Print this page
4853 illumos-gate is not lint-clean when built with openssl 1.0 (fix openssl 0.9.8 lint)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/p12split.c
+++ new/usr/src/cmd/cmd-inet/usr.lib/wanboot/p12split/p12split.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22 /*
23 23 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 #include <stdio.h>
28 28 #include <libintl.h>
29 29 #include <locale.h>
30 30 #include <sys/types.h>
31 31 #include <sys/stat.h>
32 32 #include <sys/wanboot_impl.h>
33 33 #include <unistd.h>
34 34 #include <string.h>
35 35 #include <libinetutil.h>
36 36 #include <wanbootutil.h>
37 37
38 38 #include <openssl/crypto.h>
39 39 #include <openssl/buffer.h>
40 40 #include <openssl/bio.h>
41 41 #include <openssl/err.h>
42 42 #include <openssl/x509.h>
43 43 #include <openssl/x509v3.h>
44 44 #include <openssl/pkcs12.h>
45 45 #include <openssl/evp.h>
46 46 #include <p12aux.h>
47 47
48 48 static boolean_t verbose = B_FALSE; /* When nonzero, do in verbose mode */
49 49
50 50 /* The following match/cert values require PKCS12 */
51 51 static int matchty; /* Type of matching do to on input */
52 52 static char *k_matchval; /* localkeyid value to match */
53 53 static uint_t k_len; /* length of k_matchval */
54 54
55 55 #define IO_KEYFILE 1 /* Have a separate key file or data */
56 56 #define IO_CERTFILE 2 /* Have a separate cert file or data */
57 57 #define IO_TRUSTFILE 4 /* Have a separate trustanchor file */
58 58
59 59 static char *input = NULL; /* Consolidated input file */
60 60 static char *key_out = NULL; /* Key file to be output */
61 61 static char *cert_out = NULL; /* Cert file to be output */
62 62 static char *trust_out = NULL; /* Trust anchor file to be output */
63 63 static uint_t outfiles; /* What files are there for output */
64 64 static char *progname;
65 65
66 66 /* Returns from time_check */
67 67 typedef enum {
68 68 CHK_TIME_OK = 0, /* Cert in effect and not expired */
69 69 CHK_TIME_BEFORE_BAD, /* not_before field is invalid */
70 70 CHK_TIME_AFTER_BAD, /* not_after field is invalid */
71 71 CHK_TIME_IS_BEFORE, /* Cert not yet in force */
72 72 CHK_TIME_HAS_EXPIRED /* Cert has expired */
73 73 } time_errs_t;
74 74
75 75 static int parse_keyid(const char *);
76 76 static int do_certs(void);
77 77 static int read_files(STACK_OF(X509) **, X509 **, EVP_PKEY **);
78 78 static void check_certs(STACK_OF(X509) *, X509 **);
79 79 static time_errs_t time_check_print(X509 *);
80 80 static time_errs_t time_check(X509 *);
81 81 static int write_files(STACK_OF(X509) *, X509 *, EVP_PKEY *);
82 82 static int get_ifile(char *, char *, EVP_PKEY **, X509 **, STACK_OF(X509) **);
83 83 static int do_ofile(char *, EVP_PKEY *, X509 *, STACK_OF(X509) *);
84 84 static void usage(void);
85 85 static const char *cryptoerr(void);
86 86
87 87 int
88 88 main(int argc, char **argv)
89 89 {
90 90 int i;
91 91
92 92 /*
93 93 * Do the necessary magic for localization support.
