#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
}
#endif
-int ctx_set_verify_locations(SSL_CTX *ctx,
- const char *CAfile, const char *CApath)
+int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath, int noCAfile, int noCApath)
{
- if (CAfile == NULL && CApath == NULL)
- return SSL_CTX_set_default_verify_paths(ctx);
+ if (CAfile == NULL && CApath == NULL) {
+ if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
+ return 0;
+ if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
+ return 0;
+
+ return 1;
+ }
return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
}
int i;
if (strncmp(arg, "pass:", 5) == 0)
- return BUF_strdup(arg + 5);
+ return OPENSSL_strdup(arg + 5);
if (strncmp(arg, "env:", 4) == 0) {
tmp = getenv(arg + 4);
if (!tmp) {
BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
return NULL;
}
- return BUF_strdup(tmp);
+ return OPENSSL_strdup(tmp);
}
if (!keepbio || !pwdbio) {
if (strncmp(arg, "file:", 5) == 0) {
pwdbio = BIO_push(btmp, pwdbio);
#endif
} else if (strcmp(arg, "stdin") == 0) {
- pwdbio = dup_bio_in();
+ pwdbio = dup_bio_in(FORMAT_TEXT);
if (!pwdbio) {
BIO_printf(bio_err, "Can't open BIO for stdin\n");
return NULL;
tmp = strchr(tpass, '\n');
if (tmp)
*tmp = 0;
- return BUF_strdup(tpass);
+ return OPENSSL_strdup(tpass);
}
static CONF *app_load_config_(BIO *in, const char *filename)
if (!bio || !BIO_set_conn_port(bio, port))
goto err;
rctx = OCSP_REQ_CTX_new(bio, 1024);
- if (!rctx)
+ if (rctx == NULL)
goto err;
if (!OCSP_REQ_CTX_http(rctx, "GET", path))
goto err;
if (file == NULL) {
unbuffer(stdin);
- cert = dup_bio_in();
+ cert = dup_bio_in(format);
} else
cert = bio_open_default(file, 'r', format);
if (cert == NULL)
BIO_printf(bio_err, "no keyfile specified\n");
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE) {
- if (!e)
+ if (e == NULL)
BIO_printf(bio_err, "no engine specified\n");
else {
+#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
- if (!pkey) {
+ if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
}
+#else
+ BIO_printf(bio_err, "engines not supported\n");
+#endif
}
goto end;
}
-#endif
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
- key = dup_bio_in();
+ key = dup_bio_in(format);
} else
key = bio_open_default(file, 'r', format);
if (key == NULL)
BIO_printf(bio_err, "no keyfile specified\n");
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE) {
- if (!e)
+ if (e == NULL)
BIO_printf(bio_err, "no engine specified\n");
- else
+ else {
+#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+ ERR_print_errors(bio_err);
+ }
+#else
+ BIO_printf(bio_err, "engines not supported\n");
+#endif
+ }
goto end;
}
-#endif
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
- key = dup_bio_in();
+ key = dup_bio_in(format);
} else
key = bio_open_default(file, 'r', format);
if (key == NULL)
if (format == FORMAT_ASN1) {
pkey = d2i_PUBKEY_bio(key, NULL);
}
-#ifndef OPENSSL_NO_RSA
else if (format == FORMAT_ASN1RSA) {
+#ifndef OPENSSL_NO_RSA
RSA *rsa;
rsa = d2i_RSAPublicKey_bio(key, NULL);
if (rsa) {
pkey = EVP_PKEY_new();
- if (pkey)
+ if (pkey != NULL)
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
} else
+#else
+ BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
pkey = NULL;
} else if (format == FORMAT_PEMRSA) {
+#ifndef OPENSSL_NO_RSA
RSA *rsa;
rsa = PEM_read_bio_RSAPublicKey(key, NULL,
(pem_password_cb *)password_callback,
&cb_data);
- if (rsa) {
+ if (rsa != NULL) {
pkey = EVP_PKEY_new();
- if (pkey)
+ if (pkey != NULL)
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
} else
+#else
+ BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
pkey = NULL;
}
-#endif
else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL,
(pem_password_cb *)password_callback,
BIO_free(bio);
- if (pcerts) {
+ if (pcerts && *pcerts == NULL) {
*pcerts = sk_X509_new_null();
if (!*pcerts)
goto end;
}
- if (pcrls) {
+ if (pcrls && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
return vp;
}
-
-
-STACK_OF(X509) *load_certs(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *certs != NULL, a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+ const char *pass, ENGINE *e, const char *desc)
{
- STACK_OF(X509) *certs;
- if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
- return NULL;
- return certs;
+ return load_certs_crls(file, format, pass, e, desc, certs, NULL);
}
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *crls != NULL, a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+ const char *pass, ENGINE *e, const char *desc)
{
- STACK_OF(X509_CRL) *crls;
- if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
- return NULL;
- return crls;
+ return load_certs_crls(file, format, pass, e, desc, NULL, crls);
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
- return set_multi_opts(flags, arg, ex_tbl);
+ if (set_multi_opts(flags, arg, ex_tbl) == 0)
+ return 0;
