apps.c 68 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
  10. /*
  11. * On VMS, you need to define this to get the declaration of fileno(). The
  12. * value 2 is to make sure no function defined in POSIX-2 is left undefined.
  13. */
  14. # define _POSIX_C_SOURCE 2
  15. #endif
  16. #include <stdio.h>
  17. #include <stdlib.h>
  18. #include <string.h>
  19. #include <sys/types.h>
  20. #ifndef OPENSSL_NO_POSIX_IO
  21. # include <sys/stat.h>
  22. # include <fcntl.h>
  23. #endif
  24. #include <ctype.h>
  25. #include <errno.h>
  26. #include <openssl/err.h>
  27. #include <openssl/x509.h>
  28. #include <openssl/x509v3.h>
  29. #include <openssl/pem.h>
  30. #include <openssl/pkcs12.h>
  31. #include <openssl/ui.h>
  32. #include <openssl/safestack.h>
  33. #ifndef OPENSSL_NO_ENGINE
  34. # include <openssl/engine.h>
  35. #endif
  36. #ifndef OPENSSL_NO_RSA
  37. # include <openssl/rsa.h>
  38. #endif
  39. #include <openssl/bn.h>
  40. #include <openssl/ssl.h>
  41. #include "s_apps.h"
  42. #include "apps.h"
  43. #ifdef _WIN32
  44. static int WIN32_rename(const char *from, const char *to);
  45. # define rename(from,to) WIN32_rename((from),(to))
  46. #endif
  47. #define PASS_SOURCE_SIZE_MAX 4
  48. typedef struct {
  49. const char *name;
  50. unsigned long flag;
  51. unsigned long mask;
  52. } NAME_EX_TBL;
  53. static int set_table_opts(unsigned long *flags, const char *arg,
  54. const NAME_EX_TBL * in_tbl);
  55. static int set_multi_opts(unsigned long *flags, const char *arg,
  56. const NAME_EX_TBL * in_tbl);
  57. int app_init(long mesgwin);
  58. int chopup_args(ARGS *arg, char *buf)
  59. {
  60. int quoted;
  61. char c = '\0', *p = NULL;
  62. arg->argc = 0;
  63. if (arg->size == 0) {
  64. arg->size = 20;
  65. arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
  66. }
  67. for (p = buf;;) {
  68. /* Skip whitespace. */
  69. while (*p && isspace(_UC(*p)))
  70. p++;
  71. if (!*p)
  72. break;
  73. /* The start of something good :-) */
  74. if (arg->argc >= arg->size) {
  75. char **tmp;
  76. arg->size += 20;
  77. tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
  78. if (tmp == NULL)
  79. return 0;
  80. arg->argv = tmp;
  81. }
  82. quoted = *p == '\'' || *p == '"';
  83. if (quoted)
  84. c = *p++;
  85. arg->argv[arg->argc++] = p;
  86. /* now look for the end of this */
  87. if (quoted) {
  88. while (*p && *p != c)
  89. p++;
  90. *p++ = '\0';
  91. } else {
  92. while (*p && !isspace(_UC(*p)))
  93. p++;
  94. if (*p)
  95. *p++ = '\0';
  96. }
  97. }
  98. arg->argv[arg->argc] = NULL;
  99. return 1;
  100. }
  101. #ifndef APP_INIT
  102. int app_init(long mesgwin)
  103. {
  104. return 1;
  105. }
  106. #endif
  107. int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
  108. const char *CApath, int noCAfile, int noCApath)
  109. {
  110. if (CAfile == NULL && CApath == NULL) {
  111. if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
  112. return 0;
  113. if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
  114. return 0;
  115. return 1;
  116. }
  117. return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
  118. }
  119. #ifndef OPENSSL_NO_CT
  120. int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  121. {
  122. if (path == NULL)
  123. return SSL_CTX_set_default_ctlog_list_file(ctx);
  124. return SSL_CTX_set_ctlog_list_file(ctx, path);
  125. }
  126. #endif
  127. static unsigned long nmflag = 0;
  128. static char nmflag_set = 0;
  129. int set_nameopt(const char *arg)
  130. {
  131. int ret = set_name_ex(&nmflag, arg);
  132. if (ret)
  133. nmflag_set = 1;
  134. return ret;
  135. }
  136. unsigned long get_nameopt(void)
  137. {
  138. return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
  139. }
  140. int dump_cert_text(BIO *out, X509 *x)
  141. {
  142. print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
  143. BIO_puts(out, "\n");
  144. print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
  145. BIO_puts(out, "\n");
  146. return 0;
  147. }
  148. int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
  149. {
  150. return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
  151. }
  152. static char *app_get_pass(const char *arg, int keepbio);
  153. int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
  154. {
  155. int same = arg1 != NULL && arg2 != NULL && strcmp(arg1, arg2) == 0;
  156. if (arg1 != NULL) {
  157. *pass1 = app_get_pass(arg1, same);
  158. if (*pass1 == NULL)
  159. return 0;
  160. } else if (pass1 != NULL) {
  161. *pass1 = NULL;
  162. }
  163. if (arg2 != NULL) {
  164. *pass2 = app_get_pass(arg2, same ? 2 : 0);
  165. if (*pass2 == NULL)
  166. return 0;
  167. } else if (pass2 != NULL) {
  168. *pass2 = NULL;
  169. }
  170. return 1;
  171. }
  172. static char *app_get_pass(const char *arg, int keepbio)
  173. {
  174. static BIO *pwdbio = NULL;
  175. char *tmp, tpass[APP_PASS_LEN];
  176. int i;
  177. /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */
  178. if (strncmp(arg, "pass:", 5) == 0)
  179. return OPENSSL_strdup(arg + 5);
  180. if (strncmp(arg, "env:", 4) == 0) {
  181. tmp = getenv(arg + 4);
  182. if (tmp == NULL) {
  183. BIO_printf(bio_err, "No environment variable %s\n", arg + 4);
  184. return NULL;
  185. }
  186. return OPENSSL_strdup(tmp);
  187. }
  188. if (!keepbio || pwdbio == NULL) {
  189. if (strncmp(arg, "file:", 5) == 0) {
  190. pwdbio = BIO_new_file(arg + 5, "r");
  191. if (pwdbio == NULL) {
  192. BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
  193. return NULL;
  194. }
  195. #if !defined(_WIN32)
  196. /*
  197. * Under _WIN32, which covers even Win64 and CE, file
  198. * descriptors referenced by BIO_s_fd are not inherited
  199. * by child process and therefore below is not an option.
  200. * It could have been an option if bss_fd.c was operating
  201. * on real Windows descriptors, such as those obtained
  202. * with CreateFile.
  203. */
  204. } else if (strncmp(arg, "fd:", 3) == 0) {
  205. BIO *btmp;
  206. i = atoi(arg + 3);
  207. if (i >= 0)
  208. pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
  209. if ((i < 0) || !pwdbio) {
  210. BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
  211. return NULL;
  212. }
  213. /*
  214. * Can't do BIO_gets on an fd BIO so add a buffering BIO
  215. */
  216. btmp = BIO_new(BIO_f_buffer());
  217. pwdbio = BIO_push(btmp, pwdbio);
  218. #endif
  219. } else if (strcmp(arg, "stdin") == 0) {
  220. pwdbio = dup_bio_in(FORMAT_TEXT);
  221. if (!pwdbio) {
  222. BIO_printf(bio_err, "Can't open BIO for stdin\n");
  223. return NULL;
  224. }
  225. } else {
  226. /* argument syntax error; do not reveal too much about arg */
  227. tmp = strchr(arg, ':');
  228. if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
  229. BIO_printf(bio_err,
  230. "Invalid password argument, missing ':' within the first %d chars\n",
  231. PASS_SOURCE_SIZE_MAX + 1);
  232. else
  233. BIO_printf(bio_err,
  234. "Invalid password argument, starting with \"%.*s\"\n",
  235. (int)(tmp - arg + 1), arg);
  236. return NULL;
  237. }
  238. }
  239. i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
  240. if (keepbio != 1) {
  241. BIO_free_all(pwdbio);
  242. pwdbio = NULL;
  243. }
  244. if (i <= 0) {
  245. BIO_printf(bio_err, "Error reading password from BIO\n");
  246. return NULL;
  247. }
  248. tmp = strchr(tpass, '\n');
  249. if (tmp != NULL)
  250. *tmp = 0;
  251. return OPENSSL_strdup(tpass);
  252. }
  253. CONF *app_load_config_bio(BIO *in, const char *filename)
  254. {
  255. long errorline = -1;
  256. CONF *conf;
  257. int i;
  258. conf = NCONF_new(NULL);
  259. i = NCONF_load_bio(conf, in, &errorline);
  260. if (i > 0)
  261. return conf;
  262. if (errorline <= 0) {
  263. BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
  264. } else {
  265. BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
  266. errorline);
  267. }
  268. if (filename != NULL)
  269. BIO_printf(bio_err, "config file \"%s\"\n", filename);
  270. else
  271. BIO_printf(bio_err, "config input");
  272. NCONF_free(conf);
  273. return NULL;
  274. }
  275. CONF *app_load_config(const char *filename)
  276. {
  277. BIO *in;
  278. CONF *conf;
  279. in = bio_open_default(filename, 'r', FORMAT_TEXT);
  280. if (in == NULL)
  281. return NULL;
  282. conf = app_load_config_bio(in, filename);
  283. BIO_free(in);
  284. return conf;
  285. }
  286. CONF *app_load_config_quiet(const char *filename)
  287. {
  288. BIO *in;
  289. CONF *conf;
  290. in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
  291. if (in == NULL)
  292. return NULL;
  293. conf = app_load_config_bio(in, filename);
  294. BIO_free(in);
  295. return conf;
  296. }
  297. int app_load_modules(const CONF *config)
  298. {
  299. CONF *to_free = NULL;
  300. if (config == NULL)
  301. config = to_free = app_load_config_quiet(default_config_file);
  302. if (config == NULL)
  303. return 1;
  304. if (CONF_modules_load(config, NULL, 0) <= 0) {
