apps.c 66 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959
  1. /* apps/apps.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. #ifndef _POSIX_C_SOURCE
  112. #define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
  113. the declaration of fileno(). The value
  114. 2 is to make sure no function defined
  115. in POSIX-2 is left undefined. */
  116. #endif
  117. #include <stdio.h>
  118. #include <stdlib.h>
  119. #include <string.h>
  120. #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
  121. #include <strings.h>
  122. #endif
  123. #include <sys/types.h>
  124. #include <ctype.h>
  125. #include <errno.h>
  126. #include <assert.h>
  127. #include <openssl/err.h>
  128. #include <openssl/x509.h>
  129. #include <openssl/x509v3.h>
  130. #include <openssl/pem.h>
  131. #include <openssl/pkcs12.h>
  132. #include <openssl/ui.h>
  133. #include <openssl/safestack.h>
  134. #ifndef OPENSSL_NO_ENGINE
  135. #include <openssl/engine.h>
  136. #endif
  137. #ifndef OPENSSL_NO_RSA
  138. #include <openssl/rsa.h>
  139. #endif
  140. #include <openssl/bn.h>
  141. #ifndef OPENSSL_NO_JPAKE
  142. #include <openssl/jpake.h>
  143. #endif
  144. #define NON_MAIN
  145. #include "apps.h"
  146. #undef NON_MAIN
  147. #ifdef _WIN32
  148. static int WIN32_rename(const char *from, const char *to);
  149. #define rename(from,to) WIN32_rename((from),(to))
  150. #endif
  151. typedef struct {
  152. const char *name;
  153. unsigned long flag;
  154. unsigned long mask;
  155. } NAME_EX_TBL;
  156. static UI_METHOD *ui_method = NULL;
  157. static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
  158. static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
  159. #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
  160. /* Looks like this stuff is worth moving into separate function */
  161. static EVP_PKEY *
  162. load_netscape_key(BIO *err, BIO *key, const char *file,
  163. const char *key_descrip, int format);
  164. #endif
  165. int app_init(long mesgwin);
  166. #ifdef undef /* never finished - probably never will be :-) */
  167. int args_from_file(char *file, int *argc, char **argv[])
  168. {
  169. FILE *fp;
  170. int num,i;
  171. unsigned int len;
  172. static char *buf=NULL;
  173. static char **arg=NULL;
  174. char *p;
  175. fp=fopen(file,"r");
  176. if (fp == NULL)
  177. return(0);
  178. if (fseek(fp,0,SEEK_END)==0)
  179. len=ftell(fp), rewind(fp);
  180. else len=-1;
  181. if (len<=0)
  182. {
  183. fclose(fp);
  184. return(0);
  185. }
  186. *argc=0;
  187. *argv=NULL;
  188. if (buf != NULL) OPENSSL_free(buf);
  189. buf=(char *)OPENSSL_malloc(len+1);
  190. if (buf == NULL) return(0);
  191. len=fread(buf,1,len,fp);
  192. if (len <= 1) return(0);
  193. buf[len]='\0';
  194. i=0;
  195. for (p=buf; *p; p++)
  196. if (*p == '\n') i++;
  197. if (arg != NULL) OPENSSL_free(arg);
  198. arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
  199. *argv=arg;
  200. num=0;
  201. p=buf;
  202. for (;;)
  203. {
  204. if (!*p) break;
  205. if (*p == '#') /* comment line */
  206. {
  207. while (*p && (*p != '\n')) p++;
  208. continue;
  209. }
  210. /* else we have a line */
  211. *(arg++)=p;
  212. num++;
  213. while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
  214. p++;
  215. if (!*p) break;
  216. if (*p == '\n')
  217. {
  218. *(p++)='\0';
  219. continue;
  220. }
  221. /* else it is a tab or space */
  222. p++;
  223. while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
  224. p++;
  225. if (!*p) break;
  226. if (*p == '\n')
  227. {
  228. p++;
  229. continue;
  230. }
  231. *(arg++)=p++;
  232. num++;
  233. while (*p && (*p != '\n')) p++;
  234. if (!*p) break;
  235. /* else *p == '\n' */
  236. *(p++)='\0';
  237. }
  238. *argc=num;
  239. return(1);
  240. }
  241. #endif
  242. int str2fmt(char *s)
  243. {
  244. if ((*s == 'D') || (*s == 'd'))
  245. return(FORMAT_ASN1);
  246. else if ((*s == 'T') || (*s == 't'))
  247. return(FORMAT_TEXT);
  248. else if ((*s == 'N') || (*s == 'n'))
  249. return(FORMAT_NETSCAPE);
  250. else if ((*s == 'S') || (*s == 's'))
  251. return(FORMAT_SMIME);
  252. else if ((*s == 'M') || (*s == 'm'))
  253. return(FORMAT_MSBLOB);
  254. else if ((*s == '1')
  255. || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
  256. || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
  257. return(FORMAT_PKCS12);
  258. else if ((*s == 'E') || (*s == 'e'))
  259. return(FORMAT_ENGINE);
  260. else if ((*s == 'P') || (*s == 'p'))
  261. {
  262. if (s[1] == 'V' || s[1] == 'v')
  263. return FORMAT_PVK;
  264. else
  265. return(FORMAT_PEM);
  266. }
  267. else
  268. return(FORMAT_UNDEF);
  269. }
  270. #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
  271. void program_name(char *in, char *out, int size)
  272. {
  273. int i,n;
  274. char *p=NULL;
  275. n=strlen(in);
  276. /* find the last '/', '\' or ':' */
  277. for (i=n-1; i>0; i--)
  278. {
  279. if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
  280. {
  281. p= &(in[i+1]);
  282. break;
  283. }
  284. }
  285. if (p == NULL)
  286. p=in;
  287. n=strlen(p);
  288. #if defined(OPENSSL_SYS_NETWARE)
  289. /* strip off trailing .nlm if present. */
  290. if ((n > 4) && (p[n-4] == '.') &&
  291. ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
  292. ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
  293. ((p[n-1] == 'm') || (p[n-1] == 'M')))
  294. n-=4;
  295. #else
  296. /* strip off trailing .exe if present. */
  297. if ((n > 4) && (p[n-4] == '.') &&
  298. ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
  299. ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
  300. ((p[n-1] == 'e') || (p[n-1] == 'E')))
  301. n-=4;
  302. #endif
  303. if (n > size-1)
  304. n=size-1;
  305. for (i=0; i<n; i++)
  306. {
  307. if ((p[i] >= 'A') && (p[i] <= 'Z'))
  308. out[i]=p[i]-'A'+'a';
  309. else
  310. out[i]=p[i];
  311. }
  312. out[n]='\0';
  313. }
  314. #else
  315. #ifdef OPENSSL_SYS_VMS
  316. void program_name(char *in, char *out, int size)
  317. {
  318. char *p=in, *q;
  319. char *chars=":]>";
  320. while(*chars != '\0')
  321. {
  322. q=strrchr(p,*chars);
  323. if (q > p)
  324. p = q + 1;
  325. chars++;
  326. }
  327. q=strrchr(p,'.');
  328. if (q == NULL)
  329. q = p + strlen(p);
  330. strncpy(out,p,size-1);
  331. if (q-p >= size)
  332. {
  333. out[size-1]='\0';
  334. }
  335. else
  336. {
  337. out[q-p]='\0';
  338. }
  339. }
  340. #else
  341. void program_name(char *in, char *out, int size)
  342. {
  343. char *p;
  344. p=strrchr(in,'/');
  345. if (p != NULL)
  346. p++;
  347. else
  348. p=in;
  349. BUF_strlcpy(out,p,size);
  350. }
  351. #endif
  352. #endif
  353. int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
  354. {
  355. int num,len,i;
  356. char *p;
  357. *argc=0;
  358. *argv=NULL;
  359. len=strlen(buf);
  360. i=0;
  361. if (arg->count == 0)
  362. {
  363. arg->count=20;
  364. arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
  365. }
  366. for (i=0; i<arg->count; i++)
  367. arg->data[i]=NULL;
  368. num=0;
  369. p=buf;
  370. for (;;)
  371. {
  372. /* first scan over white space */
  373. if (!*p) break;
  374. while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
  375. p++;
  376. if (!*p) break;
  377. /* The start of something good :-) */
  378. if (num >= arg->count)
  379. {
  380. char **tmp_p;
  381. int tlen = arg->count + 20;
  382. tmp_p = (char **)OPENSSL_realloc(arg->data,
  383. sizeof(char *)*tlen);
  384. if (tmp_p == NULL)
  385. return 0;
  386. arg->data = tmp_p;
  387. arg->count = tlen;
  388. /* initialize newly allocated data */
  389. for (i = num; i < arg->count; i++)
  390. arg->data[i] = NULL;
  391. }
  392. arg->data[num++]=p;
  393. /* now look for the end of this */
  394. if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
  395. {
  396. i= *(p++);
  397. arg->data[num-1]++; /* jump over quote */
  398. while (*p && (*p != i))
  399. p++;
  400. *p='\0';
  401. }
  402. else
  403. {
  404. while (*p && ((*p != ' ') &&
  405. (*p != '\t') && (*p != '\n')))
  406. p++;
  407. if (*p == '\0')
  408. p--;
  409. else
  410. *p='\0';
  411. }
  412. p++;
  413. }
  414. *argc=num;
  415. *argv=arg->data;
  416. return(1);
  417. }
  418. #ifndef APP_INIT
  419. int app_init(long mesgwin)
  420. {
  421. return(1);
  422. }
  423. #endif
  424. int dump_cert_text (BIO *out, X509 *x)
  425. {
  426. char *p;
  427. p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
  428. BIO_puts(out,"subject=");
  429. BIO_puts(out,p);
  430. OPENSSL_free(p);
  431. p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
  432. BIO_puts(out,"\nissuer=");
  433. BIO_puts(out,p);
  434. BIO_puts(out,"\n");
  435. OPENSSL_free(p);
  436. return 0;
  437. }
  438. static int ui_open(UI *ui)
  439. {
  440. return UI_method_get_opener(UI_OpenSSL())(ui);
  441. }
  442. static int ui_read(UI *ui, UI_STRING *uis)
  443. {
  444. if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
  445. && UI_get0_user_data(ui))
  446. {
  447. switch(UI_get_string_type(uis))
  448. {
  449. case UIT_PROMPT:
  450. case UIT_VERIFY:
  451. {
  452. const char *password =
  453. ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
  454. if (password && password[0] != '\0')
  455. {
  456. UI_set_result(ui, uis, password);
  457. return 1;
  458. }
  459. }
  460. default:
  461. break;
  462. }
  463. }
  464. return UI_method_get_reader(UI_OpenSSL())(ui, uis);
  465. }
  466. static int ui_write(UI *ui, UI_STRING *uis)
  467. {
  468. if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
  469. && UI_get0_user_data(ui))
  470. {
  471. switch(UI_get_string_type(uis))
  472. {
  473. case UIT_PROMPT:
  474. case UIT_VERIFY:
  475. {
  476. const char *password =
