926edd0e9edfaf287dfe0e05103ce183ded5be88
[openssl.git] / apps / apps.c
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #define _POSIX_C_SOURCE 2       /* On VMS, you need to define this to get
113                                    the declaration of fileno().  The value
114                                    2 is to make sure no function defined
115                                    in POSIX-2 is left undefined. */
116 #include <stdio.h>
117 #include <stdlib.h>
118 #include <string.h>
119 #ifndef OPENSSL_SYSNAME_WIN32
120 #include <strings.h>
121 #endif
122 #include <sys/types.h>
123 #include <ctype.h>
124 #include <errno.h>
125 #include <openssl/err.h>
126 #include <openssl/x509.h>
127 #include <openssl/x509v3.h>
128 #include <openssl/pem.h>
129 #include <openssl/pkcs12.h>
130 #include <openssl/ui.h>
131 #include <openssl/safestack.h>
132 #ifndef OPENSSL_NO_ENGINE
133 #include <openssl/engine.h>
134 #endif
135 #ifndef OPENSSL_NO_RSA
136 #include <openssl/rsa.h>
137 #endif
138 #include <openssl/bn.h>
139
140 #define NON_MAIN
141 #include "apps.h"
142 #undef NON_MAIN
143
144 #ifdef _WIN32
145 static int WIN32_rename(const char *from, const char *to);
146 #define rename(from,to) WIN32_rename((from),(to))
147 #endif
148
149 typedef struct {
150         const char *name;
151         unsigned long flag;
152         unsigned long mask;
153 } NAME_EX_TBL;
154
155 static UI_METHOD *ui_method = NULL;
156
157 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
158 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
159
160 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
161 /* Looks like this stuff is worth moving into separate function */
162 static EVP_PKEY *
163 load_netscape_key(BIO *err, BIO *key, const char *file,
164                 const char *key_descrip, int format);
165 #endif
166
167 int app_init(long mesgwin);
168 #ifdef undef /* never finished - probably never will be :-) */
169 int args_from_file(char *file, int *argc, char **argv[])
170         {
171         FILE *fp;
172         int num,i;
173         unsigned int len;
174         static char *buf=NULL;
175         static char **arg=NULL;
176         char *p;
177
178         fp=fopen(file,"r");
179         if (fp == NULL)
180                 return(0);
181
182         if (fseek(fp,0,SEEK_END)==0)
183                 len=ftell(fp), rewind(fp);
184         else    len=-1;
185         if (len<=0)
186                 {
187                 fclose(fp);
188                 return(0);
189                 }
190
191         *argc=0;
192         *argv=NULL;
193
194         if (buf != NULL) OPENSSL_free(buf);
195         buf=(char *)OPENSSL_malloc(len+1);
196         if (buf == NULL) return(0);
197
198         len=fread(buf,1,len,fp);
199         if (len <= 1) return(0);
200         buf[len]='\0';
201
202         i=0;
203         for (p=buf; *p; p++)
204                 if (*p == '\n') i++;
205         if (arg != NULL) OPENSSL_free(arg);
206         arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
207
208         *argv=arg;
209         num=0;
210         p=buf;
211         for (;;)
212                 {
213                 if (!*p) break;
214                 if (*p == '#') /* comment line */
215                         {
216                         while (*p && (*p != '\n')) p++;
217                         continue;
218                         }
219                 /* else we have a line */
220                 *(arg++)=p;
221                 num++;
222                 while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
223                         p++;
224                 if (!*p) break;
225                 if (*p == '\n')
226                         {
227                         *(p++)='\0';
228                         continue;
229                         }
230                 /* else it is a tab or space */
231                 p++;
232                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
233                         p++;
234                 if (!*p) break;
235                 if (*p == '\n')
236                         {
237                         p++;
238                         continue;
239                         }
240                 *(arg++)=p++;
241                 num++;
242                 while (*p && (*p != '\n')) p++;
243                 if (!*p) break;
244                 /* else *p == '\n' */
245                 *(p++)='\0';
246                 }
247         *argc=num;
248         return(1);
249         }
250 #endif
251
252 int str2fmt(char *s)
253         {
254         if      ((*s == 'D') || (*s == 'd'))
255                 return(FORMAT_ASN1);
256         else if ((*s == 'T') || (*s == 't'))
257                 return(FORMAT_TEXT);
258         else if ((*s == 'P') || (*s == 'p'))
259                 {
260                 if (s[1] == 'V' || s[1] == 'v')
261                         return FORMAT_PVK;
262                 else
263                         return(FORMAT_PEM);
264                 }
265         else if ((*s == 'N') || (*s == 'n'))
266                 return(FORMAT_NETSCAPE);
267         else if ((*s == 'S') || (*s == 's'))
268                 return(FORMAT_SMIME);
269         else if ((*s == 'M') || (*s == 'm'))
270                 return(FORMAT_MSBLOB);
271         else if ((*s == '1')
272                 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
273                 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
274                 return(FORMAT_PKCS12);
275         else if ((*s == 'E') || (*s == 'e'))
276                 return(FORMAT_ENGINE);
277         else
278                 return(FORMAT_UNDEF);
279         }
280
281 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
282 void program_name(char *in, char *out, int size)
283         {
284         int i,n;
285         char *p=NULL;
286
287         n=strlen(in);
288         /* find the last '/', '\' or ':' */
289         for (i=n-1; i>0; i--)
290                 {
291                 if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
292                         {
293                         p= &(in[i+1]);
294                         break;
295                         }
296                 }
297         if (p == NULL)
298                 p=in;
299         n=strlen(p);
300
301 #if defined(OPENSSL_SYS_NETWARE)
302    /* strip off trailing .nlm if present. */
303    if ((n > 4) && (p[n-4] == '.') &&
304       ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
305       ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
306       ((p[n-1] == 'm') || (p[n-1] == 'M')))
307       n-=4;
308 #else
309         /* strip off trailing .exe if present. */
310         if ((n > 4) && (p[n-4] == '.') &&
311                 ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
312                 ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
313                 ((p[n-1] == 'e') || (p[n-1] == 'E')))
314                 n-=4;
315 #endif
316
317         if (n > size-1)
318                 n=size-1;
319
320         for (i=0; i<n; i++)
321                 {
322                 if ((p[i] >= 'A') && (p[i] <= 'Z'))
323                         out[i]=p[i]-'A'+'a';
324                 else
325                         out[i]=p[i];
326                 }
327         out[n]='\0';
328         }
329 #else
330 #ifdef OPENSSL_SYS_VMS
331 void program_name(char *in, char *out, int size)
332         {
333         char *p=in, *q;
334         char *chars=":]>";
335
336         while(*chars != '\0')
337                 {
338                 q=strrchr(p,*chars);
339                 if (q > p)
340                         p = q + 1;
341                 chars++;
342                 }
343
344         q=strrchr(p,'.');
345         if (q == NULL)
346                 q = p + strlen(p);
347         strncpy(out,p,size-1);
348         if (q-p >= size)
349                 {
350                 out[size-1]='\0';
351                 }
352         else
353                 {
354                 out[q-p]='\0';
355                 }
356         }
357 #else
358 void program_name(char *in, char *out, int size)
359         {
360         char *p;
361
362         p=strrchr(in,'/');
363         if (p != NULL)
364                 p++;
365         else
366                 p=in;
367         BUF_strlcpy(out,p,size);
368         }
369 #endif
370 #endif
371
372 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
373         {
374         int num,len,i;
375         char *p;
376
377         *argc=0;
378         *argv=NULL;
379
380         len=strlen(buf);
381         i=0;
382         if (arg->count == 0)
383                 {
384                 arg->count=20;
385                 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
386                 }
387         for (i=0; i<arg->count; i++)
388                 arg->data[i]=NULL;
389
390         num=0;
391         p=buf;
392         for (;;)
393                 {
394                 /* first scan over white space */
395                 if (!*p) break;
396                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
397                         p++;
398                 if (!*p) break;
399
400                 /* The start of something good :-) */
401                 if (num >= arg->count)
402                         {
403                         char **tmp_p;
404                         int tlen = arg->count + 20;
405                         tmp_p = (char **)OPENSSL_realloc(arg->data,
406                                 sizeof(char *)*tlen);
407                         if (tmp_p == NULL)
408                                 return 0;
409                         arg->data  = tmp_p;
410                         arg->count = tlen;
411                         /* initialize newly allocated data */
412                         for (i = num; i < arg->count; i++)
413                                 arg->data[i] = NULL;
414                         }
415                 arg->data[num++]=p;
416
417                 /* now look for the end of this */
418                 if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
419                         {
420                         i= *(p++);
421                         arg->data[num-1]++; /* jump over quote */
422                         while (*p && (*p != i))
423                                 p++;
424                         *p='\0';
425                         }
426                 else
427                         {
428                         while (*p && ((*p != ' ') &&
429                                 (*p != '\t') && (*p != '\n')))
430                                 p++;
431
432                         if (*p == '\0')
433                                 p--;
434                         else
435                                 *p='\0';
436                         }
437                 p++;
438                 }
439         *argc=num;
440         *argv=arg->data;
441         return(1);
442         }
443
444 #ifndef APP_INIT
445 int app_init(long mesgwin)
446         {
447         return(1);
448         }
449 #endif
450
451
452 int dump_cert_text (BIO *out, X509 *x)
453 {
454         char *p;
455
456         p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
457         BIO_puts(out,"subject=");
458         BIO_puts(out,p);
459         OPENSSL_free(p);
460
461         p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
462         BIO_puts(out,"\nissuer=");
463         BIO_puts(out,p);
464         BIO_puts(out,"\n");
465         OPENSSL_free(p);
466
467         return 0;
468 }
469
470 static int ui_open(UI *ui)
471         {
472         return UI_method_get_opener(UI_OpenSSL())(ui);
473         }
474 static int ui_read(UI *ui, UI_STRING *uis)
475         {
476         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