  305. BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
  306. ERR_print_errors(bio_err);
  307. NCONF_free(to_free);
  308. return 0;
  309. }
  310. NCONF_free(to_free);
  311. return 1;
  312. }
  313. int add_oid_section(CONF *conf)
  314. {
  315. char *p;
  316. STACK_OF(CONF_VALUE) *sktmp;
  317. CONF_VALUE *cnf;
  318. int i;
  319. if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
  320. ERR_clear_error();
  321. return 1;
  322. }
  323. if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
  324. BIO_printf(bio_err, "problem loading oid section %s\n", p);
  325. return 0;
  326. }
  327. for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
  328. cnf = sk_CONF_VALUE_value(sktmp, i);
  329. if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
  330. BIO_printf(bio_err, "problem creating object %s=%s\n",
  331. cnf->name, cnf->value);
  332. return 0;
  333. }
  334. }
  335. return 1;
  336. }
  337. static int load_pkcs12(BIO *in, const char *desc,
  338. pem_password_cb *pem_cb, PW_CB_DATA *cb_data,
  339. EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
  340. {
  341. const char *pass;
  342. char tpass[PEM_BUFSIZE];
  343. int len, ret = 0;
  344. PKCS12 *p12;
  345. p12 = d2i_PKCS12_bio(in, NULL);
  346. if (p12 == NULL) {
  347. BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
  348. goto die;
  349. }
  350. /* See if an empty password will do */
  351. if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
  352. pass = "";
  353. } else {
  354. if (!pem_cb)
  355. pem_cb = (pem_password_cb *)password_callback;
  356. len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
  357. if (len < 0) {
  358. BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
  359. goto die;
  360. }
  361. if (len < PEM_BUFSIZE)
  362. tpass[len] = 0;
  363. if (!PKCS12_verify_mac(p12, tpass, len)) {
  364. BIO_printf(bio_err,
  365. "Mac verify error (wrong password?) in PKCS12 file for %s\n",
  366. desc);
  367. goto die;
  368. }
  369. pass = tpass;
  370. }
  371. ret = PKCS12_parse(p12, pass, pkey, cert, ca);
  372. die:
  373. PKCS12_free(p12);
  374. return ret;
  375. }
  376. #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
  377. static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
  378. {
  379. char *host = NULL, *port = NULL, *path = NULL;
  380. BIO *bio = NULL;
  381. OCSP_REQ_CTX *rctx = NULL;
  382. int use_ssl, rv = 0;
  383. if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
  384. goto err;
  385. if (use_ssl) {
  386. BIO_puts(bio_err, "https not supported\n");
  387. goto err;
  388. }
  389. bio = BIO_new_connect(host);
  390. if (!bio || !BIO_set_conn_port(bio, port))
  391. goto err;
  392. rctx = OCSP_REQ_CTX_new(bio, 1024);
  393. if (rctx == NULL)
  394. goto err;
  395. if (!OCSP_REQ_CTX_http(rctx, "GET", path))
  396. goto err;
  397. if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
  398. goto err;
  399. if (pcert) {
  400. do {
  401. rv = X509_http_nbio(rctx, pcert);
  402. } while (rv == -1);
  403. } else {
  404. do {
  405. rv = X509_CRL_http_nbio(rctx, pcrl);
  406. } while (rv == -1);
  407. }
  408. err:
  409. OPENSSL_free(host);
  410. OPENSSL_free(path);
  411. OPENSSL_free(port);
  412. BIO_free_all(bio);
  413. OCSP_REQ_CTX_free(rctx);
  414. if (rv != 1) {
  415. BIO_printf(bio_err, "Error loading %s from %s\n",
  416. pcert ? "certificate" : "CRL", url);
  417. ERR_print_errors(bio_err);
  418. }
  419. return rv;
  420. }
  421. #endif
  422. X509 *load_cert(const char *file, int format, const char *cert_descrip)
  423. {
  424. X509 *x = NULL;
  425. BIO *cert;
  426. if (format == FORMAT_HTTP) {
  427. #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
  428. load_cert_crl_http(file, &x, NULL);
  429. #endif
  430. return x;
  431. }
  432. if (file == NULL) {
  433. unbuffer(stdin);
  434. cert = dup_bio_in(format);
  435. } else {
  436. cert = bio_open_default(file, 'r', format);
  437. }
  438. if (cert == NULL)
  439. goto end;
  440. if (format == FORMAT_ASN1) {
  441. x = d2i_X509_bio(cert, NULL);
  442. } else if (format == FORMAT_PEM) {
  443. x = PEM_read_bio_X509_AUX(cert, NULL,
  444. (pem_password_cb *)password_callback, NULL);
  445. } else if (format == FORMAT_PKCS12) {
  446. if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
  447. goto end;
  448. } else {
  449. BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
  450. goto end;
  451. }
  452. end:
  453. if (x == NULL) {
  454. BIO_printf(bio_err, "unable to load certificate\n");
  455. ERR_print_errors(bio_err);
  456. }
  457. BIO_free(cert);
  458. return x;
  459. }
  460. X509_CRL *load_crl(const char *infile, int format)
  461. {
  462. X509_CRL *x = NULL;
  463. BIO *in = NULL;
  464. if (format == FORMAT_HTTP) {
  465. #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
  466. load_cert_crl_http(infile, NULL, &x);
  467. #endif
  468. return x;
  469. }
  470. in = bio_open_default(infile, 'r', format);
  471. if (in == NULL)
  472. goto end;
  473. if (format == FORMAT_ASN1) {
  474. x = d2i_X509_CRL_bio(in, NULL);
  475. } else if (format == FORMAT_PEM) {
  476. x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
  477. } else {
  478. BIO_printf(bio_err, "bad input format specified for input crl\n");
  479. goto end;
  480. }
  481. if (x == NULL) {
  482. BIO_printf(bio_err, "unable to load CRL\n");
  483. ERR_print_errors(bio_err);
  484. goto end;
  485. }
  486. end:
  487. BIO_free(in);
  488. return x;
  489. }
  490. EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
  491. const char *pass, ENGINE *e, const char *key_descrip)
  492. {
  493. BIO *key = NULL;
  494. EVP_PKEY *pkey = NULL;
  495. PW_CB_DATA cb_data;
  496. cb_data.password = pass;
  497. cb_data.prompt_info = file;
  498. if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
  499. BIO_printf(bio_err, "no keyfile specified\n");
  500. goto end;
  501. }
  502. if (format == FORMAT_ENGINE) {
  503. if (e == NULL) {
  504. BIO_printf(bio_err, "no engine specified\n");
  505. } else {
  506. #ifndef OPENSSL_NO_ENGINE
  507. if (ENGINE_init(e)) {
  508. pkey = ENGINE_load_private_key(e, file,
  509. (UI_METHOD *)get_ui_method(),
  510. &cb_data);
  511. ENGINE_finish(e);
  512. }
  513. if (pkey == NULL) {
  514. BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
  515. ERR_print_errors(bio_err);
  516. }
  517. #else
  518. BIO_printf(bio_err, "engines not supported\n");
  519. #endif
  520. }
  521. goto end;
  522. }
  523. if (file == NULL && maybe_stdin) {
  524. unbuffer(stdin);
  525. key = dup_bio_in(format);
  526. } else {
  527. key = bio_open_default(file, 'r', format);
  528. }
  529. if (key == NULL)
  530. goto end;
  531. if (format == FORMAT_ASN1) {
  532. pkey = d2i_PrivateKey_bio(key, NULL);
  533. } else if (format == FORMAT_PEM) {
  534. pkey = PEM_read_bio_PrivateKey(key, NULL, wrap_password_callback, &cb_data);
  535. } else if (format == FORMAT_PKCS12) {
  536. if (!load_pkcs12(key, key_descrip, wrap_password_callback, &cb_data,
  537. &pkey, NULL, NULL))
  538. goto end;
  539. #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
  540. } else if (format == FORMAT_MSBLOB) {
  541. pkey = b2i_PrivateKey_bio(key);
  542. } else if (format == FORMAT_PVK) {
  543. pkey = b2i_PVK_bio(key, wrap_password_callback, &cb_data);
  544. #endif
  545. } else {
  546. BIO_printf(bio_err, "bad input format specified for key file\n");
  547. goto end;
  548. }
  549. end:
  550. BIO_free(key);
  551. if (pkey == NULL) {
  552. BIO_printf(bio_err, "unable to load %s\n", key_descrip);
  553. ERR_print_errors(bio_err);
  554. }
  555. return pkey;
  556. }
  557. EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
  558. const char *pass, ENGINE *e, const char *key_descrip)
  559. {
  560. BIO *key = NULL;
  561. EVP_PKEY *pkey = NULL;
  562. PW_CB_DATA cb_data;
  563. cb_data.password = pass;
  564. cb_data.prompt_info = file;
  565. if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
  566. BIO_printf(bio_err, "no keyfile specified\n");
  567. goto end;
  568. }
  569. if (format == FORMAT_ENGINE) {
  570. if (e == NULL) {
  571. BIO_printf(bio_err, "no engine specified\n");
  572. } else {
  573. #ifndef OPENSSL_NO_ENGINE
  574. pkey = ENGINE_load_public_key(e, file, (UI_METHOD *)get_ui_method(),
  575. &cb_data);
  576. if (pkey == NULL) {
  577. BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
  578. ERR_print_errors(bio_err);
  579. }
  580. #else
  581. BIO_printf(bio_err, "engines not supported\n");
  582. #endif
  583. }
  584. goto end;
  585. }
  586. if (file == NULL && maybe_stdin) {
  587. unbuffer(stdin);
  588. key = dup_bio_in(format);
  589. } else {
  590. key = bio_open_default(file, 'r', format);
  591. }
  592. if (key == NULL)
  593. goto end;
  594. if (format == FORMAT_ASN1) {
  595. pkey = d2i_PUBKEY_bio(key, NULL);
  596. } else if (format == FORMAT_ASN1RSA) {
  597. #ifndef OPENSSL_NO_RSA
  598. RSA *rsa;
  599. rsa = d2i_RSAPublicKey_bio(key, NULL);
  600. if (rsa) {
