-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
*/
# define _POSIX_C_SOURCE 2
#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#endif
#include <openssl/bn.h>
#include <openssl/ssl.h>
-
+#include "s_apps.h"
#include "apps.h"
#ifdef _WIN32
} NAME_EX_TBL;
static UI_METHOD *ui_method = NULL;
+static const UI_METHOD *ui_fallback_method = NULL;
static int set_table_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
if (arg->size == 0) {
arg->size = 20;
arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
- if (arg->argv == NULL)
- return 0;
}
for (p = buf;;) {
/* The start of something good :-) */
if (arg->argc >= arg->size) {
+ char **tmp;
arg->size += 20;
- arg->argv = OPENSSL_realloc(arg->argv,
- sizeof(*arg->argv) * arg->size);
- if (arg->argv == NULL)
+ tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
+ if (tmp == NULL)
return 0;
+ arg->argv = tmp;
}
quoted = *p == '\'' || *p == '"';
if (quoted)
int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
{
- if (path == NULL) {
+ if (path == NULL)
return SSL_CTX_set_default_ctlog_list_file(ctx);
- }
return SSL_CTX_set_ctlog_list_file(ctx, path);
}
#endif
-int dump_cert_text(BIO *out, X509 *x)
+static unsigned long nmflag = 0;
+static char nmflag_set = 0;
+
+int set_nameopt(const char *arg)
{
- char *p;
+ int ret = set_name_ex(&nmflag, arg);
+
+ if (ret)
+ nmflag_set = 1;
+
+ return ret;
+}
- p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
- BIO_puts(out, "subject=");
- BIO_puts(out, p);
- OPENSSL_free(p);
+unsigned long get_nameopt(void)
+{
+ return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+}
- p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
- BIO_puts(out, "\nissuer=");
- BIO_puts(out, p);
+int dump_cert_text(BIO *out, X509 *x)
+{
+ print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
+ BIO_puts(out, "\n");
+ print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
BIO_puts(out, "\n");
- OPENSSL_free(p);
return 0;
}
static int ui_open(UI *ui)
{
- return UI_method_get_opener(UI_OpenSSL())(ui);
+ int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
+
+ if (opener)
+ return opener(ui);
+ return 1;
}
static int ui_read(UI *ui, UI_STRING *uis)
{
+ int (*reader)(UI *ui, UI_STRING *uis) = NULL;
+
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
return 1;
}
}
- default:
+ break;
+ case UIT_NONE:
+ case UIT_BOOLEAN:
+ case UIT_INFO:
+ case UIT_ERROR:
break;
}
}
- return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+
+ reader = UI_method_get_reader(ui_fallback_method);
+ if (reader)
+ return reader(ui, uis);
+ return 1;
}
static int ui_write(UI *ui, UI_STRING *uis)
{
+ int (*writer)(UI *ui, UI_STRING *uis) = NULL;
+
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
if (password && password[0] != '\0')
return 1;
}
- default:
+ break;
+ case UIT_NONE:
+ case UIT_BOOLEAN:
+ case UIT_INFO:
+ case UIT_ERROR:
break;
}
}
- return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+
+ writer = UI_method_get_reader(ui_fallback_method);
+ if (writer)
+ return writer(ui, uis);
+ return 1;
}
static int ui_close(UI *ui)
{
- return UI_method_get_closer(UI_OpenSSL())(ui);
+ int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
+
+ if (closer)
+ return closer(ui);
+ return 1;
}
int setup_ui_method(void)
{
+ ui_fallback_method = UI_null();
+#ifndef OPENSSL_NO_UI_CONSOLE
+ ui_fallback_method = UI_OpenSSL();
+#endif
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
}
}
+const UI_METHOD *get_ui_method(void)
+{
+ return ui_method;
+}
+
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
{
- UI *ui = NULL;
int res = 0;
- const char *prompt_info = NULL;
- const char *password = NULL;
+ UI *ui = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
- if (cb_data) {
- if (cb_data->password)
- password = cb_data->password;
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
- }
-
