diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 08:50:53 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 09:56:16 +0200 |
| commit | 9e400c33104e9f2e394e8914e7d6138e623da19e (patch) | |
| tree | 24c84b6784be40f38f8c4fee6310fea3985d1382 | |
| parent | ac291206e86f4d39e1820bbb746612c9018383b6 (diff) | |
| download | gnutls-9e400c33104e9f2e394e8914e7d6138e623da19e.tar.gz | |
tools: remove outfile when exited on error
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | src/certtool-common.c | 128 | ||||
| -rw-r--r-- | src/certtool-common.h | 6 | ||||
| -rw-r--r-- | src/certtool.c | 446 | ||||
| -rw-r--r-- | src/danetool.c | 40 | ||||
| -rw-r--r-- | src/p11tool.c | 17 | ||||
| -rw-r--r-- | src/pkcs11.c | 146 | ||||
| -rw-r--r-- | src/systemkey.c | 19 | ||||
| -rw-r--r-- | src/tpmtool.c | 12 |
8 files changed, 439 insertions, 375 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c index 4c5d40aa7b..7e79dc8ba1 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -82,7 +82,7 @@ void fix_lbuffer(unsigned long size) if (lbuffer == NULL) { fprintf(stderr, "memory error"); - exit(1); + app_exit(1); } } @@ -118,7 +118,7 @@ gnutls_datum_t *load_secret_key(int mand, common_info_st * info) if (info->secret_key == NULL) { if (mand) { fprintf(stderr, "missing --secret-key\n"); - exit(1); + app_exit(1); } else return NULL; } @@ -129,7 +129,7 @@ gnutls_datum_t *load_secret_key(int mand, common_info_st * info) ret = gnutls_hex_decode(&hex_key, raw_key, &raw_key_size); if (ret < 0) { fprintf(stderr, "hex_decode: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } key.data = (void *) raw_key; @@ -173,7 +173,7 @@ static gnutls_privkey_t _load_privkey(gnutls_datum_t * dat, ret = gnutls_privkey_init(&key); if (ret < 0) { fprintf(stderr, "privkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = @@ -191,13 +191,13 @@ static gnutls_privkey_t _load_privkey(gnutls_datum_t * dat, fprintf(stderr, "import error: could not find a valid PEM header; " "check if your key is PKCS #12 encoded\n"); - exit(1); + app_exit(1); } if (ret < 0) { fprintf(stderr, "error loading file at --load-privkey: %s: %s\n", info->privkey, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return key; @@ -211,14 +211,14 @@ static gnutls_privkey_t _load_url_privkey(const char *url) ret = gnutls_privkey_init(&key); if (ret < 0) { fprintf(stderr, "privkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_privkey_import_url(key, url, 0); if (ret < 0) { fprintf(stderr, "error importing key at %s: %s\n", url, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return key; @@ -234,14 +234,14 @@ static gnutls_pubkey_t _load_url_pubkey(const char *url) if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_url(pubkey, url, obj_flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s: %s\n", __func__, __LINE__, gnutls_strerror(ret), url); - exit(1); + app_exit(1); } return pubkey; @@ -261,7 +261,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info) if (info->privkey == NULL) { fprintf(stderr, "missing --load-privkey\n"); - exit(1); + app_exit(1); } if (gnutls_url_is_supported(info->privkey) != 0) @@ -273,7 +273,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-privkey: %s\n", info->privkey); - exit(1); + app_exit(1); } key = _load_privkey(&dat, info); @@ -301,13 +301,13 @@ load_x509_private_key(int mand, common_info_st * info) if (info->privkey == NULL) { fprintf(stderr, "missing --load-privkey\n"); - exit(1); + app_exit(1); } ret = gnutls_x509_privkey_init(&key); if (ret < 0) { fprintf(stderr, "privkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } dat.data = (void *) read_binary_file(info->privkey, &size); @@ -316,7 +316,7 @@ load_x509_private_key(int mand, common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-privkey: %s\n", info->privkey); - exit(1); + app_exit(1); } if (info->pkcs8) { @@ -346,13 +346,13 @@ load_x509_private_key(int mand, common_info_st * info) fprintf(stderr, "import error: could not find a valid PEM header; " "check if your key is PEM encoded\n"); - exit(1); + app_exit(1); } if (ret < 0) { fprintf(stderr, "error importing private key: %s: %s\n", info->privkey, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return key; @@ -400,7 +400,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, if (info->cert == NULL) { if (mand) { fprintf(stderr, "missing --load-certificate\n"); - exit(1); + app_exit(1); } else return NULL; } @@ -408,7 +408,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, fd = fopen(info->cert, "r"); if (fd == NULL) { fprintf(stderr, "Could not open %s\n", info->cert); - exit(1); + app_exit(1); } fix_lbuffer(file_size(fd)); @@ -424,7 +424,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fprintf(stderr, "Error loading certificates: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } *crt_size = crt_max; @@ -455,7 +455,7 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, if (info->crl == NULL) { if (mand) { fprintf(stderr, "missing --load-crl\n"); - exit(1); + app_exit(1); } else return NULL; } @@ -463,7 +463,7 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, fd = fopen(info->crl, "r"); if (fd == NULL) { fprintf(stderr, "Could not open %s\n", info->crl); - exit(1); + app_exit(1); } fix_lbuffer(file_size(fd)); @@ -482,7 +482,7 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, } if (ret < 0) { fprintf(stderr, "Error loading CRLs: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } *crl_size = crl_max; @@ -509,7 +509,7 @@ gnutls_x509_crq_t load_request(common_info_st * info) ret = gnutls_x509_crq_init(&crq); if (ret < 0) { fprintf(stderr, "crq_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } dat.data = (void *) read_binary_file(info->request, &size); @@ -518,21 +518,21 @@ gnutls_x509_crq_t load_request(common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-request: %s\n", info->request); - exit(1); + app_exit(1); } ret = gnutls_x509_crq_import(crq, &dat, info->incert_format); if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { fprintf(stderr, "import error: could not find a valid PEM header\n"); - exit(1); + app_exit(1); } free(dat.data); if (ret < 0) { fprintf(stderr, "error importing certificate request: %s: %s\n", info->request, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return crq; } @@ -547,7 +547,7 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info) if (info->ca_privkey == NULL) { fprintf(stderr, "missing --load-ca-privkey\n"); - exit(1); + app_exit(1); } if (gnutls_url_is_supported(info->ca_privkey) != 0) @@ -559,7 +559,7 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-ca-privkey: %s\n", info->ca_privkey); - exit(1); + app_exit(1); } key = _load_privkey(&dat, info); @@ -584,13 +584,13 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) if (info->ca == NULL) { fprintf(stderr, "missing --load-ca-certificate\n"); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_init(&crt); if (ret < 0) { fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (gnutls_url_is_supported(info->ca) != 0) { @@ -598,7 +598,7 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) if (ret < 0) { fprintf(stderr, "error importing CA certificate: %s: %s\n", info->ca, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return crt; } @@ -609,7 +609,7 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-ca-certificate: %s\n", info->ca); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_import(crt, &dat, info->incert_format); @@ -617,7 +617,7 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) if (ret < 0) { fprintf(stderr, "error importing CA certificate: %s: %s\n", info->ca, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return crt; @@ -638,7 +638,7 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) if (info->pubkey == NULL) { fprintf(stderr, "missing --load-pubkey\n"); - exit(1); + app_exit(1); } if (gnutls_url_is_supported(info->pubkey) != 0) @@ -647,7 +647,7 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) ret = gnutls_pubkey_init(&key); if (ret < 0) { fprintf(stderr, "privkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } dat.data = (void *) read_binary_file(info->pubkey, &size); @@ -655,7 +655,7 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) if (!dat.data) { fprintf(stderr, "error reading file at --load-pubkey: %s\n", info->pubkey); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import(key, &dat, info->incert_format); @@ -665,12 +665,12 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) fprintf(stderr, "import