477                 && UI_get0_user_data(ui))
478                 {
479                 switch(UI_get_string_type(uis))
480                         {
481                 case UIT_PROMPT:
482                 case UIT_VERIFY:
483                         {
484                         const char *password =
485                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
486                         if (password && password[0] != '\0')
487                                 {
488                                 UI_set_result(ui, uis, password);
489                                 return 1;
490                                 }
491                         }
492                 default:
493                         break;
494                         }
495                 }
496         return UI_method_get_reader(UI_OpenSSL())(ui, uis);
497         }
498 static int ui_write(UI *ui, UI_STRING *uis)
499         {
500         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
501                 && UI_get0_user_data(ui))
502                 {
503                 switch(UI_get_string_type(uis))
504                         {
505                 case UIT_PROMPT:
506                 case UIT_VERIFY:
507                         {
508                         const char *password =
509                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
510                         if (password && password[0] != '\0')
511                                 return 1;
512                         }
513                 default:
514                         break;
515                         }
516                 }
517         return UI_method_get_writer(UI_OpenSSL())(ui, uis);
518         }
519 static int ui_close(UI *ui)
520         {
521         return UI_method_get_closer(UI_OpenSSL())(ui);
522         }
523 int setup_ui_method(void)
524         {
525         ui_method = UI_create_method("OpenSSL application user interface");
526         UI_method_set_opener(ui_method, ui_open);
527         UI_method_set_reader(ui_method, ui_read);
528         UI_method_set_writer(ui_method, ui_write);
529         UI_method_set_closer(ui_method, ui_close);
530         return 0;
531         }
532 void destroy_ui_method(void)
533         {
534         if(ui_method)
535                 {
536                 UI_destroy_method(ui_method);
537                 ui_method = NULL;
538                 }
539         }
540 int password_callback(char *buf, int bufsiz, int verify,
541         PW_CB_DATA *cb_tmp)
542         {
543         UI *ui = NULL;
544         int res = 0;
545         const char *prompt_info = NULL;
546         const char *password = NULL;
547         PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
548
549         if (cb_data)
550                 {
551                 if (cb_data->password)
552                         password = cb_data->password;
553                 if (cb_data->prompt_info)
554                         prompt_info = cb_data->prompt_info;
555                 }
556
557         if (password)
558                 {
559                 res = strlen(password);
560                 if (res > bufsiz)
561                         res = bufsiz;
562                 memcpy(buf, password, res);
563                 return res;
564                 }
565
566         ui = UI_new_method(ui_method);
567         if (ui)
568                 {
569                 int ok = 0;
570                 char *buff = NULL;
571                 int ui_flags = 0;
572                 char *prompt = NULL;
573
574                 prompt = UI_construct_prompt(ui, "pass phrase",
575                         prompt_info);
576
577                 ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
578                 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
579
580                 if (ok >= 0)
581                         ok = UI_add_input_string(ui,prompt,ui_flags,buf,
582                                 PW_MIN_LENGTH,BUFSIZ-1);
583                 if (ok >= 0 && verify)
584                         {
585                         buff = (char *)OPENSSL_malloc(bufsiz);
586                         ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
587                                 PW_MIN_LENGTH,BUFSIZ-1, buf);
588                         }
589                 if (ok >= 0)
590                         do
591                                 {
592                                 ok = UI_process(ui);
593                                 }
594                         while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
595
596                 if (buff)
597                         {
598                         OPENSSL_cleanse(buff,(unsigned int)bufsiz);
599                         OPENSSL_free(buff);
600                         }
601
602                 if (ok >= 0)
603                         res = strlen(buf);
604                 if (ok == -1)
605                         {
606                         BIO_printf(bio_err, "User interface error\n");
607                         ERR_print_errors(bio_err);
608                         OPENSSL_cleanse(buf,(unsigned int)bufsiz);
609                         res = 0;
610                         }
611                 if (ok == -2)
612                         {
613                         BIO_printf(bio_err,"aborted!\n");
614                         OPENSSL_cleanse(buf,(unsigned int)bufsiz);
615                         res = 0;
616                         }
617                 UI_free(ui);
618                 OPENSSL_free(prompt);
619                 }
620         return res;
621         }
622
623 static char *app_get_pass(BIO *err, char *arg, int keepbio);
624
625 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
626 {
627         int same;
628         if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
629         else same = 1;
630         if(arg1) {
631                 *pass1 = app_get_pass(err, arg1, same);
632                 if(!*pass1) return 0;
633         } else if(pass1) *pass1 = NULL;
634         if(arg2) {
635                 *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
636                 if(!*pass2) return 0;
637         } else if(pass2) *pass2 = NULL;
638         return 1;
639 }
640
641 static char *app_get_pass(BIO *err, char *arg, int keepbio)
642 {
643         char *tmp, tpass[APP_PASS_LEN];
644         static BIO *pwdbio = NULL;
645         int i;
646         if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
647         if(!strncmp(arg, "env:", 4)) {
648                 tmp = getenv(arg + 4);
649                 if(!tmp) {
650                         BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
651                         return NULL;
652                 }
653                 return BUF_strdup(tmp);
654         }
655         if(!keepbio || !pwdbio) {
656                 if(!strncmp(arg, "file:", 5)) {
657                         pwdbio = BIO_new_file(arg + 5, "r");
658                         if(!pwdbio) {
659                                 BIO_printf(err, "Can't open file %s\n", arg + 5);
660                                 return NULL;
661                         }
662 #if !defined(_WIN32)
663                 /*
664                  * Under _WIN32, which covers even Win64 and CE, file
665                  * descriptors referenced by BIO_s_fd are not inherited
666                  * by child process and therefore below is not an option.
667                  * It could have been an option if bss_fd.c was operating
668                  * on real Windows descriptors, such as those obtained
669                  * with CreateFile.
670                  */
671                 } else if(!strncmp(arg, "fd:", 3)) {
672                         BIO *btmp;
673                         i = atoi(arg + 3);
674                         if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
675                         if((i < 0) || !pwdbio) {
676                                 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
677                                 return NULL;
678                         }
679                         /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
680                         btmp = BIO_new(BIO_f_buffer());
681                         pwdbio = BIO_push(btmp, pwdbio);
682 #endif
683                 } else if(!strcmp(arg, "stdin")) {
684                         pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
685                         if(!pwdbio) {
686                                 BIO_printf(err, "Can't open BIO for stdin\n");
687                                 return NULL;
688                         }
689                 } else {
690                         BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
691                         return NULL;
692                 }
693         }
694         i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
695         if(keepbio != 1) {
696                 BIO_free_all(pwdbio);
697                 pwdbio = NULL;
698         }
699         if(i <= 0) {
700                 BIO_printf(err, "Error reading password from BIO\n");
701                 return NULL;
702         }
703         tmp = strchr(tpass, '\n');
704         if(tmp) *tmp = 0;
705         return BUF_strdup(tpass);
706 }
707
708 int add_oid_section(BIO *err, CONF *conf)
709 {       
710         char *p;
711         STACK_OF(CONF_VALUE) *sktmp;
712         CONF_VALUE *cnf;
713         int i;
714         if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
715                 {
716                 ERR_clear_error();
717                 return 1;
718                 }
719         if(!(sktmp = NCONF_get_section(conf, p))) {
720                 BIO_printf(err, "problem loading oid section %s\n", p);
721                 return 0;
722         }
723         for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
724                 cnf = sk_CONF_VALUE_value(sktmp, i);
725                 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
726                         BIO_printf(err, "problem creating object %s=%s\n",
727                                                          cnf->name, cnf->value);
728                         return 0;
729                 }
730         }
731         return 1;
732 }
733
734 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
735                 pem_password_cb *pem_cb,  void *cb_data,
736                 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
737         {
738         const char *pass;
739         char tpass[PEM_BUFSIZE];
740         int len, ret = 0;
741         PKCS12 *p12;
742         p12 = d2i_PKCS12_bio(in, NULL);
743         if (p12 == NULL)
744                 {
745                 BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);    
746                 goto die;
747                 }
748         /* See if an empty password will do */
749         if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
750                 pass = "";
751         else
752                 {
753                 if (!pem_cb)
754                         pem_cb = (pem_password_cb *)password_callback;
755                 len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
756                 if (len < 0) 
757                         {
758                         BIO_printf(err, "Passpharse callback error for %s\n",
759                                         desc);
760                         goto die;
761                         }
762                 if (len < PEM_BUFSIZE)
763                         tpass[len] = 0;
764                 if (!PKCS12_verify_mac(p12, tpass, len))
765                         {
766                         BIO_printf(err,
767         "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);    
768                         goto die;