- if (password) {
- res = strlen(password);
- if (res > bufsiz)
- res = bufsiz;
- memcpy(buf, password, res);
- return res;
- }
-
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
+ const char *prompt_info = NULL;
char *prompt;
+ if (cb_data != NULL && cb_data->prompt_info != NULL)
+ prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
- if (ok >= 0)
- ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ /* We know that there is no previous user data to return to us */
+ (void)UI_add_user_data(ui, cb_data);
+
+ ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+ PW_MIN_LENGTH, bufsiz - 1);
+
if (ok >= 0 && verify) {
buff = app_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
if (ok >= 0)
do {
ok = UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+ } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
OPENSSL_clear_free(buff, (unsigned int)bufsiz);
return res;
}
-static char *app_get_pass(char *arg, int keepbio);
+static char *app_get_pass(const char *arg, int keepbio);
-int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
{
int same;
- if (!arg2 || !arg1 || strcmp(arg1, arg2))
+ if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
same = 0;
else
same = 1;
- if (arg1) {
+ if (arg1 != NULL) {
*pass1 = app_get_pass(arg1, same);
- if (!*pass1)
+ if (*pass1 == NULL)
return 0;
- } else if (pass1)
+ } else if (pass1 != NULL) {
*pass1 = NULL;
- if (arg2) {
+ }
+ if (arg2 != NULL) {
*pass2 = app_get_pass(arg2, same ? 2 : 0);
- if (!*pass2)
+ if (*pass2 == NULL)
return 0;
- } else if (pass2)
+ } else if (pass2 != NULL) {
*pass2 = NULL;
+ }
return 1;
}
-static char *app_get_pass(char *arg, int keepbio)
+static char *app_get_pass(const char *arg, int keepbio)
{
char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
return OPENSSL_strdup(arg + 5);
if (strncmp(arg, "env:", 4) == 0) {
tmp = getenv(arg + 4);
- if (!tmp) {
+ if (tmp == NULL) {
BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
return NULL;
}
return OPENSSL_strdup(tmp);
}
- if (!keepbio || !pwdbio) {
+ if (!keepbio || pwdbio == NULL) {
if (strncmp(arg, "file:", 5) == 0) {
pwdbio = BIO_new_file(arg + 5, "r");
- if (!pwdbio) {
+ if (pwdbio == NULL) {
BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
return NULL;
}
return NULL;
}
tmp = strchr(tpass, '\n');
- if (tmp)
+ if (tmp != NULL)
*tmp = 0;
return OPENSSL_strdup(tpass);
}
NCONF_free(conf);
return NULL;
}
+
CONF *app_load_config(const char *filename)
{
BIO *in;
BIO_free(in);
return conf;
}
+
CONF *app_load_config_quiet(const char *filename)
{
BIO *in;
CONF *to_free = NULL;
if (config == NULL)
- config = to_free = app_load_config_quiet(default_config_file);
+ config = to_free = app_load_config_quiet(default_config_file);
if (config == NULL)
- return 1;
+ return 1;
if (CONF_modules_load(config, NULL, 0) <= 0) {
BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
goto die;
}
/* See if an empty password will do */
- if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+ if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
pass = "";
- else {
+ } else {
if (!pem_cb)
pem_cb = (pem_password_cb *)password_callback;
len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
OPENSSL_free(host);
OPENSSL_free(path);
OPENSSL_free(port);
- if (bio)
- BIO_free_all(bio);
+ BIO_free_all(bio);
OCSP_REQ_CTX_free(rctx);
if (rv != 1) {
BIO_printf(bio_err, "Error loading %s from %s\n",
if (file == NULL) {
unbuffer(stdin);
cert = dup_bio_in(format);
- } else
+ } else {
cert = bio_open_default(file, 'r', format);
+ }
if (cert == NULL)
goto end;
- if (format == FORMAT_ASN1)
+ if (format == FORMAT_ASN1) {
x = d2i_X509_bio(cert, NULL);
- else if (format == FORMAT_PEM)
+ } else if (format == FORMAT_PEM) {
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
- else if (format == FORMAT_PKCS12) {
+ } else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
