out,"\n"); + BIO_printf(bio_out,"};\n"); OPENSSL_free(m); } else if (text == i) { - X509_print_ex(STDout,x,nmflag, certflag); + X509_print_ex(bio_out,x,nmflag, certflag); } else if (startdate == i) { - BIO_puts(STDout,"notBefore="); - ASN1_TIME_print(STDout,X509_get_notBefore(x)); - BIO_puts(STDout,"\n"); + BIO_puts(bio_out,"notBefore="); + ASN1_TIME_print(bio_out,X509_get_notBefore(x)); + BIO_puts(bio_out,"\n"); } else if (enddate == i) { - BIO_puts(STDout,"notAfter="); - ASN1_TIME_print(STDout,X509_get_notAfter(x)); - BIO_puts(STDout,"\n"); + BIO_puts(bio_out,"notAfter="); + ASN1_TIME_print(bio_out,X509_get_notAfter(x)); + BIO_puts(bio_out,"\n"); } else if (fingerprint == i) { @@ -892,11 +891,11 @@ err: BIO_printf(bio_err,"out of memory\n"); goto end; } - BIO_printf(STDout,"%s Fingerprint=", + BIO_printf(bio_out,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig))); for (j=0; j<(int)n; j++) { - BIO_printf(STDout,"%02X%c",md[j], + BIO_printf(bio_out,"%02X%c",md[j], (j+1 == (int)n) ?'\n':':'); } @@ -995,7 +994,7 @@ err: goto end; } - print_cert_checks(STDout, x, checkhost, checkemail, checkip); + print_cert_checks(bio_out, x, checkhost, checkemail, checkip); if (noout) { @@ -1042,7 +1041,6 @@ end: OBJ_cleanup(); NCONF_free(extconf); BIO_free_all(out); - BIO_free_all(STDout); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); |