X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fapps.c;h=89f43406bf346fa38d1bf0a2a2cc40772743e0b4;hb=f4da39d200a8c2068595b8d5bd5efb78af4224e1;hp=9475fe3ccd8113c7bad39cb061069825e1ba84d2;hpb=222561fe8ef510f336417a666f69f81ddc9b8fe4;p=openssl.git diff --git a/apps/apps.c b/apps/apps.c index 9475fe3ccd..89f43406bf 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -118,13 +118,15 @@ #include #include #include -#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && !defined(NETWARE_CLIB) -# include +#ifndef NO_SYS_TYPES_H +# include +#endif +#ifndef OPENSSL_NO_POSIX_IO +# include +# include #endif -#include #include #include -#include #include #include #include @@ -164,23 +166,17 @@ static int set_table_opts(unsigned long *flags, const char *arg, static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -/* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format); -#endif - int app_init(long mesgwin); int chopup_args(ARGS *arg, char *buf) { int quoted; - char c, *p; + char c = '\0', *p = NULL; arg->argc = 0; if (arg->size == 0) { arg->size = 20; - arg->argv = OPENSSL_malloc(sizeof(char *) * arg->size); + arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); if (arg->argv == NULL) return 0; } @@ -195,7 +191,8 @@ int chopup_args(ARGS *arg, char *buf) /* The start of something good :-) */ if (arg->argc >= arg->size) { arg->size += 20; - arg->argv = OPENSSL_realloc(arg->argv, sizeof(char *) * arg->size); + arg->argv = OPENSSL_realloc(arg->argv, + sizeof(*arg->argv) * arg->size); if (arg->argv == NULL) return 0; } @@ -227,11 +224,17 @@ int app_init(long mesgwin) } #endif -int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, const char *CApath) +int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath, int noCAfile, int noCApath) { - if (CAfile == NULL && CApath == NULL) - return SSL_CTX_set_default_verify_paths(ctx); + if (CAfile == NULL && CApath == NULL) { + if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0) + return 0; + if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0) + return 0; + + return 1; + } return SSL_CTX_load_verify_locations(ctx, CAfile, CApath); } @@ -367,13 +370,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) ok = UI_add_input_string(ui, prompt, ui_flags, buf, PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { - buff = OPENSSL_malloc(bufsiz); - if (!buff) { - BIO_printf(bio_err, "Out of memory\n"); - UI_free(ui); - OPENSSL_free(prompt); - return 0; - } + buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } @@ -383,10 +380,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - if (buff) { - OPENSSL_cleanse(buff, (unsigned int)bufsiz); - OPENSSL_free(buff); - } + OPENSSL_clear_free(buff, (unsigned int)bufsiz); if (ok >= 0) res = strlen(buf); @@ -436,9 +430,10 @@ static char *app_get_pass(char *arg, int keepbio) char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; int i; - if (!strncmp(arg, "pass:", 5)) + + if (strncmp(arg, "pass:", 5) == 0) return BUF_strdup(arg + 5); - if (!strncmp(arg, "env:", 4)) { + if (strncmp(arg, "env:", 4) == 0) { tmp = getenv(arg + 4); if (!tmp) { BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4); @@ -447,7 +442,7 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tmp); } if (!keepbio || !pwdbio) { - if (!strncmp(arg, "file:", 5)) { + if (strncmp(arg, "file:", 5) == 0) { pwdbio = BIO_new_file(arg + 5, "r"); if (!pwdbio) { BIO_printf(bio_err, "Can't open file %s\n", arg + 5); @@ -462,7 +457,7 @@ static char *app_get_pass(char *arg, int keepbio) * on real Windows descriptors, such as those obtained * with CreateFile. */ - } else if (!strncmp(arg, "fd:", 3)) { + } else if (strncmp(arg, "fd:", 3) == 0) { BIO *btmp; i = atoi(arg + 3); if (i >= 0) @@ -477,8 +472,8 @@ static char *app_get_pass(char *arg, int keepbio) btmp = BIO_new(BIO_f_buffer()); pwdbio = BIO_push(btmp, pwdbio); #endif - } else if (!strcmp(arg, "stdin")) { - pwdbio = dup_bio_in(); + } else if (strcmp(arg, "stdin") == 0) { + pwdbio = dup_bio_in(FORMAT_TEXT); if (!pwdbio) { BIO_printf(bio_err, "Can't open BIO for stdin\n"); return NULL; @@ -503,17 +498,84 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tpass); } +static