94 94 */
95 95 (void) setlocale(LC_ALL, "");
96 96 #if !defined(TEXT_DOMAIN)
97 97 #define TEXT_DOMAIN "SYS_TEST"
98 98 #endif
99 99 (void) textdomain(TEXT_DOMAIN);
100 100
101 101 progname = strrchr(argv[0], '/');
102 102 if (progname != NULL)
103 103 progname++;
104 104 else
105 105 progname = argv[0];
106 106
107 107 wbku_errinit(progname);
108 108
109 109 matchty = DO_FIRST_PAIR;
110 110 while ((i = getopt(argc, argv, "vc:i:k:l:t:")) != -1) {
111 111 switch (i) {
112 112 case 'v':
113 113 verbose = B_TRUE;
114 114 break;
115 115
116 116 case 'l':
117 117 if (parse_keyid(optarg) < 0)
118 118 return (EXIT_FAILURE);
119 119 matchty = DO_FIND_KEYID;
120 120 break;
121 121
122 122 case 'c':
123 123 cert_out = optarg;
124 124 outfiles |= IO_CERTFILE;
125 125 break;
126 126
127 127 case 'k':
128 128 key_out = optarg;
129 129 outfiles |= IO_KEYFILE;
130 130 break;
131 131
132 132 case 't':
133 133 trust_out = optarg;
134 134 outfiles |= IO_TRUSTFILE;
135 135 break;
136 136
137 137 case 'i':
138 138 input = optarg;
139 139 break;
140 140
141 141 default:
142 142 usage();
143 143 }
144 144 }
145 145
146 146 if (input == NULL) {
147 147 wbku_printerr("no input file specified\n");
148 148 usage();
149 149 }
150 150
151 151 /*
152 152 * Need output files.
153 153 */
154 154 if (outfiles == 0) {
155 155 wbku_printerr("at least one output file must be specified\n");
156 156 usage();
157 157 }
158 158
159 159 if (do_certs() < 0)
160 160 return (EXIT_FAILURE);
161 161
162 162 return (EXIT_SUCCESS);
163 163 }
164 164
165 165 static int
166 166 parse_keyid(const char *keystr)
167 167 {
168 168 const char *rp;
169 169 char *wp;
170 170 char *nkeystr;
171 171 uint_t nkeystrlen;
172 172
173 173 /*
174 174 * In the worst case, we'll need one additional character in our
175 175 * output string -- e.g. "A\0" -> "0A\0"
176 176 */
177 177 nkeystrlen = strlen(keystr) + 2;
178 178 k_len = (nkeystrlen + 1) / 2;
179 179 nkeystr = malloc(nkeystrlen);
180 180 k_matchval = malloc(k_len);
181 181 if (nkeystr == NULL || k_matchval == NULL) {
182 182 free(nkeystr);
183 183 free(k_matchval);
184 184 wbku_printerr("cannot allocate keyid");
185 185 return (-1);
186 186 }
187 187
188 188 /*
189 189 * For convenience, we allow the user to put spaces between each digit
190 190 * when entering it on the command line. As a result, we need to
191 191 * process it into a format that hexascii_to_octet() can handle. Note
192 192 * that we're careful to map strings like "AA B CC D" to "AA0BCC0D".
193 193 */
194 194 for (rp = keystr, wp = nkeystr; *rp != '\0'; rp++) {
195 195 if (*rp == ' ')
196 196 continue;
197 197
198 198 if (rp[1] == ' ' || rp[1] == '\0') {
199 199 *wp++ = '0'; /* one character sequence; prepend 0 */
200 200 *wp++ = *rp;
201 201 } else {
202 202 *wp++ = *rp++;
203 203 *wp++ = *rp;
204 204 }
205 205 }
206 206 *wp = '\0';
207 207
208 208 if (hexascii_to_octet(nkeystr, wp - nkeystr, k_matchval, &k_len) != 0) {
209 209 free(nkeystr);
210 210 free(k_matchval);
211 211 wbku_printerr("invalid keyid `%s'\n", keystr);
212 212 return (-1);
213 213 }
214 214
215 215 free(nkeystr);
216 216 return (0);
217 217 }
218 218
219 219 static int
220 220 do_certs(void)
221 221 {
222 222 char *bufp;
223 223 STACK_OF(X509) *ta_in = NULL;
224 224 EVP_PKEY *pkey_in = NULL;
225 225 X509 *xcert_in = NULL;
226 226
227 227 sunw_crypto_init();
228 228
229 229 if (read_files(&ta_in, &xcert_in, &pkey_in) < 0)
230 230 return (-1);
231 231
232 232 if (verbose) {
233 233 if (xcert_in != NULL) {
234 234 (void) printf(gettext("\nMain cert:\n"));
235 235
236 236 /*
237 237 * sunw_subject_attrs() returns a pointer to
238 238 * memory allocated on our behalf. The same
239 239 * behavior is exhibited by sunw_issuer_attrs().