  601. pkey = EVP_PKEY_new();
  602. if (pkey != NULL)
  603. EVP_PKEY_set1_RSA(pkey, rsa);
  604. RSA_free(rsa);
  605. } else
  606. #else
  607. BIO_printf(bio_err, "RSA keys not supported\n");
  608. #endif
  609. pkey = NULL;
  610. } else if (format == FORMAT_PEMRSA) {
  611. #ifndef OPENSSL_NO_RSA
  612. RSA *rsa;
  613. rsa = PEM_read_bio_RSAPublicKey(key, NULL,
  614. (pem_password_cb *)password_callback,
  615. &cb_data);
  616. if (rsa != NULL) {
  617. pkey = EVP_PKEY_new();
  618. if (pkey != NULL)
  619. EVP_PKEY_set1_RSA(pkey, rsa);
  620. RSA_free(rsa);
  621. } else
  622. #else
  623. BIO_printf(bio_err, "RSA keys not supported\n");
  624. #endif
  625. pkey = NULL;
  626. } else if (format == FORMAT_PEM) {
  627. pkey = PEM_read_bio_PUBKEY(key, NULL,
  628. (pem_password_cb *)password_callback,
  629. &cb_data);
  630. #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
  631. } else if (format == FORMAT_MSBLOB) {
  632. pkey = b2i_PublicKey_bio(key);
  633. #endif
  634. }
  635. end:
  636. BIO_free(key);
  637. if (pkey == NULL)
  638. BIO_printf(bio_err, "unable to load %s\n", key_descrip);
  639. return pkey;
  640. }
  641. static int load_certs_crls(const char *file, int format,
  642. const char *pass, const char *desc,
  643. STACK_OF(X509) **pcerts,
  644. STACK_OF(X509_CRL) **pcrls)
  645. {
  646. int i;
  647. BIO *bio;
  648. STACK_OF(X509_INFO) *xis = NULL;
  649. X509_INFO *xi;
  650. PW_CB_DATA cb_data;
  651. int rv = 0;
  652. cb_data.password = pass;
  653. cb_data.prompt_info = file;
  654. if (format != FORMAT_PEM) {
  655. BIO_printf(bio_err, "bad input format specified for %s\n", desc);
  656. return 0;
  657. }
  658. bio = bio_open_default(file, 'r', FORMAT_PEM);
  659. if (bio == NULL)
  660. return 0;
  661. xis = PEM_X509_INFO_read_bio(bio, NULL,
  662. (pem_password_cb *)password_callback,
  663. &cb_data);
  664. BIO_free(bio);
  665. if (pcerts != NULL && *pcerts == NULL) {
  666. *pcerts = sk_X509_new_null();
  667. if (*pcerts == NULL)
  668. goto end;
  669. }
  670. if (pcrls != NULL && *pcrls == NULL) {
  671. *pcrls = sk_X509_CRL_new_null();
  672. if (*pcrls == NULL)
  673. goto end;
  674. }
  675. for (i = 0; i < sk_X509_INFO_num(xis); i++) {
  676. xi = sk_X509_INFO_value(xis, i);
  677. if (xi->x509 != NULL && pcerts != NULL) {
  678. if (!sk_X509_push(*pcerts, xi->x509))
  679. goto end;
  680. xi->x509 = NULL;
  681. }
  682. if (xi->crl != NULL && pcrls != NULL) {
  683. if (!sk_X509_CRL_push(*pcrls, xi->crl))
  684. goto end;
  685. xi->crl = NULL;
  686. }
  687. }
  688. if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
  689. rv = 1;
  690. if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
  691. rv = 1;
  692. end:
  693. sk_X509_INFO_pop_free(xis, X509_INFO_free);
  694. if (rv == 0) {
  695. if (pcerts != NULL) {
  696. sk_X509_pop_free(*pcerts, X509_free);
  697. *pcerts = NULL;
  698. }
  699. if (pcrls != NULL) {
  700. sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
  701. *pcrls = NULL;
  702. }
  703. BIO_printf(bio_err, "unable to load %s\n",
  704. pcerts ? "certificates" : "CRLs");
  705. ERR_print_errors(bio_err);
  706. }
  707. return rv;
  708. }
  709. void* app_malloc(int sz, const char *what)
  710. {
  711. void *vp = OPENSSL_malloc(sz);
  712. if (vp == NULL) {
  713. BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
  714. opt_getprog(), sz, what);
  715. ERR_print_errors(bio_err);
  716. exit(1);
  717. }
  718. return vp;
  719. }
  720. /*
  721. * Initialize or extend, if *certs != NULL, a certificate stack.
  722. */
  723. int load_certs(const char *file, STACK_OF(X509) **certs, int format,
  724. const char *pass, const char *desc)
  725. {
  726. return load_certs_crls(file, format, pass, desc, certs, NULL);
  727. }
  728. /*
  729. * Initialize or extend, if *crls != NULL, a certificate stack.
  730. */
  731. int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
  732. const char *pass, const char *desc)
  733. {
  734. return load_certs_crls(file, format, pass, desc, NULL, crls);
  735. }
  736. #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
  737. /* Return error for unknown extensions */
  738. #define X509V3_EXT_DEFAULT 0
  739. /* Print error for unknown extensions */
  740. #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
  741. /* ASN1 parse unknown extensions */
  742. #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
  743. /* BIO_dump unknown extensions */
  744. #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
  745. #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
  746. X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
  747. int set_cert_ex(unsigned long *flags, const char *arg)
  748. {
  749. static const NAME_EX_TBL cert_tbl[] = {
  750. {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
  751. {"ca_default", X509_FLAG_CA, 0xffffffffl},
  752. {"no_header", X509_FLAG_NO_HEADER, 0},
  753. {"no_version", X509_FLAG_NO_VERSION, 0},
  754. {"no_serial", X509_FLAG_NO_SERIAL, 0},
  755. {"no_signame", X509_FLAG_NO_SIGNAME, 0},
  756. {"no_validity", X509_FLAG_NO_VALIDITY, 0},
  757. {"no_subject", X509_FLAG_NO_SUBJECT, 0},
  758. {"no_issuer", X509_FLAG_NO_ISSUER, 0},
  759. {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
  760. {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
  761. {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
  762. {"no_aux", X509_FLAG_NO_AUX, 0},
  763. {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
  764. {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
  765. {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  766. {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  767. {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  768. {NULL, 0, 0}
  769. };
  770. return set_multi_opts(flags, arg, cert_tbl);
  771. }
  772. int set_name_ex(unsigned long *flags, const char *arg)
  773. {
  774. static const NAME_EX_TBL ex_tbl[] = {
  775. {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
  776. {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
  777. {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
  778. {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
  779. {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
  780. {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
  781. {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
  782. {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
  783. {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
  784. {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
  785. {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
  786. {"compat", XN_FLAG_COMPAT, 0xffffffffL},
  787. {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
  788. {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
  789. {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
  790. {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
  791. {"dn_rev", XN_FLAG_DN_REV, 0},
  792. {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
  793. {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
  794. {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
  795. {"align", XN_FLAG_FN_ALIGN, 0},
  796. {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
  797. {"space_eq", XN_FLAG_SPC_EQ, 0},
  798. {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
  799. {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
  800. {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
  801. {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
  802. {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
  803. {NULL, 0, 0}
  804. };
  805. if (set_multi_opts(flags, arg, ex_tbl) == 0)
  806. return 0;
  807. if (*flags != XN_FLAG_COMPAT
  808. && (*flags & XN_FLAG_SEP_MASK) == 0)
  809. *flags |= XN_FLAG_SEP_CPLUS_SPC;
  810. return 1;
  811. }
  812. int set_ext_copy(int *copy_type, const char *arg)
  813. {
  814. if (strcasecmp(arg, "none") == 0)
  815. *copy_type = EXT_COPY_NONE;
  816. else if (strcasecmp(arg, "copy") == 0)
  817. *copy_type = EXT_COPY_ADD;
  818. else if (strcasecmp(arg, "copyall") == 0)
  819. *copy_type = EXT_COPY_ALL;
  820. else
  821. return 0;
  822. return 1;
  823. }
  824. int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
  825. {
  826. STACK_OF(X509_EXTENSION) *exts = NULL;
  827. X509_EXTENSION *ext, *tmpext;
  828. ASN1_OBJECT *obj;
  829. int i, idx, ret = 0;
  830. if (!x || !req || (copy_type == EXT_COPY_NONE))
  831. return 1;
  832. exts = X509_REQ_get_extensions(req);
  833. for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
  834. ext = sk_X509_EXTENSION_value(exts, i);
  835. obj = X509_EXTENSION_get_object(ext);
  836. idx = X509_get_ext_by_OBJ(x, obj, -1);
  837. /* Does extension exist? */
  838. if (idx != -1) {
  839. /* If normal copy don't override existing extension */
  840. if (copy_type == EXT_COPY_ADD)
  841. continue;
  842. /* Delete all extensions of same type */
  843. do {
  844. tmpext = X509_get_ext(x, idx);
  845. X509_delete_ext(x, idx);