769                         }
770                 pass = tpass;
771                 }
772         ret = PKCS12_parse(p12, pass, pkey, cert, ca);
773         die:
774         if (p12)
775                 PKCS12_free(p12);
776         return ret;
777         }
778
779 X509 *load_cert(BIO *err, const char *file, int format,
780         const char *pass, ENGINE *e, const char *cert_descrip)
781         {
782         X509 *x=NULL;
783         BIO *cert;
784
785         if ((cert=BIO_new(BIO_s_file())) == NULL)
786                 {
787                 ERR_print_errors(err);
788                 goto end;
789                 }
790
791         if (file == NULL)
792                 {
793 #ifdef _IONBF
794                 setvbuf(stdin, NULL, _IONBF, 0);
795 #endif
796                 BIO_set_fp(cert,stdin,BIO_NOCLOSE);
797                 }
798         else
799                 {
800                 if (BIO_read_filename(cert,file) <= 0)
801                         {
802                         BIO_printf(err, "Error opening %s %s\n",
803                                 cert_descrip, file);
804                         ERR_print_errors(err);
805                         goto end;
806                         }
807                 }
808
809         if      (format == FORMAT_ASN1)
810                 x=d2i_X509_bio(cert,NULL);
811         else if (format == FORMAT_NETSCAPE)
812                 {
813                 NETSCAPE_X509 *nx;
814                 nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
815                 if (nx == NULL)
816                                 goto end;
817
818                 if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
819                         nx->header->length) != 0))
820                         {
821                         NETSCAPE_X509_free(nx);
822                         BIO_printf(err,"Error reading header on certificate\n");
823                         goto end;
824                         }
825                 x=nx->cert;
826                 nx->cert = NULL;
827                 NETSCAPE_X509_free(nx);
828                 }
829         else if (format == FORMAT_PEM)
830                 x=PEM_read_bio_X509_AUX(cert,NULL,
831                         (pem_password_cb *)password_callback, NULL);
832         else if (format == FORMAT_PKCS12)
833                 {
834                 if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
835                                         NULL, &x, NULL))
836                         goto end;
837                 }
838         else    {
839                 BIO_printf(err,"bad input format specified for %s\n",
840                         cert_descrip);
841                 goto end;
842                 }
843 end:
844         if (x == NULL)
845                 {
846                 BIO_printf(err,"unable to load certificate\n");
847                 ERR_print_errors(err);
848                 }
849         if (cert != NULL) BIO_free(cert);
850         return(x);
851         }
852
853 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
854         const char *pass, ENGINE *e, const char *key_descrip)
855         {
856         BIO *key=NULL;
857         EVP_PKEY *pkey=NULL;
858         PW_CB_DATA cb_data;
859
860         cb_data.password = pass;
861         cb_data.prompt_info = file;
862
863         if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
864                 {
865                 BIO_printf(err,"no keyfile specified\n");
866                 goto end;
867                 }
868 #ifndef OPENSSL_NO_ENGINE
869         if (format == FORMAT_ENGINE)
870                 {
871                 if (!e)
872                         BIO_printf(bio_err,"no engine specified\n");
873                 else
874                         pkey = ENGINE_load_private_key(e, file,
875                                 ui_method, &cb_data);
876                 goto end;
877                 }
878 #endif
879         key=BIO_new(BIO_s_file());
880         if (key == NULL)
881                 {
882                 ERR_print_errors(err);
883                 goto end;
884                 }
885         if (file == NULL && maybe_stdin)
886                 {
887 #ifdef _IONBF
888                 setvbuf(stdin, NULL, _IONBF, 0);
889 #endif
890                 BIO_set_fp(key,stdin,BIO_NOCLOSE);
891                 }
892         else
893                 if (BIO_read_filename(key,file) <= 0)
894                         {
895                         BIO_printf(err, "Error opening %s %s\n",
896                                 key_descrip, file);
897                         ERR_print_errors(err);
898                         goto end;
899                         }
900         if (format == FORMAT_ASN1)
901                 {
902                 pkey=d2i_PrivateKey_bio(key, NULL);
903                 }
904         else if (format == FORMAT_PEM)
905                 {
906                 pkey=PEM_read_bio_PrivateKey(key,NULL,
907                         (pem_password_cb *)password_callback, &cb_data);
908                 }
909 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
910         else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
911                 pkey = load_netscape_key(err, key, file, key_descrip, format);
912 #endif
913         else if (format == FORMAT_PKCS12)
914                 {
915                 if (!load_pkcs12(err, key, key_descrip,
916                                 (pem_password_cb *)password_callback, &cb_data,
917                                 &pkey, NULL, NULL))
918                         goto end;
919                 }
920         else if (format == FORMAT_MSBLOB)
921                 pkey = b2i_PrivateKey_bio(key);
922         else if (format == FORMAT_PVK)
923                 pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
924                                                                 &cb_data);
925         else
926                 {
927                 BIO_printf(err,"bad input format specified for key file\n");
928                 goto end;
929                 }
930  end:
931         if (key != NULL) BIO_free(key);
932         if (pkey == NULL)
933                 BIO_printf(err,"unable to load %s\n", key_descrip);
934         return(pkey);
935         }
936
937 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
938         const char *pass, ENGINE *e, const char *key_descrip)
939         {
940         BIO *key=NULL;
941         EVP_PKEY *pkey=NULL;
942         PW_CB_DATA cb_data;
943
944         cb_data.password = pass;
945         cb_data.prompt_info = file;
946
947         if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
948                 {
949                 BIO_printf(err,"no keyfile specified\n");
950                 goto end;
951                 }
952 #ifndef OPENSSL_NO_ENGINE
953         if (format == FORMAT_ENGINE)
954                 {
955                 if (!e)
956                         BIO_printf(bio_err,"no engine specified\n");
957                 else
958                         pkey = ENGINE_load_public_key(e, file,
959                                 ui_method, &cb_data);
960                 goto end;
961                 }
962 #endif
963         key=BIO_new(BIO_s_file());
964         if (key == NULL)
965                 {
966                 ERR_print_errors(err);
967                 goto end;
968                 }
969         if (file == NULL && maybe_stdin)
970                 {
971 #ifdef _IONBF
972                 setvbuf(stdin, NULL, _IONBF, 0);
973 #endif
974                 BIO_set_fp(key,stdin,BIO_NOCLOSE);
975                 }
976         else
977                 if (BIO_read_filename(key,file) <= 0)
978                         {
979                         BIO_printf(err, "Error opening %s %s\n",
980                                 key_descrip, file);
981                         ERR_print_errors(err);
982                         goto end;
983                 }
984         if (format == FORMAT_ASN1)
985                 {
986                 pkey=d2i_PUBKEY_bio(key, NULL);
987                 }
988         else if (format == FORMAT_ASN1RSA)
989                 {
990                 RSA *rsa;
991                 rsa = d2i_RSAPublicKey_bio(key, NULL);
992                 if (rsa)
993                         {
994                         pkey = EVP_PKEY_new();
995                         if (pkey)
996                                 EVP_PKEY_set1_RSA(pkey, rsa);
997                         RSA_free(rsa);
998                         }
999                 else
1000                         pkey = NULL;
1001                 }
1002         else if (format == FORMAT_PEMRSA)
1003                 {
1004                 RSA *rsa;
1005                 rsa = PEM_read_bio_RSAPublicKey(key, NULL, 
1006                         (pem_password_cb *)password_callback, &cb_data);
1007                 if (rsa)
1008                         {
1009                         pkey = EVP_PKEY_new();
1010                         if (pkey)
1011                                 EVP_PKEY_set1_RSA(pkey, rsa);
1012                         RSA_free(rsa);
1013                         }
1014                 else
1015                         pkey = NULL;
1016                 }
1017
1018         else if (format == FORMAT_PEM)
1019                 {
1020                 pkey=PEM_read_bio_PUBKEY(key,NULL,
1021                         (pem_password_cb *)password_callback, &cb_data);
1022                 }
1023 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1024         else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
1025                 pkey = load_netscape_key(err, key, file, key_descrip, format);
1026 #endif
1027         else if (format == FORMAT_MSBLOB)
1028                 pkey = b2i_PublicKey_bio(key);
1029         else
1030                 {
1031                 BIO_printf(err,"bad input format specified for key file\n");
1032                 goto end;
1033                 }
1034  end:
1035         if (key != NULL) BIO_free(key);
1036         if (pkey == NULL)
1037                 BIO_printf(err,"unable to load %s\n", key_descrip);
1038         return(pkey);
1039         }
1040
1041 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1042 static EVP_PKEY *
1043 load_netscape_key(BIO *err, BIO *key, const char *file,
1044                 const char *key_descrip, int format)
1045         {
1046         EVP_PKEY *pkey;
1047         BUF_MEM *buf;
1048         RSA     *rsa;
1049         const unsigned char *p;
1050         int size, i;
1051
1052         buf=BUF_MEM_new();
1053         pkey = EVP_PKEY_new();
1054         size = 0;
1055         if (buf == NULL || pkey == NULL)
1056                 goto error;
1057         for (;;)
1058                 {
1059                 if (!BUF_MEM_grow_clean(buf,size+1024*10))
1060                         goto error;
1061                 i = BIO_read(key, &(buf->data[size]), 1024*10);
1062                 size += i;
1063                 if (i == 0)
1064                         break;
1065                 if (i < 0)
1066                         {
1067                                 BIO_printf(err, "Error reading %s %s",
1068                                         key_descrip, file);
1069                                 goto error;
1070                         }
1071                 }
1072         p=(unsigned char *)buf->data;
1073         rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
1074                 (format == FORMAT_IISSGC ? 1 : 0));
1075         if (rsa == NULL)
1076                 goto error;
1077         BUF_MEM_free(buf);
1078         EVP_PKEY_set1_RSA(pkey, rsa);
1079         return pkey;
1080 error:
1081         BUF_MEM_free(buf);
1082         EVP_PKEY_free(pkey);
1083         return NULL;
