Print this page
4853 illumos-gate is not lint-clean when built with openssl 1.0
Reviewed by Keith Wesolowski <keith.wesolowski@joyent.com>
Reviewed by Alexander Eremin <alexander.eremin@nexenta.com>


   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2002-2003 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28 
  29 #include <stdio.h>
  30 #include <libintl.h>
  31 #include <locale.h>
  32 #include <sys/types.h>
  33 #include <sys/stat.h>
  34 #include <sys/wanboot_impl.h>
  35 #include <unistd.h>
  36 #include <string.h>
  37 #include <libinetutil.h>
  38 #include <wanbootutil.h>
  39 
  40 #include <openssl/crypto.h>
  41 #include <openssl/buffer.h>
  42 #include <openssl/bio.h>
  43 #include <openssl/err.h>
  44 #include <openssl/x509.h>
  45 #include <openssl/x509v3.h>
  46 #include <openssl/pkcs12.h>
  47 #include <openssl/evp.h>
  48 #include <p12aux.h>


 245                                 (void) printf(gettext("  Subject: %s\n"),
 246                                     bufp);
 247                                 OPENSSL_free(bufp);
 248                         }
 249 
 250                         bufp = sunw_issuer_attrs(xcert_in, NULL, 0);
 251                         if (bufp != NULL) {
 252                                 (void) printf(gettext("  Issuer: %s\n"), bufp);
 253                                 OPENSSL_free(bufp);
 254                         }
 255 
 256                         (void) sunw_print_times(stdout, PRNT_BOTH, NULL,
 257                             xcert_in);
 258                 }
 259 
 260                 if (ta_in != NULL) {
 261                         X509 *x;
 262                         int i;
 263 
 264                         for (i = 0; i < sk_X509_num(ta_in); i++) {
 265                                 /* LINTED */
 266                                 x = sk_X509_value(ta_in, i);
 267                                 (void) printf(
 268                                     gettext("\nTrust Anchor cert %d:\n"), i);
 269 
 270                                 /*
 271                                  * sunw_subject_attrs() returns a pointer to
 272                                  * memory allocated on our behalf. We get the
 273                                  * same behavior from sunw_issuer_attrs().
 274                                  */
 275                                 bufp = sunw_subject_attrs(x, NULL, 0);
 276                                 if (bufp != NULL) {
 277                                         (void) printf(
 278                                             gettext("  Subject: %s\n"), bufp);
 279                                         OPENSSL_free(bufp);
 280                                 }
 281 
 282                                 bufp = sunw_issuer_attrs(x, NULL, 0);
 283                                 if (bufp != NULL) {
 284                                         (void) printf(
 285                                             gettext("  Issuer: %s\n"), bufp);


 359 {
 360         X509 *curr;
 361         time_errs_t ret;
 362         int i;
 363         int del_expired = (outfiles != 0);
 364 
 365         if (c_in != NULL && *c_in != NULL) {
 366                 ret = time_check_print(*c_in);
 367                 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
 368                     del_expired) {
 369                         (void) fprintf(stderr, gettext("  Removing cert\n"));
 370                         X509_free(*c_in);
 371                         *c_in = NULL;
 372                 }
 373         }
 374 
 375         if (ta_in == NULL)
 376                 return;
 377 
 378         for (i = 0; i < sk_X509_num(ta_in); ) {
 379                 /* LINTED */
 380                 curr = sk_X509_value(ta_in, i);
 381                 ret = time_check_print(curr);
 382                 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
 383                     del_expired) {
 384                         (void) fprintf(stderr, gettext("  Removing cert\n"));
 385                         /* LINTED */
 386                         curr = sk_X509_delete(ta_in, i);
 387                         X509_free(curr);
 388                         continue;
 389                 }
 390                 i++;
 391         }
 392 }
 393 
 394 static time_errs_t
 395 time_check_print(X509 *cert)
 396 {
 397         char buf[256];
 398         int ret;
 399 
 400         ret = time_check(cert);
 401         if (ret == CHK_TIME_OK)
 402                 return (CHK_TIME_OK);
 403 
 404         (void) fprintf(stderr, gettext("  Subject: %s"),
 405             sunw_subject_attrs(cert, buf, sizeof (buf)));


 569                 goto cleanup;
 570         }
 571 
 572         if (i2d_PKCS12_fp(fp, p12) == 0) {
 573                 wbku_printerr("cannot write %s: %s\n", name, cryptoerr());
 574                 ret = -1;
 575                 goto cleanup;
 576         }
 577 
 578 cleanup:
 579         (void) fclose(fp);
 580         if (p12 != NULL)
 581                 PKCS12_free(p12);
 582         /*
 583          * Put the cert and pkey off of the stack so that they won't
 584          * be freed two times.  (If they get left in the stack then
 585          * they will be freed with the stack.)
 586          */
 587         if (clist != NULL) {
 588                 if (cert != NULL && sk_X509_num(clist) == 1) {
 589                         /* LINTED */
 590                         (void) sk_X509_delete(clist, 0);
 591                 }
 592                 sk_X509_pop_free(clist, X509_free);
 593         }
 594         if (klist != NULL) {
 595                 if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) {
 596                         /* LINTED */
 597                         (void) sk_EVP_PKEY_delete(klist, 0);
 598                 }
 599                 sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free);
 600         }
 601 
 602         return (ret);
 603 }
 604 
 605 static void
 606 usage(void)
 607 {
 608         (void) fprintf(stderr,
 609             gettext("usage:\n"
 610             "     %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n"
 611             "\n"),
 612             progname);
 613         (void) fprintf(stderr,
 614             gettext(" where:\n"
 615             "  -i - input file to be split into component parts and put in\n"
 616             "       files given by -c, -k and -t\n"