  846. X509_EXTENSION_free(tmpext);
  847. idx = X509_get_ext_by_OBJ(x, obj, -1);
  848. } while (idx != -1);
  849. }
  850. if (!X509_add_ext(x, ext, -1))
  851. goto end;
  852. }
  853. ret = 1;
  854. end:
  855. sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
  856. return ret;
  857. }
  858. static int set_multi_opts(unsigned long *flags, const char *arg,
  859. const NAME_EX_TBL * in_tbl)
  860. {
  861. STACK_OF(CONF_VALUE) *vals;
  862. CONF_VALUE *val;
  863. int i, ret = 1;
  864. if (!arg)
  865. return 0;
  866. vals = X509V3_parse_list(arg);
  867. for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
  868. val = sk_CONF_VALUE_value(vals, i);
  869. if (!set_table_opts(flags, val->name, in_tbl))
  870. ret = 0;
  871. }
  872. sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
  873. return ret;
  874. }
  875. static int set_table_opts(unsigned long *flags, const char *arg,
  876. const NAME_EX_TBL * in_tbl)
  877. {
  878. char c;
  879. const NAME_EX_TBL *ptbl;
  880. c = arg[0];
  881. if (c == '-') {
  882. c = 0;
  883. arg++;
  884. } else if (c == '+') {
  885. c = 1;
  886. arg++;
  887. } else {
  888. c = 1;
  889. }
  890. for (ptbl = in_tbl; ptbl->name; ptbl++) {
  891. if (strcasecmp(arg, ptbl->name) == 0) {
  892. *flags &= ~ptbl->mask;
  893. if (c)
  894. *flags |= ptbl->flag;
  895. else
  896. *flags &= ~ptbl->flag;
  897. return 1;
  898. }
  899. }
  900. return 0;
  901. }
  902. void print_name(BIO *out, const char *title, X509_NAME *nm,
  903. unsigned long lflags)
  904. {
  905. char *buf;
  906. char mline = 0;
  907. int indent = 0;
  908. if (title)
  909. BIO_puts(out, title);
  910. if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
  911. mline = 1;
  912. indent = 4;
  913. }
  914. if (lflags == XN_FLAG_COMPAT) {
  915. buf = X509_NAME_oneline(nm, 0, 0);
  916. BIO_puts(out, buf);
  917. BIO_puts(out, "\n");
  918. OPENSSL_free(buf);
  919. } else {
  920. if (mline)
  921. BIO_puts(out, "\n");
  922. X509_NAME_print_ex(out, nm, indent, lflags);
  923. BIO_puts(out, "\n");
  924. }
  925. }
  926. void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
  927. int len, unsigned char *buffer)
  928. {
  929. BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
  930. if (BN_is_zero(in)) {
  931. BIO_printf(out, "\n 0x00");
  932. } else {
  933. int i, l;
  934. l = BN_bn2bin(in, buffer);
  935. for (i = 0; i < l; i++) {
  936. BIO_printf(out, (i % 10) == 0 ? "\n " : " ");
  937. if (i < l - 1)
  938. BIO_printf(out, "0x%02X,", buffer[i]);
  939. else
  940. BIO_printf(out, "0x%02X", buffer[i]);
  941. }
  942. }
  943. BIO_printf(out, "\n };\n");
  944. }
  945. void print_array(BIO *out, const char* title, int len, const unsigned char* d)
  946. {
  947. int i;
  948. BIO_printf(out, "unsigned char %s[%d] = {", title, len);
  949. for (i = 0; i < len; i++) {
  950. if ((i % 10) == 0)
  951. BIO_printf(out, "\n ");
  952. if (i < len - 1)
  953. BIO_printf(out, "0x%02X, ", d[i]);
  954. else
  955. BIO_printf(out, "0x%02X", d[i]);
  956. }
  957. BIO_printf(out, "\n};\n");
  958. }
  959. X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
  960. {
  961. X509_STORE *store = X509_STORE_new();
  962. X509_LOOKUP *lookup;
  963. if (store == NULL)
  964. goto end;
  965. if (CAfile != NULL || !noCAfile) {
  966. lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
  967. if (lookup == NULL)
  968. goto end;
  969. if (CAfile) {
  970. if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
  971. BIO_printf(bio_err, "Error loading file %s\n", CAfile);
  972. goto end;
  973. }
  974. } else {
  975. X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  976. }
  977. }
  978. if (CApath != NULL || !noCApath) {
  979. lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
  980. if (lookup == NULL)
  981. goto end;
  982. if (CApath) {
  983. if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
  984. BIO_printf(bio_err, "Error loading directory %s\n", CApath);
  985. goto end;
  986. }
  987. } else {
  988. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  989. }
  990. }
  991. ERR_clear_error();
  992. return store;
  993. end:
  994. X509_STORE_free(store);
  995. return NULL;
  996. }
  997. #ifndef OPENSSL_NO_ENGINE
  998. /* Try to load an engine in a shareable library */
  999. static ENGINE *try_load_engine(const char *engine)
  1000. {
  1001. ENGINE *e = ENGINE_by_id("dynamic");
  1002. if (e) {
  1003. if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
  1004. || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
  1005. ENGINE_free(e);
  1006. e = NULL;
  1007. }
  1008. }
  1009. return e;
  1010. }
  1011. #endif
  1012. ENGINE *setup_engine(const char *engine, int debug)
  1013. {
  1014. ENGINE *e = NULL;
  1015. #ifndef OPENSSL_NO_ENGINE
  1016. if (engine != NULL) {
  1017. if (strcmp(engine, "auto") == 0) {
  1018. BIO_printf(bio_err, "enabling auto ENGINE support\n");
  1019. ENGINE_register_all_complete();
  1020. return NULL;
  1021. }
  1022. if ((e = ENGINE_by_id(engine)) == NULL
  1023. && (e = try_load_engine(engine)) == NULL) {
  1024. BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
  1025. ERR_print_errors(bio_err);
  1026. return NULL;
  1027. }
  1028. if (debug) {
  1029. ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
  1030. }
  1031. ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, (void *)get_ui_method(),
  1032. 0, 1);
  1033. if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
  1034. BIO_printf(bio_err, "can't use that engine\n");
  1035. ERR_print_errors(bio_err);
  1036. ENGINE_free(e);
  1037. return NULL;
  1038. }
  1039. BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
  1040. }
  1041. #endif
  1042. return e;
  1043. }
  1044. void release_engine(ENGINE *e)
  1045. {
  1046. #ifndef OPENSSL_NO_ENGINE
  1047. if (e != NULL)
  1048. /* Free our "structural" reference. */
  1049. ENGINE_free(e);
  1050. #endif
  1051. }
  1052. static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
  1053. {
  1054. const char *n;
  1055. n = a[DB_serial];
  1056. while (*n == '0')
  1057. n++;
  1058. return OPENSSL_LH_strhash(n);
  1059. }
  1060. static int index_serial_cmp(const OPENSSL_CSTRING *a,
  1061. const OPENSSL_CSTRING *b)
  1062. {
  1063. const char *aa, *bb;
  1064. for (aa = a[DB_serial]; *aa == '0'; aa++) ;
  1065. for (bb = b[DB_serial]; *bb == '0'; bb++) ;
  1066. return strcmp(aa, bb);
  1067. }
  1068. static int index_name_qual(char **a)
  1069. {
  1070. return (a[0][0] == 'V');
  1071. }
  1072. static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
  1073. {
  1074. return OPENSSL_LH_strhash(a[DB_name]);
  1075. }
  1076. int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
  1077. {
  1078. return strcmp(a[DB_name], b[DB_name]);
  1079. }
  1080. static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
  1081. static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
  1082. static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
  1083. static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
  1084. #undef BSIZE
  1085. #define BSIZE 256
  1086. BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
  1087. {
  1088. BIO *in = NULL;
  1089. BIGNUM *ret = NULL;
  1090. char buf[1024];
  1091. ASN1_INTEGER *ai = NULL;
  1092. ai = ASN1_INTEGER_new();
  1093. if (ai == NULL)
  1094. goto err;
  1095. in = BIO_new_file(serialfile, "r");
  1096. if (in == NULL) {
  1097. if (!create) {
  1098. perror(serialfile);
  1099. goto err;
  1100. }
  1101. ERR_clear_error();
  1102. ret = BN_new();
  1103. if (ret == NULL || !rand_serial(ret, ai))
  1104. BIO_printf(bio_err, "Out of memory\n");
  1105. } else {
  1106. if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
  1107. BIO_printf(bio_err, "unable to load number from %s\n",
  1108. serialfile);
  1109. goto err;
  1110. }
  1111. ret = ASN1_INTEGER_to_BN(ai, NULL);
  1112. if (ret == NULL) {
  1113. BIO_printf(bio_err,
  1114. "error converting number from bin to BIGNUM\n");
  1115. goto err;
  1116. }
  1117. }
  1118. if (ret && retai) {
  1119. *retai = ai;
  1120. ai = NULL;
  1121. }
  1122. err:
  1123. BIO_free(in);
  1124. ASN1_INTEGER_free(ai);
  1125. return ret;
  1126. }
  1127. int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
  1128. ASN1_INTEGER **retai)
  1129. {
  1130. char buf[1][BSIZE];
  1131. BIO *out = NULL;
  1132. int ret = 0;
  1133. ASN1_INTEGER *ai = NULL;
  1134. int j;
  1135. if (suffix == NULL)
  1136. j = strlen(serialfile);
  1137. else
  1138. j = strlen(serialfile) + strlen(suffix) + 1;
  1139. if (j >= BSIZE) {
  1140. BIO_printf(bio_err, "file name too long\n");
  1141. goto err;
  1142. }
  1143. if (suffix == NULL)
  1144. OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
  1145. else {
  1146. #ifndef OPENSSL_SYS_VMS
  1147. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
  1148. #else
  1149. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
  1150. #endif
  1151. }