240 240 */
241 241 bufp = sunw_subject_attrs(xcert_in, NULL, 0);
242 242 if (bufp != NULL) {
243 243 (void) printf(gettext(" Subject: %s\n"),
244 244 bufp);
245 245 OPENSSL_free(bufp);
246 246 }
247 247
248 248 bufp = sunw_issuer_attrs(xcert_in, NULL, 0);
249 249 if (bufp != NULL) {
250 250 (void) printf(gettext(" Issuer: %s\n"), bufp);
251 251 OPENSSL_free(bufp);
252 252 }
|
↓ open down ↓ |
252 lines elided |
↑ open up ↑ |
253 253
254 254 (void) sunw_print_times(stdout, PRNT_BOTH, NULL,
255 255 xcert_in);
256 256 }
257 257
258 258 if (ta_in != NULL) {
259 259 X509 *x;
260 260 int i;
261 261
262 262 for (i = 0; i < sk_X509_num(ta_in); i++) {
263 + /* LINTED */
263 264 x = sk_X509_value(ta_in, i);
264 265 (void) printf(
265 266 gettext("\nTrust Anchor cert %d:\n"), i);
266 267
267 268 /*
268 269 * sunw_subject_attrs() returns a pointer to
269 270 * memory allocated on our behalf. We get the
270 271 * same behavior from sunw_issuer_attrs().
271 272 */
272 273 bufp = sunw_subject_attrs(x, NULL, 0);
273 274 if (bufp != NULL) {
274 275 (void) printf(
275 276 gettext(" Subject: %s\n"), bufp);
276 277 OPENSSL_free(bufp);
277 278 }
278 279
279 280 bufp = sunw_issuer_attrs(x, NULL, 0);
280 281 if (bufp != NULL) {
281 282 (void) printf(
282 283 gettext(" Issuer: %s\n"), bufp);
283 284 OPENSSL_free(bufp);
284 285 }
285 286
286 287 (void) sunw_print_times(stdout, PRNT_BOTH,
287 288 NULL, x);
288 289 }
289 290 }
290 291 }
291 292
292 293 check_certs(ta_in, &xcert_in);
293 294 if (xcert_in != NULL && pkey_in != NULL) {
294 295 if (sunw_check_keys(xcert_in, pkey_in) == 0) {
295 296 wbku_printerr("warning: key and certificate do "
296 297 "not match\n");
297 298 }
298 299 }
299 300
300 301 return (write_files(ta_in, xcert_in, pkey_in));
301 302 }
302 303
303 304 static int
304 305 read_files(STACK_OF(X509) **t_in, X509 **c_in, EVP_PKEY **k_in)
305 306 {
306 307 char *i_pass;
307 308
308 309 i_pass = getpassphrase(gettext("Enter key password: "));
309 310
310 311 if (get_ifile(input, i_pass, k_in, c_in, t_in) < 0)
311 312 return (-1);
312 313
313 314 /*
314 315 * If we are only interested in getting a trust anchor, and if there
315 316 * is no trust anchor but is a regular cert, use it instead. Do this
316 317 * to handle the insanity with openssl, which requires a matching cert
317 318 * and key in order to write a PKCS12 file.
