diff --git a/apps/apps.c b/apps/apps.c index 66e37962a6eef369b40ecedbdd91197dae1e8974..a4eecaed8d8a2eb41d63d286def8076009efb582 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2006,34 +2006,34 @@ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) return rv; } -static void nodes_print(BIO *out, const char *name, - STACK_OF(X509_POLICY_NODE) *nodes) +static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes) { X509_POLICY_NODE *node; int i; - BIO_printf(out, "%s Policies:", name); + + BIO_printf(bio_err, "%s Policies:", name); if (nodes) { - BIO_puts(out, "\n"); + BIO_puts(bio_err, "\n"); for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) { node = sk_X509_POLICY_NODE_value(nodes, i); - X509_POLICY_NODE_print(out, node, 2); + X509_POLICY_NODE_print(bio_err, node, 2); } } else - BIO_puts(out, " \n"); + BIO_puts(bio_err, " \n"); } -void policies_print(BIO *out, X509_STORE_CTX *ctx) +void policies_print(X509_STORE_CTX *ctx) { X509_POLICY_TREE *tree; int explicit_policy; tree = X509_STORE_CTX_get0_policy_tree(ctx); explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); - BIO_printf(out, "Require explicit Policy: %s\n", + BIO_printf(bio_err, "Require explicit Policy: %s\n", explicit_policy ? "True" : "False"); - nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); - nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); + nodes_print("Authority", X509_policy_tree_get0_policies(tree)); + nodes_print("User", X509_policy_tree_get0_user_policies(tree)); } #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) diff --git a/apps/apps.h b/apps/apps.h index 5d1b98f837252eb0ae51cc498856a5891777a43c..db6795792e549ea986a3d1e228c1df28d74b1273 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -489,7 +489,7 @@ int parse_yesno(const char *str, int def); X509_NAME *parse_name(char *str, long chtype, int multirdn); int args_verify(char ***pargs, int *pargc, int *badarg, X509_VERIFY_PARAM **pm); -void policies_print(BIO *out, X509_STORE_CTX *ctx); +void policies_print(X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); int init_gen_str(EVP_PKEY_CTX **pctx, diff --git a/apps/asn1pars.c b/apps/asn1pars.c index e96491a40cca7780a8e0ea9e36edc0f36f249077..6214625c54d696a414e6c3b591b365d72fd24d74 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -100,7 +100,7 @@ OPTIONS asn1parse_options[] = { {NULL} }; -static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); +static int do_generate(char *genstr, char *genconf, BUF_MEM *buf); int asn1parse_main(int argc, char **argv) { @@ -215,7 +215,7 @@ int asn1parse_main(int argc, char **argv) goto end; /* Pre-allocate :-) */ if (genstr || genconf) { - num = do_generate(bio_err, genstr, genconf, buf); + num = do_generate(genstr, genconf, buf); if (num < 0) { ERR_print_errors(bio_err); goto end; @@ -335,7 +335,7 @@ int asn1parse_main(int argc, char **argv) return (ret); } -static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) +static int do_generate(char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; @@ -350,7 +350,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) if (!genstr) genstr = NCONF_get_string(cnf, "default", "asn1"); if (!genstr) { - BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); + BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf); goto err; } } @@ -380,10 +380,10 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) conferr: if (errline > 0) - BIO_printf(bio, "Error on line %ld of config file '%s'\n", + BIO_printf(bio_err, "Error on line %ld of config file '%s'\n", errline, genconf); else - BIO_printf(bio, "Error loading config file '%s'\n", genconf); + BIO_printf(bio_err, "Error loading config file '%s'\n", genconf); err: NCONF_free(cnf); diff --git a/apps/ca.c b/apps/ca.c index ac720dbeead92279613e32db28af8afd990637eb..ba666eef72666cd8e12784d81b7ca7a51bb94450 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -187,7 +187,7 @@ static int do_updatedb(CA_DB *db); static int check_time_format(const char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, const char *str); -int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); +static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str); static