Don't compile heartbeat test code on Windows (for now).
[openssl.git] / apps / apps.c
1 /* apps/apps.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
113 #define _POSIX_C_SOURCE 2       /* On VMS, you need to define this to get
114                                    the declaration of fileno().  The value
115                                    2 is to make sure no function defined
116                                    in POSIX-2 is left undefined. */
117 #endif
118 #include <stdio.h>
119 #include <stdlib.h>
120 #include <string.h>
121 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB)
122 #include <strings.h>
123 #endif
124 #include <sys/types.h>
125 #include <ctype.h>
126 #include <errno.h>
127 #include <assert.h>
128 #include <openssl/err.h>
129 #include <openssl/x509.h>
130 #include <openssl/x509v3.h>
131 #include <openssl/pem.h>
132 #include <openssl/pkcs12.h>
133 #include <openssl/ui.h>
134 #include <openssl/safestack.h>
135 #ifndef OPENSSL_NO_ENGINE
136 #include <openssl/engine.h>
137 #endif
138 #ifndef OPENSSL_NO_RSA
139 #include <openssl/rsa.h>
140 #endif
141 #include <openssl/bn.h>
142 #ifndef OPENSSL_NO_JPAKE
143 #include <openssl/jpake.h>
144 #endif
145
146 #define NON_MAIN
147 #include "apps.h"
148 #undef NON_MAIN
149
150 #ifdef _WIN32
151 static int WIN32_rename(const char *from, const char *to);
152 #define rename(from,to) WIN32_rename((from),(to))
153 #endif
154
155 typedef struct {
156         const char *name;
157         unsigned long flag;
158         unsigned long mask;
159 } NAME_EX_TBL;
160
161 static UI_METHOD *ui_method = NULL;
162
163 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
164 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
165
166 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
167 /* Looks like this stuff is worth moving into separate function */
168 static EVP_PKEY *
169 load_netscape_key(BIO *err, BIO *key, const char *file,
170                 const char *key_descrip, int format);
171 #endif
172
173 int app_init(long mesgwin);
174 #ifdef undef /* never finished - probably never will be :-) */
175 int args_from_file(char *file, int *argc, char **argv[])
176         {
177         FILE *fp;
178         int num,i;
179         unsigned int len;
180         static char *buf=NULL;
181         static char **arg=NULL;
182         char *p;
183
184         fp=fopen(file,"r");
185         if (fp == NULL)
186                 return(0);
187
188         if (fseek(fp,0,SEEK_END)==0)
189                 len=ftell(fp), rewind(fp);
190         else    len=-1;
191         if (len<=0)
192                 {
193                 fclose(fp);
194                 return(0);
195                 }
196
197         *argc=0;
198         *argv=NULL;
199
200         if (buf != NULL) OPENSSL_free(buf);
201         buf=(char *)OPENSSL_malloc(len+1);
202         if (buf == NULL) return(0);
203
204         len=fread(buf,1,len,fp);
205         if (len <= 1) return(0);
206         buf[len]='\0';
207
208         i=0;
209         for (p=buf; *p; p++)
210                 if (*p == '\n') i++;
211         if (arg != NULL) OPENSSL_free(arg);
212         arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
213
214         *argv=arg;
215         num=0;
216         p=buf;
217         for (;;)
218                 {
219                 if (!*p) break;
220                 if (*p == '#') /* comment line */
221                         {
222                         while (*p && (*p != '\n')) p++;
223                         continue;
224                         }
225                 /* else we have a line */
226                 *(arg++)=p;
227                 num++;
228                 while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
229                         p++;
230                 if (!*p) break;
231                 if (*p == '\n')
232                         {
233                         *(p++)='\0';
234                         continue;
235                         }
236                 /* else it is a tab or space */
237                 p++;
238                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
239                         p++;
240                 if (!*p) break;
241                 if (*p == '\n')
242                         {
243                         p++;
244                         continue;
245                         }
246                 *(arg++)=p++;
247                 num++;
248                 while (*p && (*p != '\n')) p++;
249                 if (!*p) break;
250                 /* else *p == '\n' */
251                 *(p++)='\0';
252                 }
253         *argc=num;
254         return(1);
255         }
256 #endif
257
258 int str2fmt(char *s)
259         {
260         if (s == NULL)
261                 return FORMAT_UNDEF;
262         if      ((*s == 'D') || (*s == 'd'))
263                 return(FORMAT_ASN1);
264         else if ((*s == 'T') || (*s == 't'))
265                 return(FORMAT_TEXT);
266         else if ((strcmp(s,"NSS") == 0) || (strcmp(s,"nss") == 0))
267                 return(FORMAT_NSS);
268         else if ((*s == 'N') || (*s == 'n'))
269                 return(FORMAT_NETSCAPE);
270         else if ((*s == 'S') || (*s == 's'))
271                 return(FORMAT_SMIME);
272         else if ((*s == 'M') || (*s == 'm'))
273                 return(FORMAT_MSBLOB);
274         else if ((*s == '1')
275                 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
276                 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
277                 return(FORMAT_PKCS12);
278         else if ((*s == 'E') || (*s == 'e'))
279                 return(FORMAT_ENGINE);
280         else if ((*s == 'H') || (*s == 'h'))
281                 return FORMAT_HTTP;
282         else if ((*s == 'P') || (*s == 'p'))
283                 {
284                 if (s[1] == 'V' || s[1] == 'v')
285                         return FORMAT_PVK;
286                 else
287                         return(FORMAT_PEM);
288                 }
289         else
290                 return(FORMAT_UNDEF);
291         }
292
293 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
294 void program_name(char *in, char *out, int size)
295         {
296         int i,n;
297         char *p=NULL;
298
299         n=strlen(in);
300         /* find the last '/', '\' or ':' */
301         for (i=n-1; i>0; i--)
302                 {
303                 if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
304                         {
305                         p= &(in[i+1]);
306                         break;
307                         }
308                 }
309         if (p == NULL)
310                 p=in;
311         n=strlen(p);
312
313 #if defined(OPENSSL_SYS_NETWARE)
314    /* strip off trailing .nlm if present. */
315    if ((n > 4) && (p[n-4] == '.') &&
316       ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
317       ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
318       ((p[n-1] == 'm') || (p[n-1] == 'M')))
319       n-=4;
320 #else
321         /* strip off trailing .exe if present. */
322         if ((n > 4) && (p[n-4] == '.') &&
323                 ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
324                 ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
325                 ((p[n-1] == 'e') || (p[n-1] == 'E')))
326                 n-=4;
327 #endif
328
329         if (n > size-1)
330                 n=size-1;
331
332         for (i=0; i<n; i++)
333                 {
334                 if ((p[i] >= 'A') && (p[i] <= 'Z'))
335                         out[i]=p[i]-'A'+'a';
336                 else
337                         out[i]=p[i];
338                 }
339         out[n]='\0';
340         }
341 #else
342 #ifdef OPENSSL_SYS_VMS
343 void program_name(char *in, char *out, int size)
344         {
345         char *p=in, *q;
346         char *chars=":]>";
347
348         while(*chars != '\0')
349                 {
350                 q=strrchr(p,*chars);
351                 if (q > p)
352                         p = q + 1;
353                 chars++;
354                 }
355
356         q=strrchr(p,'.');
357         if (q == NULL)
358                 q = p + strlen(p);
359         strncpy(out,p,size-1);
360         if (q-p >= size)
361                 {
362                 out[size-1]='\0';
363                 }
364         else
365                 {
366                 out[q-p]='\0';
367                 }
368         }
369 #else
370 void program_name(char *in, char *out, int size)
371         {
372         char *p;
373
374         p=strrchr(in,'/');
375         if (p != NULL)
376                 p++;
377         else
378                 p=in;
379         BUF_strlcpy(out,p,size);
380         }
381 #endif
382 #endif
383
384 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
385         {
386         int num,i;
387         char *p;
388
389         *argc=0;
390         *argv=NULL;
391
392         i=0;
393         if (arg->count == 0)
394                 {
395                 arg->count=20;
396                 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
397                 }
398         for (i=0; i<arg->count; i++)
399                 arg->data[i]=NULL;
400
401         num=0;
402         p=buf;
403         for (;;)
404                 {
405                 /* first scan over white space */
406                 if (!*p) break;
407                 while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
408                         p++;
409                 if (!*p) break;
410
411                 /* The start of something good :-) */
412                 if (num >= arg->count)
413                         {
414                         char **tmp_p;
415                         int tlen = arg->count + 20;
416                         tmp_p = (char **)OPENSSL_realloc(arg->data,
417                                 sizeof(char *)*tlen);
418                         if (tmp_p == NULL)
419                                 return 0;
420                         arg->data  = tmp_p;
421                         arg->count = tlen;
422                         /* initialize newly allocated data */
423                         for (i = num; i < arg->count; i++)
424                                 arg->data[i] = NULL;
425                         }
426                 arg->data[num++]=p;
427
428                 /* now look for the end of this */
429                 if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
430                         {
431                         i= *(p++);
432                         arg->data[num-1]++; /* jump over quote */
433                         while (*p && (*p != i))
434                                 p++;
435                         *p='\0';
436                         }
437                 else
438                         {
439                         while (*p && ((*p != ' ') &&
440                                 (*p != '\t') && (*p != '\n')))
441                                 p++;
442
443                         if (*p == '\0')
444                                 p--;
445                         else
446                                 *p='\0';
447                         }
448                 p++;
449                 }
450         *argc=num;
451         *argv=arg->data;
452         return(1);
453         }
454
455 #ifndef APP_INIT
456 int app_init(long mesgwin)
457         {
458         return(1);
459         }
460 #endif
461
462
463 int dump_cert_text (BIO *out, X509 *x)
464 {
465         char *p;
466
467         p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
468         BIO_puts(out,"subject=");
469         BIO_puts(out,p);
470         OPENSSL_free(p);
471
472         p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
473         BIO_puts(out,"\nissuer=");
474         BIO_puts(out,p);
475         BIO_puts(out,"\n");
476         OPENSSL_free(p);
477
478         return 0;
479 }
480
481 static int ui_open(UI *ui)
482         {
483         return UI_method_get_opener(UI_OpenSSL())(ui);
484         }
485 static int ui_read(UI *ui, UI_STRING *uis)
486         {
487         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
488                 && UI_get0_user_data(ui))
489                 {
490                 switch(UI_get_string_type(uis))
491                         {
492                 case UIT_PROMPT:
493                 case UIT_VERIFY:
494                         {
495                         const char *password =
496                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
497                         if (password && password[0] != '\0')
498                                 {
499                                 UI_set_result(ui, uis, password);
500                                 return 1;
501                                 }
502                         }
503                 default:
504                         break;
505                         }
506                 }
507         return UI_method_get_reader(UI_OpenSSL())(ui, uis);
508         }
509 static int ui_write(UI *ui, UI_STRING *uis)
510         {
511         if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
512                 && UI_get0_user_data(ui))
513                 {
514                 switch(UI_get_string_type(uis))
515                         {
516                 case UIT_PROMPT:
517                 case UIT_VERIFY:
518                         {
519                         const char *password =
520                                 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
521                         if (password && password[0] != '\0')
522                                 return 1;
523                         }
524                 default:
525                         break;
526                         }
527                 }
528         return UI_method_get_writer(UI_OpenSSL())(ui, uis);
529         }
530 static int ui_close(UI *ui)
531         {
532         return UI_method_get_closer(UI_OpenSSL())(ui);
533         }
534 int setup_ui_method(void)
535         {
536         ui_method = UI_create_method("OpenSSL application user interface");
537         UI_method_set_opener(ui_method, ui_open);
538         UI_method_set_reader(ui_method, ui_read);
539         UI_method_set_writer(ui_method, ui_write);
540         UI_method_set_closer(ui_method, ui_close);
541         return 0;
542         }
543 void destroy_ui_method(void)
544         {
545         if(ui_method)
546                 {
547                 UI_destroy_method(ui_method);
548                 ui_method = NULL;
549                 }
550         }
551 int password_callback(char *buf, int bufsiz, int verify,
552         PW_CB_DATA *cb_tmp)
553         {
554         UI *ui = NULL;
555         int res = 0;
556         const char *prompt_info = NULL;
557         const char *password = NULL;
558         PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
559
560         if (cb_data)
561                 {
562                 if (cb_data->password)
563                         password = cb_data->password;
564                 if (cb_data->prompt_info)
565                         prompt_info = cb_data->prompt_info;
566                 }
567
568         if (password)
569                 {
570                 res = strlen(password);
571                 if (res > bufsiz)
572                         res = bufsiz;
573                 memcpy(buf, password, res);
574                 return res;
575                 }
576
577         ui = UI_new_method(ui_method);
578         if (ui)
579                 {
580                 int ok = 0;
581                 char *buff = NULL;
582                 int ui_flags = 0;
583                 char *prompt = NULL;
584
585                 prompt = UI_construct_prompt(ui, "pass phrase",
586                         prompt_info);
587
588                 ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
589                 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
590
591                 if (ok >= 0)
592                         ok = UI_add_input_string(ui,prompt,ui_flags,buf,
593                                 PW_MIN_LENGTH,bufsiz-1);
594                 if (ok >= 0 && verify)
595                         {
596                         buff = (char *)OPENSSL_malloc(bufsiz);
597                         ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
598                                 PW_MIN_LENGTH,bufsiz-1, buf);
599                         }
600                 if (ok >= 0)
601                         do
602                                 {
603                                 ok = UI_process(ui);
604                                 }
605                         while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
606
607                 if (buff)
608                         {
609                         OPENSSL_cleanse(buff,(unsigned int)bufsiz);
610                         OPENSSL_free(buff);
611                         }
612
613                 if (ok >= 0)
614                         res = strlen(buf);
615                 if (ok == -1)
616                         {
617                         BIO_printf(bio_err, "User interface error\n");
618                         ERR_print_errors(bio_err);
619                         OPENSSL_cleanse(buf,(unsigned int)bufsiz);
620                         res = 0;
621                         }
622                 if (ok == -2)
623                         {
624                         BIO_printf(bio_err,"aborted!\n");
625                         OPENSSL_cleanse(buf,(unsigned int)bufsiz);
626                         res = 0;
627                         }
628                 UI_free(ui);
629                 OPENSSL_free(prompt);
630                 }
631         return res;
632         }
633
634 static char *app_get_pass(BIO *err, char *arg, int keepbio);
635
636 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
637 {
638         int same;
639         if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
640         else same = 1;
641         if(arg1) {
642                 *pass1 = app_get_pass(err, arg1, same);
643                 if(!*pass1) return 0;
644         } else if(pass1) *pass1 = NULL;
645         if(arg2) {
646                 *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
647                 if(!*pass2) return 0;
648         } else if(pass2) *pass2 = NULL;
649         return 1;
650 }
651
652 static char *app_get_pass(BIO *err, char *arg, int keepbio)
653 {
654         char *tmp, tpass[APP_PASS_LEN];
655         static BIO *pwdbio = NULL;
656         int i;
657         if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
658         if(!strncmp(arg, "env:", 4)) {
659                 tmp = getenv(arg + 4);
660                 if(!tmp) {
661                         BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
662                         return NULL;
663                 }
664                 return BUF_strdup(tmp);
665         }
666         if(!keepbio || !pwdbio) {
667                 if(!strncmp(arg, "file:", 5)) {
668                         pwdbio = BIO_new_file(arg + 5, "r");
669                         if(!pwdbio) {
670                                 BIO_printf(err, "Can't open file %s\n", arg + 5);
671                                 return NULL;
672                         }
673 #if !defined(_WIN32)
674                 /*
675                  * Under _WIN32, which covers even Win64 and CE, file
676                  * descriptors referenced by BIO_s_fd are not inherited
677                  * by child process and therefore below is not an option.
