+BIO *dup_bio_in(void);
+BIO *dup_bio_out(void);
+BIO *bio_open_default(const char *filename, const char *mode);
+CONF *app_load_config(const char* filename);
+void unbuffer(FILE *fp);
+
+/* Often used in calls to bio_open_default. */
+# define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r")
+# define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w")
+
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+ OPT_V__FIRST=2000, \
+ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+ OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+ OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+ OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+ OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+ OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+ OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, \
+ OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+ { "policy", OPT_V_POLICY, 's' }, \
+ { "purpose", OPT_V_PURPOSE, 's' }, \
+ { "verify_name", OPT_V_VERIFY_NAME, 's' }, \
+ { "verify_depth", OPT_V_VERIFY_DEPTH, 'p' }, \
+ { "attime", OPT_V_ATTIME, 'p' }, \
+ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's' }, \
+ { "verify_email", OPT_V_VERIFY_EMAIL, 's' }, \
+ { "verify_ip", OPT_V_VERIFY_IP, 's' }, \
+ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \
+ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \
+ { "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \
+ { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \
+ { "policy_check", OPT_V_POLICY_CHECK, '-' }, \
+ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \
+ { "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \
+ { "inhibit_map", OPT_V_INHIBIT_MAP, '-' }, \
+ { "x509_strict", OPT_V_X509_STRICT, '-' }, \
+ { "extended_crl", OPT_V_EXTENDED_CRL, '-' }, \
+ { "use_deltas", OPT_V_USE_DELTAS, '-' }, \
+ { "policy_print", OPT_V_POLICY_PRINT, '-' }, \
+ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \
+ { "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \
+ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \
+ { "suiteB_128", OPT_V_SUITEB_128, '-' }, \
+ { "suiteB_192", OPT_V_SUITEB_192, '-' }, \
+ { "partial_chain", OPT_V_PARTIAL_CHAIN, '-' }, \
+ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "Only use the first cert chain found" }
+
+# define OPT_V_CASES \
+ OPT_V__FIRST: case OPT_V__LAST: break; \
+ case OPT_V_POLICY: \
+ case OPT_V_PURPOSE: \
+ case OPT_V_VERIFY_NAME: \
+ case OPT_V_VERIFY_DEPTH: \
+ case OPT_V_ATTIME: \
+ case OPT_V_VERIFY_HOSTNAME: \
+ case OPT_V_VERIFY_EMAIL: \
+ case OPT_V_VERIFY_IP: \
+ case OPT_V_IGNORE_CRITICAL: \
+ case OPT_V_ISSUER_CHECKS: \
+ case OPT_V_CRL_CHECK: \
+ case OPT_V_CRL_CHECK_ALL: \
+ case OPT_V_POLICY_CHECK: \
+ case OPT_V_EXPLICIT_POLICY: \
+ case OPT_V_INHIBIT_ANY: \
+ case OPT_V_INHIBIT_MAP: \
+ case OPT_V_X509_STRICT: \
+ case OPT_V_EXTENDED_CRL: \
+ case OPT_V_USE_DELTAS: \
+ case OPT_V_POLICY_PRINT: \
+ case OPT_V_CHECK_SS_SIG: \
+ case OPT_V_TRUSTED_FIRST: \
+ case OPT_V_SUITEB_128_ONLY: \
+ case OPT_V_SUITEB_128: \
+ case OPT_V_SUITEB_192: \
+ case OPT_V_PARTIAL_CHAIN: \
+ case OPT_V_NO_ALT_CHAINS
+
+/*
+ * Common "extended"? options.