  1152. out = BIO_new_file(buf[0], "w");
  1153. if (out == NULL) {
  1154. ERR_print_errors(bio_err);
  1155. goto err;
  1156. }
  1157. if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
  1158. BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
  1159. goto err;
  1160. }
  1161. i2a_ASN1_INTEGER(out, ai);
  1162. BIO_puts(out, "\n");
  1163. ret = 1;
  1164. if (retai) {
  1165. *retai = ai;
  1166. ai = NULL;
  1167. }
  1168. err:
  1169. BIO_free_all(out);
  1170. ASN1_INTEGER_free(ai);
  1171. return ret;
  1172. }
  1173. int rotate_serial(const char *serialfile, const char *new_suffix,
  1174. const char *old_suffix)
  1175. {
  1176. char buf[2][BSIZE];
  1177. int i, j;
  1178. i = strlen(serialfile) + strlen(old_suffix);
  1179. j = strlen(serialfile) + strlen(new_suffix);
  1180. if (i > j)
  1181. j = i;
  1182. if (j + 1 >= BSIZE) {
  1183. BIO_printf(bio_err, "file name too long\n");
  1184. goto err;
  1185. }
  1186. #ifndef OPENSSL_SYS_VMS
  1187. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
  1188. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
  1189. #else
  1190. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
  1191. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
  1192. #endif
  1193. if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
  1194. #ifdef ENOTDIR
  1195. && errno != ENOTDIR
  1196. #endif
  1197. ) {
  1198. BIO_printf(bio_err,
  1199. "unable to rename %s to %s\n", serialfile, buf[1]);
  1200. perror("reason");
  1201. goto err;
  1202. }
  1203. if (rename(buf[0], serialfile) < 0) {
  1204. BIO_printf(bio_err,
  1205. "unable to rename %s to %s\n", buf[0], serialfile);
  1206. perror("reason");
  1207. rename(buf[1], serialfile);
  1208. goto err;
  1209. }
  1210. return 1;
  1211. err:
  1212. return 0;
  1213. }
  1214. int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
  1215. {
  1216. BIGNUM *btmp;
  1217. int ret = 0;
  1218. btmp = b == NULL ? BN_new() : b;
  1219. if (btmp == NULL)
  1220. return 0;
  1221. if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
  1222. goto error;
  1223. if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
  1224. goto error;
  1225. ret = 1;
  1226. error:
  1227. if (btmp != b)
  1228. BN_free(btmp);
  1229. return ret;
  1230. }
  1231. CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
  1232. {
  1233. CA_DB *retdb = NULL;
  1234. TXT_DB *tmpdb = NULL;
  1235. BIO *in;
  1236. CONF *dbattr_conf = NULL;
  1237. char buf[BSIZE];
  1238. #ifndef OPENSSL_NO_POSIX_IO
  1239. FILE *dbfp;
  1240. struct stat dbst;
  1241. #endif
  1242. in = BIO_new_file(dbfile, "r");
  1243. if (in == NULL) {
  1244. ERR_print_errors(bio_err);
  1245. goto err;
  1246. }
  1247. #ifndef OPENSSL_NO_POSIX_IO
  1248. BIO_get_fp(in, &dbfp);
  1249. if (fstat(fileno(dbfp), &dbst) == -1) {
  1250. SYSerr(SYS_F_FSTAT, errno);
  1251. ERR_add_error_data(3, "fstat('", dbfile, "')");
  1252. ERR_print_errors(bio_err);
  1253. goto err;
  1254. }
  1255. #endif
  1256. if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
  1257. goto err;
  1258. #ifndef OPENSSL_SYS_VMS
  1259. BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
  1260. #else
  1261. BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
  1262. #endif
  1263. dbattr_conf = app_load_config_quiet(buf);
  1264. retdb = app_malloc(sizeof(*retdb), "new DB");
  1265. retdb->db = tmpdb;
  1266. tmpdb = NULL;
  1267. if (db_attr)
  1268. retdb->attributes = *db_attr;
  1269. else {
  1270. retdb->attributes.unique_subject = 1;
  1271. }
  1272. if (dbattr_conf) {
  1273. char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
  1274. if (p) {
  1275. retdb->attributes.unique_subject = parse_yesno(p, 1);
  1276. }
  1277. }
  1278. retdb->dbfname = OPENSSL_strdup(dbfile);
  1279. #ifndef OPENSSL_NO_POSIX_IO
  1280. retdb->dbst = dbst;
  1281. #endif
  1282. err:
  1283. NCONF_free(dbattr_conf);
  1284. TXT_DB_free(tmpdb);
  1285. BIO_free_all(in);
  1286. return retdb;
  1287. }
  1288. /*
  1289. * Returns > 0 on success, <= 0 on error
  1290. */
  1291. int index_index(CA_DB *db)
  1292. {
  1293. if (!TXT_DB_create_index(db->db, DB_serial, NULL,
  1294. LHASH_HASH_FN(index_serial),
  1295. LHASH_COMP_FN(index_serial))) {
  1296. BIO_printf(bio_err,
  1297. "error creating serial number index:(%ld,%ld,%ld)\n",
  1298. db->db->error, db->db->arg1, db->db->arg2);
  1299. return 0;
  1300. }
  1301. if (db->attributes.unique_subject
  1302. && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
  1303. LHASH_HASH_FN(index_name),
  1304. LHASH_COMP_FN(index_name))) {
  1305. BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
  1306. db->db->error, db->db->arg1, db->db->arg2);
  1307. return 0;
  1308. }
  1309. return 1;
  1310. }
  1311. int save_index(const char *dbfile, const char *suffix, CA_DB *db)
  1312. {
  1313. char buf[3][BSIZE];
  1314. BIO *out;
  1315. int j;
  1316. j = strlen(dbfile) + strlen(suffix);
  1317. if (j + 6 >= BSIZE) {
  1318. BIO_printf(bio_err, "file name too long\n");
  1319. goto err;
  1320. }
  1321. #ifndef OPENSSL_SYS_VMS
  1322. j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
  1323. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
  1324. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
  1325. #else
  1326. j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
  1327. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
  1328. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
  1329. #endif
  1330. out = BIO_new_file(buf[0], "w");
  1331. if (out == NULL) {
  1332. perror(dbfile);
  1333. BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
  1334. goto err;
  1335. }
  1336. j = TXT_DB_write(out, db->db);
  1337. BIO_free(out);
  1338. if (j <= 0)
  1339. goto err;
  1340. out = BIO_new_file(buf[1], "w");
  1341. if (out == NULL) {
  1342. perror(buf[2]);
  1343. BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
  1344. goto err;
  1345. }
  1346. BIO_printf(out, "unique_subject = %s\n",
  1347. db->attributes.unique_subject ? "yes" : "no");
  1348. BIO_free(out);
  1349. return 1;
  1350. err:
  1351. return 0;
  1352. }
  1353. int rotate_index(const char *dbfile, const char *new_suffix,
  1354. const char *old_suffix)
  1355. {
  1356. char buf[5][BSIZE];
  1357. int i, j;
  1358. i = strlen(dbfile) + strlen(old_suffix);
  1359. j = strlen(dbfile) + strlen(new_suffix);
  1360. if (i > j)
  1361. j = i;
  1362. if (j + 6 >= BSIZE) {
  1363. BIO_printf(bio_err, "file name too long\n");
  1364. goto err;
  1365. }
  1366. #ifndef OPENSSL_SYS_VMS
  1367. j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
  1368. j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
  1369. j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
  1370. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
  1371. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
  1372. #else
  1373. j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
  1374. j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
  1375. j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
  1376. j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
  1377. j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
  1378. #endif
  1379. if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
  1380. #ifdef ENOTDIR
  1381. && errno != ENOTDIR
  1382. #endif
  1383. ) {
  1384. BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
  1385. perror("reason");
  1386. goto err;
  1387. }
  1388. if (rename(buf[0], dbfile) < 0) {
  1389. BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
  1390. perror("reason");
  1391. rename(buf[1], dbfile);
  1392. goto err;
  1393. }
  1394. if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
  1395. #ifdef ENOTDIR
  1396. && errno != ENOTDIR
  1397. #endif
  1398. ) {
  1399. BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
  1400. perror("reason");
  1401. rename(dbfile, buf[0]);
  1402. rename(buf[1], dbfile);
  1403. goto err;
  1404. }
  1405. if (rename(buf[2], buf[4]) < 0) {
  1406. BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
  1407. perror("reason");
  1408. rename(buf[3], buf[4]);
  1409. rename(dbfile, buf[0]);
  1410. rename(buf[1], dbfile);
  1411. goto err;
  1412. }
  1413. return 1;
  1414. err:
  1415. return 0;
  1416. }
  1417. void free_index(CA_DB *db)
  1418. {
  1419. if (db) {
  1420. TXT_DB_free(db->db);
  1421. OPENSSL_free(db->dbfname);
  1422. OPENSSL_free(db);
  1423. }
  1424. }
  1425. int parse_yesno(const char *str, int def)
  1426. {
  1427. if (str) {
  1428. switch (*str) {
  1429. case 'f': /* false */
  1430. case 'F': /* FALSE */
  1431. case 'n': /* no */
  1432. case 'N': /* NO */
  1433. case '0': /* 0 */
  1434. return 0;
  1435. case 't': /* true */
  1436. case 'T': /* TRUE */
  1437. case 'y': /* yes */
  1438. case 'Y': /* YES */
  1439. case '1': /* 1 */
  1440. return 1;
  1441. }
  1442. }
  1443. return def;
  1444. }
  1445. /*
  1446. * name is expected to be in the format /type0=value0/type1=value1/type2=...