678                  * It could have been an option if bss_fd.c was operating
679                  * on real Windows descriptors, such as those obtained
680                  * with CreateFile.
681                  */
682                 } else if(!strncmp(arg, "fd:", 3)) {
683                         BIO *btmp;
684                         i = atoi(arg + 3);
685                         if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
686                         if((i < 0) || !pwdbio) {
687                                 BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
688                                 return NULL;
689                         }
690                         /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
691                         btmp = BIO_new(BIO_f_buffer());
692                         pwdbio = BIO_push(btmp, pwdbio);
693 #endif
694                 } else if(!strcmp(arg, "stdin")) {
695                         pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
696                         if(!pwdbio) {
697                                 BIO_printf(err, "Can't open BIO for stdin\n");
698                                 return NULL;
699                         }
700                 } else {
701                         BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
702                         return NULL;
703                 }
704         }
705         i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
706         if(keepbio != 1) {
707                 BIO_free_all(pwdbio);
708                 pwdbio = NULL;
709         }
710         if(i <= 0) {
711                 BIO_printf(err, "Error reading password from BIO\n");
712                 return NULL;
713         }
714         tmp = strchr(tpass, '\n');
715         if(tmp) *tmp = 0;
716         return BUF_strdup(tpass);
717 }
718
719 int add_oid_section(BIO *err, CONF *conf)
720 {       
721         char *p;
722         STACK_OF(CONF_VALUE) *sktmp;
723         CONF_VALUE *cnf;
724         int i;
725         if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
726                 {
727                 ERR_clear_error();
728                 return 1;
729                 }
730         if(!(sktmp = NCONF_get_section(conf, p))) {
731                 BIO_printf(err, "problem loading oid section %s\n", p);
732                 return 0;
733         }
734         for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
735                 cnf = sk_CONF_VALUE_value(sktmp, i);
736                 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
737                         BIO_printf(err, "problem creating object %s=%s\n",
738                                                          cnf->name, cnf->value);
739                         return 0;
740                 }
741         }
742         return 1;
743 }
744
745 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
746                 pem_password_cb *pem_cb,  void *cb_data,
747                 EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
748         {
749         const char *pass;
750         char tpass[PEM_BUFSIZE];
751         int len, ret = 0;
752         PKCS12 *p12;
753         p12 = d2i_PKCS12_bio(in, NULL);
754         if (p12 == NULL)
755                 {
756                 BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);    
757                 goto die;
758                 }
759         /* See if an empty password will do */
760         if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
761                 pass = "";
762         else
763                 {
764                 if (!pem_cb)
765                         pem_cb = (pem_password_cb *)password_callback;
766                 len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
767                 if (len < 0) 
768                         {
769                         BIO_printf(err, "Passpharse callback error for %s\n",
770                                         desc);
771                         goto die;
772                         }
773                 if (len < PEM_BUFSIZE)
774                         tpass[len] = 0;
775                 if (!PKCS12_verify_mac(p12, tpass, len))
776                         {
777                         BIO_printf(err,
778         "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);    
779                         goto die;
780                         }
781                 pass = tpass;
782                 }
783         ret = PKCS12_parse(p12, pass, pkey, cert, ca);
784         die:
785         if (p12)
786                 PKCS12_free(p12);
787         return ret;
788         }
789
790 int load_cert_crl_http(const char *url, BIO *err,
791                                         X509 **pcert, X509_CRL **pcrl)
792         {
793         char *host = NULL, *port = NULL, *path = NULL;
794         BIO *bio = NULL;
795         OCSP_REQ_CTX *rctx = NULL;
796         int use_ssl, rv = 0;
797         if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
798                 goto err;
799         if (use_ssl)
800                 {
801                 if (err)
802                         BIO_puts(err, "https not supported\n");
803                 goto err;
804                 }
805         bio = BIO_new_connect(host);
806         if (!bio || !BIO_set_conn_port(bio, port))
807                 goto err;
808         rctx = OCSP_REQ_CTX_new(bio, 1024);
809         if (!rctx)
810                 goto err;
811         if (!OCSP_REQ_CTX_http(rctx, "GET", path))
812                 goto err;
813         if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
814                 goto err;
815         if (pcert)
816                 {
817                 do
818                         {
819                         rv = X509_http_nbio(rctx, pcert);
820                         }
821                 while (rv == -1);
822                 }
823         else
824                 {
825                 do
826                         {
827                         rv = X509_CRL_http_nbio(rctx, pcrl);
828                         } while (rv == -1);
829                 }
830
831         err:
832         if (host)
833                 OPENSSL_free(host);
834         if (path)
835                 OPENSSL_free(path);
836         if (port)
837                 OPENSSL_free(port);
838         if (bio)
839                 BIO_free_all(bio);
840         if (rctx)
841                 OCSP_REQ_CTX_free(rctx);
842         if (rv != 1)
843                 {
844                 if (bio && err)
845                         BIO_printf(bio_err, "Error loading %s from %s\n",
846                                         pcert ? "certificate" : "CRL", url);
847                 ERR_print_errors(bio_err);
848                 }
849         return rv;
850         }
851
852 X509 *load_cert(BIO *err, const char *file, int format,
853         const char *pass, ENGINE *e, const char *cert_descrip)
854         {
855         X509 *x=NULL;
856         BIO *cert;
857
858         if (format == FORMAT_HTTP)
859                 {
860                 load_cert_crl_http(file, err, &x, NULL);
861                 return x;
862                 }
863
864         if ((cert=BIO_new(BIO_s_file())) == NULL)
865                 {
866                 ERR_print_errors(err);
867                 goto end;
868                 }
869
870         if (file == NULL)
871                 {
872 #ifdef _IONBF
873 # ifndef OPENSSL_NO_SETVBUF_IONBF
874                 setvbuf(stdin, NULL, _IONBF, 0);
875 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
876 #endif
877                 BIO_set_fp(cert,stdin,BIO_NOCLOSE);
878                 }
879         else
880                 {
881                 if (BIO_read_filename(cert,file) <= 0)
882                         {
883                         BIO_printf(err, "Error opening %s %s\n",
884                                 cert_descrip, file);
885                         ERR_print_errors(err);
886                         goto end;
887                         }
888                 }
889
890         if      (format == FORMAT_ASN1)
891                 x=d2i_X509_bio(cert,NULL);
892         else if (format == FORMAT_NETSCAPE)
893                 {
894                 NETSCAPE_X509 *nx;
895                 nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
896                 if (nx == NULL)
897                                 goto end;
898
899                 if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
900                         nx->header->length) != 0))
901                         {
902                         NETSCAPE_X509_free(nx);
903                         BIO_printf(err,"Error reading header on certificate\n");
904                         goto end;
905                         }
906                 x=nx->cert;
907                 nx->cert = NULL;
908                 NETSCAPE_X509_free(nx);
909                 }
910         else if (format == FORMAT_PEM)
911                 x=PEM_read_bio_X509_AUX(cert,NULL,
912                         (pem_password_cb *)password_callback, NULL);
913         else if (format == FORMAT_PKCS12)
914                 {
915                 if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
916                                         NULL, &x, NULL))
917                         goto end;
918                 }
919         else    {
920                 BIO_printf(err,"bad input format specified for %s\n",
921                         cert_descrip);
922                 goto end;
923                 }
924 end:
925         if (x == NULL)
926                 {
927                 BIO_printf(err,"unable to load certificate\n");
928                 ERR_print_errors(err);
929                 }
930         if (cert != NULL) BIO_free(cert);
931         return(x);
932         }
933
934 X509_CRL *load_crl(const char *infile, int format)
935         {
936         X509_CRL *x=NULL;
937         BIO *in=NULL;
938
939         if (format == FORMAT_HTTP)
940                 {
941                 load_cert_crl_http(infile, bio_err, NULL, &x);
942                 return x;
943                 }
944
945         in=BIO_new(BIO_s_file());
946         if (in == NULL)
947                 {
948                 ERR_print_errors(bio_err);
949                 goto end;
950                 }
951
952         if (infile == NULL)
953                 BIO_set_fp(in,stdin,BIO_NOCLOSE);
954         else
955                 {
956                 if (BIO_read_filename(in,infile) <= 0)
957                         {
958                         perror(infile);
959                         goto end;
960                         }
961                 }
962         if      (format == FORMAT_ASN1)
963                 x=d2i_X509_CRL_bio(in,NULL);
964         else if (format == FORMAT_PEM)
965                 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
966         else    {
967                 BIO_printf(bio_err,"bad input format specified for input crl\n");
968                 goto end;
969                 }
970         if (x == NULL)
971                 {
972                 BIO_printf(bio_err,"unable to load CRL\n");
973                 ERR_print_errors(bio_err);
974                 goto end;
975                 }
976         
977 end:
978         BIO_free(in);
979         return(x);
980         }
981
982
983 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
984         const char *pass, ENGINE *e, const char *key_descrip)
985         {
986         BIO *key=NULL;
987         EVP_PKEY *pkey=NULL;
988         PW_CB_DATA cb_data;
989
990         cb_data.password = pass;
991         cb_data.prompt_info = file;
992
993         if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
994                 {
995                 BIO_printf(err,"no keyfile specified\n");
996                 goto end;
997                 }
998 #ifndef OPENSSL_NO_ENGINE
999         if (format == FORMAT_ENGINE)
1000                 {
1001                 if (!e)
1002                         BIO_printf(err,"no engine specified\n");
1003                 else
1004                         {
1005                         pkey = ENGINE_load_private_key(e, file,
1006                                 ui_method, &cb_data);
1007                         if (!pkey) 
1008                                 {
1009                                 BIO_printf(err,"cannot load %s from engine\n",key_descrip);
1010                                 ERR_print_errors(err);
1011                                 }       
1012                         }
1013                 goto end;
1014                 }
1015 #endif
1016         key=BIO_new(BIO_s_file());
1017         if (key == NULL)
1018                 {
1019                 ERR_print_errors(err);
1020                 goto end;
1021                 }
1022         if (file == NULL && maybe_stdin)
1023                 {
1024 #ifdef _IONBF
1025 # ifndef OPENSSL_NO_SETVBUF_IONBF
1026                 setvbuf(stdin, NULL, _IONBF, 0);
1027 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
1028 #endif
1029                 BIO_set_fp(key,stdin,BIO_NOCLOSE);
1030                 }
1031         else
1032                 if (BIO_read_filename(key,file) <= 0)
1033                         {
1034                         BIO_printf(err, "Error opening %s %s\n",
1035                                 key_descrip, file);
1036                         ERR_print_errors(err);
1037                         goto end;
1038                         }
1039         if (format == FORMAT_ASN1)
1040                 {
1041                 pkey=d2i_PrivateKey_bio(key, NULL);
1042                 }
1043         else if (format == FORMAT_PEM)
1044                 {
1045                 pkey=PEM_read_bio_PrivateKey(key,NULL,
1046                         (pem_password_cb *)password_callback, &cb_data);
1047                 }
1048 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1049         else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
1050                 pkey = load_netscape_key(err, key, file, key_descrip, format);
1051 #endif
1052         else if (format == FORMAT_PKCS12)
1053                 {
1054                 if (!load_pkcs12(err, key, key_descrip,
1055                                 (pem_password_cb *)password_callback, &cb_data,
1056                                 &pkey, NULL, NULL))
1057                         goto end;
1058                 }
1059 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