1084         }
1085 #endif /* ndef OPENSSL_NO_RC4 */
1086
1087 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
1088         const char *pass, ENGINE *e, const char *cert_descrip)
1089         {
1090         BIO *certs;
1091         int i;
1092         STACK_OF(X509) *othercerts = NULL;
1093         STACK_OF(X509_INFO) *allcerts = NULL;
1094         X509_INFO *xi;
1095         PW_CB_DATA cb_data;
1096
1097         cb_data.password = pass;
1098         cb_data.prompt_info = file;
1099
1100         if((certs = BIO_new(BIO_s_file())) == NULL)
1101                 {
1102                 ERR_print_errors(err);
1103                 goto end;
1104                 }
1105
1106         if (file == NULL)
1107                 BIO_set_fp(certs,stdin,BIO_NOCLOSE);
1108         else
1109                 {
1110                 if (BIO_read_filename(certs,file) <= 0)
1111                         {
1112                         BIO_printf(err, "Error opening %s %s\n",
1113                                 cert_descrip, file);
1114                         ERR_print_errors(err);
1115                         goto end;
1116                         }
1117                 }
1118
1119         if      (format == FORMAT_PEM)
1120                 {
1121                 othercerts = sk_X509_new_null();
1122                 if(!othercerts)
1123                         {
1124                         sk_X509_free(othercerts);
1125                         othercerts = NULL;
1126                         goto end;
1127                         }
1128                 allcerts = PEM_X509_INFO_read_bio(certs, NULL,
1129                                 (pem_password_cb *)password_callback, &cb_data);
1130                 for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
1131                         {
1132                         xi = sk_X509_INFO_value (allcerts, i);
1133                         if (xi->x509)
1134                                 {
1135                                 sk_X509_push(othercerts, xi->x509);
1136                                 xi->x509 = NULL;
1137                                 }
1138                         }
1139                 goto end;
1140                 }
1141         else    {
1142                 BIO_printf(err,"bad input format specified for %s\n",
1143                         cert_descrip);
1144                 goto end;
1145                 }
1146 end:
1147         if (othercerts == NULL)
1148                 {
1149                 BIO_printf(err,"unable to load certificates\n");
1150                 ERR_print_errors(err);
1151                 }
1152         if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
1153         if (certs != NULL) BIO_free(certs);
1154         return(othercerts);
1155         }
1156
1157
1158 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
1159 /* Return error for unknown extensions */
1160 #define X509V3_EXT_DEFAULT              0
1161 /* Print error for unknown extensions */
1162 #define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
1163 /* ASN1 parse unknown extensions */
1164 #define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
1165 /* BIO_dump unknown extensions */
1166 #define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
1167
1168 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
1169                          X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
1170
1171 int set_cert_ex(unsigned long *flags, const char *arg)
1172 {
1173         static const NAME_EX_TBL cert_tbl[] = {
1174                 { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
1175                 { "ca_default", X509_FLAG_CA, 0xffffffffl},
1176                 { "no_header", X509_FLAG_NO_HEADER, 0},
1177                 { "no_version", X509_FLAG_NO_VERSION, 0},
1178                 { "no_serial", X509_FLAG_NO_SERIAL, 0},
1179                 { "no_signame", X509_FLAG_NO_SIGNAME, 0},
1180                 { "no_validity", X509_FLAG_NO_VALIDITY, 0},
1181                 { "no_subject", X509_FLAG_NO_SUBJECT, 0},
1182                 { "no_issuer", X509_FLAG_NO_ISSUER, 0},
1183                 { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1184                 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1185                 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1186                 { "no_aux", X509_FLAG_NO_AUX, 0},
1187                 { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1188                 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1189                 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1190                 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1191                 { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1192                 { NULL, 0, 0}
1193         };
1194         return set_multi_opts(flags, arg, cert_tbl);
1195 }
1196
1197 int set_name_ex(unsigned long *flags, const char *arg)
1198 {
1199         static const NAME_EX_TBL ex_tbl[] = {
1200                 { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1201                 { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1202                 { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1203                 { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1204                 { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1205                 { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1206                 { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1207                 { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1208                 { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1209                 { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1210                 { "compat", XN_FLAG_COMPAT, 0xffffffffL},
1211                 { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1212                 { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1213                 { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1214                 { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1215                 { "dn_rev", XN_FLAG_DN_REV, 0},
1216                 { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1217                 { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1218                 { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1219                 { "align", XN_FLAG_FN_ALIGN, 0},
1220                 { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1221                 { "space_eq", XN_FLAG_SPC_EQ, 0},
1222                 { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1223                 { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1224                 { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
1225                 { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1226                 { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1227                 { NULL, 0, 0}
1228         };
1229         return set_multi_opts(flags, arg, ex_tbl);
1230 }
1231
1232 int set_ext_copy(int *copy_type, const char *arg)
1233 {
1234         if (!strcasecmp(arg, "none"))
1235                 *copy_type = EXT_COPY_NONE;
1236         else if (!strcasecmp(arg, "copy"))
1237                 *copy_type = EXT_COPY_ADD;
1238         else if (!strcasecmp(arg, "copyall"))
1239                 *copy_type = EXT_COPY_ALL;
1240         else
1241                 return 0;
1242         return 1;
1243 }
1244
1245 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1246 {
1247         STACK_OF(X509_EXTENSION) *exts = NULL;
1248         X509_EXTENSION *ext, *tmpext;
1249         ASN1_OBJECT *obj;
1250         int i, idx, ret = 0;
1251         if (!x || !req || (copy_type == EXT_COPY_NONE))
1252                 return 1;
1253         exts = X509_REQ_get_extensions(req);
1254
1255         for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1256                 ext = sk_X509_EXTENSION_value(exts, i);
1257                 obj = X509_EXTENSION_get_object(ext);
1258                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1259                 /* Does extension exist? */
1260                 if (idx != -1) {
1261                         /* If normal copy don't override existing extension */
1262                         if (copy_type == EXT_COPY_ADD)
1263                                 continue;
1264                         /* Delete all extensions of same type */
1265                         do {
1266                                 tmpext = X509_get_ext(x, idx);
1267                                 X509_delete_ext(x, idx);
1268                                 X509_EXTENSION_free(tmpext);
1269                                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1270                         } while (idx != -1);
1271                 }
1272                 if (!X509_add_ext(x, ext, -1))
1273                         goto end;
1274         }
1275
1276         ret = 1;
1277
1278         end:
1279
1280         sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1281
1282         return ret;
1283 }
1284                 
1285                 
1286                         
1287
1288 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1289 {
1290         STACK_OF(CONF_VALUE) *vals;
1291         CONF_VALUE *val;
1292         int i, ret = 1;
1293         if(!arg) return 0;
1294         vals = X509V3_parse_list(arg);
1295         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1296                 val = sk_CONF_VALUE_value(vals, i);
1297                 if (!set_table_opts(flags, val->name, in_tbl))
1298                         ret = 0;
1299         }
1300         sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1301         return ret;
1302 }
1303
1304 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1305 {
1306         char c;
1307         const NAME_EX_TBL *ptbl;
1308         c = arg[0];
1309
1310         if(c == '-') {
1311                 c = 0;
1312                 arg++;
1313         } else if (c == '+') {
1314                 c = 1;
1315                 arg++;
1316         } else c = 1;
1317
1318         for(ptbl = in_tbl; ptbl->name; ptbl++) {
1319                 if(!strcasecmp(arg, ptbl->name)) {
1320                         *flags &= ~ptbl->mask;
1321                         if(c) *flags |= ptbl->flag;
1322                         else *flags &= ~ptbl->flag;
1323                         return 1;
1324                 }
1325         }
1326         return 0;
1327 }
1328
1329 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
1330 {
1331         char *buf;
1332         char mline = 0;
1333         int indent = 0;
1334
1335         if(title) BIO_puts(out, title);
1336         if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1337                 mline = 1;
1338                 indent = 4;
1339         }
1340         if(lflags == XN_FLAG_COMPAT) {
1341                 buf = X509_NAME_oneline(nm, 0, 0);
1342                 BIO_puts(out, buf);
1343                 BIO_puts(out, "\n");
1344                 OPENSSL_free(buf);
1345         } else {
1346                 if(mline) BIO_puts(out, "\n");
1347                 X509_NAME_print_ex(out, nm, indent, lflags);
1348                 BIO_puts(out, "\n");
1349         }
1350 }
1351
1352 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
1353 {
1354         X509_STORE *store;
1355         X509_LOOKUP *lookup;
1356         if(!(store = X509_STORE_new())) goto end;
1357         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
1358         if (lookup == NULL) goto end;
1359         if (CAfile) {
1360                 if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
1361                         BIO_printf(bp, "Error loading file %s\n", CAfile);
