*
*/
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
the declaration of fileno(). The value
2 is to make sure no function defined
in POSIX-2 is left undefined. */
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#ifndef OPENSSL_SYSNAME_WIN32
+#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
#include <strings.h>
#endif
#include <sys/types.h>
#include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
#include <openssl/jpake.h>
#endif
return(FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't'))
return(FORMAT_TEXT);
- else if ((*s == 'P') || (*s == 'p'))
- {
- if (s[1] == 'V' || s[1] == 'v')
- return FORMAT_PVK;
- else
- return(FORMAT_PEM);
- }
else if ((*s == 'N') || (*s == 'n'))
return(FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
+ else if ((*s == 'P') || (*s == 'p'))
+ {
+ if (s[1] == 'V' || s[1] == 'v')
+ return FORMAT_PVK;
+ else
+ return(FORMAT_PEM);
+ }
else
return(FORMAT_UNDEF);
}
&pkey, NULL, NULL))
goto end;
}
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PrivateKey_bio(key);
else if (format == FORMAT_PVK)
pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
&cb_data);
+#endif
else
{
BIO_printf(err,"bad input format specified for key file\n");
{
pkey=d2i_PUBKEY_bio(key, NULL);
}
+#ifndef OPENSSL_NO_RSA
else if (format == FORMAT_ASN1RSA)
{
RSA *rsa;
else
pkey = NULL;
}
-
+#endif
else if (format == FORMAT_PEM)
{
pkey=PEM_read_bio_PUBKEY(key,NULL,
else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
pkey = load_netscape_key(err, key, file, key_descrip, format);
#endif
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
+#endif
else
{
BIO_printf(err,"bad input format specified for key file\n");
return p;
}
-static unsigned long index_serial_hash(const CSTRING *a)
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
const char *n;
return(lh_strhash(n));
}
-static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
+static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{
const char *aa,*bb;
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
-static unsigned long index_name_hash(const CSTRING *a)
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
{ return(lh_strhash(a[DB_name])); }
-int index_name_cmp(const CSTRING *a, const CSTRING *b)
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{ return(strcmp(a[DB_name], b[DB_name])); }
-static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
ASN1_OBJECT *otmp = NULL;
unsigned long flags = 0;
int i;
- int purpose = 0;
+ int purpose = 0, depth = -1;
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
if (!strcmp(arg, "-policy"))
}
(*pargs)++;
}
+ else if (strcmp(arg,"-verify_depth") == 0)
+ {
+ if (!argn)
+ *badarg = 1;
+ else
+ {
+ depth = atoi(argn);
+ if(depth < 0)
+ {
+ BIO_printf(err, "invalid depth\n");
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ }
else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
flags |= X509_V_FLAG_USE_DELTAS;
else if (!strcmp(arg, "-policy_print"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else
return 0;
if (purpose)
X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+ if (depth >= 0)
+ X509_VERIFY_PARAM_set_depth(*pm, depth);
+
end:
(*pargs)++;
BIO_free(out);
}
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
static JPAKE_CTX *jpake_init(const char *us, const char *them,
const char *secret)
int l;
l = BIO_gets(bconn, buf, sizeof buf);
- assert(l >= 0);
+ assert(l > 0);
assert(buf[l-1] == '\n');
buf[l-1] = '\0';
BN_hex2bn(bn, buf);
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+ psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
BIO_free(bconn);
+
+ JPAKE_CTX_free(ctx);
}
void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+ psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
BIO_free(bconn);
+
+ JPAKE_CTX_free(ctx);
}
#endif