Commit 871e10f17a for openssl.org
commit 871e10f17ad73b7e9f920510c8008225fc5da762
Author: Filipe R. Da Silva <fdasilvayy@gmail.com>
Date: Sun Mar 15 21:55:42 2026 +0100
apps: remove atoi() calls.
Related to #8216
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon Apr 13 09:30:21 2026
(Merged from https://github.com/openssl/openssl/pull/30476)
diff --git a/apps/ca.c b/apps/ca.c
index d167b21d43..c0a58f4d16 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -408,7 +408,7 @@ int ca_main(int argc, char **argv)
enddate = opt_arg();
break;
case OPT_DAYS:
- days = atoi(opt_arg());
+ days = opt_int_arg();
break;
case OPT_MD:
dgst = opt_arg();
diff --git a/apps/dgst.c b/apps/dgst.c
index 68e9f3f43f..344949429f 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -201,7 +201,7 @@ int dgst_main(int argc, char **argv)
out_bin = 1;
break;
case OPT_XOFLEN:
- xoflen = atoi(opt_arg());
+ xoflen = opt_int_arg();
break;
case OPT_DEBUG:
debug = 1;
diff --git a/apps/kdf.c b/apps/kdf.c
index 7bdeaa14d3..f94a5d11f2 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -101,7 +101,7 @@ int kdf_main(int argc, char **argv)
out_bin = 1;
break;
case OPT_KEYLEN:
- dkm_len = atoi(opt_arg());
+ dkm_len = opt_int_arg();
break;
case OPT_OUT:
outfile = opt_arg();
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 8c3b3a9e25..9c6041230b 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -688,7 +688,7 @@ int opt_ulong(const char *value, unsigned long *result)
l = strtoul(value, &endptr, 0);
if (*endptr
|| endptr == value
- || ((l == ULONG_MAX) && errno == ERANGE)
+ || (l == ULONG_MAX && errno == ERANGE)
|| (l == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
@@ -765,12 +765,12 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
X509_VERIFY_PARAM_set1(vpm, vtmp);
break;
case OPT_V_VERIFY_DEPTH:
- i = atoi(opt_arg());
+ i = opt_int_arg();
if (i >= 0)
X509_VERIFY_PARAM_set_depth(vpm, i);
break;
case OPT_V_VERIFY_AUTH_LEVEL:
- i = atoi(opt_arg());
+ i = opt_int_arg();
if (i >= 0)
X509_VERIFY_PARAM_set_auth_level(vpm, i);
break;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index bf6f96045c..11d54ed10b 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -319,7 +319,7 @@ int ocsp_main(int argc, char **argv)
break;
case OPT_TIMEOUT:
#ifndef OPENSSL_NO_SOCK
- req_timeout = atoi(opt_arg());
+ req_timeout = opt_int_arg();
#endif
break;
case OPT_URL:
@@ -515,7 +515,7 @@ int ocsp_main(int argc, char **argv)
accept_count = opt_int_arg();
break;
case OPT_NDAYS:
- ndays = atoi(opt_arg());
+ ndays = opt_int_arg();
break;
case OPT_RSIGNER:
rsignfile = opt_arg();
@@ -567,7 +567,7 @@ int ocsp_main(int argc, char **argv)
break;
case OPT_MULTI:
#ifdef HTTP_DAEMON
- n_responders = atoi(opt_arg());
+ n_responders = opt_int_arg();
#endif
break;
case OPT_PROV_CASES:
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 0ffd92f8c0..5f9c3284f0 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -266,7 +266,7 @@ int pkeyutl_main(int argc, char **argv)
kdfalg = opt_arg();
break;
case OPT_KDFLEN:
- kdflen = atoi(opt_arg());
+ kdflen = opt_int_arg();
break;
case OPT_REV:
rev = 1;
diff --git a/apps/prime.c b/apps/prime.c
index 2309cfbc7f..f4572e1afb 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -125,7 +125,7 @@ int prime_main(int argc, char **argv)
generate = 1;
break;
case OPT_BITS:
- bits = atoi(opt_arg());
+ bits = opt_int_arg();
break;
case OPT_SAFE:
safe = 1;
diff --git a/apps/req.c b/apps/req.c
index 6404ee8f9b..695fd049dd 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -454,7 +454,7 @@ int req_main(int argc, char **argv)
not_after = opt_arg();
break;
case OPT_DAYS:
- days = atoi(opt_arg());
+ days = opt_int_arg();
if (days <= UNSET_DAYS) {
BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n",
prog);
diff --git a/apps/s_client.c b/apps/s_client.c
index 3aaf19d03b..b5e996d59c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1221,7 +1221,7 @@ int s_client_main(int argc, char **argv)
break;
case OPT_VERIFY:
verify = SSL_VERIFY_PEER;
- verify_args.depth = atoi(opt_arg());
+ verify_args.depth = opt_int_arg();
