int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
- int num,len,i;
+ int num,i;
char *p;
*argc=0;
*argv=NULL;
- len=strlen(buf);
i=0;
if (arg->count == 0)
{
if (format == FORMAT_ENGINE)
{
if (!e)
- BIO_printf(bio_err,"no engine specified\n");
+ BIO_printf(err,"no engine specified\n");
else
+ {
pkey = ENGINE_load_private_key(e, file,
ui_method, &cb_data);
+ if (!pkey)
+ {
+ BIO_printf(err,"cannot load %s from engine\n",key_descrip);
+ ERR_print_errors(err);
+ }
+ }
goto end;
}
#endif
}
end:
if (key != NULL) BIO_free(key);
- if (pkey == NULL)
+ if (pkey == NULL)
+ {
BIO_printf(err,"unable to load %s\n", key_descrip);
+ ERR_print_errors(err);
+ }
return(pkey);
}
flags |= X509_V_FLAG_X509_STRICT;
else if (!strcmp(arg, "-policy_print"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else
return 0;
int l;
l = BIO_gets(bconn, buf, sizeof buf);
- assert(l >= 0);
+ assert(l > 0);
assert(buf[l-1] == '\n');
buf[l-1] = '\0';
BN_hex2bn(bn, buf);
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
BIO_pop(bconn);
BIO_free(bconn);
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
BIO_pop(bconn);
BIO_free(bconn);