1060         else if (format == FORMAT_MSBLOB)
1061                 pkey = b2i_PrivateKey_bio(key);
1062         else if (format == FORMAT_PVK)
1063                 pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
1064                                                                 &cb_data);
1065 #endif
1066         else
1067                 {
1068                 BIO_printf(err,"bad input format specified for key file\n");
1069                 goto end;
1070                 }
1071  end:
1072         if (key != NULL) BIO_free(key);
1073         if (pkey == NULL) 
1074                 {
1075                 BIO_printf(err,"unable to load %s\n", key_descrip);
1076                 ERR_print_errors(err);
1077                 }       
1078         return(pkey);
1079         }
1080
1081 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
1082         const char *pass, ENGINE *e, const char *key_descrip)
1083         {
1084         BIO *key=NULL;
1085         EVP_PKEY *pkey=NULL;
1086         PW_CB_DATA cb_data;
1087
1088         cb_data.password = pass;
1089         cb_data.prompt_info = file;
1090
1091         if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
1092                 {
1093                 BIO_printf(err,"no keyfile specified\n");
1094                 goto end;
1095                 }
1096 #ifndef OPENSSL_NO_ENGINE
1097         if (format == FORMAT_ENGINE)
1098                 {
1099                 if (!e)
1100                         BIO_printf(bio_err,"no engine specified\n");
1101                 else
1102                         pkey = ENGINE_load_public_key(e, file,
1103                                 ui_method, &cb_data);
1104                 goto end;
1105                 }
1106 #endif
1107         key=BIO_new(BIO_s_file());
1108         if (key == NULL)
1109                 {
1110                 ERR_print_errors(err);
1111                 goto end;
1112                 }
1113         if (file == NULL && maybe_stdin)
1114                 {
1115 #ifdef _IONBF
1116 # ifndef OPENSSL_NO_SETVBUF_IONBF
1117                 setvbuf(stdin, NULL, _IONBF, 0);
1118 # endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
1119 #endif
1120                 BIO_set_fp(key,stdin,BIO_NOCLOSE);
1121                 }
1122         else
1123                 if (BIO_read_filename(key,file) <= 0)
1124                         {
1125                         BIO_printf(err, "Error opening %s %s\n",
1126                                 key_descrip, file);
1127                         ERR_print_errors(err);
1128                         goto end;
1129                 }
1130         if (format == FORMAT_ASN1)
1131                 {
1132                 pkey=d2i_PUBKEY_bio(key, NULL);
1133                 }
1134 #ifndef OPENSSL_NO_RSA
1135         else if (format == FORMAT_ASN1RSA)
1136                 {
1137                 RSA *rsa;
1138                 rsa = d2i_RSAPublicKey_bio(key, NULL);
1139                 if (rsa)
1140                         {
1141                         pkey = EVP_PKEY_new();
1142                         if (pkey)
1143                                 EVP_PKEY_set1_RSA(pkey, rsa);
1144                         RSA_free(rsa);
1145                         }
1146                 else
1147                         pkey = NULL;
1148                 }
1149         else if (format == FORMAT_PEMRSA)
1150                 {
1151                 RSA *rsa;
1152                 rsa = PEM_read_bio_RSAPublicKey(key, NULL, 
1153                         (pem_password_cb *)password_callback, &cb_data);
1154                 if (rsa)
1155                         {
1156                         pkey = EVP_PKEY_new();
1157                         if (pkey)
1158                                 EVP_PKEY_set1_RSA(pkey, rsa);
1159                         RSA_free(rsa);
1160                         }
1161                 else
1162                         pkey = NULL;
1163                 }
1164 #endif
1165         else if (format == FORMAT_PEM)
1166                 {
1167                 pkey=PEM_read_bio_PUBKEY(key,NULL,
1168                         (pem_password_cb *)password_callback, &cb_data);
1169                 }
1170 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1171         else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
1172                 pkey = load_netscape_key(err, key, file, key_descrip, format);
1173 #endif
1174 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
1175         else if (format == FORMAT_MSBLOB)
1176                 pkey = b2i_PublicKey_bio(key);
1177 #endif
1178         else
1179                 {
1180                 BIO_printf(err,"bad input format specified for key file\n");
1181                 goto end;
1182                 }
1183  end:
1184         if (key != NULL) BIO_free(key);
1185         if (pkey == NULL)
1186                 BIO_printf(err,"unable to load %s\n", key_descrip);
1187         return(pkey);
1188         }
1189
1190 #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
1191 static EVP_PKEY *
1192 load_netscape_key(BIO *err, BIO *key, const char *file,
1193                 const char *key_descrip, int format)
1194         {
1195         EVP_PKEY *pkey;
1196         BUF_MEM *buf;
1197         RSA     *rsa;
1198         const unsigned char *p;
1199         int size, i;
1200
1201         buf=BUF_MEM_new();
1202         pkey = EVP_PKEY_new();
1203         size = 0;
1204         if (buf == NULL || pkey == NULL)
1205                 goto error;
1206         for (;;)
1207                 {
1208                 if (!BUF_MEM_grow_clean(buf,size+1024*10))
1209                         goto error;
1210                 i = BIO_read(key, &(buf->data[size]), 1024*10);
1211                 size += i;
1212                 if (i == 0)
1213                         break;
1214                 if (i < 0)
1215                         {
1216                                 BIO_printf(err, "Error reading %s %s",
1217                                         key_descrip, file);
1218                                 goto error;
1219                         }
1220                 }
1221         p=(unsigned char *)buf->data;
1222         rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
1223                 (format == FORMAT_IISSGC ? 1 : 0));
1224         if (rsa == NULL)
1225                 goto error;
1226         BUF_MEM_free(buf);
1227         EVP_PKEY_set1_RSA(pkey, rsa);
1228         return pkey;
1229 error:
1230         BUF_MEM_free(buf);
1231         EVP_PKEY_free(pkey);
1232         return NULL;
1233         }
1234 #endif /* ndef OPENSSL_NO_RC4 */
1235
1236 static int load_certs_crls(BIO *err, const char *file, int format,
1237         const char *pass, ENGINE *e, const char *desc,
1238         STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
1239         {
1240         int i;
1241         BIO *bio;
1242         STACK_OF(X509_INFO) *xis = NULL;
1243         X509_INFO *xi;
1244         PW_CB_DATA cb_data;
1245         int rv = 0;
1246
1247         cb_data.password = pass;
1248         cb_data.prompt_info = file;
1249
1250         if (format != FORMAT_PEM)
1251                 {
1252                 BIO_printf(err,"bad input format specified for %s\n", desc);
1253                 return 0;
1254                 }
1255
1256         if (file == NULL)
1257                 bio = BIO_new_fp(stdin,BIO_NOCLOSE);
1258         else
1259                 bio = BIO_new_file(file, "r");
1260
1261         if (bio == NULL)
1262                 {
1263                 BIO_printf(err, "Error opening %s %s\n",
1264                                 desc, file ? file : "stdin");
1265                 ERR_print_errors(err);
1266                 return 0;
1267                 }
1268
1269         xis = PEM_X509_INFO_read_bio(bio, NULL,
1270                                 (pem_password_cb *)password_callback, &cb_data);
1271
1272         BIO_free(bio);
1273
1274         if (pcerts)
1275                 {
1276                 *pcerts = sk_X509_new_null();
1277                 if (!*pcerts)
1278                         goto end;
1279                 }
1280
1281         if (pcrls)
1282                 {
1283                 *pcrls = sk_X509_CRL_new_null();
1284                 if (!*pcrls)
1285                         goto end;
1286                 }
1287
1288         for(i = 0; i < sk_X509_INFO_num(xis); i++)
1289                 {
1290                 xi = sk_X509_INFO_value (xis, i);
1291                 if (xi->x509 && pcerts)
1292                         {
1293                         if (!sk_X509_push(*pcerts, xi->x509))
1294                                 goto end;
1295                         xi->x509 = NULL;
1296                         }
1297                 if (xi->crl && pcrls)
1298                         {
1299                         if (!sk_X509_CRL_push(*pcrls, xi->crl))
1300                                 goto end;
1301                         xi->crl = NULL;
1302                         }
1303                 }
1304
1305         if (pcerts && sk_X509_num(*pcerts) > 0)
1306                 rv = 1;
1307
1308         if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
1309                 rv = 1;
1310
1311         end:
1312
1313         if (xis)
1314                 sk_X509_INFO_pop_free(xis, X509_INFO_free);
1315
1316         if (rv == 0)
1317                 {
1318                 if (pcerts)
1319                         {
1320                         sk_X509_pop_free(*pcerts, X509_free);
1321                         *pcerts = NULL;
1322                         }
1323                 if (pcrls)
1324                         {
1325                         sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
1326                         *pcrls = NULL;
1327                         }
1328                 BIO_printf(err,"unable to load %s\n",
1329                                 pcerts ? "certificates" : "CRLs");
1330                 ERR_print_errors(err);
1331                 }
1332         return rv;
1333         }
1334
1335 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
1336         const char *pass, ENGINE *e, const char *desc)
1337         {
1338         STACK_OF(X509) *certs;
1339         if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
1340                 return NULL;
1341         return certs;
1342         }       
1343
1344 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
1345         const char *pass, ENGINE *e, const char *desc)
1346         {
1347         STACK_OF(X509_CRL) *crls;
1348         if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
1349                 return NULL;
1350         return crls;
1351         }       
1352
1353 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
1354 /* Return error for unknown extensions */
1355 #define X509V3_EXT_DEFAULT              0
1356 /* Print error for unknown extensions */
1357 #define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
1358 /* ASN1 parse unknown extensions */
1359 #define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
1360 /* BIO_dump unknown extensions */
1361 #define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
1362
1363 #define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
1364                          X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
1365
1366 int set_cert_ex(unsigned long *flags, const char *arg)
1367 {
1368         static const NAME_EX_TBL cert_tbl[] = {
1369                 { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
1370                 { "ca_default", X509_FLAG_CA, 0xffffffffl},
1371                 { "no_header", X509_FLAG_NO_HEADER, 0},
1372                 { "no_version", X509_FLAG_NO_VERSION, 0},
1373                 { "no_serial", X509_FLAG_NO_SERIAL, 0},
1374                 { "no_signame", X509_FLAG_NO_SIGNAME, 0},
1375                 { "no_validity", X509_FLAG_NO_VALIDITY, 0},
1376                 { "no_subject", X509_FLAG_NO_SUBJECT, 0},
1377                 { "no_issuer", X509_FLAG_NO_ISSUER, 0},
1378                 { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
1379                 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1380                 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1381                 { "no_aux", X509_FLAG_NO_AUX, 0},
1382                 { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1383                 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1384                 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1385                 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1386                 { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1387                 { NULL, 0, 0}
1388         };
1389         return set_multi_opts(flags, arg, cert_tbl);
1390 }
1391
1392 int set_name_ex(unsigned long *flags, const char *arg)
1393 {
1394         static const NAME_EX_TBL ex_tbl[] = {
1395                 { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
1396                 { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
1397                 { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
1398                 { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
1399                 { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
1400                 { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
1401                 { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
1402                 { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
1403                 { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
1404                 { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
1405                 { "compat", XN_FLAG_COMPAT, 0xffffffffL},
1406                 { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
1407                 { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
1408                 { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
1409                 { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
1410                 { "dn_rev", XN_FLAG_DN_REV, 0},
1411                 { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
1412                 { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
1413                 { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
1414                 { "align", XN_FLAG_FN_ALIGN, 0},
1415                 { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
1416                 { "space_eq", XN_FLAG_SPC_EQ, 0},