if (!c_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
@@ -1402,7 +1402,7 @@ int s_client_main(int argc, char **argv)
min_version = TLS1_VERSION;
break;
case OPT_SRP_STRENGTH:
- srp_arg.strength = atoi(opt_arg());
+ srp_arg.strength = opt_int_arg();
BIO_printf(bio_err, "SRP minimal length for N is %d\n",
srp_arg.strength);
if (min_version < TLS1_VERSION)
@@ -1648,7 +1648,7 @@ int s_client_main(int argc, char **argv)
sni_outer_name = opt_arg();
break;
case OPT_ECH_SELECT:
- ech_select = atoi(opt_arg());
+ ech_select = opt_int_arg();
break;
case OPT_ECH_GREASE:
ech_grease = 1;
@@ -1657,7 +1657,7 @@ int s_client_main(int argc, char **argv)
ech_grease_suite = opt_arg();
break;
case OPT_ECH_GREASE_TYPE:
- ech_grease_type = atoi(opt_arg());
+ ech_grease_type = opt_int_arg();
break;
case OPT_ECH_IGNORE_CONFIG_ID:
ech_ignore_cid = 1;
@@ -1678,13 +1678,13 @@ int s_client_main(int argc, char **argv)
keymatexportlabel = opt_arg();
break;
case OPT_KEYMATEXPORTLEN:
- keymatexportlen = atoi(opt_arg());
+ keymatexportlen = opt_int_arg();
break;
case OPT_ASYNC:
async = 1;
break;
case OPT_MAXFRAGLEN:
- len = atoi(opt_arg());
+ len = opt_int_arg();
switch (len) {
case 512:
maxfraglen = TLSEXT_max_fragment_length_512;
@@ -1706,16 +1706,16 @@ int s_client_main(int argc, char **argv)
}
break;
case OPT_MAX_SEND_FRAG:
- max_send_fragment = atoi(opt_arg());
+ max_send_fragment = opt_int_arg();
break;
case OPT_SPLIT_SEND_FRAG:
- split_send_fragment = atoi(opt_arg());
+ split_send_fragment = opt_int_arg();
break;
case OPT_MAX_PIPELINES:
- max_pipelines = atoi(opt_arg());
+ max_pipelines = opt_int_arg();
break;
case OPT_READ_BUF:
- read_buf_len = atoi(opt_arg());
+ read_buf_len = opt_int_arg();
break;
case OPT_KEYLOG_FILE:
keylog_file = opt_arg();
diff --git a/apps/s_server.c b/apps/s_server.c
index 996d762641..38db88437e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1884,13 +1884,13 @@ int s_server_main(int argc, char *argv[])
break;
case OPT_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
- verify_args.depth = atoi(opt_arg());
+ verify_args.depth = opt_int_arg();
if (!s_quiet)
BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
break;
case OPT_UPPER_V_VERIFY:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
- verify_args.depth = atoi(opt_arg());
+ verify_args.depth = opt_int_arg();
if (!s_quiet)
BIO_printf(bio_err,
"verify depth is %d, must return a certificate\n",
@@ -2074,7 +2074,7 @@ int s_server_main(int argc, char *argv[])
case OPT_STATUS_TIMEOUT:
#ifndef OPENSSL_NO_OCSP
s_tlsextstatus = 1;
- tlscstatp.timeout = atoi(opt_arg());
+ tlscstatp.timeout = opt_int_arg();
#endif
break;
case OPT_PROXY:
@@ -2300,35 +2300,35 @@ int s_server_main(int argc, char *argv[])
keymatexportlabel = opt_arg();
break;
case OPT_KEYMATEXPORTLEN:
- keymatexportlen = atoi(opt_arg());
+ keymatexportlen = opt_int_arg();
break;
case OPT_ASYNC:
async = 1;
break;
case OPT_MAX_SEND_FRAG:
- max_send_fragment = atoi(opt_arg());
+ max_send_fragment = opt_int_arg();
break;
case OPT_SPLIT_SEND_FRAG:
- split_send_fragment = atoi(opt_arg());
+ split_send_fragment = opt_int_arg();
break;
case OPT_MAX_PIPELINES:
- max_pipelines = atoi(opt_arg());
+ max_pipelines = opt_int_arg();
break;
case OPT_READ_BUF:
- read_buf_len = atoi(opt_arg());
+ read_buf_len = opt_int_arg();
break;
case OPT_KEYLOG_FILE:
keylog_file = opt_arg();
break;
case OPT_MAX_EARLY:
- max_early_data = atoi(opt_arg());
+ max_early_data = opt_int_arg();
if (max_early_data < 0) {
BIO_puts(bio_err, "Invalid value for max_early_data\n");
goto end;
}
break;
case OPT_RECV_MAX_EARLY:
- recv_max_early_data = atoi(opt_arg());
+ recv_max_early_data = opt_int_arg();
if (recv_max_early_data < 0) {
BIO_puts(bio_err, "Invalid value for recv_max_early_data\n");
goto end;
diff --git a/apps/x509.c b/apps/x509.c
index 73c6f5db10..7b7706a05e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -492,7 +492,7 @@ int x509_main(int argc, char **argv)
not_after = opt_arg();
break;
case OPT_DAYS:
- days = atoi(opt_arg());
+ days = opt_int_arg();
if (days <= UNSET_DAYS) {
BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n",
prog);