PR: 2069
[openssl.git] / apps / apps.c
index f011f0b..09d9df2 100644 (file)
  *
  */
 
+#ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2      /* On VMS, you need to define this to get
                                   the declaration of fileno().  The value
                                   2 is to make sure no function defined
                                   in POSIX-2 is left undefined. */
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifndef OPENSSL_SYSNAME_WIN32
+#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
 #include <strings.h>
 #endif
 #include <sys/types.h>
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
+#ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
+#endif
 
 #define NON_MAIN
 #include "apps.h"
@@ -257,13 +261,6 @@ int str2fmt(char *s)
                return(FORMAT_ASN1);
        else if ((*s == 'T') || (*s == 't'))
                return(FORMAT_TEXT);
-       else if ((*s == 'P') || (*s == 'p'))
-               {
-               if (s[1] == 'V' || s[1] == 'v')
-                       return FORMAT_PVK;
-               else
-                       return(FORMAT_PEM);
-               }
        else if ((*s == 'N') || (*s == 'n'))
                return(FORMAT_NETSCAPE);
        else if ((*s == 'S') || (*s == 's'))
@@ -276,6 +273,13 @@ int str2fmt(char *s)
                return(FORMAT_PKCS12);
        else if ((*s == 'E') || (*s == 'e'))
                return(FORMAT_ENGINE);
+       else if ((*s == 'P') || (*s == 'p'))
+               {
+               if (s[1] == 'V' || s[1] == 'v')
+                       return FORMAT_PVK;
+               else
+                       return(FORMAT_PEM);
+               }
        else
                return(FORMAT_UNDEF);
        }
@@ -919,11 +923,13 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
                                &pkey, NULL, NULL))
                        goto end;
                }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
        else if (format == FORMAT_MSBLOB)
                pkey = b2i_PrivateKey_bio(key);
        else if (format == FORMAT_PVK)
                pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
                                                                &cb_data);
+#endif
        else
                {
                BIO_printf(err,"bad input format specified for key file\n");
@@ -987,6 +993,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
                {
                pkey=d2i_PUBKEY_bio(key, NULL);
                }
+#ifndef OPENSSL_NO_RSA
        else if (format == FORMAT_ASN1RSA)
                {
                RSA *rsa;
@@ -1016,7 +1023,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
                else
                        pkey = NULL;
                }
-
+#endif
        else if (format == FORMAT_PEM)
                {
                pkey=PEM_read_bio_PUBKEY(key,NULL,
@@ -1026,8 +1033,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
        else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
                pkey = load_netscape_key(err, key, file, key_descrip, format);
 #endif
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
        else if (format == FORMAT_MSBLOB)
                pkey = b2i_PublicKey_bio(key);
+#endif
        else
                {
                BIO_printf(err,"bad input format specified for key file\n");
@@ -1479,7 +1488,7 @@ char *make_config_name()
        return p;
        }
 
-static unsigned long index_serial_hash(const CSTRING *a)
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
        {
        const char *n;
 
@@ -1488,7 +1497,7 @@ static unsigned long index_serial_hash(const CSTRING *a)
        return(lh_strhash(n));
        }
 
-static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
+static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
        {
        const char *aa,*bb;
 
@@ -1500,16 +1509,16 @@ static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
 static int index_name_qual(char **a)
        { return(a[0][0] == 'V'); }
 
-static unsigned long index_name_hash(const CSTRING *a)
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
        { return(lh_strhash(a[DB_name])); }
 
-int index_name_cmp(const CSTRING *a, const CSTRING *b)
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
        { return(strcmp(a[DB_name], b[DB_name])); }
 