error: could not find a valid PEM header; " "check if your key has the PUBLIC KEY header\n"); - exit(1); + app_exit(1); } } else if (ret < 0) { fprintf(stderr, "importing public key: %s: %s\n", info->pubkey, gnutls_strerror(ret)); - exit(1); + app_exit(1); } free(dat.data); @@ -688,7 +688,7 @@ gnutls_pubkey_t load_public_key_or_import(int mand, if (ret < 0) { fprintf(stderr, "gnutls_pubkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0) { /* could not get (e.g. on PKCS #11 */ @@ -696,7 +696,7 @@ gnutls_pubkey_t load_public_key_or_import(int mand, pubkey = load_pubkey(0, info); if (pubkey == NULL && mand) { fprintf(stderr, "You must specify --load-privkey\n"); - exit(1); + app_exit(1); } } @@ -760,7 +760,7 @@ gnutls_sec_param_t str_to_sec_param(const char *str) } else { fprintf(stderr, "Unknown security parameter string: %s\n", str); - exit(1); + app_exit(1); } } @@ -869,7 +869,7 @@ const gnutls_ecc_curve_t *list, *p; gnutls_ecc_curve_get_name(*p)); p++; } - exit(1); + app_exit(1); } void @@ -937,7 +937,7 @@ void _pubkey_info(FILE * outfile, if (ret < 0) { fprintf(stderr, "pubkey_print error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "%s\n", data.data); @@ -949,7 +949,7 @@ void _pubkey_info(FILE * outfile, &size); if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\n%s\n", lbuffer); @@ -1013,7 +1013,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) if (gnutls_dh_params_init(&dh_params) < 0) { fprintf(stderr, "Error in dh parameter initialization\n"); - exit(1); + app_exit(1); } params.data = (void *) fread_file(infile, &size); @@ -1028,7 +1028,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) if (ret2 < 0) { fprintf(stderr, "Error parsing dh params: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -1036,7 +1036,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (ci->outcert_format == GNUTLS_X509_FMT_PEM) @@ -1092,7 +1092,7 @@ int cipher_to_flags(const char *cipher) } fprintf(stderr, "unknown cipher %s\n", cipher); - exit(1); + app_exit(1); } static void privkey_info_int(FILE *outfile, common_info_st * cinfo, @@ -1251,7 +1251,7 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k if (ret < 0) { fprintf(stderr, "privkey_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (cinfo->no_compat == 0 && gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) { @@ -1265,7 +1265,7 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k if (ret < 0) { fprintf(stderr, "privkey_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -1284,7 +1284,7 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k if (ret < 0) { fprintf(stderr, "privkey_export_pkcs8: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -1322,7 +1322,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) fprintf(stderr, "Error initializing key: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (info->seed_size > 0) { @@ -1330,7 +1330,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) if (info->seed_size < 32) { fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)info->seed_size); - exit(1); + app_exit(1); } data.type = GNUTLS_KEYGEN_SEED; @@ -1346,7 +1346,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) fprintf(stderr, "Error generating DSA parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (info->outcert_format == GNUTLS_X509_FMT_PEM) { @@ -1361,7 +1361,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) fprintf(stderr, "Error importing DSA parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_privkey_deinit(pkey); @@ -1371,7 +1371,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) fprintf(stderr, "Error generating parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -1381,12 +1381,12 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } else { if (info->provable != 0) { fprintf(stderr, "The DH parameters obtained via this option are not provable\n"); - exit(1); + app_exit(1); } #if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (bits <= 2048) { @@ -1415,7 +1415,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } #elif defined(ENABLE_SRP) if (bits <= 1024) { @@ -1444,12 +1444,12 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } #else fprintf(stderr, "Parameters unavailable as SRP is disabled.\n"); - exit(1); + app_exit(1); #endif } @@ -1497,14 +1497,14 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size) if (seed->data == NULL) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } seed_size = hex_size; ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size); if (ret < 0) { fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } seed->size = seed_size; diff --git a/src/certtool-common.h b/src/certtool-common.h index b773b27ce6..e48396029f 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -75,6 +75,12 @@ typedef struct common_info { unsigned no_compat; } common_info_st; +/* this must be provided by the app */ +void app_exit(int val) +#ifdef __GNUC__ +__attribute__ ((noreturn)) +#endif +; int cipher_to_flags(const char *cipher); void diff --git a/src/certtool.c b/src/certtool.c index 8a99dc7fce..5526598f2b 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -86,6 +86,8 @@ static void pubkey_keyid(common_info_st * cinfo); static void certificate_fpr(common_info_st * cinfo); FILE *outfile; +static const char *outfile_name = NULL; /* to delete on exit */ + FILE *infile; static gnutls_digest_algorithm_t default_dig; static unsigned int incert_format, outcert_format; @@ -97,6 +99,15 @@ gnutls_certificate_print_formats_t full_format = GNUTLS_CRT_PRINT_FULL; int batch; int ask_pass; +/* ensure we cleanup */ +void app_exit(int val) +{ + if (val != 0) { + if (outfile_name) + remove(outfile_name); + } + exit(val); +} static void tls_log_func(int level, const char *str) { @@ -127,7 +138,7 @@ generate_private_key_int(common_info_st * cinfo) ret = gnutls_x509_privkey_init(&key); if (ret < 0) { fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret)); - exit(1); + app_exit(1); } bits = get_bits(key_type, cinfo->bits, cinfo->sec_param, 1); @@ -155,7 +166,7 @@ generate_private_key_int(common_info_st * cinfo) if (provable && (key_type != GNUTLS_PK_RSA && key_type != GNUTLS_PK_DSA)) { fprintf(stderr, "The --provable parameter cannot be used with ECDSA keys.\n"); - exit(1); + app_exit(1); } if (bits > 1024 && key_type == GNUTLS_PK_DSA) @@ -194,14 +205,14 @@ generate_private_key_int(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "privkey_generate: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_x509_privkey_verify_params(key); if (ret < 0) { fprintf(stderr, "privkey_verify_params: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } return key; @@ -234,7 +245,7 @@ static void verify_provable_privkey(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } printf("Key was verified\n"); @@ -264,7 +275,7 @@ generate_certificate(gnutls_privkey_t * ret_key, ret = gnutls_x509_crt_init(&crt); if (ret < 0) { fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } crq = load_request(cinfo); @@ -289,7 +300,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_proxy_dn: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } get_dn_crt_set(crt); @@ -323,7 +334,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_key: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_pubkey_deinit(pubkey); } else { @@ -331,7 +342,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_crq: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } crq_extensions_set(crt, crq); @@ -350,7 +361,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "serial: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -363,7 +374,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_activation: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } do { @@ -384,7 +395,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_expiration: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } if (!batch) @@ -396,7 +407,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_crq: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -426,7 +437,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_proxy: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -443,7 +454,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "basic_constraints: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } client = get_tls_client_status(); @@ -454,7 +465,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -477,7 +488,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } else if (!proxy) { get_email_set(TYPE_CRT, crt); @@ -513,7 +524,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } } @@ -538,7 +549,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -550,7 +561,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -562,7 +573,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -592,7 +603,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "key_usage: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -607,7 +618,7 @@ generate_certificate(gnutls_privkey_t * ret_key, if (result < 0) { fprintf(stderr, "set_subject_key_id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -626,9 +637,9 @@ generate_certificate(gnutls_privkey_t * ret_key, (crt, lbuffer, size); if (result < 0) { fprintf(stderr, - "set_authority_key_id: %s\n", + "error setting authority key id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } } @@ -642,9 +653,9 @@ generate_certificate(gnutls_privkey_t * ret_key, vers = 3; result = gnutls_x509_crt_set_version(crt, vers); if (result < 0) { - fprintf(stderr, "set_version: %s\n", + fprintf(stderr, "error setting certificate version: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } *ret_key = key; @@ -667,7 +678,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) if (crls != NULL) { if (crl_size > 1) { fprintf(stderr, "load_crl: too many CRLs present\n"); - exit(1); + app_exit(1); } crl = crls[0]; gnutls_free(crls); @@ -675,7 +686,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) result = gnutls_x509_crl_init(&crl); if (result < 0) { fprintf(stderr, "crl_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -688,7 +699,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) if (result < 0) { fprintf(stderr, "crl_set_crt: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crts[i]); } @@ -700,7 +711,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) if (result < 0) { fprintf(stderr, "this_update: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fprintf(stderr, "Update times.\n"); @@ -711,14 +722,14 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) if (result < 0) { fprintf(stderr, "next_update: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_x509_crl_set_version(crl, 2); if (result < 0) { fprintf(stderr, "set_version: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } /* Authority Key ID. @@ -735,7 +746,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) if (result < 0) { fprintf(stderr, "set_authority_key_id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -751,9 +762,9 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) result = gnutls_x509_crl_set_number(crl, serial, serial_size); if (result < 0) { - fprintf(stderr, "crl set_number: %s\n", + fprintf(stderr, "error setting CRL serial: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -774,7 +785,7 @@ static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey) fprintf(stderr, "crt_get_preferred_hash_algorithm: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -798,7 +809,7 @@ static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt) { fprintf(stderr, "gnutls_pubkey_import_x509: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -833,7 +844,7 @@ void generate_self_signed(common_info_st * cinfo) gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt), 0); if (result < 0) { fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -841,7 +852,7 @@ void generate_self_signed(common_info_st * cinfo) gnutls_x509_crt_export(crt, outcert_format, lbuffer, &size); if (result < 0) { fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -881,7 +892,7 @@ static void generate_signed_certificate(common_info_st * cinfo) get_dig(ca_crt), 0); if (result < 0) { fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -889,7 +900,7 @@ static void generate_signed_certificate(common_info_st * cinfo) gnutls_x509_crt_export(crt, outcert_format, lbuffer, &size); if (result < 0) { fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -923,7 +934,7 @@ static void generate_proxy_certificate(common_info_st * cinfo) 0); if (result < 0) { fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -931,7 +942,7 @@ static void generate_proxy_certificate(common_info_st * cinfo) gnutls_x509_crt_export(crt, outcert_format, lbuffer, &size); if (result < 0) { fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -962,7 +973,7 @@ static void generate_signed_crl(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "crl_privkey_sign: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } print_crl_info(crl, stdlog); @@ -994,7 +1005,7 @@ static void update_signed_certificate(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "set_activation: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } tim = get_expiration_date(); @@ -1003,7 +1014,7 @@ static void update_signed_certificate(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "set_expiration: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fprintf(stderr, "\n\nSigning certificate...\n"); @@ -1013,7 +1024,7 @@ static void update_signed_certificate(common_info_st * cinfo) get_dig(ca_crt), 0); if (result < 0) { fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -1021,7 +1032,7 @@ static void update_signed_certificate(common_info_st * cinfo) gnutls_x509_crt_export(crt, outcert_format, lbuffer, &size); if (result < 0) { fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -1054,10 +1065,12 @@ static void cmd_parser(int argc, char **argv) outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op); if (outfile == NULL) { fprintf(stderr, "Cannot open %s for writing\n", OPT_ARG(OUTFILE)); - exit(1); + app_exit(1); } - } else + outfile_name = OPT_ARG(OUTFILE); + } else { outfile = stdout; + } if (HAVE_OPT(INFILE)) { struct stat st; @@ -1068,7 +1081,7 @@ static void cmd_parser(int argc, char **argv) infile = fopen(OPT_ARG(INFILE), "rb"); if (infile == NULL) { fprintf(stderr, "Cannot open %s for reading\n", OPT_ARG(INFILE)); - exit(1); + app_exit(1); } } else infile = stdin; @@ -1122,7 +1135,7 @@ static void cmd_parser(int argc, char **argv) default_dig = gnutls_digest_get_id(OPT_ARG(HASH)); if (default_dig == GNUTLS_DIG_UNKNOWN) { fprintf(stderr, "invalid hash: %s\n", OPT_ARG(HASH)); - exit(1); + app_exit(1); } } } @@ -1144,7 +1157,7 @@ static void cmd_parser(int argc, char **argv) if ((ret = gnutls_global_init()) < 0) { fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } memset(&cinfo, 0, sizeof(cinfo)); @@ -1161,7 +1174,7 @@ static void cmd_parser(int argc, char **argv) if (ret < 0) { fprintf(stderr, "pkcs11_add_provider: %s", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } } @@ -1351,14 +1364,14 @@ void certificate_info(int pubkey, common_info_st * cinfo) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_format, 0); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } free(pem.data); @@ -1389,7 +1402,7 @@ void certificate_info(int pubkey, common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -1415,21 +1428,21 @@ void pgp_certificate_info(void) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_openpgp_crt_init(&crt); if (ret < 0) { fprintf(stderr, "openpgp_crt_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_openpgp_crt_import(crt, &pem, incert_format); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } free(pem.data); @@ -1449,7 +1462,7 @@ void pgp_certificate_info(void) { fprintf(stderr, "verify signature error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -1467,7 +1480,7 @@ void pgp_certificate_info(void) gnutls_openpgp_crt_export(crt, outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "%s\n", lbuffer); @@ -1496,7 +1509,7 @@ void pgp_privkey_info(void) if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } /* Public key algorithm @@ -1505,7 +1518,7 @@ void pgp_privkey_info(void) if (subkeys < 0) { fprintf(stderr, "privkey_get_subkey_count: %s\n", gnutls_strerror(subkeys)); - exit(1); + app_exit(1); } for (i = -1; i < subkeys; i++) { @@ -1636,7 +1649,7 @@ void pgp_privkey_info(void) NULL, 0, lbuffer, &size); if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\n%s\n", lbuffer); @@ -1657,21 +1670,21 @@ void pgp_ring_info(void) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_openpgp_keyring_init(&ring); if (ret < 0) { fprintf(stderr, "openpgp_keyring_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_openpgp_keyring_import(ring, &pem, incert_format); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } free(pem.data); @@ -1684,7 +1697,7 @@ void pgp_ring_info(void) else { fprintf(stderr, "keyring