1417                 { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
1418                 { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
1419                 { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
1420                 { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
1421                 { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
1422                 { NULL, 0, 0}
1423         };
1424         return set_multi_opts(flags, arg, ex_tbl);
1425 }
1426
1427 int set_ext_copy(int *copy_type, const char *arg)
1428 {
1429         if (!strcasecmp(arg, "none"))
1430                 *copy_type = EXT_COPY_NONE;
1431         else if (!strcasecmp(arg, "copy"))
1432                 *copy_type = EXT_COPY_ADD;
1433         else if (!strcasecmp(arg, "copyall"))
1434                 *copy_type = EXT_COPY_ALL;
1435         else
1436                 return 0;
1437         return 1;
1438 }
1439
1440 int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
1441 {
1442         STACK_OF(X509_EXTENSION) *exts = NULL;
1443         X509_EXTENSION *ext, *tmpext;
1444         ASN1_OBJECT *obj;
1445         int i, idx, ret = 0;
1446         if (!x || !req || (copy_type == EXT_COPY_NONE))
1447                 return 1;
1448         exts = X509_REQ_get_extensions(req);
1449
1450         for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
1451                 ext = sk_X509_EXTENSION_value(exts, i);
1452                 obj = X509_EXTENSION_get_object(ext);
1453                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1454                 /* Does extension exist? */
1455                 if (idx != -1) {
1456                         /* If normal copy don't override existing extension */
1457                         if (copy_type == EXT_COPY_ADD)
1458                                 continue;
1459                         /* Delete all extensions of same type */
1460                         do {
1461                                 tmpext = X509_get_ext(x, idx);
1462                                 X509_delete_ext(x, idx);
1463                                 X509_EXTENSION_free(tmpext);
1464                                 idx = X509_get_ext_by_OBJ(x, obj, -1);
1465                         } while (idx != -1);
1466                 }
1467                 if (!X509_add_ext(x, ext, -1))
1468                         goto end;
1469         }
1470
1471         ret = 1;
1472
1473         end:
1474
1475         sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
1476
1477         return ret;
1478 }
1479                 
1480                 
1481                         
1482
1483 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1484 {
1485         STACK_OF(CONF_VALUE) *vals;
1486         CONF_VALUE *val;
1487         int i, ret = 1;
1488         if(!arg) return 0;
1489         vals = X509V3_parse_list(arg);
1490         for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
1491                 val = sk_CONF_VALUE_value(vals, i);
1492                 if (!set_table_opts(flags, val->name, in_tbl))
1493                         ret = 0;
1494         }
1495         sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
1496         return ret;
1497 }
1498
1499 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
1500 {
1501         char c;
1502         const NAME_EX_TBL *ptbl;
1503         c = arg[0];
1504
1505         if(c == '-') {
1506                 c = 0;
1507                 arg++;
1508         } else if (c == '+') {
1509                 c = 1;
1510                 arg++;
1511         } else c = 1;
1512
1513         for(ptbl = in_tbl; ptbl->name; ptbl++) {
1514                 if(!strcasecmp(arg, ptbl->name)) {
1515                         *flags &= ~ptbl->mask;
1516                         if(c) *flags |= ptbl->flag;
1517                         else *flags &= ~ptbl->flag;
1518                         return 1;
1519                 }
1520         }
1521         return 0;
1522 }
1523
1524 void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
1525 {
1526         char *buf;
1527         char mline = 0;
1528         int indent = 0;
1529
1530         if(title) BIO_puts(out, title);
1531         if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
1532                 mline = 1;
1533                 indent = 4;
1534         }
1535         if(lflags == XN_FLAG_COMPAT) {
1536                 buf = X509_NAME_oneline(nm, 0, 0);
1537                 BIO_puts(out, buf);
1538                 BIO_puts(out, "\n");
1539                 OPENSSL_free(buf);
1540         } else {
1541                 if(mline) BIO_puts(out, "\n");
1542                 X509_NAME_print_ex(out, nm, indent, lflags);
1543                 BIO_puts(out, "\n");
1544         }
1545 }
1546
1547 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
1548 {
1549         X509_STORE *store;
1550         X509_LOOKUP *lookup;
1551         if(!(store = X509_STORE_new())) goto end;
1552         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
1553         if (lookup == NULL) goto end;
1554         if (CAfile) {
1555                 if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
1556                         BIO_printf(bp, "Error loading file %s\n", CAfile);
1557                         goto end;
1558                 }
1559         } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
1560                 
1561         lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
1562         if (lookup == NULL) goto end;
1563         if (CApath) {
1564                 if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
1565                         BIO_printf(bp, "Error loading directory %s\n", CApath);
1566                         goto end;
1567                 }
1568         } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
1569
1570         ERR_clear_error();
1571         return store;
1572         end:
1573         X509_STORE_free(store);
1574         return NULL;
1575 }
1576
1577 #ifndef OPENSSL_NO_ENGINE
1578 /* Try to load an engine in a shareable library */
1579 static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
1580         {
1581         ENGINE *e = ENGINE_by_id("dynamic");
1582         if (e)
1583                 {
1584                 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
1585                         || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
1586                         {
1587                         ENGINE_free(e);
1588                         e = NULL;
1589                         }
1590                 }
1591         return e;
1592         }
1593
1594 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
1595         {
1596         ENGINE *e = NULL;
1597
1598         if (engine)
1599                 {
1600                 if(strcmp(engine, "auto") == 0)
1601                         {
1602                         BIO_printf(err,"enabling auto ENGINE support\n");
1603                         ENGINE_register_all_complete();
1604                         return NULL;
1605                         }
1606                 if((e = ENGINE_by_id(engine)) == NULL
1607                         && (e = try_load_engine(err, engine, debug)) == NULL)
1608                         {
1609                         BIO_printf(err,"invalid engine \"%s\"\n", engine);
1610                         ERR_print_errors(err);
1611                         return NULL;
1612                         }
1613                 if (debug)
1614                         {
1615                         ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1616                                 0, err, 0);
1617                         }
1618                 ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
1619                 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
1620                         {
1621                         BIO_printf(err,"can't use that engine\n");
1622                         ERR_print_errors(err);
1623                         ENGINE_free(e);
1624                         return NULL;
1625                         }
1626
1627                 BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
1628
1629                 /* Free our "structural" reference. */
1630                 ENGINE_free(e);
1631                 }
1632         return e;
1633         }
1634 #endif
1635
1636 int load_config(BIO *err, CONF *cnf)
1637         {
1638         static int load_config_called = 0;
1639         if (load_config_called)
1640                 return 1;
1641         load_config_called = 1;
1642         if (!cnf)
1643                 cnf = config;
1644         if (!cnf)
1645                 return 1;
1646
1647         OPENSSL_load_builtin_modules();
1648
1649         if (CONF_modules_load(cnf, NULL, 0) <= 0)
1650                 {
1651                 BIO_printf(err, "Error configuring OpenSSL\n");
1652                 ERR_print_errors(err);
1653                 return 0;
1654                 }
1655         return 1;
1656         }
1657
1658 char *make_config_name()
1659         {
1660         const char *t=X509_get_default_cert_area();
1661         size_t len;
1662         char *p;
1663
1664         len=strlen(t)+strlen(OPENSSL_CONF)+2;
1665         p=OPENSSL_malloc(len);
1666         BUF_strlcpy(p,t,len);
1667 #ifndef OPENSSL_SYS_VMS
1668         BUF_strlcat(p,"/",len);
1669 #endif
1670         BUF_strlcat(p,OPENSSL_CONF,len);
1671
1672         return p;
1673         }
1674
1675 static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
1676         {
1677         const char *n;
1678
1679         n=a[DB_serial];
1680         while (*n == '0') n++;
1681         return(lh_strhash(n));
1682         }
1683
1684 static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1685         {
1686         const char *aa,*bb;
1687
1688         for (aa=a[DB_serial]; *aa == '0'; aa++);
1689         for (bb=b[DB_serial]; *bb == '0'; bb++);
1690         return(strcmp(aa,bb));
1691         }
1692
1693 static int index_name_qual(char **a)
1694         { return(a[0][0] == 'V'); }
1695
1696 static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
1697         { return(lh_strhash(a[DB_name])); }
1698
1699 int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
1700         { return(strcmp(a[DB_name], b[DB_name])); }
1701
1702 static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
1703 static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
1704 static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
1705 static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
1706
1707 #undef BSIZE
1708 #define BSIZE 256
1709
1710 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1711         {
1712         BIO *in=NULL;
1713         BIGNUM *ret=NULL;
1714         MS_STATIC char buf[1024];
1715         ASN1_INTEGER *ai=NULL;
1716
1717         ai=ASN1_INTEGER_new();
1718         if (ai == NULL) goto err;
1719
1720         if ((in=BIO_new(BIO_s_file())) == NULL)
1721                 {
1722                 ERR_print_errors(bio_err);
1723                 goto err;
1724                 }
1725
1726         if (BIO_read_filename(in,serialfile) <= 0)
1727                 {
1728                 if (!create)
1729                         {
1730                         perror(serialfile);
1731                         goto err;
1732                         }
1733                 else
1734                         {
1735                         ret=BN_new();
1736                         if (ret == NULL || !rand_serial(ret, ai))
1737                                 BIO_printf(bio_err, "Out of memory\n");
1738                         }
1739                 }
1740         else
1741                 {
1742                 if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1743                         {
1744                         BIO_printf(bio_err,"unable to load number from %s\n",
1745                                 serialfile);
1746                         goto err;
1747                         }
1748                 ret=ASN1_INTEGER_to_BN(ai,NULL);
1749                 if (ret == NULL)
1750                         {
1751                         BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1752                         goto err;
1753                         }
1754                 }
1755
1756         if (ret && retai)
1757                 {
1758                 *retai = ai;
1759                 ai = NULL;
1760                 }
1761  err:
1762         if (in != NULL) BIO_free(in);
1763         if (ai != NULL) ASN1_INTEGER_free(ai);
1764         return(ret);
1765         }
1766
1767 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1768         {
1769         char buf[1][BSIZE];
1770         BIO *out = NULL;
1771         int ret=0;
1772         ASN1_INTEGER *ai=NULL;
1773         int j;
1774
1775         if (suffix == NULL)
1776                 j = strlen(serialfile);
1777         else
1778                 j = strlen(serialfile) + strlen(suffix) + 1;
1779         if (j >= BSIZE)
1780                 {
1781                 BIO_printf(bio_err,"file name too long\n");
1782                 goto err;
1783                 }
1784
1785         if (suffix == NULL)
1786                 BUF_strlcpy(buf[0], serialfile, BSIZE);
1787         else
1788                 {
1789 #ifndef OPENSSL_SYS_VMS
1790                 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1791 #else
1792                 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1793 #endif
1794                 }
1795 #ifdef RL_DEBUG
1796         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1797 #endif
1798         out=BIO_new(BIO_s_file());
1799         if (out == NULL)
1800                 {
1801                 ERR_print_errors(bio_err);
1802                 goto err;
1803                 }
1804         if (BIO_write_filename(out,buf[0]) <= 0)
1805                 {
1806                 perror(serialfile);
1807                 goto err;
1808                 }
1809
1810         if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1811                 {
1812                 BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1813                 goto err;
1814                 }
1815         i2a_ASN1_INTEGER(out,ai);
1816         BIO_puts(out,"\n");
1817         ret=1;
1818         if (retai)
1819                 {
1820                 *retai = ai;
1821                 ai = NULL;
1822                 }
1823 err:
1824         if (out != NULL) BIO_free_all(out);
