TOP= ..
CC= cc
INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG= -g -static
+CFLAG= -g -static -Wswitch
MAKEFILE= Makefile
PERL= perl
RM= rm -f
SHLIB_TARGET=
-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
-PROGRAM= openssl
-
SCRIPTS=CA.pl tsget
+EXE= openssl$(EXE_EXT)
-EXE= $(PROGRAM)$(EXE_EXT)
-
-E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
- ca crl rsa rsautl dsa dsaparam ec ecparam \
- x509 genrsa gendsa genpkey s_server s_client speed \
- s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp
-
-PROGS= $(PROGRAM).c
+COMMANDS= \
+ asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
+ dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
+ genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
+ pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
+ s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
+ srp.o ts.o verify.o version.o x509.o
-A_OBJ=apps.o
-A_SRC=apps.c
+A_OBJ=apps.o opt.o
+A_SRC=apps.c opt.c
S_OBJ= s_cb.o s_socket.o
S_SRC= s_cb.c s_socket.c
RAND_OBJ=app_rand.o
RAND_SRC=app_rand.c
-E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
- ca.o pkcs7.o crl2p7.o crl.o \
- rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
- x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
- s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \
- spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
+OBJ = \
+ asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
+ dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
+ genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
+ pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
+ s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
+ srp.o ts.o verify.o version.o x509.o
-E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
- pkcs7.c crl2p7.c crl.c \
- rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
- x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \
- s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
- spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c
-SRC=$(E_SRC)
+SRC = \
+ asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
+ dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
+ genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
+ pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
+ s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
+ srp.c ts.c verify.c version.c x509.c
+
+EXE_OBJ = openssl.o $(OBJ) $(A_OBJ) $(S_OBJ) $(RAND_OBJ)
+EXE_SRC = openssl.c $(SRC) $(A_SRC) $(S_SRC) $(RAND_SRC)
HEADER= apps.h progs.h s_apps.h \
- testdsa.h testrsa.h
+ testdsa.h testrsa.h timeouts.h
-ALL= $(GENERAL) $(SRC) $(HEADER)
+ALL= $(GENERAL) $(EXE_SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
exe: $(EXE)
-req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
- shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- shlib_target="$(SHLIB_TARGET)"; \
- fi; \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
- LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
- link_app.$${shlib_target}
-
-sreq.o: req.c
- $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
-
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
$(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
tags:
- ctags $(SRC)
+ ctags $(EXE_SRC) $(HEADER)
tests:
lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
+ echo nope >fluff
depend:
@if [ -z "$(THIS)" ]; then \
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC); \
fi
dclean:
$(DLIBCRYPTO):
(cd ..; $(MAKE) DIRS=crypto all)
-$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+$(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+ APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
link_app.$${shlib_target}
@(cd ..; $(MAKE) rehash)
-progs.h: progs.pl
- $(PERL) progs.pl $(E_EXE) >progs.h
- $(RM) $(PROGRAM).o
+progs.h: progs.pl Makefile
+ $(RM) progs.h
+ $(PERL) progs.pl $(COMMANDS) >progs.h
+ $(RM) openssl.o
# DO NOT DELETE THIS LINE -- make depend depends on it.
app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-app_rand.o: app_rand.c apps.h
+app_rand.o: app_rand.c apps.h progs.h
apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+apps.o: ../include/openssl/comp.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+apps.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
-apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
-apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+apps.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-asn1pars.o: asn1pars.c
+asn1pars.o: asn1pars.c progs.h
ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h ca.c
+ca.o: ../include/openssl/x509v3.h apps.h ca.c progs.h
ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h
ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h
cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h
cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h
cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-cms.o: ../include/openssl/x509v3.h apps.h cms.c
+cms.o: ../include/openssl/x509v3.h apps.h cms.c progs.h
crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
+crl.o: progs.h
crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: crl2p7.c
+crl2p7.o: crl2p7.c progs.h
dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
-dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
+dgst.o: ../include/openssl/x509v3.h apps.h dgst.c progs.h
+dhparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dhparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dhparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dhparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dhparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dhparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dhparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dhparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dhparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dhparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dhparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dhparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dhparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dhparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dhparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dhparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dhparam.o: ../include/openssl/x509v3.h apps.h dhparam.c progs.h
dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
+dsa.o: progs.h
dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-dsaparam.o: dsaparam.c
+dsaparam.o: dsaparam.c progs.h
ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
+ec.o: progs.h
ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
+ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c progs.h
enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
+enc.o: progs.h
engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-engine.o: ../include/openssl/x509v3.h apps.h engine.c
+engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h
errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
-gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
+errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-gendsa.o: gendsa.c
+gendsa.o: gendsa.c progs.h
genpkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genpkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
genpkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
genpkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
genpkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
genpkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-genpkey.o: genpkey.c
+genpkey.o: genpkey.c progs.h
genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
+genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c progs.h
nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
+nseq.o: progs.h
ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
+ocsp.o: progs.h
openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
openssl.o: openssl.c progs.h s_apps.h
+opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+opt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+opt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+opt.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+opt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+opt.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+opt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+opt.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+opt.o: ../include/openssl/sha.h ../include/openssl/stack.h
+opt.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+opt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+opt.o: ../include/openssl/x509v3.h apps.h opt.c progs.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
+passwd.o: ../include/openssl/x509v3.h apps.h passwd.c progs.h
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
+pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c progs.h
pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-pkcs7.o: pkcs7.c
+pkcs7.o: pkcs7.c progs.h
pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
+pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c progs.h
pkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h pkey.c
+pkey.o: progs.h
pkeyparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkeyparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkeyparam.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkeyparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkeyparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkeyparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-pkeyparam.o: pkeyparam.c
+pkeyparam.o: pkeyparam.c progs.h
pkeyutl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkeyutl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkeyutl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkeyutl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
pkeyutl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkeyutl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-pkeyutl.o: pkeyutl.c
+pkeyutl.o: pkeyutl.c progs.h
prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-prime.o: prime.c
+prime.o: prime.c progs.h
rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rand.o: ../include/openssl/x509v3.h apps.h rand.c
+rand.o: ../include/openssl/x509v3.h apps.h progs.h rand.c
req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
req.o: ../include/openssl/sha.h ../include/openssl/stack.h
req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/x509v3.h apps.h progs.h req.c
rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
+rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+rsa.o: rsa.c
rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
+rsautl.o: ../include/openssl/x509v3.h apps.h progs.h rsautl.c
s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_cb.o: s_apps.h s_cb.c
+s_cb.o: progs.h s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_client.o: s_apps.h s_client.c timeouts.h
+s_client.o: progs.h s_apps.h s_client.c timeouts.h
s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_server.o: s_apps.h s_server.c timeouts.h
+s_server.o: progs.h s_apps.h s_server.c timeouts.h
s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_socket.o: s_apps.h s_socket.c
+s_socket.o: progs.h s_apps.h s_socket.c
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c
sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c
smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-smime.o: smime.c
+smime.o: progs.h smime.c
speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-speed.o: speed.c testdsa.h testrsa.h
+speed.o: progs.h speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-spkac.o: spkac.c
+spkac.o: progs.h spkac.c
srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
srp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
srp.o: ../include/openssl/sha.h ../include/openssl/srp.h
srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
srp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-srp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h srp.c
+srp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+srp.o: srp.c
ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ts.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ts.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ts.o: ../include/openssl/sha.h ../include/openssl/stack.h
ts.o: ../include/openssl/symhacks.h ../include/openssl/ts.h
ts.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ts.c
+ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+ts.o: ts.c
verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-verify.o: verify.c
+verify.o: progs.h verify.c
version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
version.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-version.o: version.c
+version.o: progs.h version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-x509.o: ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/x509v3.h apps.h progs.h x509.c
-/* apps/app_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*
*/
-#define NON_MAIN
#include "apps.h"
-#undef NON_MAIN
#include <openssl/bio.h>
#include <openssl/rand.h>
static int seeded = 0;
static int egdsocket = 0;
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+int app_RAND_load_file(const char *file, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e, "Loading 'screen' into random state -");
- BIO_flush(bio_e);
+ BIO_printf(bio_err, "Loading 'screen' into random state -");
+ BIO_flush(bio_err);
RAND_screen();
- BIO_printf(bio_e, " done\n");
+ BIO_printf(bio_err, " done\n");
#endif
if (file == NULL)
if (file == NULL || !RAND_load_file(file, -1)) {
if (RAND_status() == 0) {
if (!dont_warn) {
- BIO_printf(bio_e, "unable to load 'random state'\n");
- BIO_printf(bio_e,
+ BIO_printf(bio_err, "unable to load 'random state'\n");
+ BIO_printf(bio_err,
"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e, "with much random data.\n");
+ BIO_printf(bio_err, "with much random data.\n");
if (consider_randfile) { /* explanation does not apply when a
* file is explicitly named */
- BIO_printf(bio_e,
+ BIO_printf(bio_err,
"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,
+ BIO_printf(bio_err,
"'random' data can be kept in (the file will be overwritten).\n");
}
}
return (tot);
}
-int app_RAND_write_file(const char *file, BIO *bio_e)
+int app_RAND_write_file(const char *file)
{
char buffer[200];
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file)) {
- BIO_printf(bio_e, "unable to write 'random state'\n");
+ BIO_printf(bio_err, "unable to write 'random state'\n");
return 0;
}
return 1;
-/* apps/apps.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#ifndef OPENSSL_NO_JPAKE
# include <openssl/jpake.h>
#endif
+#include <openssl/ssl.h>
-#define NON_MAIN
#include "apps.h"
-#undef NON_MAIN
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
const char *key_descrip, int format);
#endif
int app_init(long mesgwin);
-#ifdef undef /* never finished - probably never will be
- * :-) */
-int args_from_file(char *file, int *argc, char **argv[])
-{
- FILE *fp;
- int num, i;
- unsigned int len;
- static char *buf = NULL;
- static char **arg = NULL;
- char *p;
-
- fp = fopen(file, "r");
- if (fp == NULL)
- return (0);
-
- if (fseek(fp, 0, SEEK_END) == 0)
- len = ftell(fp), rewind(fp);
- else
- len = -1;
- if (len <= 0) {
- fclose(fp);
- return (0);
- }
-
- *argc = 0;
- *argv = NULL;
- if (buf != NULL)
- OPENSSL_free(buf);
- buf = (char *)OPENSSL_malloc(len + 1);
- if (buf == NULL)
- return (0);
-
- len = fread(buf, 1, len, fp);
- if (len <= 1)
- return (0);
- buf[len] = '\0';
-
- i = 0;
- for (p = buf; *p; p++)
- if (*p == '\n')
- i++;
- if (arg != NULL)
- OPENSSL_free(arg);
- arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
-
- *argv = arg;
- num = 0;
- p = buf;
- for (;;) {
- if (!*p)
- break;
- if (*p == '#') { /* comment line */
- while (*p && (*p != '\n'))
- p++;
- continue;
- }
- /* else we have a line */
- *(arg++) = p;
- num++;
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
- if (!*p)
- break;
- if (*p == '\n') {
- *(p++) = '\0';
- continue;
- }
- /* else it is a tab or space */
- p++;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p)
- break;
- if (*p == '\n') {
- p++;
- continue;
- }
- *(arg++) = p++;
- num++;
- while (*p && (*p != '\n'))
- p++;
- if (!*p)
- break;
- /* else *p == '\n' */
- *(p++) = '\0';
- }
- *argc = num;
- return (1);
-}
-#endif
-
-int str2fmt(char *s)
-{
- if (s == NULL)
- return FORMAT_UNDEF;
- if ((*s == 'D') || (*s == 'd'))
- return (FORMAT_ASN1);
- else if ((*s == 'T') || (*s == 't'))
- return (FORMAT_TEXT);
- else if ((strcmp(s, "NSS") == 0) || (strcmp(s, "nss") == 0))
- return (FORMAT_NSS);
- else if ((*s == 'N') || (*s == 'n'))
- return (FORMAT_NETSCAPE);
- else if ((*s == 'S') || (*s == 's'))
- return (FORMAT_SMIME);
- else if ((*s == 'M') || (*s == 'm'))
- return (FORMAT_MSBLOB);
- else if ((*s == '1')
- || (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0)
- || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
- return (FORMAT_PKCS12);
- else if ((*s == 'E') || (*s == 'e'))
- return (FORMAT_ENGINE);
- else if ((*s == 'H') || (*s == 'h'))
- return FORMAT_HTTP;
- else if ((*s == 'P') || (*s == 'p')) {
- if (s[1] == 'V' || s[1] == 'v')
- return FORMAT_PVK;
- else
- return (FORMAT_PEM);
- } else
- return (FORMAT_UNDEF);
-}
-
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_NETWARE)
-void program_name(char *in, char *out, int size)
-{
- int i, n;
- char *p = NULL;
-
- n = strlen(in);
- /* find the last '/', '\' or ':' */
- for (i = n - 1; i > 0; i--) {
- if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) {
- p = &(in[i + 1]);
- break;
- }
- }
- if (p == NULL)
- p = in;
- n = strlen(p);
-
-# if defined(OPENSSL_SYS_NETWARE)
- /* strip off trailing .nlm if present. */
- if ((n > 4) && (p[n - 4] == '.') &&
- ((p[n - 3] == 'n') || (p[n - 3] == 'N')) &&
- ((p[n - 2] == 'l') || (p[n - 2] == 'L')) &&
- ((p[n - 1] == 'm') || (p[n - 1] == 'M')))
- n -= 4;
-# else
- /* strip off trailing .exe if present. */
- if ((n > 4) && (p[n - 4] == '.') &&
- ((p[n - 3] == 'e') || (p[n - 3] == 'E')) &&
- ((p[n - 2] == 'x') || (p[n - 2] == 'X')) &&
- ((p[n - 1] == 'e') || (p[n - 1] == 'E')))
- n -= 4;
-# endif
-
- if (n > size - 1)
- n = size - 1;
-
- for (i = 0; i < n; i++) {
- if ((p[i] >= 'A') && (p[i] <= 'Z'))
- out[i] = p[i] - 'A' + 'a';
- else
- out[i] = p[i];
- }
- out[n] = '\0';
-}
-#else
-# ifdef OPENSSL_SYS_VMS
-void program_name(char *in, char *out, int size)
+int chopup_args(ARGS *arg, char *buf)
{
- char *p = in, *q;
- char *chars = ":]>";
-
- while (*chars != '\0') {
- q = strrchr(p, *chars);
- if (q > p)
- p = q + 1;
- chars++;
- }
+ int quoted;
+ char c, *p;
- q = strrchr(p, '.');
- if (q == NULL)
- q = p + strlen(p);
- strncpy(out, p, size - 1);
- if (q - p >= size) {
- out[size - 1] = '\0';
- } else {
- out[q - p] = '\0';
- }
-}
-# else
-void program_name(char *in, char *out, int size)
-{
- char *p;
-
- p = strrchr(in, '/');
- if (p != NULL)
- p++;
- else
- p = in;
- BUF_strlcpy(out, p, size);
-}
-# endif
-#endif
-
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-{
- int num, i;
- char *p;
-
- *argc = 0;
- *argv = NULL;
-
- i = 0;
- if (arg->count == 0) {
- arg->count = 20;
- arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
- if (arg->data == NULL)
+ arg->argc = 0;
+ if (arg->size == 0) {
+ arg->size = 20;
+ arg->argv = (char **)OPENSSL_malloc(sizeof(char *) * arg->size);
+ if (arg->argv == NULL)
return 0;
}
- for (i = 0; i < arg->count; i++)
- arg->data[i] = NULL;
- num = 0;
- p = buf;
- for (;;) {
- /* first scan over white space */
- if (!*p)
- break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ for (p = buf;;) {
+ /* Skip whitespace. */
+ while (*p && isspace(*p))
p++;
if (!*p)
break;
/* The start of something good :-) */
- if (num >= arg->count) {
- char **tmp_p;
- int tlen = arg->count + 20;
- tmp_p = (char **)OPENSSL_realloc(arg->data,
- sizeof(char *) * tlen);
- if (tmp_p == NULL)
+ if (arg->argc >= arg->size) {
+ arg->size += 20;
+ arg->argv = (char **)OPENSSL_realloc(arg->argv,
+ sizeof(char *) * arg->size);
+ if (arg->argv == NULL)
return 0;
- arg->data = tmp_p;
- arg->count = tlen;
- /* initialize newly allocated data */
- for (i = num; i < arg->count; i++)
- arg->data[i] = NULL;
}
- arg->data[num++] = p;
+ quoted = *p == '\'' || *p == '"';
+ if (quoted)
+ c = *p++;
+ arg->argv[arg->argc++] = p;
/* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
- i = *(p++);
- arg->data[num - 1]++; /* jump over quote */
- while (*p && (*p != i))
+ if (quoted) {
+ while (*p && *p != c)
p++;
- *p = '\0';
+ *p++ = '\0';
} else {
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ while (*p && !isspace(*p))
p++;
-
- if (*p == '\0')
- p--;
- else
- *p = '\0';
+ if (*p)
+ *p++ = '\0';
}
- p++;
}
- *argc = num;
- *argv = arg->data;
+ arg->argv[arg->argc] = NULL;
return (1);
}
}
#endif
+int ctx_set_verify_locations(SSL_CTX *ctx,
+ const char *CAfile, const char *CApath)
+{
+ if (CAfile == NULL && CApath == NULL)
+ return SSL_CTX_set_default_verify_paths(ctx);
+ return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
+}
+
int dump_cert_text(BIO *out, X509 *x)
{
char *p;
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
- char *prompt = NULL;
+ char *prompt;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
return res;
}
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
+static char *app_get_pass(char *arg, int keepbio);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2)
{
int same;
if (!arg2 || !arg1 || strcmp(arg1, arg2))
else
same = 1;
if (arg1) {
- *pass1 = app_get_pass(err, arg1, same);
+ *pass1 = app_get_pass(arg1, same);
if (!*pass1)
return 0;
} else if (pass1)
*pass1 = NULL;
if (arg2) {
- *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ *pass2 = app_get_pass(arg2, same ? 2 : 0);
if (!*pass2)
return 0;
} else if (pass2)