error: %s\n", gnutls_strerror(count)); - exit(1); + app_exit(1); } for (i = 0; i < count; i++) { @@ -1692,7 +1705,7 @@ void pgp_ring_info(void) if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -1701,7 +1714,7 @@ void pgp_ring_info(void) if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -1741,7 +1754,7 @@ print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all) if (out == stderr && batch == 0) /* interactive */ if (read_yesno("Is the above information ok? (y/N): ", 0) == 0) { - exit(1); + app_exit(1); } } @@ -1755,7 +1768,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) ret = gnutls_x509_crl_print(crl, full_format, &data); if (ret < 0) { fprintf(stderr, "crl_print: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "%s\n", data.data); @@ -1766,7 +1779,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) gnutls_x509_crl_export2(crl, outcert_format, &cout); if (ret < 0) { fprintf(stderr, "crl_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(cout.data, 1, cout.size, outfile); @@ -1783,7 +1796,7 @@ void crl_info(void) ret = gnutls_x509_crl_init(&crl); if (ret < 0) { fprintf(stderr, "crl_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } pem.data = (void *) fread_file(infile, &size); @@ -1791,7 +1804,7 @@ void crl_info(void) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_x509_crl_import(crl, &pem, incert_format); @@ -1799,7 +1812,7 @@ void crl_info(void) free(pem.data); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } print_crl_info(crl, outfile); @@ -1818,7 +1831,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) if (ret < 0) { fprintf(stderr, "crq_print: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "%s\n", data.data); @@ -1839,7 +1852,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) ret = gnutls_x509_crq_export(crq, outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "crq_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -1855,7 +1868,7 @@ void crq_info(void) ret = gnutls_x509_crq_init(&crq); if (ret < 0) { fprintf(stderr, "crq_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } pem.data = (void *) fread_file(infile, &size); @@ -1863,7 +1876,7 @@ void crq_info(void) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_x509_crq_import(crq, &pem, incert_format); @@ -1871,7 +1884,7 @@ void crq_info(void) free(pem.data); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } print_crq_info(crq, outfile); @@ -1916,7 +1929,7 @@ void privkey_info(common_info_st * cinfo) } if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } /* On this option we may import from PKCS #8 but we are always exporting * to our format. */ @@ -1950,7 +1963,7 @@ void generate_request(common_info_st * cinfo) ret = gnutls_x509_crq_init(&crq); if (ret < 0) { fprintf(stderr, "crq_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } /* Load the private key. @@ -1959,14 +1972,14 @@ void generate_request(common_info_st * cinfo) if (!pkey) { if (HAVE_OPT(LOAD_PUBKEY)) { fprintf(stderr, "--load-pubkey was specified without corresponding --load-privkey\n"); - exit(1); + app_exit(1); } ret = gnutls_privkey_init(&pkey); if (ret < 0) { fprintf(stderr, "privkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } xkey = generate_private_key_int(cinfo); @@ -1979,7 +1992,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "privkey_import_x509: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2016,7 +2029,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "set_pass: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2033,7 +2046,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "set_basic_constraints: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (pk == GNUTLS_PK_RSA) { @@ -2062,7 +2075,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2073,7 +2086,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2084,7 +2097,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2095,7 +2108,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2115,7 +2128,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_usage: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = get_tls_client_status(); @@ -2125,7 +2138,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2136,7 +2149,7 @@ void generate_request(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "key_kp: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2148,7 +2161,7 @@ void generate_request(common_info_st * cinfo) ret = gnutls_x509_crq_set_pubkey(crq, pubkey); if (ret < 0) { fprintf(stderr, "set_key: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = @@ -2156,7 +2169,7 @@ void generate_request(common_info_st * cinfo) get_dig_for_pub(pubkey), 0); if (ret < 0) { fprintf(stderr, "sign: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } print_crq_info(crq, outfile); @@ -2185,7 +2198,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, if (ret < 0) { fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_get_dn3(cert, &name, 0); @@ -2196,7 +2209,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, } else { fprintf(stderr, "gnutls_x509_crt_get_dn: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2211,7 +2224,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tChecked against: %s\n", issuer_name.data); @@ -2227,7 +2240,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, fprintf(stderr, "gnutls_x509_crl_get_issuer_dn: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } tmp_size = sizeof(tmp); @@ -2243,7 +2256,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, if (ret < 0) { fprintf(stderr, "gnutls_hex_encode: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } fprintf(outfile, "\tChecked against CRL[%s] of: %s\n", @@ -2270,13 +2283,13 @@ static void load_data(common_info_st *cinfo, gnutls_datum_t *data) fp = fopen(cinfo->data_file, "r"); if (fp == NULL) { fprintf(stderr, "Could not open %s\n", cinfo->data_file); - exit(1); + app_exit(1); } data->data = (void *) fread_file(fp, &size); if (data->data == NULL) { fprintf(stderr, "Error reading data file"); - exit(1); + app_exit(1); } data->size = size; @@ -2292,7 +2305,7 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "gnutls_x509_trust_list_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (cinfo->ca == NULL) { /* system */ @@ -2300,7 +2313,7 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "Error loading system trust: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "Loaded system trust (%d CAs available)\n", ret); } else if (cinfo->ca != NULL) { @@ -2314,7 +2327,7 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "gnutls_x509_trust_add_trust_file: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "Loaded CAs (%d available)\n", ret); @@ -2341,7 +2354,7 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce if (ret < 0) { fprintf(stderr, "gnutls_x509_trust_list_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } tmp.data = (void *) cert; @@ -2351,7 +2364,7 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce if (ret < 0 || x509_ncerts < 1) { fprintf(stderr, "error parsing CRTs: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = @@ -2370,7 +2383,7 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce if (ret < 0) { fprintf(stderr, "gnutls_x509_trust_add_cas: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } /* add CRLs */ @@ -2381,7 +2394,7 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce if (ret < 0) { fprintf(stderr, "gnutls_x509_trust_add_crls: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -2439,7 +2452,7 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo, if (ret < 0 || x509_ncerts < 1) { fprintf(stderr, "error parsing CRTs: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } vflags = GNUTLS_VERIFY_DO_NOT_ALLOW_SAME; @@ -2490,7 +2503,7 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo, if (ret < 0) { fprintf(stderr, "gnutls_x509_trusted_list_verify_crt: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "Chain verification output: "); @@ -2503,6 +2516,7 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo, gnutls_x509_crt_deinit(x509_cert_list[i]); gnutls_free(x509_cert_list); + /* intentionally does not use app_exit() to preserve outfile */ if (output != 0) exit(EXIT_FAILURE); @@ -2526,7 +2540,7 @@ static void print_verification_res(FILE * out, unsigned int output) &pout, 0); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); - exit(EXIT_FAILURE); + app_exit(EXIT_FAILURE); } fprintf(out, " %s", pout.data); @@ -2540,13 +2554,13 @@ static void