1362                         goto end;
1363                 }
1364         } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
1365                 
1366         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
1367         if (lookup == NULL) goto end;
1368         if (CApath) {
1369                 if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
1370                         BIO_printf(bp, "Error loading directory %s\n", CApath);
1371                         goto end;
1372                 }
1373         } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
1374
1375         ERR_clear_error();
1376         return store;
1377         end:
1378         X509_STORE_free(store);
1379         return NULL;
1380 }
1381
1382 #ifndef OPENSSL_NO_ENGINE
1383 /* Try to load an engine in a shareable library */
1384 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
1385         {
1386         ENGINE *e = ENGINE_by_id("dynamic");
1387         if (e)
1388                 {
1389                 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
1390                         || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
1391                         {
1392                         ENGINE_free(e);
1393                         e = NULL;
1394                         }
1395                 }
1396         return e;
1397         }
1398
1399 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
1400         {
1401         ENGINE *e = NULL;
1402
1403         if (engine)
1404                 {
1405                 if(strcmp(engine, "auto") == 0)
1406                         {
1407                         BIO_printf(err,"enabling auto ENGINE support\n");
1408                         ENGINE_register_all_complete();
1409                         return NULL;
1410                         }
1411                 if((e = ENGINE_by_id(engine)) == NULL
1412                         && (e = try_load_engine(err, engine, debug)) == NULL)
1413                         {
1414                         BIO_printf(err,"invalid engine \"%s\"\n", engine);
1415                         ERR_print_errors(err);
1416                         return NULL;
1417                         }
1418                 if (debug)
1419                         {
1420                         ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1421                                 0, err, 0);
1422                         }
1423                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1424                 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
1425                         {
1426                         BIO_printf(err,"can't use that engine\n");
1427                         ERR_print_errors(err);
1428                         ENGINE_free(e);
1429                         return NULL;
1430                         }
1431
1432                 BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
1433
1434                 /* Free our "structural" reference. */
1435                 ENGINE_free(e);
1436                 }
1437         return e;
1438         }
1439 #endif
1440
1441 int load_config(BIO *err, CONF *cnf)
1442         {
1443         static int load_config_called = 0;
1444         if (load_config_called)
1445                 return 1;
1446         load_config_called = 1;
1447         if (!cnf)
1448                 cnf = config;
1449         if (!cnf)
1450                 return 1;
1451
1452         OPENSSL_load_builtin_modules();
1453
1454         if (CONF_modules_load(cnf, NULL, 0) <= 0)
1455                 {
1456                 BIO_printf(err, "Error configuring OpenSSL\n");
1457                 ERR_print_errors(err);
1458                 return 0;
1459                 }
1460         return 1;
1461         }
1462
1463 char *make_config_name()
1464         {
1465         const char *t=X509_get_default_cert_area();
1466         size_t len;
1467         char *p;
1468
1469         len=strlen(t)+strlen(OPENSSL_CONF)+2;
1470         p=OPENSSL_malloc(len);
1471         BUF_strlcpy(p,t,len);
1472 #ifndef OPENSSL_SYS_VMS
1473         BUF_strlcat(p,"/",len);
1474 #endif
1475         BUF_strlcat(p,OPENSSL_CONF,len);
1476
1477         return p;
1478         }
1479
1480 static unsigned long index_serial_hash(const CSTRING *a)
1481         {
1482         const char *n;
1483
1484         n=a[DB_serial];
1485         while (*n == '0') n++;
1486         return(lh_strhash(n));
1487         }
1488
1489 static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
1490         {
1491         const char *aa,*bb;
1492
1493         for (aa=a[DB_serial]; *aa == '0'; aa++);
1494         for (bb=b[DB_serial]; *bb == '0'; bb++);
1495         return(strcmp(aa,bb));
1496         }
1497
1498 static int index_name_qual(char **a)
1499         { return(a[0][0] == 'V'); }
1500
1501 static unsigned long index_name_hash(const CSTRING *a)
1502         { return(lh_strhash(a[DB_name])); }
1503
1504 int index_name_cmp(const CSTRING *a, const CSTRING *b)
1505         { return(strcmp(a[DB_name], b[DB_name])); }
1506
1507 static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING)
1508 static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING)
1509 static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING)
1510 static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING)
1511
1512 #undef BSIZE
1513 #define BSIZE 256
1514
1515 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1516         {
1517         BIO *in=NULL;
1518         BIGNUM *ret=NULL;
1519         MS_STATIC char buf[1024];
1520         ASN1_INTEGER *ai=NULL;
1521
1522         ai=ASN1_INTEGER_new();
1523         if (ai == NULL) goto err;
1524
1525         if ((in=BIO_new(BIO_s_file())) == NULL)
1526                 {
1527                 ERR_print_errors(bio_err);
1528                 goto err;
1529                 }
1530
1531         if (BIO_read_filename(in,serialfile) <= 0)
1532                 {
1533                 if (!create)
1534                         {
1535                         perror(serialfile);
1536                         goto err;
1537                         }
1538                 else
1539                         {
1540                         ret=BN_new();
1541                         if (ret == NULL || !rand_serial(ret, ai))
1542                                 BIO_printf(bio_err, "Out of memory\n");
1543                         }
1544                 }
1545         else
1546                 {
1547                 if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1548                         {
1549                         BIO_printf(bio_err,"unable to load number from %s\n",
1550                                 serialfile);
1551                         goto err;
1552                         }
1553                 ret=ASN1_INTEGER_to_BN(ai,NULL);
1554                 if (ret == NULL)
1555                         {
1556                         BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1557                         goto err;
1558                         }
1559                 }
1560
1561         if (ret && retai)
1562                 {
1563                 *retai = ai;
1564                 ai = NULL;
1565                 }
1566  err:
1567         if (in != NULL) BIO_free(in);
1568         if (ai != NULL) ASN1_INTEGER_free(ai);
1569         return(ret);
1570         }
1571
1572 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1573         {
1574         char buf[1][BSIZE];
1575         BIO *out = NULL;
1576         int ret=0;
1577         ASN1_INTEGER *ai=NULL;
1578         int j;
1579
1580         if (suffix == NULL)
1581                 j = strlen(serialfile);
1582         else
1583                 j = strlen(serialfile) + strlen(suffix) + 1;
1584         if (j >= BSIZE)
1585                 {
1586                 BIO_printf(bio_err,"file name too long\n");
1587                 goto err;
1588                 }
1589
1590         if (suffix == NULL)
1591                 BUF_strlcpy(buf[0], serialfile, BSIZE);
1592         else
1593                 {
1594 #ifndef OPENSSL_SYS_VMS
1595                 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1596 #else
1597                 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1598 #endif
1599                 }
1600 #ifdef RL_DEBUG
1601         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1602 #endif
1603         out=BIO_new(BIO_s_file());
1604         if (out == NULL)
1605                 {
1606                 ERR_print_errors(bio_err);
1607                 goto err;
1608                 }
1609         if (BIO_write_filename(out,buf[0]) <= 0)
1610                 {
1611                 perror(serialfile);
1612                 goto err;
1613                 }
1614
1615         if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1616                 {
1617                 BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1618                 goto err;
1619                 }
1620         i2a_ASN1_INTEGER(out,ai);
1621         BIO_puts(out,"\n");
1622         ret=1;
1623         if (retai)
1624                 {
1625                 *retai = ai;
1626                 ai = NULL;
1627                 }
1628 err:
1629         if (out != NULL) BIO_free_all(out);
1630         if (ai != NULL) ASN1_INTEGER_free(ai);
1631         return(ret);
1632         }
1633
1634 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1635         {
1636         char buf[5][BSIZE];
1637         int i,j;
1638
1639         i = strlen(serialfile) + strlen(old_suffix);
1640         j = strlen(serialfile) + strlen(new_suffix);
1641         if (i > j) j = i;
1642         if (j + 1 >= BSIZE)
1643                 {
1644                 BIO_printf(bio_err,"file name too long\n");
1645                 goto err;
1646                 }
1647
1648 #ifndef OPENSSL_SYS_VMS
1649         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1650                 serialfile, new_suffix);
1651 #else
1652         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1653                 serialfile, new_suffix);
1654 #endif
1655 #ifndef OPENSSL_SYS_VMS
1656         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1657                 serialfile, old_suffix);
1658 #else
1659         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1660                 serialfile, old_suffix);
1661 #endif
1662 #ifdef RL_DEBUG
1663         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1664                 serialfile, buf[1]);
1665 #endif
1666         if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1667 #ifdef ENOTDIR
1668                         && errno != ENOTDIR
1669 #endif
1670            )            {
1671                         BIO_printf(bio_err,
1672                                 "unable to rename %s to %s\n",
1673                                 serialfile, buf[1]);
1674                         perror("reason");
1675                         goto err;
1676                         }
1677 #ifdef RL_DEBUG
1678         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1679                 buf[0],serialfile);
1680 #endif
1681         if (rename(buf[0],serialfile) < 0)
1682                 {
1683                 BIO_printf(bio_err,
1684                         "unable to rename %s to %s\n",
1685                         buf[0],serialfile);
1686                 perror("reason");
1687                 rename(buf[1],serialfile);
1688                 goto err;
1689                 }
1690         return 1;
1691  err:
1692         return 0;
1693         }
1694
1695 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1696         {
1697         BIGNUM *btmp;
1698         int ret = 0;
1699         if (b)
1700                 btmp = b;
1701         else
1702                 btmp = BN_new();
1703