+ if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ *flags |= XN_FLAG_SEP_CPLUS_SPC;
+ return 1;
}
int set_ext_copy(int *copy_type, const char *arg)
BIO_printf(out, "\n};\n");
}
-X509_STORE *setup_verify(char *CAfile, char *CApath)
+X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
{
X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
- if (!store)
+ if (store == NULL)
goto end;
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
- if (lookup == NULL)
- goto end;
- if (CAfile) {
- if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
- BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+
+ if(CAfile != NULL || !noCAfile) {
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
goto end;
- }
- } else
- X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+ if (CAfile) {
+ if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
- if (lookup == NULL)
- goto end;
- if (CApath) {
- if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
- BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ if(CApath != NULL || !noCApath) {
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
goto end;
- }
- } else
- X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+ if (CApath) {
+ if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+ }
ERR_clear_error();
return store;
}
if (suffix == NULL)
- BUF_strlcpy(buf[0], serialfile, BSIZE);
+ OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
else
btmp = BN_new();
- if (!btmp)
+ if (btmp == NULL)
return 0;
if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
int len, ret;
unsigned char tbuf[1024];
mem = BIO_new(BIO_s_mem());
- if (!mem)
+ if (mem == NULL)
return -1;
for (;;) {
if ((maxlen != -1) && maxlen < 1024)
else
len = 1024;
len = BIO_read(in, tbuf, len);
- if (len <= 0)
+ if (len < 0) {
+ BIO_free(mem);
+ return -1;
+ }
+ if (len == 0)
break;
if (BIO_write(mem, tbuf, len) != len) {
BIO_free(mem);
return ret;
}
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
{
int rv;
char *stmp, *vtmp = NULL;
- stmp = BUF_strdup(value);
+ stmp = OPENSSL_strdup(value);
if (!stmp)
return -1;
vtmp = strchr(stmp, ':');
* does impact behavior on some platform, such as differentiating between
* text and binary input/output on non-Unix platforms
*/
-BIO *dup_bio_in(void)
+static int istext(int format)
+{
+ return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
+}
+
+BIO *dup_bio_in(int format)
{
- return BIO_new_fp(stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+ return BIO_new_fp(stdin,
+ BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
}
-BIO *dup_bio_out(void)
+BIO *dup_bio_out(int format)
{
- BIO *b = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+ BIO *b = BIO_new_fp(stdout,
+ BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
- b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+ if (istext(format))
+ b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
}
switch (mode) {
case 'a':
- return (format & B_FORMAT_TEXT) ? "a" : "ab";
+ return istext(format) ? "a" : "ab";
case 'r':
- return (format & B_FORMAT_TEXT) ? "r" : "rb";
+ return istext(format) ? "r" : "rb";
case 'w':
- return (format & B_FORMAT_TEXT) ? "w" : "wb";
+ return istext(format) ? "w" : "wb";
}
/* The assert above should make sure we never reach this point */
return NULL;
{
FILE *fp = NULL;
BIO *b = NULL;
- int fd = -1, bflags, mode, binmode;
+ int fd = -1, bflags, mode, textmode;
if (!private || filename == NULL || strcmp(filename, "-") == 0)
return bio_open_default(filename, 'w', format);
#ifdef O_TRUNC
mode |= O_TRUNC;
#endif
- binmode = !(format & B_FORMAT_TEXT);
- if (binmode) {
+ textmode = istext(format);
+ if (!textmode) {
#ifdef O_BINARY
mode |= O_BINARY;
#elif defined(_O_BINARY)
#endif
}
- fd = open(filename, mode, 0600);
+#ifdef OPENSSL_SYS_VMS
+ /* VMS doesn't have O_BINARY, it just doesn't make sense. But,
+ * it still needs to know that we're going binary, or fdopen()
+ * will fail with "invalid argument"... so we tell VMS what the
+ * context is.
+ */
+ if (!textmode)
+ fd = open(filename, mode, 0600, "ctx=bin");
+ else
+#endif
+ fd = open(filename, mode, 0600);
if (fd < 0)
goto err;
fp = fdopen(fd, modestr('w', format));
if (fp == NULL)
goto err;
bflags = BIO_CLOSE;
- if (!binmode)
+ if (textmode)
bflags |= BIO_FP_TEXT;
b = BIO_new_fp(fp, bflags);
if (b)
BIO *ret;
if (filename == NULL || strcmp(filename, "-") == 0) {
- ret = mode == 'r' ? dup_bio_in() : dup_bio_out();
+ ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
if (quiet) {
ERR_clear_error();
return ret;
return bio_open_default_(filename, mode, format, 1);
}
+void wait_for_async(SSL *s)
+{
+ int width, fd;
+ fd_set asyncfds;
+
+ fd = SSL_get_async_wait_fd(s);
+ if (fd < 0)
+ return;
+
+ width = fd + 1;
+ FD_ZERO(&asyncfds);
+ openssl_fdset(fd, &asyncfds);
+ select(width, (void *)&asyncfds, NULL, NULL, NULL);
+}