goto end;
} else {
in = bio_open_default(infile, 'r', format);
if (in == NULL)
goto end;
- if (format == FORMAT_ASN1)
+ if (format == FORMAT_ASN1) {
x = d2i_X509_CRL_bio(in, NULL);
- else if (format == FORMAT_PEM)
+ } else if (format == FORMAT_PEM) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
- else {
+ } else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
goto end;
}
if (format == FORMAT_ENGINE) {
- if (e == NULL)
+ if (e == NULL) {
BIO_printf(bio_err, "no engine specified\n");
- else {
+ } else {
#ifndef OPENSSL_NO_ENGINE
- pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ if (ENGINE_init(e)) {
+ pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ ENGINE_finish(e);
+ }
if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
key = dup_bio_in(format);
- } else
+ } else {
key = bio_open_default(file, 'r', format);
+ }
if (key == NULL)
goto end;
if (format == FORMAT_ASN1) {
pkey = PEM_read_bio_PrivateKey(key, NULL,
(pem_password_cb *)password_callback,
&cb_data);
- }
- else if (format == FORMAT_PKCS12) {
+ } else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
&pkey, NULL, NULL))
goto end;
- }
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
- else if (format == FORMAT_MSBLOB)
+ } else if (format == FORMAT_MSBLOB) {
pkey = b2i_PrivateKey_bio(key);
- else if (format == FORMAT_PVK)
+ } else if (format == FORMAT_PVK) {
pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
&cb_data);
#endif
- else {
+ } else {
BIO_printf(bio_err, "bad input format specified for key file\n");
goto end;
}
goto end;
}
if (format == FORMAT_ENGINE) {
- if (e == NULL)
+ if (e == NULL) {
BIO_printf(bio_err, "no engine specified\n");
- else {
+ } else {
#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
if (pkey == NULL) {
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
key = dup_bio_in(format);
- } else
+ } else {
key = bio_open_default(file, 'r', format);
+ }
if (key == NULL)
goto end;
if (format == FORMAT_ASN1) {
pkey = d2i_PUBKEY_bio(key, NULL);
- }
- else if (format == FORMAT_ASN1RSA) {
+ } else if (format == FORMAT_ASN1RSA) {
#ifndef OPENSSL_NO_RSA
RSA *rsa;
rsa = d2i_RSAPublicKey_bio(key, NULL);
BIO_printf(bio_err, "RSA keys not supported\n");
#endif
pkey = NULL;
- }
- else if (format == FORMAT_PEM) {
+ } else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL,
(pem_password_cb *)password_callback,
&cb_data);
- }
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
- else if (format == FORMAT_MSBLOB)
+ } else if (format == FORMAT_MSBLOB) {
pkey = b2i_PublicKey_bio(key);
#endif
+ }
end:
BIO_free(key);
if (pkey == NULL)
BIO_free(bio);
- if (pcerts && *pcerts == NULL) {
+ if (pcerts != NULL && *pcerts == NULL) {
*pcerts = sk_X509_new_null();
- if (!*pcerts)
+ if (*pcerts == NULL)
goto end;
}
- if (pcrls && *pcrls == NULL) {
+ if (pcrls != NULL && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null();
- if (!*pcrls)
+ if (*pcrls == NULL)
goto end;
}
for (i = 0; i < sk_X509_INFO_num(xis); i++) {
xi = sk_X509_INFO_value(xis, i);
- if (xi->x509 && pcerts) {
+ if (xi->x509 != NULL && pcerts != NULL) {
if (!sk_X509_push(*pcerts, xi->x509))
goto end;
xi->x509 = NULL;
}
- if (xi->crl && pcrls) {
+ if (xi->crl != NULL && pcrls != NULL) {
if (!sk_X509_CRL_push(*pcrls, xi->crl))
goto end;
xi->crl = NULL;
}
}
- if (pcerts && sk_X509_num(*pcerts) > 0)
+ if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
rv = 1;
- if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
+ if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
rv = 1;
end:
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0) {
- if (pcerts) {
+ if (pcerts != NULL) {
sk_X509_pop_free(*pcerts, X509_free);
*pcerts = NULL;
}
- if (pcrls) {
+ if (pcrls != NULL) {
sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
*pcrls = NULL;
}
}
/*
- * Initialize or extend, if *certs != NULL, a certificate stack.