+ */
+# define OPT_X_ENUM \
+ OPT_X__FIRST=1000, \
+ OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+ OPT_X_CERTFORM, OPT_X_KEYFORM, \
+ OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+ { "xkey", OPT_X_KEY, '<' }, \
+ { "xcert", OPT_X_CERT, '<' }, \
+ { "xchain", OPT_X_CHAIN, '<' }, \
+ { "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \
+ { "xcertform", OPT_X_CERTFORM, 'F' }, \
+ { "xkeyform", OPT_X_KEYFORM, 'F' }
+
+# define OPT_X_CASES \
+ OPT_X__FIRST: case OPT_X__LAST: break; \
+ case OPT_X_KEY: \
+ case OPT_X_CERT: \
+ case OPT_X_CHAIN: \
+ case OPT_X_CHAIN_BUILD: \
+ case OPT_X_CERTFORM: \
+ case OPT_X_KEYFORM
+
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+ OPT_S__FIRST=3000, \
+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
+ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
+ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
+ OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
+ OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+ {"no_ssl3", OPT_S_NOSSL3, '-' }, \
+ {"no_tls1", OPT_S_NOTLS1, '-' }, \
+ {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
+ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
+ {"bugs", OPT_S_BUGS, '-' }, \
+ {"no_comp", OPT_S_NOCOMP, '-' }, \
+ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
+ {"no_ticket", OPT_S_NOTICKET, '-' }, \
+ {"serverpref", OPT_S_SERVERPREF, '-' }, \
+ {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-' }, \
+ {"legacy_server_connect", OPT_S_LEGACYCONN, '-' }, \
+ {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-' }, \
+ {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-' }, \
+ {"strict", OPT_S_STRICT, '-' }, \
+ {"sigalgs", OPT_S_SIGALGS, 's', }, \
+ {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', }, \
+ {"curves", OPT_S_CURVES, 's', }, \
+ {"named_curve", OPT_S_NAMEDCURVE, 's', }, \
+ {"cipher", OPT_S_CIPHER, 's', }, \
+ {"dhparam", OPT_S_DHPARAM, '<' }, \
+ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-' }
+
+# define OPT_S_CASES \
+ OPT_S__FIRST: case OPT_S__LAST: break; \
+ case OPT_S_NOSSL3: \
+ case OPT_S_NOTLS1: \
+ case OPT_S_NOTLS1_1: \
+ case OPT_S_NOTLS1_2: \
+ case OPT_S_BUGS: \
+ case OPT_S_NOCOMP: \
+ case OPT_S_ECDHSINGLE: \
+ case OPT_S_NOTICKET: \
+ case OPT_S_SERVERPREF: \
+ case OPT_S_LEGACYRENEG: \
+ case OPT_S_LEGACYCONN: \
+ case OPT_S_ONRESUMP: \
+ case OPT_S_NOLEGACYCONN: \
+ case OPT_S_STRICT: \
+ case OPT_S_SIGALGS: \
+ case OPT_S_CLIENTSIGALGS: \
+ case OPT_S_CURVES: \
+ case OPT_S_NAMEDCURVE: \
+ case OPT_S_CIPHER: \
+ case OPT_S_DHPARAM: \
+ case OPT_S_DEBUGBROKE
+
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+ const char *name;
+ int retval;
+ /*
+ * value type: - no value (also the value zero), n number, p positive
+ * number, u unsigned, s string, < input file, > output file, f der/pem
+ * format, F any format identifier. n and u include zero; p does not.
+ */
+ int valtype;
+ const char *helpstr;
+} OPTIONS;
+
+/*
+ * A string/int pairing; widely use for option value lookup, hence the
+ * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
+ * the "generic" name STRINT_PAIR.
+ */
+typedef struct string_int_pair_st {
+ const char *name;
+ int retval;
+} OPT_PAIR, STRINT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER (1L << 1)
+# define OPT_FMT_PKCS12 (1L << 2)
+# define OPT_FMT_SMIME (1L << 3)
+# define OPT_FMT_ENGINE (1L << 4)
+# define OPT_FMT_MSBLOB (1L << 5)
+# define OPT_FMT_NETSCAPE (1L << 6)
+# define OPT_FMT_NSS (1L << 7)
+# define OPT_FMT_TEXT (1L << 8)
+# define OPT_FMT_HTTP (1L << 9)
+# define OPT_FMT_PVK (1L << 10)
+# define OPT_FMT_ANY ( \
+ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
+ OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next();
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char *opt_reset(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+int opt_next(void);
+
+typedef struct args_st {
+ int size;
+ int argc;
+ char **argv;
+} ARGS;
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+ const void *password;
+ const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);