  477. ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
  478. if (password && password[0] != '\0')
  479. return 1;
  480. }
  481. default:
  482. break;
  483. }
  484. }
  485. return UI_method_get_writer(UI_OpenSSL())(ui, uis);
  486. }
  487. static int ui_close(UI *ui)
  488. {
  489. return UI_method_get_closer(UI_OpenSSL())(ui);
  490. }
  491. int setup_ui_method(void)
  492. {
  493. ui_method = UI_create_method("OpenSSL application user interface");
  494. UI_method_set_opener(ui_method, ui_open);
  495. UI_method_set_reader(ui_method, ui_read);
  496. UI_method_set_writer(ui_method, ui_write);
  497. UI_method_set_closer(ui_method, ui_close);
  498. return 0;
  499. }
  500. void destroy_ui_method(void)
  501. {
  502. if(ui_method)
  503. {
  504. UI_destroy_method(ui_method);
  505. ui_method = NULL;
  506. }
  507. }
  508. int password_callback(char *buf, int bufsiz, int verify,
  509. PW_CB_DATA *cb_tmp)
  510. {
  511. UI *ui = NULL;
  512. int res = 0;
  513. const char *prompt_info = NULL;
  514. const char *password = NULL;
  515. PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
  516. if (cb_data)
  517. {
  518. if (cb_data->password)
  519. password = cb_data->password;
  520. if (cb_data->prompt_info)
  521. prompt_info = cb_data->prompt_info;
  522. }
  523. if (password)
  524. {
  525. res = strlen(password);
  526. if (res > bufsiz)
  527. res = bufsiz;
  528. memcpy(buf, password, res);
  529. return res;
  530. }
  531. ui = UI_new_method(ui_method);
  532. if (ui)
  533. {
  534. int ok = 0;
  535. char *buff = NULL;
  536. int ui_flags = 0;
  537. char *prompt = NULL;
  538. prompt = UI_construct_prompt(ui, "pass phrase",
  539. prompt_info);
  540. ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
  541. UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
  542. if (ok >= 0)
  543. ok = UI_add_input_string(ui,prompt,ui_flags,buf,
  544. PW_MIN_LENGTH,BUFSIZ-1);
  545. if (ok >= 0 && verify)
  546. {
  547. buff = (char *)OPENSSL_malloc(bufsiz);
  548. ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
  549. PW_MIN_LENGTH,BUFSIZ-1, buf);
  550. }
  551. if (ok >= 0)
  552. do
  553. {
  554. ok = UI_process(ui);
  555. }
  556. while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
  557. if (buff)
  558. {
  559. OPENSSL_cleanse(buff,(unsigned int)bufsiz);
  560. OPENSSL_free(buff);
  561. }
  562. if (ok >= 0)
  563. res = strlen(buf);
  564. if (ok == -1)
  565. {
  566. BIO_printf(bio_err, "User interface error\n");
  567. ERR_print_errors(bio_err);
  568. OPENSSL_cleanse(buf,(unsigned int)bufsiz);
  569. res = 0;
  570. }
  571. if (ok == -2)
  572. {
  573. BIO_printf(bio_err,"aborted!\n");
  574. OPENSSL_cleanse(buf,(unsigned int)bufsiz);
  575. res = 0;
  576. }
  577. UI_free(ui);
  578. OPENSSL_free(prompt);
  579. }
  580. return res;
  581. }
  582. static char *app_get_pass(BIO *err, char *arg, int keepbio);
  583. int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
  584. {
  585. int same;
  586. if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
  587. else same = 1;
  588. if(arg1) {
  589. *pass1 = app_get_pass(err, arg1, same);
  590. if(!*pass1) return 0;
  591. } else if(pass1) *pass1 = NULL;
  592. if(arg2) {
  593. *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
  594. if(!*pass2) return 0;
  595. } else if(pass2) *pass2 = NULL;
  596. return 1;
  597. }
  598. static char *app_get_pass(BIO *err, char *arg, int keepbio)
  599. {
  600. char *tmp, tpass[APP_PASS_LEN];
  601. static BIO *pwdbio = NULL;
  602. int i;
  603. if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
  604. if(!strncmp(arg, "env:", 4)) {
  605. tmp = getenv(arg + 4);
  606. if(!tmp) {
  607. BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
  608. return NULL;
  609. }
  610. return BUF_strdup(tmp);
  611. }
  612. if(!keepbio || !pwdbio) {
  613. if(!strncmp(arg, "file:", 5)) {
  614. pwdbio = BIO_new_file(arg + 5, "r");
  615. if(!pwdbio) {
  616. BIO_printf(err, "Can't open file %s\n", arg + 5);
  617. return NULL;
  618. }
  619. #if !defined(_WIN32)
  620. /*
  621. * Under _WIN32, which covers even Win64 and CE, file
  622. * descriptors referenced by BIO_s_fd are not inherited
  623. * by child process and therefore below is not an option.
  624. * It could have been an option if bss_fd.c was operating
  625. * on real Windows descriptors, such as those obtained
  626. * with CreateFile.
  627. */
  628. } else if(!strncmp(arg, "fd:", 3)) {
  629. BIO *btmp;
  630. i = atoi(arg + 3);
  631. if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
  632. if((i < 0) || !pwdbio) {
  633. BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
  634. return NULL;
  635. }
  636. /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
  637. btmp = BIO_new(BIO_f_buffer());
  638. pwdbio = BIO_push(btmp, pwdbio);
  639. #endif
  640. } else if(!strcmp(arg, "stdin")) {
  641. pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
  642. if(!pwdbio) {
  643. BIO_printf(err, "Can't open BIO for stdin\n");
  644. return NULL;
  645. }
  646. } else {
  647. BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
  648. return NULL;
  649. }
  650. }
  651. i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
  652. if(keepbio != 1) {
  653. BIO_free_all(pwdbio);
  654. pwdbio = NULL;
  655. }
  656. if(i <= 0) {
  657. BIO_printf(err, "Error reading password from BIO\n");
  658. return NULL;
  659. }
  660. tmp = strchr(tpass, '\n');
  661. if(tmp) *tmp = 0;
  662. return BUF_strdup(tpass);
  663. }
  664. int add_oid_section(BIO *err, CONF *conf)
  665. {
  666. char *p;
  667. STACK_OF(CONF_VALUE) *sktmp;
  668. CONF_VALUE *cnf;
  669. int i;
  670. if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
  671. {
  672. ERR_clear_error();
  673. return 1;
  674. }
  675. if(!(sktmp = NCONF_get_section(conf, p))) {
  676. BIO_printf(err, "problem loading oid section %s\n", p);
  677. return 0;
  678. }
  679. for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
  680. cnf = sk_CONF_VALUE_value(sktmp, i);
  681. if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
  682. BIO_printf(err, "problem creating object %s=%s\n",
  683. cnf->name, cnf->value);
  684. return 0;
  685. }
  686. }
  687. return 1;
  688. }
  689. static int load_pkcs12(BIO *err, BIO *in, const char *desc,
  690. pem_password_cb *pem_cb, void *cb_data,
  691. EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
  692. {
  693. const char *pass;
  694. char tpass[PEM_BUFSIZE];
  695. int len, ret = 0;
  696. PKCS12 *p12;
  697. p12 = d2i_PKCS12_bio(in, NULL);
  698. if (p12 == NULL)
  699. {
  700. BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
  701. goto die;
  702. }
  703. /* See if an empty password will do */
  704. if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
  705. pass = "";
  706. else
  707. {
  708. if (!pem_cb)
  709. pem_cb = (pem_password_cb *)password_callback;
  710. len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
  711. if (len < 0)
  712. {
  713. BIO_printf(err, "Passpharse callback error for %s\n",
  714. desc);
  715. goto die;
  716. }
  717. if (len < PEM_BUFSIZE)
  718. tpass[len] = 0;
  719. if (!PKCS12_verify_mac(p12, tpass, len))
  720. {
  721. BIO_printf(err,
  722. "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
  723. goto die;
  724. }
  725. pass = tpass;
  726. }
  727. ret = PKCS12_parse(p12, pass, pkey, cert, ca);
  728. die:
  729. if (p12)
  730. PKCS12_free(p12);
  731. return ret;
  732. }
  733. X509 *load_cert(BIO *err, const char *file, int format,
  734. const char *pass, ENGINE *e, const char *cert_descrip)
  735. {
  736. X509 *x=NULL;
  737. BIO *cert;
  738. if ((cert=BIO_new(BIO_s_file())) == NULL)
  739. {
  740. ERR_print_errors(err);
  741. goto end;
  742. }
  743. if (file == NULL)
  744. {
  745. #ifdef _IONBF
  746. setvbuf(stdin, NULL, _IONBF, 0);
  747. #endif
  748. BIO_set_fp(cert,stdin,BIO_NOCLOSE);
  749. }
  750. else
  751. {
  752. if (BIO_read_filename(cert,file) <= 0)
  753. {
  754. BIO_printf(err, "Error opening %s %s\n",
  755. cert_descrip, file);
  756. ERR_print_errors(err);
  757. goto end;
  758. }
  759. }
  760. if (format == FORMAT_ASN1)
  761. x=d2i_X509_bio(cert,NULL);
  762. else if (format == FORMAT_NETSCAPE)
  763. {
  764. NETSCAPE_X509 *nx;
  765. nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
  766. if (nx == NULL)
  767. goto end;
  768. if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
  769. nx->header->length) != 0))
  770. {
  771. NETSCAPE_X509_free(nx);
  772. BIO_printf(err,"Error reading header on certificate\n");
  773. goto end;
  774. }
  775. x=nx->cert;
  776. nx->cert = NULL;
  777. NETSCAPE_X509_free(nx);
  778. }
  779. else if (format == FORMAT_PEM)
  780. x=PEM_read_bio_X509_AUX(cert,NULL,
  781. (pem_password_cb *)password_callback, NULL);
  782. else if (format == FORMAT_PKCS12)
  783. {
  784. if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
  785. NULL, &x, NULL))
  786. goto end;
  787. }
  788. else {
  789. BIO_printf(err,"bad input format specified for %s\n",
  790. cert_descrip);
  791. goto end;
  792. }
  793. end:
  794. if (x == NULL)
  795. {
  796. BIO_printf(err,"unable to load certificate\n");
  797. ERR_print_errors(err);
  798. }
  799. if (cert != NULL) BIO_free(cert);
  800. return(x);
  801. }
  802. EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
  803. const char *pass, ENGINE *e, const char *key_descrip)
  804. {
  805. BIO *key=NULL;
  806. EVP_PKEY *pkey=NULL;
  807. PW_CB_DATA cb_data;
  808. cb_data.password = pass;
  809. cb_data.prompt_info = file;
  810. if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
  811. {
  812. BIO_printf(err,"no keyfile specified\n");
  813. goto end;
  814. }
  815. #ifndef OPENSSL_NO_ENGINE