+ * Initialize or extend, if *certs != NULL, a certificate stack.
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *desc)
}
/*
- * Initialize or extend, if *crls != NULL, a certificate stack.
+ * Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *desc)
{
static const NAME_EX_TBL ex_tbl[] = {
{"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
{"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
} else if (c == '+') {
c = 1;
arg++;
- } else
+ } else {
c = 1;
+ }
for (ptbl = in_tbl; ptbl->name; ptbl++) {
if (strcasecmp(arg, ptbl->name) == 0) {
}
}
-void print_bignum_var(BIO *out, BIGNUM *in, const char *var,
+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
- if (BN_is_zero(in))
+ if (BN_is_zero(in)) {
BIO_printf(out, "\n\t0x00");
- else {
+ } else {
int i, l;
l = BN_bn2bin(in, buffer);
}
BIO_printf(out, "\n };\n");
}
+
void print_array(BIO *out, const char* title, int len, const unsigned char* d)
{
int i;
BIO_printf(out, "\n};\n");
}
-X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
{
X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
if (store == NULL)
goto end;
- if(CAfile != NULL || !noCAfile) {
+ if (CAfile != NULL || !noCAfile) {
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end;
}
- } else
+ } else {
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
}
- if(CApath != NULL || !noCApath) {
+ if (CApath != NULL || !noCApath) {
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL)
goto end;
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto end;
}
- } else
+ } else {
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
}
ERR_clear_error();
}
return e;
}
+#endif
ENGINE *setup_engine(const char *engine, int debug)
{
ENGINE *e = NULL;
- if (engine) {
+#ifndef OPENSSL_NO_ENGINE
+ if (engine != NULL) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(bio_err, "enabling auto ENGINE support\n");
ENGINE_register_all_complete();
}
BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
}
+#endif
return e;
}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+ if (e != NULL)
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
#endif
+}
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
n = a[DB_serial];
while (*n == '0')
n++;
- return (lh_strhash(n));
+ return OPENSSL_LH_strhash(n);
}
static int index_serial_cmp(const OPENSSL_CSTRING *a,
static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
{
- return (lh_strhash(a[DB_name]));
+ return OPENSSL_LH_strhash(a[DB_name]);
}
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
return (ret);
}
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai)
{
char buf[1][BSIZE];
return (ret);
}
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+int rotate_serial(const char *serialfile, const char *new_suffix,
+ const char *old_suffix)
{
- char buf[5][BSIZE];
+ char buf[2][BSIZE];
int i, j;
i = strlen(serialfile) + strlen(old_suffix);
if (btmp == NULL)
return 0;
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
goto error;
if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
goto error;
return ret;
}
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
{
CA_DB *retdb = NULL;
TXT_DB *tmpdb = NULL;
BIO *mem;
int len, ret;
unsigned char tbuf[1024];
+
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
return -1;
node = sk_X509_POLICY_NODE_value(nodes, i);
X509_POLICY_NODE_print(bio_err, node, 2);
}
- } else
+ } else {
BIO_puts(bio_err, " <empty>\n");
+ }
}
void policies_print(X509_STORE_CTX *ctx)
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
* err: (maybe NULL) on failure, an error message line is written to this BIO.
- * in: a NUL termianted string like "abc,def,ghi"
+ * in: a NUL terminated string like "abc,def,ghi"
*
- * returns: a malloced buffer or NULL on failure.
+ * returns: a malloc'd buffer or NULL on failure.
