From bde136c89f87b66d49e9d03e3b34c68b6b1d1e26 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Fri, 18 Mar 2016 19:02:17 +0100 Subject: [PATCH] Few cleanups in s_client, s_server apps. Discard useless static engine_id Add a const qualifier Fix some spelling Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell --- apps/apps.c | 3 ++- apps/s_client.c | 41 ++++++++++++++++++----------------------- apps/s_server.c | 18 ++++++------------ 3 files changed, 26 insertions(+), 36 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index cca42ac307..b41acced7b 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1413,7 +1413,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) { - char buf[5][BSIZE]; + char buf[2][BSIZE]; int i, j; i = strlen(serialfile) + strlen(old_suffix); @@ -1782,6 +1782,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) BIO *mem; int len, ret; unsigned char tbuf[1024]; + mem = BIO_new(BIO_s_mem()); if (mem == NULL) return -1; diff --git a/apps/s_client.c b/apps/s_client.c index f12c378d94..01d1036209 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -242,7 +242,7 @@ typedef struct srp_arg_st { int msg; /* copy from c_msg */ int debug; /* copy from c_debug */ int amp; /* allow more groups */ - int strength /* minimal size for N */ ; + int strength; /* minimal size for N */ } SRP_ARG; # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 @@ -276,7 +276,7 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) * The callback is only called for a non default group. * * An application does not need the call back at all if - * only the stanard groups are used. In real life situations, + * only the standard groups are used. In real life situations, * client and server already share well known groups, * thus there is no need to verify them. * Furthermore, in case that a server actually proposes a group that @@ -549,8 +549,14 @@ typedef enum OPTION_choice { OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG, OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, - OPT_PSK_IDENTITY, OPT_PSK, OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, - OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_SSL_CONFIG, +#ifndef OPENSSL_NO_PSK + OPT_PSK_IDENTITY, OPT_PSK, +#endif +#ifndef OPENSSL_NO_SRP + OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER, + OPT_SRP_MOREGROUPS, +#endif + OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, @@ -711,7 +717,7 @@ OPTIONS s_client_options[] = { {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, #endif #ifndef OPENSSL_NO_SRP - {"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"}, + {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"}, {"srppass", OPT_SRPPASS, 's', "Password for 'user'"}, {"srp_lateuser", OPT_SRP_LATEUSER, '-', "SRP username into second ClientHello message"}, @@ -733,7 +739,7 @@ OPTIONS s_client_options[] = { {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"}, #endif - {NULL} + {NULL, OPT_EOF, 0x00, NULL} }; typedef enum PROTOCOL_choice { @@ -749,7 +755,7 @@ typedef enum PROTOCOL_choice { PROTO_IRC } PROTOCOL_CHOICE; -static OPT_PAIR services[] = { +static const OPT_PAIR services[] = { {"smtp", PROTO_SMTP}, {"pop3", PROTO_POP3}, {"imap", PROTO_IMAP}, @@ -758,7 +764,7 @@ static OPT_PAIR services[] = { {"xmpp-server", PROTO_XMPP_SERVER}, {"telnet", PROTO_TELNET}, {"irc", PROTO_IRC}, - {NULL} + {NULL, 0} }; int s_client_main(int argc, char **argv) @@ -1034,7 +1040,6 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Error getting client auth engine\n"); goto opthelp; } - break; #endif break; case OPT_RAND: @@ -1098,10 +1103,6 @@ int s_client_main(int argc, char **argv) goto end; } break; -#else - case OPT_PSK_IDENTITY: - case OPT_PSK: - break; #endif #ifndef OPENSSL_NO_SRP case OPT_SRPUSER: @@ -1131,13 +1132,6 @@ int s_client_main(int argc, char **argv) if (min_version < TLS1_VERSION) min_version = TLS1_VERSION; break; -#else - case OPT_SRPUSER: - case OPT_SRPPASS: - case OPT_SRP_STRENGTH: - case OPT_SRP_LATEUSER: - case OPT_SRP_MOREGROUPS: - break; #endif case OPT_SSL_CONFIG: ssl_config = opt_arg(); @@ -1700,9 +1694,9 @@ int s_client_main(int argc, char **argv) goto end; } } else if (dane_tlsa_rrset != NULL) { - BIO_printf(bio_err, "%s: DANE TLSA authentication requires the " - "-dane_tlsa_domain option.\n", prog); - goto end; + BIO_printf(bio_err, "%s: DANE TLSA authentication requires the " + "-dane_tlsa_domain option.\n", prog); + goto end; } re_start: @@ -2572,6 +2566,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; + pktmp = X509_get0_pubkey(peer); BIO_printf(bio, "Server public key is %d bit\n", EVP_PKEY_bits(pktmp)); diff --git a/apps/s_server.c b/apps/s_server.c index 3e1e1ae686..dd12475869 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -146,9 +146,6 @@ static int async = 0; static unsigned int split_send_fragment = 0; static unsigned int max_pipelines = 0; -#ifndef OPENSSL_NO_ENGINE -static char *engine_id = NULL; -#endif static const char *session_id_prefix = NULL; #ifndef OPENSSL_NO_DTLS @@ -305,9 +302,6 @@ static void s_server_init(void) async = 0; split_send_fragment = 0; max_pipelines = 0; -#ifndef OPENSSL_NO_ENGINE - engine_id = NULL; -#endif } static int local_argc = 0; @@ -919,12 +913,12 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {NULL} + {NULL, OPT_EOF, 0, NULL} }; int s_server_main(int argc, char *argv[]) { - ENGINE *e = NULL; + ENGINE *engine = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; SSL_CONF_CTX *cctx = NULL; const SSL_METHOD *meth = TLS_server_method(); @@ -1396,7 +1390,7 @@ int s_server_main(int argc, char *argv[]) session_id_prefix = opt_arg(); break; case OPT_ENGINE: - e = setup_engine(opt_arg(), 1); + engine = setup_engine(opt_arg(), 1); break; case OPT_RAND: inrand = opt_arg(); @@ -1502,7 +1496,7 @@ int s_server_main(int argc, char *argv[]) goto end; if (nocert == 0) { - s_key = load_key(s_key_file, s_key_format, 0, pass, e, + s_key = load_key(s_key_file, s_key_format, 0, pass, engine, "server certificate private key file"); if (!s_key) { ERR_print_errors(bio_err); @@ -1523,7 +1517,7 @@ int s_server_main(int argc, char *argv[]) } if (tlsextcbp.servername) { - s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e, + s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, "second server certificate private key file"); if (!s_key2) { ERR_print_errors(bio_err); @@ -1582,7 +1576,7 @@ int s_server_main(int argc, char *argv[]) s_dkey_file = s_dcert_file; s_dkey = load_key(s_dkey_file, s_dkey_format, - 0, dpass, e, "second certificate private key file"); + 0, dpass, engine, "second certificate private key file"); if (!s_dkey) { ERR_print_errors(bio_err); goto end; -- 2.25.1