  816. if (format == FORMAT_ENGINE)
  817. {
  818. if (!e)
  819. BIO_printf(bio_err,"no engine specified\n");
  820. else
  821. pkey = ENGINE_load_private_key(e, file,
  822. ui_method, &cb_data);
  823. goto end;
  824. }
  825. #endif
  826. key=BIO_new(BIO_s_file());
  827. if (key == NULL)
  828. {
  829. ERR_print_errors(err);
  830. goto end;
  831. }
  832. if (file == NULL && maybe_stdin)
  833. {
  834. #ifdef _IONBF
  835. setvbuf(stdin, NULL, _IONBF, 0);
  836. #endif
  837. BIO_set_fp(key,stdin,BIO_NOCLOSE);
  838. }
  839. else
  840. if (BIO_read_filename(key,file) <= 0)
  841. {
  842. BIO_printf(err, "Error opening %s %s\n",
  843. key_descrip, file);
  844. ERR_print_errors(err);
  845. goto end;
  846. }
  847. if (format == FORMAT_ASN1)
  848. {
  849. pkey=d2i_PrivateKey_bio(key, NULL);
  850. }
  851. else if (format == FORMAT_PEM)
  852. {
  853. pkey=PEM_read_bio_PrivateKey(key,NULL,
  854. (pem_password_cb *)password_callback, &cb_data);
  855. }
  856. #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
  857. else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
  858. pkey = load_netscape_key(err, key, file, key_descrip, format);
  859. #endif
  860. else if (format == FORMAT_PKCS12)
  861. {
  862. if (!load_pkcs12(err, key, key_descrip,
  863. (pem_password_cb *)password_callback, &cb_data,
  864. &pkey, NULL, NULL))
  865. goto end;
  866. }
  867. #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
  868. else if (format == FORMAT_MSBLOB)
  869. pkey = b2i_PrivateKey_bio(key);
  870. else if (format == FORMAT_PVK)
  871. pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
  872. &cb_data);
  873. #endif
  874. else
  875. {
  876. BIO_printf(err,"bad input format specified for key file\n");
  877. goto end;
  878. }
  879. end:
  880. if (key != NULL) BIO_free(key);
  881. if (pkey == NULL)
  882. BIO_printf(err,"unable to load %s\n", key_descrip);
  883. return(pkey);
  884. }
  885. EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
  886. const char *pass, ENGINE *e, const char *key_descrip)
  887. {
  888. BIO *key=NULL;
  889. EVP_PKEY *pkey=NULL;
  890. PW_CB_DATA cb_data;
  891. cb_data.password = pass;
  892. cb_data.prompt_info = file;
  893. if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
  894. {
  895. BIO_printf(err,"no keyfile specified\n");
  896. goto end;
  897. }
  898. #ifndef OPENSSL_NO_ENGINE
  899. if (format == FORMAT_ENGINE)
  900. {
  901. if (!e)
  902. BIO_printf(bio_err,"no engine specified\n");
  903. else
  904. pkey = ENGINE_load_public_key(e, file,
  905. ui_method, &cb_data);
  906. goto end;
  907. }
  908. #endif
  909. key=BIO_new(BIO_s_file());
  910. if (key == NULL)
  911. {
  912. ERR_print_errors(err);
  913. goto end;
  914. }
  915. if (file == NULL && maybe_stdin)
  916. {
  917. #ifdef _IONBF
  918. setvbuf(stdin, NULL, _IONBF, 0);
  919. #endif
  920. BIO_set_fp(key,stdin,BIO_NOCLOSE);
  921. }
  922. else
  923. if (BIO_read_filename(key,file) <= 0)
  924. {
  925. BIO_printf(err, "Error opening %s %s\n",
  926. key_descrip, file);
  927. ERR_print_errors(err);
  928. goto end;
  929. }
  930. if (format == FORMAT_ASN1)
  931. {
  932. pkey=d2i_PUBKEY_bio(key, NULL);
  933. }
  934. #ifndef OPENSSL_NO_RSA
  935. else if (format == FORMAT_ASN1RSA)
  936. {
  937. RSA *rsa;
  938. rsa = d2i_RSAPublicKey_bio(key, NULL);
  939. if (rsa)
  940. {
  941. pkey = EVP_PKEY_new();
  942. if (pkey)
  943. EVP_PKEY_set1_RSA(pkey, rsa);
  944. RSA_free(rsa);
  945. }
  946. else
  947. pkey = NULL;
  948. }
  949. else if (format == FORMAT_PEMRSA)
  950. {
  951. RSA *rsa;
  952. rsa = PEM_read_bio_RSAPublicKey(key, NULL,
  953. (pem_password_cb *)password_callback, &cb_data);
  954. if (rsa)
  955. {
  956. pkey = EVP_PKEY_new();
  957. if (pkey)
  958. EVP_PKEY_set1_RSA(pkey, rsa);
  959. RSA_free(rsa);
  960. }
  961. else
  962. pkey = NULL;
  963. }
  964. #endif
  965. else if (format == FORMAT_PEM)
  966. {
  967. pkey=PEM_read_bio_PUBKEY(key,NULL,
  968. (pem_password_cb *)password_callback, &cb_data);
  969. }
  970. #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
  971. else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
  972. pkey = load_netscape_key(err, key, file, key_descrip, format);
  973. #endif
  974. #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
  975. else if (format == FORMAT_MSBLOB)
  976. pkey = b2i_PublicKey_bio(key);
  977. #endif
  978. else
  979. {
  980. BIO_printf(err,"bad input format specified for key file\n");
  981. goto end;
  982. }
  983. end:
  984. if (key != NULL) BIO_free(key);
  985. if (pkey == NULL)
  986. BIO_printf(err,"unable to load %s\n", key_descrip);
  987. return(pkey);
  988. }
  989. #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
  990. static EVP_PKEY *
  991. load_netscape_key(BIO *err, BIO *key, const char *file,
  992. const char *key_descrip, int format)
  993. {
  994. EVP_PKEY *pkey;
  995. BUF_MEM *buf;
  996. RSA *rsa;
  997. const unsigned char *p;
  998. int size, i;
  999. buf=BUF_MEM_new();
  1000. pkey = EVP_PKEY_new();
  1001. size = 0;
  1002. if (buf == NULL || pkey == NULL)
  1003. goto error;
  1004. for (;;)
  1005. {
  1006. if (!BUF_MEM_grow_clean(buf,size+1024*10))
  1007. goto error;
  1008. i = BIO_read(key, &(buf->data[size]), 1024*10);
  1009. size += i;
  1010. if (i == 0)
  1011. break;
  1012. if (i < 0)
  1013. {
  1014. BIO_printf(err, "Error reading %s %s",
  1015. key_descrip, file);
  1016. goto error;
  1017. }
  1018. }
  1019. p=(unsigned char *)buf->data;
  1020. rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
  1021. (format == FORMAT_IISSGC ? 1 : 0));
  1022. if (rsa == NULL)
  1023. goto error;
  1024. BUF_MEM_free(buf);
  1025. EVP_PKEY_set1_RSA(pkey, rsa);
  1026. return pkey;
  1027. error:
  1028. BUF_MEM_free(buf);
  1029. EVP_PKEY_free(pkey);
  1030. return NULL;
  1031. }
  1032. #endif /* ndef OPENSSL_NO_RC4 */
  1033. STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
  1034. const char *pass, ENGINE *e, const char *cert_descrip)
  1035. {
  1036. BIO *certs;
  1037. int i;
  1038. STACK_OF(X509) *othercerts = NULL;
  1039. STACK_OF(X509_INFO) *allcerts = NULL;
  1040. X509_INFO *xi;
  1041. PW_CB_DATA cb_data;
  1042. cb_data.password = pass;
  1043. cb_data.prompt_info = file;
  1044. if((certs = BIO_new(BIO_s_file())) == NULL)
  1045. {
  1046. ERR_print_errors(err);
  1047. goto end;
  1048. }
  1049. if (file == NULL)
  1050. BIO_set_fp(certs,stdin,BIO_NOCLOSE);
  1051. else
  1052. {
  1053. if (BIO_read_filename(certs,file) <= 0)
  1054. {
  1055. BIO_printf(err, "Error opening %s %s\n",
  1056. cert_descrip, file);
  1057. ERR_print_errors(err);
  1058. goto end;
  1059. }
  1060. }
  1061. if (format == FORMAT_PEM)
  1062. {
  1063. othercerts = sk_X509_new_null();
  1064. if(!othercerts)
  1065. {
  1066. sk_X509_free(othercerts);
  1067. othercerts = NULL;
  1068. goto end;
  1069. }
  1070. allcerts = PEM_X509_INFO_read_bio(certs, NULL,
  1071. (pem_password_cb *)password_callback, &cb_data);
  1072. for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
  1073. {
  1074. xi = sk_X509_INFO_value (allcerts, i);
  1075. if (xi->x509)
  1076. {
  1077. sk_X509_push(othercerts, xi->x509);
  1078. xi->x509 = NULL;
  1079. }
  1080. }
  1081. goto end;
  1082. }
  1083. else {
  1084. BIO_printf(err,"bad input format specified for %s\n",
  1085. cert_descrip);
  1086. goto end;
  1087. }
  1088. end:
  1089. if (othercerts == NULL)
  1090. {
  1091. BIO_printf(err,"unable to load certificates\n");
  1092. ERR_print_errors(err);
  1093. }
  1094. if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
  1095. if (certs != NULL) BIO_free(certs);
  1096. return(othercerts);
  1097. }
  1098. #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
  1099. /* Return error for unknown extensions */
  1100. #define X509V3_EXT_DEFAULT 0
  1101. /* Print error for unknown extensions */
  1102. #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
  1103. /* ASN1 parse unknown extensions */
  1104. #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
  1105. /* BIO_dump unknown extensions */
  1106. #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
  1107. #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
  1108. X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
  1109. int set_cert_ex(unsigned long *flags, const char *arg)
  1110. {
  1111. static const NAME_EX_TBL cert_tbl[] = {
  1112. { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
  1113. { "ca_default", X509_FLAG_CA, 0xffffffffl},
  1114. { "no_header", X509_FLAG_NO_HEADER, 0},
  1115. { "no_version", X509_FLAG_NO_VERSION, 0},
  1116. { "no_serial", X509_FLAG_NO_SERIAL, 0},
  1117. { "no_signame", X509_FLAG_NO_SIGNAME, 0},
  1118. { "no_validity", X509_FLAG_NO_VALIDITY, 0},
  1119. { "no_subject", X509_FLAG_NO_SUBJECT, 0},
  1120. { "no_issuer", X509_FLAG_NO_ISSUER, 0},
  1121. { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
  1122. { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
  1123. { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
  1124. { "no_aux", X509_FLAG_NO_AUX, 0},
  1125. { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
  1126. { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
  1127. { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  1128. { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  1129. { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
  1130. { NULL, 0, 0}
  1131. };
  1132. return set_multi_opts(flags, arg, cert_tbl);
  1133. }
  1134. int set_name_ex(unsigned long *flags, const char *arg)
  1135. {
  1136. static const NAME_EX_TBL ex_tbl[] = {
  1137. { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
  1138. { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