1825         if (ai != NULL) ASN1_INTEGER_free(ai);
1826         return(ret);
1827         }
1828
1829 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1830         {
1831         char buf[5][BSIZE];
1832         int i,j;
1833
1834         i = strlen(serialfile) + strlen(old_suffix);
1835         j = strlen(serialfile) + strlen(new_suffix);
1836         if (i > j) j = i;
1837         if (j + 1 >= BSIZE)
1838                 {
1839                 BIO_printf(bio_err,"file name too long\n");
1840                 goto err;
1841                 }
1842
1843 #ifndef OPENSSL_SYS_VMS
1844         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1845                 serialfile, new_suffix);
1846 #else
1847         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1848                 serialfile, new_suffix);
1849 #endif
1850 #ifndef OPENSSL_SYS_VMS
1851         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1852                 serialfile, old_suffix);
1853 #else
1854         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1855                 serialfile, old_suffix);
1856 #endif
1857 #ifdef RL_DEBUG
1858         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1859                 serialfile, buf[1]);
1860 #endif
1861         if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
1862 #ifdef ENOTDIR
1863                         && errno != ENOTDIR
1864 #endif
1865            )            {
1866                         BIO_printf(bio_err,
1867                                 "unable to rename %s to %s\n",
1868                                 serialfile, buf[1]);
1869                         perror("reason");
1870                         goto err;
1871                         }
1872 #ifdef RL_DEBUG
1873         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1874                 buf[0],serialfile);
1875 #endif
1876         if (rename(buf[0],serialfile) < 0)
1877                 {
1878                 BIO_printf(bio_err,
1879                         "unable to rename %s to %s\n",
1880                         buf[0],serialfile);
1881                 perror("reason");
1882                 rename(buf[1],serialfile);
1883                 goto err;
1884                 }
1885         return 1;
1886  err:
1887         return 0;
1888         }
1889
1890 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
1891         {
1892         BIGNUM *btmp;
1893         int ret = 0;
1894         if (b)
1895                 btmp = b;
1896         else
1897                 btmp = BN_new();
1898
1899         if (!btmp)
1900                 return 0;
1901
1902         if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
1903                 goto error;
1904         if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
1905                 goto error;
1906
1907         ret = 1;
1908         
1909         error:
1910
1911         if (!b)
1912                 BN_free(btmp);
1913         
1914         return ret;
1915         }
1916
1917 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
1918         {
1919         CA_DB *retdb = NULL;
1920         TXT_DB *tmpdb = NULL;
1921         BIO *in = BIO_new(BIO_s_file());
1922         CONF *dbattr_conf = NULL;
1923         char buf[1][BSIZE];
1924         long errorline= -1;
1925
1926         if (in == NULL)
1927                 {
1928                 ERR_print_errors(bio_err);
1929                 goto err;
1930                 }
1931         if (BIO_read_filename(in,dbfile) <= 0)
1932                 {
1933                 perror(dbfile);
1934                 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1935                 goto err;
1936                 }
1937         if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1938                 goto err;
1939
1940 #ifndef OPENSSL_SYS_VMS
1941         BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1942 #else
1943         BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1944 #endif
1945         dbattr_conf = NCONF_new(NULL);
1946         if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1947                 {
1948                 if (errorline > 0)
1949                         {
1950                         BIO_printf(bio_err,
1951                                 "error on line %ld of db attribute file '%s'\n"
1952                                 ,errorline,buf[0]);
1953                         goto err;
1954                         }
1955                 else
1956                         {
1957                         NCONF_free(dbattr_conf);
1958                         dbattr_conf = NULL;
1959                         }
1960                 }
1961
1962         if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
1963                 {
1964                 fprintf(stderr, "Out of memory\n");
1965                 goto err;
1966                 }
1967
1968         retdb->db = tmpdb;
1969         tmpdb = NULL;
1970         if (db_attr)
1971                 retdb->attributes = *db_attr;
1972         else
1973                 {
1974                 retdb->attributes.unique_subject = 1;
1975                 }
1976
1977         if (dbattr_conf)
1978                 {
1979                 char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
1980                 if (p)
1981                         {
1982 #ifdef RL_DEBUG
1983                         BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1984 #endif
1985                         retdb->attributes.unique_subject = parse_yesno(p,1);
1986                         }
1987                 }
1988
1989  err:
1990         if (dbattr_conf) NCONF_free(dbattr_conf);
1991         if (tmpdb) TXT_DB_free(tmpdb);
1992         if (in) BIO_free_all(in);
1993         return retdb;
1994         }
1995
1996 int index_index(CA_DB *db)
1997         {
1998         if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1999                                 LHASH_HASH_FN(index_serial),
2000                                 LHASH_COMP_FN(index_serial)))
2001                 {
2002                 BIO_printf(bio_err,
2003                   "error creating serial number index:(%ld,%ld,%ld)\n",
2004                                         db->db->error,db->db->arg1,db->db->arg2);
2005                         return 0;
2006                 }
2007
2008         if (db->attributes.unique_subject
2009                 && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
2010                         LHASH_HASH_FN(index_name),
2011                         LHASH_COMP_FN(index_name)))
2012                 {
2013                 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
2014                         db->db->error,db->db->arg1,db->db->arg2);
2015                 return 0;
2016                 }
2017         return 1;
2018         }
2019
2020 int save_index(const char *dbfile, const char *suffix, CA_DB *db)
2021         {
2022         char buf[3][BSIZE];
2023         BIO *out = BIO_new(BIO_s_file());
2024         int j;
2025
2026         if (out == NULL)
2027                 {
2028                 ERR_print_errors(bio_err);
2029                 goto err;
2030                 }
2031
2032         j = strlen(dbfile) + strlen(suffix);
2033         if (j + 6 >= BSIZE)
2034                 {
2035                 BIO_printf(bio_err,"file name too long\n");
2036                 goto err;
2037                 }
2038
2039 #ifndef OPENSSL_SYS_VMS
2040         j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
2041 #else
2042         j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
2043 #endif
2044 #ifndef OPENSSL_SYS_VMS
2045         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
2046 #else
2047         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
2048 #endif
2049 #ifndef OPENSSL_SYS_VMS
2050         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
2051 #else
2052         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
2053 #endif
2054 #ifdef RL_DEBUG
2055         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
2056 #endif
2057         if (BIO_write_filename(out,buf[0]) <= 0)
2058                 {
2059                 perror(dbfile);
2060                 BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
2061                 goto err;
2062                 }
2063         j=TXT_DB_write(out,db->db);
2064         if (j <= 0) goto err;
2065                         
2066         BIO_free(out);
2067
2068         out = BIO_new(BIO_s_file());
2069 #ifdef RL_DEBUG
2070         BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
2071 #endif
2072         if (BIO_write_filename(out,buf[1]) <= 0)
2073                 {
2074                 perror(buf[2]);
2075                 BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
2076                 goto err;
2077                 }
2078         BIO_printf(out,"unique_subject = %s\n",
2079                 db->attributes.unique_subject ? "yes" : "no");
2080         BIO_free(out);
2081
2082         return 1;
2083  err:
2084         return 0;
2085         }
2086
2087 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
2088         {
2089         char buf[5][BSIZE];
2090         int i,j;
2091
2092         i = strlen(dbfile) + strlen(old_suffix);
2093         j = strlen(dbfile) + strlen(new_suffix);
2094         if (i > j) j = i;
2095         if (j + 6 >= BSIZE)
2096                 {
2097                 BIO_printf(bio_err,"file name too long\n");
2098                 goto err;
2099                 }
2100
2101 #ifndef OPENSSL_SYS_VMS
2102         j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
2103 #else
2104         j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
2105 #endif
2106 #ifndef OPENSSL_SYS_VMS
2107         j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
2108                 dbfile, new_suffix);
2109 #else
2110         j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
2111                 dbfile, new_suffix);
2112 #endif
2113 #ifndef OPENSSL_SYS_VMS
2114         j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
2115                 dbfile, new_suffix);
2116 #else
2117         j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
2118                 dbfile, new_suffix);
2119 #endif
2120 #ifndef OPENSSL_SYS_VMS
2121         j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
2122                 dbfile, old_suffix);
2123 #else
2124         j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
2125                 dbfile, old_suffix);
2126 #endif
2127 #ifndef OPENSSL_SYS_VMS
2128         j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
2129                 dbfile, old_suffix);
2130 #else
2131         j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
2132                 dbfile, old_suffix);
2133 #endif
2134 #ifdef RL_DEBUG
2135         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2136                 dbfile, buf[1]);
2137 #endif
2138         if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
2139 #ifdef ENOTDIR
2140                 && errno != ENOTDIR
2141 #endif
2142            )            {
2143                         BIO_printf(bio_err,
2144                                 "unable to rename %s to %s\n",
2145                                 dbfile, buf[1]);
2146                         perror("reason");
2147                         goto err;
2148                         }
2149 #ifdef RL_DEBUG
2150         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2151                 buf[0],dbfile);
2152 #endif
2153         if (rename(buf[0],dbfile) < 0)
2154                 {
2155                 BIO_printf(bio_err,
2156                         "unable to rename %s to %s\n",
2157                         buf[0],dbfile);
2158                 perror("reason");
2159                 rename(buf[1],dbfile);
2160                 goto err;
2161                 }
2162 #ifdef RL_DEBUG
2163         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2164                 buf[4],buf[3]);
2165 #endif
2166         if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
2167 #ifdef ENOTDIR
2168                 && errno != ENOTDIR
2169 #endif
2170            )            {
2171                         BIO_printf(bio_err,
2172                                 "unable to rename %s to %s\n",
2173                                 buf[4], buf[3]);
2174                         perror("reason");
2175                         rename(dbfile,buf[0]);
2176                         rename(buf[1],dbfile);
2177                         goto err;
2178                         }
2179 #ifdef RL_DEBUG
2180         BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
2181                 buf[2],buf[4]);
2182 #endif
2183         if (rename(buf[2],buf[4]) < 0)
2184                 {
2185                 BIO_printf(bio_err,
2186                         "unable to rename %s to %s\n",
2187                         buf[2],buf[4]);
2188                 perror("reason");
2189                 rename(buf[3],buf[4]);
2190                 rename(dbfile,buf[0]);
2191                 rename(buf[1],dbfile);
2192                 goto err;
2193                 }
2194         return 1;
2195  err:
2196         return 0;
2197         }
2198
2199 void free_index(CA_DB *db)
2200         {
2201         if (db)
2202                 {
2203                 if (db->db) TXT_DB_free(db->db);
2204                 OPENSSL_free(db);
2205                 }
2206         }
2207
2208 int parse_yesno(const char *str, int def)
2209         {
2210         int ret = def;
2211         if (str)
2212                 {
2213                 switch (*str)
2214                         {
2215                 case 'f': /* false */
2216                 case 'F': /* FALSE */
2217                 case 'n': /* no */
2218                 case 'N': /* NO */
2219                 case '0': /* 0 */
2220                         ret = 0;
2221                         break;
2222                 case 't': /* true */
2223                 case 'T': /* TRUE */
2224                 case 'y': /* yes */
2225                 case 'Y': /* YES */
2226                 case '1': /* 1 */
2227                         ret = 1;
2228                         break;
2229                 default:
2230                         ret = def;
2231                         break;
2232                         }
2233                 }
2234         return ret;
2235         }
2236
2237 /*
2238  * subject is expected to be in the format /type0=value0/type1=value1/type2=...