318 319 */
319 320 if (outfiles == IO_TRUSTFILE) {
320 321 if (c_in != NULL && *c_in != NULL && t_in != NULL) {
321 322 if (*t_in == NULL) {
322 323 if ((*t_in = sk_X509_new_null()) == NULL) {
323 324 wbku_printerr("out of memory\n");
324 325 return (-1);
325 326 }
326 327 }
327 328
328 329 if (sk_X509_num(*t_in) == 0) {
329 330 if (sk_X509_push(*t_in, *c_in) == 0) {
330 331 wbku_printerr("out of memory\n");
331 332 return (-1);
332 333 }
333 334 *c_in = NULL;
334 335 }
335 336 }
336 337 }
337 338
338 339 if ((outfiles & IO_KEYFILE) && *k_in == NULL) {
339 340 wbku_printerr("no matching key found\n");
340 341 return (-1);
341 342 }
342 343 if ((outfiles & IO_CERTFILE) && *c_in == NULL) {
343 344 wbku_printerr("no matching certificate found\n");
344 345 return (-1);
345 346 }
346 347 if ((outfiles & IO_TRUSTFILE) && *t_in == NULL) {
347 348 wbku_printerr("no matching trust anchor found\n");
348 349 return (-1);
349 350 }
350 351
351 352 return (0);
352 353 }
353 354
354 355 static void
355 356 check_certs(STACK_OF(X509) *ta_in, X509 **c_in)
356 357 {
357 358 X509 *curr;
358 359 time_errs_t ret;
359 360 int i;
360 361 int del_expired = (outfiles != 0);
361 362
362 363 if (c_in != NULL && *c_in != NULL) {
363 364 ret = time_check_print(*c_in);
364 365 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
365 366 del_expired) {
|
↓ open down ↓ |
93 lines elided |
↑ open up ↑ |
366 367 (void) fprintf(stderr, gettext(" Removing cert\n"));
367 368 X509_free(*c_in);
368 369 *c_in = NULL;
369 370 }
370 371 }
371 372
372 373 if (ta_in == NULL)
373 374 return;
374 375
375 376 for (i = 0; i < sk_X509_num(ta_in); ) {
377 + /* LINTED */
376 378 curr = sk_X509_value(ta_in, i);
377 379 ret = time_check_print(curr);
378 380 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
379 381 del_expired) {
380 382 (void) fprintf(stderr, gettext(" Removing cert\n"));
383 + /* LINTED */
381 384 curr = sk_X509_delete(ta_in, i);
382 385 X509_free(curr);
383 386 continue;
384 387 }
385 388 i++;
386 389 }
387 390 }
388 391
389 392 static time_errs_t
390 393 time_check_print(X509 *cert)
391 394 {
392 395 char buf[256];
393 396 int ret;
394 397
395 398 ret = time_check(cert);
396 399 if (ret == CHK_TIME_OK)
397 400 return (CHK_TIME_OK);
398 401
399 402 (void) fprintf(stderr, gettext(" Subject: %s"),
400 403 sunw_subject_attrs(cert, buf, sizeof (buf)));
401 404 (void) fprintf(stderr, gettext(" Issuer: %s"),
402 405 sunw_issuer_attrs(cert, buf, sizeof (buf)));
403 406
404 407 switch (ret) {
405 408 case CHK_TIME_BEFORE_BAD:
406 409 (void) fprintf(stderr,
407 410 gettext("\n Invalid cert 'not before' field\n"));
408 411 break;
409 412
410 413 case CHK_TIME_AFTER_BAD:
411 414 (void) fprintf(stderr,
412 415 gettext("\n Invalid cert 'not after' field\n"));
413 416 break;
414 417
415 418 case CHK_TIME_HAS_EXPIRED:
416 419 (void) sunw_print_times(stderr, PRNT_NOT_AFTER,
417 420 gettext("\n Cert has expired\n"), cert);
418 421 break;
419 422
420 423 case CHK_TIME_IS_BEFORE:
421 424 (void) sunw_print_times(stderr, PRNT_NOT_BEFORE,
422 425 gettext("\n Warning: cert not yet valid\n"), cert);
423 426 break;
424 427
425 428 default:
426 429 break;
427 430 }
428 431
429 432 return (ret);
430 433 }
431 434
432 435 static time_errs_t
433 436 time_check(X509 *cert)
434 437 {