*/
unsigned char *next_protos_parse(size_t *outlen, const char *in)
{
}
out[start] = i - start;
start = i + 1;
- } else
+ } else {
out[i + 1] = in[i];
+ }
}
*outlen = len + 1;
gen = sk_GENERAL_NAME_value(gens, i);
uri = GENERAL_NAME_get0_value(gen, >ype);
if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
- char *uptr = (char *)ASN1_STRING_data(uri);
+ const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
if (strncmp(uptr, "http://", 7) == 0)
return uptr;
}
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (!crl)
+ if (!crl) {
+ sk_X509_CRL_free(crls);
return NULL;
+ }
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
if (usertime)
now = rus.tms_utime;
- if (stop == TM_START)
+ if (stop == TM_START) {
tmstart = now;
- else {
+ } else {
long int tck = sysconf(_SC_CLK_TCK);
ret = (now - tmstart) / (double)tck;
}
#endif
}
-int app_hex(char c)
-{
- switch (c) {
- default:
- case '0':
- return 0;
- case '1':
- return 1;
- case '2':
- return 2;
- case '3':
- return 3;
- case '4':
- return 4;
- case '5':
- return 5;
- case '6':
- return 6;
- case '7':
- return 7;
- case '8':
- return 8;
- case '9':
- return 9;
- case 'a': case 'A':
- return 0x0A;
- case 'b': case 'B':
- return 0x0B;
- case 'c': case 'C':
- return 0x0C;
- case 'd': case 'D':
- return 0x0D;
- case 'e': case 'E':
- return 0x0E;
- case 'f': case 'F':
- return 0x0F;
- }
-}
-
/* app_isdir section */
#ifdef _WIN32
int app_isdir(const char *name)
#endif
/* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+ TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+ if (stdin_sock == -1) {
+ TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+ atexit(close_stdin_sock);
+ }
+
+ return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+ return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+ return fileno(stdout);
+}
+
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf, int siz)
{
else
return (-1);
}
+#elif defined(__VMS)
+# include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+ return recv(fileno_stdin(), buf, siz, 0);
+}
#else
int raw_read_stdin(void *buf, int siz)
{
- return read(fileno(stdin), buf, siz);
+ return read(fileno_stdin(), buf, siz);
}
#endif
#else
int raw_write_stdout(const void *buf, int siz)
{
- return write(fileno(stdout), buf, siz);
+ return write(fileno_stdout(), buf, siz);
}
#endif
return b;
}
+BIO *dup_bio_err(int format)
+{
+ BIO *b = BIO_new_fp(stderr,
+ BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+#ifdef OPENSSL_SYS_VMS
+ if (istext(format))
+ b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+ return b;
+}
+
void unbuffer(FILE *fp)
{
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * However, we trust that the C RTL will never give us a FILE pointer
+ * above the first 4 GB of memory, so we simply turn off the warning
+ * temporarily.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
setbuf(fp, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
}
static const char *modestr(char mode, int format)
void wait_for_async(SSL *s)
{
+ /* On Windows select only works for sockets, so we simply don't wait */
+#ifndef OPENSSL_SYS_WINDOWS
int width = 0;
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
return;
if (numfds == 0)
return;
- fds = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD) * numfds);
+ fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
}
fds++;
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
+#endif
+}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+ HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+ DWORD events = 0;
+ INPUT_RECORD inputrec;
+ DWORD insize = 1;
+ BOOL peeked;
+
+ if (inhand == INVALID_HANDLE_VALUE) {
+ return 0;
+ }
+
+ peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+ if (!peeked) {
+ /* Probably redirected input? _kbhit() does not work in this case */
+ if (!feof(stdin)) {
+ return 1;
+ }
+ return 0;
+ }
+# endif
+ return _kbhit();
+}
+#endif
+
+/* Corrupt a signature by modifying final byte */
+void corrupt_signature(const ASN1_STRING *signature)
+{
+ unsigned char *s = signature->data;
+ s[signature->length - 1] ^= 0x1;
+}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+ int days)
+{
+ if (startdate == NULL || strcmp(startdate, "today") == 0) {
+ if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+ return 0;
+ } else {
+ if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
+ return 0;
+ }
+ if (enddate == NULL) {
+ if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+ == NULL)
+ return 0;
+ } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
+ return 0;
+ }
+ return 1;
+}
+
+void make_uppercase(char *string)
+{
+ int i;
+
+ for (i = 0; string[i] != '\0'; i++)
+ string[i] = toupper((unsigned char)string[i]);
}