/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
return ui_method;
}
-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
{
int res = 0;
- UI *ui = NULL;
- PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
- ui = UI_new_method(ui_method);
- if (ui) {
- int ok = 0;
- char *buff = NULL;
- int ui_flags = 0;
- const char *prompt_info = NULL;
- char *prompt;
-
- if (cb_data != NULL && cb_data->prompt_info != NULL)
- prompt_info = cb_data->prompt_info;
- prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
- if (!prompt) {
- BIO_printf(bio_err, "Out of memory\n");
- UI_free(ui);
- return 0;
- }
+ UI *ui;
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ const char *prompt_info = NULL;
+ char *prompt;
+
+ if ((ui = UI_new_method(ui_method)) == NULL)
+ return 0;
- ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+ if (cb_data != NULL && cb_data->prompt_info != NULL)
+ prompt_info = cb_data->prompt_info;
+ prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+ if (prompt == NULL) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ return 0;
+ }
- /* We know that there is no previous user data to return to us */
- (void)UI_add_user_data(ui, cb_data);
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
- ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ /* We know that there is no previous user data to return to us */
+ (void)UI_add_user_data(ui, cb_data);
- if (ok >= 0 && verify) {
- buff = app_malloc(bufsiz, "password buffer");
- ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
- PW_MIN_LENGTH, bufsiz - 1, buf);
- }
- if (ok >= 0)
- do {
- ok = UI_process(ui);
- } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+ ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+ PW_MIN_LENGTH, bufsiz - 1);
- OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+ if (ok >= 0 && verify) {
+ buff = app_malloc(bufsiz, "password buffer");
+ ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+ PW_MIN_LENGTH, bufsiz - 1, buf);
+ }
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
+ } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
- if (ok >= 0)
- res = strlen(buf);
- if (ok == -1) {
- BIO_printf(bio_err, "User interface error\n");
- ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
- res = 0;
- }
- if (ok == -2) {
- BIO_printf(bio_err, "aborted!\n");
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
- res = 0;
- }
- UI_free(ui);
- OPENSSL_free(prompt);
+ OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1) {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2) {
+ BIO_printf(bio_err, "aborted!\n");
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
}
+ UI_free(ui);
+ OPENSSL_free(prompt);
return res;
}
+int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
+{
+ return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
+}
+
static char *app_get_pass(const char *arg, int keepbio);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
{
- int same;
- if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
- same = 0;
- else
- same = 1;
+ int same = arg1 != NULL && arg2 != NULL && strcmp(arg1, arg2) == 0;
+
if (arg1 != NULL) {
*pass1 = app_get_pass(arg1, same);
if (*pass1 == NULL)
static char *app_get_pass(const char *arg, int keepbio)
{
- char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
+ char *tmp, tpass[APP_PASS_LEN];
int i;
if (strncmp(arg, "pass:", 5) == 0)
if (strncmp(arg, "env:", 4) == 0) {
tmp = getenv(arg + 4);
if (tmp == NULL) {
- BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
+ BIO_printf(bio_err, "No environment variable %s\n", arg + 4);
return NULL;
}
return OPENSSL_strdup(tmp);
return OPENSSL_strdup(tpass);
}
-static CONF *app_load_config_(BIO *in, const char *filename)
+CONF *app_load_config_bio(BIO *in, const char *filename)
{
long errorline = -1;
CONF *conf;
if (i > 0)
return conf;
- if (errorline <= 0)
- BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
- opt_getprog(), filename);
+ if (errorline <= 0) {
+ BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
+ } else {
+ BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
+ errorline);
+ }
+ if (filename != NULL)
+ BIO_printf(bio_err, "config file \"%s\"\n", filename);
else
- BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
- opt_getprog(), errorline, filename);
+ BIO_printf(bio_err, "config input");
+
NCONF_free(conf);
return NULL;
}
if (in == NULL)
return NULL;
- conf = app_load_config_(in, filename);
+ conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
}
if (in == NULL)
return NULL;