  1447. * where characters may be escaped by \
  1448. */
  1449. X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
  1450. {
  1451. int nextismulti = 0;
  1452. char *work;
  1453. X509_NAME *n;
  1454. if (*cp++ != '/') {
  1455. BIO_printf(bio_err,
  1456. "name is expected to be in the format "
  1457. "/type0=value0/type1=value1/type2=... where characters may "
  1458. "be escaped by \\. This name is not in that format: '%s'\n",
  1459. --cp);
  1460. return NULL;
  1461. }
  1462. n = X509_NAME_new();
  1463. if (n == NULL)
  1464. return NULL;
  1465. work = OPENSSL_strdup(cp);
  1466. if (work == NULL) {
  1467. BIO_printf(bio_err, "%s: Error copying name input\n", opt_getprog());
  1468. goto err;
  1469. }
  1470. while (*cp) {
  1471. char *bp = work;
  1472. char *typestr = bp;
  1473. unsigned char *valstr;
  1474. int nid;
  1475. int ismulti = nextismulti;
  1476. nextismulti = 0;
  1477. /* Collect the type */
  1478. while (*cp && *cp != '=')
  1479. *bp++ = *cp++;
  1480. if (*cp == '\0') {
  1481. BIO_printf(bio_err,
  1482. "%s: Hit end of string before finding the '='\n",
  1483. opt_getprog());
  1484. goto err;
  1485. }
  1486. *bp++ = '\0';
  1487. ++cp;
  1488. /* Collect the value. */
  1489. valstr = (unsigned char *)bp;
  1490. for (; *cp && *cp != '/'; *bp++ = *cp++) {
  1491. if (canmulti && *cp == '+') {
  1492. nextismulti = 1;
  1493. break;
  1494. }
  1495. if (*cp == '\\' && *++cp == '\0') {
  1496. BIO_printf(bio_err,
  1497. "%s: escape character at end of string\n",
  1498. opt_getprog());
  1499. goto err;
  1500. }
  1501. }
  1502. *bp++ = '\0';
  1503. /* If not at EOS (must be + or /), move forward. */
  1504. if (*cp)
  1505. ++cp;
  1506. /* Parse */
  1507. nid = OBJ_txt2nid(typestr);
  1508. if (nid == NID_undef) {
  1509. BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
  1510. opt_getprog(), typestr);
  1511. continue;
  1512. }
  1513. if (*valstr == '\0') {
  1514. BIO_printf(bio_err,
  1515. "%s: No value provided for Subject Attribute %s, skipped\n",
  1516. opt_getprog(), typestr);
  1517. continue;
  1518. }
  1519. if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
  1520. valstr, strlen((char *)valstr),
  1521. -1, ismulti ? -1 : 0)) {
  1522. BIO_printf(bio_err, "%s: Error adding name attribute \"/%s=%s\"\n",
  1523. opt_getprog(), typestr ,valstr);
  1524. goto err;
  1525. }
  1526. }
  1527. OPENSSL_free(work);
  1528. return n;
  1529. err:
  1530. X509_NAME_free(n);
  1531. OPENSSL_free(work);
  1532. return NULL;
  1533. }
  1534. /*
  1535. * Read whole contents of a BIO into an allocated memory buffer and return
  1536. * it.
  1537. */
  1538. int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
  1539. {
  1540. BIO *mem;
  1541. int len, ret;
  1542. unsigned char tbuf[1024];
  1543. mem = BIO_new(BIO_s_mem());
  1544. if (mem == NULL)
  1545. return -1;
  1546. for (;;) {
  1547. if ((maxlen != -1) && maxlen < 1024)
  1548. len = maxlen;
  1549. else
  1550. len = 1024;
  1551. len = BIO_read(in, tbuf, len);
  1552. if (len < 0) {
  1553. BIO_free(mem);
  1554. return -1;
  1555. }
  1556. if (len == 0)
  1557. break;
  1558. if (BIO_write(mem, tbuf, len) != len) {
  1559. BIO_free(mem);
  1560. return -1;
  1561. }
  1562. maxlen -= len;
  1563. if (maxlen == 0)
  1564. break;
  1565. }
  1566. ret = BIO_get_mem_data(mem, (char **)out);
  1567. BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
  1568. BIO_free(mem);
  1569. return ret;
  1570. }
  1571. int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
  1572. {
  1573. int rv;
  1574. char *stmp, *vtmp = NULL;
  1575. stmp = OPENSSL_strdup(value);
  1576. if (!stmp)
  1577. return -1;
  1578. vtmp = strchr(stmp, ':');
  1579. if (vtmp) {
  1580. *vtmp = 0;
  1581. vtmp++;
  1582. }
  1583. rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
  1584. OPENSSL_free(stmp);
  1585. return rv;
  1586. }
  1587. static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
  1588. {
  1589. X509_POLICY_NODE *node;
  1590. int i;
  1591. BIO_printf(bio_err, "%s Policies:", name);
  1592. if (nodes) {
  1593. BIO_puts(bio_err, "\n");
  1594. for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
  1595. node = sk_X509_POLICY_NODE_value(nodes, i);
  1596. X509_POLICY_NODE_print(bio_err, node, 2);
  1597. }
  1598. } else {
  1599. BIO_puts(bio_err, " <empty>\n");
  1600. }
  1601. }
  1602. void policies_print(X509_STORE_CTX *ctx)
  1603. {
  1604. X509_POLICY_TREE *tree;
  1605. int explicit_policy;
  1606. tree = X509_STORE_CTX_get0_policy_tree(ctx);
  1607. explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
  1608. BIO_printf(bio_err, "Require explicit Policy: %s\n",
  1609. explicit_policy ? "True" : "False");
  1610. nodes_print("Authority", X509_policy_tree_get0_policies(tree));
  1611. nodes_print("User", X509_policy_tree_get0_user_policies(tree));
  1612. }
  1613. /*-
  1614. * next_protos_parse parses a comma separated list of strings into a string
  1615. * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
  1616. * outlen: (output) set to the length of the resulting buffer on success.
  1617. * err: (maybe NULL) on failure, an error message line is written to this BIO.
  1618. * in: a NUL terminated string like "abc,def,ghi"
  1619. *
  1620. * returns: a malloc'd buffer or NULL on failure.
  1621. */
  1622. unsigned char *next_protos_parse(size_t *outlen, const char *in)
  1623. {
  1624. size_t len;
  1625. unsigned char *out;
  1626. size_t i, start = 0;
  1627. len = strlen(in);
  1628. if (len >= 65535)
  1629. return NULL;
  1630. out = app_malloc(strlen(in) + 1, "NPN buffer");
  1631. for (i = 0; i <= len; ++i) {
  1632. if (i == len || in[i] == ',') {
  1633. if (i - start > 255) {
  1634. OPENSSL_free(out);
  1635. return NULL;
  1636. }
  1637. out[start] = (unsigned char)(i - start);
  1638. start = i + 1;
  1639. } else {
  1640. out[i + 1] = in[i];
  1641. }
  1642. }
  1643. *outlen = len + 1;
  1644. return out;
  1645. }
  1646. void print_cert_checks(BIO *bio, X509 *x,
  1647. const char *checkhost,
  1648. const char *checkemail, const char *checkip)
  1649. {
  1650. if (x == NULL)
  1651. return;
  1652. if (checkhost) {
  1653. BIO_printf(bio, "Hostname %s does%s match certificate\n",
  1654. checkhost,
  1655. X509_check_host(x, checkhost, 0, 0, NULL) == 1
  1656. ? "" : " NOT");
  1657. }
  1658. if (checkemail) {
  1659. BIO_printf(bio, "Email %s does%s match certificate\n",
  1660. checkemail, X509_check_email(x, checkemail, 0, 0)
  1661. ? "" : " NOT");
  1662. }
  1663. if (checkip) {
  1664. BIO_printf(bio, "IP %s does%s match certificate\n",
  1665. checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
  1666. }
  1667. }
  1668. /* Get first http URL from a DIST_POINT structure */
  1669. static const char *get_dp_url(DIST_POINT *dp)
  1670. {
  1671. GENERAL_NAMES *gens;
  1672. GENERAL_NAME *gen;
  1673. int i, gtype;
  1674. ASN1_STRING *uri;
  1675. if (!dp->distpoint || dp->distpoint->type != 0)
  1676. return NULL;
  1677. gens = dp->distpoint->name.fullname;
  1678. for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
  1679. gen = sk_GENERAL_NAME_value(gens, i);
  1680. uri = GENERAL_NAME_get0_value(gen, &gtype);
  1681. if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
  1682. const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
  1683. if (strncmp(uptr, "http://", 7) == 0)
  1684. return uptr;
  1685. }
  1686. }
  1687. return NULL;
  1688. }
  1689. /*
  1690. * Look through a CRLDP structure and attempt to find an http URL to
  1691. * downloads a CRL from.
  1692. */
  1693. static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
  1694. {
  1695. int i;
  1696. const char *urlptr = NULL;
  1697. for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
  1698. DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
  1699. urlptr = get_dp_url(dp);
  1700. if (urlptr)
  1701. return load_crl(urlptr, FORMAT_HTTP);
  1702. }
  1703. return NULL;
  1704. }
  1705. /*
  1706. * Example of downloading CRLs from CRLDP: not usable for real world as it
  1707. * always downloads, doesn't support non-blocking I/O and doesn't cache
  1708. * anything.