verify_chain(common_info_st * cinfo) if (cinfo->ca != NULL) { fprintf(stderr, "This option cannot be combined with --load-ca-certificate\n"); - exit(1); + app_exit(1); } buf = (void *) fread_file(infile, &size); if (buf == NULL) { - fprintf(stderr, "Error reading chain"); - exit(1); + fprintf(stderr, "Error reading certificate chain"); + app_exit(1); } _verify_x509_mem(buf, size, cinfo, 0, OPT_ARG(VERIFY_PURPOSE), @@ -2563,7 +2577,7 @@ static void verify_certificate(common_info_st * cinfo) cert = (void *) fread_file(infile, &cert_size); if (cert == NULL) { fprintf(stderr, "Error reading certificate chain"); - exit(1); + app_exit(1); } _verify_x509_mem(cert, cert_size, cinfo, 1, @@ -2592,7 +2606,7 @@ void verify_crl(common_info_st * cinfo) ret = gnutls_x509_crt_get_dn3(issuer, &dn, 0); if (ret < 0) { fprintf(stderr, "crt_get_dn: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tSubject: %s\n\n", dn.data); @@ -2600,7 +2614,7 @@ void verify_crl(common_info_st * cinfo) ret = gnutls_x509_crl_init(&crl); if (ret < 0) { fprintf(stderr, "crl_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } pem.data = (void *) fread_file(infile, &size); @@ -2608,14 +2622,14 @@ void verify_crl(common_info_st * cinfo) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_x509_crl_import(crl, &pem, incert_format); free(pem.data); if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } print_crl_info(crl, outfile); @@ -2625,7 +2639,7 @@ void verify_crl(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "verification error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (output) { @@ -2640,7 +2654,7 @@ void verify_crl(common_info_st * cinfo) &pout, 0); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); - exit(EXIT_FAILURE); + app_exit(EXIT_FAILURE); } fprintf(outfile, " %s", pout.data); @@ -2686,7 +2700,7 @@ static void print_raw(const char *prefix, const gnutls_datum_t *raw) if (ret < 0) { fprintf(stderr, "gnutls_hex_encode2: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "%s: %s\n", prefix, tmp.data); @@ -2756,7 +2770,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ ret = gnutls_pkcs7_init(&pkcs7); if (ret < 0) { fprintf(stderr, "p7_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } data.data = (void *) fread_file(infile, &size); @@ -2764,7 +2778,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ if (!data.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_pkcs7_import(pkcs7, &data, cinfo->incert_format); @@ -2772,7 +2786,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (cinfo->cert != NULL) { @@ -2811,7 +2825,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ ret = gnutls_pkcs7_get_embedded_data(pkcs7, 0, &tmp); if (ret < 0) { fprintf(stderr, "error getting embedded data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(tmp.data, 1, tmp.size, outfile); @@ -2854,7 +2868,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ else gnutls_x509_trust_list_deinit(tl, 1); free(detached.data); - exit(ecode); + app_exit(ecode); } void pkcs7_sign(common_info_st * cinfo, unsigned embed) @@ -2876,7 +2890,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) ret = gnutls_pkcs7_init(&pkcs7); if (ret < 0) { fprintf(stderr, "p7_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } data.data = (void *) fread_file(infile, &size); @@ -2884,7 +2898,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) if (!data.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } signer = load_cert(1, cinfo); @@ -2896,7 +2910,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) ret = gnutls_pkcs7_sign(pkcs7, signer, key, &data, NULL, NULL, get_dig(signer), flags); if (ret < 0) { fprintf(stderr, "Error signing: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -2904,7 +2918,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) gnutls_pkcs7_export(pkcs7, outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -2912,7 +2926,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) gnutls_privkey_deinit(key); gnutls_x509_crt_deinit(signer); gnutls_pkcs7_deinit(pkcs7); - exit(0); + app_exit(0); } void pkcs7_generate(common_info_st * cinfo) @@ -2931,14 +2945,14 @@ void pkcs7_generate(common_info_st * cinfo) ret = gnutls_pkcs7_init(&pkcs7); if (ret < 0) { fprintf(stderr, "p7_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } for (i=0;i<crt_size;i++) { ret = gnutls_pkcs7_set_crt(pkcs7, crts[i]); if (ret < 0) { fprintf(stderr, "Error adding cert: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crts[i]); } @@ -2948,7 +2962,7 @@ void pkcs7_generate(common_info_st * cinfo) ret = gnutls_pkcs7_set_crl(pkcs7, crls[i]); if (ret < 0) { fprintf(stderr, "Error adding CRL: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crl_deinit(crls[i]); } @@ -2958,14 +2972,14 @@ void pkcs7_generate(common_info_st * cinfo) gnutls_pkcs7_export2(pkcs7, outcert_format, &tmp); if (ret < 0) { fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(tmp.data, 1, tmp.size, outfile); gnutls_free(tmp.data); gnutls_pkcs7_deinit(pkcs7); - exit(0); + app_exit(0); } @@ -2993,7 +3007,7 @@ void generate_pkcs8(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "key_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -3033,7 +3047,7 @@ void generate_pkcs12(common_info_st * cinfo) if (keys == NULL && crts == NULL && ca_crt == NULL && crls == NULL) { fprintf(stderr, "You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n\t--load-crl\n"); - exit(1); + app_exit(1); } if (HAVE_OPT(P12_NAME)) { @@ -3046,7 +3060,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "pkcs12_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } pass = get_password(cinfo, &flags, 1); @@ -3059,14 +3073,14 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_set_crt(bag, crts[i]); if (result < 0) { fprintf(stderr, "set_crt[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } indx = result; @@ -3079,7 +3093,7 @@ void generate_pkcs12(common_info_st * cinfo) fprintf(stderr, "bag_set_friendly_name: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -3089,7 +3103,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "key_id[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } key_id.data = _key_id; @@ -3099,21 +3113,21 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_set_bag(pkcs12, bag); if (result < 0) { fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_pkcs12_bag_deinit(bag); } @@ -3126,28 +3140,28 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_set_crl(bag, crls[i]); if (result < 0) { fprintf(stderr, "set_crl[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_set_bag(pkcs12, bag); if (result < 0) { fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_pkcs12_bag_deinit(bag); } @@ -3160,28 +3174,28 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_set_crt(bag, ca_crt); if (result < 0) { fprintf(stderr, "set_crt[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_set_bag(pkcs12, bag); if (result < 0) { fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_pkcs12_bag_deinit(bag); } @@ -3193,7 +3207,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -3205,7 +3219,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "key_export[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } data.data = lbuffer; @@ -3217,7 +3231,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_set_data: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } indx = result; @@ -3227,7 +3241,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_set_friendly_name: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = sizeof(_key_id); @@ -3237,7 +3251,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "key_id[%d]: %s\n", i, gnutls_strerror(result)); - exit(1); + app_exit(1); } key_id.data = _key_id; @@ -3247,14 +3261,14 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_set_bag(pkcs12, kbag); if (result < 0) { fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } gnutls_pkcs12_bag_deinit(kbag); } @@ -3263,7 +3277,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "generate_mac: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -3272,7 +3286,7 @@ void generate_pkcs12(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "pkcs12_export: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -3316,7 +3330,7 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag) count = gnutls_pkcs12_bag_get_count(bag); if (count < 0) { fprintf(stderr, "get_count: %s\n", gnutls_strerror(count)); - exit(1); + app_exit(1); } fprintf(outfile, "\tElements: %d\n", count); @@ -3326,7 +3340,7 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag) if (type < 0) { fprintf(stderr, "get_type: %s\n", gnutls_strerror(type)); - exit(1); + app_exit(1); } fprintf(stderr, "\tType: %s\n", BAGTYPE(type)); @@ -3335,7 +3349,7 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag) if (result < 0) { fprintf(stderr, "get_data: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } if (type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY) { @@ -3352,7 +3366,7 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag) if (result < 0) { fprintf(stderr, "get_friendly_name: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } if (name) @@ -3364,7 +3378,7 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag) if (result < 0) { fprintf(stderr, "get_key_id: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } if (id.size > 0) @@ -3444,7 +3458,7 @@ void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out) if (ret < 0) { fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "\tSalt: %s\n", hex); @@ -3472,7 +3486,7 @@ void pkcs12_info(common_info_st * cinfo) result = gnutls_pkcs12_init(&pkcs12); if (result < 0) { fprintf(stderr, "p12_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } data.data = (void *) fread_file(infile, &size); @@ -3480,14 +3494,14 @@ void pkcs12_info(common_info_st * cinfo) if (!data.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } result = gnutls_pkcs12_import(pkcs12, &data, incert_format, 0); free(data.data); if (result < 0) { fprintf(stderr, "p12_import: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } salt_size = sizeof(salt); @@ -3508,7 +3522,7 @@ void pkcs12_info(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fprintf(outfile, "\tSalt: %s\n", hex); @@ -3530,7 +3544,7 @@ void pkcs12_info(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } result = gnutls_pkcs12_get_bag(pkcs12, indx, bag); @@ -3543,7 +3557,7 @@ void pkcs12_info(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_count: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } fprintf(outfile, "BAG #%d\n", indx); @@ -3552,7 +3566,7 @@ void pkcs12_info(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } if (result == GNUTLS_BAG_ENCRYPTED) { @@ -3573,7 +3587,7 @@ void pkcs12_info(common_info_st * cinfo) if (result < 0) { fprintf(stderr, "encrypted bag_count: %s\n", gnutls_strerror(result)); - exit(1); + app_exit(1); } } @@ -3587,7 +3601,7 @@ void pkcs12_info(common_info_st * cinfo) if (fail) { fprintf(stderr, "There were errors parsing the structure\n"); - exit(1); + app_exit(1); } } @@ -3623,7 +3637,7 @@ void pkcs8_info_int(gnutls_datum_t *data, unsigned format, return; fprintf(stderr, "PKCS #8 read error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "%sPKCS #8 information:\n", tab); @@ -3641,7 +3655,7 @@ void pkcs8_info_int(gnutls_datum_t *data, unsigned format, if (ret < 0) { fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "%s\tSalt: %s\n", tab, hex); @@ -3662,7 +3676,7 @@ void pkcs8_info(void) if (!data.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } pkcs8_info_int(&data, incert_format, 0, outfile, ""); @@ -3679,7 +3693,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) ret = gnutls_pkcs7_init(&pkcs7); if (ret < 0) { fprintf(stderr, "p7_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } data.data = (void *) fread_file(infile, &size); @@ -3687,7 +3701,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) if (!data.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_pkcs7_import(pkcs7, &data, incert_format); @@ -3695,7 +3709,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (display_data) { @@ -3705,21 +3719,21 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (ret < 0) { fprintf(stderr, "error getting embedded data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(tmp.data, 1, tmp.size, outfile); gnutls_free(tmp.data); } else { fprintf(stderr, "no embedded data are available\n"); - exit(1); + app_exit(1); } } else { ret = gnutls_pkcs7_print(pkcs7, GNUTLS_CRT_PRINT_FULL, &str); if (ret < 0) { fprintf(stderr, "printing error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "%s", str.data); @@ -3732,7 +3746,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -3754,7 +3768,7 @@ void smime_to_pkcs7(void) if (len == -1) { fprintf(stderr, "cannot find RFC 2822 header/body separator"); - exit(1); + app_exit(1); } } while (strcmp(lineptr, "\r\n") != 0 && strcmp(lineptr, "\n") != 0); @@ -3764,7 +3778,7 @@ void smime_to_pkcs7(void) if (len == -1) { fprintf(stderr, "message has RFC 2822 header but no body"); - exit(1); + app_exit(1); } } while (strcmp(lineptr, "\r\n") == 0 && strcmp(lineptr, "\n") == 0); @@ -3801,7 +3815,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "pubkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (crt == NULL) { @@ -3817,7 +3831,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "pubkey_import_x509: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crt); } else if (crq != NULL) { @@ -3825,7 +3839,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "pubkey_import_x509_crq: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crq_deinit(crq); } else { @@ -3839,7 +3853,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) fprintf(stderr, "pubkey_import_privkey: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_privkey_deinit(privkey); } else { @@ -3852,7 +3866,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } ret = gnutls_pubkey_init(&pubkey); @@ -3860,7 +3874,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) fprintf(stderr, "pubkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (memmem(pem.data, pem.size, "BEGIN CERTIFICATE", 16) != 0 || @@ -3870,7 +3884,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) fprintf(stderr, "crt_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_import(crt, &pem, GNUTLS_X509_FMT_PEM); @@ -3878,14 +3892,14 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) fprintf(stderr, "crt_import: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_x509(pubkey, crt, 0); if (ret < 0) { fprintf(stderr, "pubkey_import_x509: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crt); } else { @@ -3894,7 +3908,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) fprintf(stderr, "pubkey_import: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } free(pem.data); @@ -3915,7 +3929,7 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) pubkey = find_pubkey(crt, cinfo); if (pubkey == 0) { fprintf(stderr, "find public key error\n"); - exit(1); + app_exit(1); } if (outcert_format == GNUTLS_X509_FMT_DER) { @@ -3926,7 +3940,7 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(lbuffer, 1, size, outfile); @@ -3956,7 +3970,7 @@ void pubkey_keyid(common_info_st * cinfo) pubkey = find_pubkey(NULL, cinfo); if (pubkey == 0) { fprintf(stderr, "find public key error\n"); - exit(1); + app_exit(1); } if (default_dig == GNUTLS_DIG_SHA1 || default_dig == GNUTLS_DIG_UNKNOWN) @@ -3965,7 +3979,7 @@ void pubkey_keyid(common_info_st * cinfo) flags = GNUTLS_KEYID_USE_SHA256; else { fprintf(stderr, "Cannot calculate key ID with the provided hash\n"); - exit(1); + app_exit(1); } fpr_size = sizeof(fpr); @@ -3974,7 +3988,7 @@ void pubkey_keyid(common_info_st * cinfo) fprintf(stderr, "get_key_id: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } tmp.data = fpr; @@ -3986,7 +4000,7 @@ void pubkey_keyid(common_info_st * cinfo) fprintf(stderr, "hex_encode: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fputs(txt, outfile); @@ -4016,7 +4030,7 @@ void certificate_fpr(common_info_st * cinfo) if (!pem.data) { fprintf(stderr, "%s", infile ? "file" : "standard input"); - exit(1); + app_exit(1); } crt_num = 1; @@ -4035,7 +4049,7 @@ void certificate_fpr(common_info_st * cinfo) if (ret < 0) { fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fpr_size = sizeof(fpr); @@ -4048,7 +4062,7 @@ void certificate_fpr(common_info_st * cinfo) fprintf(stderr, "get_key_id: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } tmp.data = fpr; @@ -4060,7 +4074,7 @@ void certificate_fpr(common_info_st * cinfo) fprintf(stderr, "hex_encode: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fputs(txt, outfile); diff --git a/src/danetool.c b/src/danetool.c index 0334d94c5e..6ae8ff50b8 100644 --- a/src/danetool.c +++ b/src/danetool.c @@ -63,6 +63,7 @@ static void dane_check(const char *host, const char *proto, const char *service, common_info_st * cinfo); FILE *outfile; +static const char *outfile_name = NULL; static gnutls_digest_algorithm_t default_dig; /* non interactive operation if set @@ -70,6 +71,14 @@ static gnutls_digest_algorithm_t default_dig; int batch = 0; int ask_pass = 0; +void app_exit(int val) +{ + if (val != 0) { + if (outfile_name) + remove(outfile_name); + } + exit(val); +} static void tls_log_func(int level, const char *str) { @@ -98,8 +107,9 @@ static void cmd_parser(int argc, char **argv) outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op); if (outfile == NULL) { fprintf(stderr, "%s", OPT_ARG(OUTFILE)); - exit(1); + app_exit(1); } + outfile_name = OPT_ARG(OUTFILE); } else outfile = stdout; @@ -123,7 +133,7 @@ static void cmd_parser(int argc, char **argv) default_dig = GNUTLS_DIG_RMD160; else { fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH)); - exit(1); + app_exit(1); } } @@ -136,7 +146,7 @@ static void cmd_parser(int argc, char **argv) if ((ret = gnutls_global_init()) < 0) { fprintf(stderr, "global_init: %s", gnutls_strerror(ret)); - exit(1); + app_exit(1); } #ifdef ENABLE_PKCS11 pkcs11_common(NULL); @@ -437,7 +447,7 @@ static void dane_check(const char *host, const char *proto, remove(cinfo->cert); } - exit(retcode); + app_exit(retcode); #else fprintf(stderr, "This functionality is disabled (GnuTLS was not compiled with support for DANE).\n"); @@ -472,7 +482,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crt); @@ -484,7 +494,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "pubkey_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (crt != NULL) { @@ -493,7 +503,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "pubkey_import_x509: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } size = lbuffer_size; @@ -504,7 +514,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "pubkey_export: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_crt_deinit(crt); @@ -519,7 +529,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -537,7 +547,7 @@ static void dane_info(const char *host, const char *proto, ret = gnutls_hash_fast(default_dig, lbuffer, size, digest); if (ret < 0) { fprintf(stderr, "hash error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (default_dig == GNUTLS_DIG_SHA256) @@ -566,7 +576,7 @@ static void dane_info(const char *host, const char *proto, if (ret < 0) { fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", @@ -603,7 +613,7 @@ static int cert_callback(gnutls_session_t session) if (ret < 0) { fprintf(stderr, "error[%d]: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } write(priv->fd, t.data, t.size); @@ -631,7 +641,7 @@ gnutls_session_t init_tls_session(const char *hostname) if (ret < 0) { fprintf(stderr, "error[%d]: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_session_set_ptr(session, &priv); @@ -672,7 +682,7 @@ static const char *obtain_cert(const char *hostname, const char *proto, const ch if (ret < 0) { fprintf(stderr, "error[%d]: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_certificate_set_verify_function(xcred, cert_callback); @@ -703,7 +713,7 @@ static const char *obtain_cert(const char *hostname, const char *proto, const ch int e = errno; fprintf(stderr, "error[%d]: %s\n", __LINE__, strerror(e)); - exit(1); + app_exit(1); } socket_open(&hd, hostname, txt_service, app_proto, socket_flags|SOCKET_FLAG_STARTTLS, str, NULL); diff --git a/src/p11tool.c b/src/p11tool.c index ff247835cd..e3b24b8353 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -51,9 +51,19 @@ static void cmd_parser(int argc, char **argv); static FILE *outfile; +static const char *outfile_name = NULL; int batch = 0; int ask_pass = 0; +void app_exit(int val) +{ + if (val != 0) { + if (outfile_name) + remove(outfile_name); + } + exit(val); +} + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); @@ -150,7 +160,7 @@ static void cmd_parser(int argc, char **argv) if ((ret = gnutls_global_init()) < 0) { fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (HAVE_OPT(PROVIDER)) { @@ -165,7 +175,7 @@ static void cmd_parser(int argc, char **argv) if (ret < 0) { fprintf(stderr, "pkcs11_add_provider: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } } } else { @@ -179,8 +189,9 @@ static void cmd_parser(int argc, char **argv) outfile = safe_open_rw(OPT_ARG(OUTFILE), 0); if (outfile == NULL) { fprintf(stderr, "cannot open %s\n", OPT_ARG(OUTFILE)); - exit(1); + app_exit(1); } + outfile_name = OPT_ARG(OUTFILE); } else outfile = stdout; diff --git a/src/pkcs11.c b/src/pkcs11.c index 975a97bc57..bd5bbf08e7 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -50,7 +50,7 @@ static char *_saved_url = NULL; if (url == NULL) { \ fprintf(stderr, "warning: no token URL was provided for this operation; the available tokens are:\n\n"); \ pkcs11_token_list(out, det, info, 1); \ - exit(1); \ + app_exit(1); \ } \ _saved_url = (void*)url; \ } @@ -82,7 +82,7 @@ pkcs11_delete(FILE * outfile, const char *url, ("Are you sure you want to delete those objects? (y/N): ", 0); if (ret == 0) { - exit(1); + app_exit(1); } } @@ -90,7 +90,7 @@ pkcs11_delete(FILE * outfile, const char *url, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\n%d objects deleted\n", ret); @@ -144,12 +144,12 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in crt_list_import (1): %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (crt_list_size == 0) { fprintf(stderr, "No matching objects found\n"); - exit(2); + app_exit(2); } for (i = 0; i < crt_list_size; i++) { @@ -163,7 +163,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (info->only_urls) { @@ -187,7 +187,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tLabel: %s\n", buf); @@ -196,7 +196,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } str = gnutls_pkcs11_obj_flags_get_str(oflags); if (str != NULL) { @@ -212,7 +212,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tID: %s\n", buf); @@ -274,35 +274,35 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_privkey_import_url(privkey, url, flags); if (ret < 0) { fprintf(stderr, "Cannot import private key: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, flags); if (ret < 0) { fprintf(stderr, "Cannot import public key: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, &data, &sig); if (ret < 0) { fprintf(stderr, "Cannot sign data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); @@ -313,7 +313,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Cannot verify signed data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "ok\n"); @@ -324,7 +324,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_url(pubkey, url, flags); @@ -332,8 +332,8 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, fprintf(stderr, "Cannot find a corresponding public key object in token: %s\n", gnutls_strerror(ret)); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - exit(0); - exit(1); + app_exit(0); + app_exit(1); } fprintf(stderr, "Verifying against public key in the token... "); @@ -342,7 +342,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Cannot verify signed data: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "ok\n"); @@ -370,21 +370,21 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_obj_import_url(obj, url, obj_flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_obj_export3(obj, info->outcert_format, &t); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(t.data, 1, t.size, outfile); @@ -417,14 +417,14 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_obj_import_url(obj, url, obj_flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } /* make a crt */ @@ -432,21 +432,21 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_import_pkcs11(xcrt, obj); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_PEM, &t); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(t.data, 1, t.size, outfile); fputs("\n\n", outfile); @@ -461,7 +461,7 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(t.data, 1, t.size, outfile); @@ -473,14 +473,14 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_free(t.data); @@ -565,7 +565,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (brief != 0) { @@ -583,7 +583,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tLabel: %s\n", buf); @@ -604,7 +604,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tManufacturer: %s\n", buf); @@ -617,7 +617,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tModel: %s\n", buf); @@ -630,7 +630,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(outfile, "\tSerial: %s\n", buf); @@ -668,7 +668,7 