1704         if (!btmp)
1705                 return 0;
1706
1707         if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1708                 goto error;
1709         if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1710                 goto error;
1711
1712         ret = 1;
1713         
1714         error:
1715
1716         if (!b)
1717                 BN_free(btmp);
1718         
1719         return ret;
1720         }
1721
1722 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
1723         {
1724         CA_DB *retdb = NULL;
1725         TXT_DB *tmpdb = NULL;
1726         BIO *in = BIO_new(BIO_s_file());
1727         CONF *dbattr_conf = NULL;
1728         char buf[1][BSIZE];
1729         long errorline= -1;
1730
1731         if (in == NULL)
1732                 {
1733                 ERR_print_errors(bio_err);
1734                 goto err;
1735                 }
1736         if (BIO_read_filename(in,dbfile) <= 0)
1737                 {
1738                 perror(dbfile);
1739                 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1740                 goto err;
1741                 }
1742         if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1743                 goto err;
1744
1745 #ifndef OPENSSL_SYS_VMS
1746         BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1747 #else
1748         BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1749 #endif
1750         dbattr_conf = NCONF_new(NULL);
1751         if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1752                 {
1753                 if (errorline > 0)
1754                         {
1755                         BIO_printf(bio_err,
1756                                 "error on line %ld of db attribute file '%s'\n"
1757                                 ,errorline,buf[0]);
1758                         goto err;
1759                         }
1760                 else
1761                         {
1762                         NCONF_free(dbattr_conf);
1763                         dbattr_conf = NULL;
1764                         }
1765                 }
1766
1767         if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
1768                 {
1769                 fprintf(stderr, "Out of memory\n");
1770                 goto err;
1771                 }
1772
1773         retdb->db = tmpdb;
1774         tmpdb = NULL;
1775         if (db_attr)
1776                 retdb->attributes = *db_attr;
1777         else
1778                 {
1779                 retdb->attributes.unique_subject = 1;
1780                 }
1781
1782         if (dbattr_conf)
1783                 {
1784                 char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
1785                 if (p)
1786                         {
1787 #ifdef RL_DEBUG
1788                         BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1789 #endif
1790                         retdb->attributes.unique_subject = parse_yesno(p,1);
1791                         }
1792                 }
1793
1794  err:
1795         if (dbattr_conf) NCONF_free(dbattr_conf);
1796         if (tmpdb) TXT_DB_free(tmpdb);
1797         if (in) BIO_free_all(in);
1798         return retdb;
1799         }
1800
1801 int index_index(CA_DB *db)
1802         {
1803         if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1804                                 LHASH_HASH_FN(index_serial),
1805                                 LHASH_COMP_FN(index_serial)))
1806                 {
1807                 BIO_printf(bio_err,
1808                   "error creating serial number index:(%ld,%ld,%ld)\n",
1809                                         db->db->error,db->db->arg1,db->db->arg2);
1810                         return 0;
1811                 }
1812
1813         if (db->attributes.unique_subject
1814                 && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1815                         LHASH_HASH_FN(index_name),
1816                         LHASH_COMP_FN(index_name)))
1817                 {
1818                 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
1819                         db->db->error,db->db->arg1,db->db->arg2);
1820                 return 0;
1821                 }
1822         return 1;
1823         }
1824
1825 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
1826         {
1827         char buf[3][BSIZE];
1828         BIO *out = BIO_new(BIO_s_file());
1829         int j;
1830
1831         if (out == NULL)
1832                 {
1833                 ERR_print_errors(bio_err);
1834                 goto err;
1835                 }
1836
1837         j = strlen(dbfile) + strlen(suffix);
1838         if (j + 6 >= BSIZE)
1839                 {
1840                 BIO_printf(bio_err,"file name too long\n");
1841                 goto err;
1842                 }
1843
1844 #ifndef OPENSSL_SYS_VMS
1845         j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1846 #else
1847         j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1848 #endif
1849 #ifndef OPENSSL_SYS_VMS
1850         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1851 #else
1852         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1853 #endif
1854 #ifndef OPENSSL_SYS_VMS
1855         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1856 #else
1857         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1858 #endif
1859 #ifdef RL_DEBUG
1860         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1861 #endif
1862         if (BIO_write_filename(out,buf[0]) <= 0)
1863                 {
1864                 perror(dbfile);
1865                 BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
1866                 goto err;
1867                 }
1868         j=TXT_DB_write(out,db->db);
1869         if (j <= 0) goto err;
1870                         
1871         BIO_free(out);
1872
1873         out = BIO_new(BIO_s_file());
1874 #ifdef RL_DEBUG
1875         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
1876 #endif
1877         if (BIO_write_filename(out,buf[1]) <= 0)
1878                 {
1879                 perror(buf[2]);
1880                 BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
1881                 goto err;
1882                 }
1883         BIO_printf(out,"unique_subject = %s\n",
1884                 db->attributes.unique_subject ? "yes" : "no");
1885         BIO_free(out);
1886
1887         return 1;
1888  err:
1889         return 0;
1890         }
1891
1892 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
1893         {
1894         char buf[5][BSIZE];
1895         int i,j;
1896
1897         i = strlen(dbfile) + strlen(old_suffix);
1898         j = strlen(dbfile) + strlen(new_suffix);
1899         if (i > j) j = i;
1900         if (j + 6 >= BSIZE)
1901                 {
1902                 BIO_printf(bio_err,"file name too long\n");
1903                 goto err;
1904                 }
1905
1906 #ifndef OPENSSL_SYS_VMS
1907         j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
1908 #else
1909         j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
1910 #endif
1911 #ifndef OPENSSL_SYS_VMS
1912         j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
1913                 dbfile, new_suffix);
1914 #else
1915         j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
1916                 dbfile, new_suffix);
1917 #endif
1918 #ifndef OPENSSL_SYS_VMS
1919         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1920                 dbfile, new_suffix);
1921 #else
1922         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1923                 dbfile, new_suffix);
1924 #endif
1925 #ifndef OPENSSL_SYS_VMS
1926         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1927                 dbfile, old_suffix);
1928 #else
1929         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1930                 dbfile, old_suffix);
1931 #endif
1932 #ifndef OPENSSL_SYS_VMS
1933         j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
1934                 dbfile, old_suffix);
1935 #else
1936         j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
1937                 dbfile, old_suffix);
1938 #endif
1939 #ifdef RL_DEBUG
1940         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1941                 dbfile, buf[1]);
1942 #endif
1943         if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
1944 #ifdef ENOTDIR
1945                 && errno != ENOTDIR
1946 #endif
1947            )            {
1948                         BIO_printf(bio_err,
1949                                 "unable to rename %s to %s\n",
1950                                 dbfile, buf[1]);
1951                         perror("reason");
1952                         goto err;
1953                         }
1954 #ifdef RL_DEBUG
1955         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1956                 buf[0],dbfile);
1957 #endif
1958         if (rename(buf[0],dbfile) < 0)
1959                 {
1960                 BIO_printf(bio_err,
1961                         "unable to rename %s to %s\n",
1962                         buf[0],dbfile);
1963                 perror("reason");
1964                 rename(buf[1],dbfile);
1965                 goto err;
1966                 }
1967 #ifdef RL_DEBUG
1968         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1969                 buf[4],buf[3]);
1970 #endif
1971         if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
1972 #ifdef ENOTDIR
1973                 && errno != ENOTDIR
1974 #endif
1975            )            {
1976                         BIO_printf(bio_err,
1977                                 "unable to rename %s to %s\n",
1978                                 buf[4], buf[3]);
1979                         perror("reason");
1980                         rename(dbfile,buf[0]);
1981                         rename(buf[1],dbfile);
1982                         goto err;
1983                         }
1984 #ifdef RL_DEBUG
1985         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1986                 buf[2],buf[4]);
1987 #endif
1988         if (rename(buf[2],buf[4]) < 0)
1989                 {
1990                 BIO_printf(bio_err,
1991                         "unable to rename %s to %s\n",
1992                         buf[2],buf[4]);
1993                 perror("reason");
1994                 rename(buf[3],buf[4]);
1995                 rename(dbfile,buf[0]);
1996                 rename(buf[1],dbfile);
1997                 goto err;
1998                 }
1999         return 1;
2000  err:
2001         return 0;
2002         }
2003
2004 void free_index(CA_DB *db)
2005         {
2006         if (db)
2007                 {
2008                 if (db->db) TXT_DB_free(db->db);
2009                 OPENSSL_free(db);
2010                 }
2011         }
2012
2013 int parse_yesno(const char *str, int def)
2014         {
2015         int ret = def;
2016         if (str)
2017                 {
2018                 switch (*str)
2019                         {
2020                 case 'f': /* false */
2021                 case 'F': /* FALSE */
2022                 case 'n': /* no */
2023                 case 'N': /* NO */
2024                 case '0': /* 0 */
2025                         ret = 0;
2026                         break;
2027                 case 't': /* true */
2028                 case 'T': /* TRUE */
2029                 case 'y': /* yes */
2030                 case 'Y': /* YES */
2031                 case '1': /* 1 */
2032                         ret = 1;
2033                         break;
2034                 default:
2035                         ret = def;
2036                         break;
2037                         }
2038                 }