  1709. */
  1710. static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
  1711. {
  1712. X509 *x;
  1713. STACK_OF(X509_CRL) *crls = NULL;
  1714. X509_CRL *crl;
  1715. STACK_OF(DIST_POINT) *crldp;
  1716. crls = sk_X509_CRL_new_null();
  1717. if (!crls)
  1718. return NULL;
  1719. x = X509_STORE_CTX_get_current_cert(ctx);
  1720. crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
  1721. crl = load_crl_crldp(crldp);
  1722. sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
  1723. if (!crl) {
  1724. sk_X509_CRL_free(crls);
  1725. return NULL;
  1726. }
  1727. sk_X509_CRL_push(crls, crl);
  1728. /* Try to download delta CRL */
  1729. crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
  1730. crl = load_crl_crldp(crldp);
  1731. sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
  1732. if (crl)
  1733. sk_X509_CRL_push(crls, crl);
  1734. return crls;
  1735. }
  1736. void store_setup_crl_download(X509_STORE *st)
  1737. {
  1738. X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
  1739. }
  1740. /*
  1741. * Platform-specific sections
  1742. */
  1743. #if defined(_WIN32)
  1744. # ifdef fileno
  1745. # undef fileno
  1746. # define fileno(a) (int)_fileno(a)
  1747. # endif
  1748. # include <windows.h>
  1749. # include <tchar.h>
  1750. static int WIN32_rename(const char *from, const char *to)
  1751. {
  1752. TCHAR *tfrom = NULL, *tto;
  1753. DWORD err;
  1754. int ret = 0;
  1755. if (sizeof(TCHAR) == 1) {
  1756. tfrom = (TCHAR *)from;
  1757. tto = (TCHAR *)to;
  1758. } else { /* UNICODE path */
  1759. size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
  1760. tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
  1761. if (tfrom == NULL)
  1762. goto err;
  1763. tto = tfrom + flen;
  1764. # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
  1765. if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
  1766. # endif
  1767. for (i = 0; i < flen; i++)
  1768. tfrom[i] = (TCHAR)from[i];
  1769. # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
  1770. if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
  1771. # endif
  1772. for (i = 0; i < tlen; i++)
  1773. tto[i] = (TCHAR)to[i];
  1774. }
  1775. if (MoveFile(tfrom, tto))
  1776. goto ok;
  1777. err = GetLastError();
  1778. if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
  1779. if (DeleteFile(tto) && MoveFile(tfrom, tto))
  1780. goto ok;
  1781. err = GetLastError();
  1782. }
  1783. if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
  1784. errno = ENOENT;
  1785. else if (err == ERROR_ACCESS_DENIED)
  1786. errno = EACCES;
  1787. else
  1788. errno = EINVAL; /* we could map more codes... */
  1789. err:
  1790. ret = -1;
  1791. ok:
  1792. if (tfrom != NULL && tfrom != (TCHAR *)from)
  1793. free(tfrom);
  1794. return ret;
  1795. }
  1796. #endif
  1797. /* app_tminterval section */
  1798. #if defined(_WIN32)
  1799. double app_tminterval(int stop, int usertime)
  1800. {
  1801. FILETIME now;
  1802. double ret = 0;
  1803. static ULARGE_INTEGER tmstart;
  1804. static int warning = 1;
  1805. # ifdef _WIN32_WINNT
  1806. static HANDLE proc = NULL;
  1807. if (proc == NULL) {
  1808. if (check_winnt())
  1809. proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
  1810. GetCurrentProcessId());
  1811. if (proc == NULL)
  1812. proc = (HANDLE) - 1;
  1813. }
  1814. if (usertime && proc != (HANDLE) - 1) {
  1815. FILETIME junk;
  1816. GetProcessTimes(proc, &junk, &junk, &junk, &now);
  1817. } else
  1818. # endif
  1819. {
  1820. SYSTEMTIME systime;
  1821. if (usertime && warning) {
  1822. BIO_printf(bio_err, "To get meaningful results, run "
  1823. "this program on idle system.\n");
  1824. warning = 0;
  1825. }
  1826. GetSystemTime(&systime);
  1827. SystemTimeToFileTime(&systime, &now);
  1828. }
  1829. if (stop == TM_START) {
  1830. tmstart.u.LowPart = now.dwLowDateTime;
  1831. tmstart.u.HighPart = now.dwHighDateTime;
  1832. } else {
  1833. ULARGE_INTEGER tmstop;
  1834. tmstop.u.LowPart = now.dwLowDateTime;
  1835. tmstop.u.HighPart = now.dwHighDateTime;
  1836. ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
  1837. }
  1838. return ret;
  1839. }
  1840. #elif defined(OPENSSL_SYS_VXWORKS)
  1841. # include <time.h>
  1842. double app_tminterval(int stop, int usertime)
  1843. {
  1844. double ret = 0;
  1845. # ifdef CLOCK_REALTIME
  1846. static struct timespec tmstart;
  1847. struct timespec now;
  1848. # else
  1849. static unsigned long tmstart;
  1850. unsigned long now;
  1851. # endif
  1852. static int warning = 1;
  1853. if (usertime && warning) {
  1854. BIO_printf(bio_err, "To get meaningful results, run "
  1855. "this program on idle system.\n");
  1856. warning = 0;
  1857. }
  1858. # ifdef CLOCK_REALTIME
  1859. clock_gettime(CLOCK_REALTIME, &now);
  1860. if (stop == TM_START)
  1861. tmstart = now;
  1862. else
  1863. ret = ((now.tv_sec + now.tv_nsec * 1e-9)
  1864. - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
  1865. # else
  1866. now = tickGet();
  1867. if (stop == TM_START)
  1868. tmstart = now;
  1869. else
  1870. ret = (now - tmstart) / (double)sysClkRateGet();
  1871. # endif
  1872. return ret;
  1873. }
  1874. #elif defined(OPENSSL_SYSTEM_VMS)
  1875. # include <time.h>
  1876. # include <times.h>
  1877. double app_tminterval(int stop, int usertime)
  1878. {
  1879. static clock_t tmstart;
  1880. double ret = 0;
  1881. clock_t now;
  1882. # ifdef __TMS
  1883. struct tms rus;
  1884. now = times(&rus);
  1885. if (usertime)
  1886. now = rus.tms_utime;
  1887. # else
  1888. if (usertime)
  1889. now = clock(); /* sum of user and kernel times */
  1890. else {
  1891. struct timeval tv;
  1892. gettimeofday(&tv, NULL);
  1893. now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
  1894. (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
  1895. );
  1896. }
  1897. # endif
  1898. if (stop == TM_START)
  1899. tmstart = now;
  1900. else
  1901. ret = (now - tmstart) / (double)(CLK_TCK);
  1902. return ret;
  1903. }
  1904. #elif defined(_SC_CLK_TCK) /* by means of unistd.h */
  1905. # include <sys/times.h>
  1906. double app_tminterval(int stop, int usertime)
  1907. {
  1908. double ret = 0;
  1909. struct tms rus;
  1910. clock_t now = times(&rus);
  1911. static clock_t tmstart;
  1912. if (usertime)
  1913. now = rus.tms_utime;
  1914. if (stop == TM_START) {
  1915. tmstart = now;
  1916. } else {
  1917. long int tck = sysconf(_SC_CLK_TCK);
  1918. ret = (now - tmstart) / (double)tck;
  1919. }
  1920. return ret;
  1921. }
  1922. #else
  1923. # include <sys/time.h>
  1924. # include <sys/resource.h>
  1925. double app_tminterval(int stop, int usertime)
  1926. {
  1927. double ret = 0;
  1928. struct rusage rus;
  1929. struct timeval now;
  1930. static struct timeval tmstart;
  1931. if (usertime)
  1932. getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
  1933. else
  1934. gettimeofday(&now, NULL);
  1935. if (stop == TM_START)
  1936. tmstart = now;
  1937. else
  1938. ret = ((now.tv_sec + now.tv_usec * 1e-6)
  1939. - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
  1940. return ret;
  1941. }
  1942. #endif
  1943. int app_access(const char* name, int flag)
  1944. {
  1945. #ifdef _WIN32
  1946. return _access(name, flag);
  1947. #else
  1948. return access(name, flag);
  1949. #endif
  1950. }
  1951. int app_isdir(const char *name)
  1952. {
  1953. return opt_isdir(name);
  1954. }
  1955. /* raw_read|write section */
  1956. #if defined(__VMS)
  1957. # include "vms_term_sock.h"
  1958. static int stdin_sock = -1;
  1959. static void close_stdin_sock(void)
  1960. {
  1961. TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
  1962. }
  1963. int fileno_stdin(void)
  1964. {
  1965. if (stdin_sock == -1) {
  1966. TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
  1967. atexit(close_stdin_sock);
  1968. }
  1969. return stdin_sock;
  1970. }
  1971. #else
  1972. int fileno_stdin(void)
  1973. {
  1974. return fileno(stdin);
  1975. }
  1976. #endif
  1977. int fileno_stdout(void)
  1978. {
  1979. return fileno(stdout);
  1980. }
  1981. #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
  1982. int raw_read_stdin(void *buf, int siz)
  1983. {
  1984. DWORD n;
  1985. if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
  1986. return n;
  1987. else
  1988. return -1;
  1989. }
  1990. #elif defined(__VMS)
  1991. # include <sys/socket.h>
  1992. int raw_read_stdin(void *buf, int siz)
  1993. {
  1994. return recv(fileno_stdin(), buf, siz, 0);
  1995. }
  1996. #else
  1997. int raw_read_stdin(void *buf, int siz)
  1998. {
  1999. return read(fileno_stdin(), buf, siz);
  2000. }
  2001. #endif
  2002. #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
  2003. int raw_write_stdout(const void *buf, int siz)
  2004. {
  2005. DWORD n;
  2006. if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
  2007. return n;
  2008. else
  2009. return -1;
  2010. }
  2011. #else
  2012. int raw_write_stdout(const void *buf, int siz)
  2013. {
  2014. return write(fileno_stdout(), buf, siz);
  2015. }
  2016. #endif
  2017. /*
  2018. * Centralized handling of input and output files with format specification
  2019. * The format is meant to show what the input and output is supposed to be,
  2020. * and is therefore a show of intent more than anything else. However, it
  2021. * does impact behavior on some platforms, such as differentiating between
  2022. * text and binary input/output on non-Unix platforms
  2023. */
  2024. BIO *dup_bio_in(int format)
  2025. {
  2026. return BIO_new_fp(stdin,
  2027. BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
  2028. }
  2029. BIO *dup_bio_out(int format)
  2030. {
  2031. BIO *b = BIO_new_fp(stdout,
  2032. BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
  2033. void *prefix = NULL;
  2034. #ifdef OPENSSL_SYS_VMS
  2035. if (FMT_istext(format))
  2036. b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
  2037. #endif
  2038. if (FMT_istext(format)
  2039. && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
  2040. b = BIO_push(BIO_new(apps_bf_prefix()), b);
  2041. BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix);
  2042. }
  2043. return b;
  2044. }
  2045. BIO *dup_bio_err(int format)
  2046. {
  2047. BIO *b = BIO_new_fp(stderr,
  2048. BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
  2049. #ifdef OPENSSL_SYS_VMS
  2050. if (FMT_istext(format))
  2051. b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
  2052. #endif
  2053. return b;
  2054. }
  2055. /*
  2056. * Because the prefix method is created dynamically, we must also be able
  2057. * to destroy it.