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_x509(pubkey, crt, 0); @@ -691,7 +691,7 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu if (ret < 0) { fprintf(stderr, "Error in obj_list_import (1): %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (obj_list_size == 0) @@ -730,14 +730,14 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } cid->data = gnutls_malloc(size); cid->size = size; if (cid->data == NULL) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } memcpy(cid->data, buf, size); @@ -772,7 +772,7 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_x509(pubkey, crt, 0); @@ -795,7 +795,7 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn if (ret < 0) { fprintf(stderr, "Error in obj_list_import (1): %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } if (obj_list_size == 0) @@ -822,7 +822,7 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn ret = gnutls_privkey_init(&privkey); if (ret < 0) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } ret = gnutls_privkey_import_url(privkey, purl, 0); @@ -839,7 +839,7 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); @@ -866,14 +866,14 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } cid->data = gnutls_malloc(size); cid->size = size; if (cid->data == NULL) { fprintf(stderr, "memory error\n"); - exit(1); + app_exit(1); } memcpy(cid->data, buf, size); @@ -921,7 +921,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } cid.data = raw_id; cid.size = raw_id_size; @@ -937,7 +937,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } } @@ -959,7 +959,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, ret = gnutls_hex_encode2(&cid, &hex); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "note: will re-use ID %s from corresponding public key\n", hex.data); gnutls_free(hex.data); @@ -970,7 +970,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, ret = gnutls_hex_encode2(&cid, &hex); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "note: will re-use ID %s from corresponding private key\n", hex.data); gnutls_free(hex.data); @@ -985,7 +985,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)) && (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) == 0) fprintf(stderr, "note: some tokens may require security officer login for this operation\n"); - exit(1); + app_exit(1); } gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL); @@ -1002,7 +1002,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_x509_privkey_deinit(xkey); } @@ -1016,7 +1016,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_pubkey_deinit(xpubkey); } @@ -1024,7 +1024,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label, if (xkey == NULL && xcrt == NULL && secret_key == NULL && xpubkey == NULL) { fprintf(stderr, "You must use --load-privkey, --load-certificate, --load-pubkey or --secret-key to load the file to be copied\n"); - exit(1); + app_exit(1); } UNFIX; @@ -1053,7 +1053,7 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } cid.data = raw_id; cid.size = raw_id_size; @@ -1078,7 +1078,7 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, if (bits != 1024 && pk == GNUTLS_PK_RSA) fprintf(stderr, "note: several smart cards do not support arbitrary size keys; try --bits 1024 or 2048.\n"); - exit(1); + app_exit(1); } fwrite(pubkey.data, 1, pubkey.size, outfile); @@ -1109,14 +1109,14 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_privkey_import_url(pkey, url, 0); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = @@ -1126,7 +1126,7 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_pkcs11_privkey_deinit(pkey); @@ -1149,12 +1149,12 @@ pkcs11_init(FILE * outfile, const char *url, const char *label, if (url == NULL) { fprintf(stderr, "error: no token URL given to initialize!\n"); - exit(1); + app_exit(1); } if (label == NULL) { fprintf(stderr, "error: no label provided for token initialization!\n"); - exit(1); + app_exit(1); } if (info->so_pin != NULL) @@ -1164,11 +1164,11 @@ pkcs11_init(FILE * outfile, const char *url, const char *label, if (pin == NULL && info->batch == 0) pin = getpass("Enter Security Officer's PIN: "); if (pin == NULL) - exit(1); + app_exit(1); } if (strlen(pin) >= sizeof(so_pin) || pin[0] == '\n') - exit(1); + app_exit(1); strcpy(so_pin, pin); @@ -1177,7 +1177,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf(stderr, "\nError in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(stderr, "done\n"); @@ -1196,7 +1196,7 @@ pkcs11_set_pin(FILE * outfile, const char *url, common_info_st * info, unsigned if (url == NULL) { fprintf(stderr, "error: no token URL given to initialize!\n"); - exit(1); + app_exit(1); } fprintf(stderr, "Setting token's user PIN...\n"); @@ -1209,7 +1209,7 @@ pkcs11_set_pin(FILE * outfile, const char *url, common_info_st * info, unsigned if (pin == NULL && info->batch == 0) pin = getpass("Enter Administrators's new PIN: "); if (pin == NULL) - exit(1); + app_exit(1); } } else { if (info->pin != NULL) { @@ -1219,18 +1219,18 @@ pkcs11_set_pin(FILE * outfile, const char *url, common_info_st * info, unsigned if (pin == NULL && info->batch == 0) pin = getpass("Enter User's new PIN: "); if (pin == NULL) - exit(1); + app_exit(1); } } if (pin == NULL || pin[0] == '\n') - exit(1); + app_exit(1); ret = gnutls_pkcs11_token_set_pin(url, NULL, pin, (so!=0)?GNUTLS_PIN_SO:GNUTLS_PIN_USER); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } return; @@ -1498,14 +1498,14 @@ pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes, output = malloc(bytes); if (output == NULL) { fprintf(stderr, "Memory error\n"); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_token_get_random(url, output, bytes); if (ret < 0) { fprintf(stderr, "gnutls_pkcs11_token_get_random: %s\n", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fwrite(output, 1, bytes, outfile); @@ -1531,14 +1531,14 @@ void pkcs11_set_val(FILE * outfile, const char *url, int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = gnutls_pkcs11_obj_import_url(obj, url, flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } ret = @@ -1546,7 +1546,7 @@ void pkcs11_set_val(FILE * outfile, const char *url, int detailed, if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_pkcs11_obj_deinit(obj); diff --git a/src/systemkey.c b/src/systemkey.c index 7affc2ccbb..ce152a3aed 100644 --- a/src/systemkey.c +++ b/src/systemkey.c @@ -54,10 +54,20 @@ static gnutls_x509_crt_fmt_t incert_format, outcert_format; static gnutls_x509_crt_fmt_t inkey_format, outkey_format; static FILE *outfile; +static const char *outfile_name = NULL; static FILE *infile; int batch = 0; int ask_pass = 0; +void app_exit(int val) +{ + if (val != 0) { + if (outfile_name) + remove(outfile_name); + } + exit(val); +} + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); @@ -108,8 +118,9 @@ static void cmd_parser(int argc, char **argv) outfile = safe_open_rw(OPT_ARG(OUTFILE), 0); if (outfile == NULL) { fprintf(stderr, "%s", OPT_ARG(OUTFILE)); - exit(1); + app_exit(1); } + outfile_name = OPT_ARG(OUTFILE); } else outfile = stdout; @@ -117,7 +128,7 @@ static void cmd_parser(int argc, char **argv) infile = fopen(OPT_ARG(INFILE), "rb"); if (infile == NULL) { fprintf(stderr, "%s", OPT_ARG(INFILE)); - exit(1); + app_exit(1); } } else infile = stdin; @@ -142,7 +153,7 @@ static void systemkey_delete(const char *url, FILE * out) if (ret < 0) { fprintf(stderr, "gnutls_systemkey_privkey_delete: %s", gnutls_strerror(ret)); - exit(1); + app_exit(1); } fprintf(out, "Key %s deleted\n", url); @@ -164,7 +175,7 @@ static void systemkey_list(FILE * out) if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { fprintf(stderr, "gnutls_system_key_iter_get_url: %s", gnutls_strerror(ret)); - exit(1); + app_exit(1); } gnutls_system_key_iter_deinit(iter); fputs("\n", out); diff --git a/src/tpmtool.c b/src/tpmtool.c index ae89d12245..a9877829c7 100644 --- a/src/tpmtool.c +++ b/src/tpmtool.c @@ -59,10 +59,21 @@ static gnutls_x509_crt_fmt_t incert_format, outcert_format; static gnutls_tpmkey_fmt_t inkey_format, outkey_format; static FILE *outfile; +static const char *outfile_name = NULL; static FILE *infile; int batch = 0; int ask_pass = 0; +void app_exit(int val) +{ + if (val != 0) { + if (outfile_name != NULL) { + remove(outfile_name); + } + } + exit(val); +} + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); @@ -134,6 +145,7 @@ static void cmd_parser(int argc, char **argv) fprintf(stderr, "%s\n", OPT_ARG(OUTFILE)); exit(1); } + outfile_name = OPT_ARG(OUTFILE); } else outfile = stdout; |