X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fapps.h;h=9658d5cf3d3a2f9d57ca48438fa405e282d5c5cd;hp=8ac7c038916b2054b6314a58d44e39ac01e5e4e9;hb=a0754084f82cf1cd0c8629d61f779bb6a6c6b1a6;hpb=5e136d7abf0945664fa40c7a032abed13fd15c81 diff --git a/apps/apps.h b/apps/apps.h index 8ac7c03891..9658d5cf3d 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -1,117 +1,19 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #ifndef HEADER_APPS_H # define HEADER_APPS_H # include "e_os.h" +# if defined(__unix) || defined(__unix__) +# include /* struct timeval for DTLS */ +# endif # include # include @@ -121,16 +23,10 @@ # include # include # include -# ifndef OPENSSL_NO_ENGINE -# include -# endif -# ifndef OPENSSL_NO_OCSP -# include -# endif +# include +# include # include -# ifndef OPENSSL_SYS_NETWARE -# include -# endif +# include # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) @@ -138,16 +34,12 @@ # define openssl_fdset(a,b) FD_SET(a, b) # endif -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ - defined(INTMAX_MAX) && defined(UINTMAX_MAX) -int opt_imax(const char *value, intmax_t *result); -int opt_umax(const char *value, uintmax_t *result); -# else -# define opt_imax opt_long -# define opt_umax opt_ulong -# define intmax_t long -# define uintmax_t unsigned long -# endif +/* + * quick macro when you need to pass an unsigned char instead of a char. + * this is true for some implementations of the is*() functions, for + * example. + */ +#define _UC(c) ((unsigned char)(c)) int app_RAND_load_file(const char *file, int dont_warn); int app_RAND_write_file(const char *file); @@ -166,6 +58,7 @@ extern BIO *bio_out; extern BIO *bio_err; BIO *dup_bio_in(int format); BIO *dup_bio_out(int format); +BIO *dup_bio_err(int format); BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); @@ -174,6 +67,11 @@ CONF *app_load_config_quiet(const char *filename); int app_load_modules(const CONF *config); void unbuffer(FILE *fp); void wait_for_async(SSL *s); +# if defined(OPENSSL_SYS_MSDOS) +int has_stdin_waiting(void); +# endif + +void corrupt_signature(const ASN1_STRING *signature); /* * Common verification options. @@ -189,6 +87,7 @@ void wait_for_async(SSL *s); OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ + OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ OPT_V__LAST # define OPT_V_OPTIONS \ @@ -196,8 +95,10 @@ void wait_for_async(SSL *s); { "purpose", OPT_V_PURPOSE, 's', \ "certificate chain purpose"}, \ { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ - { "verify_depth", OPT_V_VERIFY_DEPTH, 'p', \ - "chain depth limit"}, \ + { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ + "chain depth limit" }, \ + { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ + "chain authentication security level" }, \ { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ "expected peer hostname" }, \ @@ -214,9 +115,9 @@ void wait_for_async(SSL *s); { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ "set policy variable require-explicit-policy"}, \ { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ - "set policy variable inihibit-any-policy"}, \ + "set policy variable inhibit-any-policy"}, \ { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ - "set policy variable inihibit-policy-mapping"}, \ + "set policy variable inhibit-policy-mapping"}, \ { "x509_strict", OPT_V_X509_STRICT, '-', \ "disable certificate compatibility work-arounds"}, \ { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ @@ -236,7 +137,8 @@ void wait_for_async(SSL *s); { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ "accept chains anchored by intermediate trust-store CAs"}, \ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ - { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" } + { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ + { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } # define OPT_V_CASES \ OPT_V__FIRST: case OPT_V__LAST: break; \ @@ -244,6 +146,7 @@ void wait_for_async(SSL *s); case OPT_V_PURPOSE: \ case OPT_V_VERIFY_NAME: \ case OPT_V_VERIFY_DEPTH: \ + case OPT_V_VERIFY_AUTH_LEVEL: \ case OPT_V_ATTIME: \ case OPT_V_VERIFY_HOSTNAME: \ case OPT_V_VERIFY_EMAIL: \ @@ -267,7 +170,8 @@ void wait_for_async(SSL *s); case OPT_V_SUITEB_192: \ case OPT_V_PARTIAL_CHAIN: \ case OPT_V_NO_ALT_CHAINS: \ - case OPT_V_NO_CHECK_TIME + case OPT_V_NO_CHECK_TIME: \ + case OPT_V_ALLOW_PROXY_CERTS /* * Common "extended"? options. @@ -287,7 +191,7 @@ void wait_for_async(SSL *s); { "xcertform", OPT_X_CERTFORM, 'F', \ "format of Extended certificate (PEM or DER) PEM default " }, \ { "xkeyform", OPT_X_KEYFORM, 'F', \ - "format of Exnteded certificate's key (PEM or DER) PEM default"} + "format of Extended certificate's key (PEM or DER) PEM default"} # define OPT_X_CASES \ OPT_X__FIRST: case OPT_X__LAST: break; \ @@ -372,6 +276,10 @@ void wait_for_async(SSL *s); case OPT_S_DHPARAM: \ case OPT_S_DEBUGBROKE +#define IS_NO_PROT_FLAG(o) \ + (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ + || o == OPT_S_NOTLS1_2) + /* * Option parsing. */ @@ -412,6 +320,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_HTTP (1L << 9) # define OPT_FMT_PVK (1L << 10) # define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) +# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ @@ -420,7 +329,7 @@ typedef struct string_int_pair_st { char *opt_progname(const char *argv0); char *opt_getprog(void); char *opt_init(int ac, char **av, const OPTIONS * o); -int opt_next(); +int opt_next(void); int opt_format(const char *s, unsigned long flags, int *result); int opt_int(const char *arg, int *result); int opt_ulong(const char *arg, unsigned long *result); @@ -429,6 +338,11 @@ int opt_long(const char *arg, long *result); defined(INTMAX_MAX) && defined(UINTMAX_MAX) int opt_imax(const char *arg, intmax_t *result); int opt_umax(const char *arg, uintmax_t *result); +#else +# define opt_imax opt_long +# define opt_umax opt_ulong +# define intmax_t long +# define uintmax_t unsigned long #endif int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); int opt_cipher(const char *name, const EVP_CIPHER **cipherp); @@ -442,7 +356,6 @@ int opt_num_rest(void); int opt_verify(int i, X509_VERIFY_PARAM *vpm); void opt_help(const OPTIONS * list); int opt_format_error(const char *s, unsigned long flags); -int opt_next(void); typedef struct args_st { int size; @@ -450,6 +363,19 @@ typedef struct args_st { char **argv; } ARGS; +/* + * VMS C only for now, implemented in vms_decc_init.c + * If other C compilers forget to terminate argv with NULL, this function + * can be re-used. + */ +char **copy_argv(int *argc, char *argv[]); +/* + * Win32-specific argv initialization that splits OS-supplied UNICODE + * command line string to array of UTF8-encoded strings. + */ +void win32_utf8argv(int *argc, char **argv[]); + + # define PW_MIN_LENGTH 4 typedef struct pw_cb_data { const void *password; @@ -467,7 +393,8 @@ int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); # endif -void print_bignum_var(BIO *, BIGNUM *, const char*, int, unsigned char *); +void print_bignum_var(BIO *, const BIGNUM *, const char*, + int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); @@ -475,22 +402,33 @@ int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip); +X509 *load_cert(const char *file, int format, const char *cert_descrip); X509_CRL *load_crl(const char *infile, int format); -int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl); EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath); -int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath, int noCAfile, int noCApath); +__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath, int noCAfile, + int noCApath); + +#ifndef OPENSSL_NO_CT + +/* + * Sets the file to load the Certificate Transparency log list from. + * If path is NULL, loads from the default file path. + * Returns 1 on success, 0 otherwise. + */ +__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +#endif + # ifdef OPENSSL_NO_ENGINE # define setup_engine(engine, debug) NULL # else @@ -564,12 +502,8 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, # ifndef OPENSSL_NO_PSK extern char *psk_key; # endif -# ifndef OPENSSL_NO_JPAKE -void jpake_client_auth(BIO *out, BIO *conn, const char *secret); -void jpake_server_auth(BIO *out, BIO *conn, const char *secret); -# endif -unsigned char *next_protos_parse(unsigned short *outlen, const char *in); +unsigned char *next_protos_parse(size_t *outlen, const char *in); void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, @@ -610,7 +544,6 @@ void store_setup_crl_download(X509_STORE *st); # define SERIAL_RAND_BITS 64 -int app_hex(char); int app_isdir(const char *); int app_access(const char *, int flag); int raw_read_stdin(void *, int); @@ -620,11 +553,14 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); -/* this is an accident waiting to happen (-Wshadow is your friend) */ -extern int verify_depth; -extern int verify_quiet; -extern int verify_error; -extern int verify_return_error; +typedef struct verify_options_st { + int depth; + int quiet; + int error; + int return_error; +} VERIFY_CB_ARGS; + +extern VERIFY_CB_ARGS verify_args; # include "progs.h"