CONF *conf = NULL; static CONF *extconf = NULL; @@ -1604,7 +1604,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, } if (default_op) - old_entry_print(bio_err, obj, str); + old_entry_print(obj, str); } /* Ok, now we check the 'policy' stuff. */ @@ -2632,42 +2632,42 @@ int make_revoked(X509_REVOKED *rev, const char *str) return ret; } -int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) +static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25], *pbuf, *p; int j; - j = i2a_ASN1_OBJECT(bp, obj); + j = i2a_ASN1_OBJECT(bio_err, obj); pbuf = buf; for (j = 22 - j; j > 0; j--) *(pbuf++) = ' '; *(pbuf++) = ':'; *(pbuf++) = '\0'; - BIO_puts(bp, buf); + BIO_puts(bio_err, buf); if (str->type == V_ASN1_PRINTABLESTRING) - BIO_printf(bp, "PRINTABLE:'"); + BIO_printf(bio_err, "PRINTABLE:'"); else if (str->type == V_ASN1_T61STRING) - BIO_printf(bp, "T61STRING:'"); + BIO_printf(bio_err, "T61STRING:'"); else if (str->type == V_ASN1_IA5STRING) - BIO_printf(bp, "IA5STRING:'"); + BIO_printf(bio_err, "IA5STRING:'"); else if (str->type == V_ASN1_UNIVERSALSTRING) - BIO_printf(bp, "UNIVERSALSTRING:'"); + BIO_printf(bio_err, "UNIVERSALSTRING:'"); else - BIO_printf(bp, "ASN.1 %2d:'", str->type); + BIO_printf(bio_err, "ASN.1 %2d:'", str->type); p = (char *)str->data; for (j = str->length; j > 0; j--) { if ((*p >= ' ') && (*p <= '~')) - BIO_printf(bp, "%c", *p); + BIO_printf(bio_err, "%c", *p); else if (*p & 0x80) - BIO_printf(bp, "\\0x%02X", *p); + BIO_printf(bio_err, "\\0x%02X", *p); else if ((unsigned char)*p == 0xf7) - BIO_printf(bp, "^?"); + BIO_printf(bio_err, "^?"); else - BIO_printf(bp, "^%c", *p + '@'); + BIO_printf(bio_err, "^%c", *p + '@'); p++; } - BIO_printf(bp, "'\n"); + BIO_printf(bio_err, "'\n"); return 1; } diff --git a/apps/cms.c b/apps/cms.c index e3e8656eb105c162a06c158c57cf64a36735f789..16dbc0c296baec281ddd28f0ff8c76e3536ddebf 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -68,7 +68,7 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); -static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); +static void receipt_request_print(CMS_ContentInfo *cms); static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING) *rr_from); @@ -1075,7 +1075,7 @@ int cms_main(int argc, char **argv) sk_X509_free(signers); } if (rr_print) - receipt_request_print(bio_err, cms); + receipt_request_print(cms); } else if (operation == SMIME_VERIFY_RECEIPT) { if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) @@ -1190,31 +1190,31 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx) && ((error != X509_V_OK) || (ok != 2))) return ok; - /* Should be bio_err? */ - policies_print(bio_out, ctx); + policies_print(ctx); return ok; } -static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) +static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns) { STACK_OF(GENERAL_NAME) *gens; GENERAL_NAME *gen; int i, j; + for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { gens = sk_GENERAL_NAMES_value(gns, i); for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { gen = sk_GENERAL_NAME_value(gens, j); - BIO_puts(out, " "); - GENERAL_NAME_print(out, gen); - BIO_puts(out, "\n"); + BIO_puts(bio_err, " "); + GENERAL_NAME_print(bio_err, gen); + BIO_puts(bio_err, "\n"); } } return; } -static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) +static void receipt_request_print(CMS_ContentInfo *cms) { STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; @@ -1238,22 +1238,22 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, &rlist, &rto); - BIO_puts(out, " Signed Content ID:\n"); + BIO_puts(bio_err, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); id = (char *)ASN1_STRING_data(scid); - BIO_dump_indent(out, id, idlen, 4); - BIO_puts(out, " Receipts From"); + BIO_dump_indent(bio_err, id, idlen, 4); + BIO_puts(bio_err, " Receipts From"); if (rlist) { - BIO_puts(out, " List:\n"); - gnames_stack_print(out, rlist); + BIO_puts(bio_err, " List:\n"); + gnames_stack_print(rlist); } else if (allorfirst == 1) - BIO_puts(out, ": First Tier\n"); + BIO_puts(bio_err, ": First Tier\n"); else if (allorfirst == 0) - BIO_puts(out, ": All\n"); + BIO_puts(bio_err, ": All\n"); else - BIO_printf(out, " Unknown (%d)\n", allorfirst); - BIO_puts(out, " Receipts To:\n"); - gnames_stack_print(out, rto); + BIO_printf(bio_err, " Unknown (%d)\n", allorfirst); + BIO_puts(bio_err, " Receipts To:\n"); + gnames_stack_print(rto); } if (rr) CMS_ReceiptRequest_free(rr); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 5cdd71b6c0dec52dadc1b8765885ae2815ea9b38..ec7a1d94e18bf66fae7bc9e023275aa08db5ee32 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -86,7 +86,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); -int alg_print(BIO *x, X509_ALGOR *alg); +static int alg_print(X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); static int set_pbe(int *ppbe, const char *str); @@ -587,7 +587,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, } else if (bagnid == NID_pkcs7_encrypted) { if (options & INFO) { BIO_printf(bio_err, "PKCS7 Encrypted data: "); - alg_print(bio_err, p7->d.encrypted->enc_data->algorithm); + alg_print(p7->d.encrypted->enc_data->algorithm); } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else @@ -649,7 +649,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, case NID_pkcs8ShroudedKeyBag: if (options & INFO) { BIO_printf(bio_err, "Shrouded Keybag: "); - alg_print(bio_err, bag->value.shkeybag->algor); + alg_print(bag->value.shkeybag->algor); } if (options & NOKEYS) return 1; @@ -737,11 +737,11 @@ int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) return i; } -int alg_print(BIO *x, X509_ALGOR *alg) +static int alg_print(X509_ALGOR *alg) { PBEPARAM *pbe; - const unsigned char *p; - p = alg->parameter->value.sequence->data; + const unsigned char *p = alg->parameter->value.sequence->data; + pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); if (!pbe) return 1; diff --git a/apps/s_apps.h b/apps/s_apps.h index db8d039178490d43e89ab876e9099019a9016c2d..cf3026de295627e7f8b99000593ae4cce6a52b18 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -204,7 +204,7 @@ void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); void ssl_excert_free(SSL_EXCERT *exc); int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); -void print_ssl_summary(BIO *bio, SSL *s); +void print_ssl_summary(SSL *s); #ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx, int no_ecdhe, int no_jpake); @@ -214,5 +214,5 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, const char *chCApath, const char *chCAfile, STACK_OF(X509_CRL) *crls, int crl_download); -void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose); +void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index ddd65a968db6e0bb405cae03f79581ddd34026f4..76aeadbda3c0833bc854546aebd895237a05d004 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -186,11 +186,11 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) break; case X509_V_ERR_NO_EXPLICIT_POLICY: if (!verify_quiet) - policies_print(bio_err, ctx); + policies_print(ctx); break; } if (err == X509_V_OK && ok == 2 && !verify_quiet) - policies_print(bio_err, ctx); + policies_print(ctx); if (ok && !verify_quiet) BIO_printf(bio_err, "verify return:%d\n", ok); return (ok); @@ -1104,19 +1104,20 @@ struct chain_flags chain_flags_list[] = { {0, NULL} }; -static void print_chain_flags(BIO *out, SSL *s, int flags) +static void print_chain_flags(SSL *s, int flags) { struct chain_flags *ctmp = chain_flags_list; + while (ctmp->name) { - BIO_printf(out, "\t%s: %s\n", ctmp->name, + BIO_printf(bio_err, "\t%s: %s\n", ctmp->name, flags & ctmp->flag ? "OK" : "NOT OK"); ctmp++; } - BIO_printf(out, "\tSuite B: "); + BIO_printf(bio_err, "\tSuite B: "); if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) - BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); + BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); else - BIO_printf(out, "not tested\n"); + BIO_printf(bio_err, "not tested\n"); } /* @@ -1157,7 +1158,7 @@ static int set_cert_cb(SSL *ssl, void *arg) X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); - print_chain_flags(bio_err, ssl, rv); + print_chain_flags(ssl, rv); if (rv & CERT_PKEY_VALID) { if (!SSL_use_certificate(ssl, exc->cert) || !SSL_use_PrivateKey(ssl, exc->key)) { @@ -1334,7 +1335,7 @@ int args_excert(int opt, SSL_EXCERT **pexc) return 0; } -static void