/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include <sys/types.h>
#ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
int res = 0;
#ifndef OPENSSL_NO_UI
UI *ui = NULL;
- const char *prompt_info = NULL;
#endif
- const char *password = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
- if (cb_data) {
- if (cb_data->password)
- password = cb_data->password;
-#ifndef OPENSSL_NO_UI
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
-#endif
- }
-
- if (password) {
- res = strlen(password);
+#ifdef OPENSSL_NO_UI
+ if (cb_data != NULL && cb_data->password != NULL) {
+ res = strlen(cb_data->password);
if (res > bufsiz)
res = bufsiz;
- memcpy(buf, password, res);
- return res;
+ memcpy(buf, cb_data->password, res);
}
-
-#ifndef OPENSSL_NO_UI
+#else
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
+ const char *prompt_info = NULL;
char *prompt;
+ if (cb_data != NULL && cb_data->prompt_info != NULL)
+ prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+ /* We know that there is no previous user data to return to us */
+ (void)UI_add_user_data(ui, cb_data);
+
if (ok >= 0)
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
return res;
}
-static char *app_get_pass(char *arg, int keepbio);
+static char *app_get_pass(const char *arg, int keepbio);
-int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
{
int same;
if (!arg2 || !arg1 || strcmp(arg1, arg2))
return 1;
}
-static char *app_get_pass(char *arg, int keepbio)
+static char *app_get_pass(const char *arg, int keepbio)
{
char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
BIO_printf(bio_err, "no engine specified\n");
else {
#ifndef OPENSSL_NO_ENGINE
- pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ if (ENGINE_init(e)) {
+ pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ ENGINE_finish(e);
+ }
if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
}
/*
- * Initialize or extend, if *certs != NULL, a certificate stack.
+ * Initialize or extend, if *certs != NULL, a certificate stack.
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *desc)
}
/*
- * Initialize or extend, if *crls != NULL, a certificate stack.
+ * Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *desc)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
- if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ if (*flags != XN_FLAG_COMPAT
+ && (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
}
}
-void print_bignum_var(BIO *out, BIGNUM *in, const char *var,
+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
BIO_printf(out, "\n};\n");
}
-X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
{
X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
if (store == NULL)
goto end;
- if(CAfile != NULL || !noCAfile) {
+ if (CAfile != NULL || !noCAfile) {
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
}
- if(CApath != NULL || !noCApath) {
+ if (CApath != NULL || !noCApath) {
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL)
goto end;
}
return e;
}
+#endif
ENGINE *setup_engine(const char *engine, int debug)
{
ENGINE *e = NULL;
+#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(bio_err, "enabling auto ENGINE support\n");
}
BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
}
+#endif
return e;
}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+ if (e != NULL)
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
#endif
+}
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
return (ret);
}
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai)
{
char buf[1][BSIZE];
OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
out = BIO_new_file(buf[0], "w");
return (ret);
}
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+int rotate_serial(const char *serialfile, const char *new_suffix,
+ const char *old_suffix)
{
char buf[2][BSIZE];
int i, j;
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
return ret;
}
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
{
CA_DB *retdb = NULL;
TXT_DB *tmpdb = NULL;
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
+ BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
#else
- BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
+ BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
dbattr_conf = app_load_config(buf);
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
char *work;
X509_NAME *n;
- if (*cp++ != '/')
+ if (*cp++ != '/') {
+ BIO_printf(bio_err,
+ "name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ --cp);
return NULL;
+ }
n = X509_NAME_new();
if (n == NULL)
gen = sk_GENERAL_NAME_value(gens, i);
uri = GENERAL_NAME_get0_value(gen, >ype);
if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
- char *uptr = (char *)ASN1_STRING_data(uri);
+ const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
if (strncmp(uptr, "http://", 7) == 0)
return uptr;
}
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (!crl)
+ if (!crl) {
+ sk_X509_CRL_free(crls);
return NULL;
+ }
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
#ifdef _WIN32
int app_isdir(const char *name)
{
- HANDLE hList;
- WIN32_FIND_DATA FileData;
+ DWORD attr;
# if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
+ WCHAR tempname[MAX_PATH];
- if (len_0 > OSSL_NELEM(FileData.cFileName))
+ if (len_0 > MAX_PATH)
return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
- if (!MultiByteToWideChar
- (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
+ if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
# endif
for (i = 0; i < len_0; i++)
- FileData.cFileName[i] = (WCHAR)name[i];
+ tempname[i] = (WCHAR)name[i];
- hList = FindFirstFile(FileData.cFileName, &FileData);
+ attr = GetFileAttributes(tempname);
# else
- hList = FindFirstFile(name, &FileData);
+ attr = GetFileAttributes(name);
# endif
- if (hList == INVALID_HANDLE_VALUE)
+ if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
- FindClose(hList);
- return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
+ return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
#else
# include <sys/stat.h>
#endif
/* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+ TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+ if (stdin_sock == -1) {
+ TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+ atexit(close_stdin_sock);
+ }
+
+ return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+ return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+ return fileno(stdout);
+}
+
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf, int siz)
{
else
return (-1);
}
+#elif defined(__VMS)
+#include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+ return recv(fileno_stdin(), buf, siz, 0);
+}
#else
int raw_read_stdin(void *buf, int siz)
{
- return read(fileno(stdin), buf, siz);
+ return read(fileno_stdin(), buf, siz);
}
#endif
#else
int raw_write_stdout(const void *buf, int siz)
{
- return write(fileno(stdout), buf, siz);
+ return write(fileno_stdout(), buf, siz);
}
#endif
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
size_t numfds;
+ size_t i;
if (!SSL_get_all_async_fds(s, NULL, &numfds))
return;
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
+ return;
}
FD_ZERO(&asyncfds);
- while (numfds > 0) {
- if (width <= (int)*fds)
- width = (int)*fds + 1;
- openssl_fdset((int)*fds, &asyncfds);
- numfds--;
- fds++;
+ for (i = 0; i < numfds; i++) {
+ if (width <= (int)fds[i])
+ width = (int)fds[i] + 1;
+ openssl_fdset((int)fds[i], &asyncfds);
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
+ OPENSSL_free(fds);
#endif
}
return _kbhit();
}
#endif
+
+/* Corrupt a signature by modifying final byte */
+void corrupt_signature(const ASN1_STRING *signature)
+{
+ unsigned char *s = signature->data;
+ s[signature->length - 1] ^= 0x1;
+}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+ int days)
+{
+ if (startdate == NULL || strcmp(startdate, "today") == 0) {
+ if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+ return 0;
+ } else {
+ if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
+ return 0;
+ }
+ if (enddate == NULL) {
+ if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+ == NULL)
+ return 0;
+ } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
+ return 0;
+ }
+ return 1;
+}