return 1;
}
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
+static char *app_get_pass(char *arg, int keepbio)
{
char *tmp, tpass[APP_PASS_LEN];
static BIO *pwdbio = NULL;
if (!strncmp(arg, "env:", 4)) {
tmp = getenv(arg + 4);
if (!tmp) {
- BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
return NULL;
}
return BUF_strdup(tmp);
if (!strncmp(arg, "file:", 5)) {
pwdbio = BIO_new_file(arg + 5, "r");
if (!pwdbio) {
- BIO_printf(err, "Can't open file %s\n", arg + 5);
+ BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
return NULL;
}
#if !defined(_WIN32)
if (i >= 0)
pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
if ((i < 0) || !pwdbio) {
- BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
return NULL;
}
/*
pwdbio = BIO_push(btmp, pwdbio);
#endif
} else if (!strcmp(arg, "stdin")) {
- pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ pwdbio = dup_bio_in();
if (!pwdbio) {
- BIO_printf(err, "Can't open BIO for stdin\n");
+ BIO_printf(bio_err, "Can't open BIO for stdin\n");
return NULL;
}
} else {
- BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
return NULL;
}
}
pwdbio = NULL;
}
if (i <= 0) {
- BIO_printf(err, "Error reading password from BIO\n");
+ BIO_printf(bio_err, "Error reading password from BIO\n");
return NULL;
}
tmp = strchr(tpass, '\n');
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, CONF *conf)
+int add_oid_section(CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
return 1;
}
if (!(sktmp = NCONF_get_section(conf, p))) {
- BIO_printf(err, "problem loading oid section %s\n", p);
+ BIO_printf(bio_err, "problem loading oid section %s\n", p);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
cnf = sk_CONF_VALUE_value(sktmp, i);
if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
- BIO_printf(err, "problem creating object %s=%s\n",
+ BIO_printf(bio_err, "problem creating object %s=%s\n",
cnf->name, cnf->value);
return 0;
}
return 1;
}
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
+static int load_pkcs12(BIO *in, const char *desc,
pem_password_cb *pem_cb, void *cb_data,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
PKCS12 *p12;
p12 = d2i_PKCS12_bio(in, NULL);
if (p12 == NULL) {
- BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
+ BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
goto die;
}
/* See if an empty password will do */
pem_cb = (pem_password_cb *)password_callback;
len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
if (len < 0) {
- BIO_printf(err, "Passpharse callback error for %s\n", desc);
+ BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
goto die;
}
if (len < PEM_BUFSIZE)
tpass[len] = 0;
if (!PKCS12_verify_mac(p12, tpass, len)) {
- BIO_printf(err,
+ BIO_printf(bio_err,
"Mac verify error (wrong password?) in PKCS12 file for %s\n",
desc);
goto die;
return ret;
}
-int load_cert_crl_http(const char *url, BIO *err,
- X509 **pcert, X509_CRL **pcrl)
+int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
{
char *host = NULL, *port = NULL, *path = NULL;
BIO *bio = NULL;
if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
goto err;
if (use_ssl) {
- if (err)
- BIO_puts(err, "https not supported\n");
+ BIO_puts(bio_err, "https not supported\n");
goto err;
}
bio = BIO_new_connect(host);
if (pcert) {
do {
rv = X509_http_nbio(rctx, pcert);
- }
- while (rv == -1);
+ } while (rv == -1);
} else {
do {
rv = X509_CRL_http_nbio(rctx, pcrl);
if (rctx)
OCSP_REQ_CTX_free(rctx);
if (rv != 1) {
- if (bio && err)
- BIO_printf(bio_err, "Error loading %s from %s\n",
- pcert ? "certificate" : "CRL", url);
+ BIO_printf(bio_err, "Error loading %s from %s\n",
+ pcert ? "certificate" : "CRL", url);
ERR_print_errors(bio_err);
}
return rv;
}
-X509 *load_cert(BIO *err, const char *file, int format,
+X509 *load_cert(const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
{
X509 *x = NULL;
BIO *cert;
if (format == FORMAT_HTTP) {
- load_cert_crl_http(file, err, &x, NULL);
+ load_cert_crl_http(file, &x, NULL);
return x;
}
- if ((cert = BIO_new(BIO_s_file())) == NULL) {
- ERR_print_errors(err);
- goto end;
- }
-
if (file == NULL) {
- setbuf(stdin, NULL); /* don't do buffered reads */
- BIO_set_fp(cert, stdin, BIO_NOCLOSE);
- } else {
- if (BIO_read_filename(cert, file) <= 0) {
- BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
+ unbuffer(stdin);
+ cert = dup_bio_in();
+ } else
+ cert = bio_open_default(file, RB(format));
+ if (cert == NULL)
+ goto end;
if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
nx->header->length) != 0)) {
NETSCAPE_X509_free(nx);
- BIO_printf(err, "Error reading header on certificate\n");
+ BIO_printf(bio_err, "Error reading header on certificate\n");
goto end;
}
x = nx->cert;
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12) {
- if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+ if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
goto end;
} else {
- BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
+ BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
goto end;
}
end:
if (x == NULL) {
- BIO_printf(err, "unable to load certificate\n");
- ERR_print_errors(err);
+ BIO_printf(bio_err, "unable to load certificate\n");
+ ERR_print_errors(bio_err);
}
if (cert != NULL)
BIO_free(cert);
BIO *in = NULL;
if (format == FORMAT_HTTP) {
- load_cert_crl_http(infile, bio_err, NULL, &x);
+ load_cert_crl_http(infile, NULL, &x);
return x;
}
- in = BIO_new(BIO_s_file());
- if (in == NULL) {
- ERR_print_errors(bio_err);
+ in = bio_open_default(infile, RB(format));
+ if (in == NULL)
goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- else {
- if (BIO_read_filename(in, infile) <= 0) {
- perror(infile);
- goto end;
- }
- }
if (format == FORMAT_ASN1)
x = d2i_X509_CRL_bio(in, NULL);
else if (format == FORMAT_PEM)
return (x);
}
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key = NULL;
cb_data.prompt_info = file;
if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
- BIO_printf(err, "no keyfile specified\n");
+ BIO_printf(bio_err, "no keyfile specified\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE) {
if (!e)
- BIO_printf(err, "no engine specified\n");
+ BIO_printf(bio_err, "no engine specified\n");
else {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
if (!pkey) {
- BIO_printf(err, "cannot load %s from engine\n", key_descrip);
- ERR_print_errors(err);
+ BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+ ERR_print_errors(bio_err);
}
}
goto end;
}
#endif
- key = BIO_new(BIO_s_file());
- if (key == NULL) {
- ERR_print_errors(err);
- goto end;
- }
if (file == NULL && maybe_stdin) {
- setbuf(stdin, NULL); /* don't do buffered reads */
- BIO_set_fp(key, stdin, BIO_NOCLOSE);
- } else if (BIO_read_filename(key, file) <= 0) {
- BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
- ERR_print_errors(err);
+ unbuffer(stdin);
+ key = dup_bio_in();
+ } else
+ key = bio_open_default(file, RB(format));
+ if (key == NULL)
goto end;
- }
if (format == FORMAT_ASN1) {
pkey = d2i_PrivateKey_bio(key, NULL);
} else if (format == FORMAT_PEM) {
&cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
+ else if (format == FORMAT_NETSCAPE)
+ pkey = load_netscape_key(key, file, key_descrip, format);
#endif
else if (format == FORMAT_PKCS12) {
- if (!load_pkcs12(err, key, key_descrip,
+ if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
&pkey, NULL, NULL))
goto end;
&cb_data);
#endif
else {
- BIO_printf(err, "bad input format specified for key file\n");
+ BIO_printf(bio_err, "bad input format specified for key file\n");
goto end;
}
end:
if (key != NULL)
BIO_free(key);
if (pkey == NULL) {
- BIO_printf(err, "unable to load %s\n", key_descrip);
- ERR_print_errors(err);
+ BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+ ERR_print_errors(bio_err);
}
return (pkey);
}
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+static const char *key_file_format(int format)
+{
+ if (format == FORMAT_PEM || format == FORMAT_PEMRSA)
+ return "r";
+ return "rb";
+}
+
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key = NULL;
cb_data.prompt_info = file;
if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
- BIO_printf(err, "no keyfile specified\n");
+ BIO_printf(bio_err, "no keyfile specified\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
goto end;
}
#endif
- key = BIO_new(BIO_s_file());
- if (key == NULL) {
- ERR_print_errors(err);
- goto end;
- }
if (file == NULL && maybe_stdin) {
- setbuf(stdin, NULL); /* don't do buffered reads */
- BIO_set_fp(key, stdin, BIO_NOCLOSE);
- } else if (BIO_read_filename(key, file) <= 0) {
- BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
- ERR_print_errors(err);
+ unbuffer(stdin);
+ key = dup_bio_in();
+ } else
+ key = bio_open_default(file, key_file_format(format));
+ if (key == NULL)
goto end;
- }
if (format == FORMAT_ASN1) {
pkey = d2i_PUBKEY_bio(key, NULL);
}
&cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
+ else if (format == FORMAT_NETSCAPE)
+ pkey = load_netscape_key(key, file, key_descrip, format);
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
#endif
- else {
- BIO_printf(err, "bad input format specified for key file\n");
- goto end;
- }
end:
- BIO_free(key);
+ if (key != NULL)
+ BIO_free(key);
if (pkey == NULL)
- BIO_printf(err, "unable to load %s\n", key_descrip);
+ BIO_printf(bio_err, "unable to load %s\n", key_descrip);
return (pkey);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
const char *key_descrip, int format)
{
EVP_PKEY *pkey;
if (i == 0)
break;
if (i < 0) {
- BIO_printf(err, "Error reading %s %s", key_descrip, file);
+ BIO_printf(bio_err, "Error reading %s %s", key_descrip, file);
goto error;
}
}
p = (unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
+ rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0);
if (rsa == NULL)
goto error;
BUF_MEM_free(buf);
}
#endif /* ndef OPENSSL_NO_RC4 */
-static int load_certs_crls(BIO *err, const char *file, int format,
+static int load_certs_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts,
STACK_OF(X509_CRL) **pcrls)
cb_data.prompt_info = file;
if (format != FORMAT_PEM) {
- BIO_printf(err, "bad input format specified for %s\n", desc);
+ BIO_printf(bio_err, "bad input format specified for %s\n", desc);
return 0;
}
- if (file == NULL)
- bio = BIO_new_fp(stdin, BIO_NOCLOSE);
- else
- bio = BIO_new_file(file, "r");
-
- if (bio == NULL) {
- BIO_printf(err, "Error opening %s %s\n", desc, file ? file : "stdin");
- ERR_print_errors(err);
+ bio = bio_open_default(file, "r");
+ if (bio == NULL)
return 0;
- }
xis = PEM_X509_INFO_read_bio(bio, NULL,
(pem_password_cb *)password_callback,
sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
*pcrls = NULL;
}
- BIO_printf(err, "unable to load %s\n",
+ BIO_printf(bio_err, "unable to load %s\n",
pcerts ? "certificates" : "CRLs");
- ERR_print_errors(err);
+ ERR_print_errors(bio_err);
}
return rv;
}
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+STACK_OF(X509) *load_certs(const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
- if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+ if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
return NULL;
return certs;
}
-STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
+STACK_OF(X509_CRL) *load_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
- if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+ if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
return NULL;
return crls;
}
}
}
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+void print_bignum_var(BIO *out, BIGNUM *in, const char *var,
+ int len, unsigned char *buffer)
{
- X509_STORE *store;
+ BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
+ if (BN_is_zero(in))
+ BIO_printf(out, "\n\t0x00");
+ else {
+ int i, l;
+
+ l = BN_bn2bin(in, buffer);
+ for (i = 0; i < l; i++) {
+ if ((i % 10) == 0)
+ BIO_printf(out, "\n\t");
+ if (i < l - 1)
+ BIO_printf(out, "0x%02X, ", buffer[i]);
+ else
+ BIO_printf(out, "0x%02X", buffer[i]);
+ }
+ }
+ BIO_printf(out, "\n };\n");
+}
+void print_array(BIO *out, const char* title, int len, const unsigned char* d)
+{
+ int i;
+
+ BIO_printf(out, "unsigned char %s[%d] = {", title, len);
+ for (i = 0; i < len; i++) {
+ if ((i % 10) == 0)
+ BIO_printf(out, "\n ");
+ if (i < len - 1)
+ BIO_printf(out, "0x%02X, ", d[i]);
+ else
+ BIO_printf(out, "0x%02X", d[i]);
+ }
+ BIO_printf(out, "\n};\n");
+}
+
+X509_STORE *setup_verify(char *CAfile, char *CApath)
+{
+ X509_STORE *store = X509_STORE_new();
X509_LOOKUP *lookup;
- if (!(store = X509_STORE_new()))
+
+ if (!store)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
if (CAfile) {
if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading file %s\n", CAfile);
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end;
}
} else
goto end;
if (CApath) {
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading directory %s\n", CApath);
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto end;
}
} else
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+static ENGINE *try_load_engine(const char *engine, int debug)
{
ENGINE *e = ENGINE_by_id("dynamic");
if (e) {
return e;
}
-ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+ENGINE *setup_engine(const char *engine, int debug)
{
ENGINE *e = NULL;
if (engine) {
if (strcmp(engine, "auto") == 0) {
- BIO_printf(err, "enabling auto ENGINE support\n");
+ BIO_printf(bio_err, "enabling auto ENGINE support\n");
ENGINE_register_all_complete();
return NULL;
}
if ((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(err, engine, debug)) == NULL) {
- BIO_printf(err, "invalid engine \"%s\"\n", engine);
- ERR_print_errors(err);
+ && (e = try_load_engine(engine, debug)) == NULL) {
+ BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
+ ERR_print_errors(bio_err);
return NULL;
}
if (debug) {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
}
ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- BIO_printf(err, "can't use that engine\n");
- ERR_print_errors(err);
+ BIO_printf(bio_err, "can't use that engine\n");
+ ERR_print_errors(bio_err);
ENGINE_free(e);
return NULL;
}
- BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+ BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
/* Free our "structural" reference. */
ENGINE_free(e);
}
#endif
-int load_config(BIO *err, CONF *cnf)
-{
- static int load_config_called = 0;
- if (load_config_called)
- return 1;
- load_config_called = 1;
- if (!cnf)
- cnf = config;
- if (!cnf)
- return 1;
-
- OPENSSL_load_builtin_modules();
-
- if (CONF_modules_load(cnf, NULL, 0) <= 0) {
- BIO_printf(err, "Error configuring OpenSSL\n");
- ERR_print_errors(err);
- return 0;
- }
- return 1;
-}
-
-char *make_config_name()
-{
- const char *t = X509_get_default_cert_area();
- size_t len;
- char *p;
-
- len = strlen(t) + strlen(OPENSSL_CONF) + 2;
- p = OPENSSL_malloc(len);
- if (p == NULL)
- return NULL;
- BUF_strlcpy(p, t, len);
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(p, "/", len);
-#endif
- BUF_strlcat(p, OPENSSL_CONF, len);
-
- return p;
-}
-
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
const char *n;
if (ai == NULL)
goto err;
- if ((in = BIO_new(BIO_s_file())) == NULL) {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in, serialfile) <= 0) {
+ in = BIO_new_file(serialfile, "r");
+ if (in == NULL) {
if (!create) {
perror(serialfile);
goto err;
- } else {
- ret = BN_new();
- if (ret == NULL || !rand_serial(ret, ai))
- BIO_printf(bio_err, "Out of memory\n");
}
+ ERR_clear_error();
+ ret = BN_new();
+ if (ret == NULL || !rand_serial(ret, ai))
+ BIO_printf(bio_err, "Out of memory\n");
} else {
if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
BIO_printf(bio_err, "unable to load number from %s\n",
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
- out = BIO_new(BIO_s_file());
+ out = BIO_new_file(buf[0], "w");
if (out == NULL) {
ERR_print_errors(bio_err);
goto err;
}
- if (BIO_write_filename(out, buf[0]) <= 0) {
- perror(serialfile);
- goto err;
- }
if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
{
CA_DB *retdb = NULL;
TXT_DB *tmpdb = NULL;
- BIO *in = BIO_new(BIO_s_file());
+ BIO *in;
CONF *dbattr_conf = NULL;
char buf[1][BSIZE];
long errorline = -1;
+ in = BIO_new_file(dbfile, "r");
if (in == NULL) {
ERR_print_errors(bio_err);
goto err;
}
- if (BIO_read_filename(in, dbfile) <= 0) {
- perror(dbfile);
- BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
- goto err;
- }
if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
goto err;
int save_index(const char *dbfile, const char *suffix, CA_DB *db)
{
char buf[3][BSIZE];
- BIO *out = BIO_new(BIO_s_file());
+ BIO *out;
int j;
- if (out == NULL) {
- ERR_print_errors(bio_err);
- goto err;
- }
-
j = strlen(dbfile) + strlen(suffix);
if (j + 6 >= BSIZE) {
BIO_printf(bio_err, "file name too long\n");
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
#endif
- if (BIO_write_filename(out, buf[0]) <= 0) {
+ out = BIO_new_file(buf[0], "w");
+ if (out == NULL) {
perror(dbfile);
BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
goto err;
}
j = TXT_DB_write(out, db->db);
+ BIO_free(out);
if (j <= 0)
goto err;
- BIO_free(out);
-
- out = BIO_new(BIO_s_file());
+ out = BIO_new_file(buf[1], "w");
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
#endif
- if (BIO_write_filename(out, buf[1]) <= 0) {
+ if (out == NULL) {
perror(buf[2]);
BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
goto err;
return NULL;
}
-int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
-{
- ASN1_OBJECT *otmp = NULL;
- unsigned long flags = 0;
- int i;
- int purpose = 0, depth = -1;
- char **oldargs = *pargs;
- char *arg = **pargs, *argn = (*pargs)[1];
- const X509_VERIFY_PARAM *vpm = NULL;
- time_t at_time = 0;
- char *hostname = NULL;
- char *email = NULL;
- char *ipasc = NULL;
- if (!strcmp(arg, "-policy")) {
- if (!argn)
- *badarg = 1;
- else {
- otmp = OBJ_txt2obj(argn, 0);
- if (!otmp) {
- BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
- *badarg = 1;
- }
- }
- (*pargs)++;
- } else if (strcmp(arg, "-purpose") == 0) {
- X509_PURPOSE *xptmp;
- if (!argn)
- *badarg = 1;
- else {
- i = X509_PURPOSE_get_by_sname(argn);
- if (i < 0) {
- BIO_printf(err, "unrecognized purpose\n");
- *badarg = 1;
- } else {
- xptmp = X509_PURPOSE_get0(i);
- purpose = X509_PURPOSE_get_id(xptmp);
- }
- }
- (*pargs)++;
- } else if (strcmp(arg, "-verify_name") == 0) {
- if (!argn)
- *badarg = 1;
- else {
- vpm = X509_VERIFY_PARAM_lookup(argn);
- if (!vpm) {
- BIO_printf(err, "unrecognized verify name\n");
- *badarg = 1;
- }
- }
- (*pargs)++;
- } else if (strcmp(arg, "-verify_depth") == 0) {
- if (!argn)
- *badarg = 1;
- else {
- depth = atoi(argn);
- if (depth < 0) {
- BIO_printf(err, "invalid depth\n");
- *badarg = 1;
- }
- }
- (*pargs)++;
- } else if (strcmp(arg, "-attime") == 0) {
- if (!argn)
- *badarg = 1;
- else {
- long timestamp;
- /*
- * interpret the -attime argument as seconds since Epoch
- */
- if (sscanf(argn, "%li", ×tamp) != 1) {
- BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
- *badarg = 1;
- }
- /* on some platforms time_t may be a float */
- at_time = (time_t)timestamp;
- }
- (*pargs)++;
- } else if (strcmp(arg, "-verify_hostname") == 0) {
- if (!argn)
- *badarg = 1;
- hostname = argn;
- (*pargs)++;
- } else if (strcmp(arg, "-verify_email") == 0) {
- if (!argn)
- *badarg = 1;
- email = argn;
- (*pargs)++;
- } else if (strcmp(arg, "-verify_ip") == 0) {
- if (!argn)
- *badarg = 1;
- ipasc = argn;
- (*pargs)++;
- } else if (!strcmp(arg, "-ignore_critical"))
- flags |= X509_V_FLAG_IGNORE_CRITICAL;
- else if (!strcmp(arg, "-issuer_checks"))
- flags |= X509_V_FLAG_CB_ISSUER_CHECK;
- else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
- else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
- else if (!strcmp(arg, "-policy_check"))
- flags |= X509_V_FLAG_POLICY_CHECK;
- else if (!strcmp(arg, "-explicit_policy"))
- flags |= X509_V_FLAG_EXPLICIT_POLICY;
- else if (!strcmp(arg, "-inhibit_any"))
- flags |= X509_V_FLAG_INHIBIT_ANY;
- else if (!strcmp(arg, "-inhibit_map"))
- flags |= X509_V_FLAG_INHIBIT_MAP;
- else if (!strcmp(arg, "-x509_strict"))
- flags |= X509_V_FLAG_X509_STRICT;
- else if (!strcmp(arg, "-extended_crl"))
- flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
- else if (!strcmp(arg, "-use_deltas"))
- flags |= X509_V_FLAG_USE_DELTAS;
- else if (!strcmp(arg, "-policy_print"))
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
- else if (!strcmp(arg, "-trusted_first"))
- flags |= X509_V_FLAG_TRUSTED_FIRST;
- else if (!strcmp(arg, "-suiteB_128_only"))
- flags |= X509_V_FLAG_SUITEB_128_LOS_ONLY;
- else if (!strcmp(arg, "-suiteB_128"))
- flags |= X509_V_FLAG_SUITEB_128_LOS;
- else if (!strcmp(arg, "-suiteB_192"))
- flags |= X509_V_FLAG_SUITEB_192_LOS;
- else if (!strcmp(arg, "-partial_chain"))
- flags |= X509_V_FLAG_PARTIAL_CHAIN;
- else if (!strcmp(arg, "-no_alt_chains"))
- flags |= X509_V_FLAG_NO_ALT_CHAINS;
- else
- return 0;
-
- if (*badarg) {
- if (*pm)
- X509_VERIFY_PARAM_free(*pm);
- *pm = NULL;
- goto end;
- }
-
- if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
- *badarg = 1;
- goto end;
- }
-
- if (vpm)
- X509_VERIFY_PARAM_set1(*pm, vpm);
-
- if (otmp)
- X509_VERIFY_PARAM_add0_policy(*pm, otmp);
- if (flags)
- X509_VERIFY_PARAM_set_flags(*pm, flags);
-
- if (purpose)
- X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
- if (depth >= 0)
- X509_VERIFY_PARAM_set_depth(*pm, depth);
-
- if (at_time)
- X509_VERIFY_PARAM_set_time(*pm, at_time);
-
- if (hostname && !X509_VERIFY_PARAM_set1_host(*pm, hostname, 0))
- *badarg = 1;
-
- if (email && !X509_VERIFY_PARAM_set1_email(*pm, email, 0))
- *badarg = 1;
-
- if (ipasc && !X509_VERIFY_PARAM_set1_ip_asc(*pm, ipasc))
- *badarg = 1;
-
- end:
-
- (*pargs)++;
-
- if (pargc)
- *pargc -= *pargs - oldargs;
-
- return 1;
-
-}
-
/*
* Read whole contents of a BIO into an allocated memory buffer and return
* it.