  1139. { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
  1140. { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
  1141. { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
  1142. { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
  1143. { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
  1144. { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
  1145. { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
  1146. { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
  1147. { "compat", XN_FLAG_COMPAT, 0xffffffffL},
  1148. { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
  1149. { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
  1150. { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
  1151. { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
  1152. { "dn_rev", XN_FLAG_DN_REV, 0},
  1153. { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
  1154. { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
  1155. { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
  1156. { "align", XN_FLAG_FN_ALIGN, 0},
  1157. { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
  1158. { "space_eq", XN_FLAG_SPC_EQ, 0},
  1159. { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
  1160. { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
  1161. { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
  1162. { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
  1163. { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
  1164. { NULL, 0, 0}
  1165. };
  1166. return set_multi_opts(flags, arg, ex_tbl);
  1167. }
  1168. int set_ext_copy(int *copy_type, const char *arg)
  1169. {
  1170. if (!strcasecmp(arg, "none"))
  1171. *copy_type = EXT_COPY_NONE;
  1172. else if (!strcasecmp(arg, "copy"))
  1173. *copy_type = EXT_COPY_ADD;
  1174. else if (!strcasecmp(arg, "copyall"))
  1175. *copy_type = EXT_COPY_ALL;
  1176. else
  1177. return 0;
  1178. return 1;
  1179. }
  1180. int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
  1181. {
  1182. STACK_OF(X509_EXTENSION) *exts = NULL;
  1183. X509_EXTENSION *ext, *tmpext;
  1184. ASN1_OBJECT *obj;
  1185. int i, idx, ret = 0;
  1186. if (!x || !req || (copy_type == EXT_COPY_NONE))
  1187. return 1;
  1188. exts = X509_REQ_get_extensions(req);
  1189. for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
  1190. ext = sk_X509_EXTENSION_value(exts, i);
  1191. obj = X509_EXTENSION_get_object(ext);
  1192. idx = X509_get_ext_by_OBJ(x, obj, -1);
  1193. /* Does extension exist? */
  1194. if (idx != -1) {
  1195. /* If normal copy don't override existing extension */
  1196. if (copy_type == EXT_COPY_ADD)
  1197. continue;
  1198. /* Delete all extensions of same type */
  1199. do {
  1200. tmpext = X509_get_ext(x, idx);
  1201. X509_delete_ext(x, idx);
  1202. X509_EXTENSION_free(tmpext);
  1203. idx = X509_get_ext_by_OBJ(x, obj, -1);
  1204. } while (idx != -1);
  1205. }
  1206. if (!X509_add_ext(x, ext, -1))
  1207. goto end;
  1208. }
  1209. ret = 1;
  1210. end:
  1211. sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
  1212. return ret;
  1213. }
  1214. static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
  1215. {
  1216. STACK_OF(CONF_VALUE) *vals;
  1217. CONF_VALUE *val;
  1218. int i, ret = 1;
  1219. if(!arg) return 0;
  1220. vals = X509V3_parse_list(arg);
  1221. for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
  1222. val = sk_CONF_VALUE_value(vals, i);
  1223. if (!set_table_opts(flags, val->name, in_tbl))
  1224. ret = 0;
  1225. }
  1226. sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
  1227. return ret;
  1228. }
  1229. static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
  1230. {
  1231. char c;
  1232. const NAME_EX_TBL *ptbl;
  1233. c = arg[0];
  1234. if(c == '-') {
  1235. c = 0;
  1236. arg++;
  1237. } else if (c == '+') {
  1238. c = 1;
  1239. arg++;
  1240. } else c = 1;
  1241. for(ptbl = in_tbl; ptbl->name; ptbl++) {
  1242. if(!strcasecmp(arg, ptbl->name)) {
  1243. *flags &= ~ptbl->mask;
  1244. if(c) *flags |= ptbl->flag;
  1245. else *flags &= ~ptbl->flag;
  1246. return 1;
  1247. }
  1248. }
  1249. return 0;
  1250. }
  1251. void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
  1252. {
  1253. char *buf;
  1254. char mline = 0;
  1255. int indent = 0;
  1256. if(title) BIO_puts(out, title);
  1257. if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
  1258. mline = 1;
  1259. indent = 4;
  1260. }
  1261. if(lflags == XN_FLAG_COMPAT) {
  1262. buf = X509_NAME_oneline(nm, 0, 0);
  1263. BIO_puts(out, buf);
  1264. BIO_puts(out, "\n");
  1265. OPENSSL_free(buf);
  1266. } else {
  1267. if(mline) BIO_puts(out, "\n");
  1268. X509_NAME_print_ex(out, nm, indent, lflags);
  1269. BIO_puts(out, "\n");
  1270. }
  1271. }
  1272. X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
  1273. {
  1274. X509_STORE *store;
  1275. X509_LOOKUP *lookup;
  1276. if(!(store = X509_STORE_new())) goto end;
  1277. lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
  1278. if (lookup == NULL) goto end;
  1279. if (CAfile) {
  1280. if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
  1281. BIO_printf(bp, "Error loading file %s\n", CAfile);
  1282. goto end;
  1283. }
  1284. } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
  1285. lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
  1286. if (lookup == NULL) goto end;
  1287. if (CApath) {
  1288. if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
  1289. BIO_printf(bp, "Error loading directory %s\n", CApath);
  1290. goto end;
  1291. }
  1292. } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
  1293. ERR_clear_error();
  1294. return store;
  1295. end:
  1296. X509_STORE_free(store);
  1297. return NULL;
  1298. }
  1299. #ifndef OPENSSL_NO_ENGINE
  1300. /* Try to load an engine in a shareable library */
  1301. static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
  1302. {
  1303. ENGINE *e = ENGINE_by_id("dynamic");
  1304. if (e)
  1305. {
  1306. if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
  1307. || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
  1308. {
  1309. ENGINE_free(e);
  1310. e = NULL;
  1311. }
  1312. }
  1313. return e;
  1314. }
  1315. ENGINE *setup_engine(BIO *err, const char *engine, int debug)
  1316. {
  1317. ENGINE *e = NULL;
  1318. if (engine)
  1319. {
  1320. if(strcmp(engine, "auto") == 0)
  1321. {
  1322. BIO_printf(err,"enabling auto ENGINE support\n");
  1323. ENGINE_register_all_complete();
  1324. return NULL;
  1325. }
  1326. if((e = ENGINE_by_id(engine)) == NULL
  1327. && (e = try_load_engine(err, engine, debug)) == NULL)
  1328. {
  1329. BIO_printf(err,"invalid engine \"%s\"\n", engine);
  1330. ERR_print_errors(err);
  1331. return NULL;
  1332. }
  1333. if (debug)
  1334. {
  1335. ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
  1336. 0, err, 0);
  1337. }
  1338. ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
  1339. if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
  1340. {
  1341. BIO_printf(err,"can't use that engine\n");
  1342. ERR_print_errors(err);
  1343. ENGINE_free(e);
  1344. return NULL;
  1345. }
  1346. BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
  1347. /* Free our "structural" reference. */
  1348. ENGINE_free(e);
  1349. }
  1350. return e;
  1351. }
  1352. #endif
  1353. int load_config(BIO *err, CONF *cnf)
  1354. {
  1355. static int load_config_called = 0;
  1356. if (load_config_called)
  1357. return 1;
  1358. load_config_called = 1;
  1359. if (!cnf)
  1360. cnf = config;
  1361. if (!cnf)
  1362. return 1;
  1363. OPENSSL_load_builtin_modules();
  1364. if (CONF_modules_load(cnf, NULL, 0) <= 0)
  1365. {
  1366. BIO_printf(err, "Error configuring OpenSSL\n");
  1367. ERR_print_errors(err);
  1368. return 0;
  1369. }
  1370. return 1;
  1371. }
  1372. char *make_config_name()
  1373. {
  1374. const char *t=X509_get_default_cert_area();
  1375. size_t len;
  1376. char *p;
  1377. len=strlen(t)+strlen(OPENSSL_CONF)+2;
  1378. p=OPENSSL_malloc(len);
  1379. BUF_strlcpy(p,t,len);
  1380. #ifndef OPENSSL_SYS_VMS
  1381. BUF_strlcat(p,"/",len);
  1382. #endif
  1383. BUF_strlcat(p,OPENSSL_CONF,len);
  1384. return p;
  1385. }
  1386. static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
  1387. {
  1388. const char *n;
  1389. n=a[DB_serial];
  1390. while (*n == '0') n++;
  1391. return(lh_strhash(n));
  1392. }
  1393. static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
  1394. {
  1395. const char *aa,*bb;
  1396. for (aa=a[DB_serial]; *aa == '0'; aa++);
  1397. for (bb=b[DB_serial]; *bb == '0'; bb++);
  1398. return(strcmp(aa,bb));
  1399. }
  1400. static int index_name_qual(char **a)
  1401. { return(a[0][0] == 'V'); }
  1402. static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
  1403. { return(lh_strhash(a[DB_name])); }
  1404. int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
  1405. { return(strcmp(a[DB_name], b[DB_name])); }
  1406. static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
  1407. static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
  1408. static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
  1409. static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
  1410. #undef BSIZE
  1411. #define BSIZE 256
  1412. BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
  1413. {
  1414. BIO *in=NULL;
  1415. BIGNUM *ret=NULL;
  1416. MS_STATIC char buf[1024];
  1417. ASN1_INTEGER *ai=NULL;
  1418. ai=ASN1_INTEGER_new();
  1419. if (ai == NULL) goto err;
  1420. if ((in=BIO_new(BIO_s_file())) == NULL)
  1421. {
  1422. ERR_print_errors(bio_err);
  1423. goto err;
  1424. }
  1425. if (BIO_read_filename(in,serialfile) <= 0)
  1426. {
  1427. if (!create)
  1428. {
  1429. perror(serialfile);
  1430. goto err;
  1431. }
  1432. else
  1433. {