2039         return ret;
2040         }
2041
2042 /*
2043  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
2044  * where characters may be escaped by \
2045  */
2046 X509_NAME *parse_name(char *subject, long chtype, int multirdn)
2047         {
2048         size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
2049         char *buf = OPENSSL_malloc(buflen);
2050         size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
2051         char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
2052         char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
2053         int *mval = OPENSSL_malloc (max_ne * sizeof (int));
2054
2055         char *sp = subject, *bp = buf;
2056         int i, ne_num = 0;
2057
2058         X509_NAME *n = NULL;
2059         int nid;
2060
2061         if (!buf || !ne_types || !ne_values)
2062                 {
2063                 BIO_printf(bio_err, "malloc error\n");
2064                 goto error;
2065                 }       
2066
2067         if (*subject != '/')
2068                 {
2069                 BIO_printf(bio_err, "Subject does not start with '/'.\n");
2070                 goto error;
2071                 }
2072         sp++; /* skip leading / */
2073
2074         /* no multivalued RDN by default */
2075         mval[ne_num] = 0;
2076
2077         while (*sp)
2078                 {
2079                 /* collect type */
2080                 ne_types[ne_num] = bp;
2081                 while (*sp)
2082                         {
2083                         if (*sp == '\\') /* is there anything to escape in the type...? */
2084                                 {
2085                                 if (*++sp)
2086                                         *bp++ = *sp++;
2087                                 else    
2088                                         {
2089                                         BIO_printf(bio_err, "escape character at end of string\n");
2090                                         goto error;
2091                                         }
2092                                 }       
2093                         else if (*sp == '=')
2094                                 {
2095                                 sp++;
2096                                 *bp++ = '\0';
2097                                 break;
2098                                 }
2099                         else
2100                                 *bp++ = *sp++;
2101                         }
2102                 if (!*sp)
2103                         {
2104                         BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
2105                         goto error;
2106                         }
2107                 ne_values[ne_num] = bp;
2108                 while (*sp)
2109                         {
2110                         if (*sp == '\\')
2111                                 {
2112                                 if (*++sp)
2113                                         *bp++ = *sp++;
2114                                 else
2115                                         {
2116                                         BIO_printf(bio_err, "escape character at end of string\n");
2117                                         goto error;
2118                                         }
2119                                 }
2120                         else if (*sp == '/')
2121                                 {
2122                                 sp++;
2123                                 /* no multivalued RDN by default */
2124                                 mval[ne_num+1] = 0;
2125                                 break;
2126                                 }
2127                         else if (*sp == '+' && multirdn)
2128                                 {
2129                                 /* a not escaped + signals a mutlivalued RDN */
2130                                 sp++;
2131                                 mval[ne_num+1] = -1;
2132                                 break;
2133                                 }
2134                         else
2135                                 *bp++ = *sp++;
2136                         }
2137                 *bp++ = '\0';
2138                 ne_num++;
2139                 }       
2140
2141         if (!(n = X509_NAME_new()))
2142                 goto error;
2143
2144         for (i = 0; i < ne_num; i++)
2145                 {
2146                 if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
2147                         {
2148                         BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
2149                         continue;
2150                         }
2151
2152                 if (!*ne_values[i])
2153                         {
2154                         BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
2155                         continue;
2156                         }
2157
2158                 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
2159                         goto error;
2160                 }
2161
2162         OPENSSL_free(ne_values);
2163         OPENSSL_free(ne_types);
2164         OPENSSL_free(buf);
2165         return n;
2166
2167 error:
2168         X509_NAME_free(n);
2169         if (ne_values)
2170                 OPENSSL_free(ne_values);
2171         if (ne_types)
2172                 OPENSSL_free(ne_types);
2173         if (buf)
2174                 OPENSSL_free(buf);
2175         return NULL;
2176 }
2177
2178 int args_verify(char ***pargs, int *pargc,
2179                         int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2180         {
2181         ASN1_OBJECT *otmp = NULL;
2182         unsigned long flags = 0;
2183         int i;
2184         int purpose = 0;
2185         char **oldargs = *pargs;
2186         char *arg = **pargs, *argn = (*pargs)[1];
2187         if (!strcmp(arg, "-policy"))
2188                 {
2189                 if (!argn)
2190                         *badarg = 1;
2191                 else
2192                         {
2193                         otmp = OBJ_txt2obj(argn, 0);
2194                         if (!otmp)
2195                                 {
2196                                 BIO_printf(err, "Invalid Policy \"%s\"\n",
2197                                                                         argn);
2198                                 *badarg = 1;
2199                                 }
2200                         }
2201                 (*pargs)++;
2202                 }
2203         else if (strcmp(arg,"-purpose") == 0)
2204                 {
2205                 X509_PURPOSE *xptmp;
2206                 if (!argn)
2207                         *badarg = 1;
2208                 else
2209                         {
2210                         i = X509_PURPOSE_get_by_sname(argn);
2211                         if(i < 0)
2212                                 {
2213                                 BIO_printf(err, "unrecognized purpose\n");
2214                                 *badarg = 1;
2215                                 }
2216                         else
2217                                 {
2218                                 xptmp = X509_PURPOSE_get0(i);
2219                                 purpose = X509_PURPOSE_get_id(xptmp);
2220                                 }
2221                         }
2222                 (*pargs)++;
2223                 }
2224         else if (!strcmp(arg, "-ignore_critical"))
2225                 flags |= X509_V_FLAG_IGNORE_CRITICAL;
2226         else if (!strcmp(arg, "-issuer_checks"))
2227                 flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2228         else if (!strcmp(arg, "-crl_check"))
2229                 flags |=  X509_V_FLAG_CRL_CHECK;
2230         else if (!strcmp(arg, "-crl_check_all"))
2231                 flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
2232         else if (!strcmp(arg, "-policy_check"))
2233                 flags |= X509_V_FLAG_POLICY_CHECK;
2234         else if (!strcmp(arg, "-explicit_policy"))
2235                 flags |= X509_V_FLAG_EXPLICIT_POLICY;
2236         else if (!strcmp(arg, "-x509_strict"))
2237                 flags |= X509_V_FLAG_X509_STRICT;
2238         else if (!strcmp(arg, "-policy_print"))
2239                 flags |= X509_V_FLAG_NOTIFY_POLICY;
2240         else
2241                 return 0;
2242
2243         if (*badarg)
2244                 {
2245                 if (*pm)
2246                         X509_VERIFY_PARAM_free(*pm);
2247                 *pm = NULL;
2248                 goto end;
2249                 }
2250
2251         if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
2252                 {
2253                 *badarg = 1;
2254                 goto end;
2255                 }
2256
2257         if (otmp)
2258                 X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2259         if (flags)
2260                 X509_VERIFY_PARAM_set_flags(*pm, flags);
2261
2262         if (purpose)
2263                 X509_VERIFY_PARAM_set_purpose(*pm, purpose);
2264
2265         end:
2266
2267         (*pargs)++;
2268
2269         if (pargc)
2270                 *pargc -= *pargs - oldargs;
2271
2272         return 1;
2273
2274         }
2275
2276 /* Read whole contents of a BIO into an allocated memory buffer and
2277  * return it.
2278  */
2279
2280 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2281         {
2282         BIO *mem;
2283         int len, ret;
2284         unsigned char tbuf[1024];
2285         mem = BIO_new(BIO_s_mem());
2286         if (!mem)
2287                 return -1;
2288         for(;;)
2289                 {
2290                 if ((maxlen != -1) && maxlen < 1024)
2291                         len = maxlen;
2292                 else
2293                         len = 1024;
2294                 len = BIO_read(in, tbuf, len);
2295                 if (len <= 0)
2296                         break;
2297                 if (BIO_write(mem, tbuf, len) != len)
2298                         {
2299                         BIO_free(mem);
2300                         return -1;
2301                         }
2302                 maxlen -= len;
2303
2304                 if (maxlen == 0)
2305                         break;
2306                 }
2307         ret = BIO_get_mem_data(mem, (char **)out);
2308         BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2309         BIO_free(mem);
2310         return ret;
2311         }
2312
2313 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2314         {
2315         int rv;
2316         char *stmp, *vtmp = NULL;
2317         stmp = BUF_strdup(value);
2318         if (!stmp)
2319                 return -1;
2320         vtmp = strchr(stmp, ':');
2321         if (vtmp)
2322                 {
2323                 *vtmp = 0;
2324                 vtmp++;
2325                 }
2326         rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2327         OPENSSL_free(stmp);
2328         return rv;
2329         }
2330
2331 static void nodes_print(BIO *out, const char *name,
2332         STACK_OF(X509_POLICY_NODE) *nodes)
2333         {
2334         X509_POLICY_NODE *node;
2335         int i;
2336         BIO_printf(out, "%s Policies:", name);
2337         if (nodes)
2338                 {
2339                 BIO_puts(out, "\n");
2340                 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
2341                         {
2342                         node = sk_X509_POLICY_NODE_value(nodes, i);
2343                         X509_POLICY_NODE_print(out, node, 2);
2344                         }
2345                 }
2346         else
2347                 BIO_puts(out, " <empty>\n");
2348         }
2349
2350 void policies_print(BIO *out, X509_STORE_CTX *ctx)