{
X509_POLICY_TREE *tree;
int explicit_policy;
- int free_out = 0;
- if (out == NULL) {
- out = BIO_new_fp(stderr, BIO_NOCLOSE);
- free_out = 1;
- }
tree = X509_STORE_CTX_get0_policy_tree(ctx);
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
- if (free_out)
- BIO_free(out);
}
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
return;
if (checkhost) {
BIO_printf(bio, "Hostname %s does%s match certificate\n",
- checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1
- ? "" : " NOT");
+ checkhost,
+ X509_check_host(x, checkhost, 0, 0, NULL) == 1
+ ? "" : " NOT");
}
if (checkemail) {
BIO_printf(bio, "Email %s does%s match certificate\n",
- checkemail, X509_check_email(x, checkemail, 0,
- 0) ? "" : " NOT");
+ checkemail, X509_check_email(x, checkemail, 0, 0)
+ ? "" : " NOT");
}
if (checkip) {
STACK_OF(X509_CRL) *crls = NULL;
X509_CRL *crl;
STACK_OF(DIST_POINT) *crldp;
+
+ crls = sk_X509_CRL_new_null();
+ if (!crls)
+ return NULL;
x = X509_STORE_CTX_get_current_cert(ctx);
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
if (!crl)
return NULL;
- crls = sk_X509_CRL_new_null();
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
return (ret);
}
-
#elif defined(OPENSSL_SYS_NETWARE)
# include <time.h>
double app_tminterval(int stop, int usertime)
{
- double ret = 0;
static clock_t tmstart;
static int warning = 1;
+ double ret = 0;
if (usertime && warning) {
BIO_printf(bio_err, "To get meaningful results, run "
return (ret);
}
+
#elif defined(OPENSSL_SYSTEM_VXWORKS)
# include <time.h>
}
#endif
+int app_access(const char* name, int flag)
+{
+#ifdef _WIN32
+ return _access(name, flag);
+#else
+ return access(name, flag);
+#endif
+}
+
/* app_isdir section */
#ifdef _WIN32
int app_isdir(const char *name)
# include <openssl/ocsp.h>
# endif
# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+# endif
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+# else
+# define openssl_fdset(a,b) FD_SET(a, b)
+# endif
+
+int app_RAND_load_file(const char *file, int dont_warn);
+int app_RAND_write_file(const char *file);
/*
* When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
* (see e_os.h). The string is
* destroyed! */
-# ifndef MONOLITH
-
-# define MAIN(a,v) main(a,v)
-
-# ifndef NON_MAIN
-CONF *config = NULL;
-BIO *bio_err = NULL;
-# else
-extern CONF *config;
-extern BIO *bio_err;
-# endif
-
-# else
-
-# define MAIN(a,v) PROG(a,v)
extern CONF *config;
extern char *default_config_file;
+extern BIO *bio_in;
+extern BIO *bio_out;
extern BIO *bio_err;
+BIO *dup_bio_in(void);
+BIO *dup_bio_out(void);
+BIO *bio_open_default(const char *filename, const char *mode);
+void unbuffer(FILE *fp);
-# endif
+/* Often used in calls to bio_open_default. */
+# define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r")
+# define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w")
-# ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-# endif
-
-# ifdef SIGPIPE
-# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
-# else
-# define do_pipe_sig()
-# endif
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+ OPT_V__FIRST=2000, \
+ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+ OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+ OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+ OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+ OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+ OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+ OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, \
+ OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+ { "policy", OPT_V_POLICY, 's' }, \
+ { "purpose", OPT_V_PURPOSE, 's' }, \
+ { "verify_name", OPT_V_VERIFY_NAME, 's' }, \
+ { "verify_depth", OPT_V_VERIFY_DEPTH, 'p' }, \
+ { "attime", OPT_V_ATTIME, 'p' }, \
+ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's' }, \
+ { "verify_email", OPT_V_VERIFY_EMAIL, 's' }, \
+ { "verify_ip", OPT_V_VERIFY_IP, 's' }, \
+ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-' }, \
+ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-' }, \
+ { "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not been revoked" }, \
+ { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in the chain" }, \
+ { "policy_check", OPT_V_POLICY_CHECK, '-' }, \
+ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-' }, \
+ { "inhibit_any", OPT_V_INHIBIT_ANY, '-' }, \
+ { "inhibit_map", OPT_V_INHIBIT_MAP, '-' }, \
+ { "x509_strict", OPT_V_X509_STRICT, '-' }, \
+ { "extended_crl", OPT_V_EXTENDED_CRL, '-' }, \
+ { "use_deltas", OPT_V_USE_DELTAS, '-' }, \
+ { "policy_print", OPT_V_POLICY_PRINT, '-' }, \
+ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-' }, \
+ { "trusted_first", OPT_V_TRUSTED_FIRST, '-', "Use locally-trusted CA's first in building chain" }, \
+ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-' }, \
+ { "suiteB_128", OPT_V_SUITEB_128, '-' }, \
+ { "suiteB_192", OPT_V_SUITEB_192, '-' }, \
+ { "partial_chain", OPT_V_PARTIAL_CHAIN, '-' }, \
+ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "Only use the first cert chain found" }
+
+# define OPT_V_CASES \
+ OPT_V__FIRST: case OPT_V__LAST: break; \
+ case OPT_V_POLICY: \
+ case OPT_V_PURPOSE: \
+ case OPT_V_VERIFY_NAME: \
+ case OPT_V_VERIFY_DEPTH: \
+ case OPT_V_ATTIME: \
+ case OPT_V_VERIFY_HOSTNAME: \
+ case OPT_V_VERIFY_EMAIL: \
+ case OPT_V_VERIFY_IP: \
+ case OPT_V_IGNORE_CRITICAL: \
+ case OPT_V_ISSUER_CHECKS: \
+ case OPT_V_CRL_CHECK: \
+ case OPT_V_CRL_CHECK_ALL: \
+ case OPT_V_POLICY_CHECK: \
+ case OPT_V_EXPLICIT_POLICY: \
+ case OPT_V_INHIBIT_ANY: \
+ case OPT_V_INHIBIT_MAP: \
+ case OPT_V_X509_STRICT: \
+ case OPT_V_EXTENDED_CRL: \
+ case OPT_V_USE_DELTAS: \
+ case OPT_V_POLICY_PRINT: \
+ case OPT_V_CHECK_SS_SIG: \
+ case OPT_V_TRUSTED_FIRST: \
+ case OPT_V_SUITEB_128_ONLY: \
+ case OPT_V_SUITEB_128: \
+ case OPT_V_SUITEB_192: \
+ case OPT_V_PARTIAL_CHAIN: \
+ case OPT_V_NO_ALT_CHAINS
-# ifdef OPENSSL_NO_COMP
-# define zlib_cleanup()
-# else
-# define zlib_cleanup() COMP_zlib_cleanup()
-# endif
+/*
+ * Common "extended"? options.
+ */
+# define OPT_X_ENUM \
+ OPT_X__FIRST=1000, \
+ OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+ OPT_X_CERTFORM, OPT_X_KEYFORM, \
+ OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+ { "xkey", OPT_X_KEY, '<' }, \
+ { "xcert", OPT_X_CERT, '<' }, \
+ { "xchain", OPT_X_CHAIN, '<' }, \
+ { "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \
+ { "xcertform", OPT_X_CERTFORM, 'F' }, \
+ { "xkeyform", OPT_X_KEYFORM, 'F' }
+
+# define OPT_X_CASES \
+ OPT_X__FIRST: case OPT_X__LAST: break; \
+ case OPT_X_KEY: \
+ case OPT_X_CERT: \
+ case OPT_X_CHAIN: \
+ case OPT_X_CHAIN_BUILD: \
+ case OPT_X_CERTFORM: \
+ case OPT_X_KEYFORM
-# if defined(MONOLITH) && !defined(OPENSSL_C)
-# define apps_startup() \
- do_pipe_sig()
-# define apps_shutdown()
-# else
-# ifndef OPENSSL_NO_ENGINE
-# define apps_startup() \
- do { do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
- RAND_cleanup(); \
- ERR_free_strings(); zlib_cleanup();} while(0)
-# else
-# define apps_startup() \
- do { do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- OBJ_cleanup(); EVP_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
- RAND_cleanup(); \
- ERR_free_strings(); zlib_cleanup(); } while(0)
-# endif
-# endif
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+ OPT_S__FIRST=3000, \
+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
+ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
+ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
+ OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
+ OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+ {"no_ssl3", OPT_S_NOSSL3, '-' }, \
+ {"no_tls1", OPT_S_NOTLS1, '-' }, \
+ {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
+ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
+ {"bugs", OPT_S_BUGS, '-' }, \
+ {"no_comp", OPT_S_NOCOMP, '-' }, \
+ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
+ {"no_ticket", OPT_S_NOTICKET, '-' }, \
+ {"serverpref", OPT_S_SERVERPREF, '-' }, \
+ {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-' }, \
+ {"legacy_server_connect", OPT_S_LEGACYCONN, '-' }, \
+ {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-' }, \
+ {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-' }, \
+ {"strict", OPT_S_STRICT, '-' }, \
+ {"sigalgs", OPT_S_SIGALGS, 's', }, \
+ {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', }, \
+ {"curves", OPT_S_CURVES, 's', }, \
+ {"named_curve", OPT_S_NAMEDCURVE, 's', }, \
+ {"cipher", OPT_S_CIPHER, 's', }, \
+ {"dhparam", OPT_S_DHPARAM, '<' }, \
+ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-' }
+
+# define OPT_S_CASES \
+ OPT_S__FIRST: case OPT_S__LAST: break; \
+ case OPT_S_NOSSL3: \
+ case OPT_S_NOTLS1: \
+ case OPT_S_NOTLS1_1: \
+ case OPT_S_NOTLS1_2: \
+ case OPT_S_BUGS: \
+ case OPT_S_NOCOMP: \
+ case OPT_S_ECDHSINGLE: \
+ case OPT_S_NOTICKET: \
+ case OPT_S_SERVERPREF: \
+ case OPT_S_LEGACYRENEG: \
+ case OPT_S_LEGACYCONN: \
+ case OPT_S_ONRESUMP: \
+ case OPT_S_NOLEGACYCONN: \
+ case OPT_S_STRICT: \
+ case OPT_S_SIGALGS: \
+ case OPT_S_CLIENTSIGALGS: \
+ case OPT_S_CURVES: \
+ case OPT_S_NAMEDCURVE: \
+ case OPT_S_CIPHER: \
+ case OPT_S_DHPARAM: \
+ case OPT_S_DEBUGBROKE
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
-# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-# else
-# define openssl_fdset(a,b) FD_SET(a, b)
-# endif
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+ const char *name;
+ int retval;
+ /*
+ * value type: - no value (also the value zero), n number, p positive
+ * number, u unsigned, s string, < input file, > output file, f der/pem
+ * format, F any format identifier. n and u include zero; p does not.
+ */
+ int valtype;
+ const char *helpstr;
+} OPTIONS;
+
+typedef struct opt_pair_st {
+ const char *name;
+ int retval;
+} OPT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER (1L << 1)
+# define OPT_FMT_PKCS12 (1L << 2)
+# define OPT_FMT_SMIME (1L << 3)
+# define OPT_FMT_ENGINE (1L << 4)
+# define OPT_FMT_MSBLOB (1L << 5)
+# define OPT_FMT_NETSCAPE (1L << 6)
+# define OPT_FMT_NSS (1L << 7)
+# define OPT_FMT_TEXT (1L << 8)
+# define OPT_FMT_HTTP (1L << 9)
+# define OPT_FMT_PVK (1L << 10)
+# define OPT_FMT_ANY ( \
+ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
+ OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next();
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char *opt_reset(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+int opt_next(void);
typedef struct args_st {
- char **data;
- int count;
+ int size;
+ int argc;
+ char **argv;
} ARGS;
# define PW_MIN_LENGTH 4
int setup_ui_method(void);
void destroy_ui_method(void);
-int should_retry(int i);
-int args_from_file(char *file, int *argc, char **argv[]);
-int str2fmt(char *s);
-void program_name(char *in, char *out, int size);
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
+int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
+void print_bignum_var(BIO *, BIGNUM *, const char*, int, unsigned char *);
+void print_array(BIO *, const char *, int, const unsigned char *);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, CONF *conf);
-X509 *load_cert(BIO *err, const char *file, int format,
+int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(CONF *conf);
+X509 *load_cert(const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
-int load_cert_crl_http(const char *url, BIO *err,
- X509 **pcert, X509_CRL **pcrl);
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+STACK_OF(X509) *load_certs(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
+STACK_OF(X509_CRL) *load_crls(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+X509_STORE *setup_verify(char *CAfile, char *CApath);
+int ctx_set_verify_locations(SSL_CTX *ctx,
+ const char *CAfile, const char *CApath);
# ifndef OPENSSL_NO_ENGINE
-ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+ENGINE *setup_engine(const char *engine, int debug);
# endif
-
# ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
-int load_config(BIO *err, CONF *cnf);
-char *make_config_name(void);
-
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
+ int *badarg, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
-int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
+int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
-int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
void store_setup_crl_download(X509_STORE *st);
+/* See OPT_FMT_xxx, above. */
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7
-# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
+int app_access(const char *, int flag);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
+# include "progs.h"
+
#endif
-/* apps/asn1pars.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#include <openssl/x509.h>
#include <openssl/pem.h>
-/*-
- * -inform arg - input format - default PEM (DER or PEM)
- * -in arg - input file - default stdin
- * -i - indent the details by depth
- * -offset - where in the file to start
- * -length - how many bytes to use
- * -oid file - extra oid description file
- */
-
-#undef PROG
-#define PROG asn1parse_main
-
-int MAIN(int, char **);
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
+ OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
+ OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
+} OPTION_CHOICE;
+
+OPTIONS asn1parse_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+ {"in", OPT_IN, '<', "input file"},
+ {"out", OPT_OUT, '>', "output file (output format is always DER)"},
+ {"i", OPT_INDENT, 0, "entries"},
+ {"noout", OPT_NOOUT, 0, "don't produce any output"},
+ {"offset", OPT_OFFSET, 'p', "offset into file"},
+ {"length", OPT_LENGTH, 'p', "length of section in file"},
+ {"oid", OPT_OID, '<', "file of extra oid definitions"},
+ {"dump", OPT_DUMP, 0, "unknown data in hex form"},
+ {"dlimit", OPT_DLIMIT, 'p',
+ "dump the first arg bytes of unknown data in hex form"},
+ {"strparse", OPT_STRPARSE, 's',
+ "offset; a series of these can be used to 'dig'"},
+ {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
+ {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
+ {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
+ {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
+ {"strictpem", OPT_STRICTPEM, 0,
+ "do not attempt base64 decode outside PEM markers"},
+ {NULL}
+};
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-int MAIN(int argc, char **argv)
+int asn1parse_main(int argc, char **argv)
{
- int i, badops = 0, offset = 0, ret = 1, j;
- unsigned int length = 0;
- long num, tmplen;
- BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
- int informat, indent = 0, noout = 0, dump = 0, strictpem = 0;
- char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile =
- NULL, *name = NULL, *header = NULL;
- char *genstr = NULL, *genconf = NULL;
- unsigned char *tmpbuf;
- const unsigned char *ctmpbuf;
+ ASN1_TYPE *at = NULL;
+ BIO *in = NULL, *b64 = NULL, *derout = NULL;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
- ASN1_TYPE *at = NULL;
-
- informat = FORMAT_PEM;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ char *genstr = NULL, *genconf = NULL;
+ char *infile = NULL, *str = NULL, *oidfile = NULL, *derfile = NULL;
+ char *name = NULL, *header = NULL, *prog;
+ const unsigned char *ctmpbuf;
+ int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+ int offset = 0, ret = 1, i, j;
+ long num, tmplen;
+ unsigned char *tmpbuf;
+ unsigned int length = 0;
+ OPTION_CHOICE o;
- if (!load_config(bio_err, NULL))
- goto end;
+ prog = opt_init(argc, argv, asn1parse_options);
- prog = argv[0];
- argc--;
- argv++;
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
+ BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
- while (argc >= 1) {
- if (strcmp(*argv, "-inform") == 0) {
- if (--argc < 1)
- goto bad;
- informat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-in") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
- } else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
- goto bad;
- derfile = *(++argv);
- } else if (strcmp(*argv, "-i") == 0) {
+
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(asn1parse_options);
+ ret = 0;
+ goto end;
+ case OPT_INFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ goto opthelp;
+ goto end;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_OUT:
+ derfile = opt_arg();
+ break;
+ case OPT_INDENT:
indent = 1;
- } else if (strcmp(*argv, "-noout") == 0)
+ break;
+ case OPT_NOOUT:
noout = 1;
- else if (strcmp(*argv, "-oid") == 0) {
- if (--argc < 1)
- goto bad;
- oidfile = *(++argv);
- } else if (strcmp(*argv, "-offset") == 0) {
- if (--argc < 1)
- goto bad;
- offset = atoi(*(++argv));
- } else if (strcmp(*argv, "-length") == 0) {
- if (--argc < 1)
- goto bad;
- length = atoi(*(++argv));
- if (length == 0)
- goto bad;
- } else if (strcmp(*argv, "-dump") == 0) {
+ break;
+ case OPT_OID:
+ oidfile = opt_arg();
+ break;
+ case OPT_OFFSET:
+ offset = strtol(opt_arg(), NULL, 0);
+ break;
+ case OPT_LENGTH:
+ length = atoi(opt_arg());
+ break;
+ case OPT_DUMP:
dump = -1;
- } else if (strcmp(*argv, "-dlimit") == 0) {
- if (--argc < 1)
- goto bad;
- dump = atoi(*(++argv));
- if (dump <= 0)
- goto bad;
- } else if (strcmp(*argv, "-strparse") == 0) {
- if (--argc < 1)
- goto bad;
- sk_OPENSSL_STRING_push(osk, *(++argv));
- } else if (strcmp(*argv, "-genstr") == 0) {
- if (--argc < 1)
- goto bad;
- genstr = *(++argv);
- } else if (strcmp(*argv, "-genconf") == 0) {
- if (--argc < 1)
- goto bad;
- genconf = *(++argv);
- } else if (strcmp(*argv, "-strictpem") == 0) {
+ break;
+ case OPT_DLIMIT:
+ dump = atoi(opt_arg());
+ break;
+ case OPT_STRPARSE:
+ sk_OPENSSL_STRING_push(osk, opt_arg());
+ break;
+ case OPT_GENSTR:
+ genstr = opt_arg();
+ break;
+ case OPT_GENCONF:
+ genconf = opt_arg();
+ break;
+ case OPT_STRICTPEM:
strictpem = 1;
informat = FORMAT_PEM;
- } else {
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops = 1;
break;
}
- argc--;
- argv++;
}
-
- if (badops) {
- bad:
- BIO_printf(bio_err, "%s [options] <infile\n", prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err, " -in arg input file\n");
- BIO_printf(bio_err,
- " -out arg output file (output format is always DER\n");
- BIO_printf(bio_err, " -noout arg don't produce any output\n");
- BIO_printf(bio_err, " -offset arg offset into file\n");
- BIO_printf(bio_err, " -length arg length of section in file\n");
- BIO_printf(bio_err, " -i indent entries\n");
- BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
- BIO_printf(bio_err,
- " -dlimit arg dump the first arg bytes of unknown data in hex form\n");
- BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
- BIO_printf(bio_err, " -strparse offset\n");
- BIO_printf(bio_err,
- " a series of these can be used to 'dig' into multiple\n");
- BIO_printf(bio_err, " ASN1 blob wrappings\n");
- BIO_printf(bio_err,
- " -genstr str string to generate ASN1 structure from\n");
- BIO_printf(bio_err,
- " -genconf file file to generate ASN1 structure from\n");
- BIO_printf(bio_err,
- " -strictpem do not attempt base64 decode outside PEM markers (-inform \n");
- BIO_printf(bio_err, " will be ignored)\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in = BIO_new(BIO_s_file());
- out = BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL)) {
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
+ argc = opt_num_rest();
+ argv = opt_rest();
if (oidfile != NULL) {
- if (BIO_read_filename(in, oidfile) <= 0) {
- BIO_printf(bio_err, "problems opening %s\n", oidfile);
- ERR_print_errors(bio_err);
+ in = bio_open_default(oidfile, "r");
+ if (in == NULL)
goto end;
- }
OBJ_create_objects(in);
+ BIO_free(in);
}
- if (infile == NULL)
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- else {
- if (BIO_read_filename(in, infile) <= 0) {
- perror(infile);
- goto end;
- }
- }
+ if ((in = bio_open_default(infile, "r")) == NULL)
+ goto end;
- if (derfile) {
- if (!(derout = BIO_new_file(derfile, "wb"))) {
- BIO_printf(bio_err, "problems opening %s\n", derfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
+ if (derfile && (derout = bio_open_default(derfile, "wb")) == NULL)
+ goto end;
if (strictpem) {
if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
}
}
if (!noout &&
- !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
+ !ASN1_parse_dump(bio_out, (unsigned char *)&(str[offset]), length,
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
end:
BIO_free(derout);
BIO_free(in);
- BIO_free_all(out);
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
if (osk != NULL)
sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
+ return (ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
-/* apps/ca.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
# define R_OK 4
#endif
-#undef PROG
-#define PROG ca_main
+#undef BSIZE
+#define BSIZE 256
#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define ENV_CRL_DIR "crl_dir"