   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2002-2003 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 


  27 #include <stdio.h>
  28 #include <libintl.h>
  29 #include <locale.h>
  30 #include <sys/types.h>
  31 #include <sys/stat.h>
  32 #include <sys/wanboot_impl.h>
  33 #include <unistd.h>
  34 #include <string.h>
  35 #include <libinetutil.h>
  36 #include <wanbootutil.h>
  37 
  38 #include <openssl/crypto.h>
  39 #include <openssl/buffer.h>
  40 #include <openssl/bio.h>
  41 #include <openssl/err.h>
  42 #include <openssl/x509.h>
  43 #include <openssl/x509v3.h>
  44 #include <openssl/pkcs12.h>
  45 #include <openssl/evp.h>
  46 #include <p12aux.h>


 243                                 (void) printf(gettext("  Subject: %s\n"),
 244                                     bufp);
 245                                 OPENSSL_free(bufp);
 246                         }
 247 
 248                         bufp = sunw_issuer_attrs(xcert_in, NULL, 0);
 249                         if (bufp != NULL) {
 250                                 (void) printf(gettext("  Issuer: %s\n"), bufp);
 251                                 OPENSSL_free(bufp);
 252                         }
 253 
 254                         (void) sunw_print_times(stdout, PRNT_BOTH, NULL,
 255                             xcert_in);
 256                 }
 257 
 258                 if (ta_in != NULL) {
 259                         X509 *x;
 260                         int i;
 261 
 262                         for (i = 0; i < sk_X509_num(ta_in); i++) {

 263                                 x = sk_X509_value(ta_in, i);
 264                                 (void) printf(
 265                                     gettext("\nTrust Anchor cert %d:\n"), i);
 266 
 267                                 /*
 268                                  * sunw_subject_attrs() returns a pointer to
 269                                  * memory allocated on our behalf. We get the
 270                                  * same behavior from sunw_issuer_attrs().
 271                                  */
 272                                 bufp = sunw_subject_attrs(x, NULL, 0);
 273                                 if (bufp != NULL) {
 274                                         (void) printf(
 275                                             gettext("  Subject: %s\n"), bufp);
 276                                         OPENSSL_free(bufp);
 277                                 }
 278 
 279                                 bufp = sunw_issuer_attrs(x, NULL, 0);
 280                                 if (bufp != NULL) {
 281                                         (void) printf(
 282                                             gettext("  Issuer: %s\n"), bufp);


 356 {
 357         X509 *curr;
 358         time_errs_t ret;
 359         int i;
 360         int del_expired = (outfiles != 0);
 361 
 362         if (c_in != NULL && *c_in != NULL) {
 363                 ret = time_check_print(*c_in);
 364                 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
 365                     del_expired) {
 366                         (void) fprintf(stderr, gettext("  Removing cert\n"));
 367                         X509_free(*c_in);
 368                         *c_in = NULL;
 369                 }
 370         }
 371 
 372         if (ta_in == NULL)
 373                 return;
 374 
 375         for (i = 0; i < sk_X509_num(ta_in); ) {

 376                 curr = sk_X509_value(ta_in, i);
 377                 ret = time_check_print(curr);
 378                 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
 379                     del_expired) {
 380                         (void) fprintf(stderr, gettext("  Removing cert\n"));

 381                         curr = sk_X509_delete(ta_in, i);
 382                         X509_free(curr);
 383                         continue;
 384                 }
 385                 i++;
 386         }
 387 }
 388 
 389 static time_errs_t
 390 time_check_print(X509 *cert)
 391 {
 392         char buf[256];
 393         int ret;
 394 
 395         ret = time_check(cert);
 396         if (ret == CHK_TIME_OK)
 397                 return (CHK_TIME_OK);
 398 
 399         (void) fprintf(stderr, gettext("  Subject: %s"),
 400             sunw_subject_attrs(cert, buf, sizeof (buf)));


 564                 goto cleanup;
 565         }
 566 
 567         if (i2d_PKCS12_fp(fp, p12) == 0) {
 568                 wbku_printerr("cannot write %s: %s\n", name, cryptoerr());
 569                 ret = -1;
 570                 goto cleanup;
 571         }
 572 
 573 cleanup:
 574         (void) fclose(fp);
 575         if (p12 != NULL)
 576                 PKCS12_free(p12);
 577         /*
 578          * Put the cert and pkey off of the stack so that they won't
 579          * be freed two times.  (If they get left in the stack then
 580          * they will be freed with the stack.)
 581          */
 582         if (clist != NULL) {
 583                 if (cert != NULL && sk_X509_num(clist) == 1) {

 584                         (void) sk_X509_delete(clist, 0);
 585                 }
 586                 sk_X509_pop_free(clist, X509_free);
 587         }
 588         if (klist != NULL) {
 589                 if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) {

 590                         (void) sk_EVP_PKEY_delete(klist, 0);
 591                 }
 592                 sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free);
 593         }
 594 
 595         return (ret);
 596 }
 597 
 598 static void
 599 usage(void)
 600 {
 601         (void) fprintf(stderr,
 602             gettext("usage:\n"
 603             "     %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n"
 604             "\n"),
 605             progname);
 606         (void) fprintf(stderr,
 607             gettext(" where:\n"
 608             "  -i - input file to be split into component parts and put in\n"
 609             "       files given by -c, -k and -t\n"