2351         {
2352         X509_POLICY_TREE *tree;
2353         int explicit_policy;
2354         int free_out = 0;
2355         if (out == NULL)
2356                 {
2357                 out = BIO_new_fp(stderr, BIO_NOCLOSE);
2358                 free_out = 1;
2359                 }
2360         tree = X509_STORE_CTX_get0_policy_tree(ctx);
2361         explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
2362
2363         BIO_printf(out, "Require explicit Policy: %s\n",
2364                                 explicit_policy ? "True" : "False");
2365
2366         nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
2367         nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
2368         if (free_out)
2369                 BIO_free(out);
2370         }
2371
2372 /*
2373  * Platform-specific sections
2374  */
2375 #if defined(_WIN32)
2376 # ifdef fileno
2377 #  undef fileno
2378 #  define fileno(a) (int)_fileno(a)
2379 # endif
2380
2381 # include <windows.h>
2382 # include <tchar.h>
2383
2384 static int WIN32_rename(const char *from, const char *to)
2385         {
2386         TCHAR  *tfrom=NULL,*tto;
2387         DWORD   err;
2388         int     ret=0;
2389
2390         if (sizeof(TCHAR) == 1)
2391                 {
2392                 tfrom = (TCHAR *)from;
2393                 tto   = (TCHAR *)to;
2394                 }
2395         else    /* UNICODE path */
2396                 {
2397                 size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
2398                 tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
2399                 if (tfrom==NULL) goto err;
2400                 tto=tfrom+flen;
2401 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2402                 if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
2403 #endif
2404                         for (i=0;i<flen;i++)    tfrom[i]=(TCHAR)from[i];
2405 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2406                 if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
2407 #endif
2408                         for (i=0;i<tlen;i++)    tto[i]  =(TCHAR)to[i];
2409                 }
2410
2411         if (MoveFile(tfrom,tto))        goto ok;
2412         err=GetLastError();
2413         if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
2414                 {
2415                 if (DeleteFile(tto) && MoveFile(tfrom,tto))
2416                         goto ok;
2417                 err=GetLastError();
2418                 }
2419         if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
2420                 errno = ENOENT;
2421         else if (err==ERROR_ACCESS_DENIED)
2422                 errno = EACCES;
2423         else
2424                 errno = EINVAL; /* we could map more codes... */
2425 err:
2426         ret=-1;
2427 ok:
2428         if (tfrom!=NULL && tfrom!=(TCHAR *)from)        free(tfrom);
2429         return ret;
2430         }
2431 #endif
2432
2433 /* app_tminterval section */
2434 #if defined(_WIN32)
2435 double app_tminterval(int stop,int usertime)
2436         {
2437         FILETIME                now;
2438         double                  ret=0;
2439         static ULARGE_INTEGER   tmstart;
2440         static int              warning=1;
2441 #ifdef _WIN32_WINNT
2442         static HANDLE           proc=NULL;
2443
2444         if (proc==NULL)
2445                 {
2446                 if (GetVersion() < 0x80000000)
2447                         proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
2448                                                 GetCurrentProcessId());
2449                 if (proc==NULL) proc = (HANDLE)-1;
2450                 }
2451
2452         if (usertime && proc!=(HANDLE)-1)
2453                 {
2454                 FILETIME junk;
2455                 GetProcessTimes(proc,&junk,&junk,&junk,&now);
2456                 }
2457         else
2458 #endif
2459                 {
2460                 SYSTEMTIME systime;
2461
2462                 if (usertime && warning)
2463                         {
2464                         BIO_printf(bio_err,"To get meaningful results, run "
2465                                            "this program on idle system.\n");
2466                         warning=0;
2467                         }
2468                 GetSystemTime(&systime);
2469                 SystemTimeToFileTime(&systime,&now);
2470                 }
2471
2472         if (stop==TM_START)
2473                 {
2474                 tmstart.u.LowPart  = now.dwLowDateTime;
2475                 tmstart.u.HighPart = now.dwHighDateTime;
2476                 }
2477         else    {
2478                 ULARGE_INTEGER tmstop;
2479
2480                 tmstop.u.LowPart   = now.dwLowDateTime;
2481                 tmstop.u.HighPart  = now.dwHighDateTime;
2482
2483                 ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
2484                 }
2485
2486         return (ret);
2487         }
2488
2489 #elif defined(OPENSSL_SYS_NETWARE)
2490 #include <time.h>
2491
2492 double app_tminterval(int stop,int usertime)
2493         {
2494         double          ret=0;
2495         static clock_t  tmstart;
2496         static int      warning=1;
2497
2498         if (usertime && warning)
2499                 {
2500                 BIO_printf(bio_err,"To get meaningful results, run "
2501                                    "this program on idle system.\n");
2502                 warning=0;
2503                 }
2504
2505         if (stop==TM_START)     tmstart = clock();
2506         else                    ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
2507
2508         return (ret);
2509         }
2510
2511 #elif defined(OPENSSL_SYSTEM_VXWORKS)
2512 #include <time.h>
2513
2514 double app_tminterval(int stop,int usertime)
2515         {
2516         double ret=0;
2517 #ifdef CLOCK_REALTIME
2518         static struct timespec  tmstart;
2519         struct timespec         now;
2520 #else
2521         static unsigned long    tmstart;
2522         unsigned long           now;
2523 #endif
2524         static int warning=1;
2525
2526         if (usertime && warning)
2527                 {
2528                 BIO_printf(bio_err,"To get meaningful results, run "
2529                                    "this program on idle system.\n");
2530                 warning=0;
2531                 }
2532
2533 #ifdef CLOCK_REALTIME
2534         clock_gettime(CLOCK_REALTIME,&now);
2535         if (stop==TM_START)     tmstart = now;
2536         else    ret = ( (now.tv_sec+now.tv_nsec*1e-9)
2537                         - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
2538 #else
2539         now = tickGet();
2540         if (stop==TM_START)     tmstart = now;
2541         else                    ret = (now - tmstart)/(double)sysClkRateGet();
2542 #endif
2543         return (ret);
2544         }
2545
2546 #elif defined(OPENSSL_SYSTEM_VMS)
2547 #include <time.h>
2548 #include <times.h>
2549
2550 double app_tminterval(int stop,int usertime)
2551         {
2552         static clock_t  tmstart;
2553         double          ret = 0;
2554         clock_t         now;
2555 #ifdef __TMS
2556         struct tms      rus;
2557
2558         now = times(&rus);
2559         if (usertime)   now = rus.tms_utime;
2560 #else
2561         if (usertime)
2562                 now = clock(); /* sum of user and kernel times */
2563         else    {
2564                 struct timeval tv;
2565                 gettimeofday(&tv,NULL);
2566                 now = (clock_t)(
2567                         (unsigned long long)tv.tv_sec*CLK_TCK +
2568                         (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
2569                         );
2570                 }
2571 #endif
2572         if (stop==TM_START)     tmstart = now;
2573         else                    ret = (now - tmstart)/(double)(CLK_TCK);
2574
2575         return (ret);
2576         }
2577
2578 #elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
2579 #include <sys/times.h>
2580
2581 double app_tminterval(int stop,int usertime)
2582         {
2583         double          ret = 0;
2584         struct tms      rus;
2585         clock_t         now = times(&rus);
2586         static clock_t  tmstart;
2587
2588         if (usertime)           now = rus.tms_utime;
2589
2590         if (stop==TM_START)     tmstart = now;
2591         else
2592                 {
2593                 long int tck = sysconf(_SC_CLK_TCK);
2594                 ret = (now - tmstart)/(double)tck;
2595                 }
2596
2597         return (ret);
2598         }
2599
2600 #else
2601 #include <sys/time.h>
2602 #include <sys/resource.h>
2603
2604 double app_tminterval(int stop,int usertime)
2605         {
2606         double          ret = 0;
2607         struct rusage   rus;
2608         struct timeval  now;
2609         static struct timeval tmstart;
2610
2611         if (usertime)           getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
2612         else                    gettimeofday(&now,NULL);
2613
2614         if (stop==TM_START)     tmstart = now;
2615         else                    ret = ( (now.tv_sec+now.tv_usec*1e-6)
2616                                         - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
2617
2618         return ret;
2619         }
2620 #endif
2621
2622 /* app_isdir section */
2623 #ifdef _WIN32
2624 int app_isdir(const char *name)
2625         {
2626         HANDLE          hList;
2627         WIN32_FIND_DATA FileData;
2628 #if defined(UNICODE) || defined(_UNICODE)
2629         size_t i, len_0 = strlen(name)+1;
2630
2631         if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
2632                 return -1;
2633
2634 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
2635         if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
2636 #endif
2637                 for (i=0;i<len_0;i++)
2638                         FileData.cFileName[i] = (WCHAR)name[i];
2639
2640         hList = FindFirstFile(FileData.cFileName,&FileData);
2641 #else
2642         hList = FindFirstFile(name,&FileData);
2643 #endif
2644         if (hList == INVALID_HANDLE_VALUE)      return -1;
2645         FindClose(hList);
2646         return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
2647         }
2648 #else
2649 #include <sys/stat.h>
2650 #ifndef S_ISDIR
2651 # if defined(_S_IFMT) && defined(_S_IFDIR)
2652 #  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
2653 # else 
2654 #  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
2655 # endif 
2656 #endif 
2657
2658 int app_isdir(const char *name)
2659         {
2660 #if defined(S_ISDIR)
2661         struct stat st;
2662
2663         if (stat(name,&st)==0)  return S_ISDIR(st.st_mode);
2664         else                    return -1;
2665 #else
2666         return -1;
2667 #endif
2668         }
2669 #endif
2670
2671 /* raw_read|write section */
2672 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
2673 int raw_read_stdin(void *buf,int siz)
2674         {
2675         DWORD n;
2676         if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
2677                 return (n);
2678         else    return (-1);
2679         }
2680 #else
2681 int raw_read_stdin(void *buf,int siz)
2682         {       return read(fileno(stdin),buf,siz);     }
2683 #endif
2684
2685 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
2686 int raw_write_stdout(const void *buf,int siz)
2687         {
2688         DWORD n;
2689         if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
2690                 return (n);
2691         else    return (-1);
2692         }
2693 #else
2694 int raw_write_stdout(const void *buf,int siz)
2695         {       return write(fileno(stdout),buf,siz);   }
2696 #endif