#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
+#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-static const char *ca_usage[] = {
- "usage: ca args\n",
- "\n",
- " -verbose - Talk a lot while doing things\n",
- " -config file - A config file\n",
- " -name arg - The particular CA definition to use\n",
- " -gencrl - Generate a new CRL\n",
- " -crldays days - Days is when the next CRL is due\n",
- " -crlhours hours - Hours is when the next CRL is due\n",
- " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
- " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
- " -days arg - number of days to certify the certificate for\n",
- " -md arg - md to use, one of md2, md5, sha or sha1\n",
- " -policy arg - The CA 'policy' to support\n",
- " -keyfile arg - private key file\n",
- " -keyform arg - private key file format (PEM or ENGINE)\n",
- " -key arg - key to decode the private key if it is encrypted\n",
- " -cert file - The CA certificate\n",
- " -selfsign - sign a certificate with the key associated with it\n",
- " -in file - The input PEM encoded certificate request(s)\n",
- " -out file - Where to put the output file(s)\n",
- " -outdir dir - Where to put output certificates\n",
- " -infiles .... - The last argument, requests to process\n",
- " -spkac file - File contains DN and signed public key and challenge\n",
- " -ss_cert file - File contains a self signed cert to sign\n",
- " -preserveDN - Don't re-order the DN\n",
- " -noemailDN - Don't add the EMAIL field into certificate' subject\n",
- " -batch - Don't ask questions\n",
- " -msie_hack - msie modifications to handle all those universal strings\n",
- " -revoke file - Revoke a certificate (given in file)\n",
- " -subj arg - Use arg instead of request's subject\n",
- " -utf8 - input characters are UTF8 (default ASCII)\n",
- " -multivalue-rdn - enable support for multivalued RDNs\n",
- " -extensions .. - Extension section (override value in config file)\n",
- " -extfile file - Configuration file with X509v3 extensions to add\n",
- " -crlexts .. - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
- " -engine e - use engine e, possibly a hardware device.\n",
-#endif
- " -status serial - Shows certificate status given the serial number\n",
- " -updatedb - Updates db for expired certificates\n",
- NULL
-};
-
#ifdef EFENCE
extern int EF_PROTECT_FREE;
extern int EF_PROTECT_BELOW;
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, const char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+
static CONF *conf = NULL;
static CONF *extconf = NULL;
static char *section = NULL;
-
static int preserve = 0;
static int msie_hack = 0;
-int MAIN(int, char **);
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
+ OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
+ OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
+ OPT_KEY, OPT_CERT, OPT_SELFSIGN, OPT_IN, OPT_OUT, OPT_OUTDIR,
+ OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
+ OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
+ OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
+ OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+ OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE,
+ OPT_CRL_CA_COMPROMISE
+} OPTION_CHOICE;
+
+OPTIONS ca_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
+ {"config", OPT_CONFIG, 's', "A config file"},
+ {"name", OPT_NAME, 's', "The particular CA definition to use"},
+ {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
+ {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+ {"create_serial", OPT_CREATE_SERIAL, '-'},
+ {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+ "Enable support for multivalued RDNs"},
+ {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+ {"enddate", OPT_ENDDATE, 's',
+ "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+ {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+ {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+ {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+ {"keyfile", OPT_KEYFILE, '<', "Private key file"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
+ {"passin", OPT_PASSIN, 's'},
+ {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
+ {"cert", OPT_CERT, '<', "The CA cert"},
+ {"selfsign", OPT_SELFSIGN, '-',
+ "Sign a cert with the key associated with it"},
+ {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
+ {"out", OPT_OUT, '>', "Where to put the output file(s)"},
+ {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
+ {"sigopt", OPT_SIGOPT, 's'},
+ {"notext", OPT_NOTEXT, '-'},
+ {"batch", OPT_BATCH, '-', "Don't ask questions"},
+ {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
+ {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+ {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
+ {"msie_hack", OPT_MSIE_HACK, '-',
+ "msie modifications to handle all those universal strings"},
+ {"crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due"},
+ {"crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due"},
+ {"crlsec", OPT_CRLSEC, 'p'},
+ {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
+ {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
+ {"spkac", OPT_SPKAC, '<',
+ "File contains DN and signed public key and challenge"},
+ {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
+ {"valid", OPT_VALID, 's'},
+ {"extensions", OPT_EXTENSIONS, 's',
+ "Extension section (override value in config file)"},
+ {"extfile", OPT_EXTFILE, '<',
+ "Configuration file with X509v3 extensions to add"},
+ {"status", OPT_STATUS, 's', "Shows cert status given the serial number"},
+ {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
+ {"crlexts", OPT_CRLEXTS, 's',
+ "CRL extension section (override value in config file)"},
+ {"crl_reason", OPT_CRL_REASON, 's'},
+ {"crl_hold", OPT_CRL_HOLD, 's'},
+ {"crl_compromise", OPT_CRL_COMPROMISE, 's'},
+ {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's'},
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+ {NULL}
+};
-int MAIN(int argc, char **argv)
+int ca_main(int argc, char **argv)
{
ENGINE *e = NULL;
- char *key = NULL, *passargin = NULL;
- int create_ser = 0;
- int free_key = 0;
- int total = 0;
- int total_done = 0;
- int badops = 0;
- int ret = 1;
- int email_dn = 1;
- int req = 0;
- int verbose = 0;
- int gencrl = 0;
- int dorevoke = 0;
- int doupdatedb = 0;
- long crldays = 0;
- long crlhours = 0;
- long crlsec = 0;
- long errorline = -1;
- char *configfile = NULL;
- char *md = NULL;
- char *policy = NULL;
- char *keyfile = NULL;
- char *certfile = NULL;
- int keyform = FORMAT_PEM;
- char *infile = NULL;
- char *spkac_file = NULL;
- char *ss_cert_file = NULL;
- char *ser_status = NULL;
+ BIGNUM *crlnumber = NULL, *serial = NULL;
EVP_PKEY *pkey = NULL;
- int output_der = 0;
- char *outfile = NULL;
- char *outdir = NULL;
- char *serialfile = NULL;
- char *crlnumberfile = NULL;
- char *extensions = NULL;
- char *extfile = NULL;
- char *subj = NULL;
- unsigned long chtype = MBSTRING_ASC;
- int multirdn = 0;
- char *tmp_email_dn = NULL;
- char *crl_ext = NULL;
- int rev_type = REV_NONE;
- char *rev_arg = NULL;
- BIGNUM *serial = NULL;
- BIGNUM *crlnumber = NULL;
- char *startdate = NULL;
- char *enddate = NULL;
- long days = 0;
- int batch = 0;
- int notext = 0;
- unsigned long nameopt = 0, certopt = 0;
- int default_op = 1;
- int ext_copy = EXT_COPY_NONE;
- int selfsign = 0;
- X509 *x509 = NULL, *x509p = NULL;
- X509 *x = NULL;
BIO *in = NULL, *out = NULL, *Sout = NULL, *Cout = NULL;
- char *dbfile = NULL;
- CA_DB *db = NULL;
- X509_CRL *crl = NULL;
- X509_REVOKED *r = NULL;
- ASN1_TIME *tmptm;
ASN1_INTEGER *tmpser;
- char *f;
- const char *p;
- char *const *pp;
- int i, j;
- const EVP_MD *dgst = NULL;
+ ASN1_TIME *tmptm;
+ CA_DB *db = NULL;
+ DB_ATTR db_attr;
STACK_OF(CONF_VALUE) *attribs = NULL;
- STACK_OF(X509) *cert_sk = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL;
-#undef BSIZE
-#define BSIZE 256
+ STACK_OF(X509) *cert_sk = NULL;
+ X509_CRL *crl = NULL;
+ const EVP_MD *dgst = NULL;
+ char *configfile = NULL, *md = NULL, *policy = NULL, *keyfile = NULL;
+ char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *enddate =
+ NULL;
+ char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+ char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
+ char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
+ char *serialfile = NULL, *startdate = NULL, *subj = NULL, *tmp_email_dn =
+ NULL;
+ char *prog;
+ char *const *pp;
+ char *dbfile = NULL, *engine = NULL, *f, *randfile = NULL, *tofree = NULL;
char buf[3][BSIZE];
- char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- char *tofree = NULL;
- DB_ATTR db_attr;
+ const char *p;
+ int create_ser = 0, free_key = 0, total = 0, total_done = 0;
+ int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
+ int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
+ int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
+ int i, j, rev_type = REV_NONE, selfsign = 0;
+ long crldays = 0, crlhours = 0, crlsec = 0, errorline = -1, days = 0;
+ unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
+ X509 *x509 = NULL, *x509p = NULL, *x = NULL;
+ X509_REVOKED *r = NULL;
+ OPTION_CHOICE o;
#ifdef EFENCE
EF_PROTECT_FREE = 1;
EF_ALIGNMENT = 0;
#endif
- apps_startup();
-
conf = NULL;
- key = NULL;
section = NULL;
-
preserve = 0;
msie_hack = 0;
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- argc--;
- argv++;
- while (argc >= 1) {
- if (strcmp(*argv, "-verbose") == 0)
- verbose = 1;
- else if (strcmp(*argv, "-config") == 0) {
- if (--argc < 1)
- goto bad;
- configfile = *(++argv);
- } else if (strcmp(*argv, "-name") == 0) {
- if (--argc < 1)
- goto bad;
- section = *(++argv);
- } else if (strcmp(*argv, "-subj") == 0) {
- if (--argc < 1)
- goto bad;
- subj = *(++argv);
- /* preserve=1; */
- } else if (strcmp(*argv, "-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv, "-create_serial") == 0)
+
+ prog = opt_init(argc, argv, ca_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(ca_options);
+ ret = 0;
+ goto end;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_VERBOSE:
+ verbose = 1;
+ break;
+ case OPT_CONFIG:
+ configfile = opt_arg();
+ break;
+ case OPT_NAME:
+ section = opt_arg();
+ break;
+ case OPT_SUBJ:
+ subj = opt_arg();
+ /* preserve=1; */
+ break;
+ case OPT_UTF8:
+ chtype = MBSTRING_UTF8;
+ break;
+ case OPT_CREATE_SERIAL:
create_ser = 1;
- else if (strcmp(*argv, "-multivalue-rdn") == 0)
+ break;
+ case OPT_MULTIVALUE_RDN:
multirdn = 1;
- else if (strcmp(*argv, "-startdate") == 0) {
- if (--argc < 1)
- goto bad;
- startdate = *(++argv);
- } else if (strcmp(*argv, "-enddate") == 0) {
- if (--argc < 1)
- goto bad;
- enddate = *(++argv);
- } else if (strcmp(*argv, "-days") == 0) {
- if (--argc < 1)
- goto bad;
- days = atoi(*(++argv));
- } else if (strcmp(*argv, "-md") == 0) {
- if (--argc < 1)
- goto bad;
- md = *(++argv);
- } else if (strcmp(*argv, "-policy") == 0) {
- if (--argc < 1)
- goto bad;
- policy = *(++argv);
- } else if (strcmp(*argv, "-keyfile") == 0) {
- if (--argc < 1)
- goto bad;
- keyfile = *(++argv);
- } else if (strcmp(*argv, "-keyform") == 0) {
- if (--argc < 1)
- goto bad;
- keyform = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-passin") == 0) {
- if (--argc < 1)
- goto bad;
- passargin = *(++argv);
- } else if (strcmp(*argv, "-key") == 0) {
- if (--argc < 1)
- goto bad;
- key = *(++argv);
- } else if (strcmp(*argv, "-cert") == 0) {
- if (--argc < 1)
- goto bad;
- certfile = *(++argv);
- } else if (strcmp(*argv, "-selfsign") == 0)
+ break;
+ case OPT_STARTDATE:
+ startdate = opt_arg();
+ break;
+ case OPT_ENDDATE:
+ enddate = opt_arg();
+ break;
+ case OPT_DAYS:
+ days = atoi(opt_arg());
+ break;
+ case OPT_MD:
+ md = opt_arg();
+ break;
+ case OPT_POLICY:
+ policy = opt_arg();
+ break;
+ case OPT_KEYFILE:
+ keyfile = opt_arg();
+ break;
+ case OPT_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+ goto opthelp;
+ break;
+ case OPT_PASSIN:
+ passinarg = opt_arg();
+ break;
+ case OPT_KEY:
+ key = opt_arg();
+ break;
+ case OPT_CERT:
+ certfile = opt_arg();
+ break;
+ case OPT_SELFSIGN:
selfsign = 1;
- else if (strcmp(*argv, "-in") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
- req = 1;
- } else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
- goto bad;
- outfile = *(++argv);
- } else if (strcmp(*argv, "-outdir") == 0) {
- if (--argc < 1)
- goto bad;
- outdir = *(++argv);
- } else if (strcmp(*argv, "-sigopt") == 0) {
- if (--argc < 1)
- goto bad;
- if (!sigopts)
+ break;
+ case OPT_OUTDIR:
+ outdir = opt_arg();
+ break;
+ case OPT_SIGOPT:
+ if (sigopts == NULL)
sigopts = sk_OPENSSL_STRING_new_null();
- if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
- goto bad;
- } else if (strcmp(*argv, "-notext") == 0)
+ if (sigopts == NULL
+ || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+ goto end;
+ break;
+ case OPT_NOTEXT:
notext = 1;
- else if (strcmp(*argv, "-batch") == 0)
+ break;
+ case OPT_BATCH:
batch = 1;
- else if (strcmp(*argv, "-preserveDN") == 0)
+ break;
+ case OPT_PRESERVEDN:
preserve = 1;
- else if (strcmp(*argv, "-noemailDN") == 0)
+ break;
+ case OPT_NOEMAILDN:
email_dn = 0;
- else if (strcmp(*argv, "-gencrl") == 0)
+ break;
+ case OPT_GENCRL:
gencrl = 1;
- else if (strcmp(*argv, "-msie_hack") == 0)
+ break;
+ case OPT_MSIE_HACK:
msie_hack = 1;
- else if (strcmp(*argv, "-crldays") == 0) {
- if (--argc < 1)
- goto bad;
- crldays = atol(*(++argv));
- } else if (strcmp(*argv, "-crlhours") == 0) {
- if (--argc < 1)
- goto bad;
- crlhours = atol(*(++argv));
- } else if (strcmp(*argv, "-crlsec") == 0) {
- if (--argc < 1)
- goto bad;
- crlsec = atol(*(++argv));
- } else if (strcmp(*argv, "-infiles") == 0) {
- argc--;
- argv++;
- req = 1;
break;
- } else if (strcmp(*argv, "-ss_cert") == 0) {
- if (--argc < 1)
- goto bad;
- ss_cert_file = *(++argv);
+ case OPT_CRLDAYS:
+ crldays = atol(opt_arg());
+ break;
+ case OPT_CRLHOURS:
+ crlhours = atol(opt_arg());
+ break;
+ case OPT_CRLSEC:
+ crlsec = atol(opt_arg());
+ break;
+ case OPT_INFILES:
req = 1;
- } else if (strcmp(*argv, "-spkac") == 0) {
- if (--argc < 1)
- goto bad;
- spkac_file = *(++argv);
+ goto end_of_options;
+ case OPT_SS_CERT:
+ ss_cert_file = opt_arg();
req = 1;
- } else if (strcmp(*argv, "-revoke") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
+ break;
+ case OPT_SPKAC:
+ spkac_file = opt_arg();
+ req = 1;
+ break;
+ case OPT_REVOKE:
+ infile = opt_arg();
dorevoke = 1;
- } else if (strcmp(*argv, "-valid") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
+ break;
+ case OPT_VALID:
+ infile = opt_arg();
dorevoke = 2;
- } else if (strcmp(*argv, "-extensions") == 0) {
- if (--argc < 1)
- goto bad;
- extensions = *(++argv);
- } else if (strcmp(*argv, "-extfile") == 0) {
- if (--argc < 1)
- goto bad;
- extfile = *(++argv);
- } else if (strcmp(*argv, "-status") == 0) {
- if (--argc < 1)
- goto bad;
- ser_status = *(++argv);
- } else if (strcmp(*argv, "-updatedb") == 0) {
+ break;
+ case OPT_EXTENSIONS:
+ extensions = opt_arg();
+ break;
+ case OPT_EXTFILE:
+ extfile = opt_arg();
+ break;
+ case OPT_STATUS:
+ ser_status = opt_arg();
+ break;
+ case OPT_UPDATEDB:
doupdatedb = 1;
- } else if (strcmp(*argv, "-crlexts") == 0) {
- if (--argc < 1)
- goto bad;
- crl_ext = *(++argv);
- } else if (strcmp(*argv, "-crl_reason") == 0) {
- if (--argc < 1)
- goto bad;
- rev_arg = *(++argv);
+ break;
+ case OPT_CRLEXTS:
+ crl_ext = opt_arg();
+ break;
+ case OPT_CRL_REASON:
+ rev_arg = opt_arg();
rev_type = REV_CRL_REASON;
- } else if (strcmp(*argv, "-crl_hold") == 0) {
- if (--argc < 1)
- goto bad;
- rev_arg = *(++argv);
+ break;
+ case OPT_CRL_HOLD:
+ rev_arg = opt_arg();
rev_type = REV_HOLD;
- } else if (strcmp(*argv, "-crl_compromise") == 0) {
- if (--argc < 1)
- goto bad;
- rev_arg = *(++argv);
+ break;
+ case OPT_CRL_COMPROMISE:
+ rev_arg = opt_arg();
rev_type = REV_KEY_COMPROMISE;
- } else if (strcmp(*argv, "-crl_CA_compromise") == 0) {
- if (--argc < 1)
- goto bad;
- rev_arg = *(++argv);
+ break;
+ case OPT_CRL_CA_COMPROMISE:
+ rev_arg = opt_arg();
rev_type = REV_CA_COMPROMISE;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv, "-engine") == 0) {
- if (--argc < 1)
- goto bad;
- engine = *(++argv);
- }
-#endif
- else {
- bad:
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops = 1;
+ break;
+ case OPT_ENGINE:
+ engine = opt_arg();
break;
}
- argc--;
- argv++;
}
+end_of_options:
+ argc = opt_num_rest();
+ argv = opt_rest();
- if (badops) {
- const char **pp2;
-
- for (pp2 = ca_usage; (*pp2 != NULL); pp2++)
- BIO_printf(bio_err, "%s", *pp2);
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- /*****************************************************************/
tofree = NULL;
if (configfile == NULL)
configfile = getenv("OPENSSL_CONF");
tofree = OPENSSL_malloc(len);
if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
- goto err;
+ goto end;
}
strcpy(tofree, s);
#else
tofree = OPENSSL_malloc(len);
if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
- goto err;
+ goto end;
}
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
errorline, configfile);
- goto err;
+ goto end;
}
if (tofree) {
OPENSSL_free(tofree);
tofree = NULL;
}
-
- if (!load_config(bio_err, conf))
- goto err;
-
#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(engine, 0);
#endif
/* Lets get the config section we are using */
section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
if (section == NULL) {
lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
- goto err;
+ goto end;
}
}
BIO_free(oid_bio);
}
}
- if (!add_oid_section(bio_err, conf)) {
+ if (!add_oid_section(conf)) {
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
}
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
+ app_RAND_load_file(randfile, 0);
f = NCONF_get_string(conf, section, STRING_MASK);
if (!f)
if (f && !ASN1_STRING_set_default_mask_asc(f)) {
BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
- goto err;
+ goto end;
}
if (chtype != MBSTRING_UTF8) {
db_attr.unique_subject = 1;
p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
if (p) {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
db_attr.unique_subject = parse_yesno(p, 1);
} else
ERR_clear_error();
-#ifdef RL_DEBUG
- if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
- db_attr.unique_subject);
-#endif
-
- in = BIO_new(BIO_s_file());
- out = BIO_new(BIO_s_file());
- Sout = BIO_new(BIO_s_file());
- Cout = BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) {
- ERR_print_errors(bio_err);
- goto err;
- }
/*****************************************************************/
/* report status of cert with serial number given on command line */
if (ser_status) {
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
- goto err;
+ goto end;
}
db = load_index(dbfile, &db_attr);
if (db == NULL)
- goto err;
+ goto end;
if (!index_index(db))
- goto err;
+ goto end;
if (get_certificate_status(ser_status, db) != 1)
BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
- goto err;
+ goto end;
}
/*****************************************************************/
ENV_PRIVATE_KEY)) ==
NULL)) {
lookup_fail(section, ENV_PRIVATE_KEY);
- goto err;
+ goto end;
}
if (!key) {
free_key = 1;
- if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) {
+ if (!app_passwd(passinarg, NULL, &key, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
- goto err;
+ goto end;
}
}
- pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");
+ pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
if (key)
OPENSSL_cleanse(key, strlen(key));
if (pkey == NULL) {
/* load_key() has already printed an appropriate message */
- goto err;
+ goto end;
}
/*****************************************************************/
section,
ENV_CERTIFICATE)) == NULL)) {
lookup_fail(section, ENV_CERTIFICATE);
- goto err;
+ goto end;
}
- x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
- "CA certificate");
+ x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate");
if (x509 == NULL)
- goto err;
+ goto end;
if (!X509_check_private_key(x509, pkey)) {
BIO_printf(bio_err,
"CA certificate and CA private key do not match\n");
- goto err;
+ goto end;
}
}
if (!selfsign)
if (f) {
if (!set_name_ex(&nameopt, f)) {
BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
- goto err;
+ goto end;
}
default_op = 0;
} else
if (f) {
if (!set_cert_ex(&certopt, f)) {
BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
- goto err;
+ goto end;
}
default_op = 0;
} else
if (f) {
if (!set_ext_copy(&ext_copy, f)) {
BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
- goto err;
+ goto end;
}
} else
ERR_clear_error();
== NULL) {
BIO_printf(bio_err,
"there needs to be defined a directory for new certificate to be placed in\n");
- goto err;
+ goto end;
}
#ifndef OPENSSL_SYS_VMS
/*
* routines to convert the directory syntax to Unixly, and give that
* to access(). However, time's too short to do that just now.