-static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
 
 #undef BSIZE
 #define BSIZE 256
@@ -2183,7 +2192,7 @@ int args_verify(char ***pargs, int *pargc,
        ASN1_OBJECT *otmp = NULL;
        unsigned long flags = 0;
        int i;
-       int purpose = 0;
+       int purpose = 0, depth = -1;
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        if (!strcmp(arg, "-policy"))
@@ -2223,6 +2232,21 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
+       else if (strcmp(arg,"-verify_depth") == 0)
+               {
+               if (!argn)
+                       *badarg = 1;
+               else
+                       {
+                       depth = atoi(argn);
+                       if(depth < 0)
+                               {
+                               BIO_printf(err, "invalid depth\n");
+                               *badarg = 1;
+                               }
+                       }
+               (*pargs)++;
+               }
        else if (!strcmp(arg, "-ignore_critical"))
                flags |= X509_V_FLAG_IGNORE_CRITICAL;
        else if (!strcmp(arg, "-issuer_checks"))
@@ -2247,6 +2271,8 @@ int args_verify(char ***pargs, int *pargc,
                flags |= X509_V_FLAG_USE_DELTAS;
        else if (!strcmp(arg, "-policy_print"))
                flags |= X509_V_FLAG_NOTIFY_POLICY;
+       else if (!strcmp(arg, "-check_ss_sig"))
+               flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
        else
                return 0;
 
@@ -2272,6 +2298,9 @@ int args_verify(char ***pargs, int *pargc,
        if (purpose)
                X509_VERIFY_PARAM_set_purpose(*pm, purpose);
 
+       if (depth >= 0)
+               X509_VERIFY_PARAM_set_depth(*pm, depth);
+
        end:
 
        (*pargs)++;
@@ -2379,6 +2408,8 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
                BIO_free(out);
        }
 
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+
 static JPAKE_CTX *jpake_init(const char *us, const char *them,
                                                         const char *secret)
        {
@@ -2424,7 +2455,7 @@ static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
        JPAKE_STEP1_generate(&s1, ctx);
        jpake_send_part(bconn, &s1.p1);
        jpake_send_part(bconn, &s1.p2);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
        JPAKE_STEP1_release(&s1);
        }
 
@@ -2435,7 +2466,7 @@ static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
        JPAKE_STEP2_init(&s2);
        JPAKE_STEP2_generate(&s2, ctx);
        jpake_send_part(bconn, &s2);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
        JPAKE_STEP2_release(&s2);
        }
 
@@ -2446,7 +2477,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
        JPAKE_STEP3A_init(&s3a);
        JPAKE_STEP3A_generate(&s3a, ctx);
        BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
        JPAKE_STEP3A_release(&s3a);
        }
 
@@ -2457,7 +2488,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
        JPAKE_STEP3B_init(&s3b);
        JPAKE_STEP3B_generate(&s3b, ctx);
        BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-       BIO_flush(bconn);
+       (void)BIO_flush(bconn);
        JPAKE_STEP3B_release(&s3b);
        }
 
@@ -2467,7 +2498,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
        int l;
 
        l = BIO_gets(bconn, buf, sizeof buf);
-       assert(l >= 0);
+       assert(l > 0);
        assert(buf[l-1] == '\n');
        buf[l-1] = '\0';
        BN_hex2bn(bn, buf);
@@ -2560,10 +2591,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
        jpake_send_step3a(bconn, ctx);
        jpake_receive_step3b(ctx, bconn);
 
-       BIO_puts(out, "JPAKE authentication succeeded\n");
+       BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+       psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
 
        BIO_pop(bconn);
        BIO_free(bconn);
+
+       JPAKE_CTX_free(ctx);
        }
 
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
@@ -2585,12 +2620,18 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
        jpake_receive_step3a(ctx, bconn);
        jpake_send_step3b(bconn, ctx);
 
-       BIO_puts(out, "JPAKE authentication succeeded\n");
+       BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+       psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
 
        BIO_pop(bconn);
        BIO_free(bconn);
+
+       JPAKE_CTX_free(ctx);
        }
 
+#endif
+
 /*
  * Platform-specific sections
  */