2239  * where characters may be escaped by \
2240  */
2241 X509_NAME *parse_name(char *subject, long chtype, int multirdn)
2242         {
2243         size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
2244         char *buf = OPENSSL_malloc(buflen);
2245         size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
2246         char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
2247         char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
2248         int *mval = OPENSSL_malloc (max_ne * sizeof (int));
2249
2250         char *sp = subject, *bp = buf;
2251         int i, ne_num = 0;
2252
2253         X509_NAME *n = NULL;
2254         int nid;
2255
2256         if (!buf || !ne_types || !ne_values || !mval)
2257                 {
2258                 BIO_printf(bio_err, "malloc error\n");
2259                 goto error;
2260                 }       
2261
2262         if (*subject != '/')
2263                 {
2264                 BIO_printf(bio_err, "Subject does not start with '/'.\n");
2265                 goto error;
2266                 }
2267         sp++; /* skip leading / */
2268
2269         /* no multivalued RDN by default */
2270         mval[ne_num] = 0;
2271
2272         while (*sp)
2273                 {
2274                 /* collect type */
2275                 ne_types[ne_num] = bp;
2276                 while (*sp)
2277                         {
2278                         if (*sp == '\\') /* is there anything to escape in the type...? */
2279                                 {
2280                                 if (*++sp)
2281                                         *bp++ = *sp++;
2282                                 else    
2283                                         {
2284                                         BIO_printf(bio_err, "escape character at end of string\n");
2285                                         goto error;
2286                                         }
2287                                 }       
2288                         else if (*sp == '=')
2289                                 {
2290                                 sp++;
2291                                 *bp++ = '\0';
2292                                 break;
2293                                 }
2294                         else
2295                                 *bp++ = *sp++;
2296                         }
2297                 if (!*sp)
2298                         {
2299                         BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
2300                         goto error;
2301                         }
2302                 ne_values[ne_num] = bp;
2303                 while (*sp)
2304                         {
2305                         if (*sp == '\\')
2306                                 {
2307                                 if (*++sp)
2308                                         *bp++ = *sp++;
2309                                 else
2310                                         {
2311                                         BIO_printf(bio_err, "escape character at end of string\n");
2312                                         goto error;
2313                                         }
2314                                 }
2315                         else if (*sp == '/')
2316                                 {
2317                                 sp++;
2318                                 /* no multivalued RDN by default */
2319                                 mval[ne_num+1] = 0;
2320                                 break;
2321                                 }
2322                         else if (*sp == '+' && multirdn)
2323                                 {
2324                                 /* a not escaped + signals a mutlivalued RDN */
2325                                 sp++;
2326                                 mval[ne_num+1] = -1;
2327                                 break;
2328                                 }
2329                         else
2330                                 *bp++ = *sp++;
2331                         }
2332                 *bp++ = '\0';
2333                 ne_num++;
2334                 }       
2335
2336         if (!(n = X509_NAME_new()))
2337                 goto error;
2338
2339         for (i = 0; i < ne_num; i++)
2340                 {
2341                 if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
2342                         {
2343                         BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
2344                         continue;
2345                         }
2346
2347                 if (!*ne_values[i])
2348                         {
2349                         BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
2350                         continue;
2351                         }
2352
2353                 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
2354                         goto error;
2355                 }
2356
2357         OPENSSL_free(ne_values);
2358         OPENSSL_free(ne_types);
2359         OPENSSL_free(buf);
2360         OPENSSL_free(mval);
2361         return n;
2362
2363 error:
2364         X509_NAME_free(n);
2365         if (ne_values)
2366                 OPENSSL_free(ne_values);
2367         if (ne_types)
2368                 OPENSSL_free(ne_types);
2369         if (mval)
2370                 OPENSSL_free(mval);
2371         if (buf)
2372                 OPENSSL_free(buf);
2373         return NULL;
2374 }
2375
2376 int args_verify(char ***pargs, int *pargc,
2377                         int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
2378         {
2379         ASN1_OBJECT *otmp = NULL;
2380         unsigned long flags = 0;
2381         int i;
2382         int purpose = 0, depth = -1;
2383         char **oldargs = *pargs;
2384         char *arg = **pargs, *argn = (*pargs)[1];
2385         const X509_VERIFY_PARAM *vpm = NULL;
2386         time_t at_time = 0;
2387         const unsigned char *hostname = NULL, *email = NULL;
2388         char *ipasc = NULL;
2389         if (!strcmp(arg, "-policy"))
2390                 {
2391                 if (!argn)
2392                         *badarg = 1;
2393                 else
2394                         {
2395                         otmp = OBJ_txt2obj(argn, 0);
2396                         if (!otmp)
2397                                 {
2398                                 BIO_printf(err, "Invalid Policy \"%s\"\n",
2399                                                                         argn);
2400                                 *badarg = 1;
2401                                 }
2402                         }
2403                 (*pargs)++;
2404                 }
2405         else if (strcmp(arg,"-purpose") == 0)
2406                 {
2407                 X509_PURPOSE *xptmp;
2408                 if (!argn)
2409                         *badarg = 1;
2410                 else
2411                         {
2412                         i = X509_PURPOSE_get_by_sname(argn);
2413                         if(i < 0)
2414                                 {
2415                                 BIO_printf(err, "unrecognized purpose\n");
2416                                 *badarg = 1;
2417                                 }
2418                         else
2419                                 {
2420                                 xptmp = X509_PURPOSE_get0(i);
2421                                 purpose = X509_PURPOSE_get_id(xptmp);
2422                                 }
2423                         }
2424                 (*pargs)++;
2425                 }
2426         else if (strcmp(arg,"-verify_name") == 0)
2427                 {
2428                 if (!argn)
2429                         *badarg = 1;
2430                 else
2431                         {
2432                         vpm = X509_VERIFY_PARAM_lookup(argn);
2433                         if(!vpm)
2434                                 {
2435                                 BIO_printf(err, "unrecognized verify name\n");
2436                                 *badarg = 1;
2437                                 }
2438                         }
2439                 (*pargs)++;
2440                 }
2441         else if (strcmp(arg,"-verify_depth") == 0)
2442                 {
2443                 if (!argn)
2444                         *badarg = 1;
2445                 else
2446                         {
2447                         depth = atoi(argn);
2448                         if(depth < 0)
2449                                 {
2450                                 BIO_printf(err, "invalid depth\n");
2451                                 *badarg = 1;
2452                                 }
2453                         }
2454                 (*pargs)++;
2455                 }
2456         else if (strcmp(arg,"-attime") == 0)
2457                 {
2458                 if (!argn)
2459                         *badarg = 1;
2460                 else
2461                         {
2462                         long timestamp;
2463                         /* interpret the -attime argument as seconds since
2464                          * Epoch */
2465                         if (sscanf(argn, "%li", &timestamp) != 1)
2466                                 {
2467                                 BIO_printf(bio_err,
2468                                                 "Error parsing timestamp %s\n",
2469                                                 argn);
2470                                 *badarg = 1;
2471                                 }
2472                         /* on some platforms time_t may be a float */
2473                         at_time = (time_t) timestamp;
2474                         }
2475                 (*pargs)++;
2476                 }
2477         else if (strcmp(arg,"-verify_hostname") == 0)
2478                 {
2479                 if (!argn)
2480                         *badarg = 1;
2481                 hostname = (unsigned char *)argn;
2482                 (*pargs)++;
2483                 }
2484         else if (strcmp(arg,"-verify_email") == 0)
2485                 {
2486                 if (!argn)
2487                         *badarg = 1;
2488                 email = (unsigned char *)argn;
2489                 (*pargs)++;
2490                 }
2491         else if (strcmp(arg,"-verify_ip") == 0)
2492                 {
2493                 if (!argn)
2494                         *badarg = 1;
2495                 ipasc = argn;
2496                 (*pargs)++;
2497                 }
2498         else if (!strcmp(arg, "-ignore_critical"))
2499                 flags |= X509_V_FLAG_IGNORE_CRITICAL;
2500         else if (!strcmp(arg, "-issuer_checks"))
2501                 flags |= X509_V_FLAG_CB_ISSUER_CHECK;
2502         else if (!strcmp(arg, "-crl_check"))
2503                 flags |=  X509_V_FLAG_CRL_CHECK;
2504         else if (!strcmp(arg, "-crl_check_all"))
2505                 flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
2506         else if (!strcmp(arg, "-policy_check"))
2507                 flags |= X509_V_FLAG_POLICY_CHECK;
2508         else if (!strcmp(arg, "-explicit_policy"))
2509                 flags |= X509_V_FLAG_EXPLICIT_POLICY;
2510         else if (!strcmp(arg, "-inhibit_any"))
2511                 flags |= X509_V_FLAG_INHIBIT_ANY;
2512         else if (!strcmp(arg, "-inhibit_map"))
2513                 flags |= X509_V_FLAG_INHIBIT_MAP;
2514         else if (!strcmp(arg, "-x509_strict"))
2515                 flags |= X509_V_FLAG_X509_STRICT;
2516         else if (!strcmp(arg, "-extended_crl"))
2517                 flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
2518         else if (!strcmp(arg, "-use_deltas"))
2519                 flags |= X509_V_FLAG_USE_DELTAS;
2520         else if (!strcmp(arg, "-policy_print"))
2521                 flags |= X509_V_FLAG_NOTIFY_POLICY;
2522         else if (!strcmp(arg, "-check_ss_sig"))
2523                 flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
2524         else if (!strcmp(arg, "-trusted_first"))
2525                 flags |= X509_V_FLAG_TRUSTED_FIRST;
2526         else if (!strcmp(arg, "-suiteB_128_only"))
2527                 flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY;
2528         else if (!strcmp(arg, "-suiteB_128"))
2529                 flags |= X509_V_FLAG_SUITEB_128_LOS;
2530         else if (!strcmp(arg, "-suiteB_192"))
2531                 flags |= X509_V_FLAG_SUITEB_192_LOS;
2532         else if (!strcmp(arg, "-partial_chain"))
2533                 flags |= X509_V_FLAG_PARTIAL_CHAIN;
2534         else
2535                 return 0;
2536
2537         if (*badarg)
2538                 {
2539                 if (*pm)
2540                         X509_VERIFY_PARAM_free(*pm);
2541                 *pm = NULL;
2542                 goto end;
2543                 }
2544
2545         if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
2546                 {
2547                 *badarg = 1;
2548                 goto end;
2549                 }
2550
2551         if (vpm)
2552                 X509_VERIFY_PARAM_set1(*pm, vpm);
2553
2554         if (otmp)
2555                 X509_VERIFY_PARAM_add0_policy(*pm, otmp);
2556         if (flags)
2557                 X509_VERIFY_PARAM_set_flags(*pm, flags);
2558
2559         if (purpose)
2560                 X509_VERIFY_PARAM_set_purpose(*pm, purpose);
2561
2562         if (depth >= 0)
2563                 X509_VERIFY_PARAM_set_depth(*pm, depth);
2564
2565         if (at_time) 
2566                 X509_VERIFY_PARAM_set_time(*pm, at_time);
2567
2568         if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
2569                 *badarg = 1;
2570
2571         if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
2572                 *badarg = 1;
2573
2574         if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
2575                 *badarg = 1;
2576
2577         end:
2578
2579         (*pargs)++;
2580
2581         if (pargc)
2582                 *pargc -= *pargs - oldargs;
2583
2584         return 1;
2585
2586         }
2587
2588 /* Read whole contents of a BIO into an allocated memory buffer and
2589  * return it.