435 438 int i;
436 439
437 440 i = X509_cmp_time(X509_get_notBefore(cert), NULL);
438 441 if (i == 0)
439 442 return (CHK_TIME_BEFORE_BAD);
440 443 if (i > 0)
441 444 return (CHK_TIME_IS_BEFORE);
442 445 /* After 'not before' time */
443 446
444 447 i = X509_cmp_time(X509_get_notAfter(cert), NULL);
445 448 if (i == 0)
446 449 return (CHK_TIME_AFTER_BAD);
447 450 if (i < 0)
448 451 return (CHK_TIME_HAS_EXPIRED);
449 452 return (CHK_TIME_OK);
450 453 }
451 454
452 455 static int
453 456 write_files(STACK_OF(X509) *t_out, X509 *c_out, EVP_PKEY *k_out)
454 457 {
455 458 if (key_out != NULL) {
456 459 if (verbose)
457 460 (void) printf(gettext("%s: writing key\n"), progname);
458 461 if (do_ofile(key_out, k_out, NULL, NULL) < 0)
459 462 return (-1);
460 463 }
461 464
462 465 if (cert_out != NULL) {
463 466 if (verbose)
464 467 (void) printf(gettext("%s: writing cert\n"), progname);
465 468 if (do_ofile(cert_out, NULL, c_out, NULL) < 0)
466 469 return (-1);
467 470 }
468 471
469 472 if (trust_out != NULL) {
470 473 if (verbose)
471 474 (void) printf(gettext("%s: writing trust\n"),
472 475 progname);
473 476 if (do_ofile(trust_out, NULL, NULL, t_out) < 0)
474 477 return (-1);
475 478 }
476 479
477 480 return (0);
478 481 }
479 482
480 483 static int
481 484 get_ifile(char *name, char *pass, EVP_PKEY **tmp_k, X509 **tmp_c,
482 485 STACK_OF(X509) **tmp_t)
483 486 {
484 487 PKCS12 *p12;
485 488 FILE *fp;
486 489 int ret;
487 490 struct stat sbuf;
488 491
489 492 if (stat(name, &sbuf) == 0 && !S_ISREG(sbuf.st_mode)) {
490 493 wbku_printerr("%s is not a regular file\n", name);
491 494 return (-1);
492 495 }
493 496
494 497 if ((fp = fopen(name, "r")) == NULL) {
495 498 wbku_printerr("cannot open input file %s", name);
496 499 return (-1);
497 500 }
498 501
499 502 p12 = d2i_PKCS12_fp(fp, NULL);
500 503 if (p12 == NULL) {
501 504 wbku_printerr("cannot read file %s: %s\n", name, cryptoerr());
502 505 (void) fclose(fp);
503 506 return (-1);
504 507 }
505 508 (void) fclose(fp);
506 509
507 510 ret = sunw_PKCS12_parse(p12, pass, matchty, k_matchval, k_len,
508 511 NULL, tmp_k, tmp_c, tmp_t);
509 512 if (ret <= 0) {
510 513 if (ret == 0)
511 514 wbku_printerr("cannot find matching cert and key\n");
512 515 else
513 516 wbku_printerr("cannot parse %s: %s\n", name,
514 517 cryptoerr());
515 518 PKCS12_free(p12);
516 519 return (-1);
517 520 }
518 521 return (0);
519 522 }
520 523
521 524 static int
522 525 do_ofile(char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ta)
523 526 {
524 527 STACK_OF(EVP_PKEY) *klist = NULL;
525 528 STACK_OF(X509) *clist = NULL;
526 529 PKCS12 *p12 = NULL;
527 530 int ret = 0;
528 531 FILE *fp;
529 532 struct stat sbuf;
530 533
531 534 if (stat(name, &sbuf) == 0 && !S_ISREG(sbuf.st_mode)) {
532 535 wbku_printerr("%s is not a regular file\n", name);
533 536 return (-1);
534 537 }
535 538
536 539 if ((fp = fopen(name, "w")) == NULL) {
537 540 wbku_printerr("cannot open output file %s", name);
538 541 return (-1);
539 542 }
540 543
541 544 if ((clist = sk_X509_new_null()) == NULL ||
542 545 (klist = sk_EVP_PKEY_new_null()) == NULL) {
543 546 wbku_printerr("out of memory\n");
544 547 ret = -1;
545 548 goto cleanup;
546 549 }
547 550
548 551 if (cert != NULL && sk_X509_push(clist, cert) == 0) {