  1434. ret=BN_new();
  1435. if (ret == NULL || !rand_serial(ret, ai))
  1436. BIO_printf(bio_err, "Out of memory\n");
  1437. }
  1438. }
  1439. else
  1440. {
  1441. if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
  1442. {
  1443. BIO_printf(bio_err,"unable to load number from %s\n",
  1444. serialfile);
  1445. goto err;
  1446. }
  1447. ret=ASN1_INTEGER_to_BN(ai,NULL);
  1448. if (ret == NULL)
  1449. {
  1450. BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
  1451. goto err;
  1452. }
  1453. }
  1454. if (ret && retai)
  1455. {
  1456. *retai = ai;
  1457. ai = NULL;
  1458. }
  1459. err:
  1460. if (in != NULL) BIO_free(in);
  1461. if (ai != NULL) ASN1_INTEGER_free(ai);
  1462. return(ret);
  1463. }
  1464. int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
  1465. {
  1466. char buf[1][BSIZE];
  1467. BIO *out = NULL;
  1468. int ret=0;
  1469. ASN1_INTEGER *ai=NULL;
  1470. int j;
  1471. if (suffix == NULL)
  1472. j = strlen(serialfile);
  1473. else
  1474. j = strlen(serialfile) + strlen(suffix) + 1;
  1475. if (j >= BSIZE)
  1476. {
  1477. BIO_printf(bio_err,"file name too long\n");
  1478. goto err;
  1479. }
  1480. if (suffix == NULL)
  1481. BUF_strlcpy(buf[0], serialfile, BSIZE);
  1482. else
  1483. {
  1484. #ifndef OPENSSL_SYS_VMS
  1485. j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
  1486. #else
  1487. j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
  1488. #endif
  1489. }
  1490. #ifdef RL_DEBUG
  1491. BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
  1492. #endif
  1493. out=BIO_new(BIO_s_file());
  1494. if (out == NULL)
  1495. {
  1496. ERR_print_errors(bio_err);
  1497. goto err;
  1498. }
  1499. if (BIO_write_filename(out,buf[0]) <= 0)
  1500. {
  1501. perror(serialfile);
  1502. goto err;
  1503. }
  1504. if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
  1505. {
  1506. BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
  1507. goto err;
  1508. }
  1509. i2a_ASN1_INTEGER(out,ai);
  1510. BIO_puts(out,"\n");
  1511. ret=1;
  1512. if (retai)
  1513. {
  1514. *retai = ai;
  1515. ai = NULL;
  1516. }
  1517. err:
  1518. if (out != NULL) BIO_free_all(out);
  1519. if (ai != NULL) ASN1_INTEGER_free(ai);
  1520. return(ret);
  1521. }
  1522. int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
  1523. {
  1524. char buf[5][BSIZE];
  1525. int i,j;
  1526. i = strlen(serialfile) + strlen(old_suffix);
  1527. j = strlen(serialfile) + strlen(new_suffix);
  1528. if (i > j) j = i;
  1529. if (j + 1 >= BSIZE)
  1530. {
  1531. BIO_printf(bio_err,"file name too long\n");
  1532. goto err;
  1533. }
  1534. #ifndef OPENSSL_SYS_VMS
  1535. j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
  1536. serialfile, new_suffix);
  1537. #else
  1538. j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
  1539. serialfile, new_suffix);
  1540. #endif
  1541. #ifndef OPENSSL_SYS_VMS
  1542. j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
  1543. serialfile, old_suffix);
  1544. #else
  1545. j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
  1546. serialfile, old_suffix);
  1547. #endif
  1548. #ifdef RL_DEBUG
  1549. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1550. serialfile, buf[1]);
  1551. #endif
  1552. if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
  1553. #ifdef ENOTDIR
  1554. && errno != ENOTDIR
  1555. #endif
  1556. ) {
  1557. BIO_printf(bio_err,
  1558. "unable to rename %s to %s\n",
  1559. serialfile, buf[1]);
  1560. perror("reason");
  1561. goto err;
  1562. }
  1563. #ifdef RL_DEBUG
  1564. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1565. buf[0],serialfile);
  1566. #endif
  1567. if (rename(buf[0],serialfile) < 0)
  1568. {
  1569. BIO_printf(bio_err,
  1570. "unable to rename %s to %s\n",
  1571. buf[0],serialfile);
  1572. perror("reason");
  1573. rename(buf[1],serialfile);
  1574. goto err;
  1575. }
  1576. return 1;
  1577. err:
  1578. return 0;
  1579. }
  1580. int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
  1581. {
  1582. BIGNUM *btmp;
  1583. int ret = 0;
  1584. if (b)
  1585. btmp = b;
  1586. else
  1587. btmp = BN_new();
  1588. if (!btmp)
  1589. return 0;
  1590. if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
  1591. goto error;
  1592. if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
  1593. goto error;
  1594. ret = 1;
  1595. error:
  1596. if (!b)
  1597. BN_free(btmp);
  1598. return ret;
  1599. }
  1600. CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
  1601. {
  1602. CA_DB *retdb = NULL;
  1603. TXT_DB *tmpdb = NULL;
  1604. BIO *in = BIO_new(BIO_s_file());
  1605. CONF *dbattr_conf = NULL;
  1606. char buf[1][BSIZE];
  1607. long errorline= -1;
  1608. if (in == NULL)
  1609. {
  1610. ERR_print_errors(bio_err);
  1611. goto err;
  1612. }
  1613. if (BIO_read_filename(in,dbfile) <= 0)
  1614. {
  1615. perror(dbfile);
  1616. BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
  1617. goto err;
  1618. }
  1619. if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
  1620. goto err;
  1621. #ifndef OPENSSL_SYS_VMS
  1622. BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
  1623. #else
  1624. BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
  1625. #endif
  1626. dbattr_conf = NCONF_new(NULL);
  1627. if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
  1628. {
  1629. if (errorline > 0)
  1630. {
  1631. BIO_printf(bio_err,
  1632. "error on line %ld of db attribute file '%s'\n"
  1633. ,errorline,buf[0]);
  1634. goto err;
  1635. }
  1636. else
  1637. {
  1638. NCONF_free(dbattr_conf);
  1639. dbattr_conf = NULL;
  1640. }
  1641. }
  1642. if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
  1643. {
  1644. fprintf(stderr, "Out of memory\n");
  1645. goto err;
  1646. }
  1647. retdb->db = tmpdb;
  1648. tmpdb = NULL;
  1649. if (db_attr)
  1650. retdb->attributes = *db_attr;
  1651. else
  1652. {
  1653. retdb->attributes.unique_subject = 1;
  1654. }
  1655. if (dbattr_conf)
  1656. {
  1657. char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
  1658. if (p)
  1659. {
  1660. #ifdef RL_DEBUG
  1661. BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
  1662. #endif
  1663. retdb->attributes.unique_subject = parse_yesno(p,1);
  1664. }
  1665. }
  1666. err:
  1667. if (dbattr_conf) NCONF_free(dbattr_conf);
  1668. if (tmpdb) TXT_DB_free(tmpdb);
  1669. if (in) BIO_free_all(in);
  1670. return retdb;
  1671. }
  1672. int index_index(CA_DB *db)
  1673. {
  1674. if (!TXT_DB_create_index(db->db, DB_serial, NULL,
  1675. LHASH_HASH_FN(index_serial),
  1676. LHASH_COMP_FN(index_serial)))
  1677. {
  1678. BIO_printf(bio_err,
  1679. "error creating serial number index:(%ld,%ld,%ld)\n",
  1680. db->db->error,db->db->arg1,db->db->arg2);
  1681. return 0;
  1682. }
  1683. if (db->attributes.unique_subject
  1684. && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
  1685. LHASH_HASH_FN(index_name),
  1686. LHASH_COMP_FN(index_name)))
  1687. {
  1688. BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
  1689. db->db->error,db->db->arg1,db->db->arg2);
  1690. return 0;
  1691. }
  1692. return 1;
  1693. }
  1694. int save_index(const char *dbfile, const char *suffix, CA_DB *db)
  1695. {
  1696. char buf[3][BSIZE];
  1697. BIO *out = BIO_new(BIO_s_file());
  1698. int j;
  1699. if (out == NULL)
  1700. {
  1701. ERR_print_errors(bio_err);
  1702. goto err;
  1703. }
  1704. j = strlen(dbfile) + strlen(suffix);
  1705. if (j + 6 >= BSIZE)
  1706. {
  1707. BIO_printf(bio_err,"file name too long\n");
  1708. goto err;
  1709. }
  1710. #ifndef OPENSSL_SYS_VMS
  1711. j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
  1712. #else
  1713. j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
  1714. #endif
  1715. #ifndef OPENSSL_SYS_VMS
  1716. j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
  1717. #else
  1718. j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
  1719. #endif
  1720. #ifndef OPENSSL_SYS_VMS
  1721. j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
  1722. #else
  1723. j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
  1724. #endif
  1725. #ifdef RL_DEBUG
  1726. BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
  1727. #endif
  1728. if (BIO_write_filename(out,buf[0]) <= 0)
  1729. {
  1730. perror(dbfile);
  1731. BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
  1732. goto err;
  1733. }
  1734. j=TXT_DB_write(out,db->db);
  1735. if (j <= 0) goto err;
  1736. BIO_free(out);
  1737. out = BIO_new(BIO_s_file());
  1738. #ifdef RL_DEBUG
  1739. BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
  1740. #endif
  1741. if (BIO_write_filename(out,buf[1]) <= 0)
  1742. {
  1743. perror(buf[2]);
  1744. BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
  1745. goto err;
  1746. }
  1747. BIO_printf(out,"unique_subject = %s\n",
  1748. db->attributes.unique_subject ? "yes" : "no");
  1749. BIO_free(out);
  1750. return 1;
  1751. err:
  1752. return 0;
  1753. }
  1754. int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
  1755. {
  1756. char buf[5][BSIZE];
  1757. int i,j;
  1758. i = strlen(dbfile) + strlen(old_suffix);
  1759. j = strlen(dbfile) + strlen(new_suffix);
  1760. if (i > j) j = i;
  1761. if (j + 6 >= BSIZE)
  1762. {
  1763. BIO_printf(bio_err,"file name too long\n");
  1764. goto err;
  1765. }
  1766. #ifndef OPENSSL_SYS_VMS
  1767. j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
  1768. #else
  1769. j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
  1770. #endif
  1771. #ifndef OPENSSL_SYS_VMS
  1772. j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
  1773. dbfile, new_suffix);
  1774. #else
  1775. j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
  1776. dbfile, new_suffix);
  1777. #endif