2590  */
2591
2592 int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
2593         {
2594         BIO *mem;
2595         int len, ret;
2596         unsigned char tbuf[1024];
2597         mem = BIO_new(BIO_s_mem());
2598         if (!mem)
2599                 return -1;
2600         for(;;)
2601                 {
2602                 if ((maxlen != -1) && maxlen < 1024)
2603                         len = maxlen;
2604                 else
2605                         len = 1024;
2606                 len = BIO_read(in, tbuf, len);
2607                 if (len <= 0)
2608                         break;
2609                 if (BIO_write(mem, tbuf, len) != len)
2610                         {
2611                         BIO_free(mem);
2612                         return -1;
2613                         }
2614                 maxlen -= len;
2615
2616                 if (maxlen == 0)
2617                         break;
2618                 }
2619         ret = BIO_get_mem_data(mem, (char **)out);
2620         BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
2621         BIO_free(mem);
2622         return ret;
2623         }
2624
2625 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
2626         {
2627         int rv;
2628         char *stmp, *vtmp = NULL;
2629         stmp = BUF_strdup(value);
2630         if (!stmp)
2631                 return -1;
2632         vtmp = strchr(stmp, ':');
2633         if (vtmp)
2634                 {
2635                 *vtmp = 0;
2636                 vtmp++;
2637                 }
2638         rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
2639         OPENSSL_free(stmp);
2640         return rv;
2641         }
2642
2643 static void nodes_print(BIO *out, const char *name,
2644         STACK_OF(X509_POLICY_NODE) *nodes)
2645         {
2646         X509_POLICY_NODE *node;
2647         int i;
2648         BIO_printf(out, "%s Policies:", name);
2649         if (nodes)
2650                 {
2651                 BIO_puts(out, "\n");
2652                 for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
2653                         {
2654                         node = sk_X509_POLICY_NODE_value(nodes, i);
2655                         X509_POLICY_NODE_print(out, node, 2);
2656                         }
2657                 }
2658         else
2659                 BIO_puts(out, " <empty>\n");
2660         }
2661
2662 void policies_print(BIO *out, X509_STORE_CTX *ctx)
2663         {
2664         X509_POLICY_TREE *tree;
2665         int explicit_policy;
2666         int free_out = 0;
2667         if (out == NULL)
2668                 {
2669                 out = BIO_new_fp(stderr, BIO_NOCLOSE);
2670                 free_out = 1;
2671                 }
2672         tree = X509_STORE_CTX_get0_policy_tree(ctx);
2673         explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
2674
2675         BIO_printf(out, "Require explicit Policy: %s\n",
2676                                 explicit_policy ? "True" : "False");
2677
2678         nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
2679         nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
2680         if (free_out)
2681                 BIO_free(out);
2682         }
2683
2684 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
2685
2686 static JPAKE_CTX *jpake_init(const char *us, const char *them,
2687                                                          const char *secret)
2688         {
2689         BIGNUM *p = NULL;
2690         BIGNUM *g = NULL;
2691         BIGNUM *q = NULL;
2692         BIGNUM *bnsecret = BN_new();
2693         JPAKE_CTX *ctx;
2694
2695         /* Use a safe prime for p (that we found earlier) */
2696         BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
2697         g = BN_new();
2698         BN_set_word(g, 2);
2699         q = BN_new();
2700         BN_rshift1(q, p);
2701
2702         BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
2703
2704         ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
2705         BN_free(bnsecret);
2706         BN_free(q);
2707         BN_free(g);
2708         BN_free(p);
2709
2710         return ctx;
2711         }
2712
2713 static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
2714         {
2715         BN_print(conn, p->gx);
2716         BIO_puts(conn, "\n");
2717         BN_print(conn, p->zkpx.gr);
2718         BIO_puts(conn, "\n");
2719         BN_print(conn, p->zkpx.b);
2720         BIO_puts(conn, "\n");
2721         }
2722
2723 static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
2724         {
2725         JPAKE_STEP1 s1;
2726
2727         JPAKE_STEP1_init(&s1);
2728         JPAKE_STEP1_generate(&s1, ctx);
2729         jpake_send_part(bconn, &s1.p1);
2730         jpake_send_part(bconn, &s1.p2);
2731         (void)BIO_flush(bconn);
2732         JPAKE_STEP1_release(&s1);
2733         }
2734
2735 static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
2736         {
2737         JPAKE_STEP2 s2;
2738
2739         JPAKE_STEP2_init(&s2);
2740         JPAKE_STEP2_generate(&s2, ctx);
2741         jpake_send_part(bconn, &s2);
2742         (void)BIO_flush(bconn);
2743         JPAKE_STEP2_release(&s2);
2744         }
2745
2746 static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
2747         {
2748         JPAKE_STEP3A s3a;
2749
2750         JPAKE_STEP3A_init(&s3a);
2751         JPAKE_STEP3A_generate(&s3a, ctx);
2752         BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2753         (void)BIO_flush(bconn);
2754         JPAKE_STEP3A_release(&s3a);
2755         }
2756
2757 static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
2758         {
2759         JPAKE_STEP3B s3b;
2760
2761         JPAKE_STEP3B_init(&s3b);
2762         JPAKE_STEP3B_generate(&s3b, ctx);
2763         BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2764         (void)BIO_flush(bconn);
2765         JPAKE_STEP3B_release(&s3b);
2766         }
2767
2768 static void readbn(BIGNUM **bn, BIO *bconn)
2769         {
2770         char buf[10240];
2771         int l;
2772
2773         l = BIO_gets(bconn, buf, sizeof buf);
2774         assert(l > 0);
2775         assert(buf[l-1] == '\n');
2776         buf[l-1] = '\0';
2777         BN_hex2bn(bn, buf);
2778         }
2779
2780 static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
2781         {
2782         readbn(&p->gx, bconn);
2783         readbn(&p->zkpx.gr, bconn);
2784         readbn(&p->zkpx.b, bconn);
2785         }
2786
2787 static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
2788         {
2789         JPAKE_STEP1 s1;
2790
2791         JPAKE_STEP1_init(&s1);
2792         jpake_receive_part(&s1.p1, bconn);
2793         jpake_receive_part(&s1.p2, bconn);
2794         if(!JPAKE_STEP1_process(ctx, &s1))
2795                 {
2796                 ERR_print_errors(bio_err);
2797                 exit(1);
2798                 }
2799         JPAKE_STEP1_release(&s1);
2800         }
2801
2802 static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
2803         {
2804         JPAKE_STEP2 s2;
2805
2806         JPAKE_STEP2_init(&s2);
2807         jpake_receive_part(&s2, bconn);
2808         if(!JPAKE_STEP2_process(ctx, &s2))
2809                 {
2810                 ERR_print_errors(bio_err);
2811                 exit(1);
2812                 }
2813         JPAKE_STEP2_release(&s2);
2814         }
2815
2816 static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
2817         {
2818         JPAKE_STEP3A s3a;
2819         int l;
2820
2821         JPAKE_STEP3A_init(&s3a);
2822         l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
2823         assert(l == sizeof s3a.hhk);
2824         if(!JPAKE_STEP3A_process(ctx, &s3a))
2825                 {
2826                 ERR_print_errors(bio_err);
2827                 exit(1);
2828                 }
2829         JPAKE_STEP3A_release(&s3a);
2830         }
2831
2832 static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
2833         {
2834         JPAKE_STEP3B s3b;
2835         int l;
2836
2837         JPAKE_STEP3B_init(&s3b);
2838         l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
2839         assert(l == sizeof s3b.hk);
2840         if(!JPAKE_STEP3B_process(ctx, &s3b))
2841                 {
2842                 ERR_print_errors(bio_err);
2843                 exit(1);
2844                 }
2845         JPAKE_STEP3B_release(&s3b);
2846         }
2847
2848 void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
2849         {
2850         JPAKE_CTX *ctx;
2851         BIO *bconn;
2852
2853         BIO_puts(out, "Authenticating with JPAKE\n");
2854
2855         ctx = jpake_init("client", "server", secret);
2856
2857         bconn = BIO_new(BIO_f_buffer());
2858         BIO_push(bconn, conn);
2859
2860         jpake_send_step1(bconn, ctx);
2861         jpake_receive_step1(ctx, bconn);
2862         jpake_send_step2(bconn, ctx);
2863         jpake_receive_step2(ctx, bconn);
2864         jpake_send_step3a(bconn, ctx);
2865         jpake_receive_step3b(ctx, bconn);
2866
2867         BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2868
2869         if (psk_key)
2870                 OPENSSL_free(psk_key);
2871
2872         psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2873
2874         BIO_pop(bconn);
2875         BIO_free(bconn);
2876
2877         JPAKE_CTX_free(ctx);
2878         }
2879
2880 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
2881         {
2882         JPAKE_CTX *ctx;
2883         BIO *bconn;
2884
2885         BIO_puts(out, "Authenticating with JPAKE\n");
2886
2887         ctx = jpake_init("server", "client", secret);
2888
2889         bconn = BIO_new(BIO_f_buffer());
2890         BIO_push(bconn, conn);
2891
2892         jpake_receive_step1(ctx, bconn);
2893         jpake_send_step1(bconn, ctx);
2894         jpake_receive_step2(ctx, bconn);
2895         jpake_send_step2(bconn, ctx);
2896         jpake_receive_step3a(ctx, bconn);
2897         jpake_send_step3b(bconn, ctx);
2898
2899         BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2900
2901         if (psk_key)
2902                 OPENSSL_free(psk_key);
2903
2904         psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2905
2906         BIO_pop(bconn);
2907         BIO_free(bconn);
2908
2909         JPAKE_CTX_free(ctx);
2910         }
2911
2912 #endif
2913
2914 #ifndef OPENSSL_NO_TLSEXT
2915 /* next_protos_parse parses a comma separated list of strings into a string
2916  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
2917  *   outlen: (output) set to the length of the resulting buffer on success.
2918  *   err: (maybe NULL) on failure, an error message line is written to this BIO.
2919  *   in: a NUL termianted string like "abc,def,ghi"
2920  *
2921  *   returns: a malloced buffer or NULL on failure.
2922  */
2923 unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
2924         {
2925         size_t len;
2926         unsigned char *out;
2927         size_t i, start = 0;
2928
2929         len = strlen(in);
2930         if (len >= 65535)
2931                 return NULL;
2932
2933         out = OPENSSL_malloc(strlen(in) + 1);
2934         if (!out)
2935                 return NULL;
2936
2937         for (i = 0; i <= len; ++i)
2938                 {
2939                 if (i == len || in[i] == ',')
2940                         {
2941                         if (i - start > 255)
2942                                 {
2943                                 OPENSSL_free(out);
2944                                 return NULL;
2945                                 }
2946                         out[start] = i - start;
2947                         start = i + 1;
2948                         }
2949                 else
2950                         out[i+1] = in[i];
2951                 }
2952
2953         *outlen = len + 1;
2954         return out;
2955         }
2956 #endif  /* ndef OPENSSL_NO_TLSEXT */
2957
2958 void print_cert_checks(BIO *bio, X509 *x,
2959                                 const unsigned char *checkhost,
2960                                 const unsigned char *checkemail,
2961                                 const char *checkip)
2962         {
2963         if (x == NULL)
2964                 return;
2965         if (checkhost)
2966                 {
2967                 BIO_printf(bio, "Hostname %s does%s match certificate\n",
2968                                 checkhost, X509_check_host(x, checkhost, 0, 0)
2969                                                 ? "" : " NOT");
2970                 }
2971
2972         if (checkemail)
2973                 {
2974                 BIO_printf(bio, "Email %s does%s match certificate\n",
2975                                 checkemail, X509_check_email(x, checkemail, 0,
2976                                                 0) ? "" : " NOT");
2977                 }
2978
2979         if (checkip)
2980                 {
2981                 BIO_printf(bio, "IP %s does%s match certificate\n",
2982                                 checkip, X509_check_ip_asc(x, checkip,
2983                                                 0) ? "" : " NOT");
2984                 }
2985         }
2986
2987 /* Get first http URL from a DIST_POINT structure */
2988
2989 static const char *get_dp_url(DIST_POINT *dp)
2990         {
2991         GENERAL_NAMES *gens;
2992         GENERAL_NAME *gen;
2993         int i, gtype;
2994         ASN1_STRING *uri;
2995         if (!dp->distpoint || dp->distpoint->type != 0)
2996                 return NULL;
2997         gens = dp->distpoint->name.fullname;
2998         for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
2999                 {
3000                 gen = sk_GENERAL_NAME_value(gens, i);
3001                 uri = GENERAL_NAME_get0_value(gen, &gtype);
3002                 if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6)
3003                         {
3004                         char *uptr = (char *)ASN1_STRING_data(uri);
3005                         if (!strncmp(uptr, "http://", 7))
3006                                 return uptr;
3007                         }
3008                 }               
3009         return NULL;
3010         }
3011                 
3012
3013 /* Look through a CRLDP structure and attempt to find an http URL to downloads
3014  * a CRL from.