- conf = app_load_config_(in, filename);
+ conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
}
}
static int load_pkcs12(BIO *in, const char *desc,
- pem_password_cb *pem_cb, void *cb_data,
+ pem_password_cb *pem_cb, PW_CB_DATA *cb_data,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
const char *pass;
if (format == FORMAT_ASN1) {
pkey = d2i_PrivateKey_bio(key, NULL);
} else if (format == FORMAT_PEM) {
- pkey = PEM_read_bio_PrivateKey(key, NULL,
- (pem_password_cb *)password_callback,
- &cb_data);
+ pkey = PEM_read_bio_PrivateKey(key, NULL, wrap_password_callback, &cb_data);
} else if (format == FORMAT_PKCS12) {
- if (!load_pkcs12(key, key_descrip,
- (pem_password_cb *)password_callback, &cb_data,
+ if (!load_pkcs12(key, key_descrip, wrap_password_callback, &cb_data,
&pkey, NULL, NULL))
goto end;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
} else if (format == FORMAT_MSBLOB) {
pkey = b2i_PrivateKey_bio(key);
} else if (format == FORMAT_PVK) {
- pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
- &cb_data);
+ pkey = b2i_PVK_bio(key, wrap_password_callback, &cb_data);
#endif
} else {
BIO_printf(bio_err, "bad input format specified for key file\n");
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
- if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ if (*flags != XN_FLAG_COMPAT
+ && (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in)) {
- BIO_printf(out, "\n\t0x00");
+ BIO_printf(out, "\n 0x00");
} else {
int i, l;
l = BN_bn2bin(in, buffer);
for (i = 0; i < l; i++) {
- if ((i % 10) == 0)
- BIO_printf(out, "\n\t");
+ BIO_printf(out, (i % 10) == 0 ? "\n " : " ");
if (i < l - 1)
- BIO_printf(out, "0x%02X, ", buffer[i]);
+ BIO_printf(out, "0x%02X,", buffer[i]);
else
BIO_printf(out, "0x%02X", buffer[i]);
}
OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
out = BIO_new_file(buf[0], "w");
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
BIO *in;
CONF *dbattr_conf = NULL;
char buf[BSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
+ FILE *dbfp;
+ struct stat dbst;
+#endif
in = BIO_new_file(dbfile, "r");
if (in == NULL) {
ERR_print_errors(bio_err);
goto err;
}
+
+#ifndef OPENSSL_NO_POSIX_IO
+ BIO_get_fp(in, &dbfp);
+ if (fstat(fileno(dbfp), &dbst) == -1) {
+ SYSerr(SYS_F_FSTAT, errno);
+ ERR_add_error_data(3, "fstat('", dbfile, "')");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+#endif
+
if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
+ BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
#else
- BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
+ BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
- dbattr_conf = app_load_config(buf);
+ dbattr_conf = app_load_config_quiet(buf);
retdb = app_malloc(sizeof(*retdb), "new DB");
retdb->db = tmpdb;
}
}
+ retdb->dbfname = OPENSSL_strdup(dbfile);
+#ifndef OPENSSL_NO_POSIX_IO
+ retdb->dbst = dbst;
+#endif
+
err:
NCONF_free(dbattr_conf);
TXT_DB_free(tmpdb);
return retdb;
}
+/*
+ * Returns > 0 on success, <= 0 on error
+ */
int index_index(CA_DB *db)
{
if (!TXT_DB_create_index(db->db, DB_serial, NULL,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
out = BIO_new_file(buf[0], "w");
if (out == NULL) {
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
#ifdef ENOTDIR
{
if (db) {
TXT_DB_free(db->db);
+ OPENSSL_free(db->dbfname);
OPENSSL_free(db);
}
}
char *work;
X509_NAME *n;
- if (*cp++ != '/')
+ if (*cp++ != '/') {
+ BIO_printf(bio_err,
+ "name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ --cp);
return NULL;
+ }
n = X509_NAME_new();
if (n == NULL)
opt_getprog(), typestr);
continue;
}
+ if (*valstr == '\0') {
+ BIO_printf(bio_err,
+ "%s: No value provided for Subject Attribute %s, skipped\n",
+ opt_getprog(), typestr);
+ continue;
+ }
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0))
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
}
+static BIO_METHOD *prefix_method = NULL;
+
BIO *dup_bio_out(int format)
{
BIO *b = BIO_new_fp(stdout,
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+ void *prefix = NULL;
+
#ifdef OPENSSL_SYS_VMS
if (istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
+
+ if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
+ if (prefix_method == NULL)
+ prefix_method = apps_bf_prefix();
+ b = BIO_push(BIO_new(prefix_method), b);
+ BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix);
+ }
+
return b;
}
return b;
}
+void destroy_prefix_method(void)
+{
+ BIO_meth_free(prefix_method);
+ prefix_method = NULL;
+}
+
void unbuffer(FILE *fp)
{
/*
projects / openssl.git / blobdiff