  2058. */
  2059. void destroy_prefix_method(void)
  2060. {
  2061. BIO_METHOD *prefix_method = apps_bf_prefix();
  2062. BIO_meth_free(prefix_method);
  2063. prefix_method = NULL;
  2064. }
  2065. void unbuffer(FILE *fp)
  2066. {
  2067. /*
  2068. * On VMS, setbuf() will only take 32-bit pointers, and a compilation
  2069. * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
  2070. * However, we trust that the C RTL will never give us a FILE pointer
  2071. * above the first 4 GB of memory, so we simply turn off the warning
  2072. * temporarily.
  2073. */
  2074. #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
  2075. # pragma environment save
  2076. # pragma message disable maylosedata2
  2077. #endif
  2078. setbuf(fp, NULL);
  2079. #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
  2080. # pragma environment restore
  2081. #endif
  2082. }
  2083. static const char *modestr(char mode, int format)
  2084. {
  2085. OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');
  2086. switch (mode) {
  2087. case 'a':
  2088. return FMT_istext(format) ? "a" : "ab";
  2089. case 'r':
  2090. return FMT_istext(format) ? "r" : "rb";
  2091. case 'w':
  2092. return FMT_istext(format) ? "w" : "wb";
  2093. }
  2094. /* The assert above should make sure we never reach this point */
  2095. return NULL;
  2096. }
  2097. static const char *modeverb(char mode)
  2098. {
  2099. switch (mode) {
  2100. case 'a':
  2101. return "appending";
  2102. case 'r':
  2103. return "reading";
  2104. case 'w':
  2105. return "writing";
  2106. }
  2107. return "(doing something)";
  2108. }
  2109. /*
  2110. * Open a file for writing, owner-read-only.
  2111. */
  2112. BIO *bio_open_owner(const char *filename, int format, int private)
  2113. {
  2114. FILE *fp = NULL;
  2115. BIO *b = NULL;
  2116. int fd = -1, bflags, mode, textmode;
  2117. if (!private || filename == NULL || strcmp(filename, "-") == 0)
  2118. return bio_open_default(filename, 'w', format);
  2119. mode = O_WRONLY;
  2120. #ifdef O_CREAT
  2121. mode |= O_CREAT;
  2122. #endif
  2123. #ifdef O_TRUNC
  2124. mode |= O_TRUNC;
  2125. #endif
  2126. textmode = FMT_istext(format);
  2127. if (!textmode) {
  2128. #ifdef O_BINARY
  2129. mode |= O_BINARY;
  2130. #elif defined(_O_BINARY)
  2131. mode |= _O_BINARY;
  2132. #endif
  2133. }
  2134. #ifdef OPENSSL_SYS_VMS
  2135. /* VMS doesn't have O_BINARY, it just doesn't make sense. But,
  2136. * it still needs to know that we're going binary, or fdopen()
  2137. * will fail with "invalid argument"... so we tell VMS what the
  2138. * context is.
  2139. */
  2140. if (!textmode)
  2141. fd = open(filename, mode, 0600, "ctx=bin");
  2142. else
  2143. #endif
  2144. fd = open(filename, mode, 0600);
  2145. if (fd < 0)
  2146. goto err;
  2147. fp = fdopen(fd, modestr('w', format));
  2148. if (fp == NULL)
  2149. goto err;
  2150. bflags = BIO_CLOSE;
  2151. if (textmode)
  2152. bflags |= BIO_FP_TEXT;
  2153. b = BIO_new_fp(fp, bflags);
  2154. if (b)
  2155. return b;
  2156. err:
  2157. BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
  2158. opt_getprog(), filename, strerror(errno));
  2159. ERR_print_errors(bio_err);
  2160. /* If we have fp, then fdopen took over fd, so don't close both. */
  2161. if (fp)
  2162. fclose(fp);
  2163. else if (fd >= 0)
  2164. close(fd);
  2165. return NULL;
  2166. }
  2167. static BIO *bio_open_default_(const char *filename, char mode, int format,
  2168. int quiet)
  2169. {
  2170. BIO *ret;
  2171. if (filename == NULL || strcmp(filename, "-") == 0) {
  2172. ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
  2173. if (quiet) {
  2174. ERR_clear_error();
  2175. return ret;
  2176. }
  2177. if (ret != NULL)
  2178. return ret;
  2179. BIO_printf(bio_err,
  2180. "Can't open %s, %s\n",
  2181. mode == 'r' ? "stdin" : "stdout", strerror(errno));
  2182. } else {
  2183. ret = BIO_new_file(filename, modestr(mode, format));
  2184. if (quiet) {
  2185. ERR_clear_error();
  2186. return ret;
  2187. }
  2188. if (ret != NULL)
  2189. return ret;
  2190. BIO_printf(bio_err,
  2191. "Can't open %s for %s, %s\n",
  2192. filename, modeverb(mode), strerror(errno));
  2193. }
  2194. ERR_print_errors(bio_err);
  2195. return NULL;
  2196. }
  2197. BIO *bio_open_default(const char *filename, char mode, int format)
  2198. {
  2199. return bio_open_default_(filename, mode, format, 0);
  2200. }
  2201. BIO *bio_open_default_quiet(const char *filename, char mode, int format)
  2202. {
  2203. return bio_open_default_(filename, mode, format, 1);
  2204. }
  2205. void wait_for_async(SSL *s)
  2206. {
  2207. /* On Windows select only works for sockets, so we simply don't wait */
  2208. #ifndef OPENSSL_SYS_WINDOWS
  2209. int width = 0;
  2210. fd_set asyncfds;
  2211. OSSL_ASYNC_FD *fds;
  2212. size_t numfds;
  2213. size_t i;
  2214. if (!SSL_get_all_async_fds(s, NULL, &numfds))
  2215. return;
  2216. if (numfds == 0)
  2217. return;
  2218. fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
  2219. if (!SSL_get_all_async_fds(s, fds, &numfds)) {
  2220. OPENSSL_free(fds);
  2221. return;
  2222. }
  2223. FD_ZERO(&asyncfds);
  2224. for (i = 0; i < numfds; i++) {
  2225. if (width <= (int)fds[i])
  2226. width = (int)fds[i] + 1;
  2227. openssl_fdset((int)fds[i], &asyncfds);
  2228. }
  2229. select(width, (void *)&asyncfds, NULL, NULL, NULL);
  2230. OPENSSL_free(fds);
  2231. #endif
  2232. }
  2233. /* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
  2234. #if defined(OPENSSL_SYS_MSDOS)
  2235. int has_stdin_waiting(void)
  2236. {
  2237. # if defined(OPENSSL_SYS_WINDOWS)
  2238. HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
  2239. DWORD events = 0;
  2240. INPUT_RECORD inputrec;
  2241. DWORD insize = 1;
  2242. BOOL peeked;
  2243. if (inhand == INVALID_HANDLE_VALUE) {
  2244. return 0;
  2245. }
  2246. peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
  2247. if (!peeked) {
  2248. /* Probably redirected input? _kbhit() does not work in this case */
  2249. if (!feof(stdin)) {
  2250. return 1;
  2251. }
  2252. return 0;
  2253. }
  2254. # endif
  2255. return _kbhit();
  2256. }
  2257. #endif
  2258. /* Corrupt a signature by modifying final byte */
  2259. void corrupt_signature(const ASN1_STRING *signature)
  2260. {
  2261. unsigned char *s = signature->data;
  2262. s[signature->length - 1] ^= 0x1;
  2263. }
  2264. int set_cert_times(X509 *x, const char *startdate, const char *enddate,
  2265. int days)
  2266. {
  2267. if (startdate == NULL || strcmp(startdate, "today") == 0) {
  2268. if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
  2269. return 0;
  2270. } else {
  2271. if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
  2272. return 0;
  2273. }
  2274. if (enddate == NULL) {
  2275. if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
  2276. == NULL)
  2277. return 0;
  2278. } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
  2279. return 0;
  2280. }
  2281. return 1;
  2282. }
  2283. void make_uppercase(char *string)
  2284. {
  2285. int i;
  2286. for (i = 0; string[i] != '\0'; i++)
  2287. string[i] = toupper((unsigned char)string[i]);
  2288. }
  2289. int opt_printf_stderr(const char *fmt, ...)
  2290. {
  2291. va_list ap;
  2292. int ret;
  2293. va_start(ap, fmt);
  2294. ret = BIO_vprintf(bio_err, fmt, ap);
  2295. va_end(ap);
  2296. return ret;
  2297. }