3015  */
3016
3017 static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
3018         {
3019         int i;
3020         const char *urlptr = NULL;
3021         for (i = 0; i < sk_DIST_POINT_num(crldp); i++)
3022                 {
3023                 DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
3024                 urlptr = get_dp_url(dp);
3025                 if (urlptr)
3026                         return load_crl(urlptr, FORMAT_HTTP);
3027                 }
3028         return NULL;
3029         }
3030
3031 /* Example of downloading CRLs from CRLDP: not usable for real world
3032  * as it always downloads, doesn't support non-blocking I/O and doesn't
3033  * cache anything.
3034  */
3035
3036 static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
3037         {
3038         X509 *x;
3039         STACK_OF(X509_CRL) *crls = NULL;
3040         X509_CRL *crl;
3041         STACK_OF(DIST_POINT) *crldp;
3042         x = X509_STORE_CTX_get_current_cert(ctx);
3043         crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
3044         crl = load_crl_crldp(crldp);
3045         sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
3046         if (!crl)
3047                 return NULL;
3048         crls = sk_X509_CRL_new_null();
3049         sk_X509_CRL_push(crls, crl);
3050         /* Try to download delta CRL */
3051         crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
3052         crl = load_crl_crldp(crldp);
3053         sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
3054         if (crl)
3055                 sk_X509_CRL_push(crls, crl);
3056         return crls;
3057         }
3058
3059 void store_setup_crl_download(X509_STORE *st)
3060         {
3061         X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
3062         }
3063
3064 /*
3065  * Platform-specific sections
3066  */
3067 #if defined(_WIN32)
3068 # ifdef fileno
3069 #  undef fileno
3070 #  define fileno(a) (int)_fileno(a)
3071 # endif
3072
3073 # include <windows.h>
3074 # include <tchar.h>
3075
3076 static int WIN32_rename(const char *from, const char *to)
3077         {
3078         TCHAR  *tfrom=NULL,*tto;
3079         DWORD   err;
3080         int     ret=0;
3081
3082         if (sizeof(TCHAR) == 1)
3083                 {
3084                 tfrom = (TCHAR *)from;
3085                 tto   = (TCHAR *)to;
3086                 }
3087         else    /* UNICODE path */
3088                 {
3089                 size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
3090                 tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
3091                 if (tfrom==NULL) goto err;
3092                 tto=tfrom+flen;
3093 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
3094                 if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
3095 #endif
3096                         for (i=0;i<flen;i++)    tfrom[i]=(TCHAR)from[i];
3097 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
3098                 if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
3099 #endif
3100                         for (i=0;i<tlen;i++)    tto[i]  =(TCHAR)to[i];
3101                 }
3102
3103         if (MoveFile(tfrom,tto))        goto ok;
3104         err=GetLastError();
3105         if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
3106                 {
3107                 if (DeleteFile(tto) && MoveFile(tfrom,tto))
3108                         goto ok;
3109                 err=GetLastError();
3110                 }
3111         if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
3112                 errno = ENOENT;
3113         else if (err==ERROR_ACCESS_DENIED)
3114                 errno = EACCES;
3115         else
3116                 errno = EINVAL; /* we could map more codes... */
3117 err:
3118         ret=-1;
3119 ok:
3120         if (tfrom!=NULL && tfrom!=(TCHAR *)from)        free(tfrom);
3121         return ret;
3122         }
3123 #endif
3124
3125 /* app_tminterval section */
3126 #if defined(_WIN32)
3127 double app_tminterval(int stop,int usertime)
3128         {
3129         FILETIME                now;
3130         double                  ret=0;
3131         static ULARGE_INTEGER   tmstart;
3132         static int              warning=1;
3133 #ifdef _WIN32_WINNT
3134         static HANDLE           proc=NULL;
3135
3136         if (proc==NULL)
3137                 {
3138                 if (check_winnt())
3139                         proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
3140                                                 GetCurrentProcessId());
3141                 if (proc==NULL) proc = (HANDLE)-1;
3142                 }
3143
3144         if (usertime && proc!=(HANDLE)-1)
3145                 {
3146                 FILETIME junk;
3147                 GetProcessTimes(proc,&junk,&junk,&junk,&now);
3148                 }
3149         else
3150 #endif
3151                 {
3152                 SYSTEMTIME systime;
3153
3154                 if (usertime && warning)
3155                         {
3156                         BIO_printf(bio_err,"To get meaningful results, run "
3157                                            "this program on idle system.\n");
3158                         warning=0;
3159                         }
3160                 GetSystemTime(&systime);
3161                 SystemTimeToFileTime(&systime,&now);
3162                 }
3163
3164         if (stop==TM_START)
3165                 {
3166                 tmstart.u.LowPart  = now.dwLowDateTime;
3167                 tmstart.u.HighPart = now.dwHighDateTime;
3168                 }
3169         else    {
3170                 ULARGE_INTEGER tmstop;
3171
3172                 tmstop.u.LowPart   = now.dwLowDateTime;
3173                 tmstop.u.HighPart  = now.dwHighDateTime;
3174
3175                 ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
3176                 }
3177
3178         return (ret);
3179         }
3180
3181 #elif defined(OPENSSL_SYS_NETWARE)
3182 #include <time.h>
3183
3184 double app_tminterval(int stop,int usertime)
3185         {
3186         double          ret=0;
3187         static clock_t  tmstart;
3188         static int      warning=1;
3189
3190         if (usertime && warning)
3191                 {
3192                 BIO_printf(bio_err,"To get meaningful results, run "
3193                                    "this program on idle system.\n");
3194                 warning=0;
3195                 }
3196
3197         if (stop==TM_START)     tmstart = clock();
3198         else                    ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
3199
3200         return (ret);
3201         }
3202
3203 #elif defined(OPENSSL_SYSTEM_VXWORKS)
3204 #include <time.h>
3205
3206 double app_tminterval(int stop,int usertime)
3207         {
3208         double ret=0;
3209 #ifdef CLOCK_REALTIME
3210         static struct timespec  tmstart;
3211         struct timespec         now;
3212 #else
3213         static unsigned long    tmstart;
3214         unsigned long           now;
3215 #endif
3216         static int warning=1;
3217
3218         if (usertime && warning)
3219                 {
3220                 BIO_printf(bio_err,"To get meaningful results, run "
3221                                    "this program on idle system.\n");
3222                 warning=0;
3223                 }
3224
3225 #ifdef CLOCK_REALTIME
3226         clock_gettime(CLOCK_REALTIME,&now);
3227         if (stop==TM_START)     tmstart = now;
3228         else    ret = ( (now.tv_sec+now.tv_nsec*1e-9)
3229                         - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
3230 #else
3231         now = tickGet();
3232         if (stop==TM_START)     tmstart = now;
3233         else                    ret = (now - tmstart)/(double)sysClkRateGet();
3234 #endif
3235         return (ret);
3236         }
3237
3238 #elif defined(OPENSSL_SYSTEM_VMS)
3239 #include <time.h>
3240 #include <times.h>
3241
3242 double app_tminterval(int stop,int usertime)
3243         {
3244         static clock_t  tmstart;
3245         double          ret = 0;
3246         clock_t         now;
3247 #ifdef __TMS
3248         struct tms      rus;
3249
3250         now = times(&rus);
3251         if (usertime)   now = rus.tms_utime;
3252 #else
3253         if (usertime)
3254                 now = clock(); /* sum of user and kernel times */
3255         else    {
3256                 struct timeval tv;
3257                 gettimeofday(&tv,NULL);
3258                 now = (clock_t)(
3259                         (unsigned long long)tv.tv_sec*CLK_TCK +
3260                         (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
3261                         );
3262                 }
3263 #endif
3264         if (stop==TM_START)     tmstart = now;
3265         else                    ret = (now - tmstart)/(double)(CLK_TCK);
3266
3267         return (ret);
3268         }
3269
3270 #elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
3271 #include <sys/times.h>
3272
3273 double app_tminterval(int stop,int usertime)
3274         {
3275         double          ret = 0;
3276         struct tms      rus;
3277         clock_t         now = times(&rus);
3278         static clock_t  tmstart;
3279
3280         if (usertime)           now = rus.tms_utime;
3281
3282         if (stop==TM_START)     tmstart = now;
3283         else
3284                 {
3285                 long int tck = sysconf(_SC_CLK_TCK);
3286                 ret = (now - tmstart)/(double)tck;
3287                 }
3288
3289         return (ret);
3290         }
3291
3292 #else
3293 #include <sys/time.h>
3294 #include <sys/resource.h>
3295
3296 double app_tminterval(int stop,int usertime)
3297         {
3298         double          ret = 0;
3299         struct rusage   rus;
3300         struct timeval  now;
3301         static struct timeval tmstart;
3302
3303         if (usertime)           getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
3304         else                    gettimeofday(&now,NULL);
3305
3306         if (stop==TM_START)     tmstart = now;
3307         else                    ret = ( (now.tv_sec+now.tv_usec*1e-6)
3308                                         - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
3309
3310         return ret;
3311         }
3312 #endif
3313
3314 /* app_isdir section */
3315 #ifdef _WIN32
3316 int app_isdir(const char *name)
3317         {
3318         HANDLE          hList;
3319         WIN32_FIND_DATA FileData;
3320 #if defined(UNICODE) || defined(_UNICODE)
3321         size_t i, len_0 = strlen(name)+1;
3322
3323         if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
3324                 return -1;
3325
3326 #if !defined(_WIN32_WCE) || _WIN32_WCE>=101
3327         if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
3328 #endif
3329                 for (i=0;i<len_0;i++)
3330                         FileData.cFileName[i] = (WCHAR)name[i];
3331
3332         hList = FindFirstFile(FileData.cFileName,&FileData);
3333 #else
3334         hList = FindFirstFile(name,&FileData);
3335 #endif
3336         if (hList == INVALID_HANDLE_VALUE)      return -1;
3337         FindClose(hList);
3338         return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
3339         }
3340 #else
3341 #include <sys/stat.h>
3342 #ifndef S_ISDIR
3343 # if defined(_S_IFMT) && defined(_S_IFDIR)
3344 #  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
3345 # else 
3346 #  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
3347 # endif 
3348 #endif 
3349
3350 int app_isdir(const char *name)
3351         {
3352 #if defined(S_ISDIR)
3353         struct stat st;
3354
3355         if (stat(name,&st)==0)  return S_ISDIR(st.st_mode);
3356         else                    return -1;
3357 #else
3358         return -1;
3359 #endif
3360         }
3361 #endif
3362
3363 /* raw_read|write section */
3364 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
3365 int raw_read_stdin(void *buf,int siz)
3366         {
3367         DWORD n;
3368         if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
3369                 return (n);
3370         else    return (-1);
3371         }
3372 #else
3373 int raw_read_stdin(void *buf,int siz)
3374         {       return read(fileno(stdin),buf,siz);     }
3375 #endif
3376
3377 #if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
3378 int raw_write_stdout(const void *buf,int siz)
3379         {
3380         DWORD n;
3381         if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
3382                 return (n);
3383         else    return (-1);
3384         }
3385 #else
3386 int raw_write_stdout(const void *buf,int siz)
3387         {       return write(fileno(stdout),buf,siz);   }
3388 #endif