*/
-# ifndef _WIN32
- if (access(outdir, R_OK | W_OK | X_OK) != 0)
-# else
- if (_access(outdir, R_OK | W_OK | X_OK) != 0)
-# endif
+ if (app_access(outdir, R_OK | W_OK | X_OK) != 0)
{
BIO_printf(bio_err, "I am unable to access the %s directory\n",
outdir);
perror(outdir);
- goto err;
+ goto end;
}
if (app_isdir(outdir) <= 0) {
BIO_printf(bio_err, "%s need to be a directory\n", outdir);
perror(outdir);
- goto err;
+ goto end;
}
#endif
}
/* we need to load the database file */
if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
lookup_fail(section, ENV_DATABASE);
- goto err;
+ goto end;
}
db = load_index(dbfile, &db_attr);
if (db == NULL)
- goto err;
+ goto end;
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
BIO_printf(bio_err,
"entry %d: not revoked yet, but has a revocation date\n",
i + 1);
- goto err;
+ goto end;
}
if ((pp[DB_type][0] == DB_TYPE_REV) &&
!make_revoked(NULL, pp[DB_rev_date])) {
BIO_printf(bio_err, " in entry %d\n", i + 1);
- goto err;
+ goto end;
}
if (!check_time_format((char *)pp[DB_exp_date])) {
BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
- goto err;
+ goto end;
}
p = pp[DB_serial];
j = strlen(p);
if ((j & 1) || (j < 2)) {
BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
i + 1, j);
- goto err;
+ goto end;
}
while (*p) {
if (!(((*p >= '0') && (*p <= '9')) ||
BIO_printf(bio_err,
"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",
i + 1, (long)(p - pp[DB_serial]), *p);
- goto err;
+ goto end;
}
p++;
}
}
if (verbose) {
- BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- TXT_DB_write(out, db->db);
+ TXT_DB_write(bio_out, db->db);
BIO_printf(bio_err, "%d entries loaded from the database\n",
sk_OPENSSL_PSTRING_num(db->db->data));
BIO_printf(bio_err, "generating index\n");
}
if (!index_index(db))
- goto err;
+ goto end;
/*****************************************************************/
/* Update the db file for expired certificates */
i = do_updatedb(db);
if (i == -1) {
BIO_printf(bio_err, "Malloc failure\n");
- goto err;
+ goto end;
} else if (i == 0) {
if (verbose)
BIO_printf(bio_err, "No entries found to mark expired\n");
} else {
if (!save_index(dbfile, "new", db))
- goto err;
+ goto end;
if (!rotate_index(dbfile, "new", "old"))
- goto err;
+ goto end;
if (verbose)
BIO_printf(bio_err,
"ERROR: on line %ld of config file '%s'\n",
errorline, extfile);
ret = 1;
- goto err;
+ goto end;
}
if (verbose)
/*****************************************************************/
if (req || gencrl) {
- if (outfile != NULL) {
- if (BIO_write_filename(Sout, outfile) <= 0) {
- perror(outfile);
- goto err;
- }
- } else {
- BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- Sout = BIO_push(tmpbio, Sout);
- }
-#endif
- }
+ Sout = bio_open_default(outfile, "w");
+ if (Sout == NULL)
+ goto end;
}
if ((md == NULL) && ((md = NCONF_get_string(conf,
section,
ENV_DEFAULT_MD)) == NULL)) {
lookup_fail(section, ENV_DEFAULT_MD);
- goto err;
+ goto end;
}
if (!strcmp(md, "default")) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
BIO_puts(bio_err, "no default digest\n");
- goto err;
+ goto end;
}
md = (char *)OBJ_nid2sn(def_nid);
}
- if ((dgst = EVP_get_digestbyname(md)) == NULL) {
- BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
- goto err;
+ if (!opt_md(md, &dgst)) {
+ goto end;
}
if (req) {
ENV_POLICY)) ==
NULL)) {
lookup_fail(section, ENV_POLICY);
- goto err;
+ goto end;
}
if (verbose)
BIO_printf(bio_err, "policy is %s\n", policy);
if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
== NULL) {
lookup_fail(section, ENV_SERIAL);
- goto err;
+ goto end;
}
if (!extconf) {
"Error Loading extension section %s\n",
extensions);
ret = 1;
- goto err;
+ goto end;
}
}
}
if (startdate && !ASN1_TIME_set_string(NULL, startdate)) {
BIO_printf(bio_err,
"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
- goto err;
+ goto end;
}
if (startdate == NULL)
startdate = "today";
if (enddate && !ASN1_TIME_set_string(NULL, enddate)) {
BIO_printf(bio_err,
"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
- goto err;
+ goto end;
}
if (days == 0) {
if (!enddate && (days == 0)) {
BIO_printf(bio_err,
"cannot lookup how many days to certify for\n");
- goto err;
+ goto end;
}
if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
BIO_printf(bio_err, "error while loading serial number\n");
- goto err;
+ goto end;
}
if (verbose) {
if (BN_is_zero(serial))
BIO_printf(bio_err, "next serial number is 00\n");
else {
if ((f = BN_bn2hex(serial)) == NULL)
- goto err;
+ goto end;
BIO_printf(bio_err, "next serial number is %s\n", f);
OPENSSL_free(f);
}
if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
- goto err;
+ goto end;
}
if ((cert_sk = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
if (spkac_file != NULL) {
total++;
conf, verbose, certopt, nameopt, default_op,
ext_copy);
if (j < 0)
- goto err;
+ goto end;
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
- goto err;
+ goto end;
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
if (outfile) {
output_der = 1;
conf, verbose, certopt, nameopt, default_op,
ext_copy, e);
if (j < 0)
- goto err;
+ goto end;
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
- goto err;
+ goto end;
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
}
}
enddate, days, batch, extensions, conf, verbose,
certopt, nameopt, default_op, ext_copy, selfsign);
if (j < 0)
- goto err;
+ goto end;
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
- goto err;
+ goto end;
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
}
}
enddate, days, batch, extensions, conf, verbose,
certopt, nameopt, default_op, ext_copy, selfsign);
if (j < 0)
- goto err;
+ goto end;
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
- goto err;
+ goto end;
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
}
}
BIO_printf(bio_err,
"CERTIFICATION CANCELED: I/O error\n");
ret = 0;
- goto err;
+ goto end;
}
if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
ret = 0;
- goto err;
+ goto end;
}
}
sk_X509_num(cert_sk));
if (!save_serial(serialfile, "new", serial, NULL))
- goto err;
+ goto end;
if (!save_index(dbfile, "new", db))
- goto err;
+ goto end;
}
if (verbose)
if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
BIO_printf(bio_err, "certificate file name too long\n");
- goto err;
+ goto end;
}
strcpy(buf[2], outdir);
if (verbose)
BIO_printf(bio_err, "writing %s\n", buf[2]);
- if (BIO_write_filename(Cout, buf[2]) <= 0) {
+ Cout = BIO_new_file(buf[2], "w");
+ if (Cout == NULL) {
perror(buf[2]);
- goto err;
+ goto end;
}
write_new_certificate(Cout, x, 0, notext);
write_new_certificate(Sout, x, output_der, notext);
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
if (!rotate_serial(serialfile, "new", "old"))
- goto err;
+ goto end;
if (!rotate_index(dbfile, "new", "old"))
- goto err;
+ goto end;
BIO_printf(bio_err, "Data Base Updated\n");
}
"Error Loading CRL extension section %s\n",
crl_ext);
ret = 1;
- goto err;
+ goto end;
}
}
!= NULL)
if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
BIO_printf(bio_err, "error while loading CRL number\n");
- goto err;
+ goto end;
}
if (!crldays && !crlhours && !crlsec) {
if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
BIO_printf(bio_err,
"cannot lookup how long until the next CRL is issued\n");
- goto err;
+ goto end;
}
if (verbose)
BIO_printf(bio_err, "making CRL\n");
if ((crl = X509_CRL_new()) == NULL)
- goto err;
+ goto end;
if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
- goto err;
+ goto end;
tmptm = ASN1_TIME_new();
if (!tmptm)
- goto err;
+ goto end;
X509_gmtime_adj(tmptm, 0);
X509_CRL_set_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
- goto err;
+ goto end;
}
X509_CRL_set_nextUpdate(crl, tmptm);
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_type][0] == DB_TYPE_REV) {
if ((r = X509_REVOKED_new()) == NULL)
- goto err;
+ goto end;
j = make_revoked(r, pp[DB_rev_date]);
if (!j)
- goto err;
+ goto end;
if (j == 2)
crl_v2 = 1;
if (!BN_hex2bn(&serial, pp[DB_serial]))
- goto err;
+ goto end;
tmpser = BN_to_ASN1_INTEGER(serial, NULL);
BN_free(serial);
serial = NULL;
if (!tmpser)
- goto err;
+ goto end;
X509_REVOKED_set_serialNumber(r, tmpser);
ASN1_INTEGER_free(tmpser);
X509_CRL_add0_revoked(crl, r);
if (crl_ext)
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
- goto err;
+ goto end;
if (crlnumberfile != NULL) {
tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
if (!tmpser)
- goto err;
+ goto end;
X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
ASN1_INTEGER_free(tmpser);
crl_v2 = 1;
if (!BN_add_word(crlnumber, 1))
- goto err;
+ goto end;
}
}
if (crl_ext || crl_v2) {
if (!X509_CRL_set_version(crl, 1))
- goto err; /* version 2 CRL */
+ goto end; /* version 2 CRL */
}
/* we have a CRL number that need updating */
if (crlnumberfile != NULL)
if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
- goto err;
+ goto end;
if (crlnumber) {
BN_free(crlnumber);
crlnumber = NULL;
}
- if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
- goto err;
+ if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
+ goto end;
PEM_write_bio_X509_CRL(Sout, crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */
if (!rotate_serial(crlnumberfile, "new", "old"))
- goto err;
+ goto end;
}
/*****************************************************************/
if (dorevoke) {
if (infile == NULL) {
BIO_printf(bio_err, "no input files\n");
- goto err;
+ goto end;
} else {
X509 *revcert;
- revcert = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile);
+ revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile);
if (revcert == NULL)
- goto err;
+ goto end;
if (dorevoke == 2)
rev_type = -1;
j = do_revoke(revcert, db, rev_type, rev_arg);
if (j <= 0)
- goto err;
+ goto end;
X509_free(revcert);
if (!save_index(dbfile, "new", db))
- goto err;
+ goto end;
if (!rotate_index(dbfile, "new", "old"))
- goto err;
+ goto end;
BIO_printf(bio_err, "Data Base Updated\n");
}
}
/*****************************************************************/
ret = 0;
- err:
+ end:
if (tofree)
OPENSSL_free(tofree);
BIO_free_all(Cout);
if (ret)
ERR_print_errors(bio_err);
- app_RAND_write_file(randfile, bio_err);
+ app_RAND_write_file(randfile);
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
NCONF_free(conf);
NCONF_free(extconf);
OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
+ return (ret);
}
static void lookup_fail(const char *name, const char *tag)
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- in = BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in, infile) <= 0) {
- perror(infile);
- goto err;
+ in = BIO_new_file(infile, "r");
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
}
if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "Error reading certificate request in %s\n",
infile);
- goto err;
+ goto end;
}
if (verbose)
X509_REQ_print(bio_err, req);
BIO_printf(bio_err,
"Certificate request and CA private key do not match\n");
ok = 0;
- goto err;
+ goto end;
}
if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
- goto err;
+ goto end;
}
i = X509_REQ_verify(req, pktmp);
EVP_PKEY_free(pktmp);
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
if (i == 0) {
ok = 0;
BIO_printf(bio_err,
"Signature did not match the certificate request\n");
ERR_print_errors(bio_err);
- goto err;
+ goto end;
} else
BIO_printf(bio_err, "Signature ok\n");
verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, selfsign);
- err:
+ end:
if (req != NULL)
X509_REQ_free(req);
BIO_free(in);
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req =
- load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
- goto err;
+ if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ goto end;
if (verbose)
X509_print(bio_err, req);
if ((pktmp = X509_get_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
- goto err;
+ goto end;
}
i = X509_verify(req, pktmp);
EVP_PKEY_free(pktmp);
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
- goto err;
+ goto end;
}
if (i == 0) {
ok = 0;
BIO_printf(bio_err, "Signature did not match the certificate\n");
- goto err;
+ goto end;
} else
BIO_printf(bio_err, "Signature ok\n");
if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
- goto err;
+ goto end;
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
chtype, multirdn, email_dn, startdate, enddate, days, batch,
verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, 0);
- err:
+ end:
if (rreq != NULL)
X509_REQ_free(rreq);
if (req != NULL)
if (!n) {
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
X509_REQ_set_subject_name(req, n);
req->req_info->enc.modified = 1;
(str->type != V_ASN1_IA5STRING)) {
BIO_printf(bio_err,
"\nemailAddress type needs to be of type IA5STRING\n");
- goto err;
+ goto end;
}
if ((str->type != V_ASN1_BMPSTRING)
&& (str->type != V_ASN1_UTF8STRING)) {
(str->type == V_ASN1_PRINTABLESTRING))) {
BIO_printf(bio_err,
"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
+ goto end;
}
}
/* Ok, now we check the 'policy' stuff. */
if ((subject = X509_NAME_new()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
/* take a copy of the issuer name before we mess with it. */
else
CAname = X509_NAME_dup(x509->cert_info->subject);
if (CAname == NULL)
- goto err;
+ goto end;
str = str2 = NULL;
for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
BIO_printf(bio_err,
"%s:unknown object type in 'policy' configuration\n",
cv->name);
- goto err;
+ goto end;
}
obj = OBJ_nid2obj(j);
BIO_printf(bio_err,
"The %s field needed to be supplied and was missing\n",
cv->name);
- goto err;
+ goto end;
} else
push = tne;
} else if (strcmp(cv->value, "match") == 0) {
BIO_printf(bio_err,
"The mandatory %s field was missing\n",
cv->name);
- goto err;
+ goto end;
}
last2 = -1;
BIO_printf(bio_err,
"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
cv->name);
- goto err;
+ goto end;
}
if (j >= 0) {
push = X509_NAME_get_entry(CAname, j);
cv->name,
((str2 == NULL) ? "NULL" : (char *)str2->data),
((str == NULL) ? "NULL" : (char *)str->data));
- goto err;
+ goto end;
}
} else {
BIO_printf(bio_err,
"%s:invalid type in 'policy' configuration\n",
cv->value);
- goto err;
+ goto end;
}
if (push != NULL) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
}
if (j < 0)
/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
subject = X509_NAME_dup(name);
if (subject == NULL)
- goto err;
+ goto end;
}
if (verbose)
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
if (db->attributes.unique_subject) {
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
- goto err;
+ goto end;
}
/* We are now totally happy, lets make and sign the certificate */
"Everything appears to be ok, creating and signing the certificate\n");
if ((ret = X509_new()) == NULL)
- goto err;
+ goto end;
ci = ret->cert_info;
#ifdef X509_V3
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
- goto err;
+ goto end;
#endif
if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
- goto err;
+ goto end;
if (selfsign) {
if (!X509_set_issuer_name(ret, subject))
- goto err;
+ goto end;
} else {
if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
- goto err;
+ goto end;
}
if (strcmp(startdate, "today") == 0)
}
if (!X509_set_subject_name(ret, subject))
- goto err;
+ goto end;
pktmp = X509_REQ_get_pubkey(req);
i = X509_set_pubkey(ret, pktmp);
EVP_PKEY_free(pktmp);
if (!i)
- goto err;
+ goto end;
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
- goto err;
+ goto end;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
"ERROR: adding extensions in section %s\n",
ext_sect);
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
if (verbose)
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
ext_sect);
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
if (verbose)
if (!copy_extensions(ret, req, ext_copy)) {
BIO_printf(bio_err, "ERROR: adding extensions from request\n");
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
- goto err;
+ goto end;
}
if (!default_op) {
BIO_printf(bio_err,
"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
ok = 0;
- goto err;
+ goto end;
}
if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
ok = 0;
- goto err;
+ goto end;
}
}
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_free(pktmp);
- if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
- goto err;
+ if (!do_X509_sign(ret, pkey, dgst, sigopts))
+ goto end;
/* We now just add it to the database */
row[DB_type] = (char *)OPENSSL_malloc(2);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
BUF_strlcpy(row[DB_file], "unknown", 8);
row[DB_type][0] = 'V';
if ((irow =
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
for (i = 0; i < DB_NUMBER; i++) {
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
- goto err;
+ goto end;
}
ok = 1;
- err:
+ end:
for (i = 0; i < DB_NUMBER; i++)
if (row[i] != NULL)
OPENSSL_free(row[i]);
if (parms == NULL) {
BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
CONF_free(parms);
- goto err;
+ goto end;
}
/*
req = X509_REQ_new();
if (req == NULL) {
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
/*
BIO_printf(bio_err,
"unable to load Netscape SPKAC structure\n");
ERR_print_errors(bio_err);
- goto err;
+ goto end;
}
}
continue;
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
(unsigned char *)buf, -1, -1, 0))
- goto err;
+ goto end;
}
if (spki == NULL) {
BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
infile);
- goto err;
+ goto end;
}
/*
if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
BIO_printf(bio_err, "error unpacking SPKAC public key\n");
- goto err;
+ goto end;
}
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
- goto err;
+ goto end;
}
BIO_printf(bio_err, "Signature ok\n");
chtype, multirdn, email_dn, startdate, enddate, days, 1,
verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, 0);
- err:
+ end:
if (req != NULL)
X509_REQ_free(req);
if (parms != NULL)
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
if (!bn)
- goto err;
+ goto end;
if (BN_is_zero(bn))
row[DB_serial] = BUF_strdup("00");
else
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
/*
* We have to lookup by serial number because name lookup skips revoked
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
BUF_strlcpy(row[DB_file], "unknown", 8);
row[DB_type][0] = 'V';
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) ==
NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
+ goto end;
}
for (i = 0; i < DB_NUMBER; i++) {
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
- goto err;
+ goto end;
}
/* Revoke Certificate */
else
ok = do_revoke(x509, db, type, value);
- goto err;
+ goto end;
} else if (index_name_cmp_noconst(row, rrow)) {
BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
- goto err;
+ goto end;
} else if (type == -1) {
BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
row[DB_serial]);
- goto err;
+ goto end;
} else if (rrow[DB_type][0] == 'R') {
BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
row[DB_serial]);
- goto err;
+ goto end;
} else {
BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
rev_str = make_revocation_str(type, value);
if (!rev_str) {
BIO_printf(bio_err, "Error in revocation arguments\n");
- goto err;
+ goto end;
}
rrow[DB_type][0] = 'R';
rrow[DB_type][1] = '\0';
rrow[DB_rev_date] = rev_str;
}
ok = 1;
- err:
+ end:
for (i = 0; i < DB_NUMBER; i++) {
if (row[i] != NULL)
OPENSSL_free(row[i]);
row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Malloc failure\n");
- goto err;
+ goto end;
}
if (strlen(serial) % 2) {
if (rrow == NULL) {
BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
ok = -1;
- goto err;
+ goto end;
} else if (rrow[DB_type][0] == 'V') {
BIO_printf(bio_err, "%s=Valid (%c)\n",
row[DB_serial], rrow[DB_type][0]);
- goto err;
+ goto end;
} else if (rrow[DB_type][0] == 'R') {
BIO_printf(bio_err, "%s=Revoked (%c)\n",
row[DB_serial], rrow[DB_type][0]);
- goto err;
+ goto end;
} else if (rrow[DB_type][0] == 'E') {
BIO_printf(bio_err, "%s=Expired (%c)\n",
row[DB_serial], rrow[DB_type][0]);
- goto err;
+ goto end;
} else if (rrow[DB_type][0] == 'S') {
BIO_printf(bio_err, "%s=Suspended (%c)\n",
row[DB_serial], rrow[DB_type][0]);
- goto err;
+ goto end;
} else {
BIO_printf(bio_err, "%s=Unknown (%c).\n",
row[DB_serial], rrow[DB_type][0]);
ok = -1;
}
- err:
+ end:
for (i = 0; i < DB_NUMBER; i++) {
if (row[i] != NULL)
OPENSSL_free(row[i]);
a_tm_s = (char *)OPENSSL_malloc(a_tm->length + 1);
if (a_tm_s == NULL) {
cnt = -1;
- goto err;
+ goto end;
}
memcpy(a_tm_s, a_tm->data, a_tm->length);
}
}
- err:
+ end:
ASN1_UTCTIME_free(a_tm);
OPENSSL_free(a_tm_s);
i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
if (i == 0)
- goto err;
+ goto end;
if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
- goto err;
+ goto end;
if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
rtmp = ASN1_ENUMERATED_new();
if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
- goto err;
+ goto end;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
- goto err;
+ goto end;
}
if (rev && comp_time) {
if (!X509_REVOKED_add1_ext_i2d
(rev, NID_invalidity_date, comp_time, 0, 0))
- goto err;
+ goto end;
}
if (rev && hold) {
if (!X509_REVOKED_add1_ext_i2d
(rev, NID_hold_instruction_code, hold, 0, 0))
- goto err;
+ goto end;
}
if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
else
ret = 1;
- err:
+ end:
if (tmp)
OPENSSL_free(tmp);
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str)
{
- char *tmp = NULL;
+ char *tmp;
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
int reason_code = -1;
int ret = 0;
unsigned int i;
ASN1_OBJECT *hold = NULL;
ASN1_GENERALIZEDTIME *comp_time = NULL;
- tmp = BUF_strdup(str);
+ tmp = BUF_strdup(str);
if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n");
- goto err;
+ goto end;
}
p = strchr(tmp, ',');
*prevtm = ASN1_UTCTIME_new();
if (!*prevtm) {
BIO_printf(bio_err, "memory allocation failure\n");
- goto err;
+ goto end;
}
if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
- goto err;
+ goto end;
}
}
if (reason_str) {
}
if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
- goto err;
+ goto end;
}
if (reason_code == 7)
else if (reason_code == 8) { /* Hold instruction */
if (!arg_str) {
BIO_printf(bio_err, "missing hold instruction\n");
- goto err;
+ goto end;
}
reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
hold = OBJ_txt2obj(arg_str, 0);
if (!hold) {
BIO_printf(bio_err, "invalid object identifier %s\n",
arg_str);
- goto err;
+ goto end;
}
if (phold)
*phold = hold;
} else if ((reason_code == 9) || (reason_code == 10)) {
if (!arg_str) {
BIO_printf(bio_err, "missing compromised time\n");
- goto err;
+ goto end;
}
comp_time = ASN1_GENERALIZEDTIME_new();
if (!comp_time) {
BIO_printf(bio_err, "memory allocation failure\n");
- goto err;
+ goto end;
}
if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
- goto err;
+ goto end;
}
if (reason_code == 9)
reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
ret = 1;
- err:
+ end:
if (tmp)
OPENSSL_free(tmp);
-/* apps/ciphers.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#include <openssl/err.h>
#include <openssl/ssl.h>
-#undef PROG
-#define PROG ciphers_main
-
-static const char *ciphers_usage[] = {
- "usage: ciphers args\n",
- " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
- " -V - even more verbose\n",
- " -ssl3 - SSL3 mode\n",
- " -tls1 - TLS1 mode\n",
- NULL
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+#ifndef OPENSSL_NO_SSL_TRACE
+ OPT_STDNAME,
+#endif
+#ifndef OPENSSL_NO_SSL3
+ OPT_SSL3,
+#endif
+ OPT_TLS1,
+ OPT_V, OPT_UPPER_V, OPT_S
+} OPTION_CHOICE;
+
+OPTIONS ciphers_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
+ {"V", OPT_UPPER_V, '-', "Even more verbose"},
+ {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL_TRACE
+ {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+ {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+ {NULL}
};
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int ciphers_main(int argc, char **argv)
{
- int ret = 1, i;
- int verbose = 0, Verbose = 0;
- int use_supported = 0;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ STACK_OF(SSL_CIPHER) *sk = NULL;
+ const SSL_METHOD *meth = SSLv23_server_method();
+ int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
- const char **pp;
const char *p;
- int badops = 0;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
- char *ciphers = NULL;
- const SSL_METHOD *meth = NULL;
- STACK_OF(SSL_CIPHER) *sk = NULL;
+ char *ciphers = NULL, *prog;
char buf[512];
- BIO *STDout = NULL;
-
- meth = SSLv23_server_method();
-
- apps_startup();
-
- if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
- STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- STDout = BIO_push(tmpbio, STDout);
- }
-#endif
- if (!load_config(bio_err, NULL))
- goto end;
-
- argc--;
- argv++;
- while (argc >= 1) {
- if (strcmp(*argv, "-v") == 0)
+ OPTION_CHOICE o;
+
+ prog = opt_init(argc, argv, ciphers_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(ciphers_options);
+ ret = 0;
+ goto end;
+ case OPT_V:
verbose = 1;
- else if (strcmp(*argv, "-V") == 0)
+ break;
+ case OPT_UPPER_V:
verbose = Verbose = 1;
- else if (strcmp(*argv, "-s") == 0)
+ break;
+ case OPT_S:
use_supported = 1;
+ break;
#ifndef OPENSSL_NO_SSL_TRACE
- else if (strcmp(*argv, "-stdname") == 0)
+ case OPT_STDNAME:
stdname = verbose = 1;
+ break;
#endif
#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv, "-ssl3") == 0)
+ case OPT_SSL3:
meth = SSLv3_client_method();
+ break;
#endif
- else if (strcmp(*argv, "-tls1") == 0)
+ case OPT_TLS1:
meth = TLSv1_client_method();
- else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
- badops = 1;
break;
- } else {
- ciphers = *argv;
}
- argc--;
- argv++;
}
+ argv = opt_rest();
+ argc = opt_num_rest();
- if (badops) {
- for (pp = ciphers_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err, "%s", *pp);
- goto end;
- }
-
- OpenSSL_add_ssl_algorithms();
+ if (argc == 1)
+ ciphers = *argv;
+ else if (argc != 0)
+ goto opthelp;
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
if (p == NULL)
break;
if (i != 0)
- BIO_printf(STDout, ":");
- BIO_printf(STDout, "%s", p);
+ BIO_printf(bio_out, ":");
+ BIO_printf(bio_out, "%s", p);
}
- BIO_printf(STDout, "\n");
- } else { /* verbose */
+ BIO_printf(bio_out, "\n");
+ } else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
SSL_CIPHER *c;
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
- if ((id & 0xff000000L) == 0x03000000L) {
- /* SSL3 cipher */
- BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
- id3);
- } else {
- /* whatever */
- BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
- id1, id2, id3);
- }
+ if ((id & 0xff000000L) == 0x03000000L)
+ BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
+ * cipher */
+ else
+ BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
- BIO_printf(STDout, "%s - ", nm);
+ BIO_printf(bio_out, "%s - ", nm);
}
#endif
- BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
+ BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
ret = 0;
- if (0) {
+ goto end;
err:
- SSL_load_error_strings();
- ERR_print_errors(bio_err);
- }
+ ERR_print_errors(bio_err);
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
- BIO_free_all(STDout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
+ return (ret);
}
-/* apps/cms.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
# include <openssl/x509v3.h>
# include <openssl/cms.h>
-# undef PROG
-# define PROG cms_main
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
cms_key_param *next;
};
-int MAIN(int, char **);
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
+ OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+ OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
+ OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
+ OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
+ OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
+ OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
+ OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
+ OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
+ OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+ OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
+ OPT_CAPATH, OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY,
+ OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, OPT_RAND,
+ OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+ OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
+ OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
+ OPT_3DES_WRAP, OPT_ENGINE,
+ OPT_V_ENUM,
+ OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS cms_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+ {OPT_HELP_STR, 1, '-',
+ " cert.pem... recipient certs for encryption\n"},
+ {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"},
+ {"outform", OPT_OUTFORM, 'F',
+ "Output format SMIME (default), PEM or DER"},
+ {"in", OPT_IN, '<', "Input file"},
+ {"out", OPT_OUT, '>', "Output file"},
+ {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+ {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+ {"sign", OPT_SIGN, '-', "Sign message"},
+ {"sign_receipt", OPT_SIGN_RECEIPT, '-'},
+ {"resign", OPT_RESIGN, '-'},
+ {"verify", OPT_VERIFY, '-', "Verify signed message"},
+ {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
+ {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+ {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
+ {"data_out", OPT_DATA_OUT, '-'},
+ {"data_create", OPT_DATA_CREATE, '-'},
+ {"digest_verify", OPT_DIGEST_VERIFY, '-'},
+ {"digest_create", OPT_DIGEST_CREATE, '-'},
+ {"compress", OPT_COMPRESS, '-'},
+ {"uncompress", OPT_UNCOMPRESS, '-'},
+ {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
+ {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
+ {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+ {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+ {"asciicrlf", OPT_ASCIICRLF, '-'},
+ {"nointern", OPT_NOINTERN, '-',
+ "Don't search certificates in message for signer"},
+ {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+ {"nocerts", OPT_NOCERTS, '-',
+ "Don't include signers certificate when signing"},
+ {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+ {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+ {"nosmimecap", OPT_NOSMIMECAP, '-'},
+ {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+ {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
+ {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+ {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
+ {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+ {"stream", OPT_INDEF, '-'},
+ {"indef", OPT_INDEF, '-'},
+ {"noindef", OPT_NOINDEF, '-'},
+ {"nooldmime", OPT_NOOLDMIME, '-'},
+ {"crlfeol", OPT_CRLFEOL, '-'},
+ {"noout", OPT_NOOUT, '-'},
+ {"receipt_request_print", OPT_RR_PRINT, '-'},
+ {"receipt_request_all", OPT_RR_ALL, '-'},
+ {"receipt_request_first", OPT_RR_FIRST, '-'},
+ {"rctform", OPT_RCTFORM, 'F'},
+ {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+ {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+ {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
+ {"content", OPT_CONTENT, '<',
+ "Supply or override content for detached signature"},
+ {"print", OPT_PRINT, '-'},
+ {"secretkey", OPT_SECRETKEY, 's'},
+ {"secretkeyid", OPT_SECRETKEYID, 's'},
+ {"pwri_password", OPT_PWRI_PASSWORD, 's'},
+ {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"to", OPT_TO, 's', "To address"},
+ {"from", OPT_FROM, 's', "From address"},
+ {"subject", OPT_SUBJECT, 's', "Subject"},
+ {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+ {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
+ {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+ {"md", OPT_MD, 's'},
+ {"inkey", OPT_INKEY, '<',
+ "Input private key (if not signer or recipient)"},
+ {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+ {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
+ {"receipt_request_from", OPT_RR_FROM, 's'},
+ {"receipt_request_to", OPT_RR_TO, 's'},
+# ifndef OPENSSL_NO_AES
+ {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
+ {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
+ {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
+# endif
+# ifndef OPENSSL_NO_DES
+ {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_V_OPTIONS,
+ {NULL},
+};
-int MAIN(int argc, char **argv)
+int cms_main(int argc, char **argv)
{
- ENGINE *e = NULL;
- int operation = 0;
- int ret = 0;
- char **args;
- const char *inmode = "r", *outmode = "w";
- char *infile = NULL, *outfile = NULL, *rctfile = NULL;
- char *signerfile = NULL, *recipfile = NULL;
- STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
- char *certsoutfile = NULL;
- const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
- CMS_ContentInfo *cms = NULL, *rcms = NULL;
- X509_STORE *store = NULL;
- X509 *cert = NULL, *recip = NULL, *signer = NULL;
- EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
+ ASN1_OBJECT *econtent_type = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
- int badarg = 0;
- int flags = CMS_DETACHED, noout = 0, print = 0;
- int verify_retcode = 0;
- int rr_print = 0, rr_allorfirst = -1;
- STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+ CMS_ContentInfo *cms = NULL, *rcms = NULL;
CMS_ReceiptRequest *rr = NULL;
- char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
- char *passargin = NULL, *passin = NULL;
- char *inrand = NULL;
- int need_rand = 0;
+ ENGINE *e = NULL;
+ EVP_PKEY *key = NULL;
+ const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
const EVP_MD *sign_md = NULL;
+ STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ X509_STORE *store = NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+ char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL, *engine = NULL;
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
+ char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
+ NULL;
+ char *to = NULL, *from = NULL, *subject = NULL, *prog;
+ cms_key_param *key_first = NULL, *key_param = NULL;
+ const char *inmode = "r", *outmode = "w";
+ int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
+ 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
-# ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-# endif
- unsigned char *secret_key = NULL, *secret_keyid = NULL;
- unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
+ int need_rand = 0, operation = 0, ret = 1, rr_print = 0, rr_allorfirst =
+ -1;
+ int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
size_t secret_keylen = 0, secret_keyidlen = 0;
+ unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
+ unsigned char *secret_key = NULL, *secret_keyid = NULL;
+ long ltmp;
+ OPTION_CHOICE o;
- cms_key_param *key_first = NULL, *key_param = NULL;
-
- ASN1_OBJECT *econtent_type = NULL;
-
- X509_VERIFY_PARAM *vpm = NULL;
-
- args = argv + 1;
- ret = 1;
-
- apps_startup();
-
- if (bio_err == NULL) {
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- }
-
- if (!load_config(bio_err, NULL))
- goto end;
+ if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+ return 1;
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp(*args, "-encrypt"))
+ prog = opt_init(argc, argv, cms_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(cms_options);
+ ret = 0;
+ goto end;
+ case OPT_INFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ goto opthelp;
+ break;
+ case OPT_OUTFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+ goto opthelp;
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_ENCRYPT:
operation = SMIME_ENCRYPT;
- else if (!strcmp(*args, "-decrypt"))
+ break;
+ case OPT_DECRYPT:
operation = SMIME_DECRYPT;
- else if (!strcmp(*args, "-sign"))
+ break;
+ case OPT_SIGN:
operation = SMIME_SIGN;
- else if (!strcmp(*args, "-sign_receipt"))
+ break;
+ case OPT_SIGN_RECEIPT:
operation = SMIME_SIGN_RECEIPT;
- else if (!strcmp(*args, "-resign"))
+ break;
+ case OPT_RESIGN:
operation = SMIME_RESIGN;
- else if (!strcmp(*args, "-verify"))
+ break;
+ case OPT_VERIFY:
operation = SMIME_VERIFY;
- else if (!strcmp(*args, "-verify_retcode"))
+ break;
+ case OPT_VERIFY_RETCODE:
verify_retcode = 1;
- else if (!strcmp(*args, "-verify_receipt")) {
+ break;
+ case OPT_VERIFY_RECEIPT:
operation = SMIME_VERIFY_RECEIPT;
- if (!args[1])
- goto argerr;
- args++;
- rctfile = *args;
- } else if (!strcmp(*args, "-cmsout"))
+ rctfile = opt_arg();
+ break;
+ case OPT_CMSOUT:
operation = SMIME_CMSOUT;
- else if (!strcmp(*args, "-data_out"))
+ break;
+ case OPT_DATA_OUT:
operation = SMIME_DATAOUT;
- else if (!strcmp(*args, "-data_create"))
+ break;
+ case OPT_DATA_CREATE:
operation = SMIME_DATA_CREATE;
- else if (!strcmp(*args, "-digest_verify"))
+ break;
+ case OPT_DIGEST_VERIFY:
operation = SMIME_DIGEST_VERIFY;
- else if (!strcmp(*args, "-digest_create"))
+ break;
+ case OPT_DIGEST_CREATE:
operation = SMIME_DIGEST_CREATE;
- else if (!strcmp(*args, "-compress"))
+ break;
+ case OPT_COMPRESS:
operation = SMIME_COMPRESS;
- else if (!strcmp(*args, "-uncompress"))
+ break;
+ case OPT_UNCOMPRESS:
operation = SMIME_UNCOMPRESS;
- else if (!strcmp(*args, "-EncryptedData_decrypt"))
+ break;
+ case OPT_ED_DECRYPT:
operation = SMIME_ENCRYPTED_DECRYPT;
- else if (!strcmp(*args, "-EncryptedData_encrypt"))
+ break;
+ case OPT_ED_ENCRYPT:
operation = SMIME_ENCRYPTED_ENCRYPT;
-# ifndef OPENSSL_NO_DES
- else if (!strcmp(*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp(*args, "-des"))
- cipher = EVP_des_cbc();
- else if (!strcmp(*args, "-des3-wrap"))
- wrap_cipher = EVP_des_ede3_wrap();
-# endif
-# ifndef OPENSSL_NO_SEED
- else if (!strcmp(*args, "-seed"))
- cipher = EVP_seed_cbc();
-# endif
-# ifndef OPENSSL_NO_RC2
- else if (!strcmp(*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp(*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp(*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-# endif
-# ifndef OPENSSL_NO_AES
- else if (!strcmp(*args, "-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args, "-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args, "-aes256"))
- cipher = EVP_aes_256_cbc();
- else if (!strcmp(*args, "-aes128-wrap"))
- wrap_cipher = EVP_aes_128_wrap();
- else if (!strcmp(*args, "-aes192-wrap"))
- wrap_cipher = EVP_aes_192_wrap();
- else if (!strcmp(*args, "-aes256-wrap"))
- wrap_cipher = EVP_aes_256_wrap();
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args, "-camellia128"))
- cipher = EVP_camellia_128_cbc();
- else if (!strcmp(*args, "-camellia192"))
- cipher = EVP_camellia_192_cbc();
- else if (!strcmp(*args, "-camellia256"))
- cipher = EVP_camellia_256_cbc();
-# endif
- else if (!strcmp(*args, "-debug_decrypt"))
+ break;
+ case OPT_DEBUG_DECRYPT:
flags |= CMS_DEBUG_DECRYPT;
- else if (!strcmp(*args, "-text"))
+ break;
+ case OPT_TEXT:
flags |= CMS_TEXT;
- else if (!strcmp(*args, "-asciicrlf"))
+ break;
+ case OPT_ASCIICRLF:
flags |= CMS_ASCIICRLF;
- else if (!strcmp(*args, "-nointern"))
+ break;
+ case OPT_NOINTERN:
flags |= CMS_NOINTERN;