print_raw_cipherlist(BIO *bio, SSL *s) +static void print_raw_cipherlist(SSL *s) { const unsigned char *rlist; static const unsigned char scsv_id[] = { 0, 0, 0xFF }; @@ -1343,59 +1344,58 @@ static void print_raw_cipherlist(BIO *bio, SSL *s) return; num = SSL_get0_raw_cipherlist(s, NULL); rlistlen = SSL_get0_raw_cipherlist(s, &rlist); - BIO_puts(bio, "Client cipher list: "); + BIO_puts(bio_err, "Client cipher list: "); for (i = 0; i < rlistlen; i += num, rlist += num) { const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); if (i) - BIO_puts(bio, ":"); + BIO_puts(bio_err, ":"); if (c) - BIO_puts(bio, SSL_CIPHER_get_name(c)); + BIO_puts(bio_err, SSL_CIPHER_get_name(c)); else if (!memcmp(rlist, scsv_id - num + 3, num)) - BIO_puts(bio, "SCSV"); + BIO_puts(bio_err, "SCSV"); else { size_t j; - BIO_puts(bio, "0x"); + BIO_puts(bio_err, "0x"); for (j = 0; j < num; j++) - BIO_printf(bio, "%02X", rlist[j]); + BIO_printf(bio_err, "%02X", rlist[j]); } } - BIO_puts(bio, "\n"); + BIO_puts(bio_err, "\n"); } -void print_ssl_summary(BIO *bio, SSL *s) +void print_ssl_summary(SSL *s) { const SSL_CIPHER *c; X509 *peer; - /* - * const char *pnam = SSL_is_server(s) ? "client" : "server"; - */ - BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s)); - print_raw_cipherlist(bio, s); + /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */ + + BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s)); + print_raw_cipherlist(s); c = SSL_get_current_cipher(s); - BIO_printf(bio, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); - do_print_sigalgs(bio, s, 0); + BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); + do_print_sigalgs(bio_err, s, 0); peer = SSL_get_peer_certificate(s); if (peer) { int nid; - BIO_puts(bio, "Peer certificate: "); - X509_NAME_print_ex(bio, X509_get_subject_name(peer), + BIO_puts(bio_err, "Peer certificate: "); + X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), 0, XN_FLAG_ONELINE); - BIO_puts(bio, "\n"); + BIO_puts(bio_err, "\n"); if (SSL_get_peer_signature_nid(s, &nid)) - BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid)); + BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); } else - BIO_puts(bio, "No peer certificate\n"); + BIO_puts(bio_err, "No peer certificate\n"); if (peer) X509_free(peer); #ifndef OPENSSL_NO_EC - ssl_print_point_formats(bio, s); + ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) - ssl_print_curves(bio, s, 1); + ssl_print_curves(bio_err, s, 1); else - ssl_print_tmp_key(bio, s); + ssl_print_tmp_key(bio_err, s); #else if (!SSL_is_server(s)) - ssl_print_tmp_key(bio, s); + ssl_print_tmp_key(bio_err, s); #endif } @@ -1681,10 +1681,11 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx, return rv; } -void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose) +void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose) { static security_debug_ex sdb; - sdb.out = out; + + sdb.out = bio_err; sdb.verbose = verbose; sdb.old_cb = SSL_CTX_get_security_callback(ctx); SSL_CTX_set_security_callback(ctx, security_callback_debug); diff --git a/apps/s_client.c b/apps/s_client.c index 9181c759b89cbc0ddc3448ecf2221ad8a4881caf..9d0d6f0cb40a13345b8546880bf8a2ab525581c6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1181,7 +1181,7 @@ int s_client_main(int argc, char **argv) } if (sdebug) - ssl_ctx_security_debug(ctx, bio_err, sdebug); + ssl_ctx_security_debug(ctx, sdebug); if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); @@ -1663,7 +1663,7 @@ int s_client_main(int argc, char **argv) } if (c_brief) { BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); - print_ssl_summary(bio_err, con); + print_ssl_summary(con); } print_stuff(bio_c_out, con, full_log); diff --git a/apps/s_server.c b/apps/s_server.c index fb6fd3dbf7bf676202f044c67ca5d8471e2e00ca..701f52da63c2142a261ef821f3f55cf39d694be4 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1617,7 +1617,7 @@ int s_server_main(int argc, char *argv[]) ctx = SSL_CTX_new(meth); if (sdebug) - ssl_ctx_security_debug(ctx, bio_err, sdebug); + ssl_ctx_security_debug(ctx, sdebug); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; @@ -1690,7 +1690,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); if (sdebug) - ssl_ctx_security_debug(ctx, bio_err, sdebug); + ssl_ctx_security_debug(ctx, sdebug); if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) @@ -2487,7 +2487,7 @@ static int init_ssl_connection(SSL *con) } if (s_brief) - print_ssl_summary(bio_err, con); + print_ssl_summary(con); PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); @@ -3036,7 +3036,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) } } BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); - print_ssl_summary(bio_err, con); + print_ssl_summary(con); for (;;) { i = BIO_gets(io, buf, bufsize - 1); diff --git a/apps/smime.c b/apps/smime.c index 0c683f5b3c2446e84bf3a72aaf05fe01f5d3182a..21e9daa6945daaea63091d56b1ad08fd2810b3a9 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -697,7 +697,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx) && ((error != X509_V_OK) || (ok != 2))) return ok; - policies_print(bio_err, ctx); + policies_print(ctx); return ok; diff --git a/apps/srp.c b/apps/srp.c index 0acbb8ac85c9d4169ada8c5bcf07d24adeb54bf0..adc6a6f130113e709425c671fb804baf9de0a35b 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -102,38 +102,38 @@ static int get_index(CA_DB *db, char *id, char type) return -1; } -static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) +static void print_entry(CA_DB *db, int indx, int verbose, char *s) { if (indx >= 0 && verbose) { int j; char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); - BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); + BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]); for (j = 0; j < DB_NUMBER; j++) { BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); } } } -static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) +static void print_index(CA_DB *db, int indexindex, int verbose) { - print_entry(db, bio, indexindex, verbose, "g N entry"); + print_entry(db, indexindex, verbose, "g N entry"); } -static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) +static void print_user(CA_DB *db, int userindex, int verbose) { if (verbose > 0) { char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); if (pp[DB_srptype][0] != 'I') { - print_entry(db, bio, userindex, verbose, "User entry"); - print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, + print_entry(db, userindex, verbose, "User entry"); + print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry"); } } } -static int update_index(CA_DB *db, BIO *bio, char **row) +static int update_index(CA_DB *db, char **row) { char **irow; int i; @@ -150,8 +150,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row) irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { - BIO_printf(bio, "failed to update srpvfile\n"); - BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error); + BIO_printf(bio_err, "failed to update srpvfile\n"); + BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); OPENSSL_free(irow); return 0; } @@ -165,7 +165,7 @@ static void lookup_fail(const char *name, const char *tag) static char *srp_verify_user(const char *user, const char *srp_verifier, char *srp_usersalt, const char *g, const char *N, - const char *passin, BIO *bio, int verbose) + const char *passin, int verbose) { char password[1024]; PW_CB_DATA cb_tmp; @@ -177,17 +177,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, if (password_callback(password, 1024, 0, &cb_tmp) > 0) { if (verbose) - BIO_printf(bio, + BIO_printf(bio_err, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N); - BIO_printf(bio, "Pass %s\n", password); + BIO_printf(bio_err, "Pass %s\n", password); OPENSSL_assert(srp_usersalt != NULL); if (! (gNid = SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g))) { - BIO_printf(bio, "Internal error validating SRP verifier\n"); + BIO_printf(bio_err, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) gNid = NULL; @@ -199,7 +199,7 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, static char *srp_create_user(char *user, char **srp_verifier, char **srp_usersalt, char *g, char *N, - char *passout, BIO *bio, int verbose) + char *passout, int verbose) { char password[1024]; PW_CB_DATA cb_tmp; @@ -210,17 +210,17 @@ static char *srp_create_user(char *user, char **srp_verifier, if (password_callback(password, 1024, 1, &cb_tmp) > 0) { if (verbose) - BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", + BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); if (! (gNid = SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) { - BIO_printf(bio, "Internal error creating SRP verifier\n"); + BIO_printf(bio_err, "Internal error creating SRP verifier\n"); } else *srp_usersalt = salt; if (verbose > 1) - BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, + BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier); } @@ -453,7 +453,7 @@ int srp_main(int argc, char **argv) if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) gNindex = i; - print_index(db, bio_err, i, verbose > 1); + print_index(db, i, verbose > 1); } } @@ -462,7 +462,7 @@ int srp_main(int argc, char **argv) if (gNindex >= 0) { gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); - print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); + print_entry(db, gNindex, verbose > 1, "Default g and N"); } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); goto end; @@ -484,7 +484,7 @@ int srp_main(int argc, char **argv) if (verbose > 1) BIO_printf(bio_err, "Processing user \"%s\"\n", user); if ((userindex = get_index(db, user, 'U')) >= 0) { - print_user(db, bio_err, userindex, (verbose > 0) + print_user(db, userindex, (verbose > 0) || mode == OPT_LIST); } @@ -493,7 +493,7 @@ int srp_main(int argc, char **argv) BIO_printf(bio_err, "List all users\n"); for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - print_user(db, bio_err, i, 1); + print_user(db, i, 1); } } else if (userindex < 0) { BIO_printf(bio_err, @@ -521,7 +521,7 @@ int srp_main(int argc, char **argv) &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : gN, gNrow ? gNrow[DB_srpverifier] : NULL, - passout, bio_err, verbose))) { + passout, verbose))) { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user); @@ -540,7 +540,7 @@ int srp_main(int argc, char **argv) = BUF_strdup (userinfo)))) - || !update_index(db, bio_err, row)) { + || !update_index(db, row)) { if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]); if (row[DB_srpgN]) @@ -593,7 +593,7 @@ int srp_main(int argc, char **argv) (user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, - bio_err, verbose)) { + verbose)) { BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user); @@ -611,7 +611,7 @@ int srp_main(int argc, char **argv) &(row[DB_srpsalt]), gNrow ? gNrow[DB_srpsalt] : NULL, gNrow ? gNrow[DB_srpverifier] : NULL, - passout, bio_err, verbose))) { + passout, verbose))) { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); @@ -664,7 +664,7 @@ int srp_main(int argc, char **argv) if (pp[DB_srptype][0] == 'v') { pp[DB_srptype][0] = 'V'; - print_user(db, bio_err, i, verbose); + print_user(db, i, verbose); } } diff --git a/apps/verify.c b/apps/verify.c index 35085e73563ad9bd2b3fd9e6bdbf20ad1f89d20b..1faca9675e233edb4c178d41a6f9357ce629d9c9 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -296,26 +296,25 @@ static int cb(int ok, X509_STORE_CTX *ctx) if (!ok) { if (current_cert) { - X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(current_cert), - 0, XN_FLAG_ONELINE); - printf("\n"); + X509_NAME_print_ex(bio_err, + X509_get_subject_name(current_cert), + 0, XN_FLAG_ONELINE); + BIO_printf(bio_err, "\n"); } - printf("%serror %d at %d depth lookup:%s\n", + BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n", X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); switch (cert_error) { case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(bio_err, ctx); + policies_print(ctx); case X509_V_ERR_CERT_HAS_EXPIRED: /* * since we are just checking the certificates, it is ok if they * are self signed. But we should still warn the user. */ - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* Continue after extension errors too */ case X509_V_ERR_INVALID_CA: @@ -326,14 +325,13 @@ static int cb(int ok, X509_STORE_CTX *ctx) case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: ok = 1; - } return ok; } if (cert_error == X509_V_OK && ok == 2) - policies_print(bio_out, ctx); + policies_print(ctx); if (!v_verbose) ERR_clear_error(); return (ok);