CONF *app_load_config_(BIO *in, const char *filename) +{ + long errorline = -1; + CONF *conf; + int i; + + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, &errorline); + if (i > 0) + return conf; + + if (errorline <= 0) + BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n", + opt_getprog(), filename); + else + BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n", + opt_getprog(), errorline, filename); + NCONF_free(conf); + return NULL; +} +CONF *app_load_config(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default(filename, 'r', FORMAT_TEXT); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} +CONF *app_load_config_quiet(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} + +int app_load_modules(const CONF *config) +{ + CONF *to_free = NULL; + + if (config == NULL) + config = to_free = app_load_config_quiet(default_config_file); + if (config == NULL) + return 1; + + if (CONF_modules_load(config, NULL, 0) <= 0) { + BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); + ERR_print_errors(bio_err); + NCONF_free(to_free); + return 0; + } + NCONF_free(to_free); + return 1; +} + int add_oid_section(CONF *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) { + + if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) { ERR_clear_error(); return 1; } - if (!(sktmp = NCONF_get_section(conf, p))) { + if ((sktmp = NCONF_get_section(conf, p)) == NULL) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } @@ -584,7 +646,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) if (!bio || !BIO_set_conn_port(bio, port)) goto err; rctx = OCSP_REQ_CTX_new(bio, 1024); - if (!rctx) + if (rctx == NULL) goto err; if (!OCSP_REQ_CTX_http(rctx, "GET", path)) goto err; @@ -601,16 +663,12 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) } err: - if (host) - OPENSSL_free(host); - if (path) - OPENSSL_free(path); - if (port) - OPENSSL_free(port); + OPENSSL_free(host); + OPENSSL_free(path); + OPENSSL_free(port); if (bio) BIO_free_all(bio); - if (rctx) - OCSP_REQ_CTX_free(rctx); + OCSP_REQ_CTX_free(rctx); if (rv != 1) { BIO_printf(bio_err, "Error loading %s from %s\n", pcert ? "certificate" : "CRL", url); @@ -632,30 +690,15 @@ X509 *load_cert(const char *file, int format, if (file == NULL) { unbuffer(stdin); - cert = dup_bio_in(); + cert = dup_bio_in(format); } else - cert = bio_open_default(file, RB(format)); + cert = bio_open_default(file, 'r', format); if (cert == NULL) goto end; if (format == FORMAT_ASN1) x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_NETSCAPE) { - NETSCAPE_X509 *nx; - nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL); - if (nx == NULL) - goto end; - - if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, - nx->header->length) != 0)) { - NETSCAPE_X509_free(nx); - BIO_printf(bio_err, "Error reading header on certificate\n"); - goto end; - } - x = nx->cert; - nx->cert = NULL; - NETSCAPE_X509_free(nx); - } else if (format == FORMAT_PEM) + else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { @@ -670,8 +713,7 @@ X509 *load_cert(const char *file, int format, BIO_printf(bio_err, "unable to load certificate\n"); ERR_print_errors(bio_err); } - if (cert != NULL) - BIO_free(cert); + BIO_free(cert); return (x); } @@ -685,7 +727,7 @@ X509_CRL *load_crl(const char *infile, int format) return x; } - in = bio_open_default(infile, RB(format)); + in = bio_open_default(infile, 'r', format); if (in == NULL) goto end; if (format == FORMAT_ASN1) @@ -737,9 +779,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, #endif if (file == NULL && maybe_stdin) { unbuffer(stdin); - key = dup_bio_in(); + key = dup_bio_in(format); } else - key = bio_open_default(file, RB(format)); + key = bio_open_default(file, 'r', format); if (key == NULL) goto end; if (format == FORMAT_ASN1) { @@ -749,10 +791,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(key, key_descrip, (pem_password_cb *)password_callback, &cb_data, @@ -771,8 +809,7 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, goto end; } end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) { BIO_printf(bio_err, "unable to load %s\n", key_descrip); ERR_print_errors(bio_err); @@ -780,13 +817,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, return (pkey); } -static const char *key_file_format(int format) -{ - if (format == FORMAT_PEM || format == FORMAT_PEMRSA) - return "r"; - return "rb"; -} - EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip) { @@ -812,9 +842,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, #endif if (file == NULL && maybe_stdin) { unbuffer(stdin); - key = dup_bio_in(); + key = dup_bio_in(format); } else - key = bio_open_default(file, key_file_format(format)); + key = bio_open_default(file, 'r', format); if (key == NULL) goto end; if (format == FORMAT_ASN1) { @@ -826,7 +856,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, rsa = d2i_RSAPublicKey_bio(key, NULL); if (rsa) { pkey = EVP_PKEY_new(); - if (pkey) + if (pkey != NULL) EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else @@ -836,9 +866,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, rsa = PEM_read_bio_RSAPublicKey(key, NULL, (pem_password_cb *)password_callback, &cb_data); - if (rsa) { + if (rsa != NULL) { pkey = EVP_PKEY_new(); - if (pkey) + if (pkey != NULL) EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else @@ -850,63 +880,17 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) else if (format == FORMAT_MSBLOB) pkey = b2i_PublicKey_bio(key); #endif end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) BIO_printf(bio_err, "unable to load %s\n", key_descrip); return (pkey); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format) -{ - EVP_PKEY *pkey; - BUF_MEM *buf; - RSA *rsa; - const unsigned char *p; - int size, i; - - buf = BUF_MEM_new(); - pkey = EVP_PKEY_new(); - size = 0; - if (buf == NULL || pkey == NULL) - goto error; - for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) - goto error; - i = BIO_read(key, &(buf->data[size]), 1024 * 10); - size += i; - if (i == 0) - break; - if (i < 0) { - BIO_printf(bio_err, "Error reading %s %s", key_descrip, file); - goto error; - } - } - p = (unsigned char *)buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0); - if (rsa == NULL) - goto error; - BUF_MEM_free(buf); - EVP_PKEY_set1_RSA(pkey, rsa); - return pkey; - error: - BUF_MEM_free(buf); - EVP_PKEY_free(pkey); - return NULL; -} -#endif /* ndef OPENSSL_NO_RC4 */ - static int load_certs_crls(const char *file, int format, const char *pass, ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, @@ -927,7 +911,7 @@ static int load_certs_crls(const char *file, int format, return 0; } - bio = bio_open_default(file, "r"); + bio = bio_open_default(file, 'r', FORMAT_PEM); if (bio == NULL) return 0; @@ -989,6 +973,21 @@ static int load_certs_crls(const char *file, int format, return rv; } +void* app_malloc(int sz, const char *what) +{ + void *vp = OPENSSL_malloc(sz); + + if (vp == NULL) { + BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n", + opt_getprog(), sz, what); + ERR_print_errors(bio_err); + exit(1); + } + return vp; +} + + + STACK_OF(X509) *load_certs(const char *file, int format, const char *pass, ENGINE *e, const char *desc) { @@ -1078,16 +1077,20 @@ int set_name_ex(unsigned long *flags, const char *arg) {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, {NULL, 0, 0} }; - return set_multi_opts(flags, arg, ex_tbl); + if (set_multi_opts(flags, arg, ex_tbl) == 0) + return 0; + if ((*flags & XN_FLAG_SEP_MASK) == 0) + *flags |= XN_FLAG_SEP_CPLUS_SPC; + return 1; } int set_ext_copy(int *copy_type, const char *arg) { - if (!strcasecmp(arg, "none")) + if (strcasecmp(arg, "none") == 0) *copy_type = EXT_COPY_NONE; - else if (!strcasecmp(arg, "copy")) + else if (strcasecmp(arg, "copy") == 0) *copy_type = EXT_COPY_ADD; - else if (!strcasecmp(arg, "copyall")) + else if (strcasecmp(arg, "copyall") == 0) *copy_type = EXT_COPY_ALL; else return 0; @@ -1169,7 +1172,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, c = 1; for (ptbl = in_tbl; ptbl->name; ptbl++) { - if (!strcasecmp(arg, ptbl->name)) { + if (strcasecmp(arg, ptbl->name) == 0) { *flags &= ~ptbl->mask; if (c) *flags |= ptbl->flag; @@ -1244,34 +1247,39 @@ void print_array(BIO *out, const char* title, int len, const unsigned char* d) BIO_printf(out, "\n};\n"); } -X509_STORE *setup_verify(char *CAfile, char *CApath) +X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; - if (!store) + if (store == NULL) goto end; - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) - goto end; - if (CAfile) { - if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading file %s\n", CAfile); + + if(CAfile != NULL || !noCAfile) { + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) goto end; - } - } else - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + if (CAfile) { + if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading file %s\n", CAfile); + goto end; + } + } else + X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + } - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (lookup == NULL) - goto end; - if (CApath) { - if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading directory %s\n", CApath); + if(CApath != NULL || !noCApath) { + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) goto end; - } - } else - X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + if (CApath) { + if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading directory %s\n", CApath); + goto end; + } + } else + X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + } ERR_clear_error(); return store; @@ -1527,12 +1535,13 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) { BIGNUM *btmp; int ret = 0; + if (b) btmp = b; else btmp = BN_new(); - if (!btmp) + if (btmp == NULL) return 0; if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) @@ -1544,7 +1553,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) error: - if (!b) + if (btmp != b) BN_free(btmp); return ret; @@ -1556,8 +1565,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) TXT_DB *tmpdb = NULL; BIO *in; CONF *dbattr_conf = NULL; - char buf[1][BSIZE]; - long errorline = -1; + char buf[BSIZE]; in = BIO_new_file(dbfile, "r"); if (in == NULL) { @@ -1568,28 +1576,13 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile); #endif - dbattr_conf = NCONF_new(NULL); - if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { - if (errorline > 0) { - BIO_printf(bio_err, - "error on line %ld of db attribute file '%s'\n", - errorline, buf[0]); - goto err; - } else { - NCONF_free(dbattr_conf); - dbattr_conf = NULL; - } - } - - if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) { - fprintf(stderr, "Out of memory\n"); - goto err; - } + dbattr_conf = app_load_config(buf); + retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; tmpdb = NULL; if (db_attr) @@ -1610,10 +1603,8 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) } err: - if (dbattr_conf) - NCONF_free(dbattr_conf); - if (tmpdb) - TXT_DB_free(tmpdb); + NCONF_free(dbattr_conf); + TXT_DB_free(tmpdb); BIO_free_all(in); return retdb; } @@ -1791,8 +1782,7 @@ int rotate_index(const char *dbfile, const char *new_suffix, void free_index(CA_DB *db) { if (db) { - if (db->db) - TXT_DB_free(db->db); + TXT_DB_free(db->db); OPENSSL_free(db); } } @@ -1911,7 +1901,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) int len, ret; unsigned char tbuf[1024]; mem = BIO_new(BIO_s_mem()); - if (!mem) + if (mem == NULL) return -1; for (;;) { if ((maxlen != -1) && maxlen < 1024) @@ -2165,9 +2155,7 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); @@ -2197,9 +2185,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); @@ -2210,7 +2196,6 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif -#ifndef OPENSSL_NO_TLSEXT /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. @@ -2230,10 +2215,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) if (len >= 65535) return NULL; - out = OPENSSL_malloc(strlen(in) + 1); - if (!out) - return NULL; - + out = app_malloc(strlen(in) + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { if (i - start > 255) { @@ -2249,7 +2231,6 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, @@ -2292,7 +2273,7 @@ static const char *get_dp_url(DIST_POINT *dp) uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { char *uptr = (char *)ASN1_STRING_data(uri); - if (!strncmp(uptr, "http://", 7)) + if (strncmp(uptr, "http://", 7) == 0) return uptr; } } @@ -2378,7 +2359,7 @@ static int WIN32_rename(const char *from, const char *to) } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; - tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen)); + tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; @@ -2668,7 +2649,7 @@ int app_isdir(const char *name) # if defined(UNICODE) || defined(_UNICODE) size_t i, len_0 = strlen(name) + 1; - if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0])) + if (len_0 > OSSL_NELEM(FileData.cFileName)) return -1; # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 @@ -2744,3 +2725,162 @@ int raw_write_stdout(const void *buf, int siz) return write(fileno(stdout), buf, siz); } #endif + +/* + * Centralized handling if input and output files with format specification + * The format is meant to show what the input and output is supposed to be, + * and is therefore a show of intent more than anything else. However, it + * does impact behavior on some platform, such as differentiating between + * text and binary input/output on non-Unix platforms + */ +static int istext(int format) +{ + return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT; +} + +BIO *dup_bio_in(int format) +{ + return BIO_new_fp(stdin, + BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); +} + +BIO *dup_bio_out(int format) +{ + BIO *b = BIO_new_fp(stdout, + BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); +#ifdef OPENSSL_SYS_VMS + if (istext(format)) + b = BIO_push(BIO_new(BIO_f_linebuffer()), b); +#endif + return b; +} + +void unbuffer(FILE *fp) +{ + setbuf(fp, NULL); +} + +static const char *modestr(char mode, int format) +{ + OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w'); + + switch (mode) { + case 'a': + return istext(format) ? "a" : "ab"; + case 'r': + return istext(format) ? "r" : "rb"; + case 'w': + return istext(format) ? "w" : "wb"; + } + /* The assert above should make sure we never reach this point */ + return NULL; +} + +static const char *modeverb(char mode) +{ + switch (mode) { + case 'a': + return "appending"; + case 'r': + return "reading"; + case 'w': + return "writing"; + } + return "(doing something)"; +} + +/* + * Open a file for writing, owner-read-only. + */ +BIO *bio_open_owner(const char *filename, int format, int private) +{ + FILE *fp = NULL; + BIO *b = NULL; + int fd = -1, bflags, mode, binmode; + + if (!private || filename == NULL || strcmp(filename, "-") == 0) + return bio_open_default(filename, 'w', format); + + mode = O_WRONLY; +#ifdef O_CREAT + mode |= O_CREAT; +#endif +#ifdef O_TRUNC + mode |= O_TRUNC; +#endif + binmode = istext(format); + if (binmode) { +#ifdef O_BINARY + mode |= O_BINARY; +#elif defined(_O_BINARY) + mode |= _O_BINARY; +#endif + } + + fd = open(filename, mode, 0600); + if (fd < 0) + goto err; + fp = fdopen(fd, modestr('w', format)); + if (fp == NULL) + goto err; + bflags = BIO_CLOSE; + if (!binmode) + bflags |= BIO_FP_TEXT; + b = BIO_new_fp(fp, bflags); + if (b) + return b; + + err: + BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", + opt_getprog(), filename, strerror(errno)); + ERR_print_errors(bio_err); + /* If we have fp, then fdopen took over fd, so don't close both. */ + if (fp) + fclose(fp); + else if (fd >= 0) + close(fd); + return NULL; +} + +static BIO *bio_open_default_(const char *filename, char mode, int format, + int quiet) +{ + BIO *ret; + + if (filename == NULL || strcmp(filename, "-") == 0) { + ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format); + if (quiet) { + ERR_clear_error(); + return ret; + } + if (ret != NULL) + return ret; + BIO_printf(bio_err, + "Can't open %s, %s\n", + mode == 'r' ? "stdin" : "stdout", strerror(errno)); + } else { + ret = BIO_new_file(filename, modestr(mode, format)); + if (quiet) { + ERR_clear_error(); + return ret; + } + if (ret != NULL) + return ret; + BIO_printf(bio_err, + "Can't open %s for %s, %s\n", + filename, modeverb(mode), strerror(errno)); + } + ERR_print_errors(bio_err); + return NULL; +} + +BIO *bio_open_default(const char *filename, char mode, int format) +{ + return bio_open_default_(filename, mode, format, 0); +} + +BIO *bio_open_default_quiet(const char *filename, char mode, int format) +{ + return bio_open_default_(filename, mode, format, 1); +} +