- else if (!strcmp(*args, "-noverify")
- || !strcmp(*args, "-no_signer_cert_verify"))
+ break;
+ case OPT_NOVERIFY:
flags |= CMS_NO_SIGNER_CERT_VERIFY;
- else if (!strcmp(*args, "-nocerts"))
+ break;
+ case OPT_NOCERTS:
flags |= CMS_NOCERTS;
- else if (!strcmp(*args, "-noattr"))
+ break;
+ case OPT_NOATTR:
flags |= CMS_NOATTR;
- else if (!strcmp(*args, "-nodetach"))
+ break;
+ case OPT_NODETACH:
flags &= ~CMS_DETACHED;
- else if (!strcmp(*args, "-nosmimecap"))
+ break;
+ case OPT_NOSMIMECAP:
flags |= CMS_NOSMIMECAP;
- else if (!strcmp(*args, "-binary"))
+ break;
+ case OPT_BINARY:
flags |= CMS_BINARY;
- else if (!strcmp(*args, "-keyid"))
+ break;
+ case OPT_KEYID:
flags |= CMS_USE_KEYID;
- else if (!strcmp(*args, "-nosigs"))
+ break;
+ case OPT_NOSIGS:
flags |= CMS_NOSIGS;
- else if (!strcmp(*args, "-no_content_verify"))
+ break;
+ case OPT_NO_CONTENT_VERIFY:
flags |= CMS_NO_CONTENT_VERIFY;
- else if (!strcmp(*args, "-no_attr_verify"))
+ break;
+ case OPT_NO_ATTR_VERIFY:
flags |= CMS_NO_ATTR_VERIFY;
- else if (!strcmp(*args, "-stream"))
+ break;
+ case OPT_INDEF:
flags |= CMS_STREAM;
- else if (!strcmp(*args, "-indef"))
- flags |= CMS_STREAM;
- else if (!strcmp(*args, "-noindef"))
+ break;
+ case OPT_NOINDEF:
flags &= ~CMS_STREAM;
- else if (!strcmp(*args, "-nooldmime"))
+ break;
+ case OPT_NOOLDMIME:
flags |= CMS_NOOLDMIMETYPE;
- else if (!strcmp(*args, "-crlfeol"))
+ break;
+ case OPT_CRLFEOL:
flags |= CMS_CRLFEOL;
- else if (!strcmp(*args, "-noout"))
+ break;
+ case OPT_NOOUT:
noout = 1;
- else if (!strcmp(*args, "-receipt_request_print"))
+ break;
+ case OPT_RR_PRINT:
rr_print = 1;
- else if (!strcmp(*args, "-receipt_request_all"))
+ break;
+ case OPT_RR_ALL:
rr_allorfirst = 0;
- else if (!strcmp(*args, "-receipt_request_first"))
+ break;
+ case OPT_RR_FIRST:
rr_allorfirst = 1;
- else if (!strcmp(*args, "-receipt_request_from")) {
- if (!args[1])
- goto argerr;
- args++;
- if (!rr_from)
- rr_from = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(rr_from, *args);
- } else if (!strcmp(*args, "-receipt_request_to")) {
- if (!args[1])
- goto argerr;
- args++;
- if (!rr_to)
- rr_to = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(rr_to, *args);
- } else if (!strcmp(*args, "-print")) {
- noout = 1;
- print = 1;
- } else if (!strcmp(*args, "-secretkey")) {
- long ltmp;
- if (!args[1])
- goto argerr;
- args++;
- secret_key = string_to_hex(*args, <mp);
- if (!secret_key) {
- BIO_printf(bio_err, "Invalid key %s\n", *args);
- goto argerr;
+ break;
+ case OPT_RCTFORM:
+ if (rctformat == FORMAT_SMIME)
+ rcms = SMIME_read_CMS(rctin, NULL);
+ else if (rctformat == FORMAT_PEM)
+ rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+ else if (rctformat == FORMAT_ASN1)
+ if (!opt_format(opt_arg(),
+ OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
+ goto opthelp;
+ break;
+ case OPT_CERTFILE:
+ certfile = opt_arg();
+ break;
+ case OPT_CAFILE:
+ CAfile = opt_arg();
+ break;
+ case OPT_CAPATH:
+ CApath = opt_arg();
+ break;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_CONTENT:
+ contfile = opt_arg();
+ break;
+ case OPT_RR_FROM:
+ if (rr_from == NULL
+ && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(rr_from, opt_arg());
+ break;
+ case OPT_RR_TO:
+ if (rr_to == NULL
+ && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(rr_to, opt_arg());
+ break;
+ case OPT_PRINT:
+ noout = print = 1;
+ break;
+ case OPT_SECRETKEY:
+ secret_key = string_to_hex(opt_arg(), <mp);
+ if (secret_key == NULL) {
+ BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+ goto end;
}
secret_keylen = (size_t)ltmp;
- } else if (!strcmp(*args, "-secretkeyid")) {
- long ltmp;
- if (!args[1])
- goto argerr;
- args++;
- secret_keyid = string_to_hex(*args, <mp);
- if (!secret_keyid) {
- BIO_printf(bio_err, "Invalid id %s\n", *args);
- goto argerr;
+ break;
+ case OPT_SECRETKEYID:
+ secret_keyid = string_to_hex(opt_arg(), <mp);
+ if (secret_keyid == NULL) {
+ BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+ goto opthelp;
}
secret_keyidlen = (size_t)ltmp;
- } else if (!strcmp(*args, "-pwri_password")) {
- if (!args[1])
- goto argerr;
- args++;
- pwri_pass = (unsigned char *)*args;
- } else if (!strcmp(*args, "-econtent_type")) {
- if (!args[1])
- goto argerr;
- args++;
- econtent_type = OBJ_txt2obj(*args, 0);
- if (!econtent_type) {
- BIO_printf(bio_err, "Invalid OID %s\n", *args);
- goto argerr;
+ break;
+ case OPT_PWRI_PASSWORD:
+ pwri_pass = (unsigned char *)opt_arg();
+ break;
+ case OPT_ECONTENT_TYPE:
+ econtent_type = OBJ_txt2obj(opt_arg(), 0);
+ if (econtent_type == NULL) {
+ BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+ goto opthelp;
}
- } else if (!strcmp(*args, "-rand")) {
- if (!args[1])
- goto argerr;
- args++;
- inrand = *args;
+ break;
+ case OPT_RAND:
+ inrand = opt_arg();
need_rand = 1;
- }
-# ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args, "-engine")) {
- if (!args[1])
- goto argerr;
- engine = *++args;
- }
-# endif
- else if (!strcmp(*args, "-passin")) {
- if (!args[1])
- goto argerr;
- passargin = *++args;
- } else if (!strcmp(*args, "-to")) {
- if (!args[1])
- goto argerr;
- to = *++args;
- } else if (!strcmp(*args, "-from")) {
- if (!args[1])
- goto argerr;
- from = *++args;
- } else if (!strcmp(*args, "-subject")) {
- if (!args[1])
- goto argerr;
- subject = *++args;
- } else if (!strcmp(*args, "-signer")) {
- if (!args[1])
- goto argerr;
+ break;
+ case OPT_ENGINE:
+ engine = opt_arg();
+ break;
+ case OPT_PASSIN:
+ passinarg = opt_arg();
+ break;
+ case OPT_TO:
+ to = opt_arg();
+ break;
+ case OPT_FROM:
+ from = opt_arg();
+ break;
+ case OPT_SUBJECT:
+ subject = opt_arg();
+ break;
+ case OPT_CERTSOUT:
+ certsoutfile = opt_arg();
+ break;
+ case OPT_MD:
+ if (!opt_md(opt_arg(), &sign_md))
+ goto end;
+ break;
+ case OPT_SIGNER:
/* If previous -signer argument add signer to list */
-
if (signerfile) {
- if (!sksigners)
- sksigners = sk_OPENSSL_STRING_new_null();
+ if (sksigners == NULL
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
- if (!keyfile)
+ if (keyfile == NULL)
keyfile = signerfile;
- if (!skkeys)
- skkeys = sk_OPENSSL_STRING_new_null();
+ if (skkeys == NULL
+ && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
- signerfile = *++args;
- } else if (!strcmp(*args, "-recip")) {
- if (!args[1])
- goto argerr;
- if (operation == SMIME_ENCRYPT) {
- if (!encerts)
- encerts = sk_X509_new_null();
- cert = load_cert(bio_err, *++args, FORMAT_PEM,
- NULL, e, "recipient certificate file");
- if (!cert)
- goto end;
- sk_X509_push(encerts, cert);
- cert = NULL;
- } else
- recipfile = *++args;
- } else if (!strcmp(*args, "-certsout")) {
- if (!args[1])
- goto argerr;
- certsoutfile = *++args;
- } else if (!strcmp(*args, "-md")) {
- if (!args[1])
- goto argerr;
- sign_md = EVP_get_digestbyname(*++args);
- if (sign_md == NULL) {
- BIO_printf(bio_err, "Unknown digest %s\n", *args);
- goto argerr;
- }
- } else if (!strcmp(*args, "-inkey")) {
- if (!args[1])
- goto argerr;
+ signerfile = opt_arg();
+ break;
+ case OPT_INKEY:
/* If previous -inkey arument add signer to list */
if (keyfile) {
- if (!signerfile) {
+ if (signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
- goto argerr;
+ goto end;
}
- if (!sksigners)
- sksigners = sk_OPENSSL_STRING_new_null();
+ if (sksigners == NULL
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
- if (!skkeys)
- skkeys = sk_OPENSSL_STRING_new_null();
+ if (skkeys == NULL
+ && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
- keyfile = *++args;
- } else if (!strcmp(*args, "-keyform")) {
- if (!args[1])
- goto argerr;
- keyform = str2fmt(*++args);
- } else if (!strcmp(*args, "-keyopt")) {
- int keyidx = -1;
- if (!args[1])
- goto argerr;
+ keyfile = opt_arg();
+ break;
+ case OPT_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+ goto opthelp;
+ break;
+ case OPT_RECIP:
+ if (operation == SMIME_ENCRYPT) {
+ if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
+ goto end;
+ cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e,
+ "recipient certificate file");
+ if (cert == NULL)
+ goto end;
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ } else
+ recipfile = opt_arg();
+ break;
+ case OPT_CIPHER:
+ if (!opt_cipher(opt_unknown(), &cipher))
+ goto end;
+ break;
+ case OPT_KEYOPT:
+ keyidx = -1;
if (operation == SMIME_ENCRYPT) {
if (encerts)
keyidx += sk_X509_num(encerts);
}
if (keyidx < 0) {
BIO_printf(bio_err, "No key specified\n");
- goto argerr;
+ goto opthelp;
}
if (key_param == NULL || key_param->idx != keyidx) {
cms_key_param *nparam;
nparam = OPENSSL_malloc(sizeof(cms_key_param));
if (!nparam) {
BIO_printf(bio_err, "Out of memory\n");
- goto argerr;
+ goto end;
}
nparam->idx = keyidx;
- nparam->param = sk_OPENSSL_STRING_new_null();
+ if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
nparam->next = NULL;
if (key_first == NULL)
key_first = nparam;
key_param->next = nparam;
key_param = nparam;
}
- sk_OPENSSL_STRING_push(key_param->param, *++args);
- } else if (!strcmp(*args, "-rctform")) {
- if (!args[1])
- goto argerr;
- rctformat = str2fmt(*++args);
- } else if (!strcmp(*args, "-certfile")) {
- if (!args[1])
- goto argerr;
- certfile = *++args;
- } else if (!strcmp(*args, "-CAfile")) {
- if (!args[1])
- goto argerr;
- CAfile = *++args;
- } else if (!strcmp(*args, "-CApath")) {
- if (!args[1])
- goto argerr;
- CApath = *++args;
- } else if (!strcmp(*args, "-in")) {
- if (!args[1])
- goto argerr;
- infile = *++args;
- } else if (!strcmp(*args, "-inform")) {
- if (!args[1])
- goto argerr;
- informat = str2fmt(*++args);
- } else if (!strcmp(*args, "-outform")) {
- if (!args[1])
- goto argerr;
- outformat = str2fmt(*++args);
- } else if (!strcmp(*args, "-out")) {
- if (!args[1])
- goto argerr;
- outfile = *++args;
- } else if (!strcmp(*args, "-content")) {
- if (!args[1])
- goto argerr;
- contfile = *++args;
- } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
- continue;
- else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
- badarg = 1;
- args++;
+ sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+ break;
+ case OPT_V_CASES:
+ if (!opt_verify(o, vpm))
+ goto end;
+ vpmtouched++;
+ break;
+# ifndef OPENSSL_NO_DES
+ case OPT_3DES_WRAP:
+ wrap_cipher = EVP_des_ede3_wrap();
+ break;
+# endif
+# ifndef OPENSSL_NO_AES
+ case OPT_AES128_WRAP:
+ wrap_cipher = EVP_aes_128_wrap();
+ break;
+ case OPT_AES192_WRAP:
+ wrap_cipher = EVP_aes_192_wrap();
+ break;
+ case OPT_AES256_WRAP:
+ wrap_cipher = EVP_aes_256_wrap();
+ break;
+# endif
+ }
}
+ argc = opt_num_rest();
+ argv = opt_rest();
if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
BIO_puts(bio_err, "No Signed Receipts Recipients\n");
- goto argerr;
+ goto opthelp;
}
if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
- goto argerr;
+ goto opthelp;
}
if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
- goto argerr;
+ goto opthelp;
}
if (operation & SMIME_SIGNERS) {
if (keyfile && !signerfile) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
- goto argerr;
+ goto opthelp;
}
/* Check to see if any final signer needs to be appended */
if (signerfile) {
- if (!sksigners)
- sksigners = sk_OPENSSL_STRING_new_null();
+ if (!sksigners
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
- if (!skkeys)
- skkeys = sk_OPENSSL_STRING_new_null();
+ if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners) {
BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
+ goto opthelp;
}
signerfile = NULL;
keyfile = NULL;
if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
BIO_printf(bio_err,
"No recipient certificate or key specified\n");
- badarg = 1;
+ goto opthelp;
}
} else if (operation == SMIME_ENCRYPT) {
- if (!*args && !secret_key && !pwri_pass && !encerts) {
+ if (*argv == NULL && !secret_key && !pwri_pass && !encerts) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
+ goto opthelp;
}
need_rand = 1;
} else if (!operation)
- badarg = 1;
-
- if (badarg) {
- argerr:
- BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-encrypt encrypt message\n");
- BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf(bio_err, "-sign sign message\n");
- BIO_printf(bio_err, "-verify verify signed message\n");
- BIO_printf(bio_err, "-cmsout output CMS structure\n");
-# ifndef OPENSSL_NO_DES
- BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf(bio_err, "-des encrypt with DES\n");
-# endif
-# ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err, "-seed encrypt with SEED\n");
-# endif
-# ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
-# endif
-# ifndef OPENSSL_NO_AES
- BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf(bio_err,
- " encrypt PEM output with cbc aes\n");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err,
- " encrypt PEM output with cbc camellia\n");
-# endif
- BIO_printf(bio_err,
- "-nointern don't search certificates in message for signer\n");
- BIO_printf(bio_err,
- "-nosigs don't verify message signature\n");
- BIO_printf(bio_err,
- "-noverify don't verify signers certificate\n");
- BIO_printf(bio_err,
- "-nocerts don't include signers certificate when signing\n");
- BIO_printf(bio_err, "-nodetach use opaque signing\n");
- BIO_printf(bio_err,
- "-noattr don't include any signed attributes\n");
- BIO_printf(bio_err,
- "-binary don't translate message to text\n");
- BIO_printf(bio_err, "-certfile file other certificates file\n");
- BIO_printf(bio_err, "-certsout file certificate output file\n");
- BIO_printf(bio_err, "-signer file signer certificate file\n");
- BIO_printf(bio_err,
- "-recip file recipient certificate file for decryption\n");
- BIO_printf(bio_err, "-keyid use subject key identifier\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err,
- "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf(bio_err,
- "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf(bio_err,
- "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf(bio_err, "-keyopt nm:v set public key parameters\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err,
- "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf(bio_err,
- "-content file supply or override content for detached signature\n");
- BIO_printf(bio_err, "-to addr to address\n");
- BIO_printf(bio_err, "-from ad from address\n");
- BIO_printf(bio_err, "-subject s subject\n");
- BIO_printf(bio_err,
- "-text include or delete text MIME headers\n");
- BIO_printf(bio_err,
- "-CApath dir trusted certificates directory\n");
- BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf(bio_err,
- "-trusted_first use locally trusted certificates first when building trust chain\n");
- BIO_printf(bio_err,
- "-no_alt_chains only ever use the first certificate chain found\n");
- BIO_printf(bio_err,
- "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf(bio_err,
- "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-# ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,
- "-engine e use engine e, possibly a hardware device.\n");
-# endif
- BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
- LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err,
- " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err,
- "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
+ goto opthelp;
+
# ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(engine, 0);
# endif
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
goto end;
}
- if (*args && !encerts)
- encerts = sk_X509_new_null();
- while (*args) {
- if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
+ if (*argv && !encerts)
+ if ((encerts = sk_X509_new_null()) == NULL)
+ goto end;
+ while (*argv) {
+ if (!(cert = load_cert(*argv, FORMAT_PEM,
NULL, e, "recipient certificate file")))
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
- args++;
+ argv++;
}
}
if (certfile) {
- if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
+ if (!(other = load_certs(certfile, FORMAT_PEM, NULL,
e, "certificate file"))) {
ERR_print_errors(bio_err);
goto end;
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
+ if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL,
e, "recipient certificate file"))) {
ERR_print_errors(bio_err);
goto end;
}
if (operation == SMIME_SIGN_RECEIPT) {
- if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ if (!(signer = load_cert(signerfile, FORMAT_PEM, NULL,
e, "receipt signer certificate file"))) {
ERR_print_errors(bio_err);
goto end;
keyfile = NULL;
if (keyfile) {
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
goto end;
}
- if (infile) {
- if (!(in = BIO_new_file(infile, inmode))) {
- BIO_printf(bio_err, "Can't open input file %s\n", infile);
- goto end;
- }
- } else
- in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ in = bio_open_default(infile, inmode);
+ if (in == NULL)
+ goto end;
if (operation & SMIME_IP) {
if (informat == FORMAT_SMIME)
}
}
- if (outfile) {
- if (!(out = BIO_new_file(outfile, outmode))) {
- BIO_printf(bio_err, "Can't open output file %s\n", outfile);
- goto end;
- }
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-# ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-# endif
- }
+ out = bio_open_default(outfile, outmode);
+ if (out == NULL)
+ goto end;
if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
- if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ if (!(store = setup_verify(CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb(store, cms_cb);
- if (vpm)
+ if (vpmtouched)
X509_STORE_set1_param(store, vpm);
}
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ signer = load_cert(signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
goto end;
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
goto end;
for (kparam = key_first; kparam; kparam = kparam->next) {
if (ret)
ERR_print_errors(bio_err);
if (need_rand)
- app_RAND_write_file(NULL, bio_err);
+ app_RAND_write_file(NULL);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
- policies_print(NULL, ctx);
+ /* Should be bio_err? */
+ policies_print(bio_out, ctx);
return ok;
-/* apps/crl.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#include <openssl/x509v3.h>
#include <openssl/pem.h>
-#undef PROG
-#define PROG crl_main
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
+ OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
+ OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
+ OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT,
+ OPT_NAMEOPT, OPT_MD
+} OPTION_CHOICE;
-#undef POSTFIX
-#define POSTFIX ".rvk"
-
-static const char *crl_usage[] = {
- "usage: crl args\n",
- "\n",
- " -inform arg - input format - default PEM (DER or PEM)\n",
- " -outform arg - output format - default PEM\n",
- " -text - print out a text format version\n",
- " -in arg - input file - default stdin\n",
- " -out arg - output file - default stdout\n",
- " -hash - print hash value\n",
+OPTIONS crl_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"inform", OPT_INFORM, 'F', "Input format; default PEM"},
+ {"in", OPT_IN, '<', "Input file - default stdin"},
+ {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+ {"out", OPT_OUT, '>', "output file - default stdout"},
+ {"keyform", OPT_KEYFORM, 'F'},
+ {"key", OPT_KEY, '<'},
+ {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+ {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
+ {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
+ {"noout", OPT_NOOUT, '-', "No CRL output"},
+ {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
+ {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
+ {"badsig", OPT_BADSIG, '-'},
+ {"gendelta", OPT_GENDELTA, '<'},
+ {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
+ {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+ {"verify", OPT_VERIFY, '-'},
+ {"text", OPT_TEXT, '-', "Print out a text format version"},
+ {"hash", OPT_HASH, '-', "Print hash value"},
#ifndef OPENSSL_NO_MD5
- " -hash_old - print old-style (MD5) hash value\n",
+ {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
- " -fingerprint - print the crl fingerprint\n",
- " -issuer - print issuer DN\n",
- " -lastupdate - lastUpdate field\n",
- " -nextupdate - nextUpdate field\n",
- " -crlnumber - print CRL number\n",
- " -noout - no CRL output\n",
- " -CAfile name - verify CRL using certificates in file \"name\"\n",
- " -CApath dir - verify CRL using certificates in \"dir\"\n",
- " -nameopt arg - various certificate name options\n",
- NULL
+ {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+ {"", OPT_MD, '-', "Any supported digest"},
+ {NULL}
};
-static BIO *bio_out = NULL;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int crl_main(int argc, char **argv)
{
- unsigned long nmflag = 0;
X509_CRL *x = NULL;
- char *CAfile = NULL, *CApath = NULL;
- int ret = 1, i, num, badops = 0, badsig = 0;
BIO *out = NULL;
- int informat, outformat, keyformat;
- char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
- int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
- 0, text = 0;
-#ifndef OPENSSL_NO_MD5
- int hash_old = 0;
-#endif
- int fingerprint = 0, crlnumber = 0;
- const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
- int do_ver = 0;
- const EVP_MD *md_alg, *digest = EVP_sha1();
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- if (bio_out == NULL)
- if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
- BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
+ const EVP_MD *digest = EVP_sha1();
+ unsigned long nmflag = 0;
+ char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
+ char *CAfile = NULL, *CApath = NULL, *prog;
+ OPTION_CHOICE o;
+ int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
+ 0, text = 0;
+ int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+ int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
+ 0, i, do_ver = 0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old = 0;
#endif
- }
-
- informat = FORMAT_PEM;
- outformat = FORMAT_PEM;
- keyformat = FORMAT_PEM;
- argc--;
- argv++;
- num = 0;
- while (argc >= 1) {
- if (strcmp(*argv, "-inform") == 0) {
- if (--argc < 1)
- goto bad;
- informat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-outform") == 0) {
- if (--argc < 1)
- goto bad;
- outformat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-in") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
- } else if (strcmp(*argv, "-gendelta") == 0) {
- if (--argc < 1)
- goto bad;
- crldiff = *(++argv);
- } else if (strcmp(*argv, "-key") == 0) {
- if (--argc < 1)
- goto bad;
- keyfile = *(++argv);
- } else if (strcmp(*argv, "-keyform") == 0) {
- if (--argc < 1)
- goto bad;
- keyformat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
- goto bad;
- outfile = *(++argv);
- } else if (strcmp(*argv, "-CApath") == 0) {
- if (--argc < 1)
- goto bad;
- CApath = *(++argv);
- do_ver = 1;
- } else if (strcmp(*argv, "-CAfile") == 0) {
- if (--argc < 1)
- goto bad;
- CAfile = *(++argv);
+ prog = opt_init(argc, argv, crl_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(crl_options);
+ ret = 0;
+ goto end;
+ case OPT_INFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ goto opthelp;
+ break;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_OUTFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+ goto opthelp;
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+ goto opthelp;
+ break;
+ case OPT_KEY:
+ keyfile = opt_arg();
+ break;
+ case OPT_GENDELTA:
+ crldiff = opt_arg();
+ break;
+ case OPT_CAPATH:
+ CApath = opt_arg();
do_ver = 1;
- } else if (strcmp(*argv, "-verify") == 0)
+ break;
+ case OPT_CAFILE:
+ CAfile = opt_arg();
do_ver = 1;
- else if (strcmp(*argv, "-text") == 0)
- text = 1;
- else if (strcmp(*argv, "-hash") == 0)
- hash = ++num;
+ break;
#ifndef OPENSSL_NO_MD5
- else if (strcmp(*argv, "-hash_old") == 0)
+ case OPT_HASH_OLD:
hash_old = ++num;
+ break;
#endif
- else if (strcmp(*argv, "-nameopt") == 0) {
- if (--argc < 1)
- goto bad;
- if (!set_name_ex(&nmflag, *(++argv)))
- goto bad;
- } else if (strcmp(*argv, "-issuer") == 0)
+ case OPT_VERIFY:
+ do_ver = 1;
+ break;
+ case OPT_TEXT:
+ text = 1;
+ break;
+ case OPT_HASH:
+ hash = ++num;
+ break;
+ case OPT_ISSUER:
issuer = ++num;
- else if (strcmp(*argv, "-lastupdate") == 0)
+ break;
+ case OPT_LASTUPDATE:
lastupdate = ++num;
- else if (strcmp(*argv, "-nextupdate") == 0)
+ break;
+ case OPT_NEXTUPDATE:
nextupdate = ++num;
- else if (strcmp(*argv, "-noout") == 0)
+ break;
+ case OPT_NOOUT:
noout = ++num;
- else if (strcmp(*argv, "-fingerprint") == 0)
+ break;
+ case OPT_FINGERPRINT:
fingerprint = ++num;
- else if (strcmp(*argv, "-crlnumber") == 0)
+ break;
+ case OPT_CRLNUMBER:
crlnumber = ++num;
- else if (strcmp(*argv, "-badsig") == 0)
+ break;
+ case OPT_BADSIG:
badsig = 1;
- else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
- /* ok */
- digest = md_alg;
- } else {
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops = 1;
break;
+ case OPT_NAMEOPT:
+ if (!set_name_ex(&nmflag, opt_arg()))
+ goto opthelp;
+ break;
+ case OPT_MD:
+ if (!opt_md(opt_unknown(), &digest))
+ goto opthelp;
}
- argc--;
- argv++;
- }
-
- if (badops) {
- bad:
- for (pp = crl_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err, "%s", *pp);
- goto end;
}
+ argc = opt_num_rest();
+ argv = opt_rest();
- ERR_load_crypto_strings();
x = load_crl(infile, informat);
- if (x == NULL) {
+ if (x == NULL)
goto end;
- }
if (do_ver) {
- store = X509_STORE_new();
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
- if (lookup == NULL)
+ if (!(store = setup_verify(CAfile, CApath)))
goto end;
- if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
- X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
-
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
- if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
- X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
- ERR_clear_error();
-
if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
- pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
- "CRL signing key");
+ pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
}
}
}
-
- out = BIO_new(BIO_s_file());
- if (out == NULL) {
- ERR_print_errors(bio_err);
+ out = bio_open_default(outfile, "w");
+ if (out == NULL)
goto end;
- }
-
- if (outfile == NULL) {
- BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- } else {
- if (BIO_write_filename(out, outfile) <= 0) {
- perror(outfile);
- goto end;
- }
- }
if (text)
X509_CRL_print(out, x);
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
- else if (outformat == FORMAT_PEM)
+ else
i = PEM_write_bio_X509_CRL(out, x);
- else {
- BIO_printf(bio_err, "bad output format specified for outfile\n");
- goto end;
- }
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
+
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
- BIO_free_all(bio_out);
- bio_out = NULL;
X509_CRL_free(x);
if (store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
- apps_shutdown();
- OPENSSL_EXIT(ret);
+ return (ret);
}
-/* apps/crl2p7.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
-#undef PROG
-#define PROG crl2pkcs7_main
-/*-
- * -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- */
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
+} OPTION_CHOICE;
-int MAIN(int, char **);
+OPTIONS crl2pkcs7_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+ {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+ {"in", OPT_IN, '<', "Input file"},
+ {"out", OPT_OUT, '>', "Output file"},
+ {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
+ {"certfile", OPT_CERTFILE, '<',
+ "File of chain of certs to a trusted CA; can be repeated"},
+ {NULL}
+};
-int MAIN(int argc, char **argv)
+int crl2pkcs7_main(int argc, char **argv)
{
- int i, badops = 0;
BIO *in = NULL, *out = NULL;
- int informat, outformat;
- char *infile, *outfile, *prog, *certfile;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
- X509_CRL *crl = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
- STACK_OF(X509_CRL) *crl_stack = NULL;
STACK_OF(X509) *cert_stack = NULL;
- int ret = 1, nocrl = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- infile = NULL;
- outfile = NULL;
- informat = FORMAT_PEM;
- outformat = FORMAT_PEM;
+ STACK_OF(X509_CRL) *crl_stack = NULL;
+ X509_CRL *crl = NULL;
+ char *infile = NULL, *outfile = NULL, *prog, *certfile;
+ int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
+ 0;
+ OPTION_CHOICE o;
- prog = argv[0];
- argc--;
- argv++;
- while (argc >= 1) {
- if (strcmp(*argv, "-inform") == 0) {
- if (--argc < 1)
- goto bad;
- informat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-outform") == 0) {
- if (--argc < 1)
- goto bad;
- outformat = str2fmt(*(++argv));
- } else if (strcmp(*argv, "-in") == 0) {
- if (--argc < 1)
- goto bad;
- infile = *(++argv);
- } else if (strcmp(*argv, "-nocrl") == 0) {
+ prog = opt_init(argc, argv, crl2pkcs7_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(crl2pkcs7_options);
+ ret = 0;
+ goto end;
+ case OPT_INFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ goto opthelp;
+ break;
+ case OPT_OUTFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+ goto opthelp;
+ break;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_NOCRL:
nocrl = 1;
- } else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
- goto bad;
- outfile = *(++argv);
- } else if (strcmp(*argv, "-certfile") == 0) {
- if (--argc < 1)
- goto bad;
- if (!certflst)
- certflst = sk_OPENSSL_STRING_new_null();
- if (!certflst)
+ break;
+ case OPT_CERTFILE:
+ if (!certflst && !(certflst = sk_OPENSSL_STRING_new_null()))
goto end;
if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
sk_OPENSSL_STRING_free(certflst);
goto end;
}
- } else {
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops = 1;
break;
}
- argc--;
- argv++;
- }
-
- if (badops) {
- bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err, " -in arg input file\n");
- BIO_printf(bio_err, " -out arg output file\n");
- BIO_printf(bio_err,
- " -certfile arg certificates file of chain to a trusted CA\n");
- BIO_printf(bio_err, " (can be used more than once)\n");
- BIO_printf(bio_err,
- " -nocrl no crl to load, just certs from '-certfile'\n");
- ret = 1;
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in = BIO_new(BIO_s_file());
- out = BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL)) {
- ERR_print_errors(bio_err);
- goto end;
}
+ argc = opt_num_rest();
+ argv = opt_rest();
if (!nocrl) {
- if (infile == NULL)
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- else {
- if (BIO_read_filename(in, infile) <= 0) {
- perror(infile);
- goto end;
- }
- }
+ in = bio_open_default(infile, RB(informat));
+ if (in == NULL)
+ goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
- else {
- BIO_printf(bio_err, "bad input format specified for input crl\n");
- goto end;
- }
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
sk_OPENSSL_STRING_free(certflst);
- if (outfile == NULL) {
- BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- } else {
- if (BIO_write_filename(out, outfile) <= 0) {
- perror(outfile);
- goto end;
- }
- }
+ out = bio_open_default(outfile, WB(outformat));
+ if (out == NULL)
+ goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
- else {
- BIO_printf(bio_err, "bad output format specified for outfile\n");
- goto end;
- }
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
if (crl != NULL)
X509_CRL_free(crl);
- apps_shutdown();
- OPENSSL_EXIT(ret);
+ return (ret);
}
/*-
STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi;
- in = BIO_new(BIO_s_file());
- if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
+ in = BIO_new_file(certfile, "r");
+ if (in == NULL) {
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}
-/* apps/dgst.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#undef BUFSIZE
#define BUFSIZE 1024*8
-#undef PROG
-#define PROG dgst_main
-
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file, BIO *bmd);
-static void list_md_fn(const EVP_MD *m,
- const char *from, const char *to, void *arg)
-{
- const char *mname;
- /* Skip aliases */
- if (!m)
- return;
- mname = OBJ_nid2ln(EVP_MD_type(m));
- /* Skip shortnames */
- if (strcmp(from, mname))
- return;
- /* Skip clones */
- if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
- return;
- if (strchr(mname, ' '))
- mname = EVP_MD_name(m);
- BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
- mname, mname);
-}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
+ OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
+ OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
+ OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+ OPT_DIGEST
+} OPTION_CHOICE;
+
+OPTIONS dgst_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
+ {OPT_HELP_STR, 1, '-',
+ " file... files to digest (default is stdin)\n"},
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"c", OPT_C, '-', "Print the digest with separating colons"},
+ {"r", OPT_R, '-', "Print the digest in coreutils format"},
+ {"rand", OPT_RAND, 's'},
+ {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
+ {"passin", OPT_PASSIN, 's'},
+ {"sign", OPT_SIGN, '<', "Sign digest using private key in file"},
+ {"verify", OPT_VERIFY, '<',
+ "Verify a signature using public key in file"},
+ {"prverify", OPT_PRVERIFY, '<',
+ "Verify a signature using private key in file"},
+ {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
+ {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+#endif
+ {"engine_impl", OPT_ENGINE_IMPL, '-'},
+ {"hex", OPT_HEX, '-', "Print as hex dump"},
+ {"binary", OPT_BINARY, '-', "Print in binary form"},
+ {"d", OPT_DEBUG, '-', "Print debug info"},
+ {"debug", OPT_DEBUG, '-'},
+ {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
+ {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
+ {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
+ {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
+ {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+ {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+ {"", OPT_DIGEST, '-', "Any supported digest"},
+ {NULL}
+};
+
+int dgst_main(int argc, char **argv)
{
+ BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
- unsigned char *buf = NULL;
- int i, err = 1;
+ EVP_PKEY *sigkey = NULL;
+ STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
+ char *hmac_key = NULL;
+ char *mac_name = NULL;
+ char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
- BIO *in = NULL, *inp;
- BIO *bmd = NULL;
- BIO *out = NULL;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE + 1];
- int separator = 0;
- int debug = 0;
- int keyform = FORMAT_PEM;
- const char *outfile = NULL, *keyfile = NULL;
+ const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL, *randfile = NULL;
- int out_bin = -1, want_pub = 0, do_verify = 0;
- EVP_PKEY *sigkey = NULL;
- unsigned char *sigbuf = NULL;
- int siglen = 0;
- char *passargin = NULL, *passin = NULL;
+ OPTION_CHOICE o;
+ int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+ int i, ret = 1, out_bin = -1, want_pub = 0, do_verify =
+ 0, non_fips_allow = 0;
+ unsigned char *buf = NULL, *sigbuf = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
int engine_impl = 0;
#endif
- char *hmac_key = NULL;
- char *mac_name = NULL;
- int non_fips_allow = 0;
- STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
-
- apps_startup();
+ prog = opt_progname(argv[0]);
if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
- BIO_printf(bio_err, "out of memory\n");
+ BIO_printf(bio_err, "%s: out of memory\n", prog);
goto end;
}
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- /* first check the program name */
- program_name(argv[0], pname, sizeof pname);
-
- md = EVP_get_digestbyname(pname);
-
- argc--;
- argv++;
- while (argc > 0) {
- if ((*argv)[0] != '-')
- break;
- if (strcmp(*argv, "-c") == 0)
+ md = EVP_get_digestbyname(prog);
+
+ prog = opt_init(argc, argv, dgst_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(dgst_options);
+ ret = 0;
+ goto end;
+ case OPT_C:
separator = 1;
- else if (strcmp(*argv, "-r") == 0)
+ break;
+ case OPT_R:
separator = 2;
- else if (strcmp(*argv, "-rand") == 0) {
- if (--argc < 1)
- break;
- randfile = *(++argv);
- } else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
- break;
- outfile = *(++argv);
- } else if (strcmp(*argv, "-sign") == 0) {
- if (--argc < 1)
- break;
- keyfile = *(++argv);
- } else if (!strcmp(*argv, "-passin")) {
- if (--argc < 1)
- break;
- passargin = *++argv;
- } else if (strcmp(*argv, "-verify") == 0) {
- if (--argc < 1)
- break;
- keyfile = *(++argv);
- want_pub = 1;
- do_verify = 1;
- } else if (strcmp(*argv, "-prverify") == 0) {
- if (--argc < 1)
- break;
- keyfile = *(++argv);
+ break;
+ case OPT_RAND:
+ randfile = opt_arg();
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_SIGN:
+ keyfile = opt_arg();
+ break;
+ case OPT_PASSIN:
+ passinarg = opt_arg();
+ break;
+ case OPT_VERIFY:
+ keyfile = opt_arg();
+ want_pub = do_verify = 1;
+ break;
+ case OPT_PRVERIFY:
+ keyfile = opt_arg();
do_verify = 1;
- } else if (strcmp(*argv, "-signature") == 0) {
- if (--argc < 1)
- break;
- sigfile = *(++argv);
- } else if (strcmp(*argv, "-keyform") == 0) {
- if (--argc < 1)
- break;
- keyform = str2fmt(*(++argv));
- }
+ break;
+ case OPT_SIGNATURE:
+ sigfile = opt_arg();
+ break;
+ case OPT_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+ goto opthelp;
+ break;
#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv, "-engine") == 0) {
- if (--argc < 1)
- break;
- engine = *(++argv);
- e = setup_engine(bio_err, engine, 0);
- } else if (strcmp(*argv, "-engine_impl") == 0)
+ case OPT_ENGINE:
+ engine = opt_arg();
+ e = setup_engine(engine, 0);
+ break;
+ case OPT_ENGINE_IMPL:
engine_impl = 1;
+ break;
#endif
- else if (strcmp(*argv, "-hex") == 0)
+ case OPT_HEX:
out_bin = 0;
- else if (strcmp(*argv, "-binary") == 0)
+ break;
+ case OPT_BINARY:
out_bin = 1;
- else if (strcmp(*argv, "-d") == 0)
+ break;
+ case OPT_DEBUG:
debug = 1;
- else if (!strcmp(*argv, "-fips-fingerprint"))
+ break;
+ case OPT_FIPS_FINGERPRINT:
hmac_key = "etaonrishdlcupfm";
- else if (strcmp(*argv, "-non-fips-allow") == 0)
+ break;
+ case OPT_NON_FIPS_ALLOW:
non_fips_allow = 1;
- else if (!strcmp(*argv, "-hmac")) {
- if (--argc < 1)
- break;
- hmac_key = *++argv;
- } else if (!strcmp(*argv, "-mac")) {
- if (--argc < 1)
- break;
- mac_name = *++argv;
- } else if (strcmp(*argv, "-sigopt") == 0) {
- if (--argc < 1)
- break;
+ break;
+ case OPT_HMAC:
+ hmac_key = opt_arg();
+ break;
+ case OPT_MAC:
+ mac_name = opt_arg();
+ break;
+ case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
- if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
- break;
- } else if (strcmp(*argv, "-macopt") == 0) {
- if (--argc < 1)
- break;
+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+ goto opthelp;
+ break;
+ case OPT_MACOPT:
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
- if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
- break;
- } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
+ goto opthelp;
+ &n
projects / openssl.git / commitdiff