  1778. #ifndef OPENSSL_SYS_VMS
  1779. j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
  1780. dbfile, new_suffix);
  1781. #else
  1782. j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
  1783. dbfile, new_suffix);
  1784. #endif
  1785. #ifndef OPENSSL_SYS_VMS
  1786. j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
  1787. dbfile, old_suffix);
  1788. #else
  1789. j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
  1790. dbfile, old_suffix);
  1791. #endif
  1792. #ifndef OPENSSL_SYS_VMS
  1793. j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
  1794. dbfile, old_suffix);
  1795. #else
  1796. j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
  1797. dbfile, old_suffix);
  1798. #endif
  1799. #ifdef RL_DEBUG
  1800. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1801. dbfile, buf[1]);
  1802. #endif
  1803. if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
  1804. #ifdef ENOTDIR
  1805. && errno != ENOTDIR
  1806. #endif
  1807. ) {
  1808. BIO_printf(bio_err,
  1809. "unable to rename %s to %s\n",
  1810. dbfile, buf[1]);
  1811. perror("reason");
  1812. goto err;
  1813. }
  1814. #ifdef RL_DEBUG
  1815. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1816. buf[0],dbfile);
  1817. #endif
  1818. if (rename(buf[0],dbfile) < 0)
  1819. {
  1820. BIO_printf(bio_err,
  1821. "unable to rename %s to %s\n",
  1822. buf[0],dbfile);
  1823. perror("reason");
  1824. rename(buf[1],dbfile);
  1825. goto err;
  1826. }
  1827. #ifdef RL_DEBUG
  1828. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1829. buf[4],buf[3]);
  1830. #endif
  1831. if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
  1832. #ifdef ENOTDIR
  1833. && errno != ENOTDIR
  1834. #endif
  1835. ) {
  1836. BIO_printf(bio_err,
  1837. "unable to rename %s to %s\n",
  1838. buf[4], buf[3]);
  1839. perror("reason");
  1840. rename(dbfile,buf[0]);
  1841. rename(buf[1],dbfile);
  1842. goto err;
  1843. }
  1844. #ifdef RL_DEBUG
  1845. BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
  1846. buf[2],buf[4]);
  1847. #endif
  1848. if (rename(buf[2],buf[4]) < 0)
  1849. {
  1850. BIO_printf(bio_err,
  1851. "unable to rename %s to %s\n",
  1852. buf[2],buf[4]);
  1853. perror("reason");
  1854. rename(buf[3],buf[4]);
  1855. rename(dbfile,buf[0]);
  1856. rename(buf[1],dbfile);
  1857. goto err;
  1858. }
  1859. return 1;
  1860. err:
  1861. return 0;
  1862. }
  1863. void free_index(CA_DB *db)
  1864. {
  1865. if (db)
  1866. {
  1867. if (db->db) TXT_DB_free(db->db);
  1868. OPENSSL_free(db);
  1869. }
  1870. }
  1871. int parse_yesno(const char *str, int def)
  1872. {
  1873. int ret = def;
  1874. if (str)
  1875. {
  1876. switch (*str)
  1877. {
  1878. case 'f': /* false */
  1879. case 'F': /* FALSE */
  1880. case 'n': /* no */
  1881. case 'N': /* NO */
  1882. case '0': /* 0 */
  1883. ret = 0;
  1884. break;
  1885. case 't': /* true */
  1886. case 'T': /* TRUE */
  1887. case 'y': /* yes */
  1888. case 'Y': /* YES */
  1889. case '1': /* 1 */
  1890. ret = 1;
  1891. break;
  1892. default:
  1893. ret = def;
  1894. break;
  1895. }
  1896. }
  1897. return ret;
  1898. }
  1899. /*
  1900. * subject is expected to be in the format /type0=value0/type1=value1/type2=...
  1901. * where characters may be escaped by \
  1902. */
  1903. X509_NAME *parse_name(char *subject, long chtype, int multirdn)
  1904. {
  1905. size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
  1906. char *buf = OPENSSL_malloc(buflen);
  1907. size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
  1908. char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
  1909. char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
  1910. int *mval = OPENSSL_malloc (max_ne * sizeof (int));
  1911. char *sp = subject, *bp = buf;
  1912. int i, ne_num = 0;
  1913. X509_NAME *n = NULL;
  1914. int nid;
  1915. if (!buf || !ne_types || !ne_values)
  1916. {
  1917. BIO_printf(bio_err, "malloc error\n");
  1918. goto error;
  1919. }
  1920. if (*subject != '/')
  1921. {
  1922. BIO_printf(bio_err, "Subject does not start with '/'.\n");
  1923. goto error;
  1924. }
  1925. sp++; /* skip leading / */
  1926. /* no multivalued RDN by default */
  1927. mval[ne_num] = 0;
  1928. while (*sp)
  1929. {
  1930. /* collect type */
  1931. ne_types[ne_num] = bp;
  1932. while (*sp)
  1933. {
  1934. if (*sp == '\\') /* is there anything to escape in the type...? */
  1935. {
  1936. if (*++sp)
  1937. *bp++ = *sp++;
  1938. else
  1939. {
  1940. BIO_printf(bio_err, "escape character at end of string\n");
  1941. goto error;
  1942. }
  1943. }
  1944. else if (*sp == '=')
  1945. {
  1946. sp++;
  1947. *bp++ = '\0';
  1948. break;
  1949. }
  1950. else
  1951. *bp++ = *sp++;
  1952. }
  1953. if (!*sp)
  1954. {
  1955. BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
  1956. goto error;
  1957. }
  1958. ne_values[ne_num] = bp;
  1959. while (*sp)
  1960. {
  1961. if (*sp == '\\')
  1962. {
  1963. if (*++sp)
  1964. *bp++ = *sp++;
  1965. else
  1966. {
  1967. BIO_printf(bio_err, "escape character at end of string\n");
  1968. goto error;
  1969. }
  1970. }
  1971. else if (*sp == '/')
  1972. {
  1973. sp++;
  1974. /* no multivalued RDN by default */
  1975. mval[ne_num+1] = 0;
  1976. break;
  1977. }
  1978. else if (*sp == '+' && multirdn)
  1979. {
  1980. /* a not escaped + signals a mutlivalued RDN */
  1981. sp++;
  1982. mval[ne_num+1] = -1;
  1983. break;
  1984. }
  1985. else
  1986. *bp++ = *sp++;
  1987. }
  1988. *bp++ = '\0';
  1989. ne_num++;
  1990. }
  1991. if (!(n = X509_NAME_new()))
  1992. goto error;
  1993. for (i = 0; i < ne_num; i++)
  1994. {
  1995. if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
  1996. {
  1997. BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
  1998. continue;
  1999. }
  2000. if (!*ne_values[i])
  2001. {
  2002. BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
  2003. continue;
  2004. }
  2005. if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
  2006. goto error;
  2007. }
  2008. OPENSSL_free(ne_values);
  2009. OPENSSL_free(ne_types);
  2010. OPENSSL_free(buf);
  2011. return n;
  2012. error:
  2013. X509_NAME_free(n);
  2014. if (ne_values)
  2015. OPENSSL_free(ne_values);
  2016. if (ne_types)
  2017. OPENSSL_free(ne_types);
  2018. if (buf)
  2019. OPENSSL_free(buf);
  2020. return NULL;
  2021. }
  2022. int args_verify(char ***pargs, int *pargc,
  2023. int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
  2024. {
  2025. ASN1_OBJECT *otmp = NULL;
  2026. unsigned long flags = 0;
  2027. int i;
  2028. int purpose = 0, depth = -1;
  2029. char **oldargs = *pargs;
  2030. char *arg = **pargs, *argn = (*pargs)[1];
  2031. if (!strcmp(arg, "-policy"))
  2032. {
  2033. if (!argn)
  2034. *badarg = 1;
  2035. else
  2036. {
  2037. otmp = OBJ_txt2obj(argn, 0);
  2038. if (!otmp)
  2039. {
  2040. BIO_printf(err, "Invalid Policy \"%s\"\n",
  2041. argn);
  2042. *badarg = 1;
  2043. }
  2044. }
  2045. (*pargs)++;
  2046. }
  2047. else if (strcmp(arg,"-purpose") == 0)
  2048. {
  2049. X509_PURPOSE *xptmp;
  2050. if (!argn)
  2051. *badarg = 1;
  2052. else
  2053. {
  2054. i = X509_PURPOSE_get_by_sname(argn);
  2055. if(i < 0)
  2056. {
  2057. BIO_printf(err, "unrecognized purpose\n");
  2058. *badarg = 1;
  2059. }
  2060. else
  2061. {
  2062. xptmp = X509_PURPOSE_get0(i);
  2063. purpose = X509_PURPOSE_get_id(xptmp);
  2064. }
  2065. }
  2066. (*pargs)++;
  2067. }
  2068. else if (strcmp(arg,"-verify_depth") == 0)
  2069. {
  2070. if (!argn)
  2071. *badarg = 1;
  2072. else
  2073. {
  2074. depth = atoi(argn);
  2075. if(depth < 0)
  2076. {
  2077. BIO_printf(err, "invalid depth\n");
  2078. *badarg = 1;
  2079. }
  2080. }
  2081. (*pargs)++;
  2082. }
  2083. else if (!strcmp(arg, "-ignore_critical"))
  2084. flags |= X509_V_FLAG_IGNORE_CRITICAL;
  2085. else if (!strcmp(arg, "-issuer_checks"))
  2086. flags |= X509_V_FLAG_CB_ISSUER_CHECK;
  2087. else if (!strcmp(arg, "-crl_check"))
  2088. flags |= X509_V_FLAG_CRL_CHECK;
  2089. else if (!strcmp(arg, "-crl_check_all"))
  2090. flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
  2091. else if (!strcmp(arg, "-policy_check"))
  2092. flags |= X509_V_FLAG_POLICY_CHECK;
  2093. else if (!strcmp(arg, "-explicit_policy"))
  2094. flags |= X509_V_FLAG_EXPLICIT_POLICY;
  2095. else if (!strcmp(arg, "-inhibit_any"))
  2096. flags |= X509_V_FLAG_INHIBIT_ANY;
  2097. else if (!strcmp(arg, "-inhibit_map"))
  2098. flags |= X509_V_FLAG_INHIBIT_MAP;
  2099. else if (!strcmp(arg, "-x509_strict"))
  2100. flags |= X509_V_FLAG_X509_STRICT;
  2101. else if (!strcmp(arg, "-extended_crl"))
  2102. flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
  2103. else if (!strcmp(arg, "-use_deltas"))
  2104. flags |= X509_V_FLAG_USE_DELTAS;
  2105. else if (!strcmp(arg, "-policy_print"))
  2106. flags |= X509_V_FLAG_NOTIFY_POLICY;
  2107. else if (!strcmp(arg, "-check_ss_sig"))
  2108. flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
  2109. else
  2110. return 0;
  2111. if (*badarg)
  2112. {
  2113. if (*pm)
  2114. X509_VERIFY_PARAM_free(*pm);
  2115. *pm = NULL;
  2116. goto end;
  2117. }
  2118. if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
  2119. {
  2120. *badarg = 1;
  2121. goto end;
  2122. }
  2123. if (otmp)
  2124. X509_VERIFY_PARAM_add0_policy(*pm, otmp);
  2125. if (flags)
  2126. X509_VERIFY_PARAM_set_flags(*pm, flags);
  2127. if (purpose)
  2128. X509_VERIFY_PARAM_set_purpose(*pm, purpose);
  2129. if (depth >= 0)
  2130. X509_VERIFY_PARAM_set_depth(*pm, depth);
  2131. end:
  2132. (*pargs)++;
  2133. if (pargc)
  2134. *pargc -= *pargs - oldargs;
  2135. return 1;
  2136. }
  2137. /* Read whole contents of a BIO into an allocated memory buffer and
  2138. * return it.
  2139. */
  2140. int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
  2141. {
  2142. BIO *mem;
  2143. int len, ret;
  2144. unsigned char tbuf[1024];
  2145. mem = BIO_new(BIO_s_mem());
  2146. if (!mem)
  2147. return -1;
  2148. for(;;)
  2149. {
  2150. if ((maxlen != -1) && maxlen < 1024)
  2151. len = maxlen;
  2152. else
  2153. len = 1024;
  2154. len = BIO_read(in, tbuf, len);
  2155. if (len <= 0)
  2156. break;
  2157. if (BIO_write(mem, tbuf, len) != len)
  2158. {
  2159. BIO_free(mem);
  2160. return -1;
  2161. }
  2162. maxlen -= len;
  2163. if (maxlen == 0)
  2164. break;
  2165. }
  2166. ret = BIO_get_mem_data(mem, (char **)out);
  2167. BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
  2168. BIO_free(mem);
  2169. return ret;
  2170. }
  2171. int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
  2172. {
  2173. int rv;
  2174. char *stmp, *vtmp = NULL;
  2175. stmp = BUF_strdup(value);
  2176. if (!stmp)
  2177. return -1;
  2178. vtmp = strchr(stmp, ':');
  2179. if (vtmp)
  2180. {
  2181. *vtmp = 0;
  2182. vtmp++;
  2183. }
  2184. rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
  2185. OPENSSL_free(stmp);
  2186. return rv;
  2187. }
  2188. static void nodes_print(BIO *out, const char *name,
  2189. STACK_OF(X509_POLICY_NODE) *nodes)
  2190. {
  2191. X509_POLICY_NODE *node;
  2192. int i;
  2193. BIO_printf(out, "%s Policies:", name);
  2194. if (nodes)
  2195. {
  2196. BIO_puts(out, "\n");
  2197. for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
  2198. {
  2199. node = sk_X509_POLICY_NODE_value(nodes, i);
  2200. X509_POLICY_NODE_print(out, node, 2);
  2201. }
  2202. }
  2203. else
  2204. BIO_puts(out, " <empty>\n");
  2205. }
  2206. void policies_print(BIO *out, X509_STORE_CTX *ctx)
  2207. {
  2208. X509_POLICY_TREE *tree;
  2209. int explicit_policy;
  2210. int free_out = 0;
  2211. if (out == NULL)
  2212. {
  2213. out = BIO_new_fp(stderr, BIO_NOCLOSE);
  2214. free_out = 1;
  2215. }
  2216. tree = X509_STORE_CTX_get0_policy_tree(ctx);
  2217. explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
  2218. BIO_printf(out, "Require explicit Policy: %s\n",
  2219. explicit_policy ? "True" : "False");
  2220. nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
  2221. nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
  2222. if (free_out)
  2223. BIO_free(out);
  2224. }
  2225. #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
  2226. static JPAKE_CTX *jpake_init(const char *us, const char *them,
  2227. const char *secret)
  2228. {
  2229. BIGNUM *p = NULL;
  2230. BIGNUM *g = NULL;
  2231. BIGNUM *q = NULL;
  2232. BIGNUM *bnsecret = BN_new();
  2233. JPAKE_CTX *ctx;
  2234. /* Use a safe prime for p (that we found earlier) */
  2235. BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
  2236. g = BN_new();
  2237. BN_set_word(g, 2);
  2238. q = BN_new();
  2239. BN_rshift1(q, p);
  2240. BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
  2241. ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
  2242. BN_free(bnsecret);
  2243. BN_free(q);
  2244. BN_free(g);
  2245. BN_free(p);
  2246. return ctx;
  2247. }
  2248. static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
  2249. {
  2250. BN_print(conn, p->gx);
  2251. BIO_puts(conn, "\n");
  2252. BN_print(conn, p->zkpx.gr);
  2253. BIO_puts(conn, "\n");
  2254. BN_print(conn, p->zkpx.b);
  2255. BIO_puts(conn, "\n");
  2256. }
  2257. static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
  2258. {
  2259. JPAKE_STEP1 s1;
  2260. JPAKE_STEP1_init(&s1);
  2261. JPAKE_STEP1_generate(&s1, ctx);
  2262. jpake_send_part(bconn, &s1.p1);
  2263. jpake_send_part(bconn, &s1.p2);
  2264. (void)BIO_flush(bconn);
  2265. JPAKE_STEP1_release(&s1);
  2266. }
  2267. static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
  2268. {
  2269. JPAKE_STEP2 s2;
  2270. JPAKE_STEP2_init(&s2);
  2271. JPAKE_STEP2_generate(&s2, ctx);
  2272. jpake_send_part(bconn, &s2);
  2273. (void)BIO_flush(bconn);
  2274. JPAKE_STEP2_release(&s2);
  2275. }
  2276. static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
  2277. {
  2278. JPAKE_STEP3A s3a;
  2279. JPAKE_STEP3A_init(&s3a);
  2280. JPAKE_STEP3A_generate(&s3a, ctx);
  2281. BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
  2282. (void)BIO_flush(bconn);
  2283. JPAKE_STEP3A_release(&s3a);
  2284. }
  2285. static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
  2286. {
  2287. JPAKE_STEP3B s3b;
  2288. JPAKE_STEP3B_init(&s3b);
  2289. JPAKE_STEP3B_generate(&s3b, ctx);
  2290. BIO_write(bconn, s3b.hk, sizeof s3b.hk);
  2291. (void)BIO_flush(bconn);
  2292. JPAKE_STEP3B_release(&s3b);
  2293. }
  2294. static void readbn(BIGNUM **bn, BIO *bconn)
  2295. {
  2296. char buf[10240];
  2297. int l;
  2298. l = BIO_gets(bconn, buf, sizeof buf);
  2299. assert(l > 0);
  2300. assert(buf[l-1] == '\n');
  2301. buf[l-1] = '\0';
  2302. BN_hex2bn(bn, buf);
  2303. }
  2304. static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
  2305. {
  2306. readbn(&p->gx, bconn);
  2307. readbn(&p->zkpx.gr, bconn);
  2308. readbn(&p->zkpx.b, bconn);
  2309. }
  2310. static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
  2311. {
  2312. JPAKE_STEP1 s1;
  2313. JPAKE_STEP1_init(&s1);
  2314. jpake_receive_part(&s1.p1, bconn);
  2315. jpake_receive_part(&s1.p2, bconn);
  2316. if(!JPAKE_STEP1_process(ctx, &s1))
  2317. {
  2318. ERR_print_errors(bio_err);
  2319. exit(1);
  2320. }
  2321. JPAKE_STEP1_release(&s1);
  2322. }
  2323. static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
  2324. {
  2325. JPAKE_STEP2 s2;
  2326. JPAKE_STEP2_init(&s2);
  2327. jpake_receive_part(&s2, bconn);
  2328. if(!JPAKE_STEP2_process(ctx, &s2))
  2329. {
  2330. ERR_print_errors(bio_err);
  2331. exit(1);
  2332. }
  2333. JPAKE_STEP2_release(&s2);
  2334. }
  2335. static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
  2336. {
  2337. JPAKE_STEP3A s3a;
  2338. int l;
  2339. JPAKE_STEP3A_init(&s3a);
  2340. l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
  2341. assert(l == sizeof s3a.hhk);
  2342. if(!JPAKE_STEP3A_process(ctx, &s3a))
  2343. {
  2344. ERR_print_errors(bio_err);
  2345. exit(1);
  2346. }
  2347. JPAKE_STEP3A_release(&s3a);
  2348. }
  2349. static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
  2350. {
  2351. JPAKE_STEP3B s3b;
  2352. int l;
  2353. JPAKE_STEP3B_init(&s3b);
  2354. l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
  2355. assert(l == sizeof s3b.hk);
  2356. if(!JPAKE_STEP3B_process(ctx, &s3b))
  2357. {
  2358. ERR_print_errors(bio_err);
  2359. exit(1);
  2360. }
  2361. JPAKE_STEP3B_release(&s3b);
  2362. }
  2363. void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
  2364. {
  2365. JPAKE_CTX *ctx;
  2366. BIO *bconn;
  2367. BIO_puts(out, "Authenticating with JPAKE\n");
  2368. ctx = jpake_init("client", "server", secret);
  2369. bconn = BIO_new(BIO_f_buffer());
  2370. BIO_push(bconn, conn);
  2371. jpake_send_step1(bconn, ctx);
  2372. jpake_receive_step1(ctx, bconn);
  2373. jpake_send_step2(bconn, ctx);
  2374. jpake_receive_step2(ctx, bconn);
  2375. jpake_send_step3a(bconn, ctx);
  2376. jpake_receive_step3b(ctx, bconn);
  2377. BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
  2378. psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
  2379. BIO_pop(bconn);
  2380. BIO_free(bconn);
  2381. JPAKE_CTX_free(ctx);
  2382. }
  2383. void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
  2384. {
  2385. JPAKE_CTX *ctx;
  2386. BIO *bconn;
  2387. BIO_puts(out, "Authenticating with JPAKE\n");
  2388. ctx = jpake_init("server", "client", secret);
  2389. bconn = BIO_new(BIO_f_buffer());
  2390. BIO_push(bconn, conn);
  2391. jpake_receive_step1(ctx, bconn);
  2392. jpake_send_step1(bconn, ctx);
  2393. jpake_receive_step2(ctx, bconn);
  2394. jpake_send_step2(bconn, ctx);
  2395. jpake_receive_step3a(ctx, bconn);
  2396. jpake_send_step3b(bconn, ctx);
  2397. BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
  2398. psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
  2399. BIO_pop(bconn);
  2400. BIO_free(bconn);
  2401. JPAKE_CTX_free(ctx);
  2402. }
  2403. #endif
  2404. /*
  2405. * Platform-specific sections
  2406. */
  2407. #if defined(_WIN32)
  2408. # ifdef fileno
  2409. # undef fileno
  2410. # define fileno(a) (int)_fileno(a)
  2411. # endif
  2412. # include <windows.h>
  2413. # include <tchar.h>
  2414. static int WIN32_rename(const char *from, const char *to)
  2415. {
  2416. TCHAR *tfrom=NULL,*tto;
  2417. DWORD err;
  2418. int ret=0;
  2419. if (sizeof(TCHAR) == 1)
  2420. {
  2421. tfrom = (TCHAR *)from;
  2422. tto = (TCHAR *)to;
  2423. }
  2424. else /* UNICODE path */
  2425. {
  2426. size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
  2427. tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
  2428. if (tfrom==NULL) goto err;
  2429. tto=tfrom+flen;
  2430. #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
  2431. if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
  2432. #endif
  2433. for (i=0;i<flen;i++) tfrom[i]=(TCHAR)from[i];
  2434. #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
  2435. if (!MultiByteToWideChar(CP_ACP,0,to, tlen,(WCHAR *)tto, tlen))
  2436. #endif
  2437. for (i=0;i<tlen;i++) tto[i] =(TCHAR)to[i];
  2438. }
  2439. if (MoveFile(tfrom,tto)) goto ok;
  2440. err=GetLastError();
  2441. if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
  2442. {
  2443. if (DeleteFile(tto) && MoveFile(tfrom,tto))
  2444. goto ok;
  2445. err=GetLastError();
  2446. }
  2447. if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
  2448. errno = ENOENT;
  2449. else if (err==ERROR_ACCESS_DENIED)
  2450. errno = EACCES;
  2451. else
  2452. errno = EINVAL; /* we could map more codes... */
  2453. err:
  2454. ret=-1;
  2455. ok:
  2456. if (tfrom!=NULL && tfrom!=(TCHAR *)from) free(tfrom);
  2457. return ret;
  2458. }
  2459. #endif
  2460. /* app_tminterval section */
  2461. #if defined(_WIN32)
  2462. double app_tminterval(int stop,int usertime)
  2463. {
  2464. FILETIME now;
  2465. double ret=0;
  2466. static ULARGE_INTEGER tmstart;
  2467. static int warning=1;
  2468. #ifdef _WIN32_WINNT
  2469. static HANDLE proc=NULL;
  2470. if (proc==NULL)
  2471. {
  2472. if (GetVersion() < 0x80000000)
  2473. proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
  2474. GetCurrentProcessId());
  2475. if (proc==NULL) proc = (HANDLE)-1;
  2476. }
  2477. if (usertime && proc!=(HANDLE)-1)
  2478. {
  2479. FILETIME junk;
  2480. GetProcessTimes(proc,&junk,&junk,&junk,&now);
  2481. }
  2482. else
  2483. #endif
  2484. {
  2485. SYSTEMTIME systime;
  2486. if (usertime && warning)
  2487. {
  2488. BIO_printf(bio_err,"To get meaningful results, run "
  2489. "this program on idle system.\n");
  2490. warning=0;
  2491. }
  2492. GetSystemTime(&systime);
  2493. SystemTimeToFileTime(&systime,&now);
  2494. }
  2495. if (stop==TM_START)
  2496. {
  2497. tmstart.u.LowPart = now.dwLowDateTime;
  2498. tmstart.u.HighPart = now.dwHighDateTime;
  2499. }
  2500. else {
  2501. ULARGE_INTEGER tmstop;
  2502. tmstop.u.LowPart = now.dwLowDateTime;
  2503. tmstop.u.HighPart = now.dwHighDateTime;
  2504. ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
  2505. }
  2506. return (ret);
  2507. }
  2508. #elif defined(OPENSSL_SYS_NETWARE)
  2509. #include <time.h>
  2510. double app_tminterval(int stop,int usertime)
  2511. {
  2512. double ret=0;
  2513. static clock_t tmstart;
  2514. static int warning=1;
  2515. if (usertime && warning)
  2516. {
  2517. BIO_printf(bio_err,"To get meaningful results, run "
  2518. "this program on idle system.\n");
  2519. warning=0;
  2520. }
  2521. if (stop==TM_START) tmstart = clock();
  2522. else ret = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
  2523. return (ret);
  2524. }
  2525. #elif defined(OPENSSL_SYSTEM_VXWORKS)
  2526. #include <time.h>
  2527. double app_tminterval(int stop,int usertime)
  2528. {
  2529. double ret=0;
  2530. #ifdef CLOCK_REALTIME
  2531. static struct timespec tmstart;
  2532. struct timespec now;
  2533. #else
  2534. static unsigned long tmstart;
  2535. unsigned long now;
  2536. #endif
  2537. static int warning=1;
  2538. if (usertime && warning)
  2539. {
  2540. BIO_printf(bio_err,"To get meaningful results, run "
  2541. "this program on idle system.\n");
  2542. warning=0;
  2543. }
  2544. #ifdef CLOCK_REALTIME
  2545. clock_gettime(CLOCK_REALTIME,&now);
  2546. if (stop==TM_START) tmstart = now;
  2547. else ret = ( (now.tv_sec+now.tv_nsec*1e-9)
  2548. - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
  2549. #else
  2550. now = tickGet();
  2551. if (stop==TM_START) tmstart = now;
  2552. else ret = (now - tmstart)/(double)sysClkRateGet();
  2553. #endif
  2554. return (ret);
  2555. }
  2556. #elif defined(OPENSSL_SYSTEM_VMS)
  2557. #include <time.h>
  2558. #include <times.h>
  2559. double app_tminterval(int stop,int usertime)
  2560. {
  2561. static clock_t tmstart;
  2562. double ret = 0;
  2563. clock_t now;
  2564. #ifdef __TMS
  2565. struct tms rus;
  2566. now = times(&rus);
  2567. if (usertime) now = rus.tms_utime;
  2568. #else
  2569. if (usertime)
  2570. now = clock(); /* sum of user and kernel times */
  2571. else {
  2572. struct timeval tv;
  2573. gettimeofday(&tv,NULL);
  2574. now = (clock_t)(
  2575. (unsigned long long)tv.tv_sec*CLK_TCK +
  2576. (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
  2577. );
  2578. }
  2579. #endif
  2580. if (stop==TM_START) tmstart = now;
  2581. else ret = (now - tmstart)/(double)(CLK_TCK);
  2582. return (ret);
  2583. }
  2584. #elif defined(_SC_CLK_TCK) /* by means of unistd.h */
  2585. #include <sys/times.h>
  2586. double app_tminterval(int stop,int usertime)
  2587. {
  2588. double ret = 0;
  2589. struct tms rus;
  2590. clock_t now = times(&rus);
  2591. static clock_t tmstart;
  2592. if (usertime) now = rus.tms_utime;
  2593. if (stop==TM_START) tmstart = now;
  2594. else
  2595. {
  2596. long int tck = sysconf(_SC_CLK_TCK);
  2597. ret = (now - tmstart)/(double)tck;
  2598. }
  2599. return (ret);
  2600. }
  2601. #else
  2602. #include <sys/time.h>
  2603. #include <sys/resource.h>
  2604. double app_tminterval(int stop,int usertime)
  2605. {
  2606. double ret = 0;
  2607. struct rusage rus;
  2608. struct timeval now;
  2609. static struct timeval tmstart;
  2610. if (usertime) getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
  2611. else gettimeofday(&now,NULL);
  2612. if (stop==TM_START) tmstart = now;
  2613. else ret = ( (now.tv_sec+now.tv_usec*1e-6)
  2614. - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
  2615. return ret;
  2616. }
  2617. #endif
  2618. /* app_isdir section */
  2619. #ifdef _WIN32
  2620. int app_isdir(const char *name)
  2621. {
  2622. HANDLE hList;
  2623. WIN32_FIND_DATA FileData;
  2624. #if defined(UNICODE) || defined(_UNICODE)
  2625. size_t i, len_0 = strlen(name)+1;
  2626. if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
  2627. return -1;
  2628. #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
  2629. if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
  2630. #endif
  2631. for (i=0;i<len_0;i++)
  2632. FileData.cFileName[i] = (WCHAR)name[i];
  2633. hList = FindFirstFile(FileData.cFileName,&FileData);
  2634. #else
  2635. hList = FindFirstFile(name,&FileData);
  2636. #endif
  2637. if (hList == INVALID_HANDLE_VALUE) return -1;
  2638. FindClose(hList);
  2639. return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
  2640. }
  2641. #else
  2642. #include <sys/stat.h>
  2643. #ifndef S_ISDIR
  2644. # if defined(_S_IFMT) && defined(_S_IFDIR)
  2645. # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
  2646. # else
  2647. # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
  2648. # endif
  2649. #endif
  2650. int app_isdir(const char *name)
  2651. {
  2652. #if defined(S_ISDIR)
  2653. struct stat st;
  2654. if (stat(name,&st)==0) return S_ISDIR(st.st_mode);
  2655. else return -1;
  2656. #else
  2657. return -1;
  2658. #endif
  2659. }
  2660. #endif
  2661. /* raw_read|write section */
  2662. #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
  2663. int raw_read_stdin(void *buf,int siz)
  2664. {
  2665. DWORD n;
  2666. if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
  2667. return (n);
  2668. else return (-1);
  2669. }
  2670. #else
  2671. int raw_read_stdin(void *buf,int siz)
  2672. { return read(fileno(stdin),buf,siz); }
  2673. #endif
  2674. #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
  2675. int raw_write_stdout(const void *buf,int siz)
  2676. {
  2677. DWORD n;
  2678. if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
  2679. return (n);
  2680. else return (-1);
  2681. }
  2682. #else
  2683. int raw_write_stdout(const void *buf,int siz)
  2684. { return write(fileno(stdout),buf,siz); }
  2685. #endif