549 552 wbku_printerr("out of memory\n");
550 553 ret = -1;
551 554 goto cleanup;
552 555 }
553 556
554 557 if (pkey != NULL && sk_EVP_PKEY_push(klist, pkey) == 0) {
555 558 wbku_printerr("out of memory\n");
556 559 ret = -1;
557 560 goto cleanup;
558 561 }
559 562
560 563 p12 = sunw_PKCS12_create(WANBOOT_PASSPHRASE, klist, clist, ta);
561 564 if (p12 == NULL) {
562 565 wbku_printerr("cannot create %s: %s\n", name, cryptoerr());
563 566 ret = -1;
564 567 goto cleanup;
565 568 }
566 569
567 570 if (i2d_PKCS12_fp(fp, p12) == 0) {
568 571 wbku_printerr("cannot write %s: %s\n", name, cryptoerr());
569 572 ret = -1;
570 573 goto cleanup;
571 574 }
572 575
573 576 cleanup:
|
↓ open down ↓ |
183 lines elided |
↑ open up ↑ |
574 577 (void) fclose(fp);
575 578 if (p12 != NULL)
576 579 PKCS12_free(p12);
577 580 /*
578 581 * Put the cert and pkey off of the stack so that they won't
579 582 * be freed two times. (If they get left in the stack then
580 583 * they will be freed with the stack.)
581 584 */
582 585 if (clist != NULL) {
583 586 if (cert != NULL && sk_X509_num(clist) == 1) {
587 + /* LINTED */
584 588 (void) sk_X509_delete(clist, 0);
585 589 }
586 590 sk_X509_pop_free(clist, X509_free);
587 591 }
588 592 if (klist != NULL) {
589 593 if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) {
594 + /* LINTED */
590 595 (void) sk_EVP_PKEY_delete(klist, 0);
591 596 }
592 597 sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free);
593 598 }
594 599
595 600 return (ret);
596 601 }
597 602
598 603 static void
599 604 usage(void)
600 605 {
601 606 (void) fprintf(stderr,
602 607 gettext("usage:\n"
603 608 " %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n"
604 609 "\n"),
605 610 progname);
606 611 (void) fprintf(stderr,
607 612 gettext(" where:\n"
608 613 " -i - input file to be split into component parts and put in\n"
609 614 " files given by -c, -k and -t\n"
610 615 " -c - output file for the client certificate\n"
611 616 " -k - output file for the client private key\n"
612 617 " -t - output file for the remaining certificates (assumed\n"
613 618 " to be trust anchors)\n"
614 619 "\n Files are assumed to be pkcs12-format files.\n\n"
615 620 " -v - verbose\n"
616 621 " -l - value of 'localkeyid' attribute in client cert and\n"
617 622 " private key to be selected from the input file.\n\n"));
618 623 exit(EXIT_FAILURE);
619 624 }
620 625
621 626 /*
622 627 * Return a pointer to a static buffer that contains a listing of crypto
623 628 * errors. We presume that the user doesn't want more than 8KB of error
624 629 * messages :-)
625 630 */
626 631 static const char *
627 632 cryptoerr(void)
628 633 {
629 634 static char errbuf[8192];
630 635 ulong_t err;
631 636 const char *pfile;
632 637 int line;
633 638 unsigned int nerr = 0;
634 639
635 640 errbuf[0] = '\0';
636 641 while ((err = ERR_get_error_line(&pfile, &line)) != 0) {
637 642 if (++nerr > 1)
638 643 (void) strlcat(errbuf, "\n\t", sizeof (errbuf));
639 644
640 645 if (err == (ulong_t)-1) {
641 646 (void) strlcat(errbuf, strerror(errno),
642 647 sizeof (errbuf));
643 648 break;
644 649 }
645 650 (void) strlcat(errbuf, ERR_reason_error_string(err),
646 651 sizeof (errbuf));
647 652 }
648 653
649